A kernel bug

H.J. Lu (hjl@lucon.org)
Mon, 2 Jun 1997 12:52:41 -0700 (PDT)

While running linux 2.1.42, I got:

Unable to handle kernel NULL pointer dereference at virtual address
00000004
current->tss.cr3 = 03e33000, %cr3 = 03e33000
*pde = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[<c0123360>]
EFLAGS: 00010007
eax: 00000000 ebx: c3e35f70 ecx: c03dbdd4 edx: 00000000
esi: 00000246 edi: c3e35f70 ebp: 00000001 esp: c3e35f64
ds: 0018 es: 0018 ss: 0018
Process update (pid: 9, process nr: 8, stackpage=c3e35000)
Stack: c03dbd80 00000000 c0752380 c3e34000 c03dbdd4 c01238ae c03dbd80 c3e34000
c3e34000 00000000 bffffe18 c0126bdd 00000000 00000000 c3e34000 c3e34000
00000000 bffffe18 00000000 c0126cf1 c3e34000 00000001 00000000 c01093ba
Call Trace: [<c01238ae>] [<c0126bdd>] [<c0126cf1>] [<c01093ba>]
Code: 8b 42 04 39 d8 74 05 89 c2 eb f5 90 89 4a 04 56 9d 89 e0 25

I tracked it down to __remove_wait_queue () in include/linux/sched.h.
I don't even know if my patch makes any sense. But I did see
nextlist == NULL under heavy load.

Thanks.

-- 
H.J. Lu (hjl@gnu.ai.mit.edu)

--
Index: include/linux/sched.h
===================================================================
RCS file: /home/work/cvs/linux/linux/include/linux/sched.h,v
retrieving revision 1.1.1.12
diff -u -r1.1.1.12 sched.h
--- sched.h	1997/05/24 01:39:23	1.1.1.12
+++ sched.h	1997/06/02 19:44:48
@@ -527,14 +527,14 @@
 
 	for (;;) {
 		struct wait_queue * nextlist = head->next;
-		if (nextlist == wait)
+		if (!nextlist || nextlist == wait)
 			break;
 		head = nextlist;
 	}
 	head->next = next;
 }
 
-extern inline void remove_wait_queue(struct wait_queue ** p, struct wait_queue * wait)
+extern inline void remove_wait_queu(struct wait_queue ** p, struct wait_queue * wait)
 {
 	unsigned long flags;