| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Aug 2012 09:04:03 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: John Stultz <john.stultz@...aro.org>
Cc: LKML <linux-kernel@...r.kernel.org>,
Ingo Molnar <mingo@...nel.org>,
Peter Zijlstra <a.p.zijlstra@...llo.nl>,
Richard Cochran <richardcochran@...il.com>,
Prarit Bhargava <prarit@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
linux-fsdevel@...r.kernel.org
Subject: BUG: NULL pointer dereference in shmem_evict_inode()
Hi John,
The below oops happens in v3.5..v3.6-rc2 and it's bisected down to commit
2a8c0883c ("time: Move xtime_nsec adjustment underflow handling timekeeping_adjust").
However linux-next is working fine. Do you have any fixes not yet sent to Linus?
[ 2221.089504] VFS: Busy inodes after unmount of tmpfs. Self-destruct in 5 seconds. Have a nice day...
[ 2221.091656] BUG: unable to handle kernel NULL pointer dereference at 0000000c
[ 2221.093256] IP: [<810d2a2c>] shmem_free_inode+0x10/0x45
[ 2221.093927] *pde = 00000000
[ 2221.093927] Oops: 0000 [#1] DEBUG_PAGEALLOC
[ 2221.093927] Modules linked in:
[ 2221.093927] Pid: 1397, comm: udevd Not tainted 3.6.0-rc1 #24 Bochs Bochs
[ 2221.093927] EIP: 0060:[<810d2a2c>] EFLAGS: 00010246 CPU: 0
[ 2221.093927] EIP is at shmem_free_inode+0x10/0x45
[ 2221.093927] EAX: 8602e000 EBX: 00000000 ECX: 00000000 EDX: 00000000
[ 2221.093927] ESI: 8ab91444 EDI: 8ab9143c EBP: 8ab61e58 ESP: 8ab61e50
[ 2221.093927] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068
[ 2221.093927] CR0: 8005003b CR2: 0000000c CR3: 0ab79000 CR4: 000006d0
[ 2221.093927] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 2221.093927] DR6: ffff0ff0 DR7: 00000400
[ 2221.093927] Process udevd (pid: 1397, ti=8ab60000 task=8abf0000 task.ti=8ab60000)
[ 2221.093927] Stack:
[ 2221.093927] 00000000 8ab91444 8ab61e70 810d5265 8ab9143c 8ab91444 8ab9153c 812eb998
[ 2221.093927] 8ab61e84 8111e85e 8ab91444 00000000 8602e000 8ab61e9c 8111ebf9 812eb998
[ 2221.093927] 8603a0e0 86140000 8ab91444 8ab61eb8 81138a6c 861400a4 8603a0f4 8603a0e0
[ 2221.093927] Call Trace:
[ 2221.093927] [<810d5265>] shmem_evict_inode+0x158/0x167
[ 2221.093927] [<8111e85e>] evict+0x125/0x239
[ 2221.093927] [<8111ebf9>] iput+0x287/0x2e0
[ 2221.093927] [<81138a6c>] fsnotify_destroy_mark+0x16f/0x1af
[ 2221.093927] [<81138e33>] fsnotify_clear_marks_by_group_flags+0xba/0xd8
[ 2221.093927] [<81138e61>] fsnotify_clear_marks_by_group+0x10/0x12
[ 2221.093927] [<8113a009>] inotify_release+0x16/0x22
[ 2221.093927] [<81100248>] __fput+0x1a1/0x450
[ 2221.093927] [<81100504>] ____fput+0xd/0xf
[ 2221.093927] [<8105a7f5>] task_work_run+0x74/0x83
[ 2221.093927] [<8103d025>] do_exit+0x374/0xb44
[ 2221.093927] [<81189255>] ? do_raw_spin_unlock+0xd1/0x108
[ 2221.093927] [<8103db0f>] do_group_exit+0xfd/0xfd
[ 2221.093927] [<8103db27>] sys_exit_group+0x18/0x18
[ 2221.093927] [<812cb523>] sysenter_do_call+0x12/0x3c
[ 2221.093927] Code: 1f 00 b8 e4 ff ff ff eb 0d 4a 89 f0 89 53 10 e8 51 82 1f 00 31 c0 5b 5e 5f 5d c3 55 89 e5 56 53 e8 66 90 1f 00 8b 98 c4 03 00 00 <83> 7b 0c 00 0f 95 c0 0f b6 d0 8b 0c 95 a4 38 67 81 41 84 c0 89
[ 2221.093927] EIP: [<810d2a2c>] shmem_free_inode+0x10/0x45 SS:ESP 0068:8ab61e50
[ 2221.093927] CR2: 000000000000000c
Thanks,
Fengguang
View attachment "dmesg-kvm-bens-3070-2012-08-19-15-19-48-3.6.0-rc1-24" of type "text/plain" (105403 bytes)
View attachment "config-3.6.0-rc1" of type "text/plain" (52057 bytes)
Powered by blists - more mailing lists