BUG: unable to handle kernel NULL pointer dereference at virtual address 00000002 printing eip: c109a7cf *pde = 00000000 Oops: 0000 [#1] PREEMPT SMP Modules linked in: xt_pkttype ipt_LOG xt_limit snd_pcm_oss snd_mixer_oss eeprom snd_seq_midi snd_seq_midi_event snd_seq edd button battery ac ip6t_REJECT xt_tcpudp ipt_REJECT xt_state iptable_mangle iptable_nat ip_nat iptable_filter ip6table_mangle ip_conntrack nfnetlink ip_tables ip6table_filter ip6_tables x_tables nls_iso8859_1 nls_cp437 nls_utf8 snd_mpu401 snd_mpu401_uart snd_rawmidi snd_seq_device ohci1394 ieee1394 prism54 snd_intel8x0 snd_ac97_codec snd_ac97_bus snd_pcm snd_timer snd soundcore snd_page_alloc intel_agp agpgart i2c_i801 sd_mod fan thermal processor CPU: 0 EIP: 0060:[] Not tainted VLI EFLAGS: 00010246 (2.6.19.2-smp #90) EIP is at inotify_inode_queue_event+0x51/0xd1 eax: c1599288 ebx: 00000fc6 ecx: 00000000 edx: 00000002 esi: c1599280 edi: fffffffa ebp: ef38bf58 esp: ef38bf28 ds: 007b es: 007b ss: 0068 Process klauncher (pid: 6283, ti=ef38b000 task=dff91030 task.ti=ef38b000) Stack: dfc998c0 c1e4f1c0 ef38bf58 00000000 00000020 f346ac68 00000000 0000000c f346ac60 dba1cd50 f346cf70 f346ab28 ef38bf80 c109aea9 dba1cdb4 ec421998 00000000 00000020 dba1cd58 00000020 ea829000 0000000c ef38bfa8 c1070f3b Call Trace: [] inotify_dentry_parent_queue_event+0x69/0xa0 [] do_sys_open+0x83/0xc5 [] sys_open+0x1c/0x1e [] sysenter_past_esp+0x56/0x79 [] 0xb7f9f410 ======================= Code: 5e 5f 5d c3 8d 83 40 01 00 00 89 45 e4 e8 5a ee 2f 00 8b b3 38 01 00 00 83 ee 08 8b 56 08 8d 46 08 39 45 f0 74 69 8d 7a f8 eb 10 <8b> 57 08 8d 47 08 3b 45 f0 74 59 89 fe 8d 7a f8 8b 5e 20 85 5d EIP: [] inotify_inode_queue_event+0x51/0xd1 SS:ESP 0068:ef38bf28 gdb vmlinux -core /proc/kcore (gdb) list *inotify_inode_queue_event+0x51 0xc109a7cf is in inotify_inode_queue_event (fs/inotify.c:294). 289 290 if (!inotify_inode_watched(inode)) 291 return; 292 293 mutex_lock(&inode->inotify_mutex); 294 list_for_each_entry_safe(watch, next, &inode->inotify_watches, i_list) { 295 u32 watch_mask = watch->mask; 296 if (watch_mask & mask) { 297 struct inotify_handle *ih= watch->ih; 298 mutex_lock(&ih->mutex); (gdb) x 0x8+0xc1599280 0xc1599288 : 0x00000002 /me: new_cpu_data? (gdb) x 0xc1599280+0x20 0xc15992a0 : 0x00000fc6 (gdb) x 0xef38bf58 0xef38bf58: 0x00000000 (gdb) print new_cpu_data $1 = {x86 = 15 '\017', x86_vendor = 151 '\227', x86_model = 2 '\002', x86_mask = 9 '\t', wp_works_ok = 88 'X', hlt_works_ok = -110 '\222', hard_math = 1 '\001', rfu = -63 '¿, cpuid_level = 2, x86_capability = { 3219913727, 1, 3844256384, 4081494824, 4, 4038, 4145066816}, x86_vendor_id = "GenuineIntelp\n¿, x86_model_id = "\001\000\000\000\200\"¿\n¿002\000\000\000¿017\000\000", '¿ , x86_cache_size = -858993460, x86_cache_alignment = -858993460, fdiv_bug = -52 '¿, f00f_bug = -52 '¿, coma_bug = -52 '¿, pad0 = -52 '¿, x86_power = -858993460, loops_per_jiffy = 3435973836, llc_shared_map = {bits = {3435973836}}, x86_max_cores = 204 '¿, apicid = 204 '¿, booted_cores = 204 '¿, phys_proc_id = 204 '¿, cpu_core_id = 204 '¿} (gdb) /me: ("G-e-n-u")... eject! 0000030e : 30e: 55 push %ebp 30f: 89 e5 mov %esp,%ebp 311: 57 push %edi 312: 56 push %esi 313: 53 push %ebx 314: 83 ec 24 sub $0x24,%esp 317: 89 c3 mov %eax,%ebx 319: 89 55 e0 mov %edx,0xffffffe0(%ebp) 31c: 89 4d dc mov %ecx,0xffffffdc(%ebp) 31f: 8d 80 38 01 00 00 lea 0x138(%eax),%eax 325: 89 45 f0 mov %eax,0xfffffff0(%ebp) 328: 3b 83 38 01 00 00 cmp 0x138(%ebx),%eax 32e: 75 08 jne 338 330: 83 c4 24 add $0x24,%esp 333: 5b pop %ebx 334: 5e pop %esi 335: 5f pop %edi 336: 5d pop %ebp 337: c3 ret 338: 8d 83 40 01 00 00 lea 0x140(%ebx),%eax 33e: 89 45 e4 mov %eax,0xffffffe4(%ebp) 341: e8 fc ff ff ff call 342 346: 8b b3 38 01 00 00 mov 0x138(%ebx),%esi 34c: 83 ee 08 sub $0x8,%esi 34f: 8b 56 08 mov 0x8(%esi),%edx 352: 8d 46 08 lea 0x8(%esi),%eax 355: 39 45 f0 cmp %eax,0xfffffff0(%ebp) 358: 74 69 je 3c3 35a: 8d 7a f8 lea 0xfffffff8(%edx),%edi 35d: eb 10 jmp 36f 35f: 8b 57 08 mov 0x8(%edi),%edx <=== boom 362: 8d 47 08 lea 0x8(%edi),%eax 365: 3b 45 f0 cmp 0xfffffff0(%ebp),%eax 368: 74 59 je 3c3 36a: 89 fe mov %edi,%esi 36c: 8d 7a f8 lea 0xfffffff8(%edx),%edi 36f: 8b 5e 20 mov 0x20(%esi),%ebx 372: 85 5d e0 test %ebx,0xffffffe0(%ebp) 375: 74 e8 je 35f 377: 8b 46 14 mov 0x14(%esi),%eax 37a: 89 45 ec mov %eax,0xffffffec(%ebp) 37d: 83 c0 18 add $0x18,%eax 380: 89 45 e8 mov %eax,0xffffffe8(%ebp) 383: e8 fc ff ff ff call 384 388: 85 db test %ebx,%ebx 38a: 78 47 js 3d3 38c: 8b 45 ec mov 0xffffffec(%ebp),%eax 38f: 8b 58 3c mov 0x3c(%eax),%ebx 392: 8b 56 1c mov 0x1c(%esi),%edx 395: 8b 45 0c mov 0xc(%ebp),%eax 398: 89 44 24 08 mov %eax,0x8(%esp) 39c: 8b 45 08 mov 0x8(%ebp),%eax 39f: 89 44 24 04 mov %eax,0x4(%esp) 3a3: 8b 45 dc mov 0xffffffdc(%ebp),%eax 3a6: 89 04 24 mov %eax,(%esp) 3a9: 8b 4d e0 mov 0xffffffe0(%ebp),%ecx 3ac: 89 f0 mov %esi,%eax 3ae: ff 13 call *(%ebx) 3b0: 8b 45 e8 mov 0xffffffe8(%ebp),%eax 3b3: e8 fc ff ff ff call 3b4 3b8: 8b 57 08 mov 0x8(%edi),%edx 3bb: 8d 47 08 lea 0x8(%edi),%eax 3be: 3b 45 f0 cmp 0xfffffff0(%ebp),%eax 3c1: 75 a7 jne 36a 3c3: 8b 45 e4 mov 0xffffffe4(%ebp),%eax 3c6: e8 fc ff ff ff call 3c7 3cb: 83 c4 24 add $0x24,%esp 3ce: 5b pop %ebx 3cf: 5e pop %esi 3d0: 5f pop %edi 3d1: 5d pop %ebp 3d2: c3 ret 3d3: 8b 55 ec mov 0xffffffec(%ebp),%edx 3d6: 89 f0 mov %esi,%eax 3d8: e8 cd fe ff ff call 2aa 3dd: eb ad jmp 38c