[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20100626115810.532913f5@tlielax.poochiereds.net>
Date: Sat, 26 Jun 2010 11:58:10 -0400
From: Jeff Layton <jlayton@...ba.org>
To: Andrew Hendry <andrew.hendry@...il.com>
Cc: linux-kernel <linux-kernel@...r.kernel.org>,
linux-cifs@...r.kernel.org
Subject: Re: 2.6.34-rc3 BUG: unable to handle kernel NULL pointer
dereference at 0000000000000048 cifs_show_options
On Sat, 26 Jun 2010 22:22:00 +1000
Andrew Hendry <andrew.hendry@...il.com> wrote:
> I have turned on cifs debug to try to catch it if happens again.
>
> (gdb) list *(cifs_show_options+0xf9)
> 0x309 is in cifs_show_options (fs/cifs/cifsfs.c:336).
> 331 static void
> 332 cifs_show_address(struct seq_file *s, struct TCP_Server_Info *server)
> 333 {
> 334 seq_printf(s, ",addr=");
> 335
> 336 switch (server->addr.sockAddr.sin_family) {
> 337 case AF_INET:
> 338 seq_printf(s, "%pI4", &server->addr.sockAddr.sin_addr.s_addr);
> 339 break;
> 340 case AF_INET6:
>
>
>
>
Thanks, that helps. It looks like the "server" pointer in that function
was NULL or something close to it. Those should be properly refcounted
nowadays and that hasn't changed in quite a while. This function only
gets called from one place -- cifs_show_options. So something was
reading /proc/self/mountinfo and this pointer got zeroed out. Maybe
this raced with an unmount and the memory was recycled? Doesn't seem
like that ought to be possible though (I think vfsmount references are
held for each of these calls).
--
Jeff Layton <jlayton@...ba.org>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists