New issue
Advanced search Search tips

Issue 888868 link

Starred by 1 user
Status: Duplicate
Owner: ----
Closed: Oct 2
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

[link] kernel NULL pointer dereference in list_del_init+0x8/0x1b

Project Member Reported by ihf@chromium.org, Sep 25 
[For tracking]

From issue 887014  #14 

https://luci-milo.appspot.com/buildbot/chromeos/link-paladin/32792
https://stainless.corp.google.com/browse/chromeos-autotest-results/240797128-chromeos-test/
[no logs here]

Next job is provision
    2018-09-22 15:25:26  OK https://stainless.corp.google.com/browse/chromeos-autotest-results/hosts/chromeos4-row10-rack4-host9/1805137-provision/
    2018-09-22 13:00:40  -- https://stainless.corp.google.com/browse/chromeos-autotest-results/240797128-chromeos-test/


<1>[  678.927921] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
<1>[  678.927958] IP: [<ffffffff8b1a8150>] list_del_init+0x8/0x1b
<5>[  678.927991] PGD 0 
<5>[  678.928007] Oops: 0002 [#1] SMP 
<0>[  678.931976] gsmi: Log Shutdown Reason 0x03
<5>[  678.932002] Modules linked in: i2c_dev rfcomm cmac uinput zram(C) zsmalloc(C) memconsole aesni_intel snd_hda_codec_hdmi xts aes_x86_64 lrw ablk_helper cryptd snd_hda_codec_ca0132 ath9k_btcoex ath9k_common_btcoex ath9k_hw_btcoex snd_hda_intel ath snd_hda_codec mac80211 isl29018(C) industrialio snd_hwdep snd_pcm snd_page_alloc fuse cfg80211 nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter snd_seq_midi snd_seq_midi_event snd_rawmidi ip6_tables snd_seq snd_seq_device snd_timer smsc95xx smsc75xx usbnet ath3k btusb btrtl btbcm btintel bluetooth joydev uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core
<5>[  678.932363] CPU 1 
<5>[  678.932377] Pid: 12984, comm: TaskSchedulerFo Tainted: G        WC   3.8.11 #1
<5>[  678.932401] RIP: 0010:[<ffffffff8b1a8150>]  [<ffffffff8b1a8150>] list_del_init+0x8/0x1b
<5>[  678.932432] RSP: 0018:ffff88010ca13c30  EFLAGS: 00010202
<5>[  678.932448] RAX: ffff88010ca13c40 RBX: ffff880122e54c80 RCX: ffff88014f391540
<5>[  678.932466] RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffff880122e54c80
<5>[  678.932483] RBP: ffff88010ca13c78 R08: 0000000000000000 R09: ffffffff8b8b7ba8
<5>[  678.932501] R10: ffffffff8b8b7bb0 R11: 0000000000000008 R12: ffff88010ca13c40
<5>[  678.932518] R13: ffff880122e54f00 R14: ffff88014a4080d8 R15: ffff88010ca13d58
<5>[  678.932538] FS:  00007faef76e0700(0000) GS:ffff88014f280000(0000) knlGS:0000000000000000
<5>[  678.932558] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<5>[  678.932573] CR2: 0000000000000008 CR3: 000000000b80c000 CR4: 00000000001607e0
<5>[  678.932591] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
<5>[  678.932621] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
<5>[  678.932650] Process TaskSchedulerFo (pid: 12984, threadinfo ffff88010ca12000, task ffff880122cc1680)
<5>[  678.932669] Stack:
<5>[  678.932679]  ffff88010ca13c78 ffffffff8b1a87c8 ffff880122e54c80 ffff880122e54f00
<5>[  678.932715]  00000000f0462b52 ffff88010ca13c88 ffff8800a3139180 ffff88010ca13c88
<5>[  678.932750]  ffff880122cc1938 ffff88010ca13cb8 ffffffff8b1aab47 ffff880122cff400
<5>[  678.932786] Call Trace:
<5>[  678.932806]  [<ffffffff8b1a87c8>] ? namespace_unlock+0x98/0x10e
<5>[  678.932827]  [<ffffffff8b1aab47>] put_mnt_ns+0x19d/0x1c4
<5>[  678.932848]  [<ffffffff8b10774a>] free_nsproxy+0x1d/0x75
<5>[  678.932866]  [<ffffffff8b107956>] switch_task_namespaces+0x47/0x4e
<5>[  678.932885]  [<ffffffff8b10796d>] exit_task_namespaces+0x10/0x12
<5>[  678.932906]  [<ffffffff8b0ed17a>] do_exit+0x74b/0x8f7
<5>[  678.932925]  [<ffffffff8b0ed48b>] do_group_exit+0x42/0xb0
<5>[  678.932946]  [<ffffffff8b0f95ed>] get_signal_to_deliver+0x554/0x573
<5>[  678.932967]  [<ffffffff8b0b62c5>] do_signal+0x43/0x53a
<5>[  678.932989]  [<ffffffff8b02c75d>] ? sys_madvise+0x4ea/0x560
<5>[  678.933008]  [<ffffffff8b000551>] do_notify_resume+0x29/0x5b
<5>[  678.933032]  [<ffffffff8b550d89>] int_signal+0x12/0x17
<5>[  678.933047] Code: f1 be 00 00 40 00 48 89 e5 e8 fc fe ff ff 48 3d 00 f0 ff ff 77 0b 48 c7 80 b0 00 00 00 ea ff ff ff 5d c3 48 8b 17 48 8b 47 08 55 <48> 89 42 08 48 89 e5 48 89 10 48 89 3f 48 89 7f 08 5d c3 0f 1f 
<1>[  678.933391] RIP  [<ffffffff8b1a8150>] list_del_init+0x8/0x1b
<5>[  678.933414]  RSP <ffff88010ca13c30>
<5>[  678.933426] CR2: 0000000000000008
<4>[  678.933462] ---[ end trace 9a9b72083606a7f0 ]---

Comment 1 by briannorris@chromium.org, Oct 2

Mergedinto: 871915
Status: Duplicate (was: Untriaged)
I'm pretty sure this is a duplicate of bug 871915. It's almost the same code paths, and I'm pretty sure this is associated with kernel 3.8 (only? maybe 3.10 as well).

Sign in to add a comment