From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1 Description of problem: I am trying to run compialtion in to my filesystem space on 2.4.21-20.ELhugemem and see this crash once in a while. We had to do changes in to the filesystem for the hugemem support. Unable to handle kernel NULL pointer dereference at virtual address 00000014 printing eip: 021655c2 *pde = 00003001 *pte = 00000000 Oops: 0002 panfs loop nfsd lp parport nfs lockd sunrpc audit e100 floppy sg keybdev mousedev hid input usb-ohci usbcore ext3 jbd aic7xxx diskdumplib sd_mod scsi_mod CPU: 0 EIP: 0060:[<021655c2>] Tainted: P EFLAGS: 00010246 EIP is at fput [kernel] 0x2 (2.4.21-20.ELhugemem/i686) eax: 00000000 ebx: 00000007 ecx: 00280007 edx: 00000000 esi: ffffffff edi: 00000000 ebp: 281e3e54 esp: 281e3ca4 ds: 0068 es: 0068 ss: 0068 Process mkdep (pid: 19310, stackpage=281e3000) Stack: 0218f4ba 281e3e54 00000001 09ad6b80 000000e0 00000044 281e3cdc 42ab5cc9 40476780 281e3d40 00000044 239dad80 10f30414 00073d70 00000000 00400000 00000000 00000001 00000000 00000000 00000000 00000000 ffffffff 080487e0 Call Trace: [<0218f4ba>] load_elf_binary [kernel] 0x8ba (0x281e3ca4) [<0214013a>] follow_page [kernel] 0x23a (0x281e3d48) [<02161aac>] rw_vm [kernel] 0x6c (0x281e3d8c) [<0218ec00>] load_elf_binary [kernel] 0x0 (0x281e3df0) [<0216ffd4>] search_binary_handler [kernel] 0x124 (0x281e3dfc) [<021701f2>] do_execve [kernel] 0x182 (0x281e3e44) [<0210a110>] sys_execve [kernel] 0x50 (0x281e3fa4) Code: Bad EIP value. Kernel panic: Fatal exception Version-Release number of selected component (if applicable): How reproducible: Sometimes Steps to Reproduce: 1.Trying to run compilation in a filesystem space 2. 3. Actual Results: crash Expected Results: work fine Additional info:
Hello, Satish. Could you please reproduce this on an untainted 2.4.21-27.0.2.EL-based kernel? There were some security errata fixes for load_elf_binary() in RHSA-2005:043. Thanks.
Thanks for y'r help, it turns out that the issue for me was "how to determine if a address passed in was kernel or user?" which i could get around by using set_fs/get_fs. So i mark this as worksforme