Bug 150590 - NULL pointer dereference in journal_commit_transaction
NULL pointer dereference in journal_commit_transaction
Status: CLOSED DUPLICATE of bug 147485
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Stephen Tweedie
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-03-08 15:06 EST by Bjorn Helgaas
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-18 10:00:46 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bjorn Helgaas 2005-03-08 15:06:16 EST
Description of problem:

Unable to handle kernel NULL pointer dereference (address 0000000000000018)
kjournald[210]: Oops 8821862825984 [1]
Modules linked in: etdusb(U) pcixit(U) 
etd_pciexp(U) pcidg(U) pci66(U) pcims(U) hotpdrv(U) etd_expcard(U) 
etdsuppdrv(U) cbdg(U) md5 ipv6 parport_pc lp parport autofs4 sunrpc ds 
yenta_socket pcmcia_core vfat fat dm_mod button tg3 tulip e1000 ext3 jbd cciss 
sym53c8xx scsi_transport_spi qla2300 qla2xxx s 
csi_transport_fc mptscsih mptbase sd_mod scsi_mod

Pid: 210, CPU 0, comm:            kjournald
psr : 0000101008026018 ifs : 
8000000000000fa4 ip : [<a000000200195520>] Tainted: P 
ip is at journal_commit_transaction+0xc00/0x3020 [jbd]
unat: 0000000000000000 pfs : 0000000000000fa4 rsc : 0000000000000003
rnat: 0000000000000000 bsps: 0000000000000000 pr  : 0000000000009541
ldrs: 0000000000000000 ccv : 0000000000088013 fpsr: 0009804c8a70433f
csd : 0000000000000000 ssd : 0000000000000000
b0  : a000000200195560 b6  : a00000020018f7d0 b7  : a00000010000ed10
f6  : 0fffbe38e38e381b23800 f7  : 0ffe38259694000000000
f8  : 100079400000000000000 f9  : 100029000000000000000
f10 : 10004838e38e386fb0860 f11 : 1003e0000000000000020
r1  : a00000020038c000 r2  : 0000000000000000 r3  : 0000000000000000
r8  : 0000000000000001 r9  : e000000100000000 r10 : e0000040cbdbc508
r11 : e0000001008f7af0 r12 : e0000001008f7b10 r13 : e0000001008f0000
r14 : e0000040cc9ae660 r15 : 0000000000008013 r16 : 0000000000088013
r17 : fffffffffff7ffff r18 : e0000001008f7ad0 r19 : e0000001008f7b18
r20 : e0000001008f7b00 r21 : e0000001008f7b08 r22 : a000000100657190
r23 : a00000010079ddc0 r24 : 0000000000008013 r25 : 0000000000008013
r26 : 0000000000000073 r27 : 0000000000000000 r28 : 000000000010a017
r29 : e0000040cc9ae698 r30 : 0000000000000000 r31 : e00000003ffee0dc

Call Trace:
 [<a000000100016a40>] show_stack+0x80/0xa0
                                sp=e0000001008f76c0 bsp=e0000001008f10b8
 [<a000000100017350>] show_regs+0x890/0x8c0
                                sp=e0000001008f7890 bsp=e0000001008f1070
 [<a00000010003c970>] die+0x150/0x240
                                sp=e0000001008f78b0 bsp=e0000001008f1030
 [<a00000010005d3f0>] ia64_do_page_fault+0x9f0/0xba0
                                sp=e0000001008f78b0 bsp=e0000001008f0fc0
 [<a00000010000f480>] ia64_leave_kernel+0x0/0x260
                                sp=e0000001008f7940 bsp=e0000001008f0fc0
 [<a000000200195520>] journal_commit_transaction+0xc00/0x3020 [jbd]
                                sp=e0000001008f7b10 bsp=e0000001008f0ea0
 [<a00000020019d7b0>] kjournald+0x170/0x560 [jbd]
                                sp=e0000001008f7d80 bsp=e0000001008f0e38
 [<a0000001000188f0>] kernel_thread_helper+0x30/0x60
                                sp=e0000001008f7e30 bsp=e0000001008f0e10
 [<a000000100008c60>] start_kernel_thread+0x20/0x40
                                sp=e0000001008f7e30 bsp=e0000001008f0e10


Version-Release number of selected component (if applicable):

Linux svlpar10.fc.hp.com 2.6.9-1.648_EL #1 SMP Tue Oct 26 12:20:12 EDT 
2004 ia64 ia64 ia64 GNU/Linux

How reproducible:

Seen twice on 4- and 8-cpu machines, after 1/2 hour and 8 hours of
run-time.

Steps to Reproduce:
1.  Run meatgrinder (HP internal tool)
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Bjorn Helgaas 2005-03-08 15:07:54 EST
Second instance:

<1>Unable to handle kernel NULL pointer dereference (address 0000000000000018)
kjournald[587]: Oops 8821862825984 [1]
Modules linked in: etdusb(U) pcixit(U) etd_pciexp(U) pcidg(U) pci66(U) 
pcims(U) hotpdrv(U) etd_expcard(U) etdsuppdrv(U) cbdg(U) md5 ipv6 parport_pc 
lp parport autofs4 sunrpc ds yenta_socket pcmcia_core vfat fat dm_mod 
button tg3 tulip e1000 ext3 jbd cciss sym53c8xx scsi_transport_spi qla2300 
qla2xxx scsi_transport_fc mptscsih mptbase sd_mod scsi_mod

Pid: 587, CPU 5, comm:            kjournald
psr : 0000101008126010 ifs : 8000000000000fa4 ip  : [<a000000200195520>]    
Tainted: P  
ip is at journal_commit_transaction+0xc00/0x3020 [jbd]
unat: 0000000000000000 pfs : 0000000000000fa4 rsc : 0000000000000003
rnat: 0000000000000000 bsps: 0000000000000000 pr  : 0000000000009541
ldrs: 0000000000000000 ccv : 0000000000108019 fpsr: 0009804c8a70433f
csd : 0000000000000000 ssd : 0000000000000000
b0  : a000000200195880 b6  : a00000020018eef0 b7  : a00000010000ed10
f6  : 0fff7fffffffff0000000 f7  : 0ffe88200000000000000
f8  : 1003e000000002aaaaaab f9  : 1003e00000530d5444d6f
f10 : 1003e78e0b94d71c16f25 f11 : 1003e00000000000000dd
r1  : a00000020038c000 r2  : e00000003eb24084 r3  : e00000003e9924a8
r8  : 0000000000108019 r9  : 0000000000108019 r10 : 0000000000108019
r11 : 0000000000008019 r12 : e0000040fcdc7b10 r13 : e0000040fcdc0000
r14 : e0000040fe751530 r15 : 0000000000000078 r16 : 00000000000002a0
r17 : ffffffffffefffff r18 : 0000000000108019 r19 : e0000040fe753030
r20 : e0000040fe751530 r21 : e0000040fe7538d0 r22 : 0000000000004000
r23 : 0000000000004000 r24 : e0000040f1327580 r25 : 000000000000a019
r26 : a0000002001a7960 r27 : a0000002001a7400 r28 : a0000002001a6140
r29 : e0000040fe751568 r30 : a0000002001a5d80 r31 : 0000000000000000

Call Trace:
 [<a000000100016a40>] show_stack+0x80/0xa0
                                sp=e0000040fcdc76c0 bsp=e0000040fcdc10b8
 [<a000000100017350>] show_regs+0x890/0x8c0
                                sp=e0000040fcdc7890 bsp=e0000040fcdc1070
 [<a00000010003c970>] die+0x150/0x240
                                sp=e0000040fcdc78b0 bsp=e0000040fcdc1030
 [<a00000010005d3f0>] ia64_do_page_fault+0x9f0/0xba0
                                sp=e0000040fcdc78b0 bsp=e0000040fcdc0fc0
 [<a00000010000f480>] ia64_leave_kernel+0x0/0x260
                                sp=e0000040fcdc7940 bsp=e0000040fcdc0fc0
 [<a000000200195520>] journal_commit_transaction+0xc00/0x3020 [jbd]
                                sp=e0000040fcdc7b10 bsp=e0000040fcdc0ea0
 [<a00000020019d7b0>] kjournald+0x170/0x560 [jbd]
                                sp=e0000040fcdc7d80 bsp=e0000040fcdc0e38
 [<a0000001000188f0>] kernel_thread_helper+0x30/0x60
                                sp=e0000040fcdc7e30 bsp=e0000040fcdc0e10
 [<a000000100008c60>] start_kernel_thread+0x20/0x40
                                sp=e0000040fcdc7e30 bsp=e0000040fcdc0e10

Comment 2 Bjorn Helgaas 2005-03-08 15:08:47 EST
For reference, this is HP-internal defect report AS1214
Comment 3 Dave Jones 2005-03-08 15:30:02 EST
Stephen, one more for your collection. Close as dupe if its the same as the
others you've been working on.
Comment 4 Stephen Tweedie 2005-03-18 10:00:46 EST
The fix for this bug has been checked in for RHEL4 U1.

I am closing this bug as a duplicate of bug #147485 (which is a public bug, and
can therefore serve as a reasonable long-term bookmark for this problem.)

In addition, bug #150568 will remain open to track a possible more complete, but
more invasive and more risky, fix for this problem for U2 or later.


*** This bug has been marked as a duplicate of 147485 ***

Note You need to log in before you can comment on or make changes to this bug.