A null dereference crash occurs in unlink_anon_vmas().

Solution Unverified - Updated -

Issue

  • A null dereference crash occurs in unlink_anon_vmas().
[166561.497600] BUG: unable to handle kernel 
[166561.497600] NULL pointer dereference
[166561.497601]  at           (null)
[166561.497601] IP:
[166561.497606]  [<ffffffff88802b65>] unlink_anon_vmas+0x25/0x1b0

PID: 22605  TASK: ffff9f27db7d9070  CPU: 2   COMMAND: "python"
 #0 [ffff9f28e265f810] machine_kexec at ffffffff886664b4
 #1 [ffff9f28e265f870] __crash_kexec at ffffffff88723512
 #2 [ffff9f28e265f940] crash_kexec at ffffffff88723600
 #3 [ffff9f28e265f958] oops_end at ffffffff88d88798
 #4 [ffff9f28e265f980] no_context at ffffffff88675ce4
 #5 [ffff9f28e265f9d0] __bad_area_nosemaphore at ffffffff88675fb2
 #6 [ffff9f28e265fa20] bad_area_nosemaphore at ffffffff886760d4
 #7 [ffff9f28e265fa30] __do_page_fault at ffffffff88d8b750
 #8 [ffff9f28e265faa0] do_page_fault at ffffffff88d8b975
 #9 [ffff9f28e265fad0] page_fault at ffffffff88d87778
    [exception RIP: unlink_anon_vmas+37]
    RIP: ffffffff88802b65  RSP: ffff9f28e265fb80  RFLAGS: 00010282
    RAX: 000000000243c000  RBX: 0000000000000000  RCX: 000000018040003d
    RDX: 000000000223c000  RSI: fffffd103e31ad80  RDI: ffff9f26f52af960
    RBP: ffff9f28e265fbc0   R8: 0000000000000000   R9: 000000018040003d
    R10: 000000008c6b6f01  R11: ffff9f288c6b6a00  R12: 0000000000400000
    R13: ffff9f26f52af9d8  R14: 0000000000000000  R15: 0000000000000000
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
#10 [ffff9f28e265fbc8] free_pgtables at ffffffff887f0948
#11 [ffff9f28e265fc08] exit_mmap at ffffffff887fd486
#12 [ffff9f28e265fcc0] mmput at ffffffff88698547
#13 [ffff9f28e265fce0] do_exit at ffffffff886a2318
#14 [ffff9f28e265fd78] do_group_exit at ffffffff886a2b5f
#15 [ffff9f28e265fda8] get_signal_to_deliver at ffffffff886b39ee
#16 [ffff9f28e265fe40] do_signal at ffffffff8862c527
#17 [ffff9f28e265ff30] do_notify_resume at ffffffff8862cc32
#18 [ffff9f28e265ff50] retint_signal at ffffffff88d8757c
    RIP: 00007ffff7a7f735  RSP: 00007fffffff9480  RFLAGS: 00010246
    RAX: 00007ffff7dc0480  RBX: 00007fffeadd37b0  RCX: 0000000000000000
    RDX: 03af761c3e774861  RSI: 00007fffefdaf530  RDI: 00000000006020a0
    RBP: 00007fffeadd3790   R8: 0000000000000002   R9: 0000000000000000
    R10: 000000000000007c  R11: 0000000000000000  R12: 00007ffff7fde168
    R13: 000000000159c5e0  R14: 00007fffefd946e0  R15: 0000000000000000
    ORIG_RAX: ffffffffffffffff  CS: 0033  SS: 002b

Environment

  • kernel-3.10.0-1062.9.1.el7
  • Lots of custom modules and proprietary drivers are installed and loaded
crash> mod -t
NAME             TAINTS
jfpga_core       OE
jfpga_chipid     OE
jfpga_i2c        OE
jfpga_tempsense  OE
jfpga_xactly     OE
jfpga_board      OE
jfpga_wallclock  OE
ib_umad          OE
mlxfw            OE
jfpga_dma        OE
jfpga_qsfp       OE
jfpga_pcie       OE
mlx5_core        OE
jfpga_ethernet   OE
ib_iser          OE
rdma_ucm         OE
ib_cm            OE
ib_core          OE
ib_uverbs        OE
ib_ipoib         OE
iw_cm            OE
rdma_cm          OE
mlx5_ib          OE

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions