On Thu, 8 Apr 2010 12:57:22 +0900 Daisuke Nishimura <nishimura@xxxxxxxxxxxxxxxxx> wrote: > On Thu, 08 Apr 2010 03:51:50 +0200, Andrea Arcangeli <aarcange@xxxxxxxxxx> wrote: > > From: Andrea Arcangeli <aarcange@xxxxxxxxxx> > > > > If a signal is pending (task being killed by sigkill) __mem_cgroup_try_charge > > will write NULL into &mem, and css_put will oops on null pointer dereference. > > > > BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 > > IP: [<ffffffff810fc6cc>] mem_cgroup_prepare_migration+0x7c/0xc0 > > PGD a5d89067 PUD a5d8a067 PMD 0 > > Oops: 0000 [#1] SMP > > last sysfs file: /sys/devices/platform/microcode/firmware/microcode/loading > > CPU 0 > > Modules linked in: nfs lockd nfs_acl auth_rpcgss sunrpc acpi_cpufreq pcspkr sg [last unloaded: microcode] > > > > Pid: 5299, comm: largepages Tainted: G W 2.6.34-rc3 #3 Penryn1600SLI-110dB/To Be Filled By O.E.M. > > RIP: 0010:[<ffffffff810fc6cc>] [<ffffffff810fc6cc>] mem_cgroup_prepare_migration+0x7c/0xc0 > > > > Signed-off-by: Andrea Arcangeli <aarcange@xxxxxxxxxx> > Nice catch ! > > But I think this fix should be forwarded to 34-rc and stable. They all have > the same problem if the "current" which is doing the page migration is being > oom-killed. OK. I added the cc:stable. The patch gets a trivial reject vs 2.6.33, but they'll work it out ;) -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxxx For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>