> Kernel: 2.0.27
>
> Found this in /proc/kmsg (and on my console):
>
> <1>Unable to handle kernel NULL pointer dereference at virtual address c000010c
> <1>current->tss.cr3 = 00101000, %cr3 = 00101000
> <1>*pde = 00102067
> <1>*pte = 00000027
> <4>Oops: 0002
> <4>CPU: 0
> <4>EIP: 0010:[<00115028>]
> <4>EFLAGS: 00010216
> <4>eax: 00000000 ebx: 002bb414 ecx: 0164112c edx: 0000f414
> <4>esi: 00000100 edi: 00000009 ebp: 0000d018 esp: 00041f98
> <4>ds: 0018 es: 0018 fs: 0000 gs: 0000 ss: 0018
> <4>Process bash (pid: 54, process nr: 13, stackpage=00041000)
> <4>Stack: 0009e3d8 0011529c 0000f414 ffffffff fffffffc 00000000 001152de 00000000
> <4> 0010a602 00000000 00000000 000019b0 ffffffff fffffffc 00000000 ffffffda
> <4> 0000002b 0000002b 0000002b 0000002b 00000001 400cbb36 00000023 00000296
> <4>Call Trace: [<0011529c>] [<001152de>] [<0010a602>]
> <4>Code: 89 98 0c 01 00 00 8b 83 04 01 00 00 89 98 08 01 00 00 8b 03
>
> ksymoops System.map </tmp/hoi/null_pointer
> Trace: 11529c <do_exit+1b8/1ec>
> Trace: 1152de <sys_exit+e/10>
> Trace: 10a602 <system_call+52/80>
The offending function is exit_notify:
if (task[smp_num_cpus] && task[smp_num_cpus] != current) /* init */
p->p_pptr = task[smp_num_cpus];
else
p->p_pptr = task[0];
p->p_osptr = p->p_pptr->p_cptr;
^^^^^^^^^^^^^^^^^ <---- NULL pointer,
dereferenced one line down
p->p_osptr->p_ysptr = p;
p->p_pptr->p_cptr = p;
Hmm... init with no children? Makes sense if the dying bash was the only
one (single user mode at boot-up). Perhaps a check for this wouldn't be
such a bad idea. But then, why did bash decide to die in the first place?
Any ideas?
Ionut
--
It is better to keep your mouth shut and be thought a fool,
than to open it and remove all doubt.