Bug 696178

Summary: UV - NULL dereference in xs_tcp_setup_socket()
Product: Red Hat Enterprise Linux 6 Reporter: George Beshers <gbeshers>
Component: kernelAssignee: George Beshers <gbeshers>
Status: CLOSED NOTABUG QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 6.1CC: ctatman, gbeshers, jdonohue, loriann, rja, syeghiay, tee, wgomerin
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-14 19:26:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 846704    

Description George Beshers 2011-04-13 13:43:58 UTC 
This was based on 2.6.32-130 but had a additional patches
including kdb.  Jack Steiner thinks the patches are unrelated.

Description of problem:
I left a system (uvmid5) running last night. I _think_ Karl was running
MPT regression but am not certain what else was running.

When I woke up this AM, I noticed the system was in kdb.

System was running a kernel I built from stout7/rhel6. Tree was current
as of last night.

<1>[ 4444.997462] BUG: unable to handle kernel NULL pointer dereference at 0000000000000038
<1>[ 4445.000851] IP: [<ffffffffa03211a8>] xs_tcp_setup_socket+0x318/0x470 [sunrpc]
<4>[ 4445.000851] PGD 0 
<0>[ 4445.000851] Oops: 0000 [#1] SMP 
<0>[ 4445.000851] last sysfs file: /sys/devices/system/node/possible
[4]kdb> 
[4]kdb> bt
Stack traceback for pid 4402
0xffff8802fcffe0c0     4402        2  1    4   R  0xffff8802fcffe750 *rpciod/4
sp                ip                Function (args)
0xffff8802fdfe9dd8 0xffffffffa03211a8 [sunrpc]xs_tcp_setup_socket+0x318 (0xffff88037cd13660)
kdb_bb: address 0xffffe89e01907208 not recognised
Using old style backtrace, unreliable with no arguments
sp                ip                Function (args)
0xffff8802fdfe9dd8 0xffffffffa03211a8 [sunrpc]xs_tcp_setup_socket+0x318
0xffff8802fdfe9e30 0xffffffffa0320e90 [sunrpc]xs_tcp_setup_socket
0xffff8802fdfe9e58 0xffffffff81066ec6 worker_thread+0x136
0xffff8802fdfe9e90 0xffffffff8106b480 autoremove_wake_function
0xffff8802fdfe9ed0 0xffffffff81066d90 worker_thread
0xffff8802fdfe9ee8 0xffffffff8106b186 kthread+0x96
0xffff8802fdfe9f48 0xffffffff81003fca child_rip+0xa
[4]kdb> ps
47 idle processes (state I) and 
668 sleeping system daemon (state M) processes suppressed,
use 'ps A' to see all.

Task Addr               Pid   Parent [*] cpu State Thread             Command
0xffff8802fcffe0c0     4402        2  1    4   R  0xffff8802fcffe750 *rpciod/4

0xffff8843fd50e040        1        0  0   40   S  0xffff8843fd50e6d0  init
0xffff88037bfb0440     2120        1  0    4   S  0xffff88037bfb0ad0  udevd
0xffff8827fb89e6c0     4079        1  0   13   S  0xffff8827fb89ed50  auditd
0xffff8841f87781c0     4080        1  0   32   S  0xffff8841f8778850  auditd
0xffff8827fc6b8080     4097        1  0   24   S  0xffff8827fc6b8710  portreserve
0xffff88037c2c4280     4104        1  0    6   S  0xffff88037c2c4910  rsyslogd
0xffff8802fc8163c0     4106        1  0    0   S  0xffff8802fc816a50  rsyslogd
0xffff8802fd8ce400     4107        1  0    2   S  0xffff8802fd8cea90  rsyslogd
0xffff8802ee59e2c0    17880        1  0   13   S  0xffff8802ee59e950  rs:main Q:Reg
0xffff8843fd6c03c0     4249        1  0   13   S  0xffff8843fd6c0a50  rpcbind
0xffff88037c334500     4261        1  0    7   S  0xffff88037c334b90  mdadm
0xffff8802fc814200     4297        1  0   12   S  0xffff8802fc814890  memlogd
0xffff8823fd6b8540     4324        1  0   19   S  0xffff8823fd6b8bd0  memlogd
0xffff88037bf90680     4314        1  0    7   S  0xffff88037bf90d10  dbus-daemon
0xffff88037c3580c0     4325        1  0    8   S  0xffff88037c358750  NetworkManager
0xffff8823fd8865c0     4339        1  0   19   S  0xffff8823fd886c50  NetworkManager
0xffff8827fcf8e3c0     4328        1  0   10   S  0xffff8827fcf8ea50  modem-manager
[4]more>  
Only 'q' or 'Q' are processed at more prompt, input ignored
0xffff8802fcff46c0     4338     4325  0    9   S  0xffff8802fcff4d50  dhclient
0xffff8827fbca8100     4341        1  0   25   S  0xffff8827fbca8790  wpa_supplicant
0xffff8823fce14640     4343        1  0    7   S  0xffff8823fce14cd0  avahi-daemon
0xffff8827fbcfe0c0     4344     4343  0   18   S  0xffff8827fbcfe750  avahi-daemon
0xffff8802fd8aa480     4361        1  0    0   S  0xffff8802fd8aab10  rpc.statd
0xffff8802fcffe0c0     4402        2  1    4   R  0xffff8802fcffe750 *rpciod/4
0xffff8863fb8da500     4452        1  0   36   S  0xffff8863fb8dab90  rpc.idmapd
0xffff8861f8ee8100     4475        1  0    5   S  0xffff8861f8ee8790  acpid
0xffff8861fc98e1c0     4484        1  0    4   S  0xffff8861fc98e850  hald
0xffff8863fb80e140     4485     4484  0    0   S  0xffff8863fb80e7d0  hald-runner
0xffff8827fbcba380     4531     4485  0    0   S  0xffff8827fbcbaa10  hald-addon-inpu
0xffff8841fa020340     4533     4485  0    0   S  0xffff8841fa0209d0  hald-addon-acpi
0xffff88037e2be380     4552        1  0    6   S  0xffff88037e2bea10  sgi_irqbalance
0xffff8802fd862140     4556     4325  0    3   S  0xffff8802fd8627d0  dhclient
0xffff8843fbbfa5c0     4626        1  0    4   S  0xffff8843fbbfac50  ypbind
0xffff8861fd1a2280     4627        1  0   43   S  0xffff8861fd1a2910  ypbind
0xffff8861fd278300     4628        1  0   10   S  0xffff8861fd278990  ypbind
0xffff8861fca7a680     4631        1  0    4   S  0xffff8861fca7ad10  ypbind
0xffff8841fc89e040     4651        1  0    0   S  0xffff8841fc89e6d0  automount
0xffff8843fbf12440     4652        1  0   39   S  0xffff8843fbf12ad0  automount
0xffff8843fbffc640     4653        1  0   36   S  0xffff8843fbffccd0  automount
0xffff88037c2c6340     4656        1  0   18   S  0xffff88037c2c69d0  automount
[4]more>  
Only 'q' or 'Q' are processed at more prompt, input ignored
0xffff88037bffe4c0     4659        1  0    6   S  0xffff88037bffeb50  automount
0xffff88037beb2380     4660        1  0    5   S  0xffff88037beb2a10  automount
0xffff88037df5e400     4661        1  0    4   S  0xffff88037df5ea90  automount
0xffff88037c0b03c0     4662        1  0    4   S  0xffff88037c0b0a50  automount
0xffff88037caa4640     4663        1  0    4   S  0xffff88037caa4cd0  automount
0xffff88037caa2600     4664        1  0    4   S  0xffff88037caa2c90  automount
0xffff88037c24a300     4665        1  0    4   S  0xffff88037c24a990  automount
0xffff88037c352340     4666        1  0    4   S  0xffff88037c3529d0  automount
0xffff88037cac86c0     4667        1  0    4   S  0xffff88037cac8d50  automount
0xffff88037cb2e0c0     4668        1  0    1   S  0xffff88037cb2e750  automount
0xffff88037c20a040     4669        1  0    4   S  0xffff88037c20a6d0  automount
0xffff88037caec080     4670        1  0    4   S  0xffff88037caec710  automount
0xffff88037cdc63c0     4671        1  0    4   S  0xffff88037cdc6a50  automount
0xffff88037b50c400     4672        1  0    4   S  0xffff88037b50ca90  automount
0xffff88037e3061c0     4673        1  0    4   S  0xffff88037e306850  automount
0xffff88037e3b4100     4674        1  0    4   S  0xffff88037e3b4790  automount
0xffff88037c0bc280     4675        1  0    4   S  0xffff88037c0bc910  automount
0xffff88037bff8380     4676        1  0    0   S  0xffff88037bff8a10  automount
0xffff88037c5826c0    21304        1  0    4   S  0xffff88037c582d50  automount
0xffff8823fe5801c0     4812        1  0    7   S  0xffff8823fe580850  espdbd
0xffff8827fbff2340     4814        1  0   26   S  0xffff8827fbff29d0  espdbd
0xffff8827fcf96200     4815        1  0   25   S  0xffff8827fcf96890  espdbd
[4]more>  
Only 'q' or 'Q' are processed at more prompt, input ignored
0xffff8802fd84a640     4907        1  0   13   S  0xffff8802fd84acd0  procsetd
0xffff8861fcf54340     5001        1  0    2   S  0xffff8861fcf549d0  arrayd
0xffff8843fb850080     5021        1  0    1   S  0xffff8843fb850710  sshd
0xffff8843fd6f00c0     5029        1  0   36   S  0xffff8843fd6f0750  xinetd
0xffff8827fcf40100     5037        1  0    4   S  0xffff8827fcf40790  ntpd
0xffff88037caa05c0     5053        1  0    4   S  0xffff88037caa0c50  sendmail
0xffff88037b53c580     5061        1  0    7   S  0xffff88037b53cc10  sendmail
0xffff88037bf004c0     5071        1  0   36   S  0xffff88037bf00b50  abrtd
0xffff8841fcb561c0     5085        1  0   42   S  0xffff8841fcb56850  ksmtuned
0xffff8827fcfc62c0     5094        1  0   32   S  0xffff8827fcfc6950  crond
0xffff8827fd568580     5105        1  0   24   S  0xffff8827fd568c10  atd
0xffff8843fbba2240     5216        1  0    0   S  0xffff8843fbba28d0  pmcd
0xffff8843fbafa040     5398        1  0   43   S  0xffff8843fbafa6d0  pmproxy
0xffff8802fc848680     5621        1  0    6   S  0xffff8802fc848d10  libvirtd
0xffff88037ddf2600     5634        1  0    5   S  0xffff88037ddf2c90  libvirtd
0xffff8802fcca8300     5635        1  0   12   S  0xffff8802fcca8990  libvirtd
0xffff8802fe788340     5636        1  0   19   S  0xffff8802fe7889d0  libvirtd
0xffff8802fe6664c0     5637        1  0   13   S  0xffff8802fe666b50  libvirtd
0xffff8802fd80a440     5638        1  0   12   S  0xffff8802fd80aad0  libvirtd
0xffff8802fdf60100     5639        1  0   13   S  0xffff8802fdf60790  libvirtd
0xffff8863fcf56540     5654        1  0    1   S  0xffff8863fcf56bd0  pmie
0xffff8863fd558100     5743        1  0    8   S  0xffff8863fd558790  rhsmcertd
[4]more>  
Only 'q' or 'Q' are processed at more prompt, input ignored
0xffff8802fe5da4c0     5774        1  0   15   S  0xffff8802fe5dab50  matahari-hostd
0xffff8823fcea0240     5775        1  0   16   S  0xffff8823fcea08d0  matahari-hostd
0xffff8841fd8b2200     5786        1  0   32   S  0xffff8841fd8b2890  matahari-netd
0xffff8843fbfda2c0     5787        1  0   36   S  0xffff8843fbfda950  matahari-netd
0xffff8843fbbf8600     5798        1  0   37   S  0xffff8843fbbf8c90  matahari-servic
0xffff8861f8f16440     5799        1  0   43   S  0xffff8861f8f16ad0  matahari-servic
0xffff8861fdb32200     5808        1  0    6   S  0xffff8861fdb32890  mingetty
0xffff88037ca224c0     5810        1  0   10   S  0xffff88037ca22b50  mingetty
0xffff8823fd95e480     5812        1  0   18   S  0xffff8823fd95eb10  mingetty
0xffff8841fcb1a580     5814        1  0   31   S  0xffff8841fcb1ac10  mingetty
0xffff8861f8f622c0     5816        1  0   30   S  0xffff8861f8f62950  mingetty
0xffff88037c220340     5818        1  0    8   S  0xffff88037c2209d0  mingetty
0xffff8802fd852040     5819        1  0    2   S  0xffff8802fd8526d0  agetty
0xffff8802fcdf8640     5822     2120  0    5   S  0xffff8802fcdf8cd0  udevd
0xffff8802fcd2e5c0     5823     2120  0    8   S  0xffff8802fcd2ec50  udevd
0xffff88037b610380     5988     5021  0    1   S  0xffff88037b610a10  sshd
0xffff88037b4943c0     5990     5988  0   20   S  0xffff88037b494a50  bash
0xffff8827fbd9a240    10903     5990  0    4   S  0xffff8827fbd9a8d0  su
0xffff88037c65e100    10904    10903  0    2   S  0xffff88037c65e790  csh
0xffff88037c5a2500    11000    10904  0    4   S  0xffff88037c5a2b90  sh
0xffff88037c4b8680    11001    11000  0    5   S  0xffff88037c4b8d10  ltrunall_ssi
0xffff8803744c2080    11349    11001  0   36   S  0xffff8803744c2710  ltrunall
[4]more>  
Only 'q' or 'Q' are processed at more prompt, input ignored
0xffff8861fc9b6580    10992    11349  0    2   S  0xffff8861fc9b6c10  sh
0xffff8861fcfbe100    11096    10992  0   18   S  0xffff8861fcfbe790  sh
0xffff8863fb060340    18277     5085  0    0   S  0xffff8863fb0609d0  sleep
0xffff8827fb8505c0    21303    11096  0    0   S  0xffff8827fb850c50  ifort
0xffff88036c4fa040    21305    21304  0    6   S  0xffff88036c4fa6d0  mount
0xffff8802fcc6c3c0    21306    21305  0    4   D  0xffff8802fcc6ca50  mount.nfs


Version-Release number of selected component (if applicable):
  2.6.32-130  but modified


How reproducible:
  Only seen once, but we will try :-/.


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 5 RHEL Program Management 2011-10-07 15:30:29 UTC 
Since RHEL 6.2 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 6 Russ Anderson 2014-10-14 19:26:53 UTC 
No further reports of this problem so closing.