Bug 829413

Summary: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
Product: [Fedora] Fedora Reporter: H.J. Lu <hongjiu.lu>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-12 14:05:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description H.J. Lu 2012-06-06 16:19:13 UTC
During a mock rebuild, kernel-3.4.1-1.fc17.x86_64 gave

[90464.019808] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
[90464.019868] IP: [<ffffffffa01b1056>] svc_destroy+0x26/0x150 [sunrpc]
[90464.019923] PGD 0 
[90464.019940] Oops: 0000 [#1] SMP 
[90464.019969] CPU 0 
[90464.019982] Modules linked in: nfs fscache i7core_edac lm63 snd_hda_codec_realtek i2c_i801 edac_core coretemp snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_page_alloc snd_timer snd soundcore iTCO_wdt iTCO_vendor_support e1000e serio_raw microcode uinput nfsd nfs_acl auth_rpcgss lockd sunrpc binfmt_misc firewire_ohci ata_generic firewire_core pata_acpi mxm_wmi crc32c_intel crc_itu_t pata_marvell wmi radeon i2c_algo_bit drm_kms_helper ttm drm i2c_core [last unloaded: scsi_wait_scan]
[90464.020357] 
[90464.020369] Pid: 8511, comm: mock Not tainted 3.4.1-1.fc17.x86_64 #1                  /DX58SO
[90464.020429] RIP: 0010:[<ffffffffa01b1056>]  [<ffffffffa01b1056>] svc_destroy+0x26/0x150 [sunrpc]
[90464.020494] RSP: 0018:ffff880102485cb8  EFLAGS: 00010246
[90464.020527] RAX: 0000000000000000 RBX: ffff8801a4f80a00 RCX: 00000000000004b3
[90464.020570] RDX: 00000000000004b2 RSI: ffffea00068fdc00 RDI: ffff8801a4f80a00
[90464.020613] RBP: ffff880102485cc8 R08: 00000000000166e0 R09: ffff8801afc166e0
[90464.020655] R10: ffffea00068f2000 R11: ffffffffa01b1739 R12: ffff8801a3c82000
[90464.020698] R13: ffff880037977280 R14: ffff8801a4f80a00 R15: ffff8801a4a39700
[90464.020741] FS:  00007ffff7fd5740(0000) GS:ffff8801afc00000(0000) knlGS:0000000000000000
[90464.020790] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[90464.020825] CR2: 0000000000000028 CR3: 0000000001a0c000 CR4: 00000000000007f0
[90464.020868] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[90464.020911] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[90464.020954] Process mock (pid: 8511, threadinfo ffff880102484000, task ffff8801a4a39700)
[90464.021002] Stack:
[90464.021015]  ffff880037977284 ffff8801a3c82000 ffff880102485cf8 ffffffffa01b1746
[90464.021070]  0000000000000000 ffff88003791b300 ffff88003791b300 ffff88007b293080
[90464.021124]  ffff880102485d10 ffffffffa03b2583 ffff8801a2a44400 ffff880102485d28
[90464.021178] Call Trace:
[90464.021205]  [<ffffffffa01b1746>] svc_exit_thread+0xa6/0xb0 [sunrpc]
[90464.021262]  [<ffffffffa03b2583>] nfs_callback_down+0x43/0x80 [nfs]
[90464.021306]  [<ffffffffa03794e0>] nfs_free_client+0x60/0x140 [nfs]
[90464.021350]  [<ffffffffa0379e48>] nfs_put_client+0xd8/0x100 [nfs]
[90464.021393]  [<ffffffffa037b006>] nfs_free_server+0xf6/0x180 [nfs]
[90464.021439]  [<ffffffffa0385a78>] nfs4_kill_super+0x48/0x90 [nfs]
[90464.021479]  [<ffffffff8117d397>] deactivate_locked_super+0x57/0x90
[90464.021519]  [<ffffffff8117d606>] deactivate_super+0x46/0x60
[90464.021556]  [<ffffffff81197f5c>] mntput_no_expire+0xcc/0x120
[90464.021593]  [<ffffffff81197fd6>] mntput+0x26/0x40
[90464.021624]  [<ffffffff81198967>] release_mounts+0x77/0x90
[90464.021659]  [<ffffffff8119a388>] put_mnt_ns+0x78/0x90
[90464.021693]  [<ffffffff8107cd6b>] free_nsproxy+0x1b/0xa0
[90464.021727]  [<ffffffff8107cfa0>] switch_task_namespaces+0x50/0x60
[90464.021765]  [<ffffffff8107cfc0>] exit_task_namespaces+0x10/0x20
[90464.023340]  [<ffffffff8105ade6>] do_exit+0x456/0x8a0
[90464.024914]  [<ffffffff81067beb>] ? recalc_sigpending+0x1b/0x60
[90464.026491]  [<ffffffff8105b56f>] do_group_exit+0x3f/0xa0
[90464.028060]  [<ffffffff8105b5e7>] sys_exit_group+0x17/0x20
[90464.029595]  [<ffffffff815ef5ed>] system_call_fastpath+0x1a/0x1f
[90464.031103] Code: f8 c9 c3 66 90 55 48 89 e5 41 54 53 66 66 66 66 90 65 48 8b 04 25 00 c7 00 00 f6 05 c1 1c 02 00 02 48 8b 80 38 05 00 00 48 89 fb <4c> 8b 60 28 0f 85 fb 00 00 00 8b 43 14 85 c0 0f 84 da 00 00 00 
[90464.034544] RIP  [<ffffffffa01b1056>] svc_destroy+0x26/0x150 [sunrpc]
[90464.036224]  RSP <ffff880102485cb8>
[90464.037846] CR2: 0000000000000028
[90464.045352] ---[ end trace d4dbe1278912601f ]---
[90464.047065] Fixing recursive fault but reboot is needed!

Comment 1 H.J. Lu 2012-06-06 16:24:45 UTC
It is a known bug:

http://lkml.indiana.edu/hypermail/linux/kernel/1205.3/00267.html

Comment 3 H.J. Lu 2012-06-12 13:59:37 UTC
Still happens with 3.4.2-1.fc17.x86_64.

Comment 4 Josh Boyer 2012-06-12 14:05:47 UTC
This one feel through the cracks.  We have traction on it in another bug, so duping it.

*** This bug has been marked as a duplicate of bug 830862 ***