Bug 1256356 - kernel oops on Rawhide
kernel oops on Rawhide
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
rawhide
Unspecified Unspecified
high Severity high
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-24 08:11 EDT by Alexander Todorov
Modified: 2015-08-25 14:52 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-25 07:08:12 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Alexander Todorov 2015-08-24 08:11:37 EDT
Description of problem:



[ 5627.588895] BUG: unable to handle kernel NULL pointer dereference at           (null)
[ 5627.590563] IP: [<ffffffff8165288d>] __skb_recv_datagram+0x41d/0x5b0
[ 5627.590563] PGD 0 
[ 5627.590563] Oops: 0002 [#1] SMP 
[ 5627.590563] Modules linked in: bnep bluetooth rfkill ipmi_ssif e1000e tg3 iTCO_wdt ptp iTCO_vendor_support gpio_ich pps_core bnx2 i5000_edac kvm_intel edac_core lpc_ich ipmi_si kvm i5k_amb shpchp ipmi_msghandler hpwdt hpilo acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc amdkfd amd_iommu_v2 radeon hpsa i2c_algo_bit drm_kms_helper ttm drm serio_raw cciss
[ 5627.590563] CPU: 1 PID: 722 Comm: NetworkManager Not tainted 4.2.0-0.rc6.git0.2.fc24.x86_64 #1
[ 5627.590563] Hardware name: HP ProLiant BL480c G1, BIOS I14 10/04/2007
[ 5627.590563] task: ffff8800c9470000 ti: ffff88012a0a0000 task.ti: ffff88012a0a0000
[ 5627.590563] RIP: 0010:[<ffffffff8165288d>]  [<ffffffff8165288d>] __skb_recv_datagram+0x41d/0x5b0
[ 5627.590563] RSP: 0018:ffff88012a0a3b78  EFLAGS: 00010046
[ 5627.590563] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000292
[ 5627.590563] RDX: ffff88002946f400 RSI: 0000000000000000 RDI: ffff8800c9da20ac
[ 5627.590563] RBP: ffff88012a0a3c48 R08: ffff88012a0a3c88 R09: 0000000000000000
[ 5627.590563] R10: 0000000000000000 R11: 0000000000000002 R12: ffff88012a0a3c58
[ 5627.590563] R13: ffff8800c9da2000 R14: ffff8800c9da2098 R15: ffff88002946ef00
[ 5627.590563] FS:  00007f3d1c3c9900(0000) GS:ffff88012fa40000(0000) knlGS:0000000000000000
[ 5627.590563] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5627.590563] CR2: 0000000000000000 CR3: 000000012aa5c000 CR4: 00000000000006e0
[ 5627.590563] Stack:
[ 5627.590563]  ffff88002946f400 ffff88012a23c8c0 ffff88012a0a3bb8 ffffffff8164b91b
[ 5627.590563]  ffff88012a0a3bb8 ffff88002946f400 ffff8800c9470000 ffff88012a0a4000
[ 5627.590563]  ffff88012a0a3c00 ffff88012a0a3c88 0000000000000000 ffff88012a0a3c5c
[ 5627.590563] Call Trace:
[ 5627.590563]  [<ffffffff8164b91b>] ? skb_release_data+0xab/0xe0
[ 5627.590563]  [<ffffffff81652a5f>] skb_recv_datagram+0x3f/0x60
[ 5627.590563]  [<ffffffff81691679>] netlink_recvmsg+0x59/0x3d0
[ 5627.590563]  [<ffffffff813218d3>] ? selinux_socket_recvmsg+0x23/0x30
[ 5627.590563]  [<ffffffff8164320b>] sock_recvmsg+0x3b/0x50
[ 5627.590563]  [<ffffffff816441b3>] ___sys_recvmsg+0xe3/0x210
[ 5627.590563]  [<ffffffff811cf864>] ? free_pgtables+0xc4/0x120
[ 5627.590563]  [<ffffffff811cf1bc>] ? tlb_finish_mmu+0x1c/0x50
[ 5627.590563]  [<ffffffff813a77b2>] ? lockref_put_or_lock+0x62/0x80
[ 5627.590563]  [<ffffffff81644e07>] __sys_recvmsg+0x57/0xa0
[ 5627.590563]  [<ffffffff81644e62>] SyS_recvmsg+0x12/0x20
[ 5627.590563]  [<ffffffff81776fee>] entry_SYSCALL_64_fastpath+0x12/0x71
[ 5627.590563] Code: ff e9 a5 fc ff ff 41 83 ad a8 00 00 00 01 48 89 c1 49 8b 17 49 8b 47 08 49 c7 07 00 00 00 00 49 c7 47 08 00 00 00 00 48 89 42 08 <48> 89 10 e9 50 fd ff ff 31 c0 87 87 b0 01 00 00 f7 d8 0f 84 1c 
[ 5627.590563] RIP  [<ffffffff8165288d>] __skb_recv_datagram+0x41d/0x5b0
[ 5627.590563]  RSP <ffff88012a0a3b78>
[ 5627.590563] CR2: 0000000000000000
[ 5627.590563] ---[ end trace fbdfaaf2856a64e0 ]---
Comment 1 Josh Boyer 2015-08-24 08:42:04 EDT
Please try the -rc7 or -rc8 builds
Comment 2 Alexander Todorov 2015-08-25 07:07:51 EDT
Not seeing this with -rc7
Comment 3 Alexander Todorov 2015-08-25 14:52:06 EDT
Same hardware but likely different problem. Also less frequently reproducable:


[29848.204001] NMI watchdog: BUG: soft lockup - CPU#5 stuck for 23s! [qemu-system-x86:4254]
[29848.204001] Modules linked in: nls_utf8 isofs loop xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables iTCO_wdt ipmi_ssif kvm_intel iTCO_vendor_support gpio_ich kvm ipmi_si lpc_ich i5000_edac hpwdt edac_core i5k_amb ipmi_msghandler shpchp hpilo acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc amdkfd amd_iommu_v2 radeon hpsa i2c_algo_bit drm_kms_helper e1000e tg3 ttm drm serio_raw ptp bnx2 cciss pps_core
[29848.204001] CPU: 5 PID: 4254 Comm: qemu-system-x86 Tainted: G        W    L  4.2.0-0.rc7.git4.1.fc24.x86_64 #1
[29848.204001] Hardware name: HP ProLiant BL480c G1, BIOS I14 10/04/2007
[29848.204001] task: ffff8800c9013200 ti: ffff8800c9f48000 task.ti: ffff8800c9f48000
[29848.204001] RIP: 0010:[<ffffffff8111abe3>]  [<ffffffff8111abe3>] smp_call_function_many+0x1f3/0x250
[29848.204001] RSP: 0018:ffff8800c9f4bc88  EFLAGS: 00000202
[29848.204001] RAX: 0000000000000003 RBX: ffff8800c9f4bcd8 RCX: 0000000000000000
[29848.204001] RDX: ffff88012fa1a9b8 RSI: 0000000000000008 RDI: ffff88012f406c00
[29848.204001] RBP: ffff8800c9f4bcc8 R08: 0000000000000000 R09: 0000000000000089
[29848.204001] R10: ffffffff81399529 R11: ffffffff813994b4 R12: ffff8800c9f4bc58
[29848.204001] R13: ffff8800c9f4bc28 R14: ffffffff813994b4 R15: ffff8800c9f4bbf8
[29848.204001] FS:  00007f183cffd700(0000) GS:ffff88012fb40000(0000) knlGS:0000000000000000
[29848.204001] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[29848.204001] CR2: 0000000000c97ada CR3: 0000000017f9d000 CR4: 00000000000026e0
[29848.204001] Stack:
[29848.204001]  0000000000000005 01ffea0000000001 ffff8800c9f4bd98 ffff88012a037800
[29848.204001]  000055873d8ca000 000055873d8ce000 ffff88012a037b58 0000000000000004
[29848.204001]  ffff8800c9f4bd18 ffffffff8106c78e ffff88012a037800 000055873d8ca000
[29848.204001] Call Trace:
[29848.204001]  [<ffffffff8106c78e>] native_flush_tlb_others+0xae/0xc0
[29848.204001]  [<ffffffff8106c8b5>] flush_tlb_mm_range+0x65/0x150
[29848.204001]  [<ffffffff811ce55c>] tlb_flush_mmu_tlbonly+0x6c/0xd0
[29848.204001]  [<ffffffff811cf2a4>] tlb_finish_mmu+0x14/0x50
[29848.204001]  [<ffffffff811d0fbc>] zap_page_range+0xdc/0x130
[29848.204001]  [<ffffffff81365b70>] ? bio_free+0x50/0x60
[29848.204001]  [<ffffffff811e42f1>] SyS_madvise+0x3f1/0x7c0
[29848.204001]  [<ffffffff81776f2e>] entry_SYSCALL_64_fastpath+0x12/0x71
[29848.204001] Code: 63 d2 e8 21 31 29 00 3b 05 4f 49 c1 00 89 c1 0f 8d 9a fe ff ff 48 98 49 8b 16 48 03 14 c5 c0 ac d2 81 8b 42 18 a8 01 74 c8 f3 90 <8b> 42 18 a8 01 75 f7 eb bd 0f b6 4d c8 4c 89 ea 4c 89 e6 44 89

Note You need to log in before you can comment on or make changes to this bug.