Bug 432677 - [RHEL5 RT] kernel-rt BUG: unable to handle kernel NULL pointer dereference.....EIP is at pick_next_task_fair
[RHEL5 RT] kernel-rt BUG: unable to handle kernel NULL pointer dereference......
Status: CLOSED NOTABUG
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: realtime-kernel (Show other bugs)
1.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Peter Zijlstra
http://rhts.redhat.com/testlogs/15393...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-13 14:36 EST by Jeff Burke
Modified: 2014-08-11 01:40 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-27 18:12:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jeff Burke 2008-02-13 14:36:50 EST
Description of problem:
 While running the Kernel Tier 1 tests for the RT kernel we hit apanic while
running the /CoreOS/super-smack test suite. This was on host
ibm-zeus-01.rhts.boston.redhat.com i386 arch

Version-Release number of selected component (if applicable):
 2.6.24.1-24.el5rt

How reproducible:
 Intermittent

Steps to Reproduce:
1. Install RHEL5-U1 then the RT kernel
2. Run the /CoreOS/super-smack test
  
Actual results:
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000040
printing eip: c02211b0 *pdpt = 000000003541e001 *pde = 0000000000000000 
stopped custom tracer.
Oops: 0000 [#1] PREEMPT SMP 
Modules linked in: nfs lockd nfs_acl autofs4 i2c_dev i2c_core hidp rfcomm l2cap
bluetooth sunrpc ipv6 dm_multipath raid1 video output sbs sbshc dock battery ac
parport_pc lp parport joydev sg ide_cd cdrom button serio_raw rtc_cmos rtc_core
rtc_lib pata_acpi pata_serverworks ata_generic tg3 sworks_agp pcspkr dm_snapshot
dm_zero dm_mirror dm_mod aic94xx libsas libata scsi_transport_sas sd_mod
scsi_mod raid0 ext3 jbd ehci_hcd ohci_hcd ssb uhci_hcd

Pid: 0, comm: swapper Not tainted (2.6.24.1-24.el5rt #1)
EIP: 0060:[<c02211b0>] EFLAGS: 00010046 CPU: 6
EIP is at pick_next_task_fair+0x22/0x31
EAX: c2c5c3b8 EBX: 00000000 ECX: c0452ae0 EDX: 00000000
ESI: f7880c70 EDI: 00000000 EBP: f7871ee4 ESP: f7871ee0
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 preempt:00000003
Process swapper (pid: 0, ti=f7871000 task=f7880c70 task.ti=f7871000)
Stack: 00000006 f7871f8c c044700a c02408d7 00000000 7ee45897 00000046 19b40ae6 
       00001d15 f7880c70 f7880e18 c2c5c380 00000006 e540f940 00000000 c023090f 
       f7871f38 c02197b3 c0217239 0001c71b 00000000 00000000 f7871f84 c0204b6c 
Call Trace:
 [<c0205081>] show_trace_log_lvl+0x1a/0x2f
 [<c0205136>] show_stack_log_lvl+0xa0/0xad
 [<c02051f3>] show_registers+0xb0/0x1b4
 [<c020540d>] die+0x116/0x1fa
 [<c044a70b>] do_page_fault+0x6ee/0x7d4
 [<c0448b72>] error_code+0x72/0x78
 [<c044700a>] __schedule+0x3b1/0x7a7
 [<c02025ce>] cpu_idle+0xc5/0xd5
 [<c0218475>] start_secondary+0x178/0x17e
 [<00000000>] 0x0
 =======================
Code: 5b 38 85 db 75 ef 5b 5d c3 55 83 c0 38 89 e5 31 d2 53 83 78 08 00 74 1d 8b
50 20 31 db 85 d2 74 0a 8d 5a f8 89 da e8 7f ff ff ff <8b> 43 40 85 c0 75 e6 8d
53 cc 5b 89 d0 5d c3 55 89 e5 56 89 d6 
EIP: [<c02211b0>] pick_next_task_fair+0x22/0x31 SS:ESP 0068:f7871ee0

Expected results:
 This should work as expected

Additional info:
Comment 1 Jeff Burke 2008-02-15 11:19:27 EST
This has been reproduced on hp-dl360g5-02.rhts.boston.redhat.com but the trace
back is a little different.

Unable to handle kernel NULL pointer dereference at 0000000000000060 RIP: 
 [<ffffffff80231807>] pick_next_task_fair+0x2d/0x3f
PGD 3d5c1067 PUD 3e029067 PMD 0 
Oops: 0000 [1] PREEMPT SMP 
CPU 7 
Modules linked in: nfs lockd nfs_acl autofs4 i2c_dev i2c_core hidp rfcomm l2cap
bluetooth sunrpc ipv6 dm_multipath video output sbs sbshc dock battery ac
parport_pc lp parport bnx2 serio_raw button ipmi_si ipmi_msghandler iTCO_wdt
iTCO_vendor_support pata_acpi ata_generic pcspkr i5000_edac shpchp edac_core
dm_snapshot dm_zero dm_mirror dm_mod ata_piix libata cciss sd_mod scsi_mod ext3
jbd ehci_hcd ohci_hcd ssb uhci_hcd
Pid: 0, comm: swapper Not tainted 2.6.24.1-24.el5rt #1
RIP: 0010:[<ffffffff80231807>]  [<ffffffff80231807>] pick_next_task_fair+0x2d/0x3f
RSP: 0018:ffff81003f16bdf8  EFLAGS: 00010046
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000bb577a94
RDX: ffff81003f166b10 RSI: ffff81003f166b10 RDI: ffff8100010817e0
RBP: ffff81003f16be08 R08: 0000000000000000 R09: 000000000000003c
R10: ffff81000107e890 R11: ffff81003f16bed8 R12: 0000000000000007
R13: 00000000000000ff R14: ffff810001081780 R15: 0000000000000007
FS:  0000000000000000(0000) GS:ffff81003f0b4440(0000) knlGS:0000000000000000
CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000060 CR3: 000000003b8f1000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process swapper (pid: 0, threadinfo ffff81003f16a000, task ffff81003f166b10)
Stack:  00000000000000ff ffffffff8020ad4b ffff81003f16bee8 ffffffff804a4cbd
 ffffffff805f48b0 ffffffffffffff10 ffffffff80215f49 ffff81003f1492a0
 0000000000000246 ffff81003f166b10 ffff81003f16be88 ffff81003f166db0
Call Trace:
 [<ffffffff8020ad4b>] poll_idle+0x0/0x9
 [<ffffffff804a4cbd>] __schedule+0x43e/0x78d
 [<ffffffff80215f49>] mce_idle_callback+0x24/0x2a
 [<ffffffff8027dbc5>] __rcu_read_unlock+0x5a/0x5c
 [<ffffffff804a8edc>] __atomic_notifier_call_chain+0x44/0x53
 [<ffffffff8020ad4b>] poll_idle+0x0/0x9
 [<ffffffff8020ad4b>] poll_idle+0x0/0x9
 [<ffffffff8020aec0>] cpu_idle+0xdc/0xee
 [<ffffffff802210f2>] start_secondary+0x3d9/0x3e7

Code: 48 8b 7b 60 48 85 ff 75 e0 48 8d 43 b8 41 58 5b c9 c3 55 48 
RIP  [<ffffffff80231807>] pick_next_task_fair+0x2d/0x3f
 RSP <ffff81003f16bdf8>
CR2: 0000000000000060

http://rhts.redhat.com/cgi-bin/rhts/test_log.cgi?id=1964762
Comment 2 Clark Williams 2008-04-23 17:08:30 EDT
have we seen this bug with the 2.6.24.4-x series of kernels?

Clark
Comment 3 Clark Williams 2008-05-20 20:52:09 EDT
I'm tempted to close this one as NOTABUG, since we haven't seen it since February.
Comment 4 Clark Williams 2008-05-27 18:12:34 EDT
closing

Note You need to log in before you can comment on or make changes to this bug.