Red Hat Bugzilla – Bug 432677
[RHEL5 RT] kernel-rt BUG: unable to handle kernel NULL pointer dereference.....EIP is at pick_next_task_fair
Last modified: 2014-08-11 01:40:43 EDT
Description of problem: While running the Kernel Tier 1 tests for the RT kernel we hit apanic while running the /CoreOS/super-smack test suite. This was on host ibm-zeus-01.rhts.boston.redhat.com i386 arch Version-Release number of selected component (if applicable): 2.6.24.1-24.el5rt How reproducible: Intermittent Steps to Reproduce: 1. Install RHEL5-U1 then the RT kernel 2. Run the /CoreOS/super-smack test Actual results: BUG: unable to handle kernel NULL pointer dereference at virtual address 00000040 printing eip: c02211b0 *pdpt = 000000003541e001 *pde = 0000000000000000 stopped custom tracer. Oops: 0000 [#1] PREEMPT SMP Modules linked in: nfs lockd nfs_acl autofs4 i2c_dev i2c_core hidp rfcomm l2cap bluetooth sunrpc ipv6 dm_multipath raid1 video output sbs sbshc dock battery ac parport_pc lp parport joydev sg ide_cd cdrom button serio_raw rtc_cmos rtc_core rtc_lib pata_acpi pata_serverworks ata_generic tg3 sworks_agp pcspkr dm_snapshot dm_zero dm_mirror dm_mod aic94xx libsas libata scsi_transport_sas sd_mod scsi_mod raid0 ext3 jbd ehci_hcd ohci_hcd ssb uhci_hcd Pid: 0, comm: swapper Not tainted (2.6.24.1-24.el5rt #1) EIP: 0060:[<c02211b0>] EFLAGS: 00010046 CPU: 6 EIP is at pick_next_task_fair+0x22/0x31 EAX: c2c5c3b8 EBX: 00000000 ECX: c0452ae0 EDX: 00000000 ESI: f7880c70 EDI: 00000000 EBP: f7871ee4 ESP: f7871ee0 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 preempt:00000003 Process swapper (pid: 0, ti=f7871000 task=f7880c70 task.ti=f7871000) Stack: 00000006 f7871f8c c044700a c02408d7 00000000 7ee45897 00000046 19b40ae6 00001d15 f7880c70 f7880e18 c2c5c380 00000006 e540f940 00000000 c023090f f7871f38 c02197b3 c0217239 0001c71b 00000000 00000000 f7871f84 c0204b6c Call Trace: [<c0205081>] show_trace_log_lvl+0x1a/0x2f [<c0205136>] show_stack_log_lvl+0xa0/0xad [<c02051f3>] show_registers+0xb0/0x1b4 [<c020540d>] die+0x116/0x1fa [<c044a70b>] do_page_fault+0x6ee/0x7d4 [<c0448b72>] error_code+0x72/0x78 [<c044700a>] __schedule+0x3b1/0x7a7 [<c02025ce>] cpu_idle+0xc5/0xd5 [<c0218475>] start_secondary+0x178/0x17e [<00000000>] 0x0 ======================= Code: 5b 38 85 db 75 ef 5b 5d c3 55 83 c0 38 89 e5 31 d2 53 83 78 08 00 74 1d 8b 50 20 31 db 85 d2 74 0a 8d 5a f8 89 da e8 7f ff ff ff <8b> 43 40 85 c0 75 e6 8d 53 cc 5b 89 d0 5d c3 55 89 e5 56 89 d6 EIP: [<c02211b0>] pick_next_task_fair+0x22/0x31 SS:ESP 0068:f7871ee0 Expected results: This should work as expected Additional info:
This has been reproduced on hp-dl360g5-02.rhts.boston.redhat.com but the trace back is a little different. Unable to handle kernel NULL pointer dereference at 0000000000000060 RIP: [<ffffffff80231807>] pick_next_task_fair+0x2d/0x3f PGD 3d5c1067 PUD 3e029067 PMD 0 Oops: 0000 [1] PREEMPT SMP CPU 7 Modules linked in: nfs lockd nfs_acl autofs4 i2c_dev i2c_core hidp rfcomm l2cap bluetooth sunrpc ipv6 dm_multipath video output sbs sbshc dock battery ac parport_pc lp parport bnx2 serio_raw button ipmi_si ipmi_msghandler iTCO_wdt iTCO_vendor_support pata_acpi ata_generic pcspkr i5000_edac shpchp edac_core dm_snapshot dm_zero dm_mirror dm_mod ata_piix libata cciss sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd ssb uhci_hcd Pid: 0, comm: swapper Not tainted 2.6.24.1-24.el5rt #1 RIP: 0010:[<ffffffff80231807>] [<ffffffff80231807>] pick_next_task_fair+0x2d/0x3f RSP: 0018:ffff81003f16bdf8 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000bb577a94 RDX: ffff81003f166b10 RSI: ffff81003f166b10 RDI: ffff8100010817e0 RBP: ffff81003f16be08 R08: 0000000000000000 R09: 000000000000003c R10: ffff81000107e890 R11: ffff81003f16bed8 R12: 0000000000000007 R13: 00000000000000ff R14: ffff810001081780 R15: 0000000000000007 FS: 0000000000000000(0000) GS:ffff81003f0b4440(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: 0000000000000060 CR3: 000000003b8f1000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process swapper (pid: 0, threadinfo ffff81003f16a000, task ffff81003f166b10) Stack: 00000000000000ff ffffffff8020ad4b ffff81003f16bee8 ffffffff804a4cbd ffffffff805f48b0 ffffffffffffff10 ffffffff80215f49 ffff81003f1492a0 0000000000000246 ffff81003f166b10 ffff81003f16be88 ffff81003f166db0 Call Trace: [<ffffffff8020ad4b>] poll_idle+0x0/0x9 [<ffffffff804a4cbd>] __schedule+0x43e/0x78d [<ffffffff80215f49>] mce_idle_callback+0x24/0x2a [<ffffffff8027dbc5>] __rcu_read_unlock+0x5a/0x5c [<ffffffff804a8edc>] __atomic_notifier_call_chain+0x44/0x53 [<ffffffff8020ad4b>] poll_idle+0x0/0x9 [<ffffffff8020ad4b>] poll_idle+0x0/0x9 [<ffffffff8020aec0>] cpu_idle+0xdc/0xee [<ffffffff802210f2>] start_secondary+0x3d9/0x3e7 Code: 48 8b 7b 60 48 85 ff 75 e0 48 8d 43 b8 41 58 5b c9 c3 55 48 RIP [<ffffffff80231807>] pick_next_task_fair+0x2d/0x3f RSP <ffff81003f16bdf8> CR2: 0000000000000060 http://rhts.redhat.com/cgi-bin/rhts/test_log.cgi?id=1964762
have we seen this bug with the 2.6.24.4-x series of kernels? Clark
I'm tempted to close this one as NOTABUG, since we haven't seen it since February.
closing