Bug 986978 - BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
Status: CLOSED WONTFIX
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: realtime-kernel (Show other bugs)
2.4
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Red Hat Real Time Maintenance
MRG Quality Engineering
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-22 10:26 EDT by John Kacur
Modified: 2015-04-10 15:17 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-04-10 15:17:26 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Kacur 2013-07-22 10:26:52 EDT
logger: 2013-07-21 02:00:25 /usr/bin/rhts-test-runner.sh 18938 12600 hearbeat...  
[12627.202911] Adding 65532k swap on ./swapfile01.  Priority:-2 extents:1 across:65532k  
[12630.035949] Adding 65532k swap on ./swapfile01.  Priority:-2 extents:1 across:65532k  
[12632.890859] Adding 65532k swap on ./swapfile01.  Priority:-2 extents:1 across:65532k  
[12633.053442] Unable to find swap-space signature 
[12633.170401] Adding 36k swap on alreadyused.  Priority:-2 extents:1 across:36k  
[12633.968170] warning: process `sysctl01' used the deprecated sysctl system call with 1.1. 
[12634.017294] warning: process `sysctl01' used the deprecated sysctl system call with 1.2. 
[12634.070475] warning: process `sysctl04' used the deprecated sysctl system call with  
logger: 2013-07-21 02:01:25 /usr/bin/rhts-test-runner.sh 18938 12660 hearbeat...  
logger: 2013-07-21 02:02:25 /usr/bin/rhts-test-runner.sh 18938 12720 hearbeat...  
logger: 2013-07-21 02:03:25 /usr/bin/rhts-test-runner.sh 18938 12780 hearbeat...  
[12830.443278] Process 29702(waitpid02) has RLIMIT_CORE set to 1 
[12830.477776] Aborting core 
logger: 2013-07-21 02:04:25 /usr/bin/rhts-test-runner.sh 18938 12840 hearbeat...  
[12850.086206] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 
[12850.086217] IP: [<ffffffff812a68b1>] rb_next+0x1/0x50 
[12850.086220] PGD 10171067 PUD 10172067 PMD 0  
[12850.086221] Thread overran stack, or stack corrupted 
[12850.086224] Oops: 0000 [#1] PREEMPT SMP  
[12850.086260] Modules linked in: ts_kmp nf_conntrack_ipv4 nf_defrag_ipv4 nls_koi8_u nls_cp932 arc4 ecb md4 nls_utf8 cifs nfsv4 auth_rpcgss nfsv3 nfs_acl nfsv2 nfs lockd bluetooth rfkill sunrpc ipv6 iTCO_wdt iTCO_vendor_support joydev microcode pcspkr serio_raw sg i2c_i801 lpc_ich tg3 ptp pps_core shpchp e752x_edac edac_core ext4 jbd2 mbcache sd_mod crc_t10dif sr_mod cdrom aic79xx scsi_transport_spi pata_acpi ata_generic ata_piix floppy radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core dm_mirror dm_region_hash dm_log dm_mod [last unloaded: rmd128] 
[12850.086265] CPU 2  
[12850.086266] Pid: 30085, comm: expr Not tainted 3.8.13-rt14.17.el6rt.x86_64.debug #1 IBM eserver xSeries 346 -[8840D2Z]-/ 
[12850.086270] RIP: 0010:[<ffffffff812a68b1>]  [<ffffffff812a68b1>] rb_next+0x1/0x50 
[12850.086272] RSP: 0000:ffff880026b33e78  EFLAGS: 00010046 
[12850.086273] RAX: 0000000000000000 RBX: ffff88003e010080 RCX: 0000000000000000 
[12850.086274] RDX: fffffffffffffff0 RSI: 0000000000000001 RDI: 0000000000000010 
[12850.086275] RBP: ffff880026b33eb8 R08: 0000000000000001 R09: 0000000000000004 
[12850.086276] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000000 
[12850.086277] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000001 
[12850.086279] FS:  00007ff6d8ddb700(0000) GS:ffff88003de00000(0000) knlGS:0000000000000000 
[12850.086280] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b 
[12850.086282] CR2: 0000000000000010 CR3: 000000003e5d1000 CR4: 00000000000007e0 
[12850.086283] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 
[12850.086285] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 
[12850.086286] Process expr (pid: 30085, threadinfo ffff880026b34000, task ffff88001af84840) 
[12850.086287] Stack: 
[12850.086291]  ffff880026b33eb8 ffffffff8108de59 ffff880026b33eb8 ffffffff8108e904 
[12850.086294]  ffff88003e010080 0000000000000002 ffff88001af84c00 ffff88003ffc9100 
[12850.086297]  ffff880026b33f48 ffffffff815a7c64 0000000000000002 0000000000000000 
[12850.086298] Call Trace: 
[12850.086324] Code: 10 48 85 d2 75 f4 c9 c3 66 90 48 8b 07 55 48 89 e5 48 85 c0 75 07 eb 0e 66 90 48 89 d0 48 8b 50 08 48 85 d2 75 f4 c9 c3 66 90 55 <48> 8b 17 31 c0 48 89 e5 48 39 d7 74 1e 48 8b 47 08 48 85 c0 75  
[12850.086327] RIP  [<ffffffff812a68b1>] rb_next+0x1/0x50 
[12850.086328]  RSP <ffff880026b33e78> 
[12850.086329] CR2: 0000000000000010 
[12850.086428] ------------[ cut here ]------------ 
[12850.086431] kernel BUG at kernel/rtmutex.c:737! 
[12850.086435] invalid opcode: 0000 [#2] PREEMPT SMP  
[12850.086483] Modules linked in: ts_kmp nf_conntrack_ipv4 nf_defrag_ipv4 nls_koi8_u nls_cp932 arc4 ecb md4 nls_utf8 cifs nfsv4 auth_rpcgss nfsv3 nfs_acl nfsv2 nfs lockd bluetooth rfkill sunrpc ipv6 iTCO_wdt iTCO_vendor_support joydev microcode pcspkr serio_raw sg i2c_i801 lpc_ich tg3 ptp pps_core shpchp e752x_edac edac_core ext4 jbd2 mbcache sd_mod crc_t10dif sr_mod cdrom aic79xx scsi_transport_spi pata_acpi ata_generic ata_piix floppy radeon ttm drm_kms_helper drm hwmon i2c_algo_bit i2c_core dm_mirror dm_region_hash dm_log dm_mod [last unloaded: rmd128] 
[12850.086488] CPU 2  
[12850.086489] Pid: 30085, comm: expr Not tainted 3.8.13-rt14.17.el6rt.x86_64.debug #1 IBM eserver xSeries 346 -[8840D2Z]-/ 
[12850.086497] RIP: 0010:[<ffffffff815a906f>]  [<ffffffff815a906f>] rt_spin_lock_slowlock+0x2bf/0x2f0 
[12850.086499] RSP: 0000:ffff880026b33168  EFLAGS: 00010246 
[12850.086501] RAX: ffff88001af84840 RBX: ffff88003e00b4a0 RCX: 0000000000000001 
[12850.086502] RDX: 0000000000000000 RSI: ffff88001af84840 RDI: ffff88003e00b4a0 
[12850.086504] RBP: ffff880026b33248 R08: 0000000000000000 R09: 0000000000000000 
[12850.086505] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000010 
[12850.086507] R13: ffff880026b33198 R14: ffff88003ffc9100 R15: ffff88001af84840 
[12850.086510] FS:  00007ff6d8ddb700(0000) GS:ffff88003de00000(0000) knlGS:0000000000000000 
[12850.086511] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b 
[12850.086513] CR2: 0000000000000010 CR3: 000000003e5d1000 CR4: 00000000000007e0 
[12850.086515] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 
[12850.086517] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 
[12850.086519] Process expr (pid: 30085, threadinfo ffff880026b34000, task ffff88001af84840) 
[12850.086520] Stack: 
[12850.086525]  6161616161616161 6161616161616161 6161616161616161 6161616161616161 
[12850.086529]  6161616161616161 6161616161616161 111111110000008c ffff880026b331a0 
[12850.086534]  ffff880026b331a0 ffff880026b331b0 ffff880026b331b0 111111110000008c 
[12850.086535] Call Trace: 
[12850.086577] Code: 68 12 00 00 eb d1 48 83 63 58 fe eb a9 be 4a 00 00 00 48 c7 c7 5e ca 7d 81 e8 5e 01 aa ff 4c 8b 63 48 e9 7c fe ff ff 0f 0b eb fe <0f> 0b eb fe 0f 0b 66 66 2e 0f 1f 84 00 00 00 00 00 eb f3 48 8d  
[12850.086582] RIP  [<ffffffff815a906f>] rt_spin_lock_slowlock+0x2bf/0x2f0 
[12850.086583]  RSP <ffff880026b33168> 
[-- MARK -- Sun Jul 21 06:05:00 2013] 
[-- MARK -- Sun Jul 21 06:10:00 2013]
Comment 2 Steven Rostedt 2013-07-23 11:29:28 EDT
[12850.086272] RSP: 0000:ffff880026b33e78
[12850.086286] Process expr (pid: 30085, threadinfo ffff880026b34000

0xffff880026b34000 - 0xffff880026b33e78 = 0x182 (392)

When the crash happened, there was only 392 bytes left of the stack. The thread_info struct is around 94 bytes. This gives us a total of 392-94=298 bytes of stack space before things can get bad.

Now it is possible that there was a call to a function that used up that 298 bytes. Not 100% sure on that mind you. But if that happened, then it could cause this to crash.

Would be helpful to get more crash data, or a core dump.
Comment 3 Beth Uptagrafft 2015-04-10 15:17:26 EDT
This issue has not been updated in a while and is using an older, unsupported kernel. This BZ is being closed WONTFIX.

Note You need to log in before you can comment on or make changes to this bug.