Bug 982405

Summary: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
Product: [Fedora] Fedora Reporter: Seth Jennings <sethdjennings>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 19CC: gansalmon, igeorgex, itamar, jonathan, kernel-maint, madhu.chinakonda
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-10-08 17:05:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Seth Jennings 2013-07-08 23:44:13 UTC
Description of problem:

BUG under memory pressure

[   10.843261] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
[   10.844065] IP: [<ffffffff81131645>] __delete_from_page_cache+0x35/0x190
[   10.844065] PGD 506d8067 PUD 7b481067 PMD 0 
[   10.844065] Oops: 0000 [#1] SMP 
[   10.844065] Modules linked in: nf_conntrack_netbios_ns(F) nf_conntrack_broadcast(F) ipt_MASQUERADE(F) ip6table_nat(F) nf_nat_ipv6(F) ip6table_mangle(F) ip6t_REJECT(F) nf_conntrack_ipv6(F) nf_defrag_ipv6(F) iptable_nat(F) nf_nat_ipv4(F) nf_nat(F) iptable_mangle(F) nf_conntrack_ipv4(F) nf_defrag_ipv4(F) xt_conntrack(F) nf_conntrack(F) ebtable_filter(F) ebtables(F) ip6table_filter(F) ip6_tables(F) crc32c_intel(F) virtio_balloon(F) i2c_piix4(F) microcode(F) virtio_net(F) cirrus(F) drm_kms_helper(F) ttm(F) drm(F) virtio_blk(F) i2c_core(F)
[   10.844065] CPU: 0 PID: 732 Comm: memknobs Tainted: GF            3.10.0-1.fc19.x86_64 #1
[   10.844065] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
[   10.844065] task: ffff88007ba60000 ti: ffff880050688000 task.ti: ffff880050688000
[   10.844065] RIP: 0010:[<ffffffff81131645>]  [<ffffffff81131645>] __delete_from_page_cache+0x35/0x190
[   10.844065] RSP: 0018:ffff8800506897f0  EFLAGS: 00010046
[   10.844065] RAX: 0000000000000000 RBX: ffffea0000bacc40 RCX: ffff88007a032c00
[   10.844065] RDX: 0000000000000000 RSI: ffffea0000bacc40 RDI: ffffea0000bacc40
[   10.844065] RBP: ffff880050689808 R08: ffffea0000bacc60 R09: ffff880077aca378
[   10.844065] R10: 0000000000000001 R11: 0000000000000000 R12: ffffea0000bacc40
[   10.844065] R13: ffff88007a032c00 R14: ffffea0000bacc40 R15: 0000000000000001
[   10.844065] FS:  00007f5b54b6c740(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
[   10.844065] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   10.844065] CR2: 0000000000000028 CR3: 000000007bb23000 CR4: 00000000000006f0
[   10.844065] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   10.844065] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[   10.844065] Stack:
[   10.844065]  ffffea0000bacc40 ffff88007a032c00 0000000000000000 ffff880050689830
[   10.844065]  ffffffff811419fa ffff880050689b50 ffff880050689970 ffffea0000bacc60
[   10.844065]  ffff880050689918 ffffffff81142d52 ffff88007ba60000 ffff88007ba60000
[   10.844065] Call Trace:
[   10.844065]  [<ffffffff811419fa>] __remove_mapping+0x7a/0x130
[   10.844065]  [<ffffffff81142d52>] shrink_page_list+0x652/0x910
[   10.844065]  [<ffffffff811435bf>] shrink_inactive_list+0x14f/0x410
[   10.844065]  [<ffffffff81143dc1>] shrink_lruvec+0x201/0x4a0
[   10.844065]  [<ffffffff811440c6>] shrink_zone+0x66/0x1a0
[   10.844065]  [<ffffffff811445d0>] do_try_to_free_pages+0x110/0x610
[   10.844065]  [<ffffffff81144ba1>] try_to_free_pages+0xd1/0x170
[   10.844065]  [<ffffffff81139f88>] __alloc_pages_nodemask+0x698/0xa30
[   10.844065]  [<ffffffff81177eea>] alloc_pages_vma+0x9a/0x140
[   10.844065]  [<ffffffff8118a556>] do_huge_pmd_wp_page+0xf6/0xbf0
[   10.844065]  [<ffffffff8118b590>] ? do_huge_pmd_anonymous_page+0x3b0/0x4b0
[   10.844065]  [<ffffffff8115a396>] handle_mm_fault+0x186/0x660
[   10.844065]  [<ffffffff8164bca6>] __do_page_fault+0x146/0x510
[   10.844065]  [<ffffffff81041bdf>] ? pvclock_clocksource_read+0x3f/0xc0
[   10.844065]  [<ffffffff81040daf>] ? kvm_clock_get_cycles+0x1f/0x30
[   10.844065]  [<ffffffff810aeb6a>] ? __getnstimeofday+0x3a/0xc0
[   10.844065]  [<ffffffff8164c07e>] do_page_fault+0xe/0x10
[   10.844065]  [<ffffffff8164b78a>] do_async_page_fault+0x2a/0xa0
[   10.844065]  [<ffffffff81648748>] async_page_fault+0x28/0x30
[   10.844065] Code: 55 41 54 49 89 fc 53 4c 8b 6f 08 66 66 66 66 90 49 8b 04 24 a8 08 74 0f 49 8b 04 24 a9 00 00 02 00 0f 85 27 01 00 00 49 8b 45 00 <48> 8b 40 28 8b b0 a8 03 00 00 85 f6 78 0b 4c 89 e6 4c 89 ef e8 
[   10.844065] RIP  [<ffffffff81131645>] __delete_from_page_cache+0x35/0x190
[   10.844065]  RSP <ffff8800506897f0>
[   10.844065] CR2: 0000000000000028
[   10.844065] ---[ end trace b78d709d1746212c ]---

Version-Release number of selected component (if applicable):
kernel-3.10.0-1.fc19.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Create memory pressure (enough to trigger kswapd)
2. NULL deref BUG occurs

Additional info:
Running Koji built kernel RPM (http://koji.fedoraproject.org/koji/buildinfo?buildID=430716) on F19 GA in a KVM guest

=== WORKAROUND ===

The BUG does not occur on a vanilla v3.10 kernel.  I pulled on the patches out of SOURCES, pulled them into a git branch and did a git bisect which returned KVM-x86-handle-idiv-overflow-at-kvm_write_tsc.patch as injecting the issue.  I didn't see any direct correlation between the patch and the BUG.
This patch is also in the fedora 18/19 kernel series (https://bugzilla.redhat.com/show_bug.cgi?id=969644) , yet I don't see the problem with the latest 3.9.9-301.fc19.x86_64 kernel.

It seems that the issue is some interaction between this patch and 3.10.  I observed this BUG through all the 3.10 koji builds.

Comment 1 Seth Jennings 2013-07-09 00:47:14 UTC
I guess I should add that if I remove that patch from the build, the BUG does not happen.

Comment 2 JM 2013-08-19 09:28:15 UTC
I have the same problem with a Fedora 18 guest and kernel kernel-3.10.6-100.fc18.x86_64.

Comment 3 Josh Boyer 2013-09-18 20:29:40 UTC
*********** MASS BUG UPDATE **************

We apologize for the inconvenience.  There is a large number of bugs to go through and several of them have gone stale.  Due to this, we are doing a mass bug update across all of the Fedora 19 kernel bugs.

Fedora 19 has now been rebased to 3.11.1-200.fc19.  Please test this kernel update and let us know if you issue has been resolved or if it is still present with the newer kernel.

If you experience different issues, please open a new bug report for those.

Comment 4 Josh Boyer 2013-10-08 17:05:28 UTC
This bug is being closed with INSUFFICIENT_DATA as there has not been a response in 2 weeks. If you are still experiencing this issue, please reopen and attach the relevant data from the latest kernel you are running and any data that might have been requested previously.