Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 982405 - BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
Summary: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 19
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-08 23:44 UTC by Seth Jennings
Modified: 2013-10-08 17:05 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-10-08 17:05:28 UTC
Type: Bug


Attachments (Terms of Use)

Description Seth Jennings 2013-07-08 23:44:13 UTC
Description of problem:

BUG under memory pressure

[   10.843261] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
[   10.844065] IP: [<ffffffff81131645>] __delete_from_page_cache+0x35/0x190
[   10.844065] PGD 506d8067 PUD 7b481067 PMD 0 
[   10.844065] Oops: 0000 [#1] SMP 
[   10.844065] Modules linked in: nf_conntrack_netbios_ns(F) nf_conntrack_broadcast(F) ipt_MASQUERADE(F) ip6table_nat(F) nf_nat_ipv6(F) ip6table_mangle(F) ip6t_REJECT(F) nf_conntrack_ipv6(F) nf_defrag_ipv6(F) iptable_nat(F) nf_nat_ipv4(F) nf_nat(F) iptable_mangle(F) nf_conntrack_ipv4(F) nf_defrag_ipv4(F) xt_conntrack(F) nf_conntrack(F) ebtable_filter(F) ebtables(F) ip6table_filter(F) ip6_tables(F) crc32c_intel(F) virtio_balloon(F) i2c_piix4(F) microcode(F) virtio_net(F) cirrus(F) drm_kms_helper(F) ttm(F) drm(F) virtio_blk(F) i2c_core(F)
[   10.844065] CPU: 0 PID: 732 Comm: memknobs Tainted: GF            3.10.0-1.fc19.x86_64 #1
[   10.844065] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
[   10.844065] task: ffff88007ba60000 ti: ffff880050688000 task.ti: ffff880050688000
[   10.844065] RIP: 0010:[<ffffffff81131645>]  [<ffffffff81131645>] __delete_from_page_cache+0x35/0x190
[   10.844065] RSP: 0018:ffff8800506897f0  EFLAGS: 00010046
[   10.844065] RAX: 0000000000000000 RBX: ffffea0000bacc40 RCX: ffff88007a032c00
[   10.844065] RDX: 0000000000000000 RSI: ffffea0000bacc40 RDI: ffffea0000bacc40
[   10.844065] RBP: ffff880050689808 R08: ffffea0000bacc60 R09: ffff880077aca378
[   10.844065] R10: 0000000000000001 R11: 0000000000000000 R12: ffffea0000bacc40
[   10.844065] R13: ffff88007a032c00 R14: ffffea0000bacc40 R15: 0000000000000001
[   10.844065] FS:  00007f5b54b6c740(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
[   10.844065] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   10.844065] CR2: 0000000000000028 CR3: 000000007bb23000 CR4: 00000000000006f0
[   10.844065] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   10.844065] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[   10.844065] Stack:
[   10.844065]  ffffea0000bacc40 ffff88007a032c00 0000000000000000 ffff880050689830
[   10.844065]  ffffffff811419fa ffff880050689b50 ffff880050689970 ffffea0000bacc60
[   10.844065]  ffff880050689918 ffffffff81142d52 ffff88007ba60000 ffff88007ba60000
[   10.844065] Call Trace:
[   10.844065]  [<ffffffff811419fa>] __remove_mapping+0x7a/0x130
[   10.844065]  [<ffffffff81142d52>] shrink_page_list+0x652/0x910
[   10.844065]  [<ffffffff811435bf>] shrink_inactive_list+0x14f/0x410
[   10.844065]  [<ffffffff81143dc1>] shrink_lruvec+0x201/0x4a0
[   10.844065]  [<ffffffff811440c6>] shrink_zone+0x66/0x1a0
[   10.844065]  [<ffffffff811445d0>] do_try_to_free_pages+0x110/0x610
[   10.844065]  [<ffffffff81144ba1>] try_to_free_pages+0xd1/0x170
[   10.844065]  [<ffffffff81139f88>] __alloc_pages_nodemask+0x698/0xa30
[   10.844065]  [<ffffffff81177eea>] alloc_pages_vma+0x9a/0x140
[   10.844065]  [<ffffffff8118a556>] do_huge_pmd_wp_page+0xf6/0xbf0
[   10.844065]  [<ffffffff8118b590>] ? do_huge_pmd_anonymous_page+0x3b0/0x4b0
[   10.844065]  [<ffffffff8115a396>] handle_mm_fault+0x186/0x660
[   10.844065]  [<ffffffff8164bca6>] __do_page_fault+0x146/0x510
[   10.844065]  [<ffffffff81041bdf>] ? pvclock_clocksource_read+0x3f/0xc0
[   10.844065]  [<ffffffff81040daf>] ? kvm_clock_get_cycles+0x1f/0x30
[   10.844065]  [<ffffffff810aeb6a>] ? __getnstimeofday+0x3a/0xc0
[   10.844065]  [<ffffffff8164c07e>] do_page_fault+0xe/0x10
[   10.844065]  [<ffffffff8164b78a>] do_async_page_fault+0x2a/0xa0
[   10.844065]  [<ffffffff81648748>] async_page_fault+0x28/0x30
[   10.844065] Code: 55 41 54 49 89 fc 53 4c 8b 6f 08 66 66 66 66 90 49 8b 04 24 a8 08 74 0f 49 8b 04 24 a9 00 00 02 00 0f 85 27 01 00 00 49 8b 45 00 <48> 8b 40 28 8b b0 a8 03 00 00 85 f6 78 0b 4c 89 e6 4c 89 ef e8 
[   10.844065] RIP  [<ffffffff81131645>] __delete_from_page_cache+0x35/0x190
[   10.844065]  RSP <ffff8800506897f0>
[   10.844065] CR2: 0000000000000028
[   10.844065] ---[ end trace b78d709d1746212c ]---

Version-Release number of selected component (if applicable):
kernel-3.10.0-1.fc19.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Create memory pressure (enough to trigger kswapd)
2. NULL deref BUG occurs

Additional info:
Running Koji built kernel RPM (http://koji.fedoraproject.org/koji/buildinfo?buildID=430716) on F19 GA in a KVM guest

=== WORKAROUND ===

The BUG does not occur on a vanilla v3.10 kernel.  I pulled on the patches out of SOURCES, pulled them into a git branch and did a git bisect which returned KVM-x86-handle-idiv-overflow-at-kvm_write_tsc.patch as injecting the issue.  I didn't see any direct correlation between the patch and the BUG.
This patch is also in the fedora 18/19 kernel series (https://bugzilla.redhat.com/show_bug.cgi?id=969644) , yet I don't see the problem with the latest 3.9.9-301.fc19.x86_64 kernel.

It seems that the issue is some interaction between this patch and 3.10.  I observed this BUG through all the 3.10 koji builds.

Comment 1 Seth Jennings 2013-07-09 00:47:14 UTC
I guess I should add that if I remove that patch from the build, the BUG does not happen.

Comment 2 JM 2013-08-19 09:28:15 UTC
I have the same problem with a Fedora 18 guest and kernel kernel-3.10.6-100.fc18.x86_64.

Comment 3 Josh Boyer 2013-09-18 20:29:40 UTC
*********** MASS BUG UPDATE **************

We apologize for the inconvenience.  There is a large number of bugs to go through and several of them have gone stale.  Due to this, we are doing a mass bug update across all of the Fedora 19 kernel bugs.

Fedora 19 has now been rebased to 3.11.1-200.fc19.  Please test this kernel update and let us know if you issue has been resolved or if it is still present with the newer kernel.

If you experience different issues, please open a new bug report for those.

Comment 4 Josh Boyer 2013-10-08 17:05:28 UTC
This bug is being closed with INSUFFICIENT_DATA as there has not been a response in 2 weeks. If you are still experiencing this issue, please reopen and attach the relevant data from the latest kernel you are running and any data that might have been requested previously.


Note You need to log in before you can comment on or make changes to this bug.