From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ot0-f199.google.com (mail-ot0-f199.google.com [74.125.82.199]) by kanga.kvack.org (Postfix) with ESMTP id 8CC526B0038 for ; Thu, 18 Jan 2018 17:18:24 -0500 (EST) Received: by mail-ot0-f199.google.com with SMTP id s7so6138868oth.5 for ; Thu, 18 Jan 2018 14:18:24 -0800 (PST) Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41]) by mx.google.com with SMTPS id g65sor2273097oic.300.2018.01.18.14.18.23 for (Google Transport Security); Thu, 18 Jan 2018 14:18:23 -0800 (PST) Subject: Re: [Bug 198497] New: handle_mm_fault / xen_pmd_val / radix_tree_lookup_slot Null pointer References: <20180118135518.639141f0b0ea8bb047ab6306@linux-foundation.org> From: Laura Abbott Message-ID: <7ba7635e-249a-9071-75bb-7874506bd2b2@redhat.com> Date: Thu, 18 Jan 2018 14:18:20 -0800 MIME-Version: 1.0 In-Reply-To: <20180118135518.639141f0b0ea8bb047ab6306@linux-foundation.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org List-ID: To: Andrew Morton , linux-mm@kvack.org Cc: bugzilla-daemon@bugzilla.kernel.org, Matthew Wilcox , peter@rimuhosting.com On 01/18/2018 01:55 PM, Andrew Morton wrote: > > (switched to email. Please respond via emailed reply-to-all, not via the > bugzilla web interface). > > > On Thu, 18 Jan 2018 01:21:56 +0000 bugzilla-daemon@bugzilla.kernel.org wrote: > >> https://bugzilla.kernel.org/show_bug.cgi?id=198497 >> >> Bug ID: 198497 >> Summary: handle_mm_fault / xen_pmd_val / radix_tree_lookup_slot >> Null pointer >> Product: Memory Management >> Version: 2.5 >> Kernel Version: Linux app1.vpsgate.com >> 4.14.13-rh10-20180115190010.xenU.i386 #1 SMP Mon Jan >> 15 19:04:55 UTC 2018 i686 GNU/Linux >> Hardware: Intel >> OS: Linux >> Tree: Mainline >> Status: NEW >> Severity: high >> Priority: P1 >> Component: Page Allocator >> Assignee: akpm@linux-foundation.org >> Reporter: peter@rimuhosting.com >> Regression: No > > Does this look familiar to anyone? > Fedora has been seeing similar reports https://bugzilla.redhat.com/show_bug.cgi?id=1531779 Multiple reporters, one in XEN, another on actual hardware >> On a Xen VM running as pvh >> >> [ 3.499843] Adding 131068k swap on /dev/xvda9. Priority:-2 extents:1 >> across:131068k SSFS >> [ 3.547312] EXT4-fs (xvda1): re-mounted. Opts: (null) >> [ 3.988606] EXT4-fs (xvda1): re-mounted. Opts: errors=remount-ro >> [ 24.647744] BUG: unable to handle kernel NULL pointer dereference at >> 00000008 >> [ 24.647801] IP: __radix_tree_lookup+0x14/0xa0 >> [ 24.647811] *pdpt = 00000000253d6027 *pde = 0000000000000000 >> [ 24.647828] Oops: 0000 [#1] SMP >> [ 24.647842] CPU: 5 PID: 3600 Comm: java Not tainted >> 4.14.13-rh10-20180115190010.xenU.i386 #1 >> [ 24.647855] task: e52518c0 task.stack: e4e7a000 >> [ 24.647866] EIP: __radix_tree_lookup+0x14/0xa0 >> [ 24.647876] EFLAGS: 00010286 CPU: 5 >> [ 24.647884] EAX: 00000004 EBX: 00000007 ECX: 00000000 EDX: 00000000 >> [ 24.647895] ESI: 00000000 EDI: 00000000 EBP: e4e7bdb8 ESP: e4e7bda0 >> [ 24.647904] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0069 >> [ 24.647917] CR0: 80050033 CR2: 00000008 CR3: 25360000 CR4: 00002660 >> [ 24.647930] Call Trace: >> [ 24.647942] radix_tree_lookup_slot+0x13/0x30 >> [ 24.647955] find_get_entry+0x1d/0x120 >> [ 24.647963] pagecache_get_page+0x1f/0x230 >> [ 24.647975] lookup_swap_cache+0x42/0x140 >> [ 24.647983] swap_readahead_detect+0x66/0x2e0 >> [ 24.647993] do_swap_page+0x1fa/0x860 >> [ 24.648010] ? __raw_callee_save___pv_queued_spin_unlock+0x9/0x10 >> [ 24.648026] ? xen_pmd_val+0x10/0x20 >> [ 24.648035] handle_mm_fault+0x6f8/0x1020 >> [ 24.648046] __do_page_fault+0x18a/0x450 >> [ 24.648055] ? vmalloc_sync_all+0x250/0x250 >> [ 24.648063] do_page_fault+0x21/0x30 >> [ 24.648074] common_exception+0x45/0x4a >> [ 24.648082] EIP: 0xb76d873e >> [ 24.648088] EFLAGS: 00010206 CPU: 5 >> [ 24.648096] EAX: 76a10000 EBX: 76a1cd14 ECX: 00000006 EDX: 00000006 >> [ 24.648105] ESI: 00000040 EDI: b796c380 EBP: 77881008 ESP: 77880ff8 >> [ 24.648115] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b >> [ 24.648124] Code: ff ff ff 00 47 03 e9 69 ff ff ff 8b 45 08 89 06 e9 1f ff >> ff ff 66 90 55 89 e5 57 89 d7 56 53 83 ec 0c 89 45 ec 89 4d e8 8b 45 ec <8b> 58 >> 04 89 d8 83 e0 03 48 89 5d f0 75 64 89 d8 83 e0 fe 0f b6 >> [ 24.648195] EIP: __radix_tree_lookup+0x14/0xa0 SS:ESP: 0069:e4e7bda0 >> [ 24.648205] CR2: 0000000000000008 >> [ 24.648273] ---[ end trace ed356e59f215ce07 ]--- >> [ 28.890326] BUG: unable to handle kernel NULL pointer dereference at >> 00000008 >> [ 28.890372] IP: __radix_tree_lookup+0x14/0xa0 >> [ 28.890382] *pdpt = 0000000025488027 *pde = 0000000000000000 >> [ 28.890396] Oops: 0000 [#2] SMP >> [ 28.890408] CPU: 7 PID: 3542 Comm: java Tainted: G D >> 4.14.13-rh10-20180115190010.xenU.i386 #1 >> [ 28.890423] task: e8691080 task.stack: e52a6000 >> [ 28.890433] EIP: __radix_tree_lookup+0x14/0xa0 >> [ 28.890442] EFLAGS: 00010286 CPU: 7 >> [ 28.890449] EAX: 00000004 EBX: 00000007 ECX: 00000000 EDX: 00000000 >> [ 28.890459] ESI: 00000000 EDI: 00000000 EBP: e52a7db8 ESP: e52a7da0 >> [ 28.890469] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0069 >> [ 28.890484] CR0: 80050033 CR2: 00000008 CR3: 25161000 CR4: 00002660 >> [ 28.890498] Call Trace: >> [ 28.890510] radix_tree_lookup_slot+0x13/0x30 >> [ 28.890522] find_get_entry+0x1d/0x120 >> [ 28.890531] pagecache_get_page+0x1f/0x230 >> [ 28.890541] lookup_swap_cache+0x42/0x140 >> [ 28.890550] swap_readahead_detect+0x66/0x2e0 >> [ 28.890559] do_swap_page+0x1fa/0x860 >> [ 28.890573] ? __raw_callee_save___pv_queued_spin_unlock+0x9/0x10 >> [ 28.890588] ? xen_pmd_val+0x10/0x20 >> [ 28.890597] handle_mm_fault+0x6f8/0x1020 >> [ 28.890607] __do_page_fault+0x18a/0x450 >> [ 28.890616] ? vmalloc_sync_all+0x250/0x250 >> [ 28.890681] do_page_fault+0x21/0x30 >> [ 28.890707] common_exception+0x45/0x4a >> [ 28.890715] EIP: 0xb779774f >> [ 28.890722] EFLAGS: 00010202 CPU: 7 >> [ 28.890730] EAX: 00000000 EBX: 66dd9d6c ECX: 02000000 EDX: 00000001 >> [ 28.890740] ESI: 02000000 EDI: 00000000 EBP: 674fe068 ESP: 674fe058 >> [ 28.890751] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b >> [ 28.890759] Code: ff ff ff 00 47 03 e9 69 ff ff ff 8b 45 08 89 06 e9 1f ff >> ff ff 66 90 55 89 e5 57 89 d7 56 53 83 ec 0c 89 45 ec 89 4d e8 8b 45 ec <8b> 58 >> 04 89 d8 83 e0 03 48 89 5d f0 75 64 89 d8 83 e0 fe 0f b6 >> [ 28.890830] EIP: __radix_tree_lookup+0x14/0xa0 SS:ESP: 0069:e52a7da0 >> [ 28.890841] CR2: 0000000000000008 >> [ 28.890886] ---[ end trace ed356e59f215ce08 ]--- >> >> # java -version >> java version "1.7.0_51" >> Java(TM) SE Runtime Environment (build 1.7.0_51-b13) >> Java HotSpot(TM) Server VM (build 24.51-b03, mixed mode) >> >> ~# free -m >> total used free shared buffers cached >> Mem: 5418 572 4846 0 25 245 >> -/+ buffers/cache: 301 5117 >> Swap: 127 0 127 >> >> # uptime >> 01:21:08 up 2:02, 3 users, load average: 13.47, 13.65, 13.63 >> >> -- >> You are receiving this mail because: >> You are the assignee for the bug. > > -- > To unsubscribe, send a message with 'unsubscribe linux-mm' in > the body to majordomo@kvack.org. For more info on Linux MM, > see: http://www.linux-mm.org/ . > Don't email: email@kvack.org > -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org