Bug 459160

Summary:	=sys-kernel/gentoo-sources-{3.7.3,3.8.0} - __anon_vma_interval_tree_subtree_search - unable to handle kernel NULL pointer dereference at 00000048
Product:	Gentoo Linux	Reporter:	YoungFrog <theonewiththeevillook>
Component:	[OLD] Core system	Assignee:	Gentoo Kernel Bug Wranglers and Kernel Maintainers <kernel>
Status:	RESOLVED TEST-REQUEST
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	x86
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description YoungFrog 2013-02-25 14:57:58 UTC

(Similar symptoms to https://bugs.gentoo.org/show_bug.cgi?id=431048, but these kernel bugs all look similar to me so i file a new report)

I was in emacs, then tried to alt-tab to firefox and was thrown into a console-like black screen with the following message  (this one is taken from dmesg, but there is no reason it would be different, is there ? the timestamp matches, it's not an older message) :

[256149.012071] BUG: unable to handle kernel NULL pointer dereference at 00000048
[256149.012130] IP: [<c10d8339>] __anon_vma_interval_tree_subtree_search+0x1f/0x47
[256149.012183] *pde = 00000000 
[256149.012205] Oops: 0000 [#1] SMP 
[256149.012230] Modules linked in: radeon drm_kms_helper ttm i2c_piix4
[256149.012281] Pid: 629, comm: kswapd0 Tainted: G        W    3.7.3-gentoo #1 Gigabyte Technology Co., Ltd. GA-880GM-UD2H/GA-880GM-UD2H
[256149.012359] EIP: 0060:[<c10d8339>] EFLAGS: 00010202 CPU: 2
[256149.012397] EIP is at __anon_vma_interval_tree_subtree_search+0x1f/0x47
[256149.012441] EAX: 00000000 EBX: f4f5b620 ECX: 00000007 EDX: 00000007
[256149.012482] ESI: 00000007 EDI: 00000007 EBP: f5b61e40 ESP: f5b61e34
[256149.012524]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[256149.012560] CR0: 8005003b CR2: 00000048 CR3: 0c90c000 CR4: 000007d0
[256149.012601] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[256149.012643] DR6: ffff0ff0 DR7: 00000400
[256149.012669] Process kswapd0 (pid: 629, ti=f5b60000 task=f5aca290 task.ti=f5b60000)
[256149.012718] Stack:
[256149.012733]  f4f5b630 00000000 f5b61f14 f5b61e4c c10d87c5 f77b6f40 f5b61e74 c10e164a
[256149.012793]  f4cafc08 00000000 f4ea3a78 00000007 00000001 f77b6f54 f77b6f40 f5b61f14
[256149.012854]  f5b61ed0 c10cf21d f5b61ec0 c18580c4 c18580c0 00000015 ffffffe0 c18580c0
[256149.012914] Call Trace:
[256149.012933]  [<c10d87c5>] anon_vma_interval_tree_iter_first+0x19/0x1c
[256149.012977]  [<c10e164a>] page_referenced+0x8b/0x16e
[256149.013011]  [<c10cf21d>] shrink_active_list+0x16c/0x21d
[256149.013048]  [<c10d078b>] kswapd+0x6bd/0x6c3
[256149.013079]  [<c106aa15>] ? add_wait_queue+0x35/0x35
[256149.013113]  [<c106a42c>] kthread+0x6b/0x70
[256149.013141]  [<c10d00ce>] ? shrink_lruvec+0x37c/0x37c
[256149.013177]  [<c15b8577>] ret_from_kernel_thread+0x1b/0x28
[256149.013215]  [<c106a3c1>] ? kthread_freezable_should_stop+0x36/0x36
[256149.013256] Code: f0 e8 96 ff ff ff 89 43 0c 5b 5d c3 55 89 e5 57 89 cf 56 89 d6 53 89 c3 eb 03 8d 58 f0 8b 43 18 85 c0 74 05 3b 70 0c 76 f1 8b 03 <39> 78 48 77 1a e8 9d fe ff ff 39 c6 76 13 8b 5b 14 85 db 74 0a
[256149.013463] EIP: [<c10d8339>] __anon_vma_interval_tree_subtree_search+0x1f/0x47 SS:ESP 0068:f5b61e34
[256149.013526] CR2: 0000000000000048
[256149.030790] ---[ end trace cdec00279c5302c9 ]---

My mouse pointer was still ok and changing shape as I made it move on the screen. I then tried Ctrl-Alt-F1 followed by Ctrl-Alt-F7 which got me into Gnome again.

Reproducible: Couldn't Reproduce

Steps to Reproduce:
Can't reproduce : I tried switching from emacs to FF again but there is obviously something else involved;



Other programs running were thunderbird, liferea, dropbox, pidgin, rhythmbox, empathy, and that's about it (plus lots of other invisible programs)

Here is my emerge --info

Portage 2.1.11.50 (default/linux/x86/13.0/desktop/gnome, gcc-4.6.3, glibc-2.15-r3, 3.7.3-gentoo i686)
=================================================================
System uname: Linux-3.7.3-gentoo-i686-AMD_Athlon-tm-_II_X3_450_Processor-with-gentoo-2.1
KiB Mem:     3367044 total,    100416 free
KiB Swap:    5261280 total,   5261280 free
Timestamp of tree: Mon, 25 Feb 2013 01:45:01 +0000
ld GNU ld (GNU Binutils) 2.22
app-shells/bash:          4.2_p37
dev-java/java-config:     2.1.12-r1
dev-lang/python:          2.7.3-r2, 3.2.3
dev-util/cmake:           2.8.9
dev-util/pkgconfig:       0.28
sys-apps/baselayout:      2.1-r1
sys-apps/openrc:          0.11.8
sys-apps/sandbox:         2.5
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.10.3, 1.11.6
sys-devel/binutils:       2.22-r1
sys-devel/gcc:            4.6.3
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.6 (virtual/os-headers)
sys-libs/glibc:           2.15-r3
Repositories: gentoo betagarden sunrise gnome sage-on-gentoo my_local_overlay x-my_ebuilds
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA AdobeFlash-10.3 AdobeFlash-11.x"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=native -pipe -ggdb"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /var/lib/hsqldb"
CONFIG_PROTECT_MASK="${EPREFIX}/etc/gconf /etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -march=native -pipe -ggdb"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -march=i686 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FFLAGS="-O2 -march=i686 -pipe"
GENTOO_MIRRORS="ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/"
LANG="fr_FR.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/var/lib/layman/betagarden /var/lib/layman/sunrise /var/lib/layman/gnome /var/lib/layman/sage-on-gentoo /usr/local/portage /var/lib/layman/my_ebuilds"
SYNC="rsync://rsync.be.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi alsa apng avahi berkdb branding bzip2 cairo cdda cdr cli colord consolekit cracklib crypt cups cxx dbus djvu dri dts dvd dvdr eds emacs emboss encode evo exif fam ffmpeg firefox flac fontconfig fortran gcj gd gdbm gdu gif git gnome gnome-keyring gnome-online-accounts gpm gstreamer gtk gzip-el hddtemp iconv imagemagick ipv6 jadetex jpeg latex lcms ldap libnotify lm_sensors mad mdnsresponder-compat mng modules mp3 mp4 mpeg mudflap nautilus ncurses nls nptl offlinehelp ofx ogg opengl openmp pam pango pcre pcsc-lite pdf png policykit ppds pulseaudio qt3support qt4 rar readline sdl session smartcard smp snmp socialweb spell sqlite sqlite3 ssl startup-notification svg tcpd tiff tk truetype twitgin udev udisks unicode upower usb vorbis win32codecs wmf wxwidgets x264 x86 xcb xml xpdf-headers xv xvid zeroconf zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="be fr en" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="radeon" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON

Comment 1 Tom Wijsman (TomWij) (RETIRED) gentoo-dev

2013-02-27 14:07:53 UTC

> (Similar symptoms to https://bugs.gentoo.org/show_bug.cgi?id=431048, but these kernel bugs all look similar to me so i file a new report)

You need to compare the call traces to see how they are different.

> Can't reproduce : I tried switching from emacs to FF again but there is obviously something else involved;

Would love a reproducible case, preferably if another person experiences this as well (so we can find what is common); for now it could be about anything and not necessarily happen in the same location in the code.

Comment 2 Tom Wijsman (TomWij) (RETIRED) gentoo-dev

2013-04-16 15:45:46 UTC

If someone is able to reproduce this, please reply; otherwise this might as well be a random hardware issue.

Comment 3 YoungFrog 2013-05-14 14:31:16 UTC

(In reply to comment #2)
> If someone is able to reproduce this, please reply; otherwise this might as
> well be a random hardware issue.

FWIW, it happened once again, I was switching from FF to Emacs this time (but I hardly have any other app running except Thunderbird, so this is biaised) and the backtrace is hereunder. Most notable difference is that the kernel version is now 3.8.0 -- other numbers change too but I assume that was to be expected with a different kernel.

I'll not report anymore on this unless I have something actually useful (which, I'm afraid, this is not) ; but this at least shows how rare it happens. This is also the occasion for me to thank you for the time you took to have a look.

[19080.786106] BUG: unable to handle kernel NULL pointer dereference at 0000004c
[19080.786168] IP: [<c10d9c60>] __anon_vma_interval_tree_subtree_search+0x1f/0x47
[19080.786224] *pde = 00000000 
[19080.786245] Oops: 0000 [#1] SMP 
[19080.786271] Modules linked in: radeon drm_kms_helper ttm i2c_piix4
[19080.786323] Pid: 634, comm: kswapd0 Tainted: G        W    3.8.0-gentoo #1 Gigabyte Technology Co., Ltd. GA-880GM-UD2H/GA-880GM-UD2H
[19080.786403] EIP: 0060:[<c10d9c60>] EFLAGS: 00010246 CPU: 0
[19080.786441] EIP is at __anon_vma_interval_tree_subtree_search+0x1f/0x47
[19080.786485] EAX: 00000000 EBX: f52fdbc0 ECX: 0000002f EDX: 0000002f
[19080.786527] ESI: 0000002f EDI: 0000002f EBP: f5b3fdc4 ESP: f5b3fdb8
[19080.786569]  DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
[19080.786605] CR0: 8005003b CR2: 0000004c CR3: 0191f000 CR4: 000007d0
[19080.786647] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[19080.786688] DR6: ffff0ff0 DR7: 00000400
[19080.786715] Process kswapd0 (pid: 634, ti=f5b3e000 task=f5a2f470 task.ti=f5b3e000)
[19080.786764] Stack:
[19080.786778]  f52fd910 00000000 f5b3ff14 f5b3fdd0 c10da0ec f76ceae0 f5b3fdf8 c10e34bd
[19080.786840]  d8b64c60 00000000 f45698c0 0000002f 00000001 f76ceaf4 f76ceae0 f5b3ff14
[19080.786901]  f5b3fe54 c10d060a f5b3fe44 c18998c4 c18998c0 00000015 ffffffe0 c18998c0
[19080.786962] Call Trace:
[19080.786982]  [<c10da0ec>] anon_vma_interval_tree_iter_first+0x19/0x1c
[19080.787027]  [<c10e34bd>] page_referenced+0x8b/0x16e
[19080.787063]  [<c10d060a>] shrink_active_list+0x16c/0x21d
[19080.787100]  [<c10d14fc>] shrink_lruvec+0x3a4/0x3a7
[19080.787133]  [<c10d1976>] kswapd+0x477/0x672
[19080.787163]  [<c10d1976>] ? kswapd+0x477/0x672
[19080.787196]  [<c106b18d>] ? add_wait_queue+0x35/0x35
[19080.787231]  [<c106aba4>] kthread+0x6b/0x70
[19080.787260]  [<c10d14ff>] ? shrink_lruvec+0x3a7/0x3a7
[19080.787296]  [<c15e75b7>] ret_from_kernel_thread+0x1b/0x28
[19080.787333]  [<c106ab39>] ? kthread_freezable_should_stop+0x36/0x36
[19080.787374] Code: f0 e8 96 ff ff ff 89 43 0c 5b 5d c3 55 89 e5 57 89 cf 56 89 d6 53 89 c3 eb 03 8d 58 f0 8b 43 18 85 c0 74 05 3b 70 0c 76 f1 8b 03 <39> 78 4c 77 1a e8 9e fe ff ff 39 c6 76 13 8b 5b 14 85 db 74 0a
[19080.787582] EIP: [<c10d9c60>] __anon_vma_interval_tree_subtree_search+0x1f/0x47 SS:ESP 0068:f5b3fdb8
[19080.787647] CR2: 000000000000004c
[19080.805068] ---[ end trace a6ff6e9caa0954f0 ]---

Comment 4 Tom Wijsman (TomWij) (RETIRED) gentoo-dev

2013-05-14 15:38:57 UTC

Will try to go through the call trace and see if there's an obvious error there, as well research it upstream with findings; makes me wonder if this still happens on 3.9.2...

Comment 5 Tom Wijsman (TomWij) (RETIRED) gentoo-dev

2013-07-19 10:03:16 UTC

The code is quite low level which makes it hard to follow, I've instead digged into the commit history to see if this has been fixed over the last months.

http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tag/?id=v3.8

v3.8 was released on 18 February.

http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?qt=grep&q=anon_vma

There have been some commits, mostly on 24 February, dealing with anon_vma.

http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=bc56620b493496b8a6962080b644ccc537f4d526

This commit in peculiar seems somewhat interesting; first of all, it is in x86 just like your bug, second, he talks about a pointer that has no purpose (possibly causing the NULL pointer dereference perhaps?!) and in particular he tells he forgot about this (which might mean there was a problem in one of his earlier commits) so it could possibly fix something.

So, could you just try the latest kernel and see if you can still reproduce?

Comment 6 YoungFrog 2013-07-19 14:04:46 UTC

I compiled gentoo-sources 3.10.1 just now and will select it at my next reboot ; don't hold your breath though, since the bug doesn't happen very often (I think it happened only once since my latest report.)

Comment 7 Mike Pagano gentoo-dev

2013-07-26 17:56:52 UTC

It's been awhile and I'm hopeful this was resolved with later kernels. If not, please comment here and I will reopen.