Bug 1647156

Summary: kernel doesn't boot on qemu, again, NULL pointer deref in page_counter_try_charge
Product: [Fedora] Fedora Reporter: Richard W.M. Jones <rjones>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: airlied, bskeggs, ewk, hdegoede, ichavero, itamar, jarodwilson, jglisse, john.j5live, jonathan, josef, kernel-maint, linville, mchehab, mjg59, steved
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 910269    

Description Richard W.M. Jones 2018-11-06 18:47:46 UTC 
Description of problem:

[    0.995706] BUG: unable to handle kernel NULL pointer dereference at 00000000000000f8
[    0.997360] PGD 0 P4D 0 
[    0.997905] Oops: 0002 [#1] SMP PTI
[    0.998637] CPU: 0 PID: 1 Comm: init Not tainted 4.20.0-0.rc0.git8.2.fc30.x86_64 #1
[    1.000212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20180724_192412-buildhw-07.phx2.fedoraproject.org-1.fc29 04/01/2014
[    1.002823] RIP: 0010:page_counter_try_charge+0x22/0xc0
[    1.003906] Code: 41 5d c3 c3 0f 1f 40 00 0f 1f 44 00 00 48 85 ff 0f 84 a7 00 00 00 41 56 48 89 f8 49 89 fe 41 55 49 89 d5 41 54 49 89 f4 55 53 <3e> 48 0f c1 37 49 8d 1c 34 48 89 fd 48 39 5f 18 73 18 eb 42 48 89
[    1.007710] RSP: 0018:ffffacd6c00cbc98 EFLAGS: 00010202
[    1.008792] RAX: 00000000000000f8 RBX: 0000000000000000 RCX: 0000000000000000
[    1.010255] RDX: ffffacd6c00cbcf0 RSI: 0000000000000020 RDI: 00000000000000f8
[    1.011726] RBP: 0000000000000001 R08: ffff883e1ca4b540 R09: 8000000000000063
[    1.013185] R10: 000000000001f3fe R11: 0000000000000000 R12: 0000000000000020
[    1.014654] R13: ffffacd6c00cbcf0 R14: 00000000000000f8 R15: 00000000006000c0
[    1.016115] FS:  00007fec800b8740(0000) GS:ffff883e1e600000(0000) knlGS:0000000000000000
[    1.017774] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.018953] CR2: 00000000000000f8 CR3: 000000001c944003 CR4: 0000000000360ef0
[    1.020420] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    1.021881] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    1.023350] Call Trace:
[    1.023872]  try_charge+0xce/0x6c0
[    1.024588]  memcg_kmem_charge_memcg+0x38/0xa0
[    1.025514]  memcg_kmem_charge+0x84/0x190
[    1.026351]  copy_process.part.34+0x1e4/0x1f00
[    1.027272]  ? __handle_mm_fault+0xbe0/0x1590
[    1.028180]  _do_fork+0xe2/0x390
[    1.028867]  ? __set_current_blocked+0x3d/0x60
[    1.029789]  ? generic_file_llseek_size+0x9b/0xe0
[    1.030770]  do_syscall_64+0x5b/0x160
[    1.031538]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[    1.032581] RIP: 0033:0x7fec80184982
[    1.033324] Code: db 0f 85 01 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 a2 00 00 00 41 89 c4 85 c0 0f 85 af 00 00
[    1.037144] RSP: 002b:00007fff0debe2a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[    1.038695] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fec80184982
[    1.040156] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[    1.041623] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007fec800b8740
[    1.043079] R10: 00007fec800b8a10 R11: 0000000000000246 R12: 00007fff0debe2e0
[    1.044544] R13: 00007fff0debe360 R14: 0000556a41256918 R15: 0000000000000000
[    1.046003] Modules linked in: libcrc32c crc8 crc7 crc64 crc4 crc_itu_t virtio_mmio virtio_input virtio_balloon virtio_scsi virtio_rpmsg_bus rpmsg_core nd_pmem nd_btt virtio_net net_failover failover virtio_crypto crypto_engine virtio_console virtio_blk crc32_generic crct10dif_pclmul crc32c_intel crc32_pclmul
[    1.051543] CR2: 00000000000000f8
[    1.052238] ---[ end trace 0fba765aa3e6014f ]---
[    1.053199] RIP: 0010:page_counter_try_charge+0x22/0xc0
[    1.054277] Code: 41 5d c3 c3 0f 1f 40 00 0f 1f 44 00 00 48 85 ff 0f 84 a7 00 00 00 41 56 48 89 f8 49 89 fe 41 55 49 89 d5 41 54 49 89 f4 55 53 <3e> 48 0f c1 37 49 8d 1c 34 48 89 fd 48 39 5f 18 73 18 eb 42 48 89
[    1.058074] RSP: 0018:ffffacd6c00cbc98 EFLAGS: 00010202
[    1.059151] RAX: 00000000000000f8 RBX: 0000000000000000 RCX: 0000000000000000
[    1.060614] RDX: ffffacd6c00cbcf0 RSI: 0000000000000020 RDI: 00000000000000f8
[    1.062079] RBP: 0000000000000001 R08: ffff883e1ca4b540 R09: 8000000000000063
[    1.063547] R10: 000000000001f3fe R11: 0000000000000000 R12: 0000000000000020
[    1.065008] R13: ffffacd6c00cbcf0 R14: 00000000000000f8 R15: 00000000006000c0
[    1.066478] FS:  00007fec800b8740(0000) GS:ffff883e1e600000(0000) knlGS:0000000000000000
[    1.068126] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.069307] CR2: 00000000000000f8 CR3: 000000001c944003 CR4: 0000000000360ef0
[    1.070774] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    1.072234] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    1.073864] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[    1.075752] Kernel Offset: 0x2b000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[    1.077957] Rebooting in 1 seconds..

qemu-sanity-check could help!

Version-Release number of selected component (if applicable):

kernel-4.20.0-0.rc0.git8.2.fc30.x86_64 (host and guest)

How reproducible:

100%

Steps to Reproduce:
1. Run libguestfs-test-tool, qemu-sanity-check etc.
Comment 1 Richard W.M. Jones 2018-11-06 18:48:21 UTC 
The bug looks the same as this one:

https://lkml.org/lkml/2018/10/29/559