Bug 1647156 - kernel doesn't boot on qemu, again, NULL pointer deref in page_counter_try_charge
Summary: kernel doesn't boot on qemu, again, NULL pointer deref in page_counter_try_ch...
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: TRACKER-bugs-affecting-libguestfs
TreeView+ depends on / blocked
 
Reported: 2018-11-06 18:47 UTC by Richard W.M. Jones
Modified: 2018-11-06 18:48 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Richard W.M. Jones 2018-11-06 18:47:46 UTC 
Description of problem:

[    0.995706] BUG: unable to handle kernel NULL pointer dereference at 00000000000000f8
[    0.997360] PGD 0 P4D 0 
[    0.997905] Oops: 0002 [#1] SMP PTI
[    0.998637] CPU: 0 PID: 1 Comm: init Not tainted 4.20.0-0.rc0.git8.2.fc30.x86_64 #1
[    1.000212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20180724_192412-buildhw-07.phx2.fedoraproject.org-1.fc29 04/01/2014
[    1.002823] RIP: 0010:page_counter_try_charge+0x22/0xc0
[    1.003906] Code: 41 5d c3 c3 0f 1f 40 00 0f 1f 44 00 00 48 85 ff 0f 84 a7 00 00 00 41 56 48 89 f8 49 89 fe 41 55 49 89 d5 41 54 49 89 f4 55 53 <3e> 48 0f c1 37 49 8d 1c 34 48 89 fd 48 39 5f 18 73 18 eb 42 48 89
[    1.007710] RSP: 0018:ffffacd6c00cbc98 EFLAGS: 00010202
[    1.008792] RAX: 00000000000000f8 RBX: 0000000000000000 RCX: 0000000000000000
[    1.010255] RDX: ffffacd6c00cbcf0 RSI: 0000000000000020 RDI: 00000000000000f8
[    1.011726] RBP: 0000000000000001 R08: ffff883e1ca4b540 R09: 8000000000000063
[    1.013185] R10: 000000000001f3fe R11: 0000000000000000 R12: 0000000000000020
[    1.014654] R13: ffffacd6c00cbcf0 R14: 00000000000000f8 R15: 00000000006000c0
[    1.016115] FS:  00007fec800b8740(0000) GS:ffff883e1e600000(0000) knlGS:0000000000000000
[    1.017774] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.018953] CR2: 00000000000000f8 CR3: 000000001c944003 CR4: 0000000000360ef0
[    1.020420] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    1.021881] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    1.023350] Call Trace:
[    1.023872]  try_charge+0xce/0x6c0
[    1.024588]  memcg_kmem_charge_memcg+0x38/0xa0
[    1.025514]  memcg_kmem_charge+0x84/0x190
[    1.026351]  copy_process.part.34+0x1e4/0x1f00
[    1.027272]  ? __handle_mm_fault+0xbe0/0x1590
[    1.028180]  _do_fork+0xe2/0x390
[    1.028867]  ? __set_current_blocked+0x3d/0x60
[    1.029789]  ? generic_file_llseek_size+0x9b/0xe0
[    1.030770]  do_syscall_64+0x5b/0x160
[    1.031538]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[    1.032581] RIP: 0033:0x7fec80184982
[    1.033324] Code: db 0f 85 01 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 a2 00 00 00 41 89 c4 85 c0 0f 85 af 00 00
[    1.037144] RSP: 002b:00007fff0debe2a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[    1.038695] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fec80184982
[    1.040156] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[    1.041623] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007fec800b8740
[    1.043079] R10: 00007fec800b8a10 R11: 0000000000000246 R12: 00007fff0debe2e0
[    1.044544] R13: 00007fff0debe360 R14: 0000556a41256918 R15: 0000000000000000
[    1.046003] Modules linked in: libcrc32c crc8 crc7 crc64 crc4 crc_itu_t virtio_mmio virtio_input virtio_balloon virtio_scsi virtio_rpmsg_bus rpmsg_core nd_pmem nd_btt virtio_net net_failover failover virtio_crypto crypto_engine virtio_console virtio_blk crc32_generic crct10dif_pclmul crc32c_intel crc32_pclmul
[    1.051543] CR2: 00000000000000f8
[    1.052238] ---[ end trace 0fba765aa3e6014f ]---
[    1.053199] RIP: 0010:page_counter_try_charge+0x22/0xc0
[    1.054277] Code: 41 5d c3 c3 0f 1f 40 00 0f 1f 44 00 00 48 85 ff 0f 84 a7 00 00 00 41 56 48 89 f8 49 89 fe 41 55 49 89 d5 41 54 49 89 f4 55 53 <3e> 48 0f c1 37 49 8d 1c 34 48 89 fd 48 39 5f 18 73 18 eb 42 48 89
[    1.058074] RSP: 0018:ffffacd6c00cbc98 EFLAGS: 00010202
[    1.059151] RAX: 00000000000000f8 RBX: 0000000000000000 RCX: 0000000000000000
[    1.060614] RDX: ffffacd6c00cbcf0 RSI: 0000000000000020 RDI: 00000000000000f8
[    1.062079] RBP: 0000000000000001 R08: ffff883e1ca4b540 R09: 8000000000000063
[    1.063547] R10: 000000000001f3fe R11: 0000000000000000 R12: 0000000000000020
[    1.065008] R13: ffffacd6c00cbcf0 R14: 00000000000000f8 R15: 00000000006000c0
[    1.066478] FS:  00007fec800b8740(0000) GS:ffff883e1e600000(0000) knlGS:0000000000000000
[    1.068126] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.069307] CR2: 00000000000000f8 CR3: 000000001c944003 CR4: 0000000000360ef0
[    1.070774] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    1.072234] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    1.073864] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[    1.075752] Kernel Offset: 0x2b000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[    1.077957] Rebooting in 1 seconds..

qemu-sanity-check could help!

Version-Release number of selected component (if applicable):

kernel-4.20.0-0.rc0.git8.2.fc30.x86_64 (host and guest)

How reproducible:

100%

Steps to Reproduce:
1. Run libguestfs-test-tool, qemu-sanity-check etc.
Comment 1 Richard W.M. Jones 2018-11-06 18:48:21 UTC 
The bug looks the same as this one:

https://lkml.org/lkml/2018/10/29/559
Note You need to log in before you can comment on or make changes to this bug.