ubuntu-kernel-tests

ubuntu_stress_smoke_test:dev BUG: kernel NULL pointer dereference

Bug #1929742 reported by Francis Ginther
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Stress-ng
Won't Fix
Low
Colin Ian King
ubuntu-kernel-tests
New
Undecided
Unassigned

Bug Description

Issue found with focal linux 5.4.0-74.83 on system blanka during cycle sru-20210510.

This is the first of several BUGs. May be similar to lp:1929187.

[ 380.716900] sr 0:0:0:0: [sr0] CDROM not ready. Make sure there is a disc in the drive.
[ 382.023370] ZFS: Loaded module v0.8.3-1ubuntu12.7, ZFS pool version 5000, ZFS filesystem version 5
[ 382.489788] BUG: kernel NULL pointer dereference, address: 0000000000000010
[ 382.497560] #PF: supervisor read access in kernel mode
[ 382.503291] #PF: error_code(0x0000) - not-present page
[ 382.509022] PGD 0 P4D 0
[ 382.511847] Oops: 0000 [#1] SMP NOPTI
[ 382.515932] CPU: 130 PID: 126477 Comm: stress-ng Tainted: P OE 5.4.0-74-generic #83-Ubuntu
[ 382.526511] Hardware name: NVIDIA DGXA100 920-23687-2530-000/DGXA100, BIOS 0.34 02/08/2021
[ 382.535740] RIP: 0010:knem_miscdev_poll+0x16/0x50 [knem]
[ 382.541669] Code: Bad RIP value.
[ 382.545267] RSP: 0018:ffffb952eeaf7ab8 EFLAGS: 00010282
[ 382.551095] RAX: 0000000000000008 RBX: 0000000000000000 RCX: ffff99a2b6923801
[ 382.559056] RDX: 0000000000000001 RSI: ffffb952eeaf7c40 RDI: ffff99a2b6923800
[ 382.567015] RBP: ffffb952eeaf7ac0 R08: ffff99a2b6923800 R09: 0000000000000016
[ 382.574976] R10: ffff99a61b914fc0 R11: 0000000000000000 R12: 0000000000000019
[ 382.582934] R13: 0000000000000000 R14: 0000000000000000 R15: ffffb952eeaf7b4c
[ 382.590895] FS: 00007fc1069ab380(0000) GS:ffff99aacdc80000(0000) knlGS:0000000000000000
[ 382.599923] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 382.606331] CR2: ffffffffc04efffc CR3: 00000074e9be2000 CR4: 0000000000340ee0
[ 382.614291] Call Trace:
[ 382.617025] do_sys_poll+0x2ad/0x520
[ 382.621017] ? __radix_tree_delete+0x8f/0xf0
[ 382.625780] ? radix_tree_delete_item+0x6a/0xd0
[ 382.630836] ? put_pid+0x50/0x50
[ 382.634439] ? misc_open+0x12d/0x160
[ 382.638429] ? chrdev_open+0xd3/0x1c0
[ 382.642515] ? ima_file_check+0x5a/0x80
[ 382.646793] ? do_last+0x1a3/0x900
[ 382.650586] ? mntput+0x24/0x40
[ 382.654089] ? terminate_walk+0x7f/0xf0
[ 382.658368] ? path_openat+0xc6/0x290
[ 382.662455] ? _copy_to_user+0x2c/0x30
[ 382.666626] ? cp_new_stat+0x152/0x180
[ 382.670805] ? do_vfs_ioctl+0x407/0x670
[ 382.675084] ? __do_sys_newfstat+0x61/0x70
[ 382.679655] ? __fget_light+0x57/0x70
[ 382.683739] __x64_sys_poll+0xa5/0x150
[ 382.687923] do_syscall_64+0x57/0x190
[ 382.692001] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 382.697636] RIP: 0033:0x7fc106ae4aff
[ 382.701622] Code: 54 24 1c 48 89 74 24 10 48 89 7c 24 08 e8 79 1c f8 ff 8b 54 24 1c 48 8b 74 24 10 41 89 c0 48 8b 7c 24 08 b8 07 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 2b 44 89 c7 89 44 24 08 e8 ad 1c f8 ff 8b 44
[ 382.722576] RSP: 002b:00007ffe29899670 EFLAGS: 00000293 ORIG_RAX: 0000000000000007
[ 382.731023] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00007fc106ae4aff
[ 382.738983] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00007ffe29899718
[ 382.746943] RBP: 00007ffe29899930 R08: 0000000000000000 R09: 00007ffe29899648
[ 382.754904] R10: 00007ffe29899640 R11: 0000000000000293 R12: 0000000000000016
[ 382.762863] R13: 00007ffe2989dc50 R14: 00007ffe298997a0 R15: 0000000000000001
[ 382.770825] Modules linked in: cuse zfs(PO) zunicode(PO) zlua(PO) zavl(PO) icp(PO) zcommon(PO) znvpair(PO) spl(O) snd_seq snd_seq_device snd_timer snd soundcore dccp_ipv4 dccp atm algif_rng aegis128 aegis128_aesni algif_aead anubis fcrypt khazad seed sm4_generic tea ccm cmac md4 michael_mic nhpoly1305_avx2 nhpoly1305_sse2 nhpoly1305 poly1305_x86_64 poly1305_generic rmd128 rmd160 rmd256 rmd320 sha3_generic sm3_generic streebog_generic tgr192 wp512 xxhash_generic algif_hash blowfish_generic blowfish_x86_64 blowfish_common cast5_avx_x86_64 cast5_generic des_generic des3_ede_x86_64 libdes salsa20_generic chacha_x86_64 chacha_generic camellia_generic camellia_aesni_avx2 camellia_aesni_avx_x86_64 camellia_x86_64 cast6_avx_x86_64 cast6_generic cast_common serpent_avx2 serpent_avx_x86_64 serpent_sse2_x86_64 serpent_generic twofish_generic twofish_avx_x86_64 twofish_x86_64_3way twofish_x86_64 twofish_common algif_skcipher af_alg nls_iso8859_1 dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua
[ 382.770869] ipmi_ssif amd64_edac_mod edac_mce_amd kvm_amd kvm input_leds cdc_ether usbnet mii ccp k10temp ipmi_si ipmi_devintf ipmi_msghandler mac_hid sch_fq_codel knem(OE) ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear ses enclosure ast drm_vram_helper ttm crct10dif_pclmul crc32_pclmul ghash_clmulni_intel mlx5_core(OE) pci_hyperv_intf aesni_intel drm_kms_helper crypto_simd syscopyarea cryptd sysfillrect sysimgblt glue_helper tls fb_sys_fops hid_generic mlxfw(OE) igb mpt3sas uas dca mdev(OE) usbhid nvme raid_class i2c_algo_bit mlx_compat(OE) scsi_transport_sas hid usb_storage drm nvme_core i2c_piix4
[ 382.939741] CR2: 0000000000000010
[ 382.943437] ---[ end trace 6a64b973355e503e ]---

Revision history for this message
Francis Ginther (fginther) wrote :
Revision history for this message
dann frazier (dannf) wrote :

The crash here is in a module provided by the Mellanox OFED stack (knem), and is not reproducible w/o it, so I think this bug is Invalid with respect to the generic Ubuntu kernel.

Po-Hsu Lin (cypressyew)
tags: added: ubuntu-stress-smoke-test
tags: added: 5.4 focal
removed: 4.15 bionic
Colin Ian King (colin-king)
Changed in stress-ng:
importance: Undecided → Low
assignee: nobody → Colin Ian King (colin-king)
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.