Ubuntu
linux package

Bug #1558120
Comment #0

Comment 0 for bug 1558120

Revision history for this message

Colin Ian King (colin-king) wrote on 2016-03-16:

While faffing around with the deprecated system call remap_file_pages I was able to trigger an OOPs that can be reproduced every time.

uname -a
Linux lenovo 4.4.0-13-generic #29-Ubuntu SMP Fri Mar 11 19:31:18 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

[ 27.298469] mmap: stress-ng-remap (4061) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
[ 28.956497] BUG: unable to handle kernel NULL pointer dereference at 0000000000000228
[ 28.956555] IP: [<ffffffff811a94f8>] shmem_fault+0x38/0x1e0
[ 28.956594] PGD aded1067 PUD add32067 PMD 0
[ 28.956625] Oops: 0000 [#1] SMP
[ 28.956649] Modules linked in: nls_iso8859_1 drbg ansi_cprng xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables binfmt_misc zfs(PO) zunicode(PO) zcommon(PO) znvpair(PO) spl(O) zavl(PO) uvcvideo intel_rapl x86_pkg_temp_thermal intel_powerclamp videobuf2_vmalloc coretemp videobuf2_memops crct10dif_pclmul videobuf2_v4l2 crc32_pclmul videobuf2_core v4l2_common snd_hda_codec_hdmi videodev aesni_intel snd_hda_codec_realtek snd_hda_codec_generic media aes_x86_64 lrw snd_seq_midi gf128mul glue_helper ablk_helper snd_seq_midi_event cryptd snd_hda_intel snd_hda_codec snd_hda_core
[ 28.957162] snd_hwdep snd_rawmidi joydev input_leds arc4 serio_raw rtl8192ce rtl_pci rtl8192c_common snd_pcm rtlwifi snd_seq mac80211 thinkpad_acpi nvram cfg80211 snd_seq_device mei_me mei lpc_ich snd_timer shpchp snd soundcore mac_hid kvm_intel kvm irqbypass parport_pc ppdev lp parport autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mmc_block i915 psmouse i2c_algo_bit drm_kms_helper e1000e ahci syscopyarea libahci sdhci_pci sysfillrect sysimgblt sdhci ptp fb_sys_fops pps_core drm wmi fjes video
[ 28.957570] CPU: 2 PID: 4061 Comm: stress-ng-remap Tainted: P O 4.4.0-13-generic #29-Ubuntu
[ 28.957623] Hardware name: LENOVO 2320CTO/2320CTO, BIOS G2ET31WW (1.11 ) 05/24/2012
[ 28.957666] task: ffff8800add2ee00 ti: ffff8800adf7c000 task.ti: ffff8800adf7c000
[ 28.957707] RIP: 0010:[<ffffffff811a94f8>] [<ffffffff811a94f8>] shmem_fault+0x38/0x1e0
[ 28.957754] RSP: 0000:ffff8800adf7fd38 EFLAGS: 00010246
[ 28.957780] RAX: ffff880194f06900 RBX: 0000000000000000 RCX: 0000000000000054
[ 28.957820] RDX: 0000000000000000 RSI: ffff8800adf7fda8 RDI: ffff8800a990f0c8
[ 28.957860] RBP: ffff8800adf7fd98 R08: 0000000000000000 R09: ffff8800adf7fe68
[ 28.957899] R10: 0000000000000000 R11: 00003ffffffff000 R12: ffff8800a990f0c8
[ 28.957939] R13: ffff8800adf7fe68 R14: ffff8800adf0de90 R15: 00007f83ba57b000
[ 28.957979] FS: 00007f83bc46c740(0000) GS:ffff88019e280000(0000) knlGS:0000000000000000
[ 28.958024] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 28.958056] CR2: 0000000000000228 CR3: 00000000ade92000 CR4: 00000000001406e0
[ 28.958096] Stack:
[ 28.958109] ffff8800aafb3840 00000200adf7fd68 ffff8800adfaf108 ffff8800adfaf190
[ 28.958158] ffffffff81a25e80 ffff8800adfaf190 0000000000000000 00000000b7865150
[ 28.958206] 0000000000000000 ffff8800a990f0c8 ffff8800adf7fe68 ffff8800adf0de90
[ 28.958254] Call Trace:
[ 28.958273] [<ffffffff811ba900>] __do_fault+0x50/0xe0
[ 28.958305] [<ffffffff811be33b>] handle_mm_fault+0xf8b/0x1820
[ 28.958339] [<ffffffff81221e52>] ? __dentry_kill+0x162/0x1e0
[ 28.958374] [<ffffffff8122b6a4>] ? mntput+0x24/0x40
[ 28.958405] [<ffffffff8106a537>] __do_page_fault+0x197/0x400
[ 28.958439] [<ffffffff8106a7c2>] do_page_fault+0x22/0x30
[ 28.958472] [<ffffffff8181eef8>] page_fault+0x28/0x30
[ 28.958501] Code: 41 54 53 49 89 fc 48 83 ec 40 c7 45 ac 00 02 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 d8 31 c0 48 8b 87 a0 00 00 00 48 8b 58 20 <48> 83 bb 28 02 00 00 00 0f 85 98 00 00 00 48 8b 43 30 48 8d 56
[ 28.958726] RIP [<ffffffff811a94f8>] shmem_fault+0x38/0x1e0

How to reproduce:

git clone git://kernel.ubuntu.com/cking/stress-ng
cd stress-ng
make clean; make
./stress-ng --remap 8 -t 20

While faffing around with the deprecated system call remap_file_pages I was able to trigger an OOPs that can be reproduced every time.

uname -a
Linux lenovo 4.4.0-13-generic #29-Ubuntu SMP Fri Mar 11 19:31:18 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

[   27.298469] mmap: stress-ng-remap (4061) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
[   28.956497] BUG: unable to handle kernel NULL pointer dereference at 0000000000000228
[   28.956555] IP: [<ffffffff811a94f8>] shmem_fault+0x38/0x1e0
[   28.956594] PGD aded1067 PUD add32067 PMD 0
[   28.956625] Oops: 0000 [#1] SMP
[   28.956649] Modules linked in: nls_iso8859_1 drbg ansi_cprng xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables binfmt_misc zfs(PO) zunicode(PO) zcommon(PO) znvpair(PO) spl(O) zavl(PO) uvcvideo intel_rapl x86_pkg_temp_thermal intel_powerclamp videobuf2_vmalloc coretemp videobuf2_memops crct10dif_pclmul videobuf2_v4l2 crc32_pclmul videobuf2_core v4l2_common snd_hda_codec_hdmi videodev aesni_intel snd_hda_codec_realtek snd_hda_codec_generic media aes_x86_64 lrw snd_seq_midi gf128mul glue_helper ablk_helper snd_seq_midi_event cryptd snd_hda_intel snd_hda_codec snd_hda_core
[   28.957162]  snd_hwdep snd_rawmidi joydev input_leds arc4 serio_raw rtl8192ce rtl_pci rtl8192c_common snd_pcm rtlwifi snd_seq mac80211 thinkpad_acpi nvram cfg80211 snd_seq_device mei_me mei lpc_ich snd_timer shpchp snd soundcore mac_hid kvm_intel kvm irqbypass parport_pc ppdev lp parport autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mmc_block i915 psmouse i2c_algo_bit drm_kms_helper e1000e ahci syscopyarea libahci sdhci_pci sysfillrect sysimgblt sdhci ptp fb_sys_fops pps_core drm wmi fjes video
[   28.957570] CPU: 2 PID: 4061 Comm: stress-ng-remap Tainted: P           O    4.4.0-13-generic #29-Ubuntu
[   28.957623] Hardware name: LENOVO 2320CTO/2320CTO, BIOS G2ET31WW (1.11 ) 05/24/2012
[   28.957666] task: ffff8800add2ee00 ti: ffff8800adf7c000 task.ti: ffff8800adf7c000
[   28.957707] RIP: 0010:[<ffffffff811a94f8>]  [<ffffffff811a94f8>] shmem_fault+0x38/0x1e0
[   28.957754] RSP: 0000:ffff8800adf7fd38  EFLAGS: 00010246
[   28.957780] RAX: ffff880194f06900 RBX: 0000000000000000 RCX: 0000000000000054
[   28.957820] RDX: 0000000000000000 RSI: ffff8800adf7fda8 RDI: ffff8800a990f0c8
[   28.957860] RBP: ffff8800adf7fd98 R08: 0000000000000000 R09: ffff8800adf7fe68
[   28.957899] R10: 0000000000000000 R11: 00003ffffffff000 R12: ffff8800a990f0c8
[   28.957939] R13: ffff8800adf7fe68 R14: ffff8800adf0de90 R15: 00007f83ba57b000
[   28.957979] FS:  00007f83bc46c740(0000) GS:ffff88019e280000(0000) knlGS:0000000000000000
[   28.958024] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   28.958056] CR2: 0000000000000228 CR3: 00000000ade92000 CR4: 00000000001406e0
[   28.958096] Stack:
[   28.958109]  ffff8800aafb3840 00000200adf7fd68 ffff8800adfaf108 ffff8800adfaf190
[   28.958158]  ffffffff81a25e80 ffff8800adfaf190 0000000000000000 00000000b7865150
[   28.958206]  0000000000000000 ffff8800a990f0c8 ffff8800adf7fe68 ffff8800adf0de90
[   28.958254] Call Trace:
[   28.958273]  [<ffffffff811ba900>] __do_fault+0x50/0xe0
[   28.958305]  [<ffffffff811be33b>] handle_mm_fault+0xf8b/0x1820
[   28.958339]  [<ffffffff81221e52>] ? __dentry_kill+0x162/0x1e0
[   28.958374]  [<ffffffff8122b6a4>] ? mntput+0x24/0x40
[   28.958405]  [<ffffffff8106a537>] __do_page_fault+0x197/0x400
[   28.958439]  [<ffffffff8106a7c2>] do_page_fault+0x22/0x30
[   28.958472]  [<ffffffff8181eef8>] page_fault+0x28/0x30
[   28.958501] Code: 41 54 53 49 89 fc 48 83 ec 40 c7 45 ac 00 02 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 d8 31 c0 48 8b 87 a0 00 00 00 48 8b 58 20 <48> 83 bb 28 02 00 00 00 0f 85 98 00 00 00 48 8b 43 30 48 8d 56
[   28.958726] RIP  [<ffffffff811a94f8>] shmem_fault+0x38/0x1e0

How to reproduce:

git clone git://kernel.ubuntu.com/cking/stress-ng
cd stress-ng
make clean; make
./stress-ng --remap 8 -t 20

Ubuntulinux package

Comment 0 for bug 1558120

Ubuntu
linux package