| 2021-03-11 12:46:07 |
Thadeu Lima de Souza Cascardo |
bug |
|
|
added bug |
| 2021-03-11 12:52:19 |
Thadeu Lima de Souza Cascardo |
nominated for series |
|
Ubuntu Groovy |
|
| 2021-03-11 12:52:19 |
Thadeu Lima de Souza Cascardo |
bug task added |
|
linux (Ubuntu Groovy) |
|
| 2021-03-11 12:52:25 |
Thadeu Lima de Souza Cascardo |
linux (Ubuntu): status |
New |
Invalid |
|
| 2021-03-11 12:52:29 |
Thadeu Lima de Souza Cascardo |
linux (Ubuntu Groovy): status |
New |
In Progress |
|
| 2021-03-11 12:52:32 |
Thadeu Lima de Souza Cascardo |
linux (Ubuntu Groovy): assignee |
|
Thadeu Lima de Souza Cascardo (cascardo) |
|
| 2021-03-11 12:52:35 |
Thadeu Lima de Souza Cascardo |
linux (Ubuntu Groovy): importance |
Undecided |
Critical |
|
| 2021-03-11 14:37:56 |
Thadeu Lima de Souza Cascardo |
summary |
vm changes cause NULL pointer derefs |
improper memcg accounting causes NULL pointer derefs |
|
| 2021-03-11 14:40:52 |
Thadeu Lima de Souza Cascardo |
description |
After booting with groovy:linux master-next branch as of 2021-03-10, NULL pointer dereferences are seen.
One of them is like the one below:
[ 10.012503] BUG: kernel NULL pointer dereference, address: 0000000000000518
[ 10.030761] #PF: supervisor read access in kernel mode
[ 10.042518] #PF: error_code(0x0000) - not-present page
[ 10.050165] PGD 0 P4D 0
[ 10.077050] Oops: 0000 [#1] SMP PTI
[ 10.081927] CPU: 0 PID: 516 Comm: kexec-load Tainted: G W 5.8.0-45-generic #51
[ 10.092486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-1 04/01/2014
[ 10.103510] RIP: 0010:__mod_memcg_state.part.0+0xc/0x90
[ 10.115100] Code: f0 56 d0 ba e8 f5 9e 2e 00 5b 41 5c 41 5d 5d c3 4c 8b 25 ff 52 99 01 e9 76 ff ff ff 0f 0b 0f 1f 44 00 00 48 63 d2 55 48 63 f6 <48> 8b 87 18 05 00 00 65 48 8b 0c f0 48 01 ca 48 c1 e6 03 49 89 d0
[ 10.145025] RSP: 0018:ffffab9780557ab0 EFLAGS: 00010096
[ 10.146841] RAX: ffffffffffffffe2 RBX: 0000000000000002 RCX: 0000000000032183
[ 10.149891] RDX: ffffffffffffffff RSI: 0000000000000002 RDI: 0000000000000000
[ 10.153006] RBP: ffffab9780557ae8 R08: ffffffffffffffff R09: 0000000000000004
[ 10.165999] R10: fffff30fc1cb2a88 R11: ffffffffffffffff R12: ffff88ec39f32400
[ 10.168142] R13: ffffffffffffffff R14: 0000000000000001 R15: ffff88ec3ffb2000
[ 10.170299] FS: 0000000000000000(0000) GS:ffff88ec3dc00000(0000) knlGS:0000000000000000
[ 10.172783] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 10.175285] CR2: 0000000000000518 CR3: 0000000078a7c000 CR4: 00000000000006f0
[ 10.178009] Call Trace:
[ 10.179133] ? __mod_lruvec_state+0x47/0xf0
[ 10.180897] __activate_page.part.0+0x125/0x290
[ 10.182665] __activate_page+0x3a/0x40
[ 10.184496] pagevec_lru_move_fn+0x9d/0xe0
[ 10.186124] ? __activate_page.part.0+0x290/0x290
[ 10.188030] lru_add_drain_cpu+0xeb/0x1b0
[ 10.190041] lru_add_drain+0x28/0x40
[ 10.194029] exit_mmap+0x82/0x1b0
[ 10.195400] ? get_file_caps.constprop.0+0xa2/0x150
[ 10.197578] ? _cond_resched+0x1a/0x50
[ 10.199834] ? mutex_lock+0x13/0x40
[ 10.201931] mmput+0x5f/0x140
[ 10.203772] exec_mmap+0x198/0x220
[ 10.205484] begin_new_exec+0x9e/0x2d0
[ 10.207132] load_elf_binary+0x7b2/0xe20
[ 10.209471] ? ima_bprm_check+0x89/0xb0
[ 10.211378] search_binary_handler+0xe1/0x270
[ 10.213590] exec_binprm+0x51/0x1a0
[ 10.215013] __do_execve_file+0x361/0x5b0
[ 10.216671] do_execve+0x27/0x30
[ 10.218596] __x64_sys_execve+0x2c/0x40
[ 10.220646] do_syscall_64+0x49/0xc0
[ 10.222729] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 10.226379] RIP: 0033:0x7f8881dafb7b
[ 10.228548] Code: Unable to access opcode bytes at RIP 0x7f8881dafb51.
[ 10.230985] RSP: 002b:00007fffa1572278 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[ 10.233907] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f8881dafb7b
[ 10.236543] RDX: 00005576aad6e7a8 RSI: 00005576aad6e788 RDI: 00005576aad6e7d8
[ 10.240265] RBP: 00005576aad6e788 R08: 00005576aad6e7d8 R09: feff5475a9d4ff72
[ 10.243031] R10: 00007f8881d76610 R11: 0000000000000246 R12: 00005576aa32447e
[ 10.245755] R13: 00005576aad6e7a8 R14: 00005576aad6e7a8 R15: 00005576aad6e7d8
[ 10.248772] Modules linked in: isofs binfmt_misc nls_iso8859_1 joydev input_leds serio_raw sch_fq_codel drm ip_tables x_tables autofs4 ahci psmouse libahci virtio_blk xhci_pci xhci_pci_renesas virtio_net net_failover failover
[ 10.258738] CR2: 0000000000000518
[ 10.260139] ---[ end trace f7c347003caf39b8 ]--- |
[Impact]
BUGs/panics/memory corruption, leading to unbootable systems, or systems hanging when doing IO.
[Test case]
Boot a groovy system and run update-grub, do a new kernel install.
[Fix]
Revert the commit that did an improper memcg accounting, leading to refcounts going past 0.
[Regression potential]
memcg accounting can be wrong, leading to either containers being more or less restricted in memory then they are supposed to.
=============================================================
After booting with groovy:linux master-next branch as of 2021-03-10, NULL pointer dereferences are seen.
One of them is like the one below:
[ 10.012503] BUG: kernel NULL pointer dereference, address: 0000000000000518
[ 10.030761] #PF: supervisor read access in kernel mode
[ 10.042518] #PF: error_code(0x0000) - not-present page
[ 10.050165] PGD 0 P4D 0
[ 10.077050] Oops: 0000 [#1] SMP PTI
[ 10.081927] CPU: 0 PID: 516 Comm: kexec-load Tainted: G W 5.8.0-45-generic #51
[ 10.092486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-1 04/01/2014
[ 10.103510] RIP: 0010:__mod_memcg_state.part.0+0xc/0x90
[ 10.115100] Code: f0 56 d0 ba e8 f5 9e 2e 00 5b 41 5c 41 5d 5d c3 4c 8b 25 ff 52 99 01 e9 76 ff ff ff 0f 0b 0f 1f 44 00 00 48 63 d2 55 48 63 f6 <48> 8b 87 18 05 00 00 65 48 8b 0c f0 48 01 ca 48 c1 e6 03 49 89 d0
[ 10.145025] RSP: 0018:ffffab9780557ab0 EFLAGS: 00010096
[ 10.146841] RAX: ffffffffffffffe2 RBX: 0000000000000002 RCX: 0000000000032183
[ 10.149891] RDX: ffffffffffffffff RSI: 0000000000000002 RDI: 0000000000000000
[ 10.153006] RBP: ffffab9780557ae8 R08: ffffffffffffffff R09: 0000000000000004
[ 10.165999] R10: fffff30fc1cb2a88 R11: ffffffffffffffff R12: ffff88ec39f32400
[ 10.168142] R13: ffffffffffffffff R14: 0000000000000001 R15: ffff88ec3ffb2000
[ 10.170299] FS: 0000000000000000(0000) GS:ffff88ec3dc00000(0000) knlGS:0000000000000000
[ 10.172783] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 10.175285] CR2: 0000000000000518 CR3: 0000000078a7c000 CR4: 00000000000006f0
[ 10.178009] Call Trace:
[ 10.179133] ? __mod_lruvec_state+0x47/0xf0
[ 10.180897] __activate_page.part.0+0x125/0x290
[ 10.182665] __activate_page+0x3a/0x40
[ 10.184496] pagevec_lru_move_fn+0x9d/0xe0
[ 10.186124] ? __activate_page.part.0+0x290/0x290
[ 10.188030] lru_add_drain_cpu+0xeb/0x1b0
[ 10.190041] lru_add_drain+0x28/0x40
[ 10.194029] exit_mmap+0x82/0x1b0
[ 10.195400] ? get_file_caps.constprop.0+0xa2/0x150
[ 10.197578] ? _cond_resched+0x1a/0x50
[ 10.199834] ? mutex_lock+0x13/0x40
[ 10.201931] mmput+0x5f/0x140
[ 10.203772] exec_mmap+0x198/0x220
[ 10.205484] begin_new_exec+0x9e/0x2d0
[ 10.207132] load_elf_binary+0x7b2/0xe20
[ 10.209471] ? ima_bprm_check+0x89/0xb0
[ 10.211378] search_binary_handler+0xe1/0x270
[ 10.213590] exec_binprm+0x51/0x1a0
[ 10.215013] __do_execve_file+0x361/0x5b0
[ 10.216671] do_execve+0x27/0x30
[ 10.218596] __x64_sys_execve+0x2c/0x40
[ 10.220646] do_syscall_64+0x49/0xc0
[ 10.222729] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 10.226379] RIP: 0033:0x7f8881dafb7b
[ 10.228548] Code: Unable to access opcode bytes at RIP 0x7f8881dafb51.
[ 10.230985] RSP: 002b:00007fffa1572278 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[ 10.233907] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007f8881dafb7b
[ 10.236543] RDX: 00005576aad6e7a8 RSI: 00005576aad6e788 RDI: 00005576aad6e7d8
[ 10.240265] RBP: 00005576aad6e788 R08: 00005576aad6e7d8 R09: feff5475a9d4ff72
[ 10.243031] R10: 00007f8881d76610 R11: 0000000000000246 R12: 00005576aa32447e
[ 10.245755] R13: 00005576aad6e7a8 R14: 00005576aad6e7a8 R15: 00005576aad6e7d8
[ 10.248772] Modules linked in: isofs binfmt_misc nls_iso8859_1 joydev input_leds serio_raw sch_fq_codel drm ip_tables x_tables autofs4 ahci psmouse libahci virtio_blk xhci_pci xhci_pci_renesas virtio_net net_failover failover
[ 10.258738] CR2: 0000000000000518
[ 10.260139] ---[ end trace f7c347003caf39b8 ]--- |
|
| 2021-03-12 01:20:49 |
Kelsey Steele |
linux (Ubuntu Groovy): status |
In Progress |
Fix Committed |
|
| 2021-03-26 04:50:48 |
Ubuntu Kernel Bot |
tags |
|
verification-needed-groovy |
|
| 2021-04-10 00:19:53 |
Khaled El Mously |
tags |
verification-needed-groovy |
verification-done-groovy |
|
| 2021-04-12 14:17:01 |
Launchpad Janitor |
linux (Ubuntu Groovy): status |
Fix Committed |
Fix Released |
|
| 2021-04-12 14:17:01 |
Launchpad Janitor |
cve linked |
|
2021-20239 |
|
| 2021-04-12 14:17:01 |
Launchpad Janitor |
cve linked |
|
2021-3347 |
|
| 2021-04-12 14:17:01 |
Launchpad Janitor |
cve linked |
|
2021-3348 |
|
