** Changed in: linux (Ubuntu Cosmic)
Status: In Progress => Fix Committed
** Changed in: linux (Ubuntu Bionic)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1814874
Title:
NULL pointer dereference when using z3fold and zswap
Status in Linux:
Fix Released
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed
Bug description:
== Justification ==
When using z3fold and zswap on a VM under overcommitted memory stress,
z3fold will complains about an "unknown buddy id 0" and fail to get a
pointer to the mapped allocation in z3fold_map().
z3fold: unknown buddy id 0
WARNING: CPU: 2 PID: 1584 at mm/z3fold.c:971 z3fold_zpool_map+0xce/0x100
[z3fold]
And it will leads to a null pointer dereference in zswap
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
CPU: 2 PID: 1584 Comm: stress Tainted: G W 4.18.0-17-generic
#18-Ubuntu
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1ubuntu1
04/01/2014
RIP: 0010:zswap_writeback_entry+0x4d/0x360
== Fix ==
ca0246bb (z3fold: fix possible reclaim races)
This patch has already in Disco, and can be cherry-picked into B/C.
Not needed for Xenial and older kernels as z3fold is not supported.
== Test ==
Test kernels for Bionic / Cosmic could be found here:
http://people.canonical.com/~phlin/kernel/lp-1814874-z3fold-zswap/Bionic/
http://people.canonical.com/~phlin/kernel/lp-1814874-z3fold-zswap/Cosmic/
This issue can be reproduced easily in a KVM with the following setup:
* 8G disk, 4G RAM, 4 CPUs
* 1G swap
* "zswap.enabled=1 zswap.zpool=z3fold zswap.max_pool_percent=7" added to grub
* "z3fold" module added into /etc/initramfs-tools/modules
Stress it with two childs running:
* stress --vm-bytes 512M --vm 4 --vm-hang 3
* stress --vm-bytes 512M --vm 4 --vm-hang 7
The VM is expected to crash within 5 minutes.
With the patched kernel, the VM can withstand this stress for over an
hour with crashing with this issue
== Regression potential ==
Small.
Fix limited to z3fold. User needs to enable it explicitly for this
feature.
== Original Bug Report ==
Under memory pressure, my VM locks up. This has been reported upstream though
I don't know how far any solution has progressed.
https://bugzilla.kernel.org/show_bug.cgi?id=201603
Feb 6 07:15:42 vps632258 kernel: [151336.450064] z3fold: unknown buddy id 0
Feb 6 07:15:42 vps632258 kernel: [151336.454450] BUG: unable to handle
kernel NULL pointer dereference at 0000000000000008
The little bit of log I managed to salvage is attached.
This has happened to two identical VMs. Unusually it has not occurred
on a third VM which is configured the same but has less RAM (fingers
crossed it won't).
Irrelevant information:
I thought the lock-ups were due to me using a BTRFS filesystem, however I
swapped over to NILFS2 and this still occurs. The only difference seems to be
that I am now able to grab some of the kernel output.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.18.0-14-generic 4.18.0-14.15~18.04.1
ProcVersionSignature: Ubuntu 4.18.0-14.15~18.04.1-generic 4.18.20
Uname: Linux 4.18.0-14-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Wed Feb 6 10:55:05 2019
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: linux-signed-hwe
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/linux/+bug/1814874/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
