** Description changed: - Under memory pressure, my VM locks up. This has been reported upstream - though I don't know how far any solution has progressed. + == Justification == + When using z3fold and zswap on a VM under overcommitted memory stress, + z3fold will complains about an "unknown buddy id 0" and fail to get a + pointer to the mapped allocation in z3fold_map(). + + z3fold: unknown buddy id 0 + WARNING: CPU: 2 PID: 1584 at mm/z3fold.c:971 z3fold_zpool_map+0xce/0x100 [z3fold] + + And it will leads to a null pointer dereference in zswap + + BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 + PGD 0 P4D 0 + Oops: 0000 [#1] SMP PTI + CPU: 2 PID: 1584 Comm: stress Tainted: G W 4.18.0-17-generic #18-Ubuntu + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1ubuntu1 04/01/2014 + RIP: 0010:zswap_writeback_entry+0x4d/0x360 + + == Fix == + ca0246bb (z3fold: fix possible reclaim races) + + This patch has already in Disco, and can be cherry-picked into B/C. + Not needed for Xenial and older kernels as z3fold is not supported. + + == Test == + Test kernels for Bionic / Cosmic could be found here: + http://people.canonical.com/~phlin/kernel/lp-1814874-z3fold-zswap/Bionic/ + http://people.canonical.com/~phlin/kernel/lp-1814874-z3fold-zswap/Cosmic/ + + This issue can be reproduced easily in a KVM with the following setup: + * 8G disk, 4G RAM, 4 CPUs + * 1G swap + * "zswap.enabled=1 zswap.zpool=z3fold zswap.max_pool_percent=7" added to grub + * "z3fold" module added into /etc/initramfs-tools/modules + + Stress it with two childs running: + * stress --vm-bytes 512M --vm 4 --vm-hang 3 + * stress --vm-bytes 512M --vm 4 --vm-hang 7 + + The VM is expected to crash within 5 minutes. + + With the patched kernel, the VM can withstand this stress for over an + hour with crashing with this issue + + == Regression potential == + Small. + + Fix limited to z3fold. User needs to enable it explicitly for this + feature. + + + == Original Bug Report == + Under memory pressure, my VM locks up. This has been reported upstream though I don't know how far any solution has progressed. https://bugzilla.kernel.org/show_bug.cgi?id=201603 Feb 6 07:15:42 vps632258 kernel: [151336.450064] z3fold: unknown buddy id 0 Feb 6 07:15:42 vps632258 kernel: [151336.454450] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 The little bit of log I managed to salvage is attached. This has happened to two identical VMs. Unusually it has not occurred on a third VM which is configured the same but has less RAM (fingers crossed it won't). Irrelevant information: I thought the lock-ups were due to me using a BTRFS filesystem, however I swapped over to NILFS2 and this still occurs. The only difference seems to be that I am now able to grab some of the kernel output. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.18.0-14-generic 4.18.0-14.15~18.04.1 ProcVersionSignature: Ubuntu 4.18.0-14.15~18.04.1-generic 4.18.20 Uname: Linux 4.18.0-14-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 Date: Wed Feb 6 10:55:05 2019 ProcEnviron: - TERM=xterm - PATH=(custom, no user) - XDG_RUNTIME_DIR=<set> - LANG=en_GB.UTF-8 - SHELL=/bin/bash + TERM=xterm + PATH=(custom, no user) + XDG_RUNTIME_DIR=<set> + LANG=en_GB.UTF-8 + SHELL=/bin/bash SourcePackage: linux-signed-hwe UpgradeStatus: No upgrade log present (probably fresh install)
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1814874 Title: NULL pointer dereference when using z3fold and zswap To manage notifications about this bug go to: https://bugs.launchpad.net/linux/+bug/1814874/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
