Cosmic verification in progress.

You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.

  NULL pointer dereference when using z3fold and zswap

Status in Linux:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Cosmic:
  Fix Committed

Bug description:
  == Justification ==
  When using z3fold and zswap on a VM under overcommitted memory stress,
  z3fold will complains about an "unknown buddy id 0" and fail to get a
  pointer to the mapped allocation in z3fold_map().

   z3fold: unknown buddy id 0
   WARNING: CPU: 2 PID: 1584 at mm/z3fold.c:971 z3fold_zpool_map+0xce/0x100 

  And it will leads to a null pointer dereference in zswap

   BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
   PGD 0 P4D 0
   Oops: 0000 [#1] SMP PTI
   CPU: 2 PID: 1584 Comm: stress Tainted: G        W         4.18.0-17-generic 
   Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1ubuntu1 
   RIP: 0010:zswap_writeback_entry+0x4d/0x360

  == Fix ==
  ca0246bb (z3fold: fix possible reclaim races)

  This patch has already in Disco, and can be cherry-picked into B/C.
  Not needed for Xenial and older kernels as z3fold is not supported.

  == Test ==
  Test kernels for Bionic / Cosmic could be found here:

  This issue can be reproduced easily in a KVM with the following setup:
   * 8G disk, 4G RAM, 4 CPUs
   * 1G swap
   * "zswap.enabled=1 zswap.zpool=z3fold zswap.max_pool_percent=7" added to grub
   * "z3fold" module added into /etc/initramfs-tools/modules

  Stress it with two childs running:
   * stress --vm-bytes 512M --vm 4 --vm-hang 3
   * stress --vm-bytes 512M --vm 4 --vm-hang 7

  The VM is expected to crash within 5 minutes.

  With the patched kernel, the VM can withstand this stress for over an
  hour with crashing with this issue

  == Regression potential ==

  Fix limited to z3fold. User needs to enable it explicitly for this

  == Original Bug Report ==
  Under memory pressure, my VM locks up. This has been reported upstream though 
I don't know how far any solution has progressed.

  Feb  6 07:15:42 vps632258 kernel: [151336.450064] z3fold: unknown buddy id 0
  Feb  6 07:15:42 vps632258 kernel: [151336.454450] BUG: unable to handle 
kernel NULL pointer dereference at 0000000000000008

  The little bit of log I managed to salvage is attached.

  This has happened to two identical VMs. Unusually it has not occurred
  on a third VM which is configured the same but has less RAM (fingers
  crossed it won't).

  Irrelevant information:
  I thought the lock-ups were due to me using a BTRFS filesystem, however I 
swapped over to NILFS2 and this still occurs. The only difference seems to be 
that I am now able to grab some of the kernel output.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: linux-image-4.18.0-14-generic 4.18.0-14.15~18.04.1
  ProcVersionSignature: Ubuntu 4.18.0-14.15~18.04.1-generic 4.18.20
  Uname: Linux 4.18.0-14-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.5
  Architecture: amd64
  Date: Wed Feb  6 10:55:05 2019
   PATH=(custom, no user)
  SourcePackage: linux-signed-hwe
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to