Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 826878 - [sys-kernel/gentoo-sources-5.15.3] NULL pointer dereference in get_page_from_freelist
Summary: [sys-kernel/gentoo-sources-5.15.3] NULL pointer dereference in get_page_from_...
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Bug Wranglers and Kernel Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-11-23 14:42 UTC by Stanislav Ochotnicky
Modified: 2021-11-24 18:16 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Journal log from first BUG line until the end (kernel_bug.log,107.32 KB, text/plain)
2021-11-23 14:43 UTC, Stanislav Ochotnicky 		Details
config-5.15.3-gentoo kernel config (config-5.15.3-gentoo,153.07 KB, text/plain)
2021-11-23 14:44 UTC, Stanislav Ochotnicky 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stanislav Ochotnicky 2021-11-23 14:42:42 UTC 
I was playing around with bottles (https://github.com/bottlesdevs/Bottles) - a wine gui/wrapper. While executing a simple binary I experienced following kernel crash. System ended up completely unresponsive - even SysRq codes were not working.

I am attaching my kernel config (I have several self-protection tweaks enabled, those could realistically interact with the wine workings probably - but I still would not expect a crash)


I'll attach the log from the first BUG to the end but the first of the errors:
Nov 22 21:08:46 myhost.mydomain kernel: BUG: kernel NULL pointer dereference, address: 0000000000000008
Nov 22 21:08:46 myhost.mydomain kernel: #PF: supervisor write access in kernel mode
Nov 22 21:08:46 myhost.mydomain kernel: #PF: error_code(0x0002) - not-present page
Nov 22 21:08:46 myhost.mydomain kernel: PGD 0 P4D 0 
Nov 22 21:08:46 myhost.mydomain kernel: Oops: 0002 [#1] PREEMPT SMP NOPTI
Nov 22 21:08:46 myhost.mydomain kernel: CPU: 4 PID: 2443 Comm: fuse mainloop Tainted: G     U          T 5.15.3-gentoo #1
Nov 22 21:08:46 myhost.mydomain kernel: Hardware name: Gigabyte Technology Co., Ltd. Z390 AORUS ULTRA/Z390 AORUS ULTRA-CF, BIOS F10h 01/19/2021
Nov 22 21:08:46 myhost.mydomain kernel: RIP: 0010:get_page_from_freelist+0x182/0xd90
Nov 22 21:08:46 myhost.mydomain kernel: Code: fd 49 c1 e2 04 48 8b 45 10 4d 01 fa 49 39 c2 0f 84 c5 07 00 00 48 8b 6d 10 48 8d 45 f8 48 8b 4d 00 48 89 44 24 10 48 8b 45 08 <48> 89 41 08 48 89 08 48 b8 00 01 00 00 00 00 ad de 48 89 45 00 48
Nov 22 21:08:46 myhost.mydomain kernel: RSP: 0018:ffffa404074bb958 EFLAGS: 00010097
Nov 22 21:08:46 myhost.mydomain kernel: RAX: dead000000000122 RBX: ffffa404074bba40 RCX: 0000000000000000
Nov 22 21:08:46 myhost.mydomain kernel: RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
Nov 22 21:08:46 myhost.mydomain kernel: RBP: ffffd1bd31c1cf88 R08: 0000000000000000 R09: 0000000000000000
Nov 22 21:08:46 myhost.mydomain kernel: R10: ffff95e2d572fa00 R11: 0000000000000000 R12: ffff95e3147fca00
Nov 22 21:08:46 myhost.mydomain kernel: R13: 0000000000000000 R14: 0000000000000283 R15: ffff95e2d572f9e0
Nov 22 21:08:46 myhost.mydomain kernel: FS:  00007fddaeffd640(0000) GS:ffff95e2d5700000(0000) knlGS:0000000000000000
Nov 22 21:08:46 myhost.mydomain kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Nov 22 21:08:46 myhost.mydomain kernel: CR2: 0000000000000008 CR3: 000000064d420003 CR4: 00000000003706e0
Nov 22 21:08:46 myhost.mydomain kernel: DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Nov 22 21:08:46 myhost.mydomain kernel: DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Nov 22 21:08:46 myhost.mydomain kernel: Call Trace:
Nov 22 21:08:46 myhost.mydomain kernel:  <TASK>
Nov 22 21:08:46 myhost.mydomain kernel:  ? __mod_memcg_lruvec_state+0x28/0x50
Nov 22 21:08:46 myhost.mydomain kernel:  ? __mod_lruvec_page_state+0x6a/0xa0
Nov 22 21:08:46 myhost.mydomain kernel:  ? __add_to_page_cache_locked+0x18a/0x370
Nov 22 21:08:46 myhost.mydomain kernel:  __alloc_pages+0x179/0x340
Nov 22 21:08:46 myhost.mydomain kernel:  page_cache_ra_unbounded+0xae/0x200
Nov 22 21:08:46 myhost.mydomain kernel:  filemap_get_pages+0x25d/0x660
Nov 22 21:08:46 myhost.mydomain kernel:  filemap_read+0xb4/0x320
Nov 22 21:08:46 myhost.mydomain kernel:  xfs_file_buffered_read+0x4e/0xd0
Nov 22 21:08:46 myhost.mydomain kernel:  xfs_file_read_iter+0x71/0xe0
Nov 22 21:08:46 myhost.mydomain kernel:  generic_file_splice_read+0x13d/0x200
Nov 22 21:08:46 myhost.mydomain kernel:  splice_file_to_pipe+0xc4/0xd0
Nov 22 21:08:46 myhost.mydomain kernel:  do_splice+0x553/0x720
Nov 22 21:08:46 myhost.mydomain kernel:  __do_splice+0xd9/0x160
Nov 22 21:08:46 myhost.mydomain kernel:  __x64_sys_splice+0x8f/0x150
Nov 22 21:08:46 myhost.mydomain kernel:  do_syscall_64+0x59/0x90
Nov 22 21:08:46 myhost.mydomain kernel:  ? exit_to_user_mode_prepare+0x157/0x1a0
Nov 22 21:08:46 myhost.mydomain kernel:  ? syscall_exit_to_user_mode+0x1d/0x40
Nov 22 21:08:46 myhost.mydomain kernel:  ? do_syscall_64+0x69/0x90
Nov 22 21:08:46 myhost.mydomain kernel:  ? do_syscall_64+0x69/0x90
Nov 22 21:08:46 myhost.mydomain kernel:  entry_SYSCALL_64_after_hwframe+0x44/0xae
Nov 22 21:08:46 myhost.mydomain kernel: RIP: 0033:0x7fddb5dec79b
Nov 22 21:08:46 myhost.mydomain kernel: Code: e8 6a 7f f8 ff 89 c5 44 8b 4c 24 2c 4c 8b 44 24 20 4c 8b 54 24 18 8b 54 24 28 48 8b 74 24 10 8b 7c 24 08 b8 13 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 ef 48 89 44 24 08 e8 b1 7f f8 ff 48 8b
Nov 22 21:08:46 myhost.mydomain kernel: RSP: 002b:00007fddaeffc970 EFLAGS: 00000297 ORIG_RAX: 0000000000000113
Nov 22 21:08:46 myhost.mydomain kernel: RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fddb5dec79b
Nov 22 21:08:46 myhost.mydomain kernel: RDX: 000000000000000a RSI: 00007fddaeffca08 RDI: 0000000000000011
Nov 22 21:08:46 myhost.mydomain kernel: RBP: 0000000000000001 R08: 0000000000020000 R09: 0000000000000002
Nov 22 21:08:46 myhost.mydomain kernel: R10: 0000000000000000 R11: 0000000000000297 R12: 00007fddaeffcbe0
Nov 22 21:08:46 myhost.mydomain kernel: R13: 0000000000020000 R14: 00007fddaeffcab0 R15: 00007fddaeffca08
Nov 22 21:08:46 myhost.mydomain kernel:  </TASK>
Nov 22 21:08:46 myhost.mydomain kernel: Modules linked in: tun uinput rfcomm cfg80211 snd_seq_dummy snd_hrtimer snd_seq af_packet nf_conntrack_netbios_ns nf_conntrack_broadcast xt_multiport xt_conntrack ipt_REJECT nf_nat_tftp nft_masq nft_objref nf_conntrack_tftp nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nf_log_syslog nft_log nft_ct nft_chain_nat nf_tables ebtable_nat ebtable_broute ip6table_nat ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_raw iptable_security ip_set nfnetlink ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables algif_skcipher bnep mei_hdcp intel_rapl_msr intel_rapl_common intel_tcc_cooling snd_hda_codec_realtek x86_pkg_temp_thermal intel_powerclamp snd_hda_codec_generic ledtrig_audio kvm_intel snd_hda_codec_hdmi intel_spi_pci gigabyte_wmi intel_spi wmi_bmof spi_nor i2c_i801 e1000e mtd i2c_smbus btusb uvcvideo mousedev
Nov 22 21:08:46 myhost.mydomain kernel:  mei_me btrtl snd_hda_intel btbcm videobuf2_vmalloc mei snd_intel_dspcfg btintel snd_usb_audio videobuf2_memops videobuf2_v4l2 snd_hda_codec bluetooth snd_usbmidi_lib videobuf2_common snd_hwdep snd_rawmidi videodev snd_hda_core snd_seq_device mc snd_pcm ecdh_generic snd_timer rfkill snd ecc soundcore intel_pch_thermal sch_fq_codel zstd zstd_compress nfsd zram fuse zsmalloc hid_logitech_hidpp hid_logitech_dj it87 hwmon_vid kvmgt mdev nouveau coretemp crc32_pclmul crc32c_intel aesni_intel crypto_simd cryptd drm_ttm_helper mxm_wmi wmi i915 ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops kvm irqbypass vfio_iommu_type1 vfio i2c_dev efivarfs
Nov 22 21:08:46 myhost.mydomain kernel: CR2: 0000000000000008
Nov 22 21:08:46 myhost.mydomain kernel: ---[ end trace 95bd5b24d0d36ea7 ]---

Reproducible: Didn't try

Steps to Reproduce:
1. Run bottles
2. Create a new environment
3. Download & run https://mt.lv/winbox64 (mikrotik router control) inside the bottles env (used default gaming profile)
Actual Results:  
Kernel crash

Expected Results:  
Kernel doesn't crash regardless of app/user 

Portage 3.0.28 (python 3.9.8-final-0, default/linux/amd64/17.1/systemd, gcc-11.2.0, glibc-2.33-r7, 5.15.4-gentoo x86_64)
=================================================================
System uname: Linux-5.15.4-gentoo-x86_64-Intel-R-_Core-TM-_i7-9700K_CPU_@_3.60GHz-with-glibc2.33
KiB Mem:    64627980 total,  23874836 free
KiB Swap:    4194300 total,   4194300 free
Timestamp of repository gentoo: Tue, 23 Nov 2021 07:00:01 +0000
Head commit of repository gentoo: be5b9f5cffb7518cad62fe41d1df1faa0ffd7748
sh bash 5.1_p8
ld GNU ld (Gentoo 2.37_p1 p0) 2.37
app-shells/bash:          5.1_p8::gentoo
dev-lang/perl:            5.34.0-r3::gentoo
dev-lang/python:          3.6.15::gentoo, 3.8.12_p1::gentoo, 3.9.8::gentoo
dev-lang/rust:            1.56.1::gentoo
dev-util/cmake:           3.20.5::gentoo
sys-apps/baselayout:      2.7-r3::gentoo
sys-apps/sandbox:         2.25::gentoo
sys-devel/autoconf:       2.13-r1::gentoo, 2.71-r1::gentoo
sys-devel/automake:       1.16.4::gentoo
sys-devel/binutils:       2.37_p1::gentoo
sys-devel/gcc:            11.2.0::gentoo
sys-devel/gcc-config:     2.4::gentoo
sys-devel/libtool:        2.4.6-r6::gentoo
sys-devel/make:           4.3::gentoo
sys-kernel/linux-headers: 5.15::gentoo (virtual/os-headers)
sys-libs/glibc:           2.33-r7::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    sync-rsync-verify-max-age: 24
    sync-rsync-verify-metamanifest: yes
    sync-rsync-verify-jobs: 1
    sync-rsync-extra-opts: 

sochotnicky-overlay
    location: /home/w0rm/projects/gentoo-overlay
    masters: gentoo
    priority: 0

x-portage
    location: /usr/local/portage
    masters: gentoo
    priority: 1

guru
    location: /var/lib/layman/guru
    masters: gentoo
    priority: 50

nix-guix
    location: /var/lib/layman/nix-guix
    masters: gentoo
    priority: 50

steam-overlay
    location: /var/lib/layman/steam-overlay
    masters: gentoo
    priority: 50

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=skylake -O2 -pipe -falign-functions=32"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=skylake -O2 -pipe -falign-functions=32"
DISTDIR="/data/temp/distfiles"
EMERGE_DEFAULT_OPTS="--jobs 1"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-march=skylake -O2 -pipe -falign-functions=32"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs candy config-protect-if-modified distlocks downgrade-backup ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-march=skylake -O2 -pipe -falign-functions=32"
GENTOO_MIRRORS="http://ftp.fi.muni.cz/pub/linux/gentoo/ http://mirror.dkm.cz/gentoo/"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j6"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="acl amd64 appindicator bluetooth bzip2 cli crypt cuda cups dri emacs ffmpeg flac fortran gdbm glamor gnome-keyring gtk3 iconv ipv6 kerberos libglvnd libnotify libtirpc mp3 multilib ncurses nls nptl opengl openmp pam pcre policykit pulseaudio readline seccomp split-usr ssl systemd systemd-units theora truetype udev udisks unicode user-session vaapi vorbis vulkan wayland x264 xattr xft zlib zsh-completion" ABI_X86="64" ADA_TARGET="gnat_2019" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev libinput" KERNEL="linux" L10N="en cs sk zh-CN" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-3 php7-4" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_9" PYTHON_TARGETS="python3_9" RUBY_TARGETS="ruby26 ruby27" USERLAND="GNU" VIDEO_CARDS="intel i965 nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LINGUAS, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RUSTFLAGS
Comment 1 Stanislav Ochotnicky 2021-11-23 14:43:25 UTC 
Created attachment 755530 [details]
Journal log from first BUG line until the end
Comment 2 Stanislav Ochotnicky 2021-11-23 14:44:14 UTC 
Created attachment 755534 [details]
config-5.15.3-gentoo kernel config
Comment 3 Mike Pagano gentoo-dev 2021-11-23 15:28:03 UTC 
(In reply to Stanislav Ochotnicky from comment #2)
> Created attachment 755534 [details]
> config-5.15.3-gentoo kernel config

Can you recreate with CONFIG_DEBUG_INFO set and then post the OOPS ?
Comment 4 Stanislav Ochotnicky 2021-11-23 16:21:02 UTC 
Yeah, I can try to reproduce - just wanted to finish a few things in case I get another crash :-)

I'll get back to you once I have more info (or can't reproduce)
Comment 5 Stanislav Ochotnicky 2021-11-23 19:46:41 UTC 
So I installed back 5.15.3 (was already at .4), compiled with debug info but interestingly I can't reproduce the crash itself again. 

However flatpak does behave weirdly (coredumping xdg-desktop-portal) so I filed a separate bug upstream at https://github.com/flatpak/xdg-desktop-portal/issues/665 and since I mentioned this bug - I was pointed to https://github.com/flatpak/flatpak/issues/4595 (and transitively to https://bugzilla.redhat.com/show_bug.cgi?id=2025285) which basically talks about a possible regression in fuse part that might impact this.

I can only speculate whether that same bug under slightly different conditions could produce a full crash. Maybe? :-)

Given that I can't reproduce this again, feel free to close if you feel there's not enough info to follow up on (I get that the amount of bugs to go through is not easily manageable). I'll keep running kernels with debug info and if I hit this again I can reopen or file a new bug...
Comment 6 Mike Pagano gentoo-dev 2021-11-24 18:16:38 UTC 
(In reply to Stanislav Ochotnicky from comment #5)
> So I installed back 5.15.3 (was already at .4), compiled with debug info but
> interestingly I can't reproduce the crash itself again. 
> 
> However flatpak does behave weirdly (coredumping xdg-desktop-portal) so I
> filed a separate bug upstream at
> https://github.com/flatpak/xdg-desktop-portal/issues/665 and since I
> mentioned this bug - I was pointed to
> https://github.com/flatpak/flatpak/issues/4595 (and transitively to
> https://bugzilla.redhat.com/show_bug.cgi?id=2025285) which basically talks
> about a possible regression in fuse part that might impact this.
> 
> I can only speculate whether that same bug under slightly different
> conditions could produce a full crash. Maybe? :-)
> 
> Given that I can't reproduce this again, feel free to close if you feel
> there's not enough info to follow up on (I get that the amount of bugs to go
> through is not easily manageable). I'll keep running kernels with debug info
> and if I hit this again I can reopen or file a new bug...

Thanks, I'll close for now, but feel free to reopen if you think it's the Gentoo Kernel.