← Back to team overview

kernel-packages team mailing list archive

[Bug 1558120] Re: Kernel can be oopsed using remap_file_pages

 

It appears that a subsequent fix for this from the aufs developer has
landed:

https://github.com/sfjro/aufs4-linux/commit/2d530d0b039ca2b1280598cf8b350d6c6552f7b8

I think we should drop my fix and pick up the official aufs fix instead.
I'll re-test with this and then re-submit the patch once I am satisfied
with it.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1558120

Title:
  Kernel can be oopsed using remap_file_pages

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Wily:
  Fix Committed
Status in linux source package in Xenial:
  Fix Committed

Bug description:
  [SRU][WILY][XENIAL]

  [JUSTIFICATION]
  Running stress-ng --remap 4 will trip an oops on the remap.

  The bug is introduced by the mm/mmap.c changes in patch
  d15bd6cdbb1c2080fb1fca0035e5af1994f4d14f ("UBUNTU: SAUCE: AUFS").
  AUFS introduced a subtle bug into remap_file_pages; calls to
  do_mmap_pgoff can lead to a change of the vma->vm_file and so the
  vma_fput(vma) on the file is incorrect; we should instead fput on the
  original file.

  [FIX]
  fput the original file rather than the vma->vm_file.  Without the fix, stress-ng --remap 4 will produce an oops in a few seconds, with the fix it is rock solid.

  [REGRESSION POTENTIAL]
  This only changes the deprecated system call remap_file_pages which is not used much and it is also deprecated, so it should be avoided by user space applications anyhow.

  --------------------------------------------------------------------

  While faffing around with the deprecated system call remap_file_pages
  I was able to trigger an OOPs that can be reproduced every time.

  uname -a
  Linux lenovo 4.4.0-13-generic #29-Ubuntu SMP Fri Mar 11 19:31:18 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

  [   27.298469] mmap: stress-ng-remap (4061) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
  [   28.956497] BUG: unable to handle kernel NULL pointer dereference at 0000000000000228
  [   28.956555] IP: [<ffffffff811a94f8>] shmem_fault+0x38/0x1e0
  [   28.956594] PGD aded1067 PUD add32067 PMD 0
  [   28.956625] Oops: 0000 [#1] SMP
  [   28.956649] Modules linked in: nls_iso8859_1 drbg ansi_cprng xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables binfmt_misc zfs(PO) zunicode(PO) zcommon(PO) znvpair(PO) spl(O) zavl(PO) uvcvideo intel_rapl x86_pkg_temp_thermal intel_powerclamp videobuf2_vmalloc coretemp videobuf2_memops crct10dif_pclmul videobuf2_v4l2 crc32_pclmul videobuf2_core v4l2_common snd_hda_codec_hdmi videodev aesni_intel snd_hda_codec_realtek snd_hda_codec_generic media aes_x86_64 lrw snd_seq_midi gf128mul glue_helper ablk_helper snd_seq_midi_event cryptd snd_hda_intel snd_hda_codec snd_hda_core
  [   28.957162]  snd_hwdep snd_rawmidi joydev input_leds arc4 serio_raw rtl8192ce rtl_pci rtl8192c_common snd_pcm rtlwifi snd_seq mac80211 thinkpad_acpi nvram cfg80211 snd_seq_device mei_me mei lpc_ich snd_timer shpchp snd soundcore mac_hid kvm_intel kvm irqbypass parport_pc ppdev lp parport autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mmc_block i915 psmouse i2c_algo_bit drm_kms_helper e1000e ahci syscopyarea libahci sdhci_pci sysfillrect sysimgblt sdhci ptp fb_sys_fops pps_core drm wmi fjes video
  [   28.957570] CPU: 2 PID: 4061 Comm: stress-ng-remap Tainted: P           O    4.4.0-13-generic #29-Ubuntu
  [   28.957623] Hardware name: LENOVO 2320CTO/2320CTO, BIOS G2ET31WW (1.11 ) 05/24/2012
  [   28.957666] task: ffff8800add2ee00 ti: ffff8800adf7c000 task.ti: ffff8800adf7c000
  [   28.957707] RIP: 0010:[<ffffffff811a94f8>]  [<ffffffff811a94f8>] shmem_fault+0x38/0x1e0
  [   28.957754] RSP: 0000:ffff8800adf7fd38  EFLAGS: 00010246
  [   28.957780] RAX: ffff880194f06900 RBX: 0000000000000000 RCX: 0000000000000054
  [   28.957820] RDX: 0000000000000000 RSI: ffff8800adf7fda8 RDI: ffff8800a990f0c8
  [   28.957860] RBP: ffff8800adf7fd98 R08: 0000000000000000 R09: ffff8800adf7fe68
  [   28.957899] R10: 0000000000000000 R11: 00003ffffffff000 R12: ffff8800a990f0c8
  [   28.957939] R13: ffff8800adf7fe68 R14: ffff8800adf0de90 R15: 00007f83ba57b000
  [   28.957979] FS:  00007f83bc46c740(0000) GS:ffff88019e280000(0000) knlGS:0000000000000000
  [   28.958024] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [   28.958056] CR2: 0000000000000228 CR3: 00000000ade92000 CR4: 00000000001406e0
  [   28.958096] Stack:
  [   28.958109]  ffff8800aafb3840 00000200adf7fd68 ffff8800adfaf108 ffff8800adfaf190
  [   28.958158]  ffffffff81a25e80 ffff8800adfaf190 0000000000000000 00000000b7865150
  [   28.958206]  0000000000000000 ffff8800a990f0c8 ffff8800adf7fe68 ffff8800adf0de90
  [   28.958254] Call Trace:
  [   28.958273]  [<ffffffff811ba900>] __do_fault+0x50/0xe0
  [   28.958305]  [<ffffffff811be33b>] handle_mm_fault+0xf8b/0x1820
  [   28.958339]  [<ffffffff81221e52>] ? __dentry_kill+0x162/0x1e0
  [   28.958374]  [<ffffffff8122b6a4>] ? mntput+0x24/0x40
  [   28.958405]  [<ffffffff8106a537>] __do_page_fault+0x197/0x400
  [   28.958439]  [<ffffffff8106a7c2>] do_page_fault+0x22/0x30
  [   28.958472]  [<ffffffff8181eef8>] page_fault+0x28/0x30
  [   28.958501] Code: 41 54 53 49 89 fc 48 83 ec 40 c7 45 ac 00 02 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 d8 31 c0 48 8b 87 a0 00 00 00 48 8b 58 20 <48> 83 bb 28 02 00 00 00 0f 85 98 00 00 00 48 8b 43 30 48 8d 56
  [   28.958726] RIP  [<ffffffff811a94f8>] shmem_fault+0x38/0x1e0

  How to reproduce:

  git clone git://kernel.ubuntu.com/cking/stress-ng
  cd stress-ng
  make clean; make
  ./stress-ng --remap 8 -t 20
  ---
  ApportVersion: 2.20-0ubuntu3
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/pcmC0D0p:   king       2522 F...m pulseaudio
   /dev/snd/controlC0:  king       2522 F.... pulseaudio
  CurrentDesktop: Unity
  DistroRelease: Ubuntu 16.04
  EcryptfsInUse: Yes
  HibernationDevice: RESUME=UUID=bdef26b7-e88c-4196-97a3-b6d47447ce86
  InstallationDate: Installed on 2015-11-04 (135 days ago)
  InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
  MachineType: LENOVO 2320CTO
  Package: linux (not installed)
  ProcFB: 0 inteldrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic root=UUID=324e5943-0fda-445d-a814-d3a80ff92ab8 ro quiet splash nomdmonddf nomdmonisw vt.handoff=7
  ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5
  RelatedPackageVersions:
   linux-restricted-modules-4.4.0-13-generic N/A
   linux-backports-modules-4.4.0-13-generic  N/A
   linux-firmware                            1.156
  RfKill:
   0: phy0: Wireless LAN
    Soft blocked: no
    Hard blocked: no
  Tags:  xenial
  Uname: Linux 4.4.0-13-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip libvirtd lpadmin lxd plugdev sambashare sudo
  _MarkForUpload: True
  dmi.bios.date: 05/24/2012
  dmi.bios.vendor: LENOVO
  dmi.bios.version: G2ET31WW (1.11 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 2320CTO
  dmi.board.vendor: LENOVO
  dmi.board.version: Not Available
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Not Available
  dmi.modalias: dmi:bvnLENOVO:bvrG2ET31WW(1.11):bd05/24/2012:svnLENOVO:pn2320CTO:pvrThinkPadX230:rvnLENOVO:rn2320CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
  dmi.product.name: 2320CTO
  dmi.product.version: ThinkPad X230
  dmi.sys.vendor: LENOVO
  ---
  ApportVersion: 2.20-0ubuntu3
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/pcmC0D0p:   king       2522 F...m pulseaudio
   /dev/snd/controlC0:  king       2522 F.... pulseaudio
  CurrentDesktop: Unity
  DistroRelease: Ubuntu 16.04
  EcryptfsInUse: Yes
  HibernationDevice: RESUME=UUID=bdef26b7-e88c-4196-97a3-b6d47447ce86
  InstallationDate: Installed on 2015-11-04 (135 days ago)
  InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
  MachineType: LENOVO 2320CTO
  Package: linux (not installed)
  ProcFB: 0 inteldrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic root=UUID=324e5943-0fda-445d-a814-d3a80ff92ab8 ro quiet splash nomdmonddf nomdmonisw vt.handoff=7
  ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5
  RelatedPackageVersions:
   linux-restricted-modules-4.4.0-13-generic N/A
   linux-backports-modules-4.4.0-13-generic  N/A
   linux-firmware                            1.156
  RfKill:
   0: phy0: Wireless LAN
    Soft blocked: no
    Hard blocked: no
  Tags:  xenial
  Uname: Linux 4.4.0-13-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip libvirtd lpadmin lxd plugdev sambashare sudo
  _MarkForUpload: True
  dmi.bios.date: 05/24/2012
  dmi.bios.vendor: LENOVO
  dmi.bios.version: G2ET31WW (1.11 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 2320CTO
  dmi.board.vendor: LENOVO
  dmi.board.version: Not Available
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Not Available
  dmi.modalias: dmi:bvnLENOVO:bvrG2ET31WW(1.11):bd05/24/2012:svnLENOVO:pn2320CTO:pvrThinkPadX230:rvnLENOVO:rn2320CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
  dmi.product.name: 2320CTO
  dmi.product.version: ThinkPad X230
  dmi.sys.vendor: LENOVO
  ---
  ApportVersion: 2.20-0ubuntu3
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/pcmC0D0p:   king       2522 F...m pulseaudio
   /dev/snd/controlC0:  king       2522 F.... pulseaudio
  CurrentDesktop: Unity
  DistroRelease: Ubuntu 16.04
  EcryptfsInUse: Yes
  HibernationDevice: RESUME=UUID=bdef26b7-e88c-4196-97a3-b6d47447ce86
  InstallationDate: Installed on 2015-11-04 (135 days ago)
  InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
  MachineType: LENOVO 2320CTO
  Package: linux (not installed)
  ProcFB: 0 inteldrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic root=UUID=324e5943-0fda-445d-a814-d3a80ff92ab8 ro quiet splash nomdmonddf nomdmonisw vt.handoff=7
  ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5
  RelatedPackageVersions:
   linux-restricted-modules-4.4.0-13-generic N/A
   linux-backports-modules-4.4.0-13-generic  N/A
   linux-firmware                            1.156
  RfKill:
   0: phy0: Wireless LAN
    Soft blocked: no
    Hard blocked: no
  Tags:  xenial
  Uname: Linux 4.4.0-13-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip libvirtd lpadmin lxd plugdev sambashare sudo
  _MarkForUpload: True
  dmi.bios.date: 05/24/2012
  dmi.bios.vendor: LENOVO
  dmi.bios.version: G2ET31WW (1.11 )
  dmi.board.asset.tag: Not Available
  dmi.board.name: 2320CTO
  dmi.board.vendor: LENOVO
  dmi.board.version: Not Available
  dmi.chassis.asset.tag: No Asset Information
  dmi.chassis.type: 10
  dmi.chassis.vendor: LENOVO
  dmi.chassis.version: Not Available
  dmi.modalias: dmi:bvnLENOVO:bvrG2ET31WW(1.11):bd05/24/2012:svnLENOVO:pn2320CTO:pvrThinkPadX230:rvnLENOVO:rn2320CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
  dmi.product.name: 2320CTO
  dmi.product.version: ThinkPad X230
  dmi.sys.vendor: LENOVO

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1558120/+subscriptions


References