zram: NULL pointer dereference in zs_malloc 5.10.y

From: Martin Raiber
Date: Tue Jun 08 2021 - 14:51:57 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.4 36/78] tipc: add extack messages for bearer/media failure"
Previous message: Greg Kroah-Hartman: "[PATCH 5.4 65/78] mm: add thp_order"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

just saw this again on 5.10.y, seems to be present since a while (see https://bugzilla.kernel.org/show_bug.cgi?id=209153 but ignore the unrelated btrfs issues):

Jun 8 04:15:40 kernel: [3557647.536760] BUG: kernel NULL pointer dereference, address: 0000000000000000
Jun 8 04:15:40 kernel: [3557647.536785] #PF: supervisor read access in kernel mode
Jun 8 04:15:40 kernel: [3557647.536797] #PF: error_code(0x0000) - not-present page
Jun 8 04:15:40 kernel: [3557647.536809] PGD 0 P4D 0
Jun 8 04:15:40 kernel: [3557647.536818] Oops: 0000 [#1] SMP PTI
Jun 8 04:15:40 kernel: [3557647.536828] CPU: 0 PID: 3448227 Comm: kworker/u256:13 Not tainted 5.10.26 #1
Jun 8 04:15:40 kernel: [3557647.536843] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090007 05/18/2018
Jun 8 04:15:40 kernel: [3557647.536867] Workqueue: writeback wb_workfn (flush-252:1)
Jun 8 04:15:40 kernel: [3557647.537416] RIP: 0010:obj_malloc+0x35/0xf0
Jun 8 04:15:40 kernel: [3557647.537953] Code: 49 89 f1 48 83 ca 01 41 8b 48 48 49 8b 41 10 49 89 d2 0f af cf 89 ce 41 89 cb c1 fe 0c 41 81 e$
Jun 8 04:15:40 kernel: [3557647.538562] RSP: 0018:ffffc9003a16b830 EFLAGS: 00010206
Jun 8 04:15:40 kernel: [3557647.538562] RAX: 0000000000000000 RBX: ffff88817a6df000 RCX: 02ffff8000000000
Jun 8 04:15:40 kernel: [3557647.538562] RDX: 0000000000000001 RSI: 000000000003f085 RDI: 000000000fb67d15
Jun 8 04:15:40 kernel: [3557647.538562] RBP: ffff888105d27380 R08: ffff888136079680 R09: ffff8881bb656d80
Jun 8 04:15:40 kernel: [3557647.538562] R10: ffff888105d27381 R11: 0000000000000720 R12: 000000000000280a
Jun 8 04:15:40 kernel: [3557647.538562] R13: ffff888136079680 R14: 0000000000002800 R15: ffff8881bb656d80
Jun 8 04:15:40 kernel: [3557647.538562] FS: 0000000000000000(0000) GS:ffff8897c5e00000(0000) knlGS:0000000000000000
Jun 8 04:15:40 kernel: [3557647.538562] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jun 8 04:15:40 kernel: [3557647.538562] CR2: 0000000000000000 CR3: 0000000141d6c004 CR4: 00000000001706f0
Jun 8 04:15:40 kernel: [3557647.538562] Call Trace:
Jun 8 04:15:40 kernel: [3557647.538562] zs_malloc+0x1d0/0x440
Jun 8 04:15:40 kernel: [3557647.538562] zram_bvec_rw.constprop.0.isra.0+0x363/0x610 [zram]
Jun 8 04:15:40 kernel: [3557647.549338] zram_submit_bio+0x199/0x351 [zram]
Jun 8 04:15:40 kernel: [3557647.549637] submit_bio_noacct+0x116/0x4e0
Jun 8 04:15:40 kernel: [3557647.549637] ext4_io_submit+0x49/0x60
Jun 8 04:15:40 kernel: [3557647.549637] ext4_writepages+0x562/0xfc0
Jun 8 04:15:40 kernel: [3557647.549637] ? pagevec_lookup_range_tag+0x24/0x30
Jun 8 04:15:40 kernel: [3557647.549637] ? write_cache_pages+0xaf/0x3d0
Jun 8 04:15:40 kernel: [3557647.549637] ? __wb_calc_thresh+0x120/0x120
Jun 8 04:15:40 kernel: [3557647.549637] ? change_mnt_propagation+0x80/0x2b0
Jun 8 04:15:40 kernel: [3557647.554585] do_writepages+0x34/0xc0
Jun 8 04:15:40 kernel: [3557647.555157] ? ext4_write_inode+0x13d/0x1c0
Jun 8 04:15:40 kernel: [3557647.555157] __writeback_single_inode+0x39/0x2a0
Jun 8 04:15:40 kernel: [3557647.555157] writeback_sb_inodes+0x200/0x470
Jun 8 04:15:40 kernel: [3557647.555157] __writeback_inodes_wb+0x4c/0xe0
Jun 8 04:15:40 kernel: [3557647.555157] wb_writeback+0x1d8/0x290
Jun 8 04:15:40 kernel: [3557647.555157] wb_workfn+0x2d5/0x4d0
Jun 8 04:15:40 kernel: [3557647.555157] ? check_preempt_curr+0x4f/0x60
Jun 8 04:15:40 kernel: [3557647.555157] ? ttwu_do_wakeup+0x17/0x130
Jun 8 04:15:40 kernel: [3557647.555157] process_one_work+0x1b6/0x350
Jun 8 04:15:40 kernel: [3557647.555157] worker_thread+0x53/0x3e0
Jun 8 04:15:40 kernel: [3557647.555157] ? process_one_work+0x350/0x350
Jun 8 04:15:40 kernel: [3557647.555157] kthread+0x11b/0x140
Jun 8 04:15:40 kernel: [3557647.555157] ? __kthread_bind_mask+0x60/0x60
Jun 8 04:15:40 kernel: [3557647.555157] ret_from_fork+0x22/0x30
Jun 8 04:15:40 kernel: [3557647.562581] Modules linked in: bcache crc64 zram dm_cache_smq dm_cache dm_persistent_data dm_bio_prison dm_bufio$
Jun 8 04:15:40 kernel: [3557647.566578] CR2: 0000000000000000
Jun 8 04:15:40 kernel: [3557647.566578] ---[ end trace 13a49464a5440b1a ]---

No idea how to reproduce -- occurs very rarely.

Next message: Greg Kroah-Hartman: "[PATCH 5.4 36/78] tipc: add extack messages for bearer/media failure"
Previous message: Greg Kroah-Hartman: "[PATCH 5.4 65/78] mm: add thp_order"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]