Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1647156

Summary: kernel doesn't boot on qemu, again, NULL pointer deref in page_counter_try_charge
Product: [Fedora] Fedora Reporter: Richard W.M. Jones <rjones>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: airlied, bskeggs, ewk, hdegoede, ichavero, itamar, jarodwilson, jglisse, john.j5live, jonathan, josef, kernel-maint, linville, mchehab, mjg59, steved
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 910269    

Description Richard W.M. Jones 2018-11-06 18:47:46 UTC 
Description of problem:

[    0.995706] BUG: unable to handle kernel NULL pointer dereference at 00000000000000f8
[    0.997360] PGD 0 P4D 0 
[    0.997905] Oops: 0002 [#1] SMP PTI
[    0.998637] CPU: 0 PID: 1 Comm: init Not tainted 4.20.0-0.rc0.git8.2.fc30.x86_64 #1
[    1.000212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20180724_192412-buildhw-07.phx2.fedoraproject.org-1.fc29 04/01/2014
[    1.002823] RIP: 0010:page_counter_try_charge+0x22/0xc0
[    1.003906] Code: 41 5d c3 c3 0f 1f 40 00 0f 1f 44 00 00 48 85 ff 0f 84 a7 00 00 00 41 56 48 89 f8 49 89 fe 41 55 49 89 d5 41 54 49 89 f4 55 53 <3e> 48 0f c1 37 49 8d 1c 34 48 89 fd 48 39 5f 18 73 18 eb 42 48 89
[    1.007710] RSP: 0018:ffffacd6c00cbc98 EFLAGS: 00010202
[    1.008792] RAX: 00000000000000f8 RBX: 0000000000000000 RCX: 0000000000000000
[    1.010255] RDX: ffffacd6c00cbcf0 RSI: 0000000000000020 RDI: 00000000000000f8
[    1.011726] RBP: 0000000000000001 R08: ffff883e1ca4b540 R09: 8000000000000063
[    1.013185] R10: 000000000001f3fe R11: 0000000000000000 R12: 0000000000000020
[    1.014654] R13: ffffacd6c00cbcf0 R14: 00000000000000f8 R15: 00000000006000c0
[    1.016115] FS:  00007fec800b8740(0000) GS:ffff883e1e600000(0000) knlGS:0000000000000000
[    1.017774] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.018953] CR2: 00000000000000f8 CR3: 000000001c944003 CR4: 0000000000360ef0
[    1.020420] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    1.021881] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    1.023350] Call Trace:
[    1.023872]  try_charge+0xce/0x6c0
[    1.024588]  memcg_kmem_charge_memcg+0x38/0xa0
[    1.025514]  memcg_kmem_charge+0x84/0x190
[    1.026351]  copy_process.part.34+0x1e4/0x1f00
[    1.027272]  ? __handle_mm_fault+0xbe0/0x1590
[    1.028180]  _do_fork+0xe2/0x390
[    1.028867]  ? __set_current_blocked+0x3d/0x60
[    1.029789]  ? generic_file_llseek_size+0x9b/0xe0
[    1.030770]  do_syscall_64+0x5b/0x160
[    1.031538]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[    1.032581] RIP: 0033:0x7fec80184982
[    1.033324] Code: db 0f 85 01 01 00 00 64 4c 8b 0c 25 10 00 00 00 45 31 c0 4d 8d 91 d0 02 00 00 31 d2 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 a2 00 00 00 41 89 c4 85 c0 0f 85 af 00 00
[    1.037144] RSP: 002b:00007fff0debe2a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[    1.038695] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fec80184982
[    1.040156] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[    1.041623] RBP: 0000000000000001 R08: 0000000000000000 R09: 00007fec800b8740
[    1.043079] R10: 00007fec800b8a10 R11: 0000000000000246 R12: 00007fff0debe2e0
[    1.044544] R13: 00007fff0debe360 R14: 0000556a41256918 R15: 0000000000000000
[    1.046003] Modules linked in: libcrc32c crc8 crc7 crc64 crc4 crc_itu_t virtio_mmio virtio_input virtio_balloon virtio_scsi virtio_rpmsg_bus rpmsg_core nd_pmem nd_btt virtio_net net_failover failover virtio_crypto crypto_engine virtio_console virtio_blk crc32_generic crct10dif_pclmul crc32c_intel crc32_pclmul
[    1.051543] CR2: 00000000000000f8
[    1.052238] ---[ end trace 0fba765aa3e6014f ]---
[    1.053199] RIP: 0010:page_counter_try_charge+0x22/0xc0
[    1.054277] Code: 41 5d c3 c3 0f 1f 40 00 0f 1f 44 00 00 48 85 ff 0f 84 a7 00 00 00 41 56 48 89 f8 49 89 fe 41 55 49 89 d5 41 54 49 89 f4 55 53 <3e> 48 0f c1 37 49 8d 1c 34 48 89 fd 48 39 5f 18 73 18 eb 42 48 89
[    1.058074] RSP: 0018:ffffacd6c00cbc98 EFLAGS: 00010202
[    1.059151] RAX: 00000000000000f8 RBX: 0000000000000000 RCX: 0000000000000000
[    1.060614] RDX: ffffacd6c00cbcf0 RSI: 0000000000000020 RDI: 00000000000000f8
[    1.062079] RBP: 0000000000000001 R08: ffff883e1ca4b540 R09: 8000000000000063
[    1.063547] R10: 000000000001f3fe R11: 0000000000000000 R12: 0000000000000020
[    1.065008] R13: ffffacd6c00cbcf0 R14: 00000000000000f8 R15: 00000000006000c0
[    1.066478] FS:  00007fec800b8740(0000) GS:ffff883e1e600000(0000) knlGS:0000000000000000
[    1.068126] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.069307] CR2: 00000000000000f8 CR3: 000000001c944003 CR4: 0000000000360ef0
[    1.070774] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    1.072234] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    1.073864] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[    1.075752] Kernel Offset: 0x2b000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[    1.077957] Rebooting in 1 seconds..

qemu-sanity-check could help!

Version-Release number of selected component (if applicable):

kernel-4.20.0-0.rc0.git8.2.fc30.x86_64 (host and guest)

How reproducible:

100%

Steps to Reproduce:
1. Run libguestfs-test-tool, qemu-sanity-check etc.
Comment 1 Richard W.M. Jones 2018-11-06 18:48:21 UTC 
The bug looks the same as this one:

https://lkml.org/lkml/2018/10/29/559