BUG: kernel NULL pointer dereference, address: RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750

BUG: kernel NULL pointer dereference, address: RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750

[Naresh Kamboju]

While running LTP fs on qemu x86 and qemu_i386 these kernel BUGs noticed.

metadata:
  git branch: master
  git repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next
  git commit: f965d3ec86fa89285db0fbb983da76ba9c398efa
  git describe: next-20200914
  make_kernelversion: 5.9.0-rc5
  kernel-config:
https://builds.tuxbuild.com/g15vEMQfzQXPX_7pG6QPpQ/kernel.config

Steps to reproduce:
   # boot qemu x86_64 with linux next 20200914 tag kernel
   # cd /opt/ltp
   # ./runltp -f fs

kernel BUG on x86_64,

[  528.439815] BUG: kernel NULL pointer dereference, address: 0000000000000020
[  528.440734] #PF: supervisor read access in kernel mode
[  528.440775] #PF: error_code(0x0000) - not-present page
[  528.440775] PGD 138d1a067 P4D 138d1a067 PUD 139eff067 PMD 0
[  528.440775] Oops: 0000 [#1] SMP NOPTI
[  528.440775] CPU: 3 PID: 723 Comm: growfiles Not tainted
5.9.0-rc5-next-20200914 #1
[  528.440775] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.12.0-1 04/01/2014
[  528.440775] RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750
[  528.440775] Code: f6 0f 85 e6 fd ff ff e8 2e f3 fd ff 48 8b 7d c8
48 8b 47 08 48 8d 50 ff a8 01 48 0f 45 fa f0 ff 4f 34 0f 84 ff 01 00
00 31 ff <4c> 2b 67 20 48 8b 85 70 ff ff ff 45 31 c0 49 c1 e4 06 4c 01
e7 48
[  528.440775] RSP: 0018:ffffafb301097b70 EFLAGS: 00010246
[  528.440775] RAX: 0000000000000000 RBX: ffff934df9e5ce30 RCX: 0000000000000000
[  528.440775] RDX: 0000000000000039 RSI: ffff934de5c09240 RDI: 0000000000000000
[  528.440775] RBP: ffffafb301097c10 R08: 0000000000100cca R09: 0000000000000000
[  528.440775] R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000039
[  528.440775] R13: ffffafb301097c70 R14: 0000000000000000 R15: ffff934df9e5cfa8
[  528.440775] FS:  00007fe4cb7b8740(0000) GS:ffff934dfbd80000(0000)
knlGS:0000000000000000
[  528.440775] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  528.440775] CR2: 0000000000000020 CR3: 000000013363c000 CR4: 00000000003506e0
[  528.440775] Call Trace:
[  528.440775]  ? release_pages+0x2e6/0x350
[  528.440775]  shmem_undo_range+0x39b/0x7c0
[  528.440775]  shmem_truncate_range+0x14/0x40
[  528.440775]  shmem_setattr+0x265/0x2b0
[  528.440775]  notify_change+0x348/0x4c0
[  528.440775]  do_truncate+0x78/0xd0
[  528.440775]  ? do_truncate+0x78/0xd0
[  528.440775]  do_sys_ftruncate+0xf0/0x1a0
[  528.440775]  __x64_sys_ftruncate+0x1b/0x20
[  528.440775]  do_syscall_64+0x38/0x50
[  528.440775]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  528.440775] RIP: 0033:0x7fe4caeb0a17
[  528.440775] Code: 77 01 c3 48 8b 15 81 14 2c 00 f7 d8 64 89 02 b8
ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 b8 4d 00 00
00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 51 14 2c 00 f7 d8 64 89
02 b8
[  528.440775] RSP: 002b:00007fff37fb9578 EFLAGS: 00000202 ORIG_RAX:
000000000000004d
[  528.440775] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe4caeb0a17
[  528.440775] RDX: 00000000000397ad RSI: 00000000000399ad RDI: 0000000000000006
[  528.440775] RBP: 0000000000000006 R08: 00000005deece66d R09: 00007fe4caef6930
[  528.440775] R10: 6d20736574796220 R11: 0000000000000202 R12: 0000000000001000
[  528.440775] R13: 000000000004bcb7 R14: 00000000000399ad R15: 0000000000000042
[  528.440775] Modules linked in:
[  528.440775] CR2: 0000000000000020
[  528.440775] ---[ end trace a5ebcc25e2e2a58e ]---
[  528.440775] RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750
[  528.440775] Code: f6 0f 85 e6 fd ff ff e8 2e f3 fd ff 48 8b 7d c8
48 8b 47 08 48 8d 50 ff a8 01 48 0f 45 fa f0 ff 4f 34 0f 84 ff 01 00
00 31 ff <4c> 2b 67 20 48 8b 85 70 ff ff ff 45 31 c0 49 c1 e4 06 4c 01
e7 48
[  528.440775] RSP: 0018:ffffafb301097b70 EFLAGS: 00010246
[  528.440775] RAX: 0000000000000000 RBX: ffff934df9e5ce30 RCX: 0000000000000000
[  528.440775] RDX: 0000000000000039 RSI: ffff934de5c09240 RDI: 0000000000000000
[  528.440775] RBP: ffffafb301097c10 R08: 0000000000100cca R09: 0000000000000000
[  528.440775] R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000039
[  528.440775] R13: ffffafb301097c70 R14: 0000000000000000 R15: ffff934df9e5cfa8
[  528.440775] FS:  00007fe4cb7b8740(0000) GS:ffff934dfbd80000(0000)
knlGS:0000000000000000
[  528.440775] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  528.440775] CR2: 0000000000000020 CR3: 000000013363c000 CR4: 00000000003506e0
gf21        1  TPASS  :  Test passed
gf22        1  TPASS  :  Test passed
[  528.520376] BUG: kernel NULL pointer dereference, address: 0000000000000020
[  528.520793] #PF: supervisor read access in kernel mode
[  528.520793] #PF: error_code(0x0000) - not-present page
[  528.520793] PGD 13365c067 P4D 13365c067 PUD 139768067 PMD 0
[  528.520793] Oops: 0000 [#2] SMP NOPTI
[  528.520793] CPU: 1 PID: 726 Comm: growfiles Tainted: G      D
    5.9.0-rc5-next-20200914 #1
[  528.520793] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.12.0-1 04/01/2014
[  528.520793] RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750
[  528.520793] Code: f6 0f 85 e6 fd ff ff e8 2e f3 fd ff 48 8b 7d c8
48 8b 47 08 48 8d 50 ff a8 01 48 0f 45 fa f0 ff 4f 34 0f 84 ff 01 00
00 31 ff <4c> 2b 67 20 48 8b 85 70 ff ff ff 45 31 c0 49 c1 e4 06 4c 01
e7 48
[  528.520793] RSP: 0018:ffffafb30109fb70 EFLAGS: 00010246
[  528.520793] RAX: 0000000000000000 RBX: ffff934df8f453b0 RCX: 0000000000000000
[  528.520793] RDX: 0000000000000000 RSI: 0000000000000051 RDI: 0000000000000000
[  528.520793] RBP: ffffafb30109fc10 R08: 0000000000100cca R09: 0000000000000000
[  528.520793] R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000051
[  528.520793] R13: ffffafb30109fc70 R14: 0000000000000000 R15: ffff934df8f45528
[  528.520793] FS:  00007fb165faf740(0000) GS:ffff934dfbc80000(0000)
knlGS:0000000000000000
[  528.520793] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  528.520793] CR2: 0000000000000020 CR3: 000000013363c000 CR4: 00000000003506e0
[  528.520793] Call Trace:
[  528.520793]  ? release_pages+0x2e6/0x350
[  528.520793]  shmem_undo_range+0x39b/0x7c0
[  528.520793]  ? _cond_resched+0x19/0x30
[  528.520793]  ? find_lock_entry+0x30/0xa0
[  528.520793]  ? avc_has_perm+0xca/0x1f0
[  528.520793]  ? _cond_resched+0x19/0x30
[  528.520793]  ? down_write+0x13/0x50
[  528.520793]  ? unmap_mapping_pages+0x60/0x130
[  528.520793]  shmem_truncate_range+0x14/0x40
[  528.520793]  shmem_setattr+0x265/0x2b0
[  528.520793]  notify_change+0x348/0x4c0
[  528.520793]  do_truncate+0x78/0xd0
[  528.520793]  ? do_truncate+0x78/0xd0
[  528.520793]  do_sys_ftruncate+0xf0/0x1a0
[  528.520793]  __x64_sys_ftruncate+0x1b/0x20
[  528.520793]  do_syscall_64+0x38/0x50
[  528.520793]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  528.520793] RIP: 0033:0x7fb1656a7a17
[  528.520793] Code: 77 01 c3 48 8b 15 81 14 2c 00 f7 d8 64 89 02 b8
ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 b8 4d 00 00
00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 51 14 2c 00 f7 d8 64 89
02 b8
[  528.520793] RSP: 002b:00007fff5da67b18 EFLAGS: 00000206 ORIG_RAX:
000000000000004d
[  528.520793] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb1656a7a17
[  528.520793] RDX: 0000000000051745 RSI: 0000000000051746 RDI: 0000000000000006
[  528.520793] RBP: 0000000000000006 R08: 00000005deece66d R09: 00007fb1656ed930
[  528.520793] R10: 00000000000000bb R11: 0000000000000206 R12: 0000000000001000
[  528.520793] R13: 00000000000615d4 R14: 0000000000051746 R15: 0000000000000042
[  528.520793] Modules linked in:
[  528.520793] CR2: 0000000000000020
[  528.520793] ---[ end trace a5ebcc25e2e2a58f ]---
[  528.520793] RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750
[  528.520793] Code: f6 0f 85 e6 fd ff ff e8 2e f3 fd ff 48 8b 7d c8
48 8b 47 08 48 8d 50 ff a8 01 48 0f 45 fa f0 ff 4f 34 0f 84 ff 01 00
00 31 ff <4c> 2b 67 20 48 8b 85 70 ff ff ff 45 31 c0 49 c1 e4 06 4c 01
e7 48
[  528.520793] RSP: 0018:ffffafb301097b70 EFLAGS: 00010246
[  528.520793] RAX: 0000000000000000 RBX: ffff934df9e5ce30 RCX: 0000000000000000
[  528.520793] RDX: 0000000000000039 RSI: ffff934de5c09240 RDI: 0000000000000000
[  528.520793] RBP: ffffafb301097c10 R08: 0000000000100cca R09: 0000000000000000
[  528.520793] R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000039
[  528.520793] R13: ffffafb301097c70 R14: 0000000000000000 R15: ffff934df9e5cfa8
[  528.520793] FS:  00007fb165faf740(0000) GS:ffff934dfbc80000(0000)
knlGS:0000000000000000
[  528.520793] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  528.520793] CR2: 0000000000000020 CR3: 000000013363c000 CR4: 00000000003506e0
gf24        1  TPASS  :  Test passed
[  528.625925] BUG: kernel NULL pointer dereference, address: 0000000000000020
[  528.626774] #PF: supervisor read access in kernel mode
[  528.626774] #PF: error_code(0x0000) - not-present page
[  528.626774] PGD 138d7b067 P4D 138d7b067 PUD 133421067 PMD 0
[  528.626774] Oops: 0000 [#3] SMP NOPTI
[  528.626774] CPU: 0 PID: 728 Comm: growfiles Tainted: G      D
    5.9.0-rc5-next-20200914 #1
[  528.626774] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.12.0-1 04/01/2014
[  528.626774] RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750
[  528.626774] Code: f6 0f 85 e6 fd ff ff e8 2e f3 fd ff 48 8b 7d c8
48 8b 47 08 48 8d 50 ff a8 01 48 0f 45 fa f0 ff 4f 34 0f 84 ff 01 00
00 31 ff <4c> 2b 67 20 48 8b 85 70 ff ff ff 45 31 c0 49 c1 e4 06 4c 01
e7 48
[  528.626774] RSP: 0018:ffffafb3010afb70 EFLAGS: 00010246
[  528.626774] RAX: 0000000000000000 RBX: ffff934df3fc3770 RCX: 0000000000000000
[  528.626774] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000000
[  528.626774] RBP: ffffafb3010afc10 R08: 0000000000100cca R09: 0000000000000000
[  528.626774] R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000006
[  528.626774] R13: ffffafb3010afc70 R14: 0000000000000000 R15: ffff934df3fc38e8
[  528.626774] FS:  00007f32510fa740(0000) GS:ffff934dfbc00000(0000)
knlGS:0000000000000000
[  528.626774] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  528.626774] CR2: 0000000000000020 CR3: 000000013363c000 CR4: 00000000003506f0
[  528.626774] Call Trace:
[  528.626774]  ? release_pages+0x2e6/0x350
[  528.626774]  shmem_undo_range+0x39b/0x7c0
[  528.626774]  ? memcg_check_events+0xb0/0x1c0
[  528.626774]  shmem_truncate_range+0x14/0x40
[  528.626774]  shmem_setattr+0x265/0x2b0
[  528.626774]  notify_change+0x348/0x4c0
[  528.626774]  do_truncate+0x78/0xd0
[  528.626774]  ? do_truncate+0x78/0xd0
[  528.626774]  do_sys_ftruncate+0xf0/0x1a0
[  528.626774]  __x64_sys_ftruncate+0x1b/0x20
[  528.626774]  do_syscall_64+0x38/0x50
[  528.626774]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  528.626774] RIP: 0033:0x7f32507f2a17
[  528.626774] Code: 77 01 c3 48 8b 15 81 14 2c 00 f7 d8 64 89 02 b8
ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 b8 4d 00 00
00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 51 14 2c 00 f7 d8 64 89
02 b8
[  528.626774] RSP: 002b:00007ffc9eb08088 EFLAGS: 00000206 ORIG_RAX:
000000000000004d
[  528.626774] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f32507f2a17
[  528.626774] RDX: 00000000000054f8 RSI: 00000000000064f7 RDI: 0000000000000006
[  528.626774] RBP: 0000000000000006 R08: 00000005deece66d R09: 00007f3250838930
[  528.626774] R10: 00000000000000bb R11: 0000000000000206 R12: 0000000000001000
[  528.626774] R13: 000000000030a253 R14: 00000000000064f7 R15: 0000000000000042
[  528.626774] Modules linked in:
[  528.626774] CR2: 0000000000000020
[  528.626774] ---[ end trace a5ebcc25e2e2a590 ]---
[  528.626774] RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750
[  528.626774] Code: f6 0f 85 e6 fd ff ff e8 2e f3 fd ff 48 8b 7d c8
48 8b 47 08 48 8d 50 ff a8 01 48 0f 45 fa f0 ff 4f 34 0f 84 ff 01 00
00 31 ff <4c> 2b 67 20 48 8b 85 70 ff ff ff 45 31 c0 49 c1 e4 06 4c 01
e7 48
[  528.626774] RSP: 0018:ffffafb301097b70 EFLAGS: 00010246
[  528.626774] RAX: 0000000000000000 RBX: ffff934df9e5ce30 RCX: 0000000000000000
[  528.626774] RDX: 0000000000000039 RSI: ffff934de5c09240 RDI: 0000000000000000
[  528.626774] RBP: ffffafb301097c10 R08: 0000000000100cca R09: 0000000000000000
[  528.626774] R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000039
[  528.626774] R13: ffffafb301097c70 R14: 0000000000000000 R15: ffff934df9e5cfa8
[  528.626774] FS:  00007f32510fa740(0000) GS:ffff934dfbc00000(0000)
knlGS:0000000000000000
[  528.626774] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  528.626774] CR2: 0000000000000020 CR3: 000000013363c000 CR4: 00000000003506f0
[  528.672531] BUG: kernel NULL pointer dereference, address: 0000000000000020
[  528.672783] #PF: supervisor read access in kernel mode
[  528.672783] #PF: error_code(0x0000) - not-present page
[  528.672783] PGD 133c9a067 P4D 133c9a067 PUD 1334b1067 PMD 0
[  528.672783] Oops: 0000 [#4] SMP NOPTI
[  528.672783] CPU: 0 PID: 729 Comm: growfiles Tainted: G      D
    5.9.0-rc5-next-20200914 #1
[  528.672783] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.12.0-1 04/01/2014
[  528.672783] RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750
[  528.672783] Code: f6 0f 85 e6 fd ff ff e8 2e f3 fd ff 48 8b 7d c8
48 8b 47 08 48 8d 50 ff a8 01 48 0f 45 fa f0 ff 4f 34 0f 84 ff 01 00
00 31 ff <4c> 2b 67 20 48 8b 85 70 ff ff ff 45 31 c0 49 c1 e4 06 4c 01
e7 48
[  528.672783] RSP: 0018:ffffafb3010b7b70 EFLAGS: 00010246
[  528.672783] RAX: 0000000000000000 RBX: ffff934df3fc29b0 RCX: 0000000000000000
[  528.672783] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  528.672783] RBP: ffffafb3010b7c10 R08: 0000000000100cca R09: 0000000000000000
[  528.672783] R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000001
[  528.672783] R13: ffffafb3010b7c70 R14: 0000000000000000 R15: ffff934df3fc2b28
[  528.672783] FS:  00007f525e976740(0000) GS:ffff934dfbc00000(0000)
knlGS:0000000000000000
[  528.672783] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  528.672783] CR2: 0000000000000020 CR3: 0000000139e94000 CR4: 00000000003506f0
[  528.672783] Call Trace:
[  528.672783]  ? release_pages+0x2e6/0x350
[  528.672783]  shmem_undo_range+0x39b/0x7c0
[  528.672783]  shmem_truncate_range+0x14/0x40
[  528.672783]  shmem_setattr+0x265/0x2b0
[  528.672783]  notify_change+0x348/0x4c0
[  528.672783]  do_truncate+0x78/0xd0
[  528.672783]  ? do_truncate+0x78/0xd0
[  528.672783]  do_sys_ftruncate+0xf0/0x1a0
[  528.672783]  __x64_sys_ftruncate+0x1b/0x20
[  528.672783]  do_syscall_64+0x38/0x50
[  528.672783]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  528.672783] RIP: 0033:0x7f525e06ea17
[  528.672783] Code: 77 01 c3 48 8b 15 81 14 2c 00 f7 d8 64 89 02 b8
ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 b8 4d 00 00
00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 51 14 2c 00 f7 d8 64 89
02 b8
[  528.672783] RSP: 002b:00007ffd407309c8 EFLAGS: 00000206 ORIG_RAX:
000000000000004d
[  528.672783] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f525e06ea17
[  528.672783] RDX: 0000000000000f99 RSI: 0000000000001199 RDI: 0000000000000006
[  528.672783] RBP: 0000000000000006 R08: 00000005deece66d R09: 00007f525e0b4930
[  528.672783] R10: 6d20736574796220 R11: 0000000000000206 R12: 0000000000001000
[  528.672783] R13: 0000000000013371 R14: 0000000000001199 R15: 0000000000000042
[  528.672783] Modules linked in:
[  528.672783] CR2: 0000000000000020
[  528.672783] ---[ end trace a5ebcc25e2e2a591 ]---
[  528.672783] RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750
[  528.672783] Code: f6 0f 85 e6 fd ff ff e8 2e f3 fd ff 48 8b 7d c8
48 8b 47 08 48 8d 50 ff a8 01 48 0f 45 fa f0 ff 4f 34 0f 84 ff 01 00
00 31 ff <4c> 2b 67 20 48 8b 85 70 ff ff ff 45 31 c0 49 c1 e4 06 4c 01
e7 48
[  528.672783] RSP: 0018:ffffafb301097b70 EFLAGS: 00010246
[  528.672783] RAX: 0000000000000000 RBX: ffff934df9e5ce30 RCX: 0000000000000000
[  528.672783] RDX: 0000000000000039 RSI: ffff934de5c09240 RDI: 0000000000000000
[  528.672783] RBP: ffffafb301097c10 R08: 0000000000100cca R09: 0000000000000000
[  528.672783] R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000039
[  528.672783] R13: ffffafb301097c70 R14: 0000000000000000 R15: ffff934df9e5cfa8
[  528.672783] FS:  00007f525e976740(0000) GS:ffff934dfbc00000(0000)
knlGS:0000000000000000
[  528.672783] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  528.672783] CR2: 0000000000000020 CR3: 0000000139e94000 CR4: 00000000003506f0
[  528.722527] BUG: kernel NULL pointer dereference, address: 0000000000000020
[  528.722791] #PF: supervisor read access in kernel mode
[  528.722791] #PF: error_code(0x0000) - not-present page
[  528.722791] PGD 133c61067 P4D 133c61067 PUD 13aa06067 PMD 0
[  528.722791] Oops: 0000 [#5] SMP NOPTI
[  528.722791] CPU: 0 PID: 730 Comm: growfiles Tainted: G      D
    5.9.0-rc5-next-20200914 #1
[  528.722791] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.12.0-1 04/01/2014
[  528.722791] RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750
[  528.722791] Code: f6 0f 85 e6 fd ff ff e8 2e f3 fd ff 48 8b 7d c8
48 8b 47 08 48 8d 50 ff a8 01 48 0f 45 fa f0 ff 4f 34 0f 84 ff 01 00
00 31 ff <4c> 2b 67 20 48 8b 85 70 ff ff ff 45 31 c0 49 c1 e4 06 4c 01
e7 48
[  528.722791] RSP: 0018:ffffafb3010bfce8 EFLAGS: 00010246
[  528.722791] RAX: 0000000000000000 RBX: ffff934df3fc34b0 RCX: 0000000000000000
[  528.722791] RDX: 0000000000000000 RSI: ffff934df7bf9918 RDI: 0000000000000000
[  528.722791] RBP: ffffafb3010bfd88 R08: 0000000000100cca R09: 0000000000000000
[  528.722791] R10: ffffafb3010bfe68 R11: 0000000000000000 R12: 0000000000000000
[  528.722791] R13: ffff934df3fc34b0 R14: 0000000000000000 R15: ffff934df3fc3628
[  528.722791] FS:  00007f5769397740(0000) GS:ffff934dfbc00000(0000)
knlGS:0000000000000000
[  528.722791] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  528.722791] CR2: 0000000000000020 CR3: 000000013363c000 CR4: 00000000003506f0
[  528.722791] Call Trace:
[  528.722791]  ? avc_has_perm+0xca/0x1f0
[  528.722791]  shmem_file_read_iter+0xf7/0x380
[  528.722791]  new_sync_read+0x110/0x1a0
[  528.722791]  vfs_read+0x154/0x1b0
[  528.722791]  ksys_read+0x67/0xe0
[  528.722791]  __x64_sys_read+0x1a/0x20
[  528.722791]  do_syscall_64+0x38/0x50
[  528.722791]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  528.722791] RIP: 0033:0x7f5768d6756e
[  528.722791] Code: 8a 20 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3
66 2e 0f 1f 84 00 00 00 00 00 66 90 8b 05 7a ce 20 00 85 c0 75 16 31
c0 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 66 0f 1f 84 00 00 00 00 00 41 54
49 89
[  528.722791] RSP: 002b:00007ffdd45b2328 EFLAGS: 00000246 ORIG_RAX:
0000000000000000
[  528.722791] RAX: ffffffffffffffda RBX: 0000000000008000 RCX: 00007f5768d6756e
[  528.722791] RDX: 0000000000008000 RSI: 0000000002320270 RDI: 0000000000000006
[  528.722791] RBP: 0000000000000006 R08: 0000000000000005 R09: 00007ffdd45b20d3
[  528.722791] R10: 000000000000006f R11: 0000000000000246 R12: 0000000002320270
[  528.722791] R13: 0000000000008000 R14: 0000000000000000 R15: 0000000000000000
[  528.722791] Modules linked in:
[  528.722791] CR2: 0000000000000020
[  528.722791] ---[ end trace a5ebcc25e2e2a592 ]---
[  528.722791] RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750
[  528.722791] Code: f6 0f 85 e6 fd ff ff e8 2e f3 fd ff 48 8b 7d c8
48 8b 47 08 48 8d 50 ff a8 01 48 0f 45 fa f0 ff 4f 34 0f 84 ff 01 00
00 31 ff <4c> 2b 67 20 48 8b 85 70 ff ff ff 45 31 c0 49 c1 e4 06 4c 01
e7 48
[  528.722791] RSP: 0018:ffffafb301097b70 EFLAGS: 00010246
[  528.722791] RAX: 0000000000000000 RBX: ffff934df9e5ce30 RCX: 0000000000000000
[  528.722791] RDX: 0000000000000039 RSI: ffff934de5c09240 RDI: 0000000000000000
[  528.722791] RBP: ffffafb301097c10 R08: 0000000000100cca R09: 0000000000000000
[  528.722791] R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000039
[  528.722791] R13: ffffafb301097c70 R14: 0000000000000000 R15: ffff934df9e5cfa8
[  528.722791] FS:  00007f5769397740(0000) GS:ffff934dfbc00000(0000)
knlGS:0000000000000000
[  528.722791] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  528.722791] CR2: 0000000000000020 CR3: 000000013363c000 CR4: 00000000003506f0
[  528.776714] BUG: kernel NULL pointer dereference, address: 0000000000000020
[  528.776789] #PF: supervisor read access in kernel mode
[  528.776789] #PF: error_code(0x0000) - not-present page
[  528.776789] PGD 133dc8067 P4D 133dc8067 PUD 138f87067 PMD 0
[  528.776789] Oops: 0000 [#6] SMP NOPTI
[  528.776789] CPU: 0 PID: 731 Comm: growfiles Tainted: G      D
    5.9.0-rc5-next-20200914 #1
[  528.776789] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.12.0-1 04/01/2014
[  528.776789] RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750
[  528.776789] Code: f6 0f 85 e6 fd ff ff e8 2e f3 fd ff 48 8b 7d c8
48 8b 47 08 48 8d 50 ff a8 01 48 0f 45 fa f0 ff 4f 34 0f 84 ff 01 00
00 31 ff <4c> 2b 67 20 48 8b 85 70 ff ff ff 45 31 c0 49 c1 e4 06 4c 01
e7 48
[  528.776789] RSP: 0018:ffffafb3010c7ce8 EFLAGS: 00010246
[  528.776789] RAX: 0000000000000000 RBX: ffff934df3fc3cf0 RCX: 0000000000000000
[  528.776789] RDX: 0000000000000000 RSI: ffff934df7bf9ff0 RDI: 0000000000000000
[  528.776789] RBP: ffffafb3010c7d88 R08: 0000000000100cca R09: 0000000000000000
[  528.776789] R10: ffffafb3010c7e68 R11: 0000000000000000 R12: 0000000000000000
[  528.776789] R13: ffff934df3fc3cf0 R14: 0000000000000000 R15: ffff934df3fc3e68
[  528.776789] FS:  00007fd47a493740(0000) GS:ffff934dfbc00000(0000)
knlGS:0000000000000000
[  528.776789] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  528.776789] CR2: 0000000000000020 CR3: 0000000139f5e000 CR4: 00000000003506f0
[  528.776789] Call Trace:
[  528.776789]  ? avc_has_perm+0xca/0x1f0
[  528.776789]  shmem_file_read_iter+0xf7/0x380
[  528.776789]  new_sync_read+0x110/0x1a0
[  528.776789]  vfs_read+0x154/0x1b0
[  528.776789]  ksys_read+0x67/0xe0
[  528.776789]  __x64_sys_read+0x1a/0x20
[  528.776789]  do_syscall_64+0x38/0x50
[  528.776789]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  528.776789] RIP: 0033:0x7fd479e6356e
[  528.776789] Code: 8a 20 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff c3
66 2e 0f 1f 84 00 00 00 00 00 66 90 8b 05 7a ce 20 00 85 c0 75 16 31
c0 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 66 0f 1f 84 00 00 00 00 00 41 54
49 89
[  528.776789] RSP: 002b:00007ffd1c581e58 EFLAGS: 00000246 ORIG_RAX:
0000000000000000
[  528.776789] RAX: ffffffffffffffda RBX: 0000000000010000 RCX: 00007fd479e6356e
[  528.776789] RDX: 0000000000010000 RSI: 0000000001931270 RDI: 0000000000000006
[  528.776789] RBP: 0000000000000006 R08: 0000000000000005 R09: 00007ffd1c581c03
[  528.776789] R10: 000000000000006f R11: 0000000000000246 R12: 0000000001931270
[  528.776789] R13: 0000000000010000 R14: 0000000000000000 R15: 0000000000000000
[  528.776789] Modules linked in:
[  528.776789] CR2: 0000000000000020
[  528.776789] ---[ end trace a5ebcc25e2e2a593 ]---

i386 log:
------------
[   75.900706] BUG: kernel NULL pointer dereference, address: 00000010
[   75.900969] #PF: supervisor read access in kernel mode
[   75.900969] #PF: error_code(0x0000) - not-present page
[   75.900969] *pde = 00000000
[   75.900969] Oops: 0000 [#1] SMP
[   75.900969] CPU: 0 PID: 10104 Comm: fsx-linux Not tainted
5.9.0-rc5-next-20200914 #1
[   75.900969] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.12.0-1 04/01/2014
[   75.900969] EIP: shmem_getpage_gfp.isra.0+0x39e/0x7c0
[   75.900969] Code: d2 0f 85 b4 00 00 00 e8 90 23 fe ff 8b 45 ec 8b
50 04 8d 4a ff 83 e2 01 0f 45 c1 f0 ff 48 1c 0f 84 7f 03 00 00 31 c0
8b 55 e4 <2b> 50 10 31 db 8b 7d b0 8d 14 92 8d 04 d0 89 07 e9 ed 01 00
00 8d
[   75.900969] EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 0000000c
[   75.900969] ESI: f3868c78 EDI: f2c57180 EBP: f2e61e90 ESP: f2e61e38
[   75.900969] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010246
[   75.900969] CR0: 80050033 CR2: 00000010 CR3: 33994000 CR4: 003506d0
[   75.900969] Call Trace:
[   75.900969]  shmem_file_read_iter+0xd8/0x2d0
[   75.900969]  vfs_read+0x1be/0x320
[   75.900969]  ksys_read+0x58/0xd0
[   75.900969]  __ia32_sys_read+0x15/0x20
[   75.900969]  __do_fast_syscall_32+0x45/0x80
[   75.900969]  do_fast_syscall_32+0x29/0x60
[   75.900969]  do_SYSENTER_32+0x15/0x20
[   75.900969]  entry_SYSENTER_32+0x9f/0xf2
[   75.900969] EIP: 0xb7f6f549
[   75.900969] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01
10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f
34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90
8d 76
[   75.900969] EAX: ffffffda EBX: 00000006 ECX: 085df2d0 EDX: 0000f0c4
[   75.900969] ESI: 0000f0c4 EDI: bfa07aa8 EBP: 085df160 ESP: bfa07a50
[   75.900969] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246
[   75.900969] Modules linked in:
[   75.900969] CR2: 0000000000000010
[   75.900969] ---[ end trace 3b0d162207b86ec2 ]---
[   75.900969] EIP: shmem_getpage_gfp.isra.0+0x39e/0x7c0
[   75.900969] Code: d2 0f 85 b4 00 00 00 e8 90 23 fe ff 8b 45 ec 8b
50 04 8d 4a ff 83 e2 01 0f 45 c1 f0 ff 48 1c 0f 84 7f 03 00 00 31 c0
8b 55 e4 <2b> 50 10 31 db 8b 7d b0 8d 14 92 8d 04 d0 89 07 e9 ed 01 00
00 8d
[   75.900969] EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 0000000c
[   75.900969] ESI: f3868c78 EDI: f2c57180 EBP: f2e61e90 ESP: f2e61e38
[   75.900969] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010246
[   75.900969] CR0: 80050033 CR2: 00000010 CR3: 33994000 CR4: 003506d0


x86_64 full test log,
https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20200914/testrun/3195428/suite/linux-log-parser/test/check-kernel-oops-1764160/log

i386 full test log,
https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20200914/testrun/3195415/suite/linux-log-parser/test/check-kernel-oops-1764183/log

-- 
Linaro LKFT
https://lkft.linaro.org

Re: BUG: kernel NULL pointer dereference, address: RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750

[Matthew Wilcox]

On Mon, Sep 14, 2020 at 03:49:43PM +0530, Naresh Kamboju wrote:
> While running LTP fs on qemu x86 and qemu_i386 these kernel BUGs noticed.

I actually sent the fix for this a couple of days ago [1], but I think Andrew
overlooked it while constructing the -mm tree.  Here's a fix you can
apply to the -mm tree:

[1] https://lore.kernel.org/linux-mm/20200912032042.GA6583@casper.infradead.org/

diff --git a/mm/shmem.c b/mm/shmem.c
index d2a46ef7df43..58bc9e326d0d 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1793,7 +1793,7 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
 	struct mm_struct *charge_mm;
 	struct page *page;
 	enum sgp_type sgp_huge = sgp;
-	pgoff_t hindex;
+	pgoff_t hindex = index;
 	int error;
 	int once = 0;
 	int alloced = 0;
@@ -1822,6 +1822,8 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
 		return error;
 	}
 
+	if (page)
+		hindex = page->index;
 	if (page && sgp == SGP_WRITE)
 		mark_page_accessed(page);
 
@@ -1832,6 +1834,7 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
 		unlock_page(page);
 		put_page(page);
 		page = NULL;
+		hindex = index;
 	}
 	if (page || sgp == SGP_READ)
 		goto out;
@@ -1982,7 +1985,7 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
 		goto unlock;
 	}
 out:
-	*pagep = page + index - page->index;
+	*pagep = page + index - hindex;
 	return 0;
 
 	/*

Re: BUG: kernel NULL pointer dereference, address: RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 1712 bytes --]

Hi all,

On Mon, 14 Sep 2020 12:55:59 +0100 Matthew Wilcox <willy@infradead.org> wrote:
>
> On Mon, Sep 14, 2020 at 03:49:43PM +0530, Naresh Kamboju wrote:
> > While running LTP fs on qemu x86 and qemu_i386 these kernel BUGs noticed.  
> 
> I actually sent the fix for this a couple of days ago [1], but I think Andrew
> overlooked it while constructing the -mm tree.  Here's a fix you can
> apply to the -mm tree:
> 
> [1] https://lore.kernel.org/linux-mm/20200912032042.GA6583@casper.infradead.org/
> 
> diff --git a/mm/shmem.c b/mm/shmem.c
> index d2a46ef7df43..58bc9e326d0d 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -1793,7 +1793,7 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
>  	struct mm_struct *charge_mm;
>  	struct page *page;
>  	enum sgp_type sgp_huge = sgp;
> -	pgoff_t hindex;
> +	pgoff_t hindex = index;
>  	int error;
>  	int once = 0;
>  	int alloced = 0;
> @@ -1822,6 +1822,8 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
>  		return error;
>  	}
>  
> +	if (page)
> +		hindex = page->index;
>  	if (page && sgp == SGP_WRITE)
>  		mark_page_accessed(page);
>  
> @@ -1832,6 +1834,7 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
>  		unlock_page(page);
>  		put_page(page);
>  		page = NULL;
> +		hindex = index;
>  	}
>  	if (page || sgp == SGP_READ)
>  		goto out;
> @@ -1982,7 +1985,7 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
>  		goto unlock;
>  	}
>  out:
> -	*pagep = page + index - page->index;
> +	*pagep = page + index - hindex;
>  	return 0;
>  
>  	/*

I have applied that to linux-next today.

-- 
Cheers,
Stephen Rothwell

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: BUG: kernel NULL pointer dereference, address: RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750

[Matthew Wilcox]

On Tue, Sep 15, 2020 at 04:52:43PM +1000, Stephen Rothwell wrote:
> I have applied that to linux-next today.

Thanks!  Can you also pick up these two:

https://lore.kernel.org/linux-mm/20200914112738.GM6583@casper.infradead.org/
https://lore.kernel.org/linux-mm/20200914165032.GS6583@casper.infradead.org/

Re: BUG: kernel NULL pointer dereference, address: RIP: 0010:shmem_getpage_gfp.isra.0+0x470/0x750

[Stephen Rothwell]

[-- Attachment #1: Type: text/plain, Size: 505 bytes --]

Hi all,

On Tue, 15 Sep 2020 14:10:48 +0100 Matthew Wilcox <willy@infradead.org> wrote:
>
> On Tue, Sep 15, 2020 at 04:52:43PM +1000, Stephen Rothwell wrote:
> > I have applied that to linux-next today.  
> 
> Thanks!  Can you also pick up these two:
> 
> https://lore.kernel.org/linux-mm/20200914112738.GM6583@casper.infradead.org/
> https://lore.kernel.org/linux-mm/20200914165032.GS6583@casper.infradead.org/

I have added both those to linux-next today.

-- 
Cheers,
Stephen Rothwell

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]