![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.suse.com/show_bug.cgi?id=1099012 Bug ID: 1099012 Summary: BUG: unable to handle kernel paging request at 000000100000004c in put_css_set_locked Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: kernel-maintainers@forge.provo.novell.com Reporter: jslaby@suse.com QA Contact: qa-bugs@suse.de CC: mhocko@suse.com Found By: --- Blocker: --- While doing poweroff of a virtual machine with tumbleweed, a crash occurred:
[ OK ] Stopped Session c1 of user root. BUG: unable to handle kernel paging request at 000000100000004c PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI Modules linked in: af_packet iscsi_ibft iscsi_boot_sysfs nls_iso8859_1 nls_cp437 vfat fat snd_hda_codec_generic virtio_gpu ttm snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm drm_kms_helper drm ppdev snd_timer snd fb_sys_fops syscopyarea sysfillrect sysimgblt soundcore joydev pcspkr virtio_input virtio_balloon virtio_net parport_pc i2c_piix4 parport qemu_fw_cfg button ata_generic uhci_hcd ehci_pci ehci_hcd ata_piix usbcore virtio_scsi serio_raw floppy sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua virtio_rng CPU: 1 PID: 18 Comm: ksoftirqd/1 Not tainted 4.17.2-5.g33a2d86-default #1 openSUSE Tumbleweed (unreleased) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014 RIP: 0010:put_css_set_locked+0x7f/0x270 RSP: 0000:ffffae67806dfda8 EFLAGS: 00010006 RAX: 0000000fffffffe0 RBX: ffffa03a76ba9cc8 RCX: 0000000000000040 RDX: ffffa03b015610c8 RSI: 0000000000000000 RDI: ffffa03a76ba9c00 RBP: ffffa03a76ba9c08 R08: ffffa03b001b47e0 R09: 0000000000000100 R10: ffffa03b001b4540 R11: ffffa03b001b42a0 R12: ffffa03a76ba9c00 R13: ffffa03a76ba9d88 R14: dead000000000200 R15: dead000000000100 FS: 0000000000000000(0000) GS:ffffa03b06880000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000100000004c CR3: 000000004f554000 CR4: 00000000000006e0
The rest of the output was overwritten unfortunately. But the assembly is: ffffffff8112d366: 48 8b 43 08 mov 0x8(%rbx),%rax ffffffff8112d36a: 48 8b 13 mov (%rbx),%rdx ffffffff8112d36d: 48 89 42 08 mov %rax,0x8(%rdx) ffffffff8112d371: 48 89 10 mov %rdx,(%rax) ffffffff8112d374: 4c 89 3b mov %r15,(%rbx) ffffffff8112d377: 4c 89 73 08 mov %r14,0x8(%rbx) ffffffff8112d37b: 48 8b 45 00 mov 0x0(%rbp),%rax ffffffff8112d37f: f6 40 6c 01 testb $0x1,0x6c(%rax) The crash is on the last line. That is if (!(css->flags & CSS_NO_REF)) from css_put. I.e. css is garbage (0x0000000fffffffe0). This is called from put_css_set_locked as: for_each_subsys(ss, ssid) { list_del(&cset->e_cset_node[ssid]); css_put(cset->subsys[ssid]); } According to rdi (holds cset->subsys) and rbp (iterator which is cset->subsys + ssid), ssid is 1. If I understand correctly, 1 stands for cpu_cgrp_id, so cset->subsys[cpu_cgrp_id] is the garbage. -- You are receiving this mail because: You are on the CC list for the bug.