virtwl: NULL pointer dereference in virtwl_ioctl_recv() |
|
Issue descriptionChrome OS version: R69-10895.33.0 I don't know how this was triggered exactly, but yesterday I tried running some X apps and they worked okay. Today I tried starting one and it doesn't start. Running it from Terminal ended up with QXcbConnection: Could not connect to display :0 Aborted Kernel logs seemed to contain the following crash: [ 222.920421] BUG: unable to handle kernel NULL pointer dereference at 0000000000000084 [ 222.921860] IP: virtwl_ioctl_recv+0x134/0x1e0 [ 222.922643] PGD 0 P4D 0 [ 222.923123] Oops: 0000 [#1] PREEMPT SMP PTI [ 222.924534] CPU: 2 PID: 514 Comm: ld-linux-x86-64 Not tainted 4.14.56-05965-ge7d0ede66eb4 #1 [ 222.926101] task: ffff8802d257cb00 task.stack: ffffc900003e0000 [ 222.932054] RIP: 0010:virtwl_ioctl_recv+0x134/0x1e0 [ 222.933333] RSP: 0018:ffffc900003e3c48 EFLAGS: 00010297 [ 222.934685] RAX: 0000000000000000 RBX: 00007ffe64cf5330 RCX: 0000000000000000 [ 222.936520] RDX: 0000000000000000 RSI: ffffffff81c67280 RDI: ffffffff81da8726 [ 222.938387] RBP: 0000000000000002 R08: ffffc900003e3c50 R09: 0000782a93035110 [ 222.941261] R10: ffffc900003e3ed8 R11: 0000000000000000 R12: 0000000000000000 [ 222.944690] R13: 0000000000000007 R14: 00007ffe64cf5330 R15: 0000000000000000 [ 222.947851] FS: 0000782a92a68880(0000) GS:ffff8802ea100000(0000) knlGS:0000000000000000 [ 222.951090] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 222.953824] CR2: 0000000000000084 CR3: 00000002d27b8001 CR4: 00000000003606a0 [ 222.959802] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 222.961644] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 222.963464] Call Trace: [ 222.964132] virtwl_ioctl_ptr+0x3e/0x1d5 [ 222.965153] ? ep_send_events+0x20/0x25 [ 222.966130] vfs_ioctl+0x18/0x25 [ 222.969226] do_vfs_ioctl+0x4ad/0x4bc [ 222.970252] SyS_ioctl+0x4d/0x6f [ 222.971180] do_syscall_64+0x6a/0x7a [ 222.972207] entry_SYSCALL_64_after_hwframe+0x3d/0xa2 [ 222.973595] RIP: 0033:0x782a92432967 [ 222.974562] RSP: 002b:00007ffe64cf5258 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 222.976583] RAX: ffffffffffffffda RBX: 00007ffe64cf6380 RCX: 0000782a92432967 [ 222.978422] RDX: 00007ffe64cf5330 RSI: 0000000040747702 RDI: 0000000000000007 [ 222.980264] RBP: 00007ffe64cf6360 R08: 0000000000000000 R09: 0000782a93035110 [ 222.982897] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000000000000 [ 222.984789] R13: 00007ffe64cf6c20 R14: 00007ffe64cf7228 R15: 0000000000000001 [ 222.986682] Code: 00 e9 b9 00 00 00 45 31 e4 bd 02 00 00 00 4c 3b 64 24 08 73 63 4a 8b 94 e4 f8 00 00 00 48 c7 c6 80 72 c6 81 48 c7 c7 26 87 da 81 <8b> 8a 84 00 00 00 89 c8 83 e1 01 83 e0 03 83 f8 03 0f 44 cd 89 [ 222.991553] RIP: virtwl_ioctl_recv+0x134/0x1e0 RSP: ffffc900003e3c48 [ 222.993202] CR2: 0000000000000084 [ 222.993887] ---[ end trace 1f072f5d33270a90 ]--- and some other [ 222.994751] BUG: sleeping function called from invalid context at ../../../../../tmp/portage/sys-kernel/chromeos-kernel-4_14-4.14.56-r393/work/chromeos-kernel-4_14-4.14.56/include/linux/percpu-rwsem.h:34 [ 222.998071] in_atomic(): 0, irqs_disabled(): 1, pid: 514, name: ld-linux-x86-64 [ 222.999424] CPU: 2 PID: 514 Comm: ld-linux-x86-64 Tainted: G D 4.14.56-05965-ge7d0ede66eb4 #1 [ 223.001170] Call Trace: [ 223.001647] dump_stack+0x5a/0x6f [ 223.002265] ___might_sleep+0x129/0x13a [ 223.002968] exit_signals+0x19/0x120 [ 223.003618] do_exit+0x133/0x9c1 [ 223.004205] ? SyS_ioctl+0x4d/0x6f [ 223.004822] rewind_stack_do_exit+0x17/0x20 [42726.356135] clocksource: timekeeping watchdog on CPU3: Marking clocksource 'tsc' as unstable because the skew is too large: [42726.376879] clocksource: 'kvm-clock' wd_now: 2874acf11275 wd_last: 202a8aa7841 mask: ffffffffffffffff [42726.389674] clocksource: 'tsc' cs_now: ab36eb5480 cs_last: aafc8654a8 mask: ffffffffffffffff [42726.401177] tsc: Marking TSC unstable due to clocksource watchdog Current time seems to be 51604.9599127 (from /proc/timer_list), so possibly happened when I closed the last app yesterday? Note that I also had some random Chrome crashes when switching between two user profiles I have signed in. There should be a feedback from my personal email address somewhere. I can file one from corp too, if needed.
,
Aug 27
FYI, I think 840156 may be a dupe of this bug
,
Sep 4
,
Sep 4
Issue 840156 has been merged into this issue.
,
Sep 4
This is a long-standing issue and happens whenever chrome crashes since the wayland server goes down with it. I don't know how wayland clients are normally supposed to handle the wayland server going away but that's what we need to do here.
,
Sep 4
We should consider how we want to handle Chrome crashes. In addition to Wayland breaking, Crostini also becomes out-of-sync with the UI: Issue 879903 Would it be simpler to just shut down VMs when Chrome crashes? At least that would be consistent / recoverable versus the current weird state we end up in.
,
Sep 4
i think we can do better, but shutting down VMs gracefully is probably an OK place to start
,
Sep 10
now that we've got hte vm restart landed, should this be moved to 71 for the fix that allows the VM to keep running? |
|
►
Sign in to add a comment |
|
Comment 1 by tbuck...@chromium.org
, Aug 27Owner: za...@chromium.org
Status: Assigned (was: Untriaged)