kernel BUG at [tty_ldisc_reinit] mm/slub.c!

Bug #1709126 reported by Kamal Mostafa on 2017-08-07
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
Kamal Mostafa
Xenial
High
Kamal Mostafa
linux-lts-xenial (Ubuntu)
High
Kamal Mostafa
Trusty
High
Kamal Mostafa

Bug Description

Reported in LP:#1707089:
Reported against v4.4 LTS kernel on 14.04; probably applicable to main v4.4 kernel on 16.04 also.

----------

The ubuntu 14.04 kernel panics on boot about 1% of the time.

[ 0.000000] Linux version 4.4.0-83-generic (buildd@lgw01-10) (gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3) ) #106~14.04.1-Ubuntu SMP Mon Jun 26 18:10:19 UTC 2017 (Ubuntu 4.4.0-83.106~14.04.1-generic 4.4.70)
[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-4.4.0-83-generic root=UUID=1edb4b60-6835-4d9c-8aeb-be3418d70937 ro scsi_mod.use_blk_mq=Y console=ttyS0
.....
[ 8.510775] ------------[ cut here ]------------
[ 8.512172] kernel BUG at /build/linux-lts-xenial-ep3zLI/linux-lts-xenial-4.4.0/mm/slub.c:3627!
[ 8.514572] invalid opcode: 0000 [#1] SMP
[ 8.515937] Modules linked in: crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd psmouse virtio_scsi
[ 8.521408] CPU: 3 PID: 1 Comm: init Not tainted 4.4.0-83-generic #106~14.04.1-Ubuntu
[ 8.523723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 8.526418] task: ffff8803ee608000 ti: ffff8803ee604000 task.ti: ffff8803ee604000
[ 8.528521] RIP: 0010:[<ffffffff811e065a>] [<ffffffff811e065a>] kfree+0x14a/0x150
[ 8.530794] RSP: 0018:ffff8803ee607cf8 EFLAGS: 00010246
[ 8.532516] RAX: ffffea000bb817e0 RBX: ffff8802ee05fbe0 RCX: 000000018040001f
[ 8.534833] RDX: 000077ff80000000 RSI: 0000000000000282 RDI: ffff8802ee05fbe0
[ 8.536833] RBP: ffff8803ee607d10 R08: ffff8800bb80ae80 R09: 000000018040001f
[ 8.538830] R10: 00000000bb80ac01 R11: ffffea000bb817c0 R12: ffff8802ee05fbe0
[ 8.540956] R13: ffffffff814dd53d R14: ffff8803ee747990 R15: 0000000000000000
[ 8.543009] FS: 00007f7d1c626840(0000) GS:ffff8803ffd80000(0000) knlGS:0000000000000000
[ 8.545542] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8.547433] CR2: 00007f9201dd07d0 CR3: 00000003e8455000 CR4: 00000000001406e0
[ 8.549688] Stack:
[ 8.550384] ffff880036697400 ffff8802ee05fbe0 0000000000000000 ffff8803ee607d40
[ 8.552627] ffffffff814dd53d ffff880036697400 ffff8802ee05fbe0 0000000000000002
[ 8.554791] 0000000000000000 ffff8803ee607d68 ffffffff814ddb24 0000000000000000
[ 8.556542] Call Trace:
[ 8.557249] [<ffffffff814dd53d>] tty_ldisc_reinit+0x6d/0xe0
[ 8.558855] [<ffffffff814ddb24>] tty_ldisc_hangup+0xd4/0x1f0
[ 8.560500] [<ffffffff814d5452>] __tty_hangup+0x302/0x420
[ 8.562263] [<ffffffff814d5580>] tty_vhangup+0x10/0x20
[ 8.563748] [<ffffffff814e0288>] pty_close+0x148/0x190
[ 8.565396] [<ffffffff814d5b35>] tty_release+0x105/0x570
[ 8.566995] [<ffffffff81202f84>] __fput+0xe4/0x210
[ 8.568528] [<ffffffff814dd1a6>] ? tty_ldisc_deref+0x16/0x20
[ 8.570225] [<ffffffff812030ee>] ____fput+0xe/0x10
[ 8.571779] [<ffffffff8109b3c6>] task_work_run+0x86/0xb0
[ 8.573355] [<ffffffff810798d6>] exit_to_usermode_loop+0x73/0xa2
[ 8.575236] [<ffffffff81003a6e>] syscall_return_slowpath+0x4e/0x60
[ 8.576499] [<ffffffff8180c9d8>] int_ret_from_sys_call+0x25/0x8f
[ 8.578334] Code: 8b 03 31 f6 f6 c4 40 74 04 41 8b 73 6c 4c 89 df e8 cc cc fa ff e9 73 ff ff ff 4c 8d 58 ff e9 20 ff ff ff 49 8b 43 20 a8 01 75 d4 <0f> 0b 0f 1f 40 00 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55
[ 8.586832] RIP [<ffffffff811e065a>] kfree+0x14a/0x150
[ 8.588673] RSP <ffff8803ee607cf8>
[ 8.589869] ---[ end trace 87fcf5b5cdf6b7f0 ]---
[ 8.591565] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 8.591565]
[ 8.594520] Kernel Offset: disabled
[ 8.595719] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 8.595719]

no longer affects: linux-lts-xenial (Ubuntu Xenial)
no longer affects: linux (Ubuntu Trusty)
Changed in linux (Ubuntu Xenial):
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux-lts-xenial (Ubuntu Trusty):
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux-lts-xenial (Ubuntu):
importance: Undecided → High
assignee: nobody → Kamal Mostafa (kamalmostafa)
Changed in linux-lts-xenial (Ubuntu Trusty):
importance: Undecided → High
Changed in linux (Ubuntu Xenial):
importance: Undecided → High
Changed in linux-lts-xenial (Ubuntu):
status: New → In Progress
Changed in linux (Ubuntu Xenial):
status: New → In Progress
Changed in linux-lts-xenial (Ubuntu Trusty):
status: New → In Progress
Kamal Mostafa (kamalmostafa) wrote :

Mainline commit 892d1fa "tty: Destroy ldisc instance on hangup" (circa v4.6) appears to fix this issue, per positive test feedback in LP: #1707089. Additional prerequisite patches are required:

892d1fa tty: Destroy ldisc instance on hangup
7896f30 tty: Refactor tty_ldisc_reinit() for reuse
c12da96 tty: Use 'disc' for line discipline index name
6ffeb4b tty: Move tty_ldisc_kill()
a570a49 tty: Handle NULL tty->ldisc
ece5340 tty: Reset c_line from driver's init_termios
63d8cb3 tty: Simplify tty_set_ldisc() exit handling

Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Changed in linux-lts-xenial (Ubuntu Trusty):
status: In Progress → Fix Committed

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
Kamal Mostafa (kamalmostafa) wrote :

Waiving the verification-needed-xenial, since this was originally reported against linux-lts-xenial (no known xenial test installation exists). Will ask the original reporter to re-verify the fix in linux-lts-xenial.

tags: added: verification-done-xenial
removed: verification-needed-xenial
Launchpad Janitor (janitor) wrote :
Download full text (16.2 KiB)

This bug was fixed in the package linux - 4.4.0-93.116

---------------
linux (4.4.0-93.116) xenial; urgency=low

  * linux: 4.4.0-93.116 -proposed tracker (LP: #1709296)

  * Creating conntrack entry failure with kernel 4.4.0-89 (LP: #1709032)
    - Revert "Revert "netfilter: synproxy: fix conntrackd interaction""
    - netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister

  * CVE-2017-1000112
    - Revert "udp: consistently apply ufo or fragmentation"
    - udp: consistently apply ufo or fragmentation

  * CVE-2017-1000111
    - Revert "net-packet: fix race in packet_set_ring on PACKET_RESERVE"
    - packet: fix tp_reserve race in packet_set_ring

  * kernel BUG at [tty_ldisc_reinit] mm/slub.c! (LP: #1709126)
    - tty: Simplify tty_set_ldisc() exit handling
    - tty: Reset c_line from driver's init_termios
    - tty: Handle NULL tty->ldisc
    - tty: Move tty_ldisc_kill()
    - tty: Use 'disc' for line discipline index name
    - tty: Refactor tty_ldisc_reinit() for reuse
    - tty: Destroy ldisc instance on hangup

  * atheros bt failed after S3 (LP: #1706833)
    - SAUCE: Bluetooth: Make request workqueue freezable

  * The Precision Touchpad(PTP) button sends incorrect event code (LP: #1708372)
    - HID: multitouch: handle external buttons for Precision Touchpads

  * Set CONFIG_SATA_HIGHBANK=y on armhf (LP: #1703430)
    - [Config] CONFIG_SATA_HIGHBANK=y

  * xfs slab objects (memory) leak when xfs shutdown is called (LP: #1706132)
    - xfs: fix xfs_log_ticket leak in xfs_end_io() after fs shutdown

  * Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
    - [Packaging] tests -- reduce rebuild test to one flavour

  * CVE-2017-7495
    - ext4: fix data exposure after a crash

  * ubuntu/rsi driver downlink wifi throughput drops to 5-6 Mbps when BT
    keyboard is connected (LP: #1706991)
    - SAUCE: Redpine: enable power save by default for coex mode
    - SAUCE: Redpine: uapsd configuration changes

  * [Hyper-V] hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
    (LP: #1690174)
    - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing

  * ath10k doesn't report full RSSI information (LP: #1706531)
    - ath10k: add per chain RSSI reporting

  * ideapad_laptop don't support v310-14isk (LP: #1705378)
    - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill

  * [8087:0a2b] Failed to load bluetooth firmware(might affect some other Intel
    bt devices) (LP: #1705633)
    - Bluetooth: btintel: Create common Intel Version Read function
    - Bluetooth: Use switch statement for Intel hardware variants
    - Bluetooth: Replace constant hw_variant from Intel Bluetooth firmware
      filename
    - Bluetooth: hci_intel: Fix firmware file name to use hw_variant
    - Bluetooth: btintel: Add MODULE_FIRMWARE entries for iBT 3.5 controllers

  * xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2
    comp_code 13 (LP: #1667750)
    - xhci: Bad Ethernet performance plugged in ASM1042A host

  * OpenPower: Some multipaths temporarily have only a single path
    (LP: #1696445)
    - scsi: ses: don't get power status of SES device slot on probe

  ...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (16.3 KiB)

This bug was fixed in the package linux-lts-xenial - 4.4.0-93.116~14.04.1

---------------
linux-lts-xenial (4.4.0-93.116~14.04.1) trusty; urgency=low

  * linux-lts-xenial: 4.4.0-93.116~14.04.1 -proposed tracker (LP: #1709297)

  * linux: 4.4.0-93.116 -proposed tracker (LP: #1709296)

  * Creating conntrack entry failure with kernel 4.4.0-89 (LP: #1709032)
    - Revert "Revert "netfilter: synproxy: fix conntrackd interaction""
    - netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister

  * CVE-2017-1000112
    - Revert "udp: consistently apply ufo or fragmentation"
    - udp: consistently apply ufo or fragmentation

  * CVE-2017-1000111
    - Revert "net-packet: fix race in packet_set_ring on PACKET_RESERVE"
    - packet: fix tp_reserve race in packet_set_ring

  * kernel BUG at [tty_ldisc_reinit] mm/slub.c! (LP: #1709126)
    - tty: Simplify tty_set_ldisc() exit handling
    - tty: Reset c_line from driver's init_termios
    - tty: Handle NULL tty->ldisc
    - tty: Move tty_ldisc_kill()
    - tty: Use 'disc' for line discipline index name
    - tty: Refactor tty_ldisc_reinit() for reuse
    - tty: Destroy ldisc instance on hangup

  * atheros bt failed after S3 (LP: #1706833)
    - SAUCE: Bluetooth: Make request workqueue freezable

  * The Precision Touchpad(PTP) button sends incorrect event code (LP: #1708372)
    - HID: multitouch: handle external buttons for Precision Touchpads

  * Set CONFIG_SATA_HIGHBANK=y on armhf (LP: #1703430)
    - [Config] CONFIG_SATA_HIGHBANK=y

  * xfs slab objects (memory) leak when xfs shutdown is called (LP: #1706132)
    - xfs: fix xfs_log_ticket leak in xfs_end_io() after fs shutdown

  * Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
    - [Packaging] tests -- reduce rebuild test to one flavour

  * CVE-2017-7495
    - ext4: fix data exposure after a crash

  * ubuntu/rsi driver downlink wifi throughput drops to 5-6 Mbps when BT
    keyboard is connected (LP: #1706991)
    - SAUCE: Redpine: enable power save by default for coex mode
    - SAUCE: Redpine: uapsd configuration changes

  * [Hyper-V] hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
    (LP: #1690174)
    - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing

  * ath10k doesn't report full RSSI information (LP: #1706531)
    - ath10k: add per chain RSSI reporting

  * ideapad_laptop don't support v310-14isk (LP: #1705378)
    - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill

  * [8087:0a2b] Failed to load bluetooth firmware(might affect some other Intel
    bt devices) (LP: #1705633)
    - Bluetooth: btintel: Create common Intel Version Read function
    - Bluetooth: Use switch statement for Intel hardware variants
    - Bluetooth: Replace constant hw_variant from Intel Bluetooth firmware
      filename
    - Bluetooth: hci_intel: Fix firmware file name to use hw_variant
    - Bluetooth: btintel: Add MODULE_FIRMWARE entries for iBT 3.5 controllers

  * xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2
    comp_code 13 (LP: #1667750)
    - xhci: Bad Ethernet performance plugged in ASM1042A host

  * OpenPower: Some multipaths temporarily...

Changed in linux-lts-xenial (Ubuntu Trusty):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released

I just upgraded to kernel 4.4 108, and got a similar kernel panic. Is there a regression to this fix?

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers