BUG: unable to handle kernel paging request at ffffdf3cd60001a0

Bug #1734686 reported by Ben Noordhuis
This bug report is a duplicate of:  Bug #1734327: Kernel panic on a nfsroot system. Edit Remove
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
Unassigned

Bug Description

I can consistently reproduce this with the Ubuntu 17.10 kernel. It never happens with a mainline 4.13.11 kernel built from source.

To reproduce:

1. clone https://github.com/nodejs/node (currently at commit 4ca4db0d4c)
2. ./configure && make -j8
3. ./out/Release/cctest

cctest is sometimes killed, sometimes locks up the computer. When the computer is still usable, the following message is logged:

[36488.886799] BUG: unable to handle kernel paging request at ffffdf3cd60001a0
[36488.886824] IP: kfree+0x53/0x190
[36488.886831] PGD 0
[36488.886831] P4D 0

[36488.886844] Oops: 0000 [#2] PREEMPT SMP
[36488.886851] Modules linked in: xt_tcpudp iptable_filter cfg80211 binfmt_misc snd_hda_codec_hdmi intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel aes_x86_64 crypto_simd glue_helper cryptd snd_hda_codec_realtek snd_hda_codec_generic intel_cstate r8712u(C) intel_rapl_perf snd_seq_midi snd_seq_midi_event input_leds snd_hda_intel snd_rawmidi snd_hda_codec snd_hda_core snd_seq snd_hwdep snd_pcm snd_seq_device snd_timer snd ie31200_edac soundcore mei_me shpchp mei lpc_ich mac_hid cuse parport_pc ppdev lp parport ip_tables x_tables autofs4 nouveau mxm_wmi wmi i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect hid_generic sysimgblt uas ahci fb_sys_fops usbhid usb_storage r8169 drm libahci hid mii video
[36488.886940] CPU: 6 PID: 21882 Comm: cctest Tainted: G D C 4.13.0-17-lowlatency #20-Ubuntu
[36488.886947] Hardware name: MEDION H77H2-EM/H77H2-EM, BIOS EM0411-M8 04/11/2012
[36488.886951] task: ffff8ebd7c18a640 task.stack: ffffa003ce10c000
[36488.886957] RIP: 0010:kfree+0x53/0x190
[36488.886961] RSP: 0018:ffffa003ce10fd30 EFLAGS: 00010282
[36488.886965] RAX: 0000000000000000 RBX: 0000000000006fa8 RCX: 0000000000000002
[36488.886970] RDX: 0000314521002bc0 RSI: 0000000000010080 RDI: 0000714500000000
[36488.888247] RBP: ffffa003ce10fd48 R08: 000000000001f640 R09: ffffffffa27c7979
[36488.890131] R10: ffffdf3cd6000180 R11: 0000000001000000 R12: ffff8ebe84406900
[36488.892024] R13: ffffffffa23aa5ee R14: 0000000000000000 R15: ffff8ebe8c611820
[36488.901718] FS: 00007f7666764b80(0000) GS:ffff8ebe9ed80000(0000) knlGS:0000000000000000
[36488.906872] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[36488.908816] CR2: ffffdf3cd60001a0 CR3: 00000002fc3c5000 CR4: 00000000001406e0
[36488.910711] Call Trace:
[36488.912512] security_sk_free+0x3e/0x50
[36488.914232] __sk_destruct+0x108/0x190
[36488.915872] sk_destruct+0x20/0x30
[36488.917483] __sk_free+0x82/0xa0
[36488.919064] sk_free+0x19/0x20
[36488.920626] tcp_close+0x230/0x3f0
[36488.922183] inet_release+0x3c/0x60
[36488.923714] inet6_release+0x30/0x40
[36488.925242] sock_release+0x1f/0x80
[36488.926785] sock_close+0x12/0x20
[36488.932837] __fput+0xe1/0x220
[36488.937778] ____fput+0xe/0x10
[36488.942441] task_work_run+0x76/0x90
[36488.943956] exit_to_usermode_loop+0xc4/0xd0
[36488.945467] syscall_return_slowpath+0x59/0x60
[36488.946973] entry_SYSCALL_64_fastpath+0xa7/0xa9
[36488.948468] RIP: 0033:0x7f7666376df0
[36488.949967] RSP: 002b:00007ffe98391250 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[36488.951522] RAX: 0000000000000000 RBX: 000000000000000c RCX: 00007f7666376df0
[36488.953073] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000000c
[36488.954639] RBP: 000000000000000c R08: 000055a301618920 R09: 000000000000000a
[36488.956208] R10: 00007ffe9839126c R11: 0000000000000293 R12: 0000000000000011
[36488.957774] R13: 0000000000000020 R14: 0000000000000001 R15: 00007ffe983916ec
[36488.959354] Code: 00 80 49 01 da 0f 82 47 01 00 00 48 c7 c7 00 00 00 80 48 2b 3d ef 98 c1 00 49 01 fa 49 c1 ea 0c 49 c1 e2 06 4c 03 15 cd 98 c1 00 <49> 8b 42 20 48 8d 50 ff a8 01 4c 0f 45 d2 49 8b 52 20 48 8d 42
[36488.961040] RIP: kfree+0x53/0x190 RSP: ffffa003ce10fd30
[36488.962714] CR2: ffffdf3cd60001a0
[36488.964377] ---[ end trace 46732cc399d66b31 ]---

ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: linux-image-4.13.0-17-lowlatency 4.13.0-17.20
ProcVersionSignature: Ubuntu 4.13.0-17.20-lowlatency 4.13.8
Uname: Linux 4.13.0-17-lowlatency x86_64
ApportVersion: 2.20.7-0ubuntu3.5
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC1: bnoordhuis 1664 F.... pulseaudio
 /dev/snd/controlC0: bnoordhuis 1664 F.... pulseaudio
CurrentDesktop: GNOME
Date: Mon Nov 27 13:47:25 2017
HibernationDevice: RESUME=UUID=9259e504-5786-4612-b8b4-315af58f8159
InstallationDate: Installed on 2012-07-20 (1955 days ago)
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
MachineType: MEDION H77H2-EM
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcFB: 0 nouveaufb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.13.0-17-lowlatency root=UUID=efb64bec-88db-415d-9b14-d89308a1d55f ro apparmor=0
RelatedPackageVersions:
 linux-restricted-modules-4.13.0-17-lowlatency N/A
 linux-backports-modules-4.13.0-17-lowlatency N/A
 linux-firmware 1.169
RfKill:

SourcePackage: linux
StagingDrivers: r8712u
UpgradeStatus: Upgraded to artful on 2017-10-31 (26 days ago)
dmi.bios.date: 04/11/2012
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: EM0411-M8
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: H77H2-EM
dmi.board.vendor: MEDION
dmi.board.version: V1.0
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 3
dmi.chassis.vendor: MEDION
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrEM0411-M8:bd04/11/2012:svnMEDION:pnH77H2-EM:pvrV1.0:rvnMEDION:rnH77H2-EM:rvrV1.0:cvnMEDION:ct3:cvrToBeFilledByO.E.M.:
dmi.product.family: To be filled by O.E.M.
dmi.product.name: H77H2-EM
dmi.product.version: V1.0
dmi.sys.vendor: MEDION

Revision history for this message
Ben Noordhuis (cdzl) wrote :
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
Ben Noordhuis (cdzl) wrote :
Download full text (3.5 KiB)

If it helps, I got a similar but not identical error today. It's the `BUG_ON(!PageCompound(page))` in the `!PageSlab(page)` branch inside kfree().

[18592.784836] ------------[ cut here ]------------
[18592.784837] kernel BUG at /build/linux-KM2a5S/linux-4.13.0/mm/slub.c:3878!
[18592.784841] invalid opcode: 0000 [#1] PREEMPT SMP
[18592.784849] Modules linked in: xt_tcpudp iptable_filter cfg80211 binfmt_misc snd_hda_codec_hdmi intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm snd_hda_codec_realtek irqbypass snd_hda_codec_generic r8712u(C) crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hda_intel pcbc snd_hda_codec input_leds aesni_intel aes_x86_64 crypto_simd glue_helper cryptd snd_hda_core snd_hwdep intel_cstate intel_rapl_perf snd_seq_midi snd_pcm snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device snd_timer snd mei_me soundcore mei lpc_ich shpchp ie31200_edac mac_hid cuse parport_pc ppdev lp parport ip_tables x_tables autofs4 nouveau mxm_wmi wmi i2c_algo_bit ttm drm_kms_helper syscopyarea sysfillrect hid_generic sysimgblt fb_sys_fops uas ahci usbhid usb_storage drm r8169 libahci hid mii video
[18592.784900] CPU: 7 PID: 15983 Comm: cctest Tainted: G C 4.13.0-17-lowlatency #20-Ubuntu
[18592.784904] Hardware name: MEDION H77H2-EM/H77H2-EM, BIOS EM0411-M8 04/11/2012
[18592.784907] task: ffff8b9f42ad4c80 task.stack: ffffa900cd9bc000
[18592.784913] RIP: 0010:kfree+0x144/0x190
[18592.784916] RSP: 0018:ffffa900cd9bfd50 EFLAGS: 00010246
[18592.784919] RAX: ffffdb6b8e5c7fa0 RBX: ffffffffffffffff RCX: 0000000000000002
[18592.784922] RDX: 0000000000000000 RSI: 0000000000010080 RDI: 0000000317200000
[18592.784925] RBP: ffffa900cd9bfd68 R08: 000000000001f640 R09: ffffffff83fc7979
[18592.784929] R10: ffffdb6b8e5c7fc0 R11: 0000000000000000 R12: ffff8b9dd7fa5000
[18592.784934] R13: ffffffff83baa5ee R14: 0000000000000000 R15: ffff8b9f4c6110a0
[18592.784937] FS: 00007f70c231eb80(0000) GS:ffff8b9f5edc0000(0000) knlGS:0000000000000000
[18592.784941] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[18592.784944] CR2: 00007ffd2000fee8 CR3: 000000040bf6b000 CR4: 00000000001406e0
[18592.784947] Call Trace:
[18592.784953] security_sk_free+0x3e/0x50
[18592.784958] __sk_destruct+0x108/0x190
[18592.784961] sk_destruct+0x20/0x30
[18592.784964] __sk_free+0x82/0xa0
[18592.784967] sk_free+0x19/0x20
[18592.784971] tcp_close+0x230/0x3f0
[18592.784975] inet_release+0x3c/0x60
[18592.784978] sock_release+0x1f/0x80
[18592.784980] sock_close+0x12/0x20
[18592.784984] __fput+0xe1/0x220
[18592.784987] ____fput+0xe/0x10
[18592.784991] task_work_run+0x76/0x90
[18592.784995] exit_to_usermode_loop+0xc4/0xd0
[18592.784998] syscall_return_slowpath+0x59/0x60
[18592.785002] entry_SYSCALL_64_fastpath+0xa7/0xa9
[18592.785006] RIP: 0033:0x7f70c122cdf0
[18592.785008] RSP: 002b:00007ffd20010a10 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[18592.785012] RAX: 0000000000000000 RBX: 000000000000000c RCX: 00007f70c122cdf0
[18592.785015] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000000c
[18592.785018] RBP: 00007ffd20010a50 R08: 00005563aae89a50 R09: 00007ffd20010a50
[18592.785021] R10: 00007ffd20010a3c R11: 0000000000000293 ...

Read more...

Revision history for this message
Tetsuo Handa (9-launchpad-i-love-sakura-ne-jp) wrote :

Thank you for reporting this problem. Ubuntu 17.10 kernel has
"LSM: Stacking for major security modules" patches enabled and
this problem will be a bug in the patches. That's why mainline
4.13.11 kernel works fine.

I reported this problem at
http://kernsec.org/pipermail/linux-security-module-archive/2017-November/004532.html
and waiting for a fix. Meanwhile, you can use mainline kernels.

Changed in linux (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → High
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers