Kernel trace with xenial 4.4 (4.4.0-108.131, Candidate kernels for PTI fix)

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

apport information

Upstream 4.4.110 commit 20cbe9a3aa2e was back ported to Xenial as commit f8365429a3dc1. However, the backport failed to remove a kfree(), which the original patch did:

@@ -381,7 +415,6 @@ static void release_ds_buffer(int cpu)
                return;

        per_cpu(cpu_hw_events, cpu).ds = NULL;
- kfree(ds);
 }

I'm building a Xenial test kernel now with the kfree removed. I will post it shortly.

Trusty is affected.

Tested the kernel 4.4.0-108.131~14.04.1 with these platforms and their pre-installed images:
 - CID 201603-21231 (Dell Latitude E5414)
 - And many platforms

[Kernel Message]

Jan 8 23:00:15 201603-21231 kernel: [ 24.201794] ------------[ cut here ]------------
Jan 8 23:00:15 201603-21231 kernel: [ 24.201814] kernel BUG at /build/linux-lts-xenial-5Z_8Kc/linux-lts-xenial-4.4.0/mm/slub.c:3627!
Jan 8 23:00:15 201603-21231 kernel: [ 24.201840] invalid opcode: 0000 [#1] SMP
Jan 8 23:00:15 201603-21231 kernel: [ 24.201855] Modules linked in: nvram msr bnep rfcomm snd_soc_skl snd_hda_codec_hdmi snd_soc_skl_ipc intel_rapl snd_hda_ext_core snd_soc_sst_ipc dell_led x86_pkg_temp_thermal intel_powerclamp snd_soc_sst_dsp snd_soc_core coretemp snd_compress cdc_mbim cdc_wdm qcserial ac97_bus cdc_ncm usb_wwan snd_hda_codec_realtek snd_hda_codec_generic kvm_intel usbnet usbserial btusb snd_pcm_dmaengine mii dw_dmac_core btrtl kvm snd_hda_intel snd_hda_codec irqbypass snd_hda_core dell_laptop dcdbas snd_hwdep crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 snd_pcm lrw hci_uart gf128mul btbcm(OE) dell_smm_hwmon brcmfmac(OE) snd_seq_midi snd_seq_midi_event btqca btintel dell_wmi snd_rawmidi glue_helper bluetooth ablk_helper snd_seq cryptd brcmutil(OE) dm_multipath cfg80211(OE) acpi_als kfifo_buf i2c_hid snd_seq_device mei_me joydev input_leds snd_timer compat(OE) ppdev serio_raw parport_pc lp parport industrialio snd hid mei intel_vbtn dell_smo8800 shpchp 8250_fintek soc_button_array sparse_keymap acpi_pad tpm_crb pinctrl_sunrisepoint pinctrl_intel mac_hid intel_lpss_acpi intel_lpss soundcore dell_rbtn(OE) btrfs xor raid6_pq dm_mirror dm_region_hash dm_log uas usb_storage i915_bpo intel_ips i2c_algo_bit drm_kms_helper syscopyarea sysfillrect e1000e sysimgblt fb_sys_fops psmouse ptp drm pps_core ahci libahci wmi video fjes
Jan 8 23:00:15 201603-21231 kernel: [ 24.202296] CPU: 3 PID: 21 Comm: watchdog/3 Tainted: G OE 4.4.0-108-generic #131~14.04.1-Ubuntu
Jan 8 23:00:15 201603-21231 kernel: [ 24.202326] Hardware name: Dell Inc. Latitude 5414/0992HR, BIOS 1.0.0 05/04/2016
Jan 8 23:00:15 201603-21231 kernel: [ 24.202349] task: ffff8801485f6900 ti: ffff880148200000 task.ti: ffff880148200000
Jan 8 23:00:15 201603-21231 kernel: [ 24.202372] RIP: 0010:[<ffffffff811e217a>] [<ffffffff811e217a>] kfree+0x14a/0x150
Jan 8 23:00:15 201603-21231 kernel: [ 24.202398] RSP: 0018:ffff880148203d60 EFLAGS: 00010246
Jan 8 23:00:15 201603-21231 kernel: [ 24.202415] RAX: ffffea0005370120 RBX: ffff88014dc04840 RCX: ffffea0005204820
Jan 8 23:00:15 201603-21231 kernel: [ 24.202436] RDX: 000077ff80000000 RSI: ffffea0005204000 RDI: ffff88014dc04840
Jan 8 23:00:15 201603-21231 kernel: [ 24.202457] RBP: ffff880148203d78 R08: 0000160000000000 R09: ffffea0005204000
Jan 8 23:00:15 201603-21231 kernel: [ 24.202478] R10: 0000000000000001 R11: ffffea0005370100 R12: 0000000000000000
Jan 8 23:00:15 201603-21231 kernel: [ 24.202499] R13: ffffffff8100eb19 R14: 0000000000000003 R15: 0000000000000000
Jan 8 23:00:15 201603-21231 kernel: [ 24.202521] FS: 0000000000000000(0000) GS:ffff88014dd80000(0000) ...

A test kernel with the fix I suggested in comment #17 us available. The test kernel can be downloaded from:

http://kernel.ubuntu.com/~jsalisbury/lp1741934/

Can you test this kernel and see if it resolves this bug?

A quick test for comment #19 looks good. The test result for Dell Vostro 5468 (CID 201606-22340) looks good https://certification.canonical.com/hardware/201606-22340/submission/126230/

I can confirm that it boots now (hardware info in https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1741869 )

dmesg | grep isolation

returns no results, though.

➜ ~ dmesg | grep isolation
➜ ~ uname -a
Linux gdr-desktop 4.4.0-104-generic #127~lp1741934 SMP Mon Jan 8 18:37:25 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

The kernel in #19 does not have the PTI patches.

@Ian Gordon is correct. I have another test kernel building now.

I copied the incorrect kernel up to people. The correct test kernel is now there:
http://kernel.ubuntu.com/~jsalisbury/lp1741934/

Can you test this kernel and see if it resolves this bug?

Status changed to 'Confirmed' because the bug affects multiple users.

The kernel in #24 is working for me

Tested 4.4.0-108.131 on PCs with the following motherboards:

Asus CS-B - failed to boot
Intel DQ77MK - failed to boot
Asus Q170M-C - booted OK

I'll retry with the kernel from #24 now.

Tested 4.4.0-108.131~lp1741934 in a Ubuntu Xenial install on the following:

Intel DQ77MK - booted OK

A very quick test for 4.4.0-108-generic #131~lp1741934 looks good. bootable and pass a regular desktop SRU cert test plan.

Tested on platform Dell Vostro 15-3568 (CID 201606-22528)

Test submissions:
https://certification.canonical.com/hardware/201606-22528/submission/126252/

Tested 4.4.0-108.131~lp1741934 in a Ubuntu Xenial install on the following:

Asus CS-B - booted OK
Asus Q170M-C - booted OK

@GDR!, are you not able to boot at all when you hit the bug, or do you only see the trace in the log?

@jsalisbury I could not boot at all, i could only take a photo of the stack trace https://launchpadlibrarian.net/352927044/IMG_20180108_104845.jpg

Also it happened in the first second of kernel init.

3 more platforms complete to test 4.4.0-108-generic #131~lp1741934 . looks good.

https://certification.canonical.com/hardware/201606-22349/submission/126251/
https://certification.canonical.com/hardware/201606-22362/submission/126250/
https://certification.canonical.com/hardware/201606-22365/submission/126262/

What exact package version do I need for this fix?

My system auto-updated to the buggy kernel and crashed in the same location as the original reporter.

For reference the system:
Motherboard: Asus P9D-I
BIOS: Version 1801
CPU: Intel(R) Xeon(R) CPU E3-1220 v3 @ 3.10GHz

The buggy version I have:
linux-image-4.4.0-108-generic/xenial-security,now 4.4.0-108.131 amd64 [installed,automatic]

@jsalisbury are you sure the fixed version has been uploaded? Still not getting any new kernel to replace the currently installed buggy one via apt update

@Leith, it will not be available in -updates until the status changes to "Fix Released". This should happen soon.

In the mean time you can install the kernel I posted in comment #24. You would need to install the linux-image and linux-image-extra .deb packages.

Thank you @jsalisbury. Sorry for my misunderstanding with the status label.

I will keep an eye out for when the update arrives and I will just avoid rebooting the server until then.

This bug was fixed in the package linux - 4.4.0-109.132

---------------
linux (4.4.0-109.132) xenial; urgency=low

  * linux: 4.4.0-109.132 -proposed tracker (LP: #1742252)

  * Kernel trace with xenial 4.4 (4.4.0-108.131, Candidate kernels for PTI fix)
    (LP: #1741934)
    - SAUCE: kaiser: fix perf crashes - fix to original commit

linux (4.4.0-108.131) xenial; urgency=low

  * linux: 4.4.0-108.131 -proposed tracker (LP: #1741727)

  * CVE-2017-5754
    - x86/mm: Disable PCID on 32-bit kernels

linux (4.4.0-107.130) xenial; urgency=low

  * linux: 4.4.0-107.130 -proposed tracker (LP: #1741643)

  * CVE-2017-5754
    - Revert "UBUNTU: SAUCE: arch/x86/entry/vdso: temporarily disable vdso"
    - KPTI: Report when enabled
    - x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader
    - x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap
    - x86/kasan: Clear kasan_zero_page after TLB flush
    - kaiser: Set _PAGE_NX only if supported

linux (4.4.0-106.129) xenial; urgency=low

  * linux: 4.4.0-106.129 -proposed tracker (LP: #1741528)

  * CVE-2017-5754
    - KAISER: Kernel Address Isolation
    - kaiser: merged update
    - kaiser: do not set _PAGE_NX on pgd_none
    - kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
    - kaiser: fix build and FIXME in alloc_ldt_struct()
    - kaiser: KAISER depends on SMP
    - kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
    - kaiser: fix perf crashes
    - kaiser: ENOMEM if kaiser_pagetable_walk() NULL
    - kaiser: tidied up asm/kaiser.h somewhat
    - kaiser: tidied up kaiser_add/remove_mapping slightly
    - kaiser: kaiser_remove_mapping() move along the pgd
    - kaiser: cleanups while trying for gold link
    - kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
    - kaiser: delete KAISER_REAL_SWITCH option
    - kaiser: vmstat show NR_KAISERTABLE as nr_overhead
    - x86/mm: Enable CR4.PCIDE on supported systems
    - x86/mm: Build arch/x86/mm/tlb.c even on !SMP
    - x86/mm, sched/core: Uninline switch_mm()
    - x86/mm: Add INVPCID helpers
    - x86/mm: If INVPCID is available, use it to flush global mappings
    - kaiser: enhanced by kernel and user PCIDs
    - kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
    - kaiser: PCID 0 for kernel and 128 for user
    - kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
    - kaiser: paranoid_entry pass cr3 need to paranoid_exit
    - kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls
    - kaiser: fix unlikely error in alloc_ldt_struct()
    - kaiser: add "nokaiser" boot option, using ALTERNATIVE
    - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
    - x86/boot: Add early cmdline parsing for options with arguments
    - x86/kaiser: Check boottime cmdline params
    - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
    - kaiser: drop is_atomic arg to kaiser_pagetable_walk()
    - kaiser: asm/tlbflush.h handle noPGE at lower level
    - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
    - x86/paravirt: Dont patch flush_tlb_single
    - x86/kaiser: Reenable PARAVIRT
    - kaiser: disabled on Xen PV
    - x86/kaiser: Move feature detection up
    - kvm: x86: fix RSM when P...

Hi, I am not an expert and have basic functional operating knowledge of Ubuntu. I am using a Dell Latitude 5480 and Ubuntu 16.04 LTS. I did a software update this morning and since then I am unable to shut down and get the error starting with -

kernel BUG at /build/linux-J4_1pC/linux-4.4.0/mm/slub.c:3627!

Is there a fix that you can suggest which I can run? Thanks

You should add this ppa
sudo add-apt-repository ppa:canonical-kernel-team/pti
and run:
sudo apt-get dist-upgrade
to install package linux - 4.4.0-109.132

when will this be in the main repositories?

It's already in the main repositories, and I can confirm it fixes the issue on my machine.

With latest 4.4.0-108-generic

1. My laptop with i7-3537U CPU
  microcode : 0x1c;
  kaiser in CPU flags;
  dmesg "[ 0.000000] Kernel/User page tables isolation: enabled"

* does not shutdown with

  kernel BUG at /build/linux-J4_1pC/linux-4.4.0/mm/slub.c:3627!

* does not reboot
* does not suspend.

2. My i7-4790 machine
  microcode : 0x17;
  kaiser in CPU flags;
  dmesg "[ 0.000000] Kernel/User page tables isolation: enabled"

* does not shutdown (can't see any messages here).
* does not reboot
* does not suspend

3. My i7 Q740 laptop

  microcode : 0x7;
  kaiser in CPU flags;
  dmesg "[ 0.000000] Kernel/User page tables isolation: enabled"

* does not suspend

With latest 4.4.0-109-generic
1. My laptop with i7-3537U CPU - works normally.
2. My i7-4790 machine - works normally.
3. My i7 Q740 laptop - works normally.

For those who affected:
1. Remove 108 kernel with
sudo apt-get purge linux-headers-4.4.0-108 linux-headers-4.4.0-108-generic linux-image-4.4.0-108-generic linux-image-extra-4.4.0-108-generic linux-tools-4.4.0-108 linux-tools-4.4.0-108-generic
sudo apt-get autoremove
2. Wait for 109 kernel to appear on your mirror or temporarily switch to "Main server" (http://archive.ubuntu.com/ubuntu) and get it from here.

Same here:

# lspci
00:00.0 Host bridge: Intel Corporation 4th Gen Core Processor DRAM Controller (rev 06)
00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor PCI Express x16 Controller (rev 06)
00:02.0 Display controller: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics Controller (rev 06)
00:03.0 Audio device: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor HD Audio Controller (rev 06)
00:14.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB xHCI (rev 04)
00:19.0 Ethernet controller: Intel Corporation Ethernet Connection I217-LM (rev 04)
00:1a.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 8 Series/C220 Series Chipset High Definition Audio Controller (rev 04)
00:1d.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation Q87 Express LPC Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation 8 Series/C220 Series Chipset Family 6-port SATA Controller 1 [AHCI mode] (rev 04)
00:1f.3 SMBus: Intel Corporation 8 Series/C220 Series Chipset Family SMBus Controller (rev 04)
01:00.0 VGA compatible controller: NVIDIA Corporation GT218 [GeForce 210] (rev a2)
01:00.1 Audio device: NVIDIA Corporation High Definition Audio Controller (rev a1)

I had default the nouveau driver driving the nvidia card. Seems there were some problems with the Nvidia driver: https://www.reddit.com/r/linuxquestions/comments/7pbro7/ubuntu_meltdown_patch_breaks_system_wont_boot/

However 4.4.0-109-generic fixed this.

Thanks a lot to Ubuntu for their quick fix and to Norbert for letting us know here.

Thanks, Norbert. Seems to have worked for me.

Installation of 4.4.0-109-generic fixes all problems:

sudo apt-get update
sudo apt-get install linux-headers-4.4.0-109 linux-headers-4.4.0-109-generic \
linux-headers-generic linux-image-4.4.0-109-generic \
linux-image-extra-4.4.0-109-generic linux-image-generic \
linux-tools-4.4.0-109 linux-tools-4.4.0-109-generic linux-tools-generic

Thanks, kernel 4.4.0-109-generic fixed this problem!

I can confirm that 4.4.0-109.132 fix the problem for me (LP: #1742286) on Xenial. Thanks

Does anyone know if this issue affects linux-aws, which was not mentioned in the USN?

Thanks, kernel 4.4.0-109 fixed the issue for me too.

Sorry, can anyone provide some instructions how to upgrade if I can't load system?

You can try to boot the last working kernel and then pull the updates
and reboot.

Good work team. kernel 4.4.0-109-generic fixed the problem on this Dell Inspiron 660 Intel 3rd gen Core i5-3330 3.0GHz 8 MB RAM. Did not notice any slowdown of the PC.

Kernel 4.4.0-109-generic fixed the problem on
Dell Inc. OptiPlex 990/06D7TR, BIOS A13 04/02/2012
Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
CPU0: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz (family: 0x6, model: 0x2a, stepping: 0x7)
Ubuntu 16.04.3 LTS

Kernel 4.4.0-10--generic fixed the problem also on Dell Inspiron i5-5000 Processor Intel i7-7500U 2.7Ghz 8 Mb RAM.

Thank you very much for the quick response.

On 14.04 with LTS Enablement Stack I can confirm that 4.4.0-108 was broken in the described way (trap on kfree) and 4.4.0-109 works.

4.4.0-109 works.

Still affect me on 4.4.0-109 update

pc-ubuntu
    descrição: Computador desktop
    produto: OptiPlex 9010 (OptiPlex 9010)
    fabricante: Dell Inc.
    versão: 01
    serial: GMLV5W1
    largura: 64 bits
    capacidades: smbios-2.7 dmi-2.7 vsyscall32
    configuração: boot=normal chassis=desktop sku=OptiPlex 9010 uuid=44454C4C-4D00-104C-8056-C7C04F355731
  *-core
       descrição: Placa-mãe
       produto: 0KV62T
       fabricante: Dell Inc.
       ID físico: 0
       versão: A01
       serial: /GMLV5W1/BR108192BM00CS/
     *-firmware
          descrição: BIOS
          fabricante: Dell Inc.
          ID físico: 0
          versão: A21
          date: 09/21/2015
          tamanho: 64KiB
          capacidade: 11MiB
          capacidades: pci pnp upgrade shadowing cdboot bootselect edd int13floppy1200 int13floppy720 int13floppy2880 int5printscreen int9keyboard int14serial int17printer acpi usb biosbootspecification netboot uefi
     *-cpu
          descrição: CPU
          produto: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
          fabricante: Intel Corp.
          ID físico: 5e
          informações do barramento: cpu@0
          versão: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz
          slot: CPU 1
          tamanho: 1883MHz
          capacidade: 3800MHz
          largura: 64 bits
          clock: 100MHz
          capacidades: x86-64 fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx smx est tm2 ssse3 cx16 xtpr pdcm pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm epb tpr_shadow vnmi flexpriority ept vpid fsgsbase smep erms xsaveopt dtherm ida arat pln pts cpufreq
          configuração: cores=4 enabledcores=4 threads=4
        *-cache:0
             descrição: L1 cache
             ID físico: 3a
             slot: CPU Internal L1
             tamanho: 256KiB
             capacidade: 256KiB
             capacidades: internal write-through data
             configuração: level=1
        *-cache:1
             descrição: L2 cache
             ID físico: 3b
             slot: CPU Internal L2
             tamanho: 1MiB
             capacidade: 1MiB
             capacidades: internal write-through unified
             configuração: level=2
        *-cache:2
             descrição: L3 cache
             ID físico: 3c
             slot: CPU Internal L3
             tamanho: 6MiB
             capacidade: 6MiB
             capacidades: internal write-back unified
             configuração: level=3
     *-memory
          descrição: Memória do sistema
          ID físico: 3d
          slot: Placa do sistema ou placa-mãe
          tamanho: 8GiB
        *-bank:0
             descrição: DIMMProject-Id-Version: lshwReport-Msgid-Bugs-To: FULL NAME <EMAIL@ADDRESS>POT-Creation-Date: 2009-10-08 14:02+0200PO-Revision-Date: 2013-04-07 17:30+0000Last-Translator: Neliton Pereira Jr. <email address hidden>Language-Team: Brazilian Portuguese <email address hidden>MIME-Version: 1.0Content-Type: text/plain; c...

@Julio, Can you open a new bug report, so we can investigate your issue further?

Please take care on bug 1742509 (it is about disabling security.ubuntu.com on switching mirror with software-properties-gtk). It is very actual in context of current bug.