Comment 0 for bug 1741934

[Description]

When using PPA https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/pti/ to fetch the candidate kernels for CVE-2017-5754, CVE-2017-5715 and CVE-2017-5753. There is the same kernel panic shown in many different pre-installed Ubuntu images of different platform.

So far these platform are known to reproduce this issue:

CID 201606-22349 (Dell Inspiron 7560)
CID 201606-22365 (Dell Inspiron 5767)

[Steps to Reproduce]

1. Install the target pre-installed image (Xenial 4.4-based stack) for the platform.
2. Fetch the kernel 4.4.0-108.131 from this PPA https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/pti/
3. Update the system by "sudo apt-get dist-upgrade"
4. After the system update, reboot it.
5. Check the syslog after the system is ready to use again.

[Expected Result]

No kernel panic message.

[Actual Result]

Kernel panic message as:

Jan 9 00:33:33 201606-22365 kernel: [ 37.701226] ------------[ cut here ]------------
Jan 9 00:33:33 201606-22365 kernel: [ 37.701243] kernel BUG at /build/linux-J4_1pC/linux-4.4.0/mm/slub.c:3627!
Jan 9 00:33:33 201606-22365 kernel: [ 37.701261] invalid opcode: 0000 [#1] SMP
Jan 9 00:33:33 201606-22365 kernel: [ 37.701273] Modules linked in: nvram msr bnep rtsx_usb_ms memstick hid_multitouch uvcvideo i2c_designware_platform i2c_designware_core ath3k videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core v4l2_common videodev media btusb dell_wmi sparse_keymap btrtl snd_hda_codec_hdmi(OE) dell_led snd_hda_codec_realtek(OE) snd_hda_codec_generic(OE) dell_laptop dcdbas snd_hda_intel(OE) snd_hda_codec(OE) snd_hwdep dell_smm_hwmon intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp snd_soc_skl_ipc snd_hda_ext_core(OE) snd_hda_core(OE) snd_soc_sst_ipc snd_soc_sst_dsp snd_soc_core kvm_intel snd_compress kvm irqbypass ac97_bus crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_pcm_dmaengine aesni_intel snd_pcm aes_x86_64 snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq arc4 lrw ath9k ath9k_common snd_seq_device ath9k_hw gf128mul glue_helper snd_timer ath mac80211 cfg80211 hci_uart btbcm btqca btintel ablk_helper joydev input_leds cryptd serio_raw bluetooth snd mei_me soundcore mei tpm_crb shpchp idma64 dw_dmac_core virt_dma dell_rbtn int3403_thermal acpi_pad processor_thermal_device int3402_thermal int340x_thermal_zone int3400_thermal intel_soc_dts_iosf intel_lpss_acpi intel_lpss_pci acpi_thermal_rel intel_lpss mac_hid acpi_als kfifo_buf industrialio parport_pc ppdev lp parport autofs4 btrfs xor raid6_pq dm_mirror dm_region_hash dm_log mmc_block rtsx_usb_sdmmc rtsx_usb uas usb_storage i915_bpo intel_ips i2c_algo_bit drm_kms_helper psmouse syscopyarea sysfillrect sysimgblt fb_sys_fops r8169 drm ahci mii libahci wmi i2c_hid hid pinctrl_sunrisepoint video pinctrl_intel fjes
Jan 9 00:33:33 201606-22365 kernel: [ 37.701735] CPU: 3 PID: 21 Comm: watchdog/3 Tainted: G OE 4.4.0-108-generic #131-Ubuntu
Jan 9 00:33:33 201606-22365 kernel: [ 37.701756] Hardware name: Dell Inc. Inspiron 5767/ , BIOS 1.0.0 07/14/2016
Jan 9 00:33:33 201606-22365 kernel: [ 37.701774] task: ffff880169df6900 ti: ffff880169a1c000 task.ti: ffff880169a1c000
Jan 9 00:33:33 201606-22365 kernel: [ 37.701792] RIP: 0010:[<ffffffff811f00a7>] [<ffffffff811f00a7>] kfree+0x147/0x150
Jan 9 00:33:33 201606-22365 kernel: [ 37.701814] RSP: 0018:ffff880169a1fd58 EFLAGS: 00010246
Jan 9 00:33:33 201606-22365 kernel: [ 37.701827] RAX: ffffea0005bd0120 RBX: ffff88016f404840 RCX: ffff88016f7fa220
Jan 9 00:33:33 201606-22365 kernel: [ 37.701843] RDX: ffffea0005a64420 RSI: ffffea0005a64820 RDI: ffffea0005bd0100
Jan 9 00:33:33 201606-22365 kernel: [ 37.701860] RBP: ffff880169a1fd70 R08: 0000000000000009 R09: ff80003fffffffff
Jan 9 00:33:33 201606-22365 kernel: [ 37.701877] R10: ffffea0005bd0100 R11: 0000000000000001 R12: 0000000000000000
Jan 9 00:33:33 201606-22365 kernel: [ 37.701893] R13: ffffffff810104ff R14: ffffffff81f3c840 R15: 0000000000000000
Jan 9 00:33:33 201606-22365 kernel: [ 37.701910] FS: 0000000000000000(0000) GS:ffff88016f580000(0000) knlGS:0000000000000000
Jan 9 00:33:33 201606-22365 kernel: [ 37.701929] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jan 9 00:33:33 201606-22365 kernel: [ 37.701943] CR2: 0000557a57f940d0 CR3: 0000000002e0a000 CR4: 0000000000360670
Jan 9 00:33:33 201606-22365 kernel: [ 37.701961] Stack:
Jan 9 00:33:33 201606-22365 kernel: [ 37.701966] 0000000000000000 0000000000000000 000000000000d440 ffff880169a1fda0
Jan 9 00:33:33 201606-22365 kernel: [ 37.701987] ffffffff810104ff 0000000000000004 0000000000000186 0000000000000003
Jan 9 00:33:33 201606-22365 kernel: [ 37.702007] 0000000000000003 ffff880169a1fdc0 ffffffff8100608f ffff880169a40000
Jan 9 00:33:33 201606-22365 kernel: [ 37.702027] Call Trace:
Jan 9 00:33:33 201606-22365 kernel: [ 37.702036] [<ffffffff810104ff>] release_ds_buffers+0xbf/0xd0
Jan 9 00:33:33 201606-22365 kernel: [ 37.702052] [<ffffffff8100608f>] x86_release_hardware+0x8f/0xa0
Jan 9 00:33:33 201606-22365 kernel: [ 37.702067] [<ffffffff810060ae>] hw_perf_event_destroy+0xe/0x20
Jan 9 00:33:33 201606-22365 kernel: [ 37.702082] [<ffffffff81183746>] _free_event+0xb6/0x230
Jan 9 00:33:33 201606-22365 kernel: [ 37.702095] [<ffffffff81183983>] put_event+0xc3/0x100
Jan 9 00:33:33 201606-22365 kernel: [ 37.702108] [<ffffffff811839c9>] perf_event_release_kernel+0x9/0x10
Jan 9 00:33:33 201606-22365 kernel: [ 37.702125] [<ffffffff8113ccae>] watchdog_nmi_disable+0x4e/0x70
Jan 9 00:33:33 201606-22365 kernel: [ 37.702141] [<ffffffff810a4b00>] ? sort_range+0x30/0x30
Jan 9 00:33:33 201606-22365 kernel: [ 37.702154] [<ffffffff8113cd2c>] watchdog_disable+0x5c/0x80
Jan 9 00:33:33 201606-22365 kernel: [ 37.702169] [<ffffffff810a4be8>] smpboot_thread_fn+0xe8/0x160
Jan 9 00:33:33 201606-22365 kernel: [ 37.702184] [<ffffffff810a1845>] kthread+0xe5/0x100
Jan 9 00:33:33 201606-22365 kernel: [ 37.702196] [<ffffffff810a1760>] ? kthread_create_on_node+0x1e0/0x1e0
Jan 9 00:33:33 201606-22365 kernel: [ 37.702214] [<ffffffff81844a0f>] ret_from_fork+0x3f/0x70
Jan 9 00:33:33 201606-22365 kernel: [ 37.702228] [<ffffffff810a1760>] ? kthread_create_on_node+0x1e0/0x1e0
Jan 9 00:33:33 201606-22365 kernel: [ 37.702243] Code: 4c 89 d7 e8 9c 83 fa ff eb 8c 41 b8 01 00 00 00 48 89 d9 48 89 da 4c 89 d6 e8 06 fc ff ff e9 73 ff ff ff 49 8b 42 20 a8 01 75 c7 <0f> 0b 0f 1f 80 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 57 41
Jan 9 00:33:33 201606-22365 kernel: [ 37.702339] RIP [<ffffffff811f00a7>] kfree+0x147/0x150
Jan 9 00:33:33 201606-22365 kernel: [ 37.702354] RSP <ffff880169a1fd58>
Jan 9 00:33:33 201606-22365 kernel: [ 37.706621] ---[ end trace ffe2cc0d7dbd1511 ]---

[More Information]

ubuntu@201606-22365:~$ uname -a
Linux 201606-22365 4.4.0-108-generic #131-Ubuntu SMP Sun Jan 7 14:34:49 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
ubuntu@201606-22365:~$ dpkg -l *4.4.0-108*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-=============================================-===========================-===========================-===============================================================================================
ii linux-headers-4.4.0-108 4.4.0-108.131 all Header files related to Linux kernel version 4.4.0
ii linux-headers-4.4.0-108-generic 4.4.0-108.131 amd64 Linux kernel headers for version 4.4.0 on 64 bit x86 SMP
ii linux-image-4.4.0-108-generic 4.4.0-108.131 amd64 Linux kernel image for version 4.4.0 on 64 bit x86 SMP
ii linux-image-extra-4.4.0-108-generic 4.4.0-108.131 amd64 Linux kernel extra modules for version 4.4.0 on 64 bit x86 SMP
ii linux-signed-image-4.4.0-108-generic 4.4.0-108.131 amd64 Signed kernel image generic
ii linux-tools-4.4.0-108 4.4.0-108.131 amd64 Linux kernel version specific tools for version 4.4.0-108
ii linux-tools-4.4.0-108-generic 4.4.0-108.131 amd64 Linux kernel version specific tools for version 4.4.0-108
ubuntu@201606-22365:~$