Ubuntu
rtl8821ce-dkms package

just becomes a veggie after invalid opcode: 0000 in mm/slub.c:306

Bug #1926935 reported by dns clerk
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
rtl8821ce-dkms (Ubuntu)
New
Undecided
Unassigned

Bug Description

root@l420:~# lsb_release -rd
Description: Ubuntu 18.04.5 LTS
Release: 18.04

root@l420:~# apt policy rtl8821ce-dkms
rtl8821ce-dkms:
  Installed: (none)
  Candidate: 5.5.2.1-0ubuntu3~18.04.1
  Version table:
     5.5.2.1-0ubuntu3~18.04.1 500
        500 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu bionic-updates/universe i386 Packages

from 88XX12 driver

got nowhere with wifi via alpha,

system was 'running', but things like sshd did not connect
network system was vegged out: ping works but no listeners working
this but did send the entire system into a tail spin

Had to hard power cycle to be able to do anything
Console did not answer either (no root prompts when hitting enter, on none of alt-f1 through alt-f6).

According to syslog the system was continuing to do stuff, only not very useful (being by itself, no networking, no console beside answering to 'enter' with lf.

After reboot everything seemed fine, this continuation is appended after the syslog kernel bug.
There was no reboot after the kernel bug! It vegged along until I got a complaint that
'there is no Internet' (wifi was out, phones did not connect for data).

dkms module:

88XXau 2252800 0
cfg80211 712704 4 iwldvm,iwlwifi,mac80211,88XXau

modinfo 88XXau:

filename: /lib/modules/5.4.0-72-generic/updates/dkms/88XXau.ko
version: v5.6.4.2_35491.20191025
author: Realtek Semiconductor Corp.
description: Realtek Wireless Lan Driver
license: GPL
srcversion: 49179F33DEAFB11645E14A3
alias: usb:v0846p9054d*dc*dsc*dp*ic*isc*ip*in*
alias: usb:v20F4p809Bd*dc*dsc*dp*ic*isc*ip*in*
alias: usb:v20F4p809Ad*dc*dsc*dp*ic*isc*ip*in*

             .....

alias: usb:v0BDAp881Bd*dc*dsc*dp*ic*isc*ip*in*
alias: usb:v0BDAp881Ad*dc*dsc*dp*ic*isc*ip*in*
alias: usb:v0BDAp8812d*dc*dsc*dp*ic*isc*ip*in*
depends: cfg80211
retpoline: Y
name: 88XXau
vermagic: 5.4.0-72-generic SMP mod_unload modversions
parm: rtw_wireless_mode:int
parm: rtw_ips_mode:The default IPS mode (int)
parm: rtw_lps_level:The default LPS level (int)
parm: rtw_lps_chk_by_tp:int
parm: rtw_max_bss_cnt:int
parm: rtw_usb_rxagg_mode:int
parm: rtw_dynamic_agg_enable:int
parm: rtw_tx_bw_mode:The max tx bw for 2.4G and 5G. format is the same as rtw_bw_mode (uint)
parm: rtw_rx_ampdu_sz_limit_1ss:RX AMPDU size limit for 1SS link of each BW, 0xFF: no limitation (array of uint)
parm: rtw_rx_ampdu_sz_limit_2ss:RX AMPDU size limit for 2SS link of each BW, 0xFF: no limitation (array of uint)
parm: rtw_rx_ampdu_sz_limit_3ss:RX AMPDU size limit for 3SS link of each BW, 0xFF: no limitation (array of uint)
parm: rtw_rx_ampdu_sz_limit_4ss:RX AMPDU size limit for 4SS link of each BW, 0xFF: no limitation (array of uint)
parm: rtw_vht_enable:int
parm: rtw_vht_rx_mcs_map:VHT RX MCS map (uint)
parm: rtw_rf_config:int
parm: rtw_country_code:The default country code (in alpha2) (charp)
parm: rtw_channel_plan:The default chplan ID when rtw_alpha2 is not specified or valid (int)
parm: rtw_excl_chs:exclusive channel array (array of uint)
parm: rtw_qos_opt_enable:int
parm: ifname:The default name to allocate for first interface (charp)
parm: if2name:The default name to allocate for second interface (charp)
parm: if2name:The default name to allocate for second interface (charp)
parm: rtw_wowlan_sta_mix_mode:int
parm: rtw_pwrtrim_enable:int
parm: rtw_initmac:charp
parm: rtw_special_rf_path:int
parm: rtw_chip_version:int
parm: rtw_rfintfs:int
parm: rtw_lbkmode:int
parm: rtw_network_mode:int
parm: rtw_channel:int
parm: rtw_mp_mode:int
parm: rtw_wmm_enable:int
parm: rtw_vrtl_carrier_sense:int
parm: rtw_vcs_type:int
parm: rtw_busy_thresh:int
parm: rtw_ht_enable:int
parm: rtw_bw_mode:int
parm: rtw_ampdu_enable:int
parm: rtw_rx_stbc:int
parm: rtw_rx_ampdu_amsdu:int
parm: rtw_tx_ampdu_amsdu:int
parm: rtw_beamform_cap:int
parm: rtw_lowrate_two_xmit:int
parm: rtw_power_mgnt:int
parm: rtw_smart_ps:int
parm: rtw_low_power:int
parm: rtw_wifi_spec:int
parm: rtw_full_ch_in_p2p_handshake:int
parm: rtw_antdiv_cfg:int
parm: rtw_antdiv_type:int
parm: rtw_drv_ant_band_switch:int
parm: rtw_single_ant_path:int
parm: rtw_switch_usb_mode:int
parm: rtw_enusbss:int
parm: rtw_hwpdn_mode:int
parm: rtw_hwpwrp_detect:int
parm: rtw_hw_wps_pbc:int
parm: rtw_check_hw_status:int
parm: rtw_max_roaming_times:The max roaming times to try (uint)
parm: rtw_mc2u_disable:int
parm: rtw_notch_filter:0:Disable, 1:Enable, 2:Enable only for P2P (uint)
parm: rtw_hiq_filter:0:allow all, 1:allow special, 2:deny all (uint)
parm: rtw_adaptivity_en:0:disable, 1:enable (uint)
parm: rtw_adaptivity_mode:0:normal, 1:carrier sense (uint)
parm: rtw_adaptivity_th_l2h_ini:th_l2h_ini for Adaptivity (int)
parm: rtw_adaptivity_th_edcca_hl_diff:th_edcca_hl_diff for Adaptivity (int)
parm: rtw_amplifier_type_2g:BIT3:2G ext-PA, BIT4:2G ext-LNA (uint)
parm: rtw_amplifier_type_5g:BIT6:5G ext-PA, BIT7:5G ext-LNA (uint)
parm: rtw_RFE_type:default init value:64 (uint)
parm: rtw_powertracking_type:default init value:64 (uint)
parm: rtw_GLNA_type:default init value:0 (uint)
parm: rtw_TxBBSwing_2G:default init value:0xFF (uint)
parm: rtw_TxBBSwing_5G:default init value:0xFF (uint)
parm: rtw_OffEfuseMask:default open Efuse Mask value:0 (uint)
parm: rtw_FileMaskEfuse:default drv Mask Efuse value:0 (uint)
parm: rtw_rxgain_offset_2g:default RF Gain 2G Offset value:0 (uint)
parm: rtw_rxgain_offset_5gl:default RF Gain 5GL Offset value:0 (uint)
parm: rtw_rxgain_offset_5gh:uint
parm: rtw_rxgain_offset_5gm:default RF Gain 5GM Offset value:0 (uint)
parm: rtw_pll_ref_clk_sel:force pll_ref_clk_sel, 0xF:use autoload value (uint)
parm: rtw_tx_pwr_by_rate:0:Disable, 1:Enable, 2: Depend on efuse (int)
parm: rtw_tx_pwr_lmt_enable:0:Disable, 1:Enable, 2: Depend on efuse (int)
parm: rtw_target_tx_pwr_2g_a:2.4G target tx power (unit:dBm) of RF path A for each rate section, should match the real calibrate power, -1: undefined (array of int)
parm: rtw_target_tx_pwr_2g_b:2.4G target tx power (unit:dBm) of RF path B for each rate section, should match the real calibrate power, -1: undefined (array of int)
parm: rtw_target_tx_pwr_2g_c:2.4G target tx power (unit:dBm) of RF path C for each rate section, should match the real calibrate power, -1: undefined (array of int)
parm: rtw_target_tx_pwr_2g_d:2.4G target tx power (unit:dBm) of RF path D for each rate section, should match the real calibrate power, -1: undefined (array of int)
parm: rtw_target_tx_pwr_5g_a:5G target tx power (unit:dBm) of RF path A for each rate section, should match the real calibrate power, -1: undefined (array of int)
parm: rtw_target_tx_pwr_5g_b:5G target tx power (unit:dBm) of RF path B for each rate section, should match the real calibrate power, -1: undefined (array of int)
parm: rtw_target_tx_pwr_5g_c:5G target tx power (unit:dBm) of RF path C for each rate section, should match the real calibrate power, -1: undefined (array of int)
parm: rtw_target_tx_pwr_5g_d:5G target tx power (unit:dBm) of RF path D for each rate section, should match the real calibrate power, -1: undefined (array of int)
parm: rtw_tsf_update_pause_factor:num of bcn intervals to stay TSF update pause status (int)
parm: rtw_tsf_update_restore_factor:num of bcn intervals to stay TSF update restore status (int)
parm: rtw_phy_file_path:The path of phy parameter (charp)
parm: rtw_load_phy_file:PHY File Bit Map (int)
parm: rtw_decrypt_phy_file:Enable Decrypt PHY File (int)
parm: rtw_en_napi:int
parm: rtw_en_gro:int
parm: rtw_iqk_fw_offload:int
parm: rtw_ch_switch_offload:int

syslog:

May 2 20:21:25 l420 kernel: usb 2-1.1: USB disconnect, device number 4
May 2 20:21:25 l420 named[2014]: no IPv6 interfaces found
May 2 20:21:25 l420 named[2014]: no longer listening on 172.18.61.254#53
May 2 20:21:25 l420 systemd[1]: Stopping ifup for wlx00c0caa825ca...
May 2 20:21:25 l420 kernel: ------------[ cut here ]------------
May 2 20:21:25 l420 kernel: kernel BUG at /build/linux-hwe-5.4-PtAV0J/linux-hwe-5.4-5.4.0/mm/slub.c:306!
May 2 20:21:25 l420 kernel: invalid opcode: 0000 [#1] SMP PTI
May 2 20:21:26 l420 kernel: CPU: 3 PID: 25836 Comm: kworker/3:1 Tainted: G OE 5.4.0-72-generic #80~18.04.1-Ubuntu
May 2 20:21:26 l420 kernel: Hardware name: LENOVO 4236BR7/4236BR7, BIOS 83ET53WW (1.23 ) 03/31/2011
May 2 20:21:26 l420 kernel: Workqueue: usb_hub_wq hub_event
May 2 20:21:26 l420 kernel: RIP: 0010:__slab_free+0x18e/0x330
May 2 20:21:26 l420 kernel: Code: 90 48 89 c7 fa 66 66 90 66 66 90 f0 49 0f ba 2c 24 00 72 68 4d 3b 6c 24 20 74 11 49 0f ba 34 24 00 57 9d 66 66 90 66 90 eb a9 <0f> 0b 49 3b 5c 24 28 75 e8 48 8b 45 88 49 89 4c 24 28 49 89 44 24
May 2 20:21:26 l420 kernel: RSP: 0018:ffffaba3409cb940 EFLAGS: 00010246
May 2 20:21:26 l420 kernel: RAX: ffff9c30f5ea6400 RBX: 0000000000200016 RCX: ffff9c30f5ea6400
May 2 20:21:26 l420 kernel: RDX: ffff9c30f5ea6400 RSI: ffffecda84d7a900 RDI: ffff9c30f9406d80
May 2 20:21:26 l420 kernel: RBP: ffffaba3409cb9e0 R08: 0000000000000001 R09: ffffffffaba43bf3
May 2 20:21:26 l420 kernel: R10: 0000000000000001 R11: 0000000000000000 R12: ffffecda84d7a900
May 2 20:21:26 l420 kernel: R13: ffff9c30f5ea6400 R14: ffff9c30f9406d80 R15: ffff9c30f5ea6400
May 2 20:21:26 l420 kernel: FS: 0000000000000000(0000) GS:ffff9c30fa0c0000(0000) knlGS:0000000000000000
May 2 20:21:26 l420 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
May 2 20:21:26 l420 kernel: CR2: 00007f4519d67583 CR3: 0000000056c0a002 CR4: 00000000000606e0
May 2 20:21:26 l420 kernel: Call Trace:
May 2 20:21:26 l420 kernel: ? wq_worker_running+0xe/0x40
May 2 20:21:26 l420 kernel: ? schedule+0x51/0xa0
May 2 20:21:26 l420 kernel: ? pcpu_chunk_relocate+0x1f/0x40
May 2 20:21:26 l420 kernel: ? pcpu_free_area+0x211/0x2c0
May 2 20:21:26 l420 kernel: ? kvfree+0x33/0x40
May 2 20:21:26 l420 kernel: kfree+0x22b/0x240
May 2 20:21:26 l420 kernel: ? kfree+0x22b/0x240
May 2 20:21:26 l420 kernel: kvfree+0x33/0x40
May 2 20:21:26 l420 kernel: free_netdev+0x23/0x130
May 2 20:21:26 l420 kernel: netdev_run_todo+0x281/0x2e0
May 2 20:21:26 l420 kernel: rtnl_unlock+0xe/0x10
May 2 20:21:26 l420 kernel: unregister_netdev+0x21/0x30
May 2 20:21:26 l420 kernel: rtw_wdev_unregister+0x5f/0x66 [88XXau]
May 2 20:21:26 l420 kernel: rtw_cfg80211_ndev_res_unregister+0x15/0x17 [88XXau]
May 2 20:21:26 l420 kernel: rtw_os_ndev_unregister+0x66/0xbb [88XXau]
May 2 20:21:26 l420 kernel: rtw_os_ndevs_unregister+0x27/0x32 [88XXau]
May 2 20:21:26 l420 kernel: rtw_dev_remove+0x29/0xa6 [88XXau]
May 2 20:21:26 l420 kernel: usb_unbind_interface+0x7f/0x260
May 2 20:21:26 l420 kernel: device_release_driver_internal+0xef/0x1c0
May 2 20:21:26 l420 kernel: device_release_driver+0x12/0x20
May 2 20:21:26 l420 kernel: bus_remove_device+0xe1/0x150
May 2 20:21:26 l420 kernel: device_del+0x167/0x380
May 2 20:21:26 l420 kernel: usb_disable_device+0x93/0x1b0
May 2 20:21:26 l420 kernel: usb_disconnect+0xc6/0x270
May 2 20:21:26 l420 kernel: hub_port_connect+0x81/0x990
May 2 20:21:26 l420 kernel: port_event+0x67a/0x7e0
May 2 20:21:26 l420 kernel: ? __switch_to_asm+0x40/0x70
May 2 20:21:26 l420 kernel: hub_event+0x21e/0x3b0
May 2 20:21:26 l420 kernel: process_one_work+0x20f/0x400
May 2 20:21:26 l420 kernel: worker_thread+0x34/0x410
May 2 20:21:26 l420 kernel: kthread+0x121/0x140
May 2 20:21:26 l420 kernel: ? process_one_work+0x400/0x400
May 2 20:21:26 l420 kernel: ? kthread_park+0x90/0x90
May 2 20:21:26 l420 kernel: ret_from_fork+0x35/0x40
May 2 20:21:26 l420 kernel: Modules linked in: rpcsec_gss_krb5 hid_logitech_hidpp hid_logitech_dj hid_generic usbhid hid nf_nat_pptp nf_conntrack_pptp ebtable_filter ebtables ip6_tables sctp ip_set xt_MASQUERADE xt_pkttype ipt_REJECT nf_reject_ipv4 nfnetlink_queue nf_log_ipv4 nfnetlink_log nf_log_common xt_LOG nfnetlink xt_limit xt_tcpudp xt_conntrack xt_multiport iptable_filter iptable_mangle iptable_raw iptable_security iptable_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bpfilter bridge stp llc binfmt_misc intel_rapl_msr mei_hdcp uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_common videodev mc intel_rapl_common btusb btrtl x86_pkg_temp_thermal intel_powerclamp btbcm btintel kvm_intel kvm bluetooth ecdh_generic ecc crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd snd_hda_codec_hdmi cryptd snd_hda_codec_conexant snd_hda_codec_generic glue_helper snd_hda_intel rapl snd_intel_dspcfg intel_cstate snd_hda_codec iwldvm snd_hda_core thinkpad_acpi nvram
May 2 20:21:26 l420 kernel: snd_hwdep ledtrig_audio mac80211 snd_pcm joydev input_leds snd_seq_midi serio_raw libarc4 wmi_bmof snd_seq_midi_event iwlwifi snd_rawmidi snd_seq snd_seq_device snd_timer snd mei_me mei soundcore mac_hid lpc_ich sch_fq_codel 88XXau(OE) cfg80211 rndis_host cdc_ether usbnet mii usb_f_rndis u_ether libcomposite udc_core coretemp nfsd auth_rpcgss nfs_acl lockd grace parport_pc ppdev sunrpc lp parport ip_tables x_tables autofs4 btrfs xor zstd_compress raid6_pq libcrc32c i915 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt firewire_ohci fb_sys_fops sdhci_pci firewire_core ahci cqhci psmouse crc_itu_t libahci e1000e drm sdhci wmi video
May 2 20:21:26 l420 kernel: ---[ end trace 5563f6e16cbfb618 ]---
May 2 20:21:26 l420 kernel: RIP: 0010:__slab_free+0x18e/0x330
May 2 20:21:26 l420 kernel: Code: 90 48 89 c7 fa 66 66 90 66 66 90 f0 49 0f ba 2c 24 00 72 68 4d 3b 6c 24 20 74 11 49 0f ba 34 24 00 57 9d 66 66 90 66 90 eb a9 <0f> 0b 49 3b 5c 24 28 75 e8 48 8b 45 88 49 89 4c 24 28 49 89 44 24
May 2 20:21:26 l420 kernel: RSP: 0018:ffffaba3409cb940 EFLAGS: 00010246
May 2 20:21:26 l420 kernel: RAX: ffff9c30f5ea6400 RBX: 0000000000200016 RCX: ffff9c30f5ea6400
May 2 20:21:26 l420 kernel: RDX: ffff9c30f5ea6400 RSI: ffffecda84d7a900 RDI: ffff9c30f9406d80
May 2 20:21:26 l420 kernel: RBP: ffffaba3409cb9e0 R08: 0000000000000001 R09: ffffffffaba43bf3
May 2 20:21:26 l420 kernel: R10: 0000000000000001 R11: 0000000000000000 R12: ffffecda84d7a900
May 2 20:21:26 l420 kernel: R13: ffff9c30f5ea6400 R14: ffff9c30f9406d80 R15: ffff9c30f5ea6400
May 2 20:21:26 l420 kernel: FS: 0000000000000000(0000) GS:ffff9c30fa0c0000(0000) knlGS:0000000000000000
May 2 20:21:26 l420 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
May 2 20:21:26 l420 kernel: CR2: 00007f4519d67583 CR3: 0000000056c0a002 CR4: 00000000000606e0

it continues to 'work', no crash or reboot... scary because I wonder what all got corrupted during these three hours..

e.g. named had lost it and restarted, however was not reachable (no listeners on network interfaces, on all network interfaces, including tuns). This system is not certified for ipv6 which is switched off in /etc/default, so don't worry about the 'no ipv6 interfaces found'. This has been running this way error free for years, except when there were firmware release issues (also an ubuntu issue, I had to get correct firmware elsewhere which fixed it, the system runs now again on the release firmware).

May 2 20:21:26 l420 named[2014]: received control channel command 'reconfig'
May 2 20:21:26 l420 named[2014]: loading configuration from '/etc/bind/named.conf'
May 2 20:21:26 l420 named[2014]: reading built-in trust anchors from file '/etc/bind/bind.keys'
May 2 20:21:26 l420 named[2014]: initializing GeoIP Country (IPv4) (type 1) DB
May 2 20:21:26 l420 named[2014]: GEO-106FREE 20180315 Build
May 2 20:21:26 l420 named[2014]: initializing GeoIP Country (IPv6) (type 12) DB
May 2 20:21:26 l420 named[2014]: GEO-106FREE 20180315 Build
May 2 20:21:26 l420 named[2014]: GeoIP City (IPv4) (type 2) DB not available
May 2 20:21:26 l420 named[2014]: GeoIP City (IPv4) (type 6) DB not available
May 2 20:21:26 l420 named[2014]: GeoIP City (IPv6) (type 30) DB not available
May 2 20:21:26 l420 named[2014]: GeoIP City (IPv6) (type 31) DB not available
May 2 20:21:26 l420 named[2014]: GeoIP Region (type 3) DB not available
May 2 20:21:26 l420 named[2014]: GeoIP Region (type 7) DB not available
May 2 20:21:26 l420 named[2014]: GeoIP ISP (type 4) DB not available
May 2 20:21:26 l420 named[2014]: GeoIP Org (type 5) DB not available
May 2 20:21:26 l420 named[2014]: GeoIP AS (type 9) DB not available
May 2 20:21:26 l420 named[2014]: GeoIP Domain (type 11) DB not available
May 2 20:21:26 l420 named[2014]: GeoIP NetSpeed (type 10) DB not available
May 2 20:21:26 l420 named[2014]: using default UDP/IPv4 port range: [32768, 60999]
May 2 20:21:26 l420 named[2014]: using default UDP/IPv6 port range: [32768, 60999]
May 2 20:21:26 l420 named[2014]: no IPv6 interfaces found

The wifi interface cycled and the ifup things were executed, however the interface was in some limbo state.

postfix restarted also (networking was pulled out from under it).

May 2 20:21:26 l420 ifdown[26318]: Cannot find device "wlx00c0caa825ca"
May 2 20:21:26 l420 ifdown[26318]: Cannot find device "wlx00c0caa825ca"
May 2 20:21:26 l420 ifdown[26318]: Trying to kill create_ap instance associated with wlx00c0caa825ca...
May 2 20:21:27 l420 ifdown[26318]: bumprip stopping ripd

May 2 20:21:35 l420 systemd[1]: Starting RIP routing daemon...
May 2 20:21:35 l420 systemd[1]: Started RIP routing daemon.
May 2 20:21:35 l420 ifdown[26318]: bumprip done Sun May 2 20:21:35 PDT 2021
May 2 20:21:35 l420 systemd[1]: Stopped ifup for wlx00c0caa825ca.
May 2 20:21:56 l420 whoopsie[1971]: [20:21:56] Cannot reach: https://daisy.ubuntu.com
May 2 20:22:26 l420 whoopsie[1971]: [20:22:26] Cannot reach: https://daisy.ubuntu.com

then, for about 2 hours, only cron jobs are logged but their execution entries are missing, the entire thing was vegged out: no real executions of nothing.

Tried normal shutdown using power button (set to shutdown, not to dialog)

Did not take.

Hard powerdown and then power up made it work again.

Still needed also a USB reset (unplug and plug back in the alfa) to get the alfa radio work.

I read that this had been fixed, could this be a regression in 5.4.0-72?
I had some issues when upgrading from 71 to 72 and had to remove and re-install the 88XXau dkms driver package, the dkms build failed.

dns clerk (dnsclerk)
summary: - just becomes a veggie after invalid opcode: 0000 in mm/slib.c:306
+ just becomes a veggie after invalid opcode: 0000 in mm/slub.c:306
Revision history for this message
Chris Guiver (guiverc) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please execute the following command only once, as it will automatically gather debugging information, in a terminal:

apport-collect 1926935

When reporting bugs in the future please use apport by using 'ubuntu-bug' and the name of the package affected. You can learn more about this functionality at https://wiki.ubuntu.com/ReportingBugs.

(I realize you've tried to provide much of this detail; so thank you, however fields are only populated using apport)

Revision history for this message
dns clerk (dnsclerk) wrote :

'no additional information collected', did it twice, no change

Revision history for this message
dns clerk (dnsclerk) wrote :

are you sure this is fixed:
https://github.com/torvalds/linux/commit/1b7e816fc80e668f0ccc8542cec20b9259abace1

I don't seem to be able to download the exact kernel source for 5.4.0-72.
Synaptic shows one but that only installs the /usr/share/doc files and no kernel source.

I downloaded one from here:
https://packages.ubuntu.com/focal-updates/all/linux-source-5.4.0/download

In that one slub.c is not fixed, the zero initialization has not been added:

1456 static inline bool slab_free_freelist_hook(struct kmem_cache *s,
1457 void **head, void **tail)
1458 {
1459
1460 void *object;
1461 void *next = *head;
1462 void *old_tail = *tail ? *tail : *head;
1463 int rsize;
1464
1465 /* Head and tail of the reconstructed freelist */
1466 *head = NULL;
1467 *tail = NULL;
1468
1469 do {
1470 object = next;
1471 next = get_freepointer(s, object);
1472
1473 if (slab_want_init_on_free(s)) {
1474 /*
1475 * Clear the object and the metadata, but don't touch
1476 * the redzone.
1477 */
1478 memset(object, 0, s->object_size);
1479 rsize = (s->flags & SLAB_RED_ZONE) ? s->red_left_pad
1480 : 0;
1481 memset((char *)object + s->inuse, 0,
1482 s->size - s->inuse - rsize);
1483
1484 }
1485 /* If object's reuse doesn't have to be delayed */
1486 if (!slab_free_hook(s, object)) {
1487 /* Move object to the new freelist */
1488 set_freepointer(s, object, *head);
1489 *head = object;
1490 if (!*tail)
1491 *tail = object;
1492 }
1493 } while (object != old_tail);
1494
1495 if (*head == *tail)
1496 *tail = NULL;
1497
1498 return *head != NULL;
1499 }
1500

.... may not be what is actually running since none of the standard installation methods offers the real kernel source for 72 ...

What happened, especially looking at some corruption that seems to have happened, might be the wrong slabs were messed with

Q is to me how often did that happen without showing a symptom....

Revision history for this message
dns clerk (dnsclerk) wrote :

... with 'zero initialization' I mean init the pointer to zero before using...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.