Bug 1251672

Summary: [abrt] kernel BUG at mm/slub.c:3413!
Product: [Fedora] Fedora Reporter: Stan King <stanley.king>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 21CC: gansalmon, itamar, jonathan, kernel-maint, labbott, madhu.chinakonda, mchehab, redhat
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/5a78405e9baac1a61a752a9716501d9be33874a2
Whiteboard: abrt_hash:7d65bf985162af5dd342fe7a42dec4e2b2b918f7
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-01 00:33:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stan King 2015-08-08 15:48:46 UTC 
Description of problem:
This happens as a response to the reboot command, the second I've done after upgrading to 4.1.3-100.fc21.x86_64.

The first reboot after the upgrade failed also.  There was no traceback in the log, but the system required a manual power-off, i.e. it did not restart automatically.

Additional info:
reporter:       libreport-2.3.0
kernel BUG at mm/slub.c:3413!
invalid opcode: 0000 [#1] SMP 
Modules linked in: hidp ccm rfcomm ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw bnep btusb btbcm btintel bluetooth kvm_intel arc4 kvm iwldvm dell_wmi sparse_keymap mac80211 iTCO_wdt iTCO_vendor_support crct10dif_pclmul crc32_pclmul crc32c_intel dell_laptop snd_hda_codec_idt uvcvideo dcdbas ghash_clmulni_intel videobuf2_vmalloc videobuf2_core iwlwifi snd_hda_codec_generic i8k snd_hda_codec_hdmi videobuf2_memops v4l2_common snd_hda_intel videodev snd_hda_controller
 cfg80211 joydev snd_hda_codec i2c_i801 intel_ips snd_hda_core snd_hwdep snd_seq media snd_seq_device rfkill snd_pcm wmi video mei_me snd_timer mei snd lpc_ich shpchp mfd_core soundcore acpi_cpufreq nfsd auth_rpcgss nfs_acl lockd grace sunrpc amdkfd amd_iommu_v2 radeon i2c_algo_bit drm_kms_helper ttm drm serio_raw r8169 mii [last unloaded: coretemp]
CPU: 0 PID: 843 Comm: Xorg.bin Not tainted 4.1.3-100.fc21.x86_64 #1
Hardware name: Dell Inc. Inspiron N5010/03C6YH, BIOS A15 07/19/2011
task: ffff88013263eca0 ti: ffff880132130000 task.ti: ffff880132130000
RIP: 0010:[<ffffffff812084c2>]  [<ffffffff812084c2>] kfree+0x152/0x160
RSP: 0018:ffff880132133af8  EFLAGS: 00010246
RAX: 005ffff800000000 RBX: ffff88012a730000 RCX: 00000001820001e9
RDX: 000077ff80000000 RSI: ffffea0002786b80 RDI: ffff88012a730000
RBP: ffff880132133b18 R08: 000000009e1ae001 R09: ffffea0004a9cc00
R10: ffffffff813ab694 R11: ffff88009e1ae0a8 R12: ffff88012a7300b0
R13: ffffffff815c9c05 R14: ffff88012a7300c0 R15: ffff88012fa04540
FS:  00007f61de5d99c0(0000) GS:ffff880137c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007ff41acc90e0 CR3: 0000000001c0b000 CR4: 00000000000007f0
Stack:
 ffff88012a7300b0 ffff88012a730000 ffff88012a7300b0 ffff8800a0e98c00
 ffff880132133b38 ffffffff815c9c05 ffff880132133be8 ffff88012a7300c0
 ffff880132133b68 ffffffff814e2356 ffff8800b8417000 ffff88012a7300f8
Call Trace:
 [<ffffffff815c9c05>] evdev_free+0x35/0x40
 [<ffffffff814e2356>] device_release+0x36/0xb0
 [<ffffffff813ab67a>] kobject_release+0x7a/0x1c0
 [<ffffffff813ab525>] kobject_put+0x35/0x70
 [<ffffffff8122c8ef>] cdev_default_release+0x1f/0x30
 [<ffffffff813ab67a>] kobject_release+0x7a/0x1c0
 [<ffffffff813ab525>] kobject_put+0x35/0x70
 [<ffffffff8122cfbc>] cdev_put+0x1c/0x30
 [<ffffffff8122a27f>] __fput+0x1af/0x1f0
 [<ffffffff8122a30e>] ____fput+0xe/0x10
 [<ffffffff810bebd4>] task_work_run+0xd4/0xf0
 [<ffffffff810a3edd>] do_exit+0x30d/0xa70
 [<ffffffff810a46d5>] do_group_exit+0x45/0xb0
 [<ffffffff810b026c>] get_signal+0x27c/0x610
 [<ffffffff81014527>] do_signal+0x37/0x790
 [<ffffffff81101067>] ? __call_rcu_nocb_enqueue+0xd7/0xe0
 [<ffffffff812410e5>] ? dput+0xc5/0x230
 [<ffffffff8124a1e4>] ? mntput+0x24/0x40
 [<ffffffff8122a24a>] ? __fput+0x17a/0x1f0
 [<ffffffff81014cdf>] do_notify_resume+0x5f/0xa0
 [<ffffffff8179a5bc>] int_signal+0x12/0x17
Code: 00 4d 8b 49 30 e9 35 ff ff ff 0f 1f 80 00 00 00 00 4c 89 d1 48 89 da 4c 89 ce e8 ca f9 ff ff e9 73 ff ff ff 0f 1f 44 00 00 0f 0b <0f> 0b 66 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 89 
RIP  [<ffffffff812084c2>] kfree+0x152/0x160
 RSP <ffff880132133af8>
Comment 1 Christophe Lampin 2015-08-17 21:10:12 UTC 
Same here under Fedora 21 and 4.1.4-100.

http://img.lampin.net/images/2015/08/17/P20150814180715.jpg

i've got another oops when sometimes when I switched between console and desktop (Ctrl + Alt + F1/F2). I don't know if it's related or if I need to open a new ticket.

http://img.lampin.net/images/2015/08/17/P201508142218078SqIf.jpg

After downgrading to 3.17, everything works fine.
Comment 2 Laura Abbott 2015-08-25 23:23:10 UTC 
Can you try at least 4.1.5? There was a known use after free bug that was fixed in that update.
Comment 3 Stan King 2015-08-29 18:46:01 UTC 
Laura,

I've upgraded to that version.  This and another bluetooth-related quirk seem to have gone away.  Thanks.