Bug 1506892 - [abrt] kernel-PAE-core: mempool_free_slab(): BUG: unable to handle kernel NULL pointer dereference at 00000004
Summary: [abrt] kernel-PAE-core: mempool_free_slab(): BUG: unable to handle kernel NUL...
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 26
Hardware: i686
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:7ccd263f1913941d09ae0a38f46...
Keywords:
Depends On:
Blocks: x86Tracker
TreeView+ depends on / blocked
 
Reported: 2017-10-27 05:59 UTC by Claude Frantz
Modified: 2018-03-19 15:11 UTC (History)
21 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2018-03-19 15:11:17 UTC


Attachments (Terms of Use)
File: backtrace (2.67 KB, text/plain)
2017-10-27 05:59 UTC, Claude Frantz
no flags Details
File: cpuinfo (931 bytes, text/plain)
2017-10-27 05:59 UTC, Claude Frantz
no flags Details
File: dmesg (76.34 KB, text/plain)
2017-10-27 05:59 UTC, Claude Frantz
no flags Details
File: not-reportable (165 bytes, text/plain)
2017-10-27 05:59 UTC, Claude Frantz
no flags Details
File: proc_modules (4.07 KB, text/plain)
2017-10-27 05:59 UTC, Claude Frantz
no flags Details
File: suspend_stats (269 bytes, text/plain)
2017-10-27 05:59 UTC, Claude Frantz
no flags Details
dmesg output (64.11 KB, text/plain)
2017-11-20 17:05 UTC, Claude Frantz
no flags Details

Description Claude Frantz 2017-10-27 05:59:04 UTC
Version-Release number of selected component:
kernel-PAE-core-4.13.8-200.fc26

Additional info:
reporter:       libreport-2.9.1
cmdline:        BOOT_IMAGE=/vmlinuz-4.13.8-200.fc26.i686+PAE root=UUID=30a9af7c-df05-4249-a2ad-b920bcbd4f45 ro rd.md=0 rd.lvm=0 rd.dm=0 rd.luks=0 vconsole.font=latarcyrheb-sun16 vconsole.keymap=de rhgb acpi_backlight=vendor acpi_osi=Linux resume=/dev/sda6 quiet LANG=en_US.UTF-8
crash_function: mempool_free_slab
kernel:         4.13.8-200.fc26.i686+PAE
kernel_tainted_long: W - Taint on warning.
kernel_tainted_short: GW
runlevel:       N 5
type:           Kerneloops

Truncated backtrace:
BUG: unable to handle kernel NULL pointer dereference at 00000004
IP: bio_uncopy_user+0xc3/0x140
*pdpt = 000000002cd23001 *pde = 0000000000000000 
Oops: 0000 [#1] SMP
Modules linked in: fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ccm ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables sunrpc iTCO_wdt coretemp iTCO_vendor_support kvm_intel kvm uvcvideo irqbypass videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core arc4 videodev media joydev lpc_ich snd_hda_codec_via ath9k snd_hda_codec_generic ath9k_common snd_hda_intel ath9k_hw snd_hda_codec snd_hda_core snd_hwdep mac80211 snd_seq ath cfg80211 snd_seq_device tpm_tis tpm_tis_core snd_pcm
 asus_laptop sparse_keymap rfkill input_polldev tpm snd_timer snd soundcore acpi_cpufreq dm_multipath serio_raw i915 atl1e video i2c_algo_bit drm_kms_helper drm
CPU: 1 PID: 2318 Comm: udisksd Tainted: G        W       4.13.8-200.fc26.i686+PAE #1
Hardware name: ASUSTeK Computer Inc.         P50IJ               /P50IJ     , BIOS 203     12/04/2009
task: d5972300 task.stack: ecf80000
EIP: bio_uncopy_user+0xc3/0x140
EFLAGS: 00210246 CPU: 1
EAX: d5972300 EBX: d5c23d80 ECX: 00000000 EDX: 000439ee
ESI: 000007d0 EDI: 00000000 EBP: ecf81d3c ESP: ecf81d0c
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
CR0: 80050033 CR2: 00000004 CR3: 2cd468c0 CR4: 000406f0
Call Trace:
 ? mempool_free_slab+0x13/0x20
 ? mempool_free+0x23/0x80
 __blk_rq_unmap_user+0x17/0x40
 blk_rq_unmap_user+0x27/0x60
 sg_io+0x23e/0x3e0
 scsi_cmd_ioctl+0x26a/0x3f0
 ? ata_sas_scsi_ioctl+0x270/0x270
 ? ata_scsi_ioctl+0x1d/0x30
 scsi_cmd_blk_ioctl+0x30/0x40
 sd_ioctl+0xa9/0x1a0
 ? scsi_disk_put+0x40/0x40
 blkdev_ioctl+0x8ee/0xa30
 ? do_filp_open+0x7f/0xd0
 block_ioctl+0x34/0x40
 ? block_ioctl+0x34/0x40
 ? blkdev_fallocate+0x220/0x220
 do_vfs_ioctl+0x90/0x650
 ? selinux_file_ioctl+0xe9/0x1c0
 ? vfs_rename+0x645/0x890
 ? do_sys_open+0x13b/0x250
 SyS_ioctl+0x58/0x70
 do_fast_syscall_32+0x71/0x150
 entry_SYSENTER_32+0x4e/0x7c
EIP: 0xb7f2ecf9
EFLAGS: 00000293 CPU: 1
EAX: ffffffda EBX: 0000000c ECX: 00002285 EDX: bfe8bafc
ESI: bfe8bc6c EDI: bfe8bbec EBP: bfe8bc7c ESP: bfe8baa8
 DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b
Code: f0 65 33 0d 14 00 00 00 8b 45 d4 0f 85 8f 00 00 00 8d 65 f4 5b 5e 5f 5d c3 8d b4 26 00 00 00 00 8b 4d d0 66 83 7b 54 00 8b 73 5c <8b> 41 04 89 45 d8 8b 41 08 89 45 dc 8b 41 0c 89 45 e0 8b 41 10
EIP: bio_uncopy_user+0xc3/0x140 SS:ESP: 0068:ecf81d0c
CR2: 0000000000000004

Comment 1 Claude Frantz 2017-10-27 05:59:06 UTC
Created attachment 1344168 [details]
File: backtrace

Comment 2 Claude Frantz 2017-10-27 05:59:08 UTC
Created attachment 1344169 [details]
File: cpuinfo

Comment 3 Claude Frantz 2017-10-27 05:59:13 UTC
Created attachment 1344170 [details]
File: dmesg

Comment 4 Claude Frantz 2017-10-27 05:59:15 UTC
Created attachment 1344171 [details]
File: not-reportable

Comment 5 Claude Frantz 2017-10-27 05:59:17 UTC
Created attachment 1344172 [details]
File: proc_modules

Comment 6 Claude Frantz 2017-10-27 05:59:19 UTC
Created attachment 1344173 [details]
File: suspend_stats

Comment 7 Claude Frantz 2017-10-27 06:38:25 UTC
The problem occurred while inserting a DVD-RAM in the drive.

Comment 8 Jeff Backus 2017-11-04 14:42:43 UTC
Hi Claude,

Forgive my ignorance, but by DVD-RAM, do you mean a writable DVD? Is this in any way related to issue 1508757? (https://bugzilla.redhat.com/show_bug.cgi?id=1508757) Thanks!

Comment 9 Claude Frantz 2017-11-04 15:04:36 UTC
Hi Jeff,

Yes, it's a writeable DVD and the drive is DVD-RAM capable. A sort of a slow hard disk. 

This crash occurred at the insertion of the DVD-RAM, but it's not sure that this action is related to the crash. 

Similar crashes occur in other circumstances, with the last available kernels, making the working with them nearly impossible. I had to reboot with an earlier kernel, to be able to respond to this message. After the crash, the available information in the logs is often truncated. 

Thanks for helping me!

Comment 10 Jeff Backus 2017-11-04 15:42:46 UTC
Hi Claude,

Yes, I imagine so! Sorry you are having to go through this.

So it sounds like these crashes are somewhat random? And if so, perhaps bug 1508757 is another symptom of the same issue?

I'll ask the same question I asked there, but feel free to just answer it here:
It looks like your machine is capable of 64bit. Have you tried using the 64bit version of Fedora? If so, does it also crash?

Comment 11 Claude Frantz 2017-11-04 16:08:08 UTC
Hi Jeff,

Considering the present observations, these crashes are somewhat random, but there are probably not really because there are so many interactions of so many components that it's very difficult for me to find where the problematic sequence started. In most cases, it's at a rather short time after the boot. 

Yes, the machine is 64 bit capable. But because the RAM is of modest size (4 GB), I have never used this 64 bit mode.

Comment 12 Claude Frantz 2017-11-05 08:56:48 UTC
Hi,

Please allow me to point to the following lines which appear at the begin of the dmesg output:

[    3.338614] Hardware name: ASUSTeK Computer Inc.         P50IJ               /P50IJ     , BIOS 203     
12/04/2009
[    3.338671] task: f712c600 task.stack: f7122000
[    3.338721] EIP: note_page+0x670/0x860
[    3.338722] EFLAGS: 00010246 CPU: 1
[    3.338723] EAX: 00000041 EBX: f7123f50 ECX: 00000001 EDX: da0acc28
[    3.338725] ESI: 80000000 EDI: 00000000 EBP: f7123f1c ESP: f7123ef0
[    3.338726]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[    3.338727] CR0: 80050033 CR2: b7f075ac CR3: 1a098000 CR4: 000406f0
[    3.338729] Call Trace:
[    3.338779]  ptdump_walk_pgd_level_core+0x1fc/0x2e0
[    3.338831]  ptdump_walk_pgd_level_checkwx+0x16/0x20
[    3.338882]  mark_rodata_ro+0xd5/0xf7
[    3.338931]  ? rest_init+0xa0/0xa0
[    3.338979]  kernel_init+0x2e/0xea
[    3.339038]  ret_from_fork+0x19/0x24
[    3.339092] Code: d9 e9 0c fb ff ff f7 c6 00 10 00 00 74 8c 68 a9 c9 dc d9 e9 16 fe ff ff 52 52 68 44 c
a dc d9 c6 05 e6 b4 f6 d9 01 e8 2d 67 06 00 <0f> ff 8b 53 0c 83 c4 0c e9 38 fa ff ff 50 6a 08 52 6a 08 68 
59
[    3.339195] ---[ end trace 7cb359b140464c53 ]---
[    3.339277] x86/mm: Checked W+X mappings: FAILED, 96 W+X pages found.
[    3.339280] rodata_test: all tests were successful

I ignore if this is related to the crash which occurs sometime later.

I do not more remember exactly at which time these above mentioned lines have began to appear in the output. But I remember that the crash never appeared before.

Comment 13 Claude Frantz 2017-11-14 06:45:16 UTC
While using the 4.13.11-200 kernel now, the crash never occurred up to now.

Comment 14 Claude Frantz 2017-11-15 06:07:56 UTC
While using the 4.13.12-200.fc26.i686+PAE kernel now, the crash occurs again.

Comment 15 Claude Frantz 2017-11-20 17:05 UTC
Created attachment 1355963 [details]
dmesg output

Hi Jeff,

Today, I have tried to start this computer sing a Fedora-Xfce-live DVD 27-1-6 x86_64. The kernel is presented as 4.13.9-300.fc27.x86_64. Please note here:

x86/mm: Checked W+X mappings: passed, no W+X pages found.

This different from the 32 bit mode.

Comment 16 Claude Frantz 2017-12-03 09:00:12 UTC
Please excuse me to return to this difficult subject. Because of this bug, I have now some corrupted files on different media, including on backup files. That made it difficult to restore to the expected state. Now, I'm forced to use CD-Rescue to generate backups and to use an outdated kernel for the other tasks on Fedora 26. You will easily understand that this cannot be considered as a solution. 

I cannot afford to test every released kernel in the distribution, because I cannot afford to risk to increase the number of corrupted files I have.

Please allow me to ask few questions:

What module and/or part of the kernel is causing the issue ? Is work in progress in order to fix it ? In which release will a reasonable fix be available ? What can I do further ?

The suspected relationship between the failed W+X page check could not be confirmed by my further observations. 

Many thanks to you all.

Comment 17 Laura Abbott 2018-02-28 03:50:03 UTC
We apologize for the inconvenience.  There is a large number of bugs to go through and several of them have gone stale. The kernel moves very fast so bugs may get fixed as part of a kernel update. Due to this, we are doing a mass bug update across all of the Fedora 26 kernel bugs.
 
Fedora 26 has now been rebased to 4.15.4-200.fc26.  Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel.
 
If you have moved on to Fedora 27, and are still experiencing this issue, please change the version to Fedora 27.
 
If you experience different issues, please open a new bug report for those.

Comment 18 Claude Frantz 2018-03-19 13:59:19 UTC
Now, I'm at the current 4.15.9-200.fc26.i686+PAE. It allows a stable work but there are (In reply to Laura Abbott from comment #17)
> We apologize for the inconvenience.  There is a large number of bugs to go
> through and several of them have gone stale. The kernel moves very fast so
> bugs may get fixed as part of a kernel update. Due to this, we are doing a
> mass bug update across all of the Fedora 26 kernel bugs.
>  
> Fedora 26 has now been rebased to 4.15.4-200.fc26.  Please test this kernel
> update (or newer) and let us know if you issue has been resolved or if it is
> still present with the newer kernel.
>  
> If you have moved on to Fedora 27, and are still experiencing this issue,
> please change the version to Fedora 27.
>  
> If you experience different issues, please open a new bug report for those.

I'm on 4.15.9-200.fc26.i686+PAE now. The system is stable but there are some problematic entries in the log like:

Mar 19 08:12:38 defi kernel: x86/mm: Found insecure W+X mapping at address 57d76a8e/0xc00a0000
Mar 19 08:12:38 defi kernel: WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:266 note_page+0x670/0
Mar 19 08:12:38 defi kernel: Modules linked in:
Mar 19 08:12:38 defi kernel: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.15.9-200.fc26.i686+PAE #1
Mar 19 08:12:38 defi kernel: Hardware name: ASUSTeK Computer Inc.         P50IJ               /P50IJ     ,
Mar 19 08:12:38 defi kernel: EIP: note_page+0x670/0x860
Mar 19 08:12:38 defi kernel: EFLAGS: 00010296 CPU: 0
Mar 19 08:12:38 defi kernel: EAX: 00000041 EBX: f2525f4c ECX: 00000001 EDX: d7905ea8
Mar 19 08:12:38 defi kernel: ESI: 80000000 EDI: 00000000 EBP: f2525f18 ESP: f2525eec
Mar 19 08:12:38 defi kernel:  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Mar 19 08:12:38 defi kernel: CR0: 80050033 CR2: b7f2d5ac CR3: 178f2000 CR4: 000406f0
Mar 19 08:12:38 defi kernel: Call Trace:
Mar 19 08:12:38 defi kernel:  ptdump_walk_pgd_level_core+0x204/0x2e0
Mar 19 08:12:38 defi kernel:  ptdump_walk_pgd_level_checkwx+0x18/0x20
Mar 19 08:12:38 defi kernel:  mark_rodata_ro+0xd5/0xf7
Mar 19 08:12:38 defi kernel:  ? rest_init+0xa0/0xa0
Mar 19 08:12:38 defi kernel:  kernel_init+0x2e/0xf0
Mar 19 08:12:38 defi kernel:  ret_from_fork+0x2e/0x38
Mar 19 08:12:38 defi kernel: Code: d7 e9 0c fb ff ff f7 c6 00 10 00 00 74 8c 68 9d 65 61 d7 e9 16 fe ff ff
Mar 19 08:12:38 defi kernel: ---[ end trace 2044d6512605a61a ]---
Mar 19 08:12:38 defi kernel: x86/mm: Checked W+X mappings: FAILED, 96 W+X pages found.

Further, /sys/devices/system/cpu/vulnerabilities/meltdown contains: 
Vulnerable

Please do not switch to the Fedora 28 release until the kernel becomes stable.

Comment 19 Laura Abbott 2018-03-19 15:11:17 UTC
The meltdown issue is known since 32-bit support is still pending, please see https://lists.fedoraproject.org/archives/list/x86@lists.fedoraproject.org/thread/ABTEQGUHUNPQMELINGCIHWQ2LBFWC7LC/

The other issue is also known and there is a bugzilla somewhere (sorry, can't find it).

I'm going to close this particular bug since the original issue isn't seen anymore, Please follow up elsewhere for other issues.


Note You need to log in before you can comment on or make changes to this bug.