Additional info: reporter: libreport-2.1.5 WARNING: at include/linux/mm.h:280 put_compound_page+0x68/0x270() Hardware name: 4243BQ3 Modules linked in: nls_utf8 hfsplus hfs vfat fat isofs vhost_net macvtap macvlan hidp fuse ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_CHECKSUM iptable_mangle tun bridge stp llc rfcomm bnep ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter xt_conntrack nf_conntrack ip6_tables xfs libcrc32c mperf coretemp kvm_intel kvm arc4 iwldvm mac80211 snd_hda_codec_hdmi snd_hda_codec_conexant iTCO_wdt iTCO_vendor_support snd_usb_audio snd_usbmidi_lib snd_rawmidi uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core videodev media snd_hda_intel snd_hda_codec snd_hwdep snd_seq snd_seq_device snd_pcm microcode i2c_i801 iwlwifi snd_page_alloc snd_timer cfg80211 e1000e btusb bluetooth lpc_ich mfd_core sdhci_pci sdhci mmc_core mei ptp pps_core wmi thinkpad_acpi snd soundcore rfkill uinput dm_crypt crc32_pclmul crc32c_intel i915 ghash_clmulni_intel firewire_ohci firewire_core i2c_algo_bit crc_itu_t drm_kms_helper drm usb_storage i2c_core video Pid: 4461, comm: vhost-4460 Not tainted 3.9.5-301.fc19.x86_64 #1 Call Trace: [<ffffffff8105cc26>] warn_slowpath_common+0x66/0x80 [<ffffffffa0744f64>] ? tun_get_user+0x6b4/0x7a0 [tun] [<ffffffff8105ccfa>] warn_slowpath_null+0x1a/0x20 [<ffffffff8113c828>] put_compound_page+0x68/0x270 [<ffffffffa0744f64>] ? tun_get_user+0x6b4/0x7a0 [tun] [<ffffffff8113ca7b>] put_page+0x4b/0x60 [<ffffffff8152c7e7>] skb_release_data+0x87/0x100 [<ffffffff8152c87a>] __kfree_skb+0x1a/0xb0 [<ffffffff8152c942>] kfree_skb+0x32/0x90 [<ffffffffa0744f64>] tun_get_user+0x6b4/0x7a0 [tun] [<ffffffffa07450a7>] tun_sendmsg+0x57/0x80 [tun] [<ffffffffa07b9a58>] handle_tx+0x1c8/0x640 [vhost_net] [<ffffffffa07b9f05>] handle_tx_kick+0x15/0x20 [vhost_net] [<ffffffffa07b681d>] vhost_worker+0xed/0x190 [vhost_net] [<ffffffffa07b6730>] ? __vhost_add_used_n+0x100/0x100 [vhost_net] [<ffffffff810801f0>] kthread+0xc0/0xd0 [<ffffffff81080130>] ? insert_kthread_work+0x40/0x40 [<ffffffff8164e6ec>] ret_from_fork+0x7c/0xb0 [<ffffffff81080130>] ? insert_kthread_work+0x40/0x40
Created attachment 762843 [details] File: dmesg
This is likely related to 975065 but is by no means the identical problem.
(In reply to Brad Hubbard from comment #2) > This is likely related to 975065 but is by no means the identical problem. What makes you say that? How does it appear to be a different problem?
(In reply to Andrew Jones from comment #3) > (In reply to Brad Hubbard from comment #2) > > This is likely related to 975065 but is by no means the identical problem. > > What makes you say that? How does it appear to be a different problem? Well, this one is a warning, the other is a NULL pointer dereference. This issue is in put_compound_page+0x68 whereas the other is in put_page+0x11. They share a common stack up to a point so I agree the root cause is probably the same but they are not the same, specific, issue. I've seen too many issues that look identical at first glance but turn out to be different to make the call that this is definitely a DUP at this stage.
The bug to warning change is due to a fedora patch redefining VM_BUG_ON from BUG_ON to WARN_ON. And put_compound_page is called from put_page, when the page is a compound page, but both paths end up calling put_page_testzero, where they hit the same VM_BUG_ON. *** This bug has been marked as a duplicate of bug 975065 ***
Thanks for the explanation Andrew.