[Kernel-packages] [Bug 1691741] Re: Execute NX-protected page - 4.4.0-78-generic - kernel panic

Jordi de Wal Thu, 18 May 2017 05:25:59 -0700

Due to the nature of the data on the machine and the fact that I don't
know what apport will send, I'm unable to execute the apport-collect.


# Some data from /usr/bin/crash:
      KERNEL: /usr/lib/debug/boot/vmlinux-4.4.0-78-generic
    DUMPFILE: dump.201705181342  [PARTIAL DUMP]
        CPUS: 4
        DATE: Thu May 18 13:42:12 2017
      UPTIME: 00:16:34
LOAD AVERAGE: 0.21, 0.05, 0.01
       TASKS: 547
    NODENAME: <my_server>
     RELEASE: 4.4.0-78-generic
     VERSION: #99-Ubuntu SMP Thu Apr 27 15:29:09 UTC 2017
     MACHINE: x86_64  (2199 Mhz)
      MEMORY: 16 GB
       PANIC: "BUG: unable to handle kernel paging request at ffff88042a284000"
         PID: 0
     COMMAND: "swapper/1"
        TASK: ffff88042a278000  (1 of 4)  [THREAD_INFO: ffff88042a280000]
         CPU: 1
       STATE: TASK_RUNNING (PANIC)

# crash> bt
PID: 0      TASK: ffff88042a278000  CPU: 1   COMMAND: "swapper/1"
 #0 [ffff88042a283b78] machine_kexec at ffffffff8105c0db
 #1 [ffff88042a283bd8] crash_kexec at ffffffff8110e572
 #2 [ffff88042a283ca8] oops_end at ffffffff81031c49
 #3 [ffff88042a283cd0] no_context at ffffffff8106ad35
 #4 [ffff88042a283d30] __bad_area_nosemaphore at ffffffff8106b000
 #5 [ffff88042a283d78] bad_area_nosemaphore at ffffffff8106b183
 #6 [ffff88042a283d88] __do_page_fault at ffffffff8106b447
 #7 [ffff88042a283de0] trace_do_page_fault at ffffffff8106b7f7
 #8 [ffff88042a283e10] do_async_page_fault at ffffffff81063ef9
 #9 [ffff88042a283e20] async_page_fault at ffffffff81842be8
#10 [ffff88042a283e38] tick_nohz_idle_exit at ffffffff810ff75e
#11 [ffff88042a283ed8] cpu_startup_entry at ffffffff810c4736
#12 [ffff88042a283f30] start_secondary at ffffffff810517c4


# crash> bt -f
#  #9 [ffff88042a283e20] async_page_fault at ffffffff81842be8
    ffff88042a283e28: ffff88042a280000 0000000000000000 
    ffff88042a283e38: ffffffff810ff75e 
#10 [ffff88042a283e38] tick_nohz_idle_exit at ffffffff810ff75e
    ffff88042a283e40: ffff88042a283ed0 ffffffff81f38d40 
    ffff88042a283e50: 000000e797438af0 0000000000004c00 
    ffff88042a283e60: 000000010002a665 0000000000000000 
    ffff88042a283e70: 000000000000000a 0000000000000001 
    ffff88042a283e80: 0000000000000000 0000000000000001 
    ffff88042a283e90: 0000000000000083 0000000000000083 
    ffff88042a283ea0: ffffffffffffffff ffff88042a284000 
    ffff88042a283eb0: 0000000000000010 0000000000010082 
    ffff88042a283ec0: ffff88042a283ed0 0000000000000018 
    ffff88042a283ed0: ffff88042a283f28 ffffffff810c4736 
#11 [ffff88042a283ed8] cpu_startup_entry at ffffffff810c4736
    ffff88042a283ee0: ffff88042a280000 ffff88042a284000 
    ffff88042a283ef0: ee041b0196f77cc4 a1abbcd2b8b123ce 
    ffff88042a283f00: 0000000000000000 0000000000000000 
    ffff88042a283f10: 0000000000000000 0000000000000000 
    ffff88042a283f20: 0000000000000000 ffff88042a283f48 
    ffff88042a283f30: ffffffff810517c4 
#12 [ffff88042a283f30] start_secondary at ffffffff810517c4

# crash> dis tick_nohz_idle_exit
0xffffffff810ff74f <tick_nohz_idle_exit+127>:   mov    %r12,0xa8(%rbx)
0xffffffff810ff756 <tick_nohz_idle_exit+134>:   mov    %r12,%rsi
0xffffffff810ff759 <tick_nohz_idle_exit+137>:   callq  0xffffffff810ff170 
<tick_nohz_restart>
0xffffffff810ff75e <tick_nohz_idle_exit+142>:   mov    0xd0989b(%rip),%rdi      
  # 0xffffffff81e09000 <jiffies>
0xffffffff810ff765 <tick_nohz_idle_exit+149>:   sub    0x78(%rbx),%rdi

# lsmod info's
Module                  Size  Used by
zfs                  2813952  5
zunicode              331776  1 zfs
zcommon                57344  1 zfs
znvpair                90112  2 zfs,zcommon
spl                   102400  3 zfs,zcommon,znvpair
zavl                   16384  1 zfs
ppdev                  20480  0
input_leds             16384  0
shpchp                 36864  0
serio_raw              16384  0
i2c_piix4              24576  0
8250_fintek            16384  0
parport_pc             32768  0
parport                49152  2 ppdev,parport_pc
mac_hid                16384  0
autofs4                40960  2
ttm                    94208  0
drm_kms_helper        155648  0
syscopyarea            16384  1 drm_kms_helper
sysfillrect            16384  1 drm_kms_helper
sysimgblt              16384  1 drm_kms_helper
fb_sys_fops            16384  1 drm_kms_helper
psmouse               131072  0
drm                   364544  2 ttm,drm_kms_helper
pata_acpi              16384  0
floppy                 73728  0

No idea if this is useful though.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1691741

Title:
  Execute NX-protected page - 4.4.0-78-generic - kernel panic

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  After upgrading from 4.4.0-77 to 4.4.0-78 I started getting kernel
  panics.

  The crashes do not happen immediately, but have happened generally
  after a couple of minutes, sometimes more.

  After enabling linux-crashdump stuff, I managed to extract this dmesg.

  [  995.103846] kernel tried to execute NX-protected page - exploit attempt? 
(uid: 0)
  [  995.104141] BUG: unable to handle kernel paging request at ffff88042a284000
  [  995.104407] IP: [<ffff88042a284000>] 0xffff88042a284000
  [  995.104594] PGD 43f20b067 PUD 43f20e067 PMD 42a3da063 PTE 800000042a284163
  [  995.104946] Oops: 0011 [#1] SMP 
  [  995.105143] Modules linked in: zfs(PO) zunicode(PO) zcommon(PO) 
znvpair(PO) spl(O) zavl(PO) ppdev input_leds shpchp serio_raw i2c_piix4 mac_hid 
parport_pc parport 8250_fintek autofs4 ttm drm_kms_helper syscopyarea 
sysfillrect sysimgblt fb_sys_fops drm psmouse floppy pata_acpi
  [  995.107081] CPU: 1 PID: 0 Comm: swapper/1 Tainted: P           O    
4.4.0-78-generic #99-Ubuntu
  [  995.107299] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014
  [  995.107573] task: ffff88042a278000 ti: ffff88042a280000 task.ti: 
ffff88042a280000
  [  995.108070] RIP: 0010:[<ffff88042a284000>]  [<ffff88042a284000>] 
0xffff88042a284000
  [  995.108637] RSP: 0018:ffff88042a283ed0  EFLAGS: 00010082
  [  995.109116] RAX: 0000000000000001 RBX: 000000e797438af0 RCX: 
0000000000000000
  [  995.109638] RDX: 0000000000000001 RSI: 0000000000000083 RDI: 
0000000000000083
  [  995.110143] RBP: ffffffff81f38d40 R08: 000000000000000a R09: 
0000000000000000
  [  995.110665] R10: 000000010002a665 R11: 0000000000004c00 R12: 
ffff88042a283ed0
  [  995.111182] R13: ffffffff810ff75e R14: 0000000000000000 R15: 
ffff88042a280000
  [  995.111733] FS:  0000000000000000(0000) GS:ffff88043fc80000(0000) 
knlGS:0000000000000000
  [  995.112486] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  [  995.112978] CR2: ffff88042a284000 CR3: 000000043d246000 CR4: 
00000000000006e0
  [  995.113497] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
0000000000000000
  [  995.114085] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 
0000000000000400
  [  995.114612] Stack:
  [  995.114965]  ffff88042a283f28 ffffffff810c4736 ffff88042a280000 
ffff88042a284000
  [  995.116204]  ee041b0196f77cc4 a1abbcd2b8b123ce 0000000000000000 
0000000000000000
  [  995.117389]  0000000000000000 0000000000000000 0000000000000000 
ffff88042a283f48
  [  995.118425] Call Trace:
  [  995.118811]  [<ffffffff810c4736>] ? cpu_startup_entry+0x176/0x350
  [  995.119293]  [<ffffffff810517c4>] ? start_secondary+0x154/0x190
  [  995.119775] Code: ff ff ff 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 
02 02 00 00 00 00 00 00 58 3f 28 2a 04 88 ff ff 18 00 00 00 00 00 00 00 <c0> 8c 
27 2a 04 88 ff ff 00 00 00 00 00 00 00 00 02 00 00 00 00 
  [  995.125554] RIP  [<ffff88042a284000>] 0xffff88042a284000
  [  995.126088]  RSP <ffff88042a283ed0>
  [  995.126453] CR2: ffff88042a284000

  I've upgraded other machines as well, and only this particular VM
  shows this behaviour.

  I have a crash dump, but I haven't looked into the contents yet.
  Getting the dmesg was already a pain in the behind.

  The VM this happens on is:
  - a KVM guest
  - x86_64, 4 cores
  - 16gb ram

  lsb_release:
  Distributor ID: Ubuntu
  Description:    Ubuntu 16.04.2 LTS
  Release:        16.04
  Codename:       xenial

  lspci says:
  00:00.0 Host bridge: Intel Corporation 440FX - 82441FX PMC [Natoma] (rev 02)
  00:01.0 ISA bridge: Intel Corporation 82371SB PIIX3 ISA [Natoma/Triton II]
  00:01.1 IDE interface: Intel Corporation 82371SB PIIX3 IDE [Natoma/Triton II]
  00:01.2 USB controller: Intel Corporation 82371SB PIIX3 USB [Natoma/Triton 
II] (rev 01)
  00:01.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 03)
  00:02.0 VGA compatible controller: VMware SVGA II Adapter
  00:03.0 Unclassified device [00ff]: Red Hat, Inc Virtio memory balloon
  00:0a.0 SCSI storage controller: Red Hat, Inc Virtio block device
  00:0b.0 SCSI storage controller: Red Hat, Inc Virtio block device
  00:12.0 Ethernet controller: Red Hat, Inc Virtio network device
  00:1e.0 PCI bridge: Red Hat, Inc. QEMU PCI-PCI bridge
  00:1f.0 PCI bridge: Red Hat, Inc. QEMU PCI-PCI bridge

  Let me know if there are other helpful details I can provide. If I
  find out more, I'll update this ticket.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1691741/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1691741] Re: Execute NX-protected page - 4.4.0-78-generic - kernel panic

Reply via email to