[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)
Done. ** Tags removed: verification-needed-wily ** Tags added: verification-done-wily -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1505948 Title: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE) Status in linux package in Ubuntu: Fix Released Status in linux source package in Wily: Fix Committed Status in linux source package in Xenial: Fix Released Status in linux package in Fedora: Unknown Bug description: == SRU Justification == Impact: Races in fuse's synchronous io handling can result in use- after-free bugs which are causing kernel crashes. Fix: Two commits from fuse-next, one which simply caches the result of a test to avoid a use-after-free and another which adds reference counting to the fuse_io_priv struct to get rid of some convoluted rules for determining when this structure can be freed. Test case: Tested on LP #1505948. --- Hello everybody, Linux 4.1, 4.2 or 4.3-rc leads to an immediate kernel panic in our setup when trying to start a Qemu process on top of a fuse-based mount. Here is an example stacktrace: [ 739.807817] BUG: unable to handle kernel paging request at 8800a4104ea0 [ 739.840201] IP: [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 739.870309] PGD 2fee067 PUD 2fbf4dd063 PMD 0 [ 739.890418] Oops: [#1] SMP [ 739.905265] Modules linked in: nbd vport_vxlan vport_gre gre ebtable_filter ebtables openvswitch ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter xt_CT iptable_raw ip_tables xt_tcpudp ip6t_REJECT nf_reject_ipv6 xt_limit nf_conntrack_ipv6 nf_defrag_ipv6 xt_multiport xt_conntrack nf_conntrack ip6table_filter ip6_tables x_tables dm_crypt ipmi_ssif intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd kvm_intel kvm ipmi_devintf vhost_net vhost macvtap macvlan joydev input_leds dm_multipath scsi_dh bonding sb_edac 8021q garp hpilo mrp stp ipmi_si llc edac_core lpc_ich ioatdma 8250_fintek ipmi_msghandler lp shpchp acpi_power_meter mac_hid parport nls_iso8859_1 sch_fq_codel xfs libcrc32c btrfs xor raid6_pq ixgbe ses enclosure hid_generic dca vxlan usbhid ip6_udp_tunnel tg3 udp_tunnel ptp hid pps_core hpsa mdio wmi [ 740.345300] CPU: 8 PID: 10550 Comm: qemu-system-x86 Not tainted 4.2.0-040200-generic #201508301530 [ 740.386879] Hardware name: HP ProLiant DL380 Gen9, BIOS P89 05/06/2015 [ 740.416827] task: 882f8e958dc0 ti: 882f28c2 task.ti: 882f28c2 [ 740.451672] RIP: 0010:[] [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 740.494047] RSP: 0018:882f28c23c68 EFLAGS: 00010286 [ 740.518425] RAX: RBX: 00d0 RCX: 26b3 [ 740.551611] RDX: 26b2 RSI: 00d0 RDI: 882fbf407840 [ 740.584846] RBP: 882f28c23ca8 R08: 00019920 R09: e8d000200ab0 [ 740.618287] R10: 812e8dcd R11: ea00bca0ac00 R12: 00d0 [ 740.651320] R13: 882fbf407840 R14: 8800a4104ea0 R15: 882fbf407840 [ 740.684195] FS: 7f2642ffd700() GS:882fbfa0() knlGS: [ 740.722030] CS: 0010 DS: ES: CR0: 80050033 [ 740.749469] CR2: 8800a4104ea0 CR3: 002f26f83000 CR4: 001426e0 [ 740.783390] Stack: [ 740.792577] 812e8dcd 0048 0002 882f908c8468 [ 740.827003] 01bef000 882f928e4600 882f28c23e48 882f28c23d70 [ 740.860971] 882f28c23d38 812e8dcd 0001 882f908c8300 [ 740.894994] Call Trace: [ 740.906211] [] ? fuse_direct_IO+0xdd/0x280 [ 740.932940] [] fuse_direct_IO+0xdd/0x280 [ 740.958866] [] generic_file_direct_write+0x9e/0x150 [ 740.989318] [] fuse_file_write_iter+0x15c/0x2e0 [ 741.017725] [] __vfs_write+0xa7/0xf0 [ 741.041787] [] vfs_write+0xa9/0x190 [ 741.065307] [] SyS_pwrite64+0x69/0xa0 [ 741.090141] [] ? SyS_rt_sigprocmask+0x67/0xb0 [ 741.135924] [] entry_SYSCALL_64_fastpath+0x16/0x75 [ 741.183478] Code: 4c 03 05 32 d8 e3 7e 4d 8b 30 49 8b 40 10 4d 85 f6 0f 84 22 01 00 00 48 85 c0 0f 84 19 01 00 00 49 63 47 20 48 8d 4a 01 4d 8b 07 <49> 8b 1c 06 4c 89 f0 65 49 0f c7 08 0f 94 c0 84 c0 74 b9 49 63 [ 741.306817] RIP [] kmem_cache_alloc_trace+0x7a/0x1f0 The problem has also been documented by somebody else in the Fedora bug tracker at https://bugzilla.redhat.com/show_bug.cgi?id=1254310 This behaviour is 100% reproducible. I have asked the fuse-devel mailinglist for advice, but up to this point with no success:
[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)
This also affects the Xenial Standard Kernel. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1505948 Title: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE) Status in linux package in Ubuntu: Confirmed Status in linux source package in Wily: Confirmed Bug description: Hello everybody, Linux 4.1, 4.2 or 4.3-rc leads to an immediate kernel panic in our setup when trying to start a Qemu process on top of a fuse-based mount. Here is an example stacktrace: [ 739.807817] BUG: unable to handle kernel paging request at 8800a4104ea0 [ 739.840201] IP: [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 739.870309] PGD 2fee067 PUD 2fbf4dd063 PMD 0 [ 739.890418] Oops: [#1] SMP [ 739.905265] Modules linked in: nbd vport_vxlan vport_gre gre ebtable_filter ebtables openvswitch ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter xt_CT iptable_raw ip_tables xt_tcpudp ip6t_REJECT nf_reject_ipv6 xt_limit nf_conntrack_ipv6 nf_defrag_ipv6 xt_multiport xt_conntrack nf_conntrack ip6table_filter ip6_tables x_tables dm_crypt ipmi_ssif intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd kvm_intel kvm ipmi_devintf vhost_net vhost macvtap macvlan joydev input_leds dm_multipath scsi_dh bonding sb_edac 8021q garp hpilo mrp stp ipmi_si llc edac_core lpc_ich ioatdma 8250_fintek ipmi_msghandler lp shpchp acpi_power_meter mac_hid parport nls_iso8859_1 sch_fq_codel xfs libcrc32c btrfs xor raid6_pq ixgbe ses enclosure hid_generic dca vxlan usbhid ip6_udp_tunnel tg3 udp_tunnel ptp hid pps_core hpsa mdio wmi [ 740.345300] CPU: 8 PID: 10550 Comm: qemu-system-x86 Not tainted 4.2.0-040200-generic #201508301530 [ 740.386879] Hardware name: HP ProLiant DL380 Gen9, BIOS P89 05/06/2015 [ 740.416827] task: 882f8e958dc0 ti: 882f28c2 task.ti: 882f28c2 [ 740.451672] RIP: 0010:[] [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 740.494047] RSP: 0018:882f28c23c68 EFLAGS: 00010286 [ 740.518425] RAX: RBX: 00d0 RCX: 26b3 [ 740.551611] RDX: 26b2 RSI: 00d0 RDI: 882fbf407840 [ 740.584846] RBP: 882f28c23ca8 R08: 00019920 R09: e8d000200ab0 [ 740.618287] R10: 812e8dcd R11: ea00bca0ac00 R12: 00d0 [ 740.651320] R13: 882fbf407840 R14: 8800a4104ea0 R15: 882fbf407840 [ 740.684195] FS: 7f2642ffd700() GS:882fbfa0() knlGS: [ 740.722030] CS: 0010 DS: ES: CR0: 80050033 [ 740.749469] CR2: 8800a4104ea0 CR3: 002f26f83000 CR4: 001426e0 [ 740.783390] Stack: [ 740.792577] 812e8dcd 0048 0002 882f908c8468 [ 740.827003] 01bef000 882f928e4600 882f28c23e48 882f28c23d70 [ 740.860971] 882f28c23d38 812e8dcd 0001 882f908c8300 [ 740.894994] Call Trace: [ 740.906211] [] ? fuse_direct_IO+0xdd/0x280 [ 740.932940] [] fuse_direct_IO+0xdd/0x280 [ 740.958866] [] generic_file_direct_write+0x9e/0x150 [ 740.989318] [] fuse_file_write_iter+0x15c/0x2e0 [ 741.017725] [] __vfs_write+0xa7/0xf0 [ 741.041787] [] vfs_write+0xa9/0x190 [ 741.065307] [] SyS_pwrite64+0x69/0xa0 [ 741.090141] [] ? SyS_rt_sigprocmask+0x67/0xb0 [ 741.135924] [] entry_SYSCALL_64_fastpath+0x16/0x75 [ 741.183478] Code: 4c 03 05 32 d8 e3 7e 4d 8b 30 49 8b 40 10 4d 85 f6 0f 84 22 01 00 00 48 85 c0 0f 84 19 01 00 00 49 63 47 20 48 8d 4a 01 4d 8b 07 <49> 8b 1c 06 4c 89 f0 65 49 0f c7 08 0f 94 c0 84 c0 74 b9 49 63 [ 741.306817] RIP [] kmem_cache_alloc_trace+0x7a/0x1f0 The problem has also been documented by somebody else in the Fedora bug tracker at https://bugzilla.redhat.com/show_bug.cgi?id=1254310 This behaviour is 100% reproducible. I have asked the fuse-devel mailinglist for advice, but up to this point with no success: http://sourceforge.net/p/fuse/mailman/message/34537139/ We are still investigating if this issue is also happening with 4.0 and will add the information to this bug report once we have it. Any help on debugging will be greatly appreciated. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1505948/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1505948] [NEW] Memory allocation failure crashes kernel hard, presumably related to FUSE
Public bug reported: Hello everybody, Linux 4.1, 4.2 or 4.3-rc leads to an immediate kernel panic in our setup when trying to start a Qemu process on top of a fuse-based mount. Here is an example stacktrace: [ 739.807817] BUG: unable to handle kernel paging request at 8800a4104ea0 [ 739.840201] IP: [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 739.870309] PGD 2fee067 PUD 2fbf4dd063 PMD 0 [ 739.890418] Oops: [#1] SMP [ 739.905265] Modules linked in: nbd vport_vxlan vport_gre gre ebtable_filter ebtables openvswitch ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter xt_CT iptable_raw ip_tables xt_tcpudp ip6t_REJECT nf_reject_ipv6 xt_limit nf_conntrack_ipv6 nf_defrag_ipv6 xt_multiport xt_conntrack nf_conntrack ip6table_filter ip6_tables x_tables dm_crypt ipmi_ssif intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd kvm_intel kvm ipmi_devintf vhost_net vhost macvtap macvlan joydev input_leds dm_multipath scsi_dh bonding sb_edac 8021q garp hpilo mrp stp ipmi_si llc edac_core lpc_ich ioatdma 8250_fintek ipmi_msghandler lp shpchp acpi_power_meter mac_hid parport nls_iso8859_1 sch_fq_codel xfs libcrc32c btrfs xor raid6_pq ixgbe ses enclosure h id_generic dca vxlan usbhid ip6_udp_tunnel tg3 udp_tunnel ptp hid pps_core hpsa mdio wmi [ 740.345300] CPU: 8 PID: 10550 Comm: qemu-system-x86 Not tainted 4.2.0-040200-generic #201508301530 [ 740.386879] Hardware name: HP ProLiant DL380 Gen9, BIOS P89 05/06/2015 [ 740.416827] task: 882f8e958dc0 ti: 882f28c2 task.ti: 882f28c2 [ 740.451672] RIP: 0010:[] [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 740.494047] RSP: 0018:882f28c23c68 EFLAGS: 00010286 [ 740.518425] RAX: RBX: 00d0 RCX: 26b3 [ 740.551611] RDX: 26b2 RSI: 00d0 RDI: 882fbf407840 [ 740.584846] RBP: 882f28c23ca8 R08: 00019920 R09: e8d000200ab0 [ 740.618287] R10: 812e8dcd R11: ea00bca0ac00 R12: 00d0 [ 740.651320] R13: 882fbf407840 R14: 8800a4104ea0 R15: 882fbf407840 [ 740.684195] FS: 7f2642ffd700() GS:882fbfa0() knlGS: [ 740.722030] CS: 0010 DS: ES: CR0: 80050033 [ 740.749469] CR2: 8800a4104ea0 CR3: 002f26f83000 CR4: 001426e0 [ 740.783390] Stack: [ 740.792577] 812e8dcd 0048 0002 882f908c8468 [ 740.827003] 01bef000 882f928e4600 882f28c23e48 882f28c23d70 [ 740.860971] 882f28c23d38 812e8dcd 0001 882f908c8300 [ 740.894994] Call Trace: [ 740.906211] [] ? fuse_direct_IO+0xdd/0x280 [ 740.932940] [] fuse_direct_IO+0xdd/0x280 [ 740.958866] [] generic_file_direct_write+0x9e/0x150 [ 740.989318] [] fuse_file_write_iter+0x15c/0x2e0 [ 741.017725] [] __vfs_write+0xa7/0xf0 [ 741.041787] [] vfs_write+0xa9/0x190 [ 741.065307] [] SyS_pwrite64+0x69/0xa0 [ 741.090141] [] ? SyS_rt_sigprocmask+0x67/0xb0 [ 741.135924] [] entry_SYSCALL_64_fastpath+0x16/0x75 [ 741.183478] Code: 4c 03 05 32 d8 e3 7e 4d 8b 30 49 8b 40 10 4d 85 f6 0f 84 22 01 00 00 48 85 c0 0f 84 19 01 00 00 49 63 47 20 48 8d 4a 01 4d 8b 07 <49> 8b 1c 06 4c 89 f0 65 49 0f c7 08 0f 94 c0 84 c0 74 b9 49 63 [ 741.306817] RIP [] kmem_cache_alloc_trace+0x7a/0x1f0 The problem has also been documented by somebody else in the Fedora bug tracker at https://bugzilla.redhat.com/show_bug.cgi?id=1254310 This behaviour is 100% reproducible. I have asked the fuse-devel mailinglist for advice, but up to this point with no success: http://sourceforge.net/p/fuse/mailman/message/34537139/ We are still investigating if this issue is also happening with 4.0 and will add the information to this bug report once we have it. Any help on debugging will be greatly appreciated. ** Affects: linux (Ubuntu) Importance: Undecided Status: Confirmed ** Attachment added: "lspci -vvnn log" https://bugs.launchpad.net/bugs/1505948/+attachment/4494209/+files/lspci-vvnn.log -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1505948 Title: Memory allocation failure crashes kernel hard, presumably related to FUSE Status in linux package in Ubuntu: Confirmed Bug description: Hello everybody, Linux 4.1, 4.2 or 4.3-rc leads to an immediate kernel panic in our setup when trying to start a Qemu process on top of a fuse-based mount. Here is an example stacktrace: [ 739.807817] BUG: unable to handle kernel paging request at 8800a4104ea0 [ 739.840201] IP: [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 739.870309] PGD 2fee067 PUD 2fbf4dd063 PMD 0 [
[Kernel-packages] [Bug 1398465] Re: Memory allocation failure, presumably in FUSE
We can now confirm that the issue does not happen with 4.0.9. This leads to the assumption that the problem has either been fixed between 4.0 and 4.0.9, or, and I consider this much more likely, the problem was introduced between 4.0 and 4.1 on the main branch. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1398465 Title: Memory allocation failure, presumably in FUSE Status in linux package in Ubuntu: Invalid Bug description: I just tried out linux-lts-utopic on trusty and hit a few backtraces. We make intensive use of FUSE and the FS operation I conducted on FUSE hung post-backtrace. [ 1951.617813] [ cut here ] [ 1951.617818] kernel BUG at /build/buildd/linux-lts-utopic-3.16.0/mm/slub.c:3380! [ 1951.617819] invalid opcode: [#1] SMP [ 1951.617821] Modules linked in: des_generic nfsv3 nfsv4 vmnet(OE) parport_pc vmw_vsock_vmci_transport vsock vmw_vmci vmmon(OE) xt_addrtype ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat bridge stp llc aufs netconsole configfs nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables xt_NFLOG xt_comment xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_multiport xt_connmark xt_conntrack nf_conntrack xt_mark cuse iptable_filter ip_tables x_tables rpcsec_gss_krb5 nfnetlink_log nfnetlink autofs4 rfcomm bnep bluetooth 6lowpan_iphc binfmt_misc snd_hda_codec_hdmi hp_wmi sparse_keymap intel_rapl x86_pkg_temp_thermal snd_hda_codec_realtek intel_powerclamp coretemp snd_hda_codec_generic kvm_intel kvm ppdev crct10dif_pclmul crc32_pclmul snd_hda_intel ghash_clmulni_intel aesni_intel snd_hda_controller aes_x86_64 lrw snd_hda_codec gf128mul glue_helper ablk_helper cryptd snd_hwdep lp snd_pcm parport serio_raw sb_edac edac_core snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq nvidia(POE) snd_se q_device snd_timer lpc_ich snd drm ioatdma dca soundcore wmi tpm_infineon mac_hid nfsd auth_rpcgss nfs_acl nfs lockd sunrpc fscache nls_iso8859_1 hid_generic usbhid hid isci firewire_ohci e1000e psmouse(OE) libsas firewire_core ahci libahci ptp crc_itu_t scsi_transport_sas pps_core [last unloaded: vmnet] [ 1951.617874] CPU: 2 PID: 13631 Comm: srcfsd Tainted: P OE 3.16.0-25-generic #33-Ubuntu [ 1951.617876] Hardware name: Hewlett-Packard HP Z420 Workstation/1589, BIOS J61 v03.65 12/19/2013 [ 1951.617877] task: 88061f5cb2f0 ti: 880800cdc000 task.ti: 880800cdc000 [ 1951.617878] RIP: 0010:[] [] kfree+0x133/0x140 [ 1951.617884] RSP: 0018:880800cdfbf8 EFLAGS: 00010246 [ 1951.617885] RAX: 00000400 RBX: 88007833 RCX: 00018020001f [ 1951.617886] RDX: 0000 RSI: ea0002716f80 RDI: 88007833 [ 1951.617887] RBP: 880800cdfc10 R08: 88009c5bf400 R09: 00018020001f [ 1951.617888] R10: ea0001c0 R11: 812bfd95 R12: 8807addaf800 [ 1951.617889] R13: 812bfda1 R14: 00020010 R15: 880800cdfd58 [ 1951.617890] FS: 7fccdb950700() GS:88082fc4() knlGS: [ 1951.617891] CS: 0010 DS: ES: CR0: 80050033 [ 1951.617892] CR2: 08a89ff0 CR3: 0007c8fb7000 CR4: 000407e0 [ 1951.617893] Stack: [ 1951.617894] 8807a1e296c0 8807addaf800 880800cdfc28 [ 1951.617896] 812bfda1 8807a1e296c0 880800cdfc58 812bfe88 [ 1951.617897] 8807a1e296c0 8807addaf800 812c71c0 00020010 [ 1951.617899] Call Trace: [ 1951.617904] [] fuse_request_free+0x31/0x50 [ 1951.617906] [] fuse_put_request+0xc8/0x110 [ 1951.617908] [] ? fuse_short_read+0x160/0x160 [ 1951.617910] [] request_end+0x10c/0x1c0 [ 1951.617911] [] fuse_dev_do_write+0x826/0xd10 [ 1951.617914] [] ? do_sync_read+0x90/0x90 [ 1951.617916] [] fuse_dev_write+0x69/0x80 [ 1951.617918] [] do_sync_readv_writev+0x4c/0x80 [ 1951.617920] [] do_readv_writev+0x1bd/0x240 [ 1951.617922] [] vfs_writev+0x39/0x50 [ 1951.617924] [] SyS_writev+0x4a/0xd0 [ 1951.617927] [] system_call_fastpath+0x1a/0x1f [ 1951.617928] Code: 49 8b 02 31 f6 f6 c4 40 74 04 41 8b 72 68 4c 89 d7 e8 92 3d fb ff eb 8f 4c 8b 50 30 48 8b 10 80 e6 80 4c 0f 44 d0 e9 32 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 66 66 90 55 89 f1 [ 1951.617946] RIP [] kfree+0x133/0x140 [ 1951.617948] RSP [ 1951.617950] ---[ end trace a783e9182f5a2f00 ]--- [ 1953.884500] general protection fault: [#2] SMP [ 1953.884505] Modules linked in: des_generic nfsv3 nfsv4 vmnet(OE) parport_pc vmw_vsock_vmci_transport vsock vmw_vmci vmmon(OE) xt_addrtype ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat bridge stp llc aufs netconsole configfs nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables xt_NFLOG xt_comment xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_multiport xt_connmark xt_conntrack nf_conntrack xt_mark
[Kernel-packages] [Bug 1505948] Re: Memory allocation failure crashes kernel hard, presumably related to FUSE
We can now confirm that the issue does not happen with 4.0.9. This leads to the assumption that the problem has either been fixed between 4.0 and 4.0.9, or, and I consider this much more likely, the problem was introduced between 4.0 and 4.1 on the main branch. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1505948 Title: Memory allocation failure crashes kernel hard, presumably related to FUSE Status in linux package in Ubuntu: Confirmed Bug description: Hello everybody, Linux 4.1, 4.2 or 4.3-rc leads to an immediate kernel panic in our setup when trying to start a Qemu process on top of a fuse-based mount. Here is an example stacktrace: [ 739.807817] BUG: unable to handle kernel paging request at 8800a4104ea0 [ 739.840201] IP: [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 739.870309] PGD 2fee067 PUD 2fbf4dd063 PMD 0 [ 739.890418] Oops: [#1] SMP [ 739.905265] Modules linked in: nbd vport_vxlan vport_gre gre ebtable_filter ebtables openvswitch ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter xt_CT iptable_raw ip_tables xt_tcpudp ip6t_REJECT nf_reject_ipv6 xt_limit nf_conntrack_ipv6 nf_defrag_ipv6 xt_multiport xt_conntrack nf_conntrack ip6table_filter ip6_tables x_tables dm_crypt ipmi_ssif intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd kvm_intel kvm ipmi_devintf vhost_net vhost macvtap macvlan joydev input_leds dm_multipath scsi_dh bonding sb_edac 8021q garp hpilo mrp stp ipmi_si llc edac_core lpc_ich ioatdma 8250_fintek ipmi_msghandler lp shpchp acpi_power_meter mac_hid parport nls_iso8859_1 sch_fq_codel xfs libcrc32c btrfs xor raid6_pq ixgbe ses enclosure hid_generic dca vxlan usbhid ip6_udp_tunnel tg3 udp_tunnel ptp hid pps_core hpsa mdio wmi [ 740.345300] CPU: 8 PID: 10550 Comm: qemu-system-x86 Not tainted 4.2.0-040200-generic #201508301530 [ 740.386879] Hardware name: HP ProLiant DL380 Gen9, BIOS P89 05/06/2015 [ 740.416827] task: 882f8e958dc0 ti: 882f28c2 task.ti: 882f28c2 [ 740.451672] RIP: 0010:[] [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 740.494047] RSP: 0018:882f28c23c68 EFLAGS: 00010286 [ 740.518425] RAX: RBX: 00d0 RCX: 26b3 [ 740.551611] RDX: 26b2 RSI: 00d0 RDI: 882fbf407840 [ 740.584846] RBP: 882f28c23ca8 R08: 00019920 R09: e8d000200ab0 [ 740.618287] R10: 812e8dcd R11: ea00bca0ac00 R12: 00d0 [ 740.651320] R13: 882fbf407840 R14: 8800a4104ea0 R15: 882fbf407840 [ 740.684195] FS: 7f2642ffd700() GS:882fbfa0() knlGS: [ 740.722030] CS: 0010 DS: ES: CR0: 80050033 [ 740.749469] CR2: 8800a4104ea0 CR3: 002f26f83000 CR4: 001426e0 [ 740.783390] Stack: [ 740.792577] 812e8dcd 0048 0002 882f908c8468 [ 740.827003] 01bef000 882f928e4600 882f28c23e48 882f28c23d70 [ 740.860971] 882f28c23d38 812e8dcd 0001 882f908c8300 [ 740.894994] Call Trace: [ 740.906211] [] ? fuse_direct_IO+0xdd/0x280 [ 740.932940] [] fuse_direct_IO+0xdd/0x280 [ 740.958866] [] generic_file_direct_write+0x9e/0x150 [ 740.989318] [] fuse_file_write_iter+0x15c/0x2e0 [ 741.017725] [] __vfs_write+0xa7/0xf0 [ 741.041787] [] vfs_write+0xa9/0x190 [ 741.065307] [] SyS_pwrite64+0x69/0xa0 [ 741.090141] [] ? SyS_rt_sigprocmask+0x67/0xb0 [ 741.135924] [] entry_SYSCALL_64_fastpath+0x16/0x75 [ 741.183478] Code: 4c 03 05 32 d8 e3 7e 4d 8b 30 49 8b 40 10 4d 85 f6 0f 84 22 01 00 00 48 85 c0 0f 84 19 01 00 00 49 63 47 20 48 8d 4a 01 4d 8b 07 <49> 8b 1c 06 4c 89 f0 65 49 0f c7 08 0f 94 c0 84 c0 74 b9 49 63 [ 741.306817] RIP [] kmem_cache_alloc_trace+0x7a/0x1f0 The problem has also been documented by somebody else in the Fedora bug tracker at https://bugzilla.redhat.com/show_bug.cgi?id=1254310 This behaviour is 100% reproducible. I have asked the fuse-devel mailinglist for advice, but up to this point with no success: http://sourceforge.net/p/fuse/mailman/message/34537139/ We are still investigating if this issue is also happening with 4.0 and will add the information to this bug report once we have it. Any help on debugging will be greatly appreciated. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1505948/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe :
[Kernel-packages] [Bug 1505948] Re: Memory allocation failure crashes kernel hard
** Attachment added: "uname -a log" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1505948/+attachment/4494210/+files/uname-a.log -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1505948 Title: Memory allocation failure crashes kernel hard, presumably related to FUSE Status in linux package in Ubuntu: Confirmed Bug description: Hello everybody, Linux 4.1, 4.2 or 4.3-rc leads to an immediate kernel panic in our setup when trying to start a Qemu process on top of a fuse-based mount. Here is an example stacktrace: [ 739.807817] BUG: unable to handle kernel paging request at 8800a4104ea0 [ 739.840201] IP: [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 739.870309] PGD 2fee067 PUD 2fbf4dd063 PMD 0 [ 739.890418] Oops: [#1] SMP [ 739.905265] Modules linked in: nbd vport_vxlan vport_gre gre ebtable_filter ebtables openvswitch ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter xt_CT iptable_raw ip_tables xt_tcpudp ip6t_REJECT nf_reject_ipv6 xt_limit nf_conntrack_ipv6 nf_defrag_ipv6 xt_multiport xt_conntrack nf_conntrack ip6table_filter ip6_tables x_tables dm_crypt ipmi_ssif intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd kvm_intel kvm ipmi_devintf vhost_net vhost macvtap macvlan joydev input_leds dm_multipath scsi_dh bonding sb_edac 8021q garp hpilo mrp stp ipmi_si llc edac_core lpc_ich ioatdma 8250_fintek ipmi_msghandler lp shpchp acpi_power_meter mac_hid parport nls_iso8859_1 sch_fq_codel xfs libcrc32c btrfs xor raid6_pq ixgbe ses enclosure hid_generic dca vxlan usbhid ip6_udp_tunnel tg3 udp_tunnel ptp hid pps_core hpsa mdio wmi [ 740.345300] CPU: 8 PID: 10550 Comm: qemu-system-x86 Not tainted 4.2.0-040200-generic #201508301530 [ 740.386879] Hardware name: HP ProLiant DL380 Gen9, BIOS P89 05/06/2015 [ 740.416827] task: 882f8e958dc0 ti: 882f28c2 task.ti: 882f28c2 [ 740.451672] RIP: 0010:[] [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 740.494047] RSP: 0018:882f28c23c68 EFLAGS: 00010286 [ 740.518425] RAX: RBX: 00d0 RCX: 26b3 [ 740.551611] RDX: 26b2 RSI: 00d0 RDI: 882fbf407840 [ 740.584846] RBP: 882f28c23ca8 R08: 00019920 R09: e8d000200ab0 [ 740.618287] R10: 812e8dcd R11: ea00bca0ac00 R12: 00d0 [ 740.651320] R13: 882fbf407840 R14: 8800a4104ea0 R15: 882fbf407840 [ 740.684195] FS: 7f2642ffd700() GS:882fbfa0() knlGS: [ 740.722030] CS: 0010 DS: ES: CR0: 80050033 [ 740.749469] CR2: 8800a4104ea0 CR3: 002f26f83000 CR4: 001426e0 [ 740.783390] Stack: [ 740.792577] 812e8dcd 0048 0002 882f908c8468 [ 740.827003] 01bef000 882f928e4600 882f28c23e48 882f28c23d70 [ 740.860971] 882f28c23d38 812e8dcd 0001 882f908c8300 [ 740.894994] Call Trace: [ 740.906211] [] ? fuse_direct_IO+0xdd/0x280 [ 740.932940] [] fuse_direct_IO+0xdd/0x280 [ 740.958866] [] generic_file_direct_write+0x9e/0x150 [ 740.989318] [] fuse_file_write_iter+0x15c/0x2e0 [ 741.017725] [] __vfs_write+0xa7/0xf0 [ 741.041787] [] vfs_write+0xa9/0x190 [ 741.065307] [] SyS_pwrite64+0x69/0xa0 [ 741.090141] [] ? SyS_rt_sigprocmask+0x67/0xb0 [ 741.135924] [] entry_SYSCALL_64_fastpath+0x16/0x75 [ 741.183478] Code: 4c 03 05 32 d8 e3 7e 4d 8b 30 49 8b 40 10 4d 85 f6 0f 84 22 01 00 00 48 85 c0 0f 84 19 01 00 00 49 63 47 20 48 8d 4a 01 4d 8b 07 <49> 8b 1c 06 4c 89 f0 65 49 0f c7 08 0f 94 c0 84 c0 74 b9 49 63 [ 741.306817] RIP [] kmem_cache_alloc_trace+0x7a/0x1f0 The problem has also been documented by somebody else in the Fedora bug tracker at https://bugzilla.redhat.com/show_bug.cgi?id=1254310 This behaviour is 100% reproducible. I have asked the fuse-devel mailinglist for advice, but up to this point with no success: http://sourceforge.net/p/fuse/mailman/message/34537139/ We are still investigating if this issue is also happening with 4.0 and will add the information to this bug report once we have it. Any help on debugging will be greatly appreciated. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1505948/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1505948] Re: Memory allocation failure crashes kernel hard
** Attachment added: "/proc/version output" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1505948/+attachment/4494211/+files/version.log -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1505948 Title: Memory allocation failure crashes kernel hard, presumably related to FUSE Status in linux package in Ubuntu: Confirmed Bug description: Hello everybody, Linux 4.1, 4.2 or 4.3-rc leads to an immediate kernel panic in our setup when trying to start a Qemu process on top of a fuse-based mount. Here is an example stacktrace: [ 739.807817] BUG: unable to handle kernel paging request at 8800a4104ea0 [ 739.840201] IP: [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 739.870309] PGD 2fee067 PUD 2fbf4dd063 PMD 0 [ 739.890418] Oops: [#1] SMP [ 739.905265] Modules linked in: nbd vport_vxlan vport_gre gre ebtable_filter ebtables openvswitch ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter xt_CT iptable_raw ip_tables xt_tcpudp ip6t_REJECT nf_reject_ipv6 xt_limit nf_conntrack_ipv6 nf_defrag_ipv6 xt_multiport xt_conntrack nf_conntrack ip6table_filter ip6_tables x_tables dm_crypt ipmi_ssif intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd kvm_intel kvm ipmi_devintf vhost_net vhost macvtap macvlan joydev input_leds dm_multipath scsi_dh bonding sb_edac 8021q garp hpilo mrp stp ipmi_si llc edac_core lpc_ich ioatdma 8250_fintek ipmi_msghandler lp shpchp acpi_power_meter mac_hid parport nls_iso8859_1 sch_fq_codel xfs libcrc32c btrfs xor raid6_pq ixgbe ses enclosure hid_generic dca vxlan usbhid ip6_udp_tunnel tg3 udp_tunnel ptp hid pps_core hpsa mdio wmi [ 740.345300] CPU: 8 PID: 10550 Comm: qemu-system-x86 Not tainted 4.2.0-040200-generic #201508301530 [ 740.386879] Hardware name: HP ProLiant DL380 Gen9, BIOS P89 05/06/2015 [ 740.416827] task: 882f8e958dc0 ti: 882f28c2 task.ti: 882f28c2 [ 740.451672] RIP: 0010:[] [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 740.494047] RSP: 0018:882f28c23c68 EFLAGS: 00010286 [ 740.518425] RAX: RBX: 00d0 RCX: 26b3 [ 740.551611] RDX: 26b2 RSI: 00d0 RDI: 882fbf407840 [ 740.584846] RBP: 882f28c23ca8 R08: 00019920 R09: e8d000200ab0 [ 740.618287] R10: 812e8dcd R11: ea00bca0ac00 R12: 00d0 [ 740.651320] R13: 882fbf407840 R14: 8800a4104ea0 R15: 882fbf407840 [ 740.684195] FS: 7f2642ffd700() GS:882fbfa0() knlGS: [ 740.722030] CS: 0010 DS: ES: CR0: 80050033 [ 740.749469] CR2: 8800a4104ea0 CR3: 002f26f83000 CR4: 001426e0 [ 740.783390] Stack: [ 740.792577] 812e8dcd 0048 0002 882f908c8468 [ 740.827003] 01bef000 882f928e4600 882f28c23e48 882f28c23d70 [ 740.860971] 882f28c23d38 812e8dcd 0001 882f908c8300 [ 740.894994] Call Trace: [ 740.906211] [] ? fuse_direct_IO+0xdd/0x280 [ 740.932940] [] fuse_direct_IO+0xdd/0x280 [ 740.958866] [] generic_file_direct_write+0x9e/0x150 [ 740.989318] [] fuse_file_write_iter+0x15c/0x2e0 [ 741.017725] [] __vfs_write+0xa7/0xf0 [ 741.041787] [] vfs_write+0xa9/0x190 [ 741.065307] [] SyS_pwrite64+0x69/0xa0 [ 741.090141] [] ? SyS_rt_sigprocmask+0x67/0xb0 [ 741.135924] [] entry_SYSCALL_64_fastpath+0x16/0x75 [ 741.183478] Code: 4c 03 05 32 d8 e3 7e 4d 8b 30 49 8b 40 10 4d 85 f6 0f 84 22 01 00 00 48 85 c0 0f 84 19 01 00 00 49 63 47 20 48 8d 4a 01 4d 8b 07 <49> 8b 1c 06 4c 89 f0 65 49 0f c7 08 0f 94 c0 84 c0 74 b9 49 63 [ 741.306817] RIP [] kmem_cache_alloc_trace+0x7a/0x1f0 The problem has also been documented by somebody else in the Fedora bug tracker at https://bugzilla.redhat.com/show_bug.cgi?id=1254310 This behaviour is 100% reproducible. I have asked the fuse-devel mailinglist for advice, but up to this point with no success: http://sourceforge.net/p/fuse/mailman/message/34537139/ We are still investigating if this issue is also happening with 4.0 and will add the information to this bug report once we have it. Any help on debugging will be greatly appreciated. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1505948/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1505948] Re: Memory allocation failure crashes kernel hard
As already mentioned in my email to the fuse developer mailing list, we have also tried to create direct i/o traffic on the affected mount directly but were not able to reproduce the issue. The problem only ever occurs once Qemu starts to run stuff on top of the FUSE mount. Other reports of this issue (identical or similar) have mentioned Qemu or VMware-based emulation as well. ** Description changed: Hello everybody, Linux 4.1, 4.2 or 4.3-rc leads to an immediate kernel panic in our setup when trying to start a Qemu process on top of a fuse-based mount. Here is an example stacktrace: [ 739.807817] BUG: unable to handle kernel paging request at 8800a4104ea0 [ 739.840201] IP: [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 739.870309] PGD 2fee067 PUD 2fbf4dd063 PMD 0 [ 739.890418] Oops: [#1] SMP [ 739.905265] Modules linked in: nbd vport_vxlan vport_gre gre ebtable_filter ebtables openvswitch ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter xt_CT iptable_raw ip_tables xt_tcpudp ip6t_REJECT nf_reject_ipv6 xt_limit nf_conntrack_ipv6 nf_defrag_ipv6 xt_multiport xt_conntrack nf_conntrack ip6table_filter ip6_tables x_tables dm_crypt ipmi_ssif intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd kvm_intel kvm ipmi_devintf vhost_net vhost macvtap macvlan joydev input_leds dm_multipath scsi_dh bonding sb_edac 8021q garp hpilo mrp stp ipmi_si llc edac_core lpc_ich ioatdma 8250_fintek ipmi_msghandler lp shpchp acpi_power_meter mac_hid parport nls_iso8859_1 sch_fq_codel xfs libcrc32c btrfs xor raid6_pq ixgbe ses enclosure hid_generic dca vxlan usbhid ip6_udp_tunnel tg3 udp_tunnel ptp hid pps_core hpsa mdio wmi [ 740.345300] CPU: 8 PID: 10550 Comm: qemu-system-x86 Not tainted 4.2.0-040200-generic #201508301530 [ 740.386879] Hardware name: HP ProLiant DL380 Gen9, BIOS P89 05/06/2015 [ 740.416827] task: 882f8e958dc0 ti: 882f28c2 task.ti: 882f28c2 [ 740.451672] RIP: 0010:[] [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 740.494047] RSP: 0018:882f28c23c68 EFLAGS: 00010286 [ 740.518425] RAX: RBX: 00d0 RCX: 26b3 [ 740.551611] RDX: 26b2 RSI: 00d0 RDI: 882fbf407840 [ 740.584846] RBP: 882f28c23ca8 R08: 00019920 R09: e8d000200ab0 [ 740.618287] R10: 812e8dcd R11: ea00bca0ac00 R12: 00d0 [ 740.651320] R13: 882fbf407840 R14: 8800a4104ea0 R15: 882fbf407840 [ 740.684195] FS: 7f2642ffd700() GS:882fbfa0() knlGS: [ 740.722030] CS: 0010 DS: ES: CR0: 80050033 [ 740.749469] CR2: 8800a4104ea0 CR3: 002f26f83000 CR4: 001426e0 [ 740.783390] Stack: [ 740.792577] 812e8dcd 0048 0002 882f908c8468 [ 740.827003] 01bef000 882f928e4600 882f28c23e48 882f28c23d70 [ 740.860971] 882f28c23d38 812e8dcd 0001 882f908c8300 [ 740.894994] Call Trace: [ 740.906211] [] ? fuse_direct_IO+0xdd/0x280 [ 740.932940] [] fuse_direct_IO+0xdd/0x280 [ 740.958866] [] generic_file_direct_write+0x9e/0x150 [ 740.989318] [] fuse_file_write_iter+0x15c/0x2e0 [ 741.017725] [] __vfs_write+0xa7/0xf0 [ 741.041787] [] vfs_write+0xa9/0x190 [ 741.065307] [] SyS_pwrite64+0x69/0xa0 [ 741.090141] [] ? SyS_rt_sigprocmask+0x67/0xb0 [ 741.135924] [] entry_SYSCALL_64_fastpath+0x16/0x75 [ 741.183478] Code: 4c 03 05 32 d8 e3 7e 4d 8b 30 49 8b 40 10 4d 85 f6 0f 84 22 01 00 00 48 85 c0 0f 84 19 01 00 00 49 63 47 20 48 8d 4a 01 4d 8b 07 <49> 8b 1c 06 4c 89 f0 65 49 0f c7 08 0f 94 c0 84 c0 74 b9 49 63 [ 741.306817] RIP [] kmem_cache_alloc_trace+0x7a/0x1f0 - The problem has also been documented by somebody else in the Fedora bug tracker at - https://bugzilla.redhat.com/show_bug.cgi?id=1254310 + The problem has also been documented by somebody else in the Fedora bug + tracker at https://bugzilla.redhat.com/show_bug.cgi?id=1254310 This behaviour is 100% reproducible. I have asked the fuse-devel mailinglist for advice, but up to this point with no success: http://sourceforge.net/p/fuse/mailman/message/34537139/ We are still investigating if this issue is also happening with 4.0 and will add the information to this bug report once we have it. Any help on debugging will be greatly appreciated. ** Summary changed: - Memory allocation failure crashes kernel hard + Memory allocation failure crashes kernel hard, presumably related to FUSE -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu.
[Kernel-packages] [Bug 1505948] Re: Memory allocation failure crashes kernel hard, presumably related to FUSE
https://git.kernel.org/cgit/linux/kernel/git/stable/linux- stable.git/diff/fs/fuse/file.c?id=refs/tags/v4.1=refs/tags/v4.0 is the diff between the version that works and the one that is broken. The candidate that broke functionality is likely here: https://lkml.org/lkml/2015/4/13/871 https://lkml.org/lkml/2015/4/15/475 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1505948 Title: Memory allocation failure crashes kernel hard, presumably related to FUSE Status in linux package in Ubuntu: Confirmed Bug description: Hello everybody, Linux 4.1, 4.2 or 4.3-rc leads to an immediate kernel panic in our setup when trying to start a Qemu process on top of a fuse-based mount. Here is an example stacktrace: [ 739.807817] BUG: unable to handle kernel paging request at 8800a4104ea0 [ 739.840201] IP: [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 739.870309] PGD 2fee067 PUD 2fbf4dd063 PMD 0 [ 739.890418] Oops: [#1] SMP [ 739.905265] Modules linked in: nbd vport_vxlan vport_gre gre ebtable_filter ebtables openvswitch ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 iptable_filter xt_CT iptable_raw ip_tables xt_tcpudp ip6t_REJECT nf_reject_ipv6 xt_limit nf_conntrack_ipv6 nf_defrag_ipv6 xt_multiport xt_conntrack nf_conntrack ip6table_filter ip6_tables x_tables dm_crypt ipmi_ssif intel_rapl iosf_mbi x86_pkg_temp_thermal intel_powerclamp coretemp crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd kvm_intel kvm ipmi_devintf vhost_net vhost macvtap macvlan joydev input_leds dm_multipath scsi_dh bonding sb_edac 8021q garp hpilo mrp stp ipmi_si llc edac_core lpc_ich ioatdma 8250_fintek ipmi_msghandler lp shpchp acpi_power_meter mac_hid parport nls_iso8859_1 sch_fq_codel xfs libcrc32c btrfs xor raid6_pq ixgbe ses enclosure hid_generic dca vxlan usbhid ip6_udp_tunnel tg3 udp_tunnel ptp hid pps_core hpsa mdio wmi [ 740.345300] CPU: 8 PID: 10550 Comm: qemu-system-x86 Not tainted 4.2.0-040200-generic #201508301530 [ 740.386879] Hardware name: HP ProLiant DL380 Gen9, BIOS P89 05/06/2015 [ 740.416827] task: 882f8e958dc0 ti: 882f28c2 task.ti: 882f28c2 [ 740.451672] RIP: 0010:[] [] kmem_cache_alloc_trace+0x7a/0x1f0 [ 740.494047] RSP: 0018:882f28c23c68 EFLAGS: 00010286 [ 740.518425] RAX: RBX: 00d0 RCX: 26b3 [ 740.551611] RDX: 26b2 RSI: 00d0 RDI: 882fbf407840 [ 740.584846] RBP: 882f28c23ca8 R08: 00019920 R09: e8d000200ab0 [ 740.618287] R10: 812e8dcd R11: ea00bca0ac00 R12: 00d0 [ 740.651320] R13: 882fbf407840 R14: 8800a4104ea0 R15: 882fbf407840 [ 740.684195] FS: 7f2642ffd700() GS:882fbfa0() knlGS: [ 740.722030] CS: 0010 DS: ES: CR0: 80050033 [ 740.749469] CR2: 8800a4104ea0 CR3: 002f26f83000 CR4: 001426e0 [ 740.783390] Stack: [ 740.792577] 812e8dcd 0048 0002 882f908c8468 [ 740.827003] 01bef000 882f928e4600 882f28c23e48 882f28c23d70 [ 740.860971] 882f28c23d38 812e8dcd 0001 882f908c8300 [ 740.894994] Call Trace: [ 740.906211] [] ? fuse_direct_IO+0xdd/0x280 [ 740.932940] [] fuse_direct_IO+0xdd/0x280 [ 740.958866] [] generic_file_direct_write+0x9e/0x150 [ 740.989318] [] fuse_file_write_iter+0x15c/0x2e0 [ 741.017725] [] __vfs_write+0xa7/0xf0 [ 741.041787] [] vfs_write+0xa9/0x190 [ 741.065307] [] SyS_pwrite64+0x69/0xa0 [ 741.090141] [] ? SyS_rt_sigprocmask+0x67/0xb0 [ 741.135924] [] entry_SYSCALL_64_fastpath+0x16/0x75 [ 741.183478] Code: 4c 03 05 32 d8 e3 7e 4d 8b 30 49 8b 40 10 4d 85 f6 0f 84 22 01 00 00 48 85 c0 0f 84 19 01 00 00 49 63 47 20 48 8d 4a 01 4d 8b 07 <49> 8b 1c 06 4c 89 f0 65 49 0f c7 08 0f 94 c0 84 c0 74 b9 49 63 [ 741.306817] RIP [] kmem_cache_alloc_trace+0x7a/0x1f0 The problem has also been documented by somebody else in the Fedora bug tracker at https://bugzilla.redhat.com/show_bug.cgi?id=1254310 This behaviour is 100% reproducible. I have asked the fuse-devel mailinglist for advice, but up to this point with no success: http://sourceforge.net/p/fuse/mailman/message/34537139/ We are still investigating if this issue is also happening with 4.0 and will add the information to this bug report once we have it. Any help on debugging will be greatly appreciated. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1505948/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to :