Table of Contents

Ubuntu

Trusty 14.04 Server

Kernel Bug

Critical issue (with workaround) found when using Xen 4.4. A kernel BUG is triggered.

Apr 23 09:45:02 callisto kernel: [  186.718919] BUG: Bad page map in process vsftpd  pte:800000004d528965 pmd:acea2067
Apr 23 09:45:02 callisto kernel: [  186.720343] page:ffffea0001354a00 count:0 mapcount:-1 mapping:          (null) index:0x0
Apr 23 09:45:02 callisto kernel: [  186.721893] page flags: 0x1ffff0000000014(referenced|dirty)
Apr 23 09:45:02 callisto kernel: [  186.723022] addr:00007facd5a14000 vm_flags:08100071 anon_vma:ffff8801269a3200 mapping:          (null) index:7facd5a14
Apr 23 09:45:02 callisto kernel: [  186.724994] CPU: 2 PID: 1469 Comm: vsftpd Not tainted 3.13.0-24-generic #46-Ubuntu
Apr 23 09:45:02 callisto kernel: [  186.724996] Hardware name: LENOVO Lenovo H405/Tilapia CRB, BIOS D2KT32AUS 02/11/2011
Apr 23 09:45:02 callisto kernel: [  186.724998]  ffff8800aeaf2240 ffff880002891c70 ffffffff81715a64 00007facd5a14000
Apr 23 09:45:02 callisto kernel: [  186.725002]  ffff880002891cb8 ffffffff81174183 800000009fb88965 00000007facd5a14
Apr 23 09:45:02 callisto kernel: [  186.725004]  ffff8800acea20a0 ffffea0001354a00 00007facd5a14000 00007facd5a15000
Apr 23 09:45:02 callisto kernel: [  186.725007] Call Trace:
Apr 23 09:45:02 callisto kernel: [  186.725015]  [<ffffffff81715a64>] dump_stack+0x45/0x56
Apr 23 09:45:02 callisto kernel: [  186.725019]  [<ffffffff81174183>] print_bad_pte+0x1a3/0x250
Apr 23 09:45:02 callisto kernel: [  186.725022]  [<ffffffff81175b67>] unmap_page_range+0x717/0x7f0
Apr 23 09:45:02 callisto kernel: [  186.725025]  [<ffffffff81175cc1>] unmap_single_vma+0x81/0xf0
Apr 23 09:45:02 callisto kernel: [  186.725027]  [<ffffffff81176d39>] unmap_vmas+0x49/0x90
Apr 23 09:45:02 callisto kernel: [  186.725030]  [<ffffffff8117feec>] exit_mmap+0x9c/0x170
Apr 23 09:45:02 callisto kernel: [  186.725033]  [<ffffffff8106482c>] mmput+0x5c/0x120
Apr 23 09:45:02 callisto kernel: [  186.725035]  [<ffffffff81069bbc>] do_exit+0x26c/0xa50
Apr 23 09:45:02 callisto kernel: [  186.725038]  [<ffffffff8109dd84>] ? vtime_account_user+0x54/0x60
Apr 23 09:45:02 callisto kernel: [  186.725042]  [<ffffffff8114d52f>] ? context_tracking_user_exit+0x4f/0xc0
Apr 23 09:45:02 callisto kernel: [  186.725044]  [<ffffffff8106a41f>] do_group_exit+0x3f/0xa0
Apr 23 09:45:02 callisto kernel: [  186.725046]  [<ffffffff8106a494>] SyS_exit_group+0x14/0x20
Apr 23 09:45:02 callisto kernel: [  186.725049]  [<ffffffff8172663f>] tracesys+0xe1/0xe6
Apr 23 09:45:02 callisto kernel: [  186.725050] Disabling lock debugging due to kernel taint
Apr 23 09:45:02 callisto kernel: [  186.725526] BUG: Bad rss-counter state mm:ffff8801264f8000 idx:0 val:-1
Apr 23 09:45:02 callisto kernel: [  186.726785] BUG: Bad rss-counter state mm:ffff8801264f8000 idx:1 val:1
[... repeats over and over ... ]

This is easy to trigger.

Install 14.04 server and choose just the OpenSSH server.
apt-get install xen-system-amd64
Reboot
apt-get install vsftpd

As soon as vsftpd tries to start, the bug is triggered.

Workaround Found by installing the latest Ubuntu Mainline kernel.

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.15-rc2-trusty/linux-image-3.15.0-031500rc2-generic_3.15.0-031500rc2.201404201435_amd64.deb
dpkg -i linux-image-3.15.0-031500rc2-generic_3.15.0-031500rc2.201404201435_amd64.deb
# Reboot server.

A bug report has been opened: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1313450