group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #06716
[Bug 1586418] Re: exercising ptys causes a kernel oops
This bug was fixed in the package linux - 3.13.0-93.140
---------------
linux (3.13.0-93.140) trusty; urgency=low
[ Seth Forshee ]
* Release Tracking Bug
- LP: #1604134
* Boot failure with EFI stub (LP: #1603476)
- x86/efi: Fix boot failure with EFI stub
* CVE-2016-5243 (LP: #1589036)
- tipc: fix an infoleak in tipc_nl_compat_link_dump
* qeth: delete napi struct when removing a qeth device (LP: #1601831)
- qeth: delete napi struct when removing a qeth device
* deadlock on balloon deflation (LP: #1598197)
- SAUCE: mm/balloon_compaction: Fix Regression of LP#1572562
* serial: 8250_pci: Add support for 16 port Exar boards (LP: #1447485)
- serial: 8250_pci: Add support for 16 port Exar boards
- serial: 8250_pci: Add support for 12 port Exar boards
- serial: 8250_pci: Correct uartclk for xr17v35x expansion chips
* linux: Homogenize changelog format across releases (LP: #1599562)
- Revert "UBUNTU: [debian] BugLink: close LP: bugs only for Launchpad urls"
- [Debian] git-ubuntu-log -- switch to bug order
- [Debian] git-ubuntu-log -- fix empty section formatting
- [Debian] git-ubuntu-log -- output should be utf-8
- [Debian] git-ubuntu-log -- handle invalid or private bugs
- [Debian] git-ubuntu-log -- wrap long bug and commit titles
- [Debian] git-ubuntu-log -- ensure we get the last commit
- [Debian] git-ubuntu-log -- prevent bug references being split
- [Debian] git-ubuntu-log -- git log output is UTF-8
* exercising ptys causes a kernel oops (LP: #1586418)
- devpts: fix null pointer dereference on failed memory allocation
* Miscellaneous upstream changes
- KEYS: potential uninitialized variable
-- Seth Forshee <seth.forshee@xxxxxxxxxxxxx> Mon, 18 Jul 2016 15:05:56
-0500
** Changed in: linux (Ubuntu Vivid)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-1237
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1586418
Title:
exercising ptys causes a kernel oops
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Vivid:
Fix Released
Status in linux source package in Wily:
Won't Fix
Status in linux source package in Xenial:
Fix Released
Status in linux source package in Yakkety:
Fix Released
Bug description:
[SRU JUSTIFICATION][TRUSTY][WILY][XENIAL]
Running stress-ng --pty 1 with a very low vmalloc memory available can
trip an oops. This can be generally only be reproduced when memory is
under a high amount of pressure. I was able to reproduce reliably by
forcefully injecting vmalloc to return NULL when the stress-ng pty was
running.
[FIX]
Upstream commit 5353ed8deedee9e5acb9f896e9032158f5d998de ("devpts: fix null pointer dereference on failed memory allocation"). This needs backporting to Yakkey, Xenial, Wily and Trusty because of changes in variable names.
[TEST]
Forcefully inject vmalloc to return NULL when running the pty stressor. Without the fix, an oops can be tripped, with the fix, no issues occur.
------------------------------------------------------------------
running: "stress-ng --pty 1" and this occurs in less than 1 second:
[ 67.753230] alloc_vmap_area: 9 callbacks suppressed
[ 67.753233] vmap allocation for size 16384 failed: use vmalloc=<size> to increase size.
[ 67.753235] vmalloc: allocation failure: 8844 bytes
[ 67.753237] stress-ng-pty: page allocation failure: order:0, mode:0x24000c2
[ 67.753240] CPU: 2 PID: 2150 Comm: stress-ng-pty Not tainted 4.4.0-23-generic #41-Ubuntu
[ 67.753241] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 67.753243] c1abf967 0832d3cc 00000286 f2497c8c c139fe1f c19ce22c 00000001 f2497cbc
[ 67.753248] c1177396 c19cc624 f506b5f0 00000000 024000c2 f2497cd0 c19ce22c f2497ca4
[ 67.753252] 0832d3cc 0000228c 00000000 f2497cec c11ad2ff 024000c2 00000000 c19ce22c
[ 67.753256] Call Trace:
[ 67.753264] [<c139fe1f>] dump_stack+0x58/0x79
[ 67.753267] [<c1177396>] warn_alloc_failed+0xd6/0x110
[ 67.753272] [<c11ad2ff>] __vmalloc_node_range+0x1ef/0x210
[ 67.753276] [<c148f590>] ? tty_get_pgrp+0x40/0x40
[ 67.753278] [<c11ad386>] __vmalloc_node+0x66/0x70
[ 67.753280] [<c1494e46>] ? n_tty_open+0x16/0xc0
[ 67.753283] [<c11ad408>] vmalloc+0x38/0x40
[ 67.753284] [<c1494e46>] ? n_tty_open+0x16/0xc0
[ 67.753290] [<c1494e46>] n_tty_open+0x16/0xc0
[ 67.753293] [<c1498fd8>] tty_ldisc_open.isra.2+0x28/0x60
[ 67.753295] [<c14997fc>] tty_ldisc_setup+0x1c/0x70
[ 67.753297] [<c14935bc>] tty_init_dev+0x7c/0x180
[ 67.753301] [<c124fee1>] ? devpts_new_index+0xf1/0x120
[ 67.753303] [<c149b7a5>] ptmx_open+0x75/0x160
[ 67.753306] [<c11e0a14>] chrdev_open+0xa4/0x180
[ 67.753310] [<c11da62c>] do_dentry_open+0x1ec/0x300
[ 67.753312] [<c11e0970>] ? cdev_put+0x20/0x20
[ 67.753314] [<c11db60f>] vfs_open+0x4f/0x60
[ 67.753316] [<c11ea109>] path_openat+0x509/0x1140
[ 67.753318] [<c11eae94>] ? putname+0x54/0x60
[ 67.753321] [<c11ebde8>] do_filp_open+0x68/0xe0
[ 67.753324] [<c11f8d16>] ? __alloc_fd+0x36/0x150
[ 67.753326] [<c11db9c8>] do_sys_open+0x128/0x2b0
[ 67.753329] [<c11dbb72>] SyS_open+0x22/0x30
[ 67.753332] [<c100393d>] do_fast_syscall_32+0x8d/0x150
[ 67.753336] [<c17a98dc>] sysenter_past_esp+0x3d/0x61
[ 67.753338] Mem-Info:
[ 67.753342] active_anon:5790 inactive_anon:1203 isolated_anon:0
active_file:30258 inactive_file:14843 isolated_file:0
unevictable:856 dirty:46 writeback:0 unstable:0
slab_reclaimable:4643 slab_unreclaimable:5952
mapped:5271 shmem:1380 pagetables:193 bounce:0
free:166082 free_pcp:1176 free_cma:0
[ 67.753349] DMA free:9616kB min:788kB low:984kB high:1180kB active_anon:288kB inactive_anon:112kB active_file:2436kB inactive_file:1216kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB managed:15916kB mlocked:0kB dirty:4kB writeback:0kB mapped:396kB shmem:108kB slab_reclaimable:268kB slab_unreclaimable:428kB kernel_stack:24kB pagetables:8kB unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
[ 67.753350] lowmem_reserve[]: 0 818 949 949
[ 67.753357] Normal free:567248kB min:41608kB low:52008kB high:62412kB active_anon:18440kB inactive_anon:2992kB active_file:101312kB inactive_file:47608kB unevictable:3164kB isolated(anon):0kB isolated(file):0kB present:897016kB managed:872588kB mlocked:3164kB dirty:180kB writeback:0kB mapped:16216kB shmem:3620kB slab_reclaimable:18304kB slab_unreclaimable:23380kB kernel_stack:1568kB pagetables:688kB unstable:0kB bounce:0kB free_pcp:3736kB local_pcp:224kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
[ 67.753358] lowmem_reserve[]: 0 0 1055 1055
[ 67.753364] HighMem free:87464kB min:128kB low:1804kB high:3480kB active_anon:4432kB inactive_anon:1708kB active_file:17284kB inactive_file:10548kB unevictable:260kB isolated(anon):0kB isolated(file):0kB present:135044kB managed:135044kB mlocked:260kB dirty:0kB writeback:0kB mapped:4472kB shmem:1792kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:76kB unstable:0kB bounce:0kB free_pcp:968kB local_pcp:152kB free_cma:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
[ 67.753365] lowmem_reserve[]: 0 0 0 0
[ 67.753367] DMA: 2*4kB (UM) 1*8kB (E) 2*16kB (UE) 1*32kB (U) 3*64kB (ME) 3*128kB (UME) 1*256kB (M) 3*512kB (UME) 3*1024kB (UME) 2*2048kB (UM) 0*4096kB = 9616kB
[ 67.753378] Normal: 1*4kB (U) 25*8kB (ME) 38*16kB (UM) 25*32kB (ME) 14*64kB (UME) 9*128kB (UM) 9*256kB (UM) 8*512kB (UME) 8*1024kB (UME) 0*2048kB 134*4096kB (M) = 567116kB
[ 67.753389] HighMem: 1*4kB (U) 0*8kB 1*16kB (U) 0*32kB 1*64kB (M) 0*128kB 3*256kB (UM) 3*512kB (UM) 5*1024kB (UM) 1*2048kB (U) 19*4096kB (M) = 87380kB
[ 67.753435] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 67.753436] 47051 total pagecache pages
[ 67.753437] 0 pages in swap cache
[ 67.753439] Swap cache stats: add 0, delete 0, find 0/0
[ 67.753440] Free swap = 1046524kB
[ 67.753444] Total swap = 1046524kB
[ 67.753450] 262013 pages RAM
[ 67.753459] 33761 pages HighMem/MovableOnly
[ 67.753461] 6126 pages reserved
[ 67.753483] 0 pages cma reserved
[ 67.753486] tty_init_dev: ldisc open failed, clearing slot 3474
[ 67.753525] BUG: unable to handle kernel NULL pointer dereference at 0000001c
[ 67.755622] IP: [<c124ff1a>] devpts_kill_index+0xa/0x60
[ 67.756058] *pdpt = 000000002f82f001 *pde = 0000000000000000
[ 67.756461] Oops: 0000 [#1] SMP
[ 67.756866] Modules linked in: snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm ppdev input_leds snd_timer parport_pc joydev snd parport 8250_fintek soundcore serio_raw i2c_piix4 mac_hid ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear qxl crc32_pclmul ttm aesni_intel drm_kms_helper aes_i586 syscopyarea sysfillrect xts sysimgblt lrw fb_sys_fops gf128mul ablk_helper cryptd drm pata_acpi psmouse floppy
[ 67.759038] CPU: 2 PID: 2150 Comm: stress-ng-pty Not tainted 4.4.0-23-generic #41-Ubuntu
[ 67.759396] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
[ 67.759758] task: f506b200 ti: f2496000 task.ti: f2496000
[ 67.760109] EIP: 0060:[<c124ff1a>] EFLAGS: 00010246 CPU: 2
[ 67.760460] EIP is at devpts_kill_index+0xa/0x60
[ 67.760806] EAX: 00000000 EBX: 00000000 ECX: 00000033 EDX: 00000d92
[ 67.761165] ESI: fffffff4 EDI: 00000d92 EBP: f2497d54 ESP: f2497d4c
[ 67.761500] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 67.761830] CR0: 80050033 CR2: 0000001c CR3: 355d6ca0 CR4: 001406f0
[ 67.762166] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 67.762497] DR6: fffe0ff0 DR7: 00000400
[ 67.762822] Stack:
[ 67.763139] 00000000 fffffff4 f2497d60 c149b509 e65caa00 f2497d6c c1492bb0 e65caa00
[ 67.763497] f2497d98 c14935e9 c1a2cf78 00000d92 f64aa7d0 f2497d98 c124fee1 00000d92
[ 67.763860] e65e66c0 f64aa7d0 f64aa7d0 f2497db4 c149b7a5 00000000 00000d92 c1d20ae0
[ 67.764228] Call Trace:
[ 67.764568] [<c149b509>] pty_unix98_shutdown+0x29/0x40
[ 67.764917] [<c1492bb0>] release_tty+0x30/0xe0
[ 67.765272] [<c14935e9>] tty_init_dev+0xa9/0x180
[ 67.765623] [<c124fee1>] ? devpts_new_index+0xf1/0x120
[ 67.765974] [<c149b7a5>] ptmx_open+0x75/0x160
[ 67.766323] [<c11e0a14>] chrdev_open+0xa4/0x180
[ 67.766668] [<c11da62c>] do_dentry_open+0x1ec/0x300
[ 67.767013] [<c11e0970>] ? cdev_put+0x20/0x20
[ 67.767352] [<c11db60f>] vfs_open+0x4f/0x60
[ 67.767690] [<c11ea109>] path_openat+0x509/0x1140
[ 67.768030] [<c11eae94>] ? putname+0x54/0x60
[ 67.768367] [<c11ebde8>] do_filp_open+0x68/0xe0
[ 67.768704] [<c11f8d16>] ? __alloc_fd+0x36/0x150
[ 67.769051] [<c11db9c8>] do_sys_open+0x128/0x2b0
[ 67.769385] [<c11dbb72>] SyS_open+0x22/0x30
[ 67.769717] [<c100393d>] do_fast_syscall_32+0x8d/0x150
[ 67.770052] [<c17a98dc>] sysenter_past_esp+0x3d/0x61
[ 67.770385] Code: 00 b8 fb ff ff ff eb 9d b8 ed ff ff ff eb 96 e8 9d 01 e2 ff 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 89 e5 56 53 3e 8d 74 26 00 <8b> 40 1c 89 d6 81 78 38 d1 1c 00 00 74 0c a1 f8 59 d1 c1 85 c0
[ 67.771232] EIP: [<c124ff1a>] devpts_kill_index+0xa/0x60 SS:ESP 0068:f2497d4c
[ 67.771607] CR2: 000000000000001c
[ 67.772009] ---[ end trace 40e08a6f48f9983e ]---
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1586418/+subscriptions
