group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #28811
[Bug 1793901] Re: kernel oops in bcache module
This bug was fixed in the package linux - 4.15.0-46.49
---------------
linux (4.15.0-46.49) bionic; urgency=medium
* linux: 4.15.0-46.49 -proposed tracker (LP: #1814726)
* mprotect fails on ext4 with dax (LP: #1799237)
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion
* kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296! (LP: #1812086)
- iscsi target: fix session creation failure handling
- scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values
fails
- scsi: iscsi: target: Fix conn_ops double free
* user_copy in user from ubuntu_kernel_selftests failed on KVM kernel
(LP: #1812198)
- selftests: user: return Kselftest Skip code for skipped tests
- selftests: kselftest: change KSFT_SKIP=4 instead of KSFT_PASS
- selftests: kselftest: Remove outdated comment
* RTL8822BE WiFi Disabled in Kernel 4.18.0-12 (LP: #1806472)
- SAUCE: staging: rtlwifi: allow RTLWIFI_DEBUG_ST to be disabled
- [Config] CONFIG_RTLWIFI_DEBUG_ST=n
- SAUCE: Add r8822be to signature inclusion list
* kernel oops in bcache module (LP: #1793901)
- SAUCE: bcache: never writeback a discard operation
* CVE-2018-18397
- userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
- userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem
- userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
- userfaultfd: shmem: add i_size checks
- userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set
* Ignore "incomplete report" from Elan touchpanels (LP: #1813733)
- HID: i2c-hid: Ignore input report if there's no data present on Elan
touchpanels
* Vsock connect fails with ENODEV for large CID (LP: #1813934)
- vhost/vsock: fix vhost vsock cid hashing inconsistent
* SRU: Fix thinkpad 11e 3rd boot hang (LP: #1804604)
- ACPI / LPSS: Force LPSS quirks on boot
* Bionic update: upstream stable patchset 2019-01-17 (LP: #1812229)
- scsi: sd_zbc: Fix variable type and bogus comment
- KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
parallel.
- x86/apm: Don't access __preempt_count with zeroed fs
- x86/events/intel/ds: Fix bts_interrupt_threshold alignment
- x86/MCE: Remove min interval polling limitation
- fat: fix memory allocation failure handling of match_strdup()
- ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk
- ARCv2: [plat-hsdk]: Save accl reg pair by default
- ARC: Fix CONFIG_SWAP
- ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
- ARC: mm: allow mprotect to make stack mappings executable
- mm: memcg: fix use after free in mem_cgroup_iter()
- mm/huge_memory.c: fix data loss when splitting a file pmd
- cpufreq: intel_pstate: Register when ACPI PCCH is present
- vfio/pci: Fix potential Spectre v1
- stop_machine: Disable preemption when waking two stopper threads
- drm/i915: Fix hotplug irq ack on i965/g4x
- drm/nouveau: Use drm_connector_list_iter_* for iterating connectors
- drm/nouveau: Avoid looping through fake MST connectors
- gen_stats: Fix netlink stats dumping in the presence of padding
- ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
- ipv6: fix useless rol32 call on hash
- ipv6: ila: select CONFIG_DST_CACHE
- lib/rhashtable: consider param->min_size when setting initial table size
- net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort
- net: Don't copy pfmemalloc flag in __copy_skb_header()
- skbuff: Unconditionally copy pfmemalloc in __skb_clone()
- net/ipv4: Set oif in fib_compute_spec_dst
- net: phy: fix flag masking in __set_phy_supported
- ptp: fix missing break in switch
- qmi_wwan: add support for Quectel EG91
- tg3: Add higher cpu clock for 5762.
- hv_netvsc: Fix napi reschedule while receive completion is busy
- net/mlx4_en: Don't reuse RX page when XDP is set
- net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite
- ipv6: make DAD fail with enhanced DAD when nonce length differs
- net: usb: asix: replace mii_nway_restart in resume path
- alpha: fix osf_wait4() breakage
- cxl_getfile(): fix double-iput() on alloc_file() failures
- powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle)
- xhci: Fix perceived dead host due to runtime suspend race with event handler
- KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer
- x86/kvmclock: set pvti_cpu0_va after enabling kvmclock
- ALSA: hda/realtek - Yet another Clevo P950 quirk entry
- drm/amdgpu: Reserve VM root shared fence slot for command submission (v3)
- rhashtable: add restart routine in rhashtable_free_and_destroy()
- sch_fq_codel: zero q->flows_cnt when fq_codel_init fails
- sctp: introduce sctp_dst_mtu
- sctp: fix the issue that pathmtu may be set lower than MINSEGMENT
- net: aquantia: vlan unicast address list correct handling
- drm_mode_create_lease_ioctl(): fix open-coded filp_clone_open()
* Bionic update: upstream stable patchset 2019-01-15 (LP: #1811877)
- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
- x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
- x86/paravirt: Make native_save_fl() extern inline
- Btrfs: fix duplicate extents after fsync of file with prealloc extents
- cpufreq / CPPC: Set platform specific transition_delay_us
- PCI: exynos: Fix a potential init_clk_resources NULL pointer dereference
- alx: take rtnl before calling __alx_open from resume
- atm: Preserve value of skb->truesize when accounting to vcc
- atm: zatm: Fix potential Spectre v1
- ipv6: sr: fix passing wrong flags to crypto_alloc_shash()
- ipvlan: fix IFLA_MTU ignored on NEWLINK
- ixgbe: split XDP_TX tail and XDP_REDIRECT map flushing
- net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
- net: dccp: switch rx_tstamp_last_feedback to monotonic clock
- net: fix use-after-free in GRO with ESP
- net: macb: Fix ptp time adjustment for large negative delta
- net/mlx5e: Avoid dealing with vport representors if not being e-switch
manager
- net/mlx5: E-Switch, Avoid setup attempt if not being e-switch manager
- net/mlx5: Fix command interface race in polling mode
- net/mlx5: Fix incorrect raw command length parsing
- net/mlx5: Fix required capability for manipulating MPFS
- net/mlx5: Fix wrong size allocation for QoS ETC TC regitster
- net: mvneta: fix the Rx desc DMA address in the Rx path
- net/packet: fix use-after-free
- net_sched: blackhole: tell upper qdisc about dropped packets
- net: sungem: fix rx checksum support
- net/tcp: Fix socket lookups with SO_BINDTODEVICE
- qede: Adverstise software timestamp caps when PHC is not available.
- qed: Fix setting of incorrect eswitch mode.
- qed: Fix use of incorrect size in memcpy call.
- qed: Limit msix vectors in kdump kernel to the minimum required count.
- r8152: napi hangup fix after disconnect
- stmmac: fix DMA channel hang in half-duplex mode
- strparser: Remove early eaten to fix full tcp receive buffer stall
- tcp: fix Fast Open key endianness
- tcp: prevent bogus FRTO undos with non-SACK flows
- vhost_net: validate sock before trying to put its fd
- VSOCK: fix loopback on big-endian systems
- net: cxgb3_main: fix potential Spectre v1
- rtlwifi: Fix kernel Oops "Fw download fail!!"
- rtlwifi: rtl8821ae: fix firmware is not ready to run
- net: lan78xx: Fix race in tx pending skb size calculation
- crypto: af_alg - Initialize sg_num_bytes in error code path
- mtd: rawnand: denali_dt: set clk_x_rate to 200 MHz unconditionally
- PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg()
- netfilter: ebtables: reject non-bridge targets
- reiserfs: fix buffer overflow with long warning messages
- KEYS: DNS: fix parsing multiple options
- tls: Stricter error checking in zerocopy sendmsg path
- autofs: fix slab out of bounds read in getname_kernel()
- nsh: set mac len based on inner packet
- bdi: Fix another oops in wb_workfn()
- rds: avoid unenecessary cong_update in loop transport
- net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
- string: drop __must_check from strscpy() and restore strscpy() usages in
cgroup
- nfsd: COPY and CLONE operations require the saved filehandle to be set
- net/sched: act_ife: fix recursive lock and idr leak
- net/sched: act_ife: preserve the action control in case of error
- hinic: reset irq affinity before freeing irq
- nfp: flower: fix mpls ether type detection
- net: macb: initialize bp->queues[0].bp for at91rm9200
- enic: do not overwrite error code
- virtio_net: fix memory leak in XDP_REDIRECT
- netfilter: ipv6: nf_defrag: drop skb dst before queueing
- ipvs: initialize tbl->entries after allocation
- ipvs: initialize tbl->entries in ip_vs_lblc_init_svc()
- bpf: enforce correct alignment for instructions
- bpf, arm32: fix to use bpf_jit_binary_lock_ro api
* Fix non-working pinctrl-intel (LP: #1811777)
- pinctrl: intel: Implement intel_gpio_get_direction callback
- pinctrl: intel: Do pin translation in other GPIO operations as well
* ip6_gre: fix tunnel list corruption for x-netns (LP: #1812875)
- ip6_gre: fix tunnel list corruption for x-netns
* Userspace break as a result of missing patch backport (LP: #1813873)
- tty: Don't hold ldisc lock in tty_reopen() if ldisc present
* kvm_stat : missing python dependency (LP: #1798776)
- tools/kvm_stat: fix python3 issues
- tools/kvm_stat: switch to python3
* [SRU] Fix Xorg crash with nomodeset when BIOS enable 64-bit fb addr
(LP: #1812797)
- vgaarb: Add support for 64-bit frame buffer address
- vgaarb: Keep adding VGA device in queue
* Fix non-working QCA Rome Bluetooth after S3 (LP: #1812812)
- USB: Add new USB LPM helpers
- USB: Consolidate LPM checks to avoid enabling LPM twice
* ptrace-tm-spd-gpr in powerpc/ptrace from ubuntu_kerenl_selftests failed on
Bionic P8 (LP: #1813127)
- selftests/powerpc: Fix ptrace tm failure
* [SRU] IO's are issued with incorrect Scatter Gather Buffer (LP: #1795453)
- scsi: megaraid_sas: Use 63-bit DMA addressing
* Consider enabling CONFIG_NETWORK_PHY_TIMESTAMPING (LP: #1785816)
- [Config] Enable timestamping in network PHY devices
* CVE-2018-19854
- crypto: user - fix leaking uninitialized memory to userspace
* x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
(LP: #1813532)
- x86/mm: Do not warn about PCI BIOS W+X mappings
* CVE-2019-6133
- fork: record start_time late
* Fix not working Goodix touchpad (LP: #1811929)
- HID: i2c-hid: Disable runtime PM on Goodix touchpad
* bluetooth controller not detected with 4.15 kernel (LP: #1810797)
- SAUCE: btqcomsmd: introduce BT_QCOMSMD_HACK
- [Config] arm64: snapdragon: BT_QCOMSMD_HACK=y
* X1 Extreme: only one of the two SSDs is loaded (LP: #1811755)
- nvme-core: rework a NQN copying operation
- nvme: pad fake subsys NQN vid and ssvid with zeros
- nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN
* Crash on "ip link add foo type ipip" (LP: #1811803)
- SAUCE: fan: Fix NULL pointer dereference
-- Khalid Elmously <khalid.elmously@xxxxxxxxxxxxx> Wed, 06 Feb 2019
04:57:21 +0000
** Changed in: linux (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-18397
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-19854
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-6133
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1793901
Title:
kernel oops in bcache module
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Trusty:
Fix Committed
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Cosmic:
Fix Committed
Bug description:
SRU Justification
=================
[Impact]
Some users see panics like the following when performing fstrim on a
bcached volume:
[ 529.803060] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[ 530.183928] #PF error: [normal kernel read fault]
[ 530.412392] PGD 8000001f42163067 P4D 8000001f42163067 PUD 1f42168067 PMD 0
[ 530.750887] Oops: 0000 [#1] SMP PTI
[ 530.920869] CPU: 10 PID: 4167 Comm: fstrim Kdump: loaded Not tainted 5.0.0-rc1+ #3
[ 531.290204] Hardware name: HP ProLiant DL360 Gen9/ProLiant DL360 Gen9, BIOS P89 12/27/2015
[ 531.693137] RIP: 0010:blk_queue_split+0x148/0x620
[ 531.922205] Code: 60 38 89 55 a0 45 31 db 45 31 f6 45 31 c9 31 ff 89 4d 98 85 db 0f 84 7f 04 00 00 44 8b 6d 98 4c 89 ee 48 c1 e6 04 49 03 70 78 <8b> 46 08 44 8b 56 0c 48
8b 16 44 29 e0 39 d8 48 89 55 a8 0f 47 c3
[ 532.838634] RSP: 0018:ffffb9b708df39b0 EFLAGS: 00010246
[ 533.093571] RAX: 00000000ffffffff RBX: 0000000000046000 RCX: 0000000000000000
[ 533.441865] RDX: 0000000000000200 RSI: 0000000000000000 RDI: 0000000000000000
[ 533.789922] RBP: ffffb9b708df3a48 R08: ffff940d3b3fdd20 R09: 0000000000000000
[ 534.137512] R10: ffffb9b708df3958 R11: 0000000000000000 R12: 0000000000000000
[ 534.485329] R13: 0000000000000000 R14: 0000000000000000 R15: ffff940d39212020
[ 534.833319] FS: 00007efec26e3840(0000) GS:ffff940d1f480000(0000) knlGS:0000000000000000
[ 535.224098] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 535.504318] CR2: 0000000000000008 CR3: 0000001f4e256004 CR4: 00000000001606e0
[ 535.851759] Call Trace:
[ 535.970308] ? mempool_alloc_slab+0x15/0x20
[ 536.174152] ? bch_data_insert+0x42/0xd0 [bcache]
[ 536.403399] blk_mq_make_request+0x97/0x4f0
[ 536.607036] generic_make_request+0x1e2/0x410
[ 536.819164] submit_bio+0x73/0x150
[ 536.980168] ? submit_bio+0x73/0x150
[ 537.149731] ? bio_associate_blkg_from_css+0x3b/0x60
[ 537.391595] ? _cond_resched+0x1a/0x50
[ 537.573774] submit_bio_wait+0x59/0x90
[ 537.756105] blkdev_issue_discard+0x80/0xd0
[ 537.959590] ext4_trim_fs+0x4a9/0x9e0
[ 538.137636] ? ext4_trim_fs+0x4a9/0x9e0
[ 538.324087] ext4_ioctl+0xea4/0x1530
[ 538.497712] ? _copy_to_user+0x2a/0x40
[ 538.679632] do_vfs_ioctl+0xa6/0x600
[ 538.853127] ? __do_sys_newfstat+0x44/0x70
[ 539.051951] ksys_ioctl+0x6d/0x80
[ 539.212785] __x64_sys_ioctl+0x1a/0x20
[ 539.394918] do_syscall_64+0x5a/0x110
[ 539.568674] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[Fix]
Under certain conditions, the test for whether an operation should be
written back to the underlying device was incorrect. Specifically, in
should_writeback(), we were hitting a case where an optimisation for
partial stripe conditions was returning true and so should_writeback()
was returning true early. This caused the code to go down an incorrect
path and create bios that contained NULL pointers.
To fix this issue, make sure that should_writeback() on a discard op
never returns true.
[Test Case]
We have observed it on some systems where both:
1) LVM/devmapper is involved (bcache backing device is LVM volume) and
2) writeback cache is involved (bcache cache_mode is writeback)
Not every machine exhibits the bug. On one machine that does exhibit
the bug, we can reliably reproduce it with:
# echo writeback > /sys/block/bcache0/bcache/cache_mode
# mount /dev/bcache0 /test
# for i in {0..10}; do file="$(mktemp /test/zero.XXX)"; dd if=/dev/zero of="$file" bs=1M count=256; sync; rm $file; done; fstrim -v /test
[Regression Potential]
This could affect any device where bcache is used.
In mitigation, however: the patch is simple, is limited to considering
discard operations. The patch has been accepted upstream [1] and the
maintainer will be including it in SuSE kernels [2]. A Gentoo user
validated the upstream patch independently [3].
[1] https://www.spinics.net/lists/linux-bcache/msg06997.html
[2] https://www.spinics.net/lists/linux-bcache/msg06998.html
[3] https://bugzilla.kernel.org/show_bug.cgi?id=196103#c3
[Original Description]
This was on an 18.04.1 install running the 4.15-34 generic kernel image, running from a normal ext4 root device.
I had just a short while before created a new bcache device that was mounted but to which no data had been written yet. Then without any apparent particular reason, an apport error popped up to inform of a bcache kernel oops. Crash log was uploaded but no idea how to link it, so I attach it as well.
Mostly I would like to know how concerned I should be as after a previous, successful test I wanted to move the whole install to bcache. Ideally, if this is a bug or similar, it would be nice if it could get fixed.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-34-generic 4.15.0-34.37
ProcVersionSignature: Ubuntu 4.15.0-34.37-generic 4.15.18
Uname: Linux 4.15.0-34-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu7.3
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Sat Sep 22 18:20:22 2018
HibernationDevice: RESUME=UUID=6bcbe7fa-85b7-4baf-9b69-0558a668bcdd
InstallationDate: Installed on 2014-07-29 (1515 days ago)
InstallationMedia: It
IwConfig:
zthnhe3w6d no wireless extensions.
eth1 no wireless extensions.
lo no wireless extensions.
MachineType: System manufacturer System Product Name
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
ProcFB: 0 EFI VGA
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-34-generic root=UUID=ebbab625-f14e-44ba-84d5-025ed92a5b2a ro quiet splash
RelatedPackageVersions:
linux-restricted-modules-4.15.0-34-generic N/A
linux-backports-modules-4.15.0-34-generic N/A
linux-firmware 1.173.1
RfKill:
0: hci0: Bluetooth
Soft blocked: yes
Hard blocked: no
SourcePackage: linux
UpgradeStatus: Upgraded to bionic on 2018-09-07 (15 days ago)
dmi.bios.date: 10/22/2015
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 0604
dmi.board.asset.tag: Default string
dmi.board.name: H170I-PLUS D3
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: Rev X.0x
dmi.chassis.asset.tag: Default string
dmi.chassis.type: 3
dmi.chassis.vendor: Default string
dmi.chassis.version: Default string
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr0604:bd10/22/2015:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnH170I-PLUSD3:rvrRevX.0x:cvnDefaultstring:ct3:cvrDefaultstring:
dmi.product.family: Default string
dmi.product.name: System Product Name
dmi.product.version: System Version
dmi.sys.vendor: System manufacturer
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793901/+subscriptions
