← Back to team overview

kernel-packages team mailing list archive

[Bug 1413129] Re: [trusty] btrfs: reboot/crash when running xfs btrfs tests 035

 

This bug was fixed in the package linux - 3.13.0-46.75

---------------
linux (3.13.0-46.75) trusty; urgency=low

  [ Seth Forshee ]

  * Release Tracking Bug
    - LP: #1419963

  [ Andy Whitcroft ]

  * [Debian] arm64 -- build ubuntu drivers
    - LP: #1411284
  * hyper-v -- fix comment handing in /etc/network/interfaces
    - LP: #1413020

  [ Kamal Mostafa ]

  * [Packaging] force "dpkg-source -I -i" behavior

  [ Upstream Kernel Changes ]

  * Revert "[SCSI] mpt2sas: Remove phys on topology change."
    - LP: #1419838
  * Revert "[SCSI] mpt3sas: Remove phys on topology change"
    - LP: #1419838
  * Btrfs: fix transaction abortion when remounting btrfs from RW to RO
    - LP: #1411320
  * Btrfs: fix a crash of clone with inline extents's split
    - LP: #1413129
  * net/mlx4_en: Add VXLAN ndo calls to the PF net device ops too
    - LP: #1407760
  * KVM: x86: SYSENTER emulation is broken
    - LP: #1414651
    - CVE-2015-0239
  * powerpc/xmon: Fix another endiannes issue in RTAS call from xmon
    - LP: #1415919
  * ipv6: fix swapped ipv4/ipv6 mtu_reduced callbacks
    - LP: #1404558, #1419837
  * usb: gadget: at91_udc: move prepare clk into process context
    - LP: #1419837
  * KVM: x86: Fix far-jump to non-canonical check
    - LP: #1419837
  * x86/tls: Validate TLS entries to protect espfix
    - LP: #1419837
  * userns: Check euid no fsuid when establishing an unprivileged uid
    mapping
    - LP: #1419837
  * userns: Document what the invariant required for safe unprivileged
    mappings.
    - LP: #1419837
  * userns: Only allow the creator of the userns unprivileged mappings
    - LP: #1419837
  * x86_64, switch_to(): Load TLS descriptors before switching DS and ES
    - LP: #1419837
  * isofs: Fix infinite looping over CE entries
    - LP: #1419837
  * batman-adv: Calculate extra tail size based on queued fragments
    - LP: #1419837
  * KEYS: close race between key lookup and freeing
    - LP: #1419837
  * isofs: Fix unchecked printing of ER records
    - LP: #1419837
  * x86_64, vdso: Fix the vdso address randomization algorithm
    - LP: #1419837
  * groups: Consolidate the setgroups permission checks
    - LP: #1419837
  * userns: Don't allow setgroups until a gid mapping has been setablished
    - LP: #1419837
  * userns: Don't allow unprivileged creation of gid mappings
    - LP: #1419837
  * move d_rcu from overlapping d_child to overlapping d_alias
    - LP: #1419837
  * deal with deadlock in d_walk()
    - LP: #1419837
  * Linux 3.13.11-ckt14
    - LP: #1419837
  * gre: fix the inner mac header in nbma tunnel xmit path
    - LP: #1419838
  * netlink: Always copy on mmap TX.
    - LP: #1419838
  * netlink: Don't reorder loads/stores before marking mmap netlink frame
    as available
    - LP: #1419838
  * in6: fix conflict with glibc
    - LP: #1419838
  * tg3: tg3_disable_ints using uninitialized mailbox value to disable
    interrupts
    - LP: #1419838
  * batman-adv: Unify fragment size calculation
    - LP: #1419838
  * batman-adv: avoid NULL dereferences and fix if check
    - LP: #1419838
  * net: Fix stacked vlan offload features computation
    - LP: #1419838
  * net: Reset secmark when scrubbing packet
    - LP: #1419838
  * tcp: Do not apply TSO segment limit to non-TSO packets
    - LP: #1419838
  * alx: fix alx_poll()
    - LP: #1419838
  * team: avoid possible underflow of count_pending value for notify_peers
    and mcast_rejoin
    - LP: #1419838
  * enic: fix rx skb checksum
    - LP: #1419838
  * net/core: Handle csum for CHECKSUM_COMPLETE VXLAN forwarding
    - LP: #1419838
  * macvlan: unregister net device when netdev_upper_dev_link() fails
    - LP: #1419838
  * netfilter: conntrack: disable generic tracking for known protocols
    - LP: #1419838
  * xen-netfront: Fix handling packets on compound pages with skb_linearize
    - LP: #1317811, #1419838
  * xen-netfront: use correct linear area after linearizing an skb
    - LP: #1317811, #1419838
  * eCryptfs: Force RO mount when encrypted view is enabled
    - LP: #1419838
  * smiapp: Take mutex during PLL update in sensor initialisation
    - LP: #1419838
  * smiapp-pll: Correct clock debug prints
    - LP: #1419838
  * sound: simplify au0828 quirk table
    - LP: #1419838
  * sound: Update au0828 quirks table
    - LP: #1419838
  * af9005: fix kernel panic on init if compiled without IR
    - LP: #1419838
  * writeback: fix a subtle race condition in I_DIRTY clearing
    - LP: #1419838
  * usb: renesas_usbhs: gadget: fix NULL pointer dereference in
    ep_disable()
    - LP: #1419838
  * KVM: s390: flush CPU on load control
    - LP: #1419838
  * UBI: Fix double free after do_sync_erase()
    - LP: #1419838
  * UBI: Fix invalid vfree()
    - LP: #1419838
  * Drivers: hv: vmbus: Fix a race condition when unregistering a device
    - LP: #1419838
  * driver core: Fix unbalanced device reference in drivers_probe
    - LP: #1419838
  * PCI: Restore detection of read-only BARs
    - LP: #1419838
  * scsi: correct return values for .eh_abort_handler implementations
    - LP: #1419838
  * drm/radeon: fix typo in CI dpm disable
    - LP: #1419838
  * ARM: tegra: Re-add removed SoC id macro to tegra_resume()
    - LP: #1419838
  * arm64: Add COMPAT_HWCAP_LPAE
    - LP: #1419838
  * genhd: check for int overflow in disk_expand_part_tbl()
    - LP: #1419838
  * ftrace/x86: Add frames pointers to trampoline as necessary
    - LP: #1419838
  * drm/ttm: Avoid memory allocation from shrinker functions.
    - LP: #1419838
  * ASoC: sigmadsp: Refuse to load firmware files with a non-supported
    version
    - LP: #1419838
  * drm/radeon: work around a hw bug in MGCG on CIK
    - LP: #1419838
  * Btrfs: make sure we wait on logged extents when fsycning two subvols
    - LP: #1419838
  * Btrfs: do not move em to modified list when unpinning
    - LP: #1419838
  * megaraid_sas: corrected return of wait_event from abort frame path
    - LP: #1419838
  * ASoC: max98090: Fix ill-defined sidetone route
    - LP: #1419838
  * blk-mq: use 'nr_cpu_ids' as highest CPU ID count for hwq <-> cpu map
    - LP: #1419838
  * nfs41: fix nfs4_proc_layoutget error handling
    - LP: #1419838
  * cdc-acm: memory leak in error case
    - LP: #1419838
  * USB: cdc-acm: check for valid interfaces
    - LP: #1419838
  * x86/asm/traps: Disable tracing and kprobes in fixup_bad_iret and
    sync_regs
    - LP: #1419838
  * uvcvideo: Fix destruction order in uvc_delete()
    - LP: #1419838
  * HID: i2c-hid: fix race condition reading reports
    - LP: #1419838
  * mfd: tc6393xb: Fail ohci suspend if full state restore is required
    - LP: #1419838
  * serial: samsung: wait for transfer completion before clock disable
    - LP: #1419838
  * mmc: dw_mmc: avoid write to CDTHRCTL on older versions
    - LP: #1419838
  * Bluetooth: ath3k: Add support of MCI 13d3:3408 bt device
    - LP: #1419838
  * eCryptfs: Remove buggy and unnecessary write in file name decode
    routine
    - LP: #1419838
  * n_tty: Fix read_buf race condition, increment read_head after pushing
    data
    - LP: #1419838
  * dm cache: only use overwrite optimisation for promotion when in
    writeback mode
    - LP: #1419838
  * dm cache: dirty flag was mistakenly being cleared when promoting via
    overwrite
    - LP: #1419838
  * dm bufio: fix memleak when using a dm_buffer's inline bio
    - LP: #1419838
  * ath9k_hw: fix hardware queue allocation
    - LP: #1419838
  * ath9k: fix BE/BK queue order
    - LP: #1419838
  * ath5k: fix hardware queue index assignment
    - LP: #1419838
  * tcm_loop: Fix wrong I_T nexus association
    - LP: #1419838
  * iwlwifi: dvm: fix flush support for old firmware
    - LP: #1419838
  * iommu/vt-d: Fix an off-by-one bug in __domain_mapping()
    - LP: #1419838
  * dm crypt: use memzero_explicit for on-stack buffer
    - LP: #1419838
  * mnt: Implicitly add MNT_NODEV on remount when it was implicitly added
    by mount
    - LP: #1419838
  * mnt: Update unprivileged remount test
    - LP: #1419838
  * umount: Disallow unprivileged mount force
    - LP: #1419838
  * md/raid56: Don't perform reads to support writes until stripe is ready.
    - LP: #1419838
  * md/raid5: avoid livelock caused by non-aligned writes.
    - LP: #1419838
  * md/raid5: fetch_block must fetch all the blocks handle_stripe_dirtying
    wants.
    - LP: #1419838
  * drm/i915: Disallow pin ioctl completely for kms drivers
    - LP: #1419838
  * drm/vmwgfx: Don't use memory accounting for kernel-side fence objects
    - LP: #1419838
  * drm/vmwgfx: Fix fence event code
    - LP: #1419838
  * hp_accel: Add support for HP ZBook 15
    - LP: #1419838
  * drm/radeon: check the right ring in radeon_evict_flags()
    - LP: #1419838
  * swiotlb-xen: pass dev_addr to xen_dma_unmap_page and
    xen_dma_sync_single_for_cpu
    - LP: #1419838
  * swiotlb-xen: call xen_dma_sync_single_for_device when appropriate
    - LP: #1419838
  * clocksource: arch_timer: Fix code to use physical timers when requested
    - LP: #1419838
  * ALSA: hda - Fix built-in mic at resume on Lenovo Ideapad S210
    - LP: #1419838
  * can: peak_usb: fix memset() usage
    - LP: #1419838
  * can: peak_usb: fix cleanup sequence order in case of error during init
    - LP: #1419838
  * ALSA: usb-audio: Don't resubmit pending URBs at MIDI error recovery
    - LP: #1419838
  * KEYS: Fix stale key registration at error path
    - LP: #1419838
  * thermal: Fix error path in thermal_init()
    - LP: #1419838
  * blk-mq: Fix a use-after-free
    - LP: #1419838
  * fs: nfsd: Fix signedness bug in compare_blob
    - LP: #1419838
  * nfsd4: fix xdr4 inclusion of escaped char
    - LP: #1419838
  * userns: Rename id_map_mutex to userns_state_mutex
    - LP: #1419838
  * drm/i915: Don't complain about stolen conflicts on gen3
    - LP: #1419838
  * ALSA: hda - Add EAPD fixup for ASUS Z99He laptop
    - LP: #1419838
  * Btrfs: fix fs corruption on transaction abort if device supports
    discard
    - LP: #1419838
  * ncpfs: return proper error from NCP_IOC_SETROOT ioctl
    - LP: #1419838
  * drivers/rtc/rtc-sirfsoc.c: move hardware initilization earlier in probe
    - LP: #1419838
  * rtc: omap: fix missing wakealarm attribute
    - LP: #1419838
  * exit: pidns: alloc_pid() leaks pid_namespace if child_reaper is exiting
    - LP: #1419838
  * perf/x86/intel/uncore: Make sure only uncore events are collected
    - LP: #1419838
  * perf: Fix events installation during moving group
    - LP: #1419838
  * KVM: nVMX: Disable unrestricted mode if ept=0
    - LP: #1419838
  * drm/i915: save/restore GMBUS freq across suspend/resume on gen4
    - LP: #1419838
  * pstore-ram: Fix hangs by using write-combine mappings
    - LP: #1419838
  * pstore-ram: Allow optional mapping with pgprot_noncached
    - LP: #1419838
  * userns: Add a knob to disable setgroups on a per user namespace basis
    - LP: #1419838
  * userns: Allow setting gid_maps without privilege when setgroups is
    disabled
    - LP: #1419838
  * userns: Unbreak the unprivileged remount tests
    - LP: #1419838
  * HID: i2c-hid: prevent buffer overflow in early IRQ
    - LP: #1419838
  * mac80211: fix multicast LED blinking and counter
    - LP: #1419838
  * cfg80211: avoid mem leak on driver hint set
    - LP: #1419838
  * mtd: tests: abort torturetest on erase errors
    - LP: #1419838
  * tracing/sched: Check preempt_count() for current when reading
    task->state
    - LP: #1419838
  * iscsi,iser-target: Initiate termination only once
    - LP: #1419838
  * iser-target: Fix flush + disconnect completion handling
    - LP: #1419838
  * iser-target: Parallelize CM connection establishment
    - LP: #1419838
  * iser-target: Fix connected_handler + teardown flow race
    - LP: #1419838
  * iser-target: Handle ADDR_CHANGE event for listener cm_id
    - LP: #1419838
  * iser-target: Fix implicit termination of connections
    - LP: #1419838
  * genirq: Prevent proc race against freeing of irq descriptors
    - LP: #1419838
  * x86/tls: Disallow unusual TLS segments
    - LP: #1419838
  * powerpc/powernv: Switch off MMU before entering nap/sleep/rvwinkle mode
    - LP: #1419838
  * ARC: [nsimosci] move peripherals to match model to FPGA
    - LP: #1419838
  * scsi: blacklist RSOC for Microsoft iSCSI target devices
    - LP: #1419838
  * rtlwifi: rtl8192ce: Set fw_ready flag
    - LP: #1419838
  * iscsi-target: Fail connection on short sendmsg writes
    - LP: #1419838
  * mac80211: free management frame keys when removing station
    - LP: #1419838
  * ceph: do_sync is never initialized
    - LP: #1419838
  * x86/tls: Don't validate lm in set_thread_area() after all
    - LP: #1419838
  * ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam rPAC
    - LP: #1419838
  * mnt: Fix a memory stomp in umount
    - LP: #1419838
  * ocfs2: fix journal commit deadlock
    - LP: #1419838
  * tick/powerclamp: Remove tick_nohz_idle abuse
    - LP: #1419838
  * Linux 3.13.11-ckt15
    - LP: #1419838

  [ Xiong Zhang ]

  * SAUCE: ubuntu/i915: power on sink if dpcd read fail
    - LP: #1416451
 -- Seth Forshee <seth.forshee@xxxxxxxxxxxxx>   Mon, 09 Feb 2015 14:08:50 -0600

** Changed in: linux (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-0239

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1413129

Title:
  [trusty] btrfs: reboot/crash when running xfs btrfs tests 035

Status in linux package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Released

Bug description:
  Running xfs btrfs specific tests 035 with various mount options with 7
  target btrfs devices causes the kernel to crash when running inside a
  virtual machine.   Bisecting tracked the fix down to commit
  00fdf13a2e9f313a044288aa59d3b8ec29ff904a:

  Author: Liu Bo <bo.li.liu@xxxxxxxxxx>
  Date:   Mon Mar 10 18:56:07 2014 +0800

      Btrfs: fix a crash of clone with inline extents's split

      xfstests's btrfs/035 triggers a BUG_ON, which we use to detect the split
      of inline extents in __btrfs_drop_extents().

      For inline extents, we cannot duplicate another EXTENT_DATA item, because
      it breaks the rule of inline extents, that is, 'start offset' needs to be 0.

      We have set limitations for the source inode's compressed inline extents,
      because it needs to decompress and recompress.  Now the destination inode's
      inline extents also need similar limitations.

      With this, xfstests btrfs/035 doesn't run into panic.

      Signed-off-by: Liu Bo <bo.li.liu@xxxxxxxxxx>
      Signed-off-by: Chris Mason <clm@xxxxxx>

  SRU Justification:

  [Impact]
  Running standard btrfs test 035 will cause a machine to reboot.

  [Fix]
  commit 00fdf13a2e9f313a044288aa59d3b8ec29ff904a
   Btrfs: fix a crash of clone with inline extents's split

  [Testcase]
  Run xfs "btrfs specific" test 35 with 7 devices for the btrfs scratch pool. Run with all mount options. Without the fix, the machine reboots. With the fix, one can run this multiple times w/o a reboot.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1413129/+subscriptions


References