kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #140673
[Bug 1503655] Re: Kernel bug in eventpoll_release_file+0x46/0xa0 with 3.13.0-66.107
This bug was fixed in the package linux - 3.13.0-66.108
---------------
linux (3.13.0-66.108) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1503713
[ Andy Whitcroft ]
* Revert "SAUCE: aufs3: mmap: Fix races in madvise_remove() and
sys_msync()"
- LP: #1503655
[ Ben Hutchings ]
* SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
- LP: #1503655
- CVE-2015-7312
linux (3.13.0-66.107) trusty; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1503021
[ Ben Hutchings ]
* SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
- CVE-2015-7312
[ John Johansen ]
* SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
- LP: #1496430
[ Upstream Kernel Changes ]
* mmc: sdhci-pci: set the clear transfer mode register quirk for O2Micro
- LP: #1472843
* mmc: sdhci: Add a quirk for AMD SDHC transfer mode register need to be
cleared for cmd without data
- LP: #1472843
* n_tty: Fix poll() when TIME_CHAR and MIN_CHAR == 0
- LP: #1397976
* net: make skb_gso_segment error handling more robust
- LP: #1497048
* net: gso: use feature flag argument in all protocol gso handlers
- LP: #1497048
* md/raid10: always set reshape_safe when initializing reshape_position.
- LP: #1500810
* md: flush ->event_work before stopping array.
- LP: #1500810
* ipv6: addrconf: validate new MTU before applying it
- LP: #1500810
* virtio-net: drop NETIF_F_FRAGLIST
- LP: #1500810
* RDS: verify the underlying transport exists before creating a
connection
- LP: #1500810
* xen/gntdev: convert priv->lock to a mutex
- LP: #1500810
* xen/gntdevt: Fix race condition in gntdev_release()
- LP: #1500810
* PCI: Restore PCI_MSIX_FLAGS_BIRMASK definition
- LP: #1500810
* nfsd: Drop BUG_ON and ignore SECLABEL on absent filesystem
- LP: #1500810
* crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer
- LP: #1500810
* xen-blkfront: don't add indirect pages to list when !feature_persistent
- LP: #1500810
* xen-blkback: replace work_pending with work_busy in
purge_persistent_gnt()
- LP: #1500810
* USB: sierra: add 1199:68AB device ID
- LP: #1500810
* regmap: regcache-rbtree: Clean new present bits on present bitmap
resize
- LP: #1500810
* target/iscsi: Fix double free of a TUR followed by a solicited NOPOUT
- LP: #1500810
* rbd: fix copyup completion race
- LP: #1500810
* md/raid1: extend spinlock to protect raid1_end_read_request against
inconsistencies
- LP: #1500810
* target: REPORT LUNS should return LUN 0 even for dynamic ACLs
- LP: #1500810
* MIPS: Fix sched_getaffinity with MT FPAFF enabled
- LP: #1500810
* xhci: fix off by one error in TRB DMA address boundary check
- LP: #1500810
* perf: Fix fasync handling on inherited events
- LP: #1500810
* mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations
- LP: #1500810
* MIPS: Make set_pte() SMP safe.
- LP: #1500810
* ipc: modify message queue accounting to not take kernel data structures
into account
- LP: #1500810
* ocfs2: fix BUG in ocfs2_downconvert_thread_do_work()
- LP: #1500810
* fsnotify: fix oops in fsnotify_clear_marks_by_group_flags()
- LP: #1500810
* KVM: x86: Use adjustment in guest cycles when handling
MSR_IA32_TSC_ADJUST
- LP: #1500810
* localmodconfig: Use Kbuild files too
- LP: #1500810
* dm thin metadata: delete btrees when releasing metadata snapshot
- LP: #1500810
* dm btree: add ref counting ops for the leaves of top level btrees
- LP: #1500810
* drm/radeon: add new OLAND pci id
- LP: #1500810
* libiscsi: Fix host busy blocking during connection teardown
- LP: #1500810
* libfc: Fix fc_exch_recv_req() error path
- LP: #1500810
* libfc: Fix fc_fcp_cleanup_each_cmd()
- LP: #1500810
* EDAC, ppc4xx: Access mci->csrows array elements properly
- LP: #1500810
* crypto: caam - fix memory corruption in ahash_final_ctx
- LP: #1500810
* mm/hwpoison: fix page refcount of unknown non LRU page
- LP: #1500810
* ipc,sem: fix use after free on IPC_RMID after a task using same
semaphore set exits
- LP: #1500810
* ipc/sem.c: change memory barrier in sem_lock() to smp_rmb()
- LP: #1500810
* ipc/sem.c: update/correct memory barriers
- LP: #1500810
* Add factory recertified Crucial M500s to blacklist
- LP: #1500810
* arm64: KVM: Fix host crash when injecting a fault into a 32bit guest
- LP: #1500810
* batman-adv: protect tt_local_entry from concurrent delete events
- LP: #1500810
* ip6_gre: release cached dst on tunnel removal
- LP: #1500810
* net: Fix RCU splat in af_key
- LP: #1500810
* rds: fix an integer overflow test in rds_info_getsockopt()
- LP: #1500810
* udp: fix dst races with multicast early demux
- LP: #1500810
* sparc64: Fix userspace FPU register corruptions.
- LP: #1500810
* ipv6: lock socket in ip6_datagram_connect()
- LP: #1500810
* rtnetlink: verify IFLA_VF_INFO attributes before passing them to driver
- LP: #1500810
* net/tipc: initialize security state for new connection socket
- LP: #1500810
* net: pktgen: fix race between pktgen_thread_worker() and kthread_stop()
- LP: #1500810
* net: call rcu_read_lock early in process_backlog
- LP: #1500810
* net: Fix skb csum races when peeking
- LP: #1500810
* netlink: don't hold mutex in rcu callback when releasing mmapd ring
- LP: #1500810
* Linux 3.13.11-ckt27
- LP: #1500810
-- Luis Henriques <luis.henriques@xxxxxxxxxxxxx> Wed, 07 Oct 2015
14:29:57 +0100
** Changed in: linux (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7312
** Changed in: linux-lts-utopic (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-5156
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-6937
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1503655
Title:
Kernel bug in eventpoll_release_file+0x46/0xa0 with 3.13.0-66.107
Status in linux package in Ubuntu:
Triaged
Status in linux-lts-utopic package in Ubuntu:
Invalid
Status in linux source package in Trusty:
Fix Released
Status in linux-lts-utopic source package in Trusty:
Fix Released
Status in linux source package in Vivid:
Fix Committed
Status in linux-lts-utopic source package in Vivid:
Invalid
Status in linux source package in Wily:
Triaged
Status in linux-lts-utopic source package in Wily:
Invalid
Bug description:
With the latest kernel in trusty-proposed I seem to get panics on my
X230 laptop:
BUG: unable to handle kernel paging request at fffffffffffffff8
IP: [<ffffffff81207176>] eventpoll_release_file+0x46/0xa0
PGD 1c11067 PUD 1c13067 PMD 0
Oops: 0000 [#1] SMP
Modules linked in: snd_hrtimer ip6table_filter ip6_tables ebtable_nat ebt
CPU: 1 PID: 1939 Comm: pulseaudio Not tainted 3.13.0-66-generic #107-Ubun
Hardware name: LENOVO 2324CTO/2324CTO, BIOS G2ET94WW (2.54 ) 04/30/2013
task: ffff8800c2068000 ti: ffff8800c4826000 task.ti: ffff8800c4826000
RIP: 0010:[<ffffffff81207176>] [<ffffffff81207176>] eventpoll_release_fi
RSP: 0018:ffff8800c4827e78 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffffffffffffffb7 RCX: 000000000000000f
RDX: 0000000001000000 RSI: 0000000000000000 RDI: ffffffff81c72e80
RBP: ffff8800c4827ea0 R08: 0000000000000000 R09: 0000000000040000
R10: ffff880210471e61 R11: 0000000000000206 R12: ffffffffffffffa8
R13: ffff880210471e61 R14: ffff8800c4bc6c00 R15: ffff8800c4acc8f0
FS: 00007f3dbedd6740(0000) GS:ffff88021e240000(0000) knlGS:0000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffffffffff8 CR3: 00000000ce1da000 CR4: 00000000001407e0
Stack:
ffff8800c4acc840 0000000000000008 ffff880210471e61 ffff8800c4bc6c00
ffff8800c4afdc00 ffff8800c4827ee8 ffffffff811c00aa 0000000000000000
ffff8800c2068000 0000000000000000 ffffffff81ebb680 ffff8800c2068620
Call Trace:
[<ffffffff811c00aa>] __fput+0x24a/0x260
[<ffffffff811c010e>] ____fput+0xe/0x10
[<ffffffff81088557>] task_work_run+0xa7/0xe0
[<ffffffff81013ed7>] do_notify_resume+0x97/0xb0
[<ffffffff81734f5a>] int_signal+0x12/0x17
Code: 00 41 56 41 55 41 54 53 e8 68 37 52 00 49 8b 07 48 8b 08 49 39 c7 4
RIP [<ffffffff81207176>] eventpoll_release_file+0x46/0xa0
RSP <ffff8800c4827e78>
CR2: fffffffffffffff8
---[ end trace f2ee3b43ddaf4bd4 ]---
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1503655/+subscriptions
References
