← Back to team overview

kernel-packages team mailing list archive

[Bug 1503655] Re: Kernel bug in eventpoll_release_file+0x46/0xa0 with 3.13.0-66.107

 

This bug was fixed in the package linux - 3.13.0-66.108

---------------
linux (3.13.0-66.108) trusty; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1503713

  [ Andy Whitcroft ]

  * Revert "SAUCE: aufs3: mmap: Fix races in madvise_remove() and
    sys_msync()"
    - LP: #1503655

  [ Ben Hutchings ]

  * SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
    - LP: #1503655
    - CVE-2015-7312

linux (3.13.0-66.107) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1503021

  [ Ben Hutchings ]

  * SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
    - CVE-2015-7312

  [ John Johansen ]

  * SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
    - LP: #1496430

  [ Upstream Kernel Changes ]

  * mmc: sdhci-pci: set the clear transfer mode register quirk for O2Micro
    - LP: #1472843
  * mmc: sdhci: Add a quirk for AMD SDHC transfer mode register need to be
    cleared for cmd without data
    - LP: #1472843
  * n_tty: Fix poll() when TIME_CHAR and MIN_CHAR == 0
    - LP: #1397976
  * net: make skb_gso_segment error handling more robust
    - LP: #1497048
  * net: gso: use feature flag argument in all protocol gso handlers
    - LP: #1497048
  * md/raid10: always set reshape_safe when initializing reshape_position.
    - LP: #1500810
  * md: flush ->event_work before stopping array.
    - LP: #1500810
  * ipv6: addrconf: validate new MTU before applying it
    - LP: #1500810
  * virtio-net: drop NETIF_F_FRAGLIST
    - LP: #1500810
  * RDS: verify the underlying transport exists before creating a
    connection
    - LP: #1500810
  * xen/gntdev: convert priv->lock to a mutex
    - LP: #1500810
  * xen/gntdevt: Fix race condition in gntdev_release()
    - LP: #1500810
  * PCI: Restore PCI_MSIX_FLAGS_BIRMASK definition
    - LP: #1500810
  * nfsd: Drop BUG_ON and ignore SECLABEL on absent filesystem
    - LP: #1500810
  * crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer
    - LP: #1500810
  * xen-blkfront: don't add indirect pages to list when !feature_persistent
    - LP: #1500810
  * xen-blkback: replace work_pending with work_busy in
    purge_persistent_gnt()
    - LP: #1500810
  * USB: sierra: add 1199:68AB device ID
    - LP: #1500810
  * regmap: regcache-rbtree: Clean new present bits on present bitmap
    resize
    - LP: #1500810
  * target/iscsi: Fix double free of a TUR followed by a solicited NOPOUT
    - LP: #1500810
  * rbd: fix copyup completion race
    - LP: #1500810
  * md/raid1: extend spinlock to protect raid1_end_read_request against
    inconsistencies
    - LP: #1500810
  * target: REPORT LUNS should return LUN 0 even for dynamic ACLs
    - LP: #1500810
  * MIPS: Fix sched_getaffinity with MT FPAFF enabled
    - LP: #1500810
  * xhci: fix off by one error in TRB DMA address boundary check
    - LP: #1500810
  * perf: Fix fasync handling on inherited events
    - LP: #1500810
  * mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations
    - LP: #1500810
  * MIPS: Make set_pte() SMP safe.
    - LP: #1500810
  * ipc: modify message queue accounting to not take kernel data structures
    into account
    - LP: #1500810
  * ocfs2: fix BUG in ocfs2_downconvert_thread_do_work()
    - LP: #1500810
  * fsnotify: fix oops in fsnotify_clear_marks_by_group_flags()
    - LP: #1500810
  * KVM: x86: Use adjustment in guest cycles when handling
    MSR_IA32_TSC_ADJUST
    - LP: #1500810
  * localmodconfig: Use Kbuild files too
    - LP: #1500810
  * dm thin metadata: delete btrees when releasing metadata snapshot
    - LP: #1500810
  * dm btree: add ref counting ops for the leaves of top level btrees
    - LP: #1500810
  * drm/radeon: add new OLAND pci id
    - LP: #1500810
  * libiscsi: Fix host busy blocking during connection teardown
    - LP: #1500810
  * libfc: Fix fc_exch_recv_req() error path
    - LP: #1500810
  * libfc: Fix fc_fcp_cleanup_each_cmd()
    - LP: #1500810
  * EDAC, ppc4xx: Access mci->csrows array elements properly
    - LP: #1500810
  * crypto: caam - fix memory corruption in ahash_final_ctx
    - LP: #1500810
  * mm/hwpoison: fix page refcount of unknown non LRU page
    - LP: #1500810
  * ipc,sem: fix use after free on IPC_RMID after a task using same
    semaphore set exits
    - LP: #1500810
  * ipc/sem.c: change memory barrier in sem_lock() to smp_rmb()
    - LP: #1500810
  * ipc/sem.c: update/correct memory barriers
    - LP: #1500810
  * Add factory recertified Crucial M500s to blacklist
    - LP: #1500810
  * arm64: KVM: Fix host crash when injecting a fault into a 32bit guest
    - LP: #1500810
  * batman-adv: protect tt_local_entry from concurrent delete events
    - LP: #1500810
  * ip6_gre: release cached dst on tunnel removal
    - LP: #1500810
  * net: Fix RCU splat in af_key
    - LP: #1500810
  * rds: fix an integer overflow test in rds_info_getsockopt()
    - LP: #1500810
  * udp: fix dst races with multicast early demux
    - LP: #1500810
  * sparc64: Fix userspace FPU register corruptions.
    - LP: #1500810
  * ipv6: lock socket in ip6_datagram_connect()
    - LP: #1500810
  * rtnetlink: verify IFLA_VF_INFO attributes before passing them to driver
    - LP: #1500810
  * net/tipc: initialize security state for new connection socket
    - LP: #1500810
  * net: pktgen: fix race between pktgen_thread_worker() and kthread_stop()
    - LP: #1500810
  * net: call rcu_read_lock early in process_backlog
    - LP: #1500810
  * net: Fix skb csum races when peeking
    - LP: #1500810
  * netlink: don't hold mutex in rcu callback when releasing mmapd ring
    - LP: #1500810
  * Linux 3.13.11-ckt27
    - LP: #1500810

 -- Luis Henriques <luis.henriques@xxxxxxxxxxxxx>  Wed, 07 Oct 2015
14:29:57 +0100

** Changed in: linux (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7312

** Changed in: linux-lts-utopic (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-5156

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-6937

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1503655

Title:
  Kernel bug in eventpoll_release_file+0x46/0xa0 with 3.13.0-66.107

Status in linux package in Ubuntu:
  Triaged
Status in linux-lts-utopic package in Ubuntu:
  Invalid
Status in linux source package in Trusty:
  Fix Released
Status in linux-lts-utopic source package in Trusty:
  Fix Released
Status in linux source package in Vivid:
  Fix Committed
Status in linux-lts-utopic source package in Vivid:
  Invalid
Status in linux source package in Wily:
  Triaged
Status in linux-lts-utopic source package in Wily:
  Invalid

Bug description:
  With the latest kernel in trusty-proposed I seem to get panics on my
  X230 laptop:

  BUG: unable to handle kernel paging request at fffffffffffffff8
  IP: [<ffffffff81207176>] eventpoll_release_file+0x46/0xa0
  PGD 1c11067 PUD 1c13067 PMD 0 
  Oops: 0000 [#1] SMP 
  Modules linked in: snd_hrtimer ip6table_filter ip6_tables ebtable_nat ebt
  CPU: 1 PID: 1939 Comm: pulseaudio Not tainted 3.13.0-66-generic #107-Ubun
  Hardware name: LENOVO 2324CTO/2324CTO, BIOS G2ET94WW (2.54 ) 04/30/2013
  task: ffff8800c2068000 ti: ffff8800c4826000 task.ti: ffff8800c4826000
  RIP: 0010:[<ffffffff81207176>]  [<ffffffff81207176>] eventpoll_release_fi
  RSP: 0018:ffff8800c4827e78  EFLAGS: 00010286
  RAX: 0000000000000000 RBX: ffffffffffffffb7 RCX: 000000000000000f
  RDX: 0000000001000000 RSI: 0000000000000000 RDI: ffffffff81c72e80
  RBP: ffff8800c4827ea0 R08: 0000000000000000 R09: 0000000000040000
  R10: ffff880210471e61 R11: 0000000000000206 R12: ffffffffffffffa8
  R13: ffff880210471e61 R14: ffff8800c4bc6c00 R15: ffff8800c4acc8f0
  FS:  00007f3dbedd6740(0000) GS:ffff88021e240000(0000) knlGS:0000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: fffffffffffffff8 CR3: 00000000ce1da000 CR4: 00000000001407e0
  Stack:
  ffff8800c4acc840 0000000000000008 ffff880210471e61 ffff8800c4bc6c00
  ffff8800c4afdc00 ffff8800c4827ee8 ffffffff811c00aa 0000000000000000
  ffff8800c2068000 0000000000000000 ffffffff81ebb680 ffff8800c2068620
  Call Trace:
  [<ffffffff811c00aa>] __fput+0x24a/0x260
  [<ffffffff811c010e>] ____fput+0xe/0x10
  [<ffffffff81088557>] task_work_run+0xa7/0xe0
  [<ffffffff81013ed7>] do_notify_resume+0x97/0xb0
  [<ffffffff81734f5a>] int_signal+0x12/0x17
  Code: 00 41 56 41 55 41 54 53 e8 68 37 52 00 49 8b 07 48 8b 08 49 39 c7 4
  RIP  [<ffffffff81207176>] eventpoll_release_file+0x46/0xa0
  RSP <ffff8800c4827e78>
  CR2: fffffffffffffff8
  ---[ end trace f2ee3b43ddaf4bd4 ]---

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1503655/+subscriptions


References