kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #140674
[Bug 1503655] Re: Kernel bug in eventpoll_release_file+0x46/0xa0 with 3.13.0-66.107
This bug was fixed in the package linux-lts-utopic -
3.16.0-51.69~14.04.1
---------------
linux-lts-utopic (3.16.0-51.69~14.04.1) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1503717
[ Andy Whitcroft ]
* Revert "SAUCE: aufs3: mmap: Fix races in madvise_remove() and
sys_msync()"
- LP: #1503655
[ Ben Hutchings ]
* SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
- LP: #1503655
- CVE-2015-7312
linux-lts-utopic (3.16.0-51.68~14.04.1) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1503239
[ Ben Hutchings ]
* SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
- CVE-2015-7312
[ John Johansen ]
* SAUCE: (no-up) apparmor: fix mount not handling disconnected paths
- LP: #1496430
[ Leann Ogasawara ]
* [Config] d-i -- Add sfc to nic-modules udeb
- LP: #1481490
[ Upstream Kernel Changes ]
* mmc: sdhci-pci: set the clear transfer mode register quirk for O2Micro
- LP: #1472843
* mmc: sdhci: Add a quirk for AMD SDHC transfer mode register need to be
cleared for cmd without data
- LP: #1472843
* md: use kzalloc() when bitmap is disabled
- LP: #1500484
* sparc64: Fix userspace FPU register corruptions.
- LP: #1500484
* ARM: OMAP2+: hwmod: Fix _wait_target_ready() for hwmods without sysc
- LP: #1500484
* ASoC: pcm1681: Fix setting de-emphasis sampling rate selection
- LP: #1500484
* iscsi-target: Fix use-after-free during TPG session shutdown
- LP: #1500484
* iscsi-target: Fix iscsit_start_kthreads failure OOPs
- LP: #1500484
* iscsi-target: Fix iser explicit logout TX kthread leak
- LP: #1500484
* ARM: dts: i.MX35: Fix can support.
- LP: #1500484
* ALSA: hda - Apply fixup for another Toshiba Satellite S50D
- LP: #1500484
* vhost: actually track log eventfd file
- LP: #1500484
* arm64/efi: map the entire UEFI vendor string before reading it
- LP: #1500484
* xfs: remote attribute headers contain an invalid LSN
- LP: #1500484
* xfs: remote attributes need to be considered data
- LP: #1500484
* ALSA: hda - Apply a fixup to Dell Vostro 5480
- LP: #1500484
* ALSA: usb-audio: add dB range mapping for some devices
- LP: #1500484
* drm/i915: Replace WARN inside I915_READ64_2x32 with retry loop
- LP: #1500484
* drm/radeon/combios: add some validation of lvds values
- LP: #1500484
* x86/efi: Use all 64 bit of efi_memmap in setup_e820()
- LP: #1500484
* ipr: Fix locking for unit attention handling
- LP: #1500484
* ipr: Fix incorrect trace indexing
- LP: #1500484
* ipr: Fix invalid array indexing for HRRQ
- LP: #1500484
* ALSA: hda - Fix MacBook Pro 5,2 quirk
- LP: #1500484
* x86/xen: Probe target addresses in set_aliased_prot() before the
hypercall
- LP: #1500484
* netfilter: ctnetlink: put back references to master ct and expect
objects
- LP: #1500484
* ipvs: do not use random local source address for tunnels
- LP: #1500484
* ipvs: fix crash if scheduler is changed
- LP: #1500484
* ipvs: fix crash with sync protocol v0 and FTP
- LP: #1500484
* netfilter: nf_conntrack: Support expectations in different zones
- LP: #1500484
* NFS: Don't revalidate the mapping if both size and change attr are up
to date
- LP: #1500484
* ALSA: hda - fix cs4210_spdif_automute()
- LP: #1500484
* net/mlx4_core: Fix wrong index in propagating port change event to VFs
- LP: #1500484
* niu: don't count tx error twice in case of headroom realloc fails
- LP: #1500484
* avr32: handle NULL as a valid clock object
- LP: #1500484
* packet: missing dev_put() in packet_do_bind()
- LP: #1500484
* packet: tpacket_snd(): fix signed/unsigned comparison
- LP: #1500484
* bridge: mdb: fix delmdb state in the notification
- LP: #1500484
* net: sched: fix refcount imbalance in actions
- LP: #1500484
* act_pedit: check binding before calling tcf_hash_release()
- LP: #1500484
* PCI: Restore PCI_MSIX_FLAGS_BIRMASK definition
- LP: #1500484
* USB: qcserial/option: make AT URCs work for Sierra Wireless
MC7305/MC7355
- LP: #1500484
* USB: qcserial: Add support for Dell Wireless 5809e 4G Modem
- LP: #1500484
* nfsd: Drop BUG_ON and ignore SECLABEL on absent filesystem
- LP: #1500484
* crypto: ixp4xx - Remove bogus BUG_ON on scattered dst buffer
- LP: #1500484
* USB: sierra: add 1199:68AB device ID
- LP: #1500484
* rbd: fix copyup completion race
- LP: #1500484
* md/bitmap: return an error when bitmap superblock is corrupt.
- LP: #1500484
* md/raid1: extend spinlock to protect raid1_end_read_request against
inconsistencies
- LP: #1500484
* thermal: exynos: Disable the regulator on probe failure
- LP: #1500484
* MIPS: Fix sched_getaffinity with MT FPAFF enabled
- LP: #1500484
* MIPS: Malta: Don't reinitialise RTC
- LP: #1500484
* MIPS: do_mcheck: Fix kernel code dump with EVA
- LP: #1500484
* MIPS: show_stack: Fix stack trace with EVA
- LP: #1500484
* MIPS: Flush RPS on kernel entry with EVA
- LP: #1500484
* xhci: fix off by one error in TRB DMA address boundary check
- LP: #1500484
* drivers/usb: Delete XHCI command timer if necessary
- LP: #1500484
* ALSA: fireworks/firewire-lib: add support for recent firmware quirk
- LP: #1500484
* mm, vmscan: Do not wait for page writeback for GFP_NOFS allocations
- LP: #1500484
* MIPS: Make set_pte() SMP safe.
- LP: #1500484
* ipc: modify message queue accounting to not take kernel data structures
into account
- LP: #1500484
* ocfs2: fix BUG in ocfs2_downconvert_thread_do_work()
- LP: #1500484
* fsnotify: fix oops in fsnotify_clear_marks_by_group_flags()
- LP: #1500484
* drm/radeon: fix hotplug race at startup
- LP: #1500484
* rtnetlink: verify IFLA_VF_INFO attributes before passing them to driver
- LP: #1500484
* net/tipc: initialize security state for new connection socket
- LP: #1500484
* net: pktgen: fix race between pktgen_thread_worker() and kthread_stop()
- LP: #1500484
* net: call rcu_read_lock early in process_backlog
- LP: #1500484
* net: Clone skb before setting peeked flag
- LP: #1500484
* net: Fix skb csum races when peeking
- LP: #1500484
* net: Fix skb_set_peeked use-after-free bug
- LP: #1500484
* ipv6: lock socket in ip6_datagram_connect()
- LP: #1500484
* bonding: correct the MAC address for "follow" fail_over_mac policy
- LP: #1500484
* netlink: don't hold mutex in rcu callback when releasing mmapd ring
- LP: #1500484
* rds: fix an integer overflow test in rds_info_getsockopt()
- LP: #1500484
* udp: fix dst races with multicast early demux
- LP: #1500484
* bna: fix interrupts storm caused by erroneous packets
- LP: #1500484
* net: gso: use feature flag argument in all protocol gso handlers
- LP: #1500484
* Fix firmware loader uevent buffer NULL pointer dereference
- LP: #1500484
* qla2xxx: Mark port lost when we receive an RSCN for it.
- LP: #1500484
* megaraid_sas: use raw_smp_processor_id()
- LP: #1500484
* fs/buffer.c: support buffer cache allocations with gfp modifiers
- LP: #1500484
* bufferhead: Add _gfp version for sb_getblk()
- LP: #1500484
* ext4: avoid deadlocks in the writeback path by using sb_getblk_gfp
- LP: #1500484
* HID: usbhid: add Chicony/Pixart usb optical mouse that needs
QUIRK_ALWAYS_POLL
- LP: #1500484
* ima: add support for new "euid" policy condition
- LP: #1500484
* ima: extend "mask" policy matching support
- LP: #1500484
* mfd: arizona: Fix initialisation of the PM runtime
- LP: #1500484
* xen-blkfront: don't add indirect pages to list when !feature_persistent
- LP: #1500484
* xen-blkback: replace work_pending with work_busy in
purge_persistent_gnt()
- LP: #1500484
* regmap: regcache-rbtree: Clean new present bits on present bitmap
resize
- LP: #1500484
* target/iscsi: Fix double free of a TUR followed by a solicited NOPOUT
- LP: #1500484
* target: REPORT LUNS should return LUN 0 even for dynamic ACLs
- LP: #1500484
* perf: Fix fasync handling on inherited events
- LP: #1500484
* KVM: x86: Use adjustment in guest cycles when handling
MSR_IA32_TSC_ADJUST
- LP: #1500484
* x86/ldt: Make modify_ldt synchronous
- LP: #1500484
* x86/ldt: Correct LDT access in single stepping logic
- LP: #1500484
* rcu: Provide counterpart to rcu_dereference() for non-RCU situations
- LP: #1500484
* rcu: Move lockless_dereference() out of rcupdate.h
- LP: #1500484
* x86/ldt: Correct FPU emulation access to LDT
- LP: #1500484
* localmodconfig: Use Kbuild files too
- LP: #1500484
* dm thin metadata: delete btrees when releasing metadata snapshot
- LP: #1500484
* dm btree: add ref counting ops for the leaves of top level btrees
- LP: #1500484
* drm/radeon: add new OLAND pci id
- LP: #1500484
* libiscsi: Fix host busy blocking during connection teardown
- LP: #1500484
* libfc: Fix fc_exch_recv_req() error path
- LP: #1500484
* libfc: Fix fc_fcp_cleanup_each_cmd()
- LP: #1500484
* EDAC, ppc4xx: Access mci->csrows array elements properly
- LP: #1500484
* crypto: caam - fix memory corruption in ahash_final_ctx
- LP: #1500484
* drm/vmwgfx: Fix execbuf locking issues
- LP: #1500484
* mm/hwpoison: fix page refcount of unknown non LRU page
- LP: #1500484
* ipc,sem: fix use after free on IPC_RMID after a task using same
semaphore set exits
- LP: #1500484
* ipc/sem.c: change memory barrier in sem_lock() to smp_rmb()
- LP: #1500484
* ipc/sem.c: update/correct memory barriers
- LP: #1500484
* MIPS: Fix seccomp syscall argument for MIPS64
- LP: #1500484
* x86/ldt: Further fix FPU emulation
- LP: #1500484
* SCSI: Fix NULL pointer dereference in runtime PM
- LP: #1500484
* ALSA: usb-audio: Fix runtime PM unbalance
- LP: #1500484
* Add factory recertified Crucial M500s to blacklist
- LP: #1500484
* arm64: KVM: Fix host crash when injecting a fault into a 32bit guest
- LP: #1500484
* batman-adv: fix kernel crash due to missing NULL checks
- LP: #1500484
* batman-adv: protect tt_local_entry from concurrent delete events
- LP: #1500484
* perf: Fix PERF_EVENT_IOC_PERIOD migration race
- LP: #1500484
* net: Fix RCU splat in af_key
- LP: #1500484
* ip6_gre: release cached dst on tunnel removal
- LP: #1500484
* s390/sclp: fix compile error
- LP: #1500484
* xen/gntdev: convert priv->lock to a mutex
- LP: #1500484
* xen/gntdevt: Fix race condition in gntdev_release()
- LP: #1500484
* signalfd: fix information leak in signalfd_copyinfo
- LP: #1500484
* signal: fix information leak in copy_siginfo_to_user
- LP: #1500484
* signal: fix information leak in copy_siginfo_from_user32
- LP: #1500484
* Linux 3.16.7-ckt17
- LP: #1500484
* RDS: verify the underlying transport exists before creating a
connection
- LP: #1496232
- CVE-2015-6937
* virtio-net: drop NETIF_F_FRAGLIST
- LP: #1484793
- CVE-2015-5156
-- Luis Henriques <luis.henriques@xxxxxxxxxxxxx> Wed, 07 Oct 2015
14:43:44 +0100
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1503655
Title:
Kernel bug in eventpoll_release_file+0x46/0xa0 with 3.13.0-66.107
Status in linux package in Ubuntu:
Triaged
Status in linux-lts-utopic package in Ubuntu:
Invalid
Status in linux source package in Trusty:
Fix Released
Status in linux-lts-utopic source package in Trusty:
Fix Released
Status in linux source package in Vivid:
Fix Committed
Status in linux-lts-utopic source package in Vivid:
Invalid
Status in linux source package in Wily:
Triaged
Status in linux-lts-utopic source package in Wily:
Invalid
Bug description:
With the latest kernel in trusty-proposed I seem to get panics on my
X230 laptop:
BUG: unable to handle kernel paging request at fffffffffffffff8
IP: [<ffffffff81207176>] eventpoll_release_file+0x46/0xa0
PGD 1c11067 PUD 1c13067 PMD 0
Oops: 0000 [#1] SMP
Modules linked in: snd_hrtimer ip6table_filter ip6_tables ebtable_nat ebt
CPU: 1 PID: 1939 Comm: pulseaudio Not tainted 3.13.0-66-generic #107-Ubun
Hardware name: LENOVO 2324CTO/2324CTO, BIOS G2ET94WW (2.54 ) 04/30/2013
task: ffff8800c2068000 ti: ffff8800c4826000 task.ti: ffff8800c4826000
RIP: 0010:[<ffffffff81207176>] [<ffffffff81207176>] eventpoll_release_fi
RSP: 0018:ffff8800c4827e78 EFLAGS: 00010286
RAX: 0000000000000000 RBX: ffffffffffffffb7 RCX: 000000000000000f
RDX: 0000000001000000 RSI: 0000000000000000 RDI: ffffffff81c72e80
RBP: ffff8800c4827ea0 R08: 0000000000000000 R09: 0000000000040000
R10: ffff880210471e61 R11: 0000000000000206 R12: ffffffffffffffa8
R13: ffff880210471e61 R14: ffff8800c4bc6c00 R15: ffff8800c4acc8f0
FS: 00007f3dbedd6740(0000) GS:ffff88021e240000(0000) knlGS:0000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffffffffffffff8 CR3: 00000000ce1da000 CR4: 00000000001407e0
Stack:
ffff8800c4acc840 0000000000000008 ffff880210471e61 ffff8800c4bc6c00
ffff8800c4afdc00 ffff8800c4827ee8 ffffffff811c00aa 0000000000000000
ffff8800c2068000 0000000000000000 ffffffff81ebb680 ffff8800c2068620
Call Trace:
[<ffffffff811c00aa>] __fput+0x24a/0x260
[<ffffffff811c010e>] ____fput+0xe/0x10
[<ffffffff81088557>] task_work_run+0xa7/0xe0
[<ffffffff81013ed7>] do_notify_resume+0x97/0xb0
[<ffffffff81734f5a>] int_signal+0x12/0x17
Code: 00 41 56 41 55 41 54 53 e8 68 37 52 00 49 8b 07 48 8b 08 49 39 c7 4
RIP [<ffffffff81207176>] eventpoll_release_file+0x46/0xa0
RSP <ffff8800c4827e78>
CR2: fffffffffffffff8
---[ end trace f2ee3b43ddaf4bd4 ]---
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1503655/+subscriptions
References