kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #167220
[Bug 1541313] Re: kernel panic when umouting rootfs
This bug was fixed in the package linux - 3.13.0-83.127
---------------
linux (3.13.0-83.127) trusty; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1555839
[ Florian Westphal ]
* SAUCE: [nf,v2] netfilter: x_tables: don't rely on well-behaving
userspace
- LP: #1555338
linux (3.13.0-82.126) trusty; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1554732
[ Upstream Kernel Changes ]
* Revert "drm/radeon: call hpd_irq_event on resume"
- LP: #1554608
* net: generic dev_disable_lro() stacked device handling
- LP: #1547680
linux (3.13.0-81.125) trusty; urgency=low
[ Luis Henriques ]
* Release Tracking Bug
- LP: #1552316
[ Upstream Kernel Changes ]
* Revert "firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6"
- LP: #1551419
* bcache: Fix a lockdep splat in an error path
- LP: #1551327
linux (3.13.0-80.124) trusty; urgency=low
[ Brad Figg ]
* Release Tracking Bug
- LP: #1548519
[ Andy Whitcroft ]
* [Debian] hv: hv_set_ifconfig -- convert to python3
- LP: #1506521
* [Debian] hv: hv_set_ifconfig -- switch to approved indentation
- LP: #1540586
* [Debian] hv: hv_set_ifconfig -- fix numerous parameter handling issues
- LP: #1540586
[ Dan Streetman ]
* SAUCE: nbd: ratelimit error msgs after socket close
- LP: #1505564
[ Upstream Kernel Changes ]
* Revert "workqueue: make sure delayed work run in local cpu"
- LP: #1546320
* [media] gspca: ov534/topro: prevent a division by 0
- LP: #1542497
* [media] media: dvb-core: Don't force CAN_INVERSION_AUTO in oneshot mode
- LP: #1542497
* tools lib traceevent: Fix output of %llu for 64 bit values read on 32
bit machines
- LP: #1542497
* KVM: x86: correctly print #AC in traces
- LP: #1542497
* drm/radeon: call hpd_irq_event on resume
- LP: #1542497
* xhci: refuse loading if nousb is used
- LP: #1542497
* arm64: Clear out any singlestep state on a ptrace detach operation
- LP: #1542497
* time: Avoid signed overflow in timekeeping_get_ns()
- LP: #1542497
* rtlwifi: fix memory leak for USB device
- LP: #1542497
* wlcore/wl12xx: spi: fix oops on firmware load
- LP: #1542497
* EDAC, mc_sysfs: Fix freeing bus' name
- LP: #1542497
* EDAC: Don't try to cancel workqueue when it's never setup
- LP: #1542497
* EDAC: Robustify workqueues destruction
- LP: #1542497
* powerpc: Make value-returning atomics fully ordered
- LP: #1542497
* powerpc: Make {cmp}xchg* and their atomic_ versions fully ordered
- LP: #1542497
* dm space map metadata: remove unused variable in brb_pop()
- LP: #1542497
* dm thin: fix race condition when destroying thin pool workqueue
- LP: #1542497
* futex: Drop refcount if requeue_pi() acquired the rtmutex
- LP: #1542497
* drm/radeon: clean up fujitsu quirks
- LP: #1542497
* mmc: sdio: Fix invalid vdd in voltage switch power cycle
- LP: #1542497
* mmc: sdhci: Fix sdhci_runtime_pm_bus_on/off()
- LP: #1542497
* udf: limit the maximum number of indirect extents in a row
- LP: #1542497
* nfs: Fix race in __update_open_stateid()
- LP: #1542497
* USB: cp210x: add ID for ELV Marble Sound Board 1
- LP: #1542497
* NFSv4: Don't perform cached access checks before we've OPENed the file
- LP: #1542497
* NFS: Fix attribute cache revalidation
- LP: #1542497
* posix-clock: Fix return code on the poll method's error path
- LP: #1542497
* rtlwifi: rtl8192de: Fix incorrect module parameter descriptions
- LP: #1542497
* rtlwifi: rtl8192se: Fix module parameter initialization
- LP: #1542497
* rtlwifi: rtl8192ce: Fix handling of module parameters
- LP: #1542497
* rtlwifi: rtl8192cu: Add missing parameter setup
- LP: #1542497
* bcache: fix a livelock when we cause a huge number of cache misses
- LP: #1542497
* bcache: Add a cond_resched() call to gc
- LP: #1542497
* bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing
device
- LP: #1542497
* bcache: fix a leak in bch_cached_dev_run()
- LP: #1542497
* bcache: unregister reboot notifier if bcache fails to unregister device
- LP: #1542497
* bcache: add mutex lock for bch_is_open
- LP: #1542497
* bcache: allows use of register in udev to avoid "device_busy" error.
- LP: #1542497
* bcache: Change refill_dirty() to always scan entire disk if necessary
- LP: #1542497
* wlcore/wl12xx: spi: fix NULL pointer dereference (Oops)
- LP: #1542497
* Input: i8042 - add Fujitsu Lifebook U745 to the nomux list
- LP: #1542497
* libxfs: pack the agfl header structure so XFS_AGFL_SIZE is correct
- LP: #1542497
* x86/xen: don't reset vcpu_info on a cancelled suspend
- LP: #1542497
* udf: Prevent buffer overrun with multi-byte characters
- LP: #1542497
* udf: Check output buffer length when converting name to CS0
- LP: #1542497
* PCI: host: Mark PCIe/PCI (MSI) IRQ cascade handlers as IRQF_NO_THREAD
- LP: #1542497
* iwlwifi: update and fix 7265 series PCI IDs
- LP: #1542497
* locks: fix unlock when fcntl_setlk races with a close
- LP: #1542497
* ASoC: compress: Fix compress device direction check
- LP: #1542497
* dm snapshot: fix hung bios when copy error occurs
- LP: #1542497
* uml: fix hostfs mknod()
- LP: #1542497
* uml: flush stdout before forking
- LP: #1542497
* drm/nouveau/kms: take mode_config mutex in connector hotplug path
- LP: #1542497
* x86/boot: Double BOOT_HEAP_SIZE to 64KB
- LP: #1542497
* s390: fix normalization bug in exception table sorting
- LP: #1542497
* xfs: inode recovery readahead can race with inode buffer creation
- LP: #1542497
* clocksource/drivers/vt8500: Increase the minimum delta
- LP: #1542497
* Input: elantech - mark protocols v2 and v3 as semi-mt
- LP: #1542497
* x86/reboot/quirks: Add iMac10,1 to pci_reboot_dmi_table[]
- LP: #1542497
* ALSA: seq: Fix missing NULL check at remove_events ioctl
- LP: #1542497
* ALSA: seq: Fix race at timer setup and close
- LP: #1542497
* virtio_balloon: fix race by fill and leak
- LP: #1542497
* virtio_balloon: fix race between migration and ballooning
- LP: #1542497
* parisc: Fix __ARCH_SI_PREAMBLE_SIZE
- LP: #1542497
* scripts/recordmcount.pl: support data in text section on powerpc
- LP: #1542497
* powerpc/module: Handle R_PPC64_ENTRY relocations
- LP: #1542497
* ALSA: timer: Fix double unlink of active_list
- LP: #1542497
* dmaengine: dw: fix cyclic transfer setup
- LP: #1542497
* dmaengine: dw: fix cyclic transfer callbacks
- LP: #1542497
* mmc: mmci: fix an ages old detection error
- LP: #1542497
* ALSA: timer: Fix race among timer ioctls
- LP: #1542497
* sparc64: fix incorrect sign extension in sys_sparc64_personality
- LP: #1542497
* cifs: Ratelimit kernel log messages
- LP: #1542497
* cifs: fix race between call_async() and reconnect()
- LP: #1542497
* cifs_dbg() outputs an uninitialized buffer in cifs_readdir()
- LP: #1542497
* m32r: fix m32104ut_defconfig build fail
- LP: #1542497
* dma-debug: switch check from _text to _stext
- LP: #1542497
* scripts/bloat-o-meter: fix python3 syntax error
- LP: #1542497
* ocfs2/dlm: ignore cleaning the migration mle that is inuse
- LP: #1542497
* ALSA: timer: Harden slave timer list handling
- LP: #1542497
* mm: soft-offline: check return value in second __get_any_page() call
- LP: #1542497
* memcg: only free spare array when readers are done
- LP: #1542497
* panic: release stale console lock to always get the logbuf printed out
- LP: #1542497
* kernel/panic.c: turn off locks debug before releasing console lock
- LP: #1542497
* printk: do cond_resched() between lines while outputting to consoles
- LP: #1542497
* ALSA: hda - Fix bass pin fixup for ASUS N550JX
- LP: #1542497
* crypto: af_alg - Disallow bind/setkey/... after accept(2)
- LP: #1542497
* crypto: af_alg - Fix socket double-free when accept fails
- LP: #1542497
* crypto: af_alg - Add nokey compatibility path
- LP: #1542497
* crypto: hash - Add crypto_ahash_has_setkey
- LP: #1542497
* crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey
path
- LP: #1542497
* crypto: af_alg - Forbid bind(2) when nokey child sockets are present
- LP: #1542497
* ALSA: hrtimer: Fix stall by hrtimer_cancel()
- LP: #1542497
* ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode
- LP: #1542497
* ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode
- LP: #1542497
* ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0
- LP: #1542497
* crypto: algif_skcipher - Load TX SG list after waiting
- LP: #1542497
* crypto: crc32c - Fix crc32c soft dependency
- LP: #1542497
* IB/qib: fix mcast detach when qp not attached
- LP: #1542497
* iscsi-target: Fix potential dead-lock during node acl delete
- LP: #1542497
* ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with
ocfs2_unblock_lock
- LP: #1542497
* [media] rc: allow rc modules to be loaded if rc-main is not a module
- LP: #1542497
* SCSI: initio: remove duplicate module device table
- LP: #1542497
* clk: xgene: Fix divider with non-zero shift value
- LP: #1542497
* ath9k_htc: check for underflow in ath9k_htc_rx_msg()
- LP: #1542497
* mtd: nand: fix ONFI parameter page layout
- LP: #1542497
* ALSA: fm801: propagate TUNER_ONLY bit when autodetected
- LP: #1542497
* pinctrl: bcm2835: Fix memory leak in error path
- LP: #1542497
* kconfig: return 'false' instead of 'no' in bool function
- LP: #1542497
* perf/x86: Fix filter_events() bug with event mappings
- LP: #1542497
* power: test_power: correctly handle empty writes
- LP: #1542497
* firmware: actually return NULL on failed request_firmware_nowait()
- LP: #1542497
* mmc: sd: limit SD card power limit according to cards capabilities
- LP: #1542497
* Btrfs: clean up an error code in btrfs_init_space_info()
- LP: #1542497
* batman-adv: Avoid recursive call_rcu for batadv_bla_claim
- LP: #1542497
* batman-adv: Avoid recursive call_rcu for batadv_nc_node
- LP: #1542497
* batman-adv: Drop immediate orig_node free function
- LP: #1542497
* printk: help pr_debug and pr_devel to optimize out arguments
- LP: #1542497
* mmc: debugfs: correct wrong voltage value
- LP: #1542497
* IB/mlx4: Initialize hop_limit when creating address handle
- LP: #1542497
* veth: don’t modify ip_summed; doing so treats packets with bad
checksums as good.
- LP: #1542497
* sctp: sctp should release assoc when sctp_make_abort_user return NULL
in sctp_close
- LP: #1542497
* connector: bump skb->users before callback invocation
- LP: #1542497
* unix: properly account for FDs passed over unix sockets
- LP: #1542497
* bridge: Only call /sbin/bridge-stp for the initial network namespace
- LP: #1542497
* net: sctp: prevent writes to cookie_hmac_alg from accessing invalid
memory
- LP: #1542497
* tcp_yeah: don't set ssthresh below 2
- LP: #1542497
* bonding: Prevent IPv6 link local address on enslaved devices
- LP: #1542497
* phonet: properly unshare skbs in phonet_rcv()
- LP: #1542497
* ipv6: update skb->csum when CE mark is propagated
- LP: #1542497
* team: Replace rcu_read_lock with a mutex in team_vlan_rx_kill_vid
- LP: #1542497
* Linux 3.13.11-ckt34
- LP: #1542497
* qeth: initialize net_device with carrier off
- LP: #1541907
* umount: Do not allow unmounting rootfs.
- LP: #1541313
* [media] usbvision fix overflow of interfaces array
- LP: #1546273
* [media] usbvision: fix leak of usb_dev on failure paths in
usbvision_probe()
- LP: #1546273
* [media] usbvision: fix crash on detecting device with invalid
configuration
- LP: #1546273
* tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
- LP: #1546273
* USB: serial: visor: fix crash on detecting device without write_urbs
- LP: #1546273
* ASN.1: Fix non-match detection failure on data overrun
- LP: #1546273
* iio: adis_buffer: Fix out-of-bounds memory access
- LP: #1546273
* x86/irq: Call chip->irq_set_affinity in proper context
- LP: #1546273
* usb: cdc-acm: handle unlinked urb in acm read callback
- LP: #1546273
* usb: cdc-acm: send zero packet for intel 7260 modem
- LP: #1546273
* cdc-acm:exclude Samsung phone 04e8:685d
- LP: #1546273
* usb: hub: do not clear BOS field during reset device
- LP: #1546273
* USB: cp210x: add ID for IAI USB to RS485 adaptor
- LP: #1546273
* USB: visor: fix null-deref at probe
- LP: #1546273
* USB: serial: option: Adding support for Telit LE922
- LP: #1546273
* ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup()
- LP: #1546273
* ALSA: seq: Degrade the error message for too many opens
- LP: #1546273
* USB: serial: ftdi_sio: add support for Yaesu SCU-18 cable
- LP: #1546273
* USB: option: fix Cinterion AHxx enumeration
- LP: #1546273
* ALSA: compress: Disable GET_CODEC_CAPS ioctl for some architectures
- LP: #1546273
* ALSA: usb-audio: Fix TEAC UD-501/UD-503/NT-503 usb delay
- LP: #1546273
* arm64: errata: Add -mpc-relative-literal-loads to build flags
- LP: #1533009, #1546273
* SCSI: fix crashes in sd and sr runtime PM
- LP: #1546273
* n_tty: Fix unsafe reference to "other" ldisc
- LP: #1546273
* ALSA: dummy: Disable switching timer backend via sysfs
- LP: #1546273
* drm/vmwgfx: respect 'nomodeset'
- LP: #1546273
* x86/mm/pat: Avoid truncation when converting cpa->numpages to address
- LP: #1546273
* perf annotate browser: Fix behaviour of Shift-Tab with nothing focussed
- LP: #1546273
* powerpc/perf: Remove PPMU_HAS_SSLOT flag for Power8
- LP: #1546273
* Linux 3.13.11-ckt35
- LP: #1546273
* netfilter: bridge: don't use nf_bridge_info data to store mac header
- LP: #1463911
* netfilter: bridge: restore vlan tag when refragmenting
- LP: #1463911
* netfilter: bridge: forward IPv6 fragmented packets
- LP: #1463911
* netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in
br_validate_ipv6
- LP: #1463911
* ALSA: usb-audio: avoid freeing umidi object twice
- LP: #1546177
- CVE-2016-2384
* vmstat: explicitly schedule per-cpu work on the CPU we need it to run
on
- LP: #1546320
-- Brad Figg <brad.figg@xxxxxxxxxxxxx> Thu, 10 Mar 2016 14:41:56 -0800
** Changed in: linux (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2384
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1541313
Title:
kernel panic when umouting rootfs
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Trusty:
Fix Released
Bug description:
This upstream commit is missing:
da362b09e42e umount: Do not allow unmounting rootfs.
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=da362b09e42e
The commit log of this patch explains how to reproduce the kernel
panic (see below).
Note that this patch depends on
5ff9d8a65ce8 vfs: Lock in place mounts from more privileged users
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ff9d8a65ce8
root@ubuntu1404:~# uname -a
Linux ubuntu1404 3.13.0-71-generic #114-Ubuntu SMP Tue Dec 1 02:34:22 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu1404:~# ./a.out
[ 199.274374] ------------[ cut here ]------------
[ 199.274865] kernel BUG at /build/linux-hEVYOL/linux-3.13.0/fs/pnode.c:372!
[ 199.275473] invalid opcode: 0000 [#1] SMP
[ 199.275850] Modules linked in: nfsv3 rpcsec_gss_krb5 nfsv4 crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ppdev aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd serio_raw nfsd auth_rpcgss parport_pc nfs_acl nfs i2c_piix4 mac_hid lockd sunrpc fscache lp parport psmouse pata_acpi floppy
[ 199.276005] CPU: 0 PID: 893 Comm: a.out Not tainted 3.13.0-71-generic #114-Ubuntu
[ 199.276005] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.1-0-g4adadbd-20150316_085822-nilsson.home.kraxel.org 04/01/2014
[ 199.276005] task: ffff88003ba6b000 ti: ffff88003ad8e000 task.ti: ffff88003ad8e000
[ 199.276005] RIP: 0010:[<ffffffff811eb4d3>] [<ffffffff811eb4d3>] propagate_umount+0x143/0x150
[ 199.276005] RSP: 0018:ffff88003ad8fe90 EFLAGS: 00010246
[ 199.276005] RAX: ffff88003d9b41a0 RBX: 0000000000000002 RCX: ffff88003d9b41a0
[ 199.276005] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88003ad8fec0
[ 199.276005] RBP: ffff88003ad8fea8 R08: ffff88003d9b4190 R09: ffff88003ad8fec0
[ 199.276005] R10: ffffffff811ce392 R11: ffffea0000e72e00 R12: ffff88003d9b4140
[ 199.276005] R13: ffff88003d9b4140 R14: ffff88003d9b4140 R15: 0000000000000000
[ 199.276005] FS: 00007f72c3f0c740(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000
[ 199.276005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 199.276005] CR2: 00007f72c3a2d110 CR3: 000000003d3fd000 CR4: 00000000001407f0
[ 199.276005] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 199.276005] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 199.276005] Stack:
[ 199.276005] 0000000000000002 ffff88003d9b4160 ffff88003e035000 ffff88003ad8fed8
[ 199.276005] ffffffff811ddfcc 00000002ffffff9c ffff88003d9b4140 0000000000000002
[ 199.276005] ffff88003d9b4160 ffff88003ad8ff38 ffffffff811de9cf ffffffff811ce392
[ 199.276005] Call Trace:
[ 199.276005] [<ffffffff811ddfcc>] umount_tree+0x25c/0x270
[ 199.276005] [<ffffffff811de9cf>] do_umount+0x12f/0x320
[ 199.276005] [<ffffffff811ce392>] ? final_putname+0x22/0x50
[ 199.276005] [<ffffffff811ce599>] ? putname+0x29/0x40
[ 199.276005] [<ffffffff811df75b>] SyS_umount+0x10b/0x120
[ 199.276005] [<ffffffff8173545d>] system_call_fastpath+0x1a/0x1f
[ 199.276005] Code: 50 08 48 89 02 49 89 45 08 e9 57 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 4c 89 e6 4c 89 e7 e8 d5 f6 ff ff 48 89 c3 e9 19 ff ff ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00 55 b8 01
[ 199.276005] RIP [<ffffffff811eb4d3>] propagate_umount+0x143/0x150
[ 199.276005] RSP <ffff88003ad8fe90>
[ 199.297648] ---[ end trace 6262a5eb9740f9d0 ]---
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1541313/+subscriptions
References
