kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #179196
[Bug 1582864] Missing required logs.
This bug is missing log files that will aid in diagnosing the problem.
>From a terminal window please run:
apport-collect 1582864
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.
** Changed in: linux (Ubuntu)
Status: New => Incomplete
** Tags added: trusty
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1582864
Title:
use after free of BOS in usb_reset_and_verify_device
Status in linux package in Ubuntu:
Incomplete
Bug description:
Should be fixed with upstream commit
e5bdfd50d6f76077bf8441d130c606229e100d40, which reverts upstream
commit d8f00cd685f5c8e0def8593e520a7fef12c22407.
With slub_debug enabled this manifests as a deref of 0x6b6b... in
usb_disable_ltm
[ 218.235302] general protection fault: 0000 [#1] SMP
[ 218.235311] Modules linked in: usb_storage tcp_diag inet_diag iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_filter ip_tables x_tables autofs4 rpcsec_gss_krb5 rfcomm bnep bluetooth snd_hda_codec_hdmi binfmt_misc nvidia(POX) snd_hda_codec_realtek snd_hda_intel snd_usb_audio snd_hda_codec snd_usbmidi_lib uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_core snd_hwdep snd_seq_midi joydev snd_pcm videodev snd_page_alloc snd_seq_midi_event nfsd snd_rawmidi snd_seq auth_rpcgss parport_pc nfs_acl ppdev nfs lockd sunrpc fscache honeevent(OX) snd_seq_device snd_timer snd drm lp parport sb_edac mei_me hp_wmi sparse_keymap gpio_ich hpuefi(OX) intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm soundcore edac_core mei serio_raw tpm_infineon lpc_ich mac_hid wmi shpchp dm_crypt hid_generic usbhid hid crct10dif_pclmul crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd psmouse isci e1000e ahci libsas libahci ptp pps_core scsi_transport_sas pata_acpi
[ 218.235410] CPU: 15 PID: 243 Comm: khubd Tainted: P OX 3.13.0-85-generic #129-Ubuntu
[ 218.235414] Hardware name: Hewlett-Packard HP Z620 Workstation/158A, BIOS J61 v03.87 02/09/2015
[ 218.235418] task: ffff8807eff98000 ti: ffff8807effa0000 task.ti: ffff8807effa0000
[ 218.235421] RIP: 0010:[<ffffffff815444b6>] [<ffffffff815444b6>] usb_disable_ltm+0x56/0xb0
[ 218.235437] RSP: 0018:ffff8807effa1cd0 EFLAGS: 00010202
[ 218.235440] RAX: 0000000000000000 RBX: ffff8807ea532e68 RCX: 0000000000000000
[ 218.235443] RDX: 6b6b6b6b6b6b6b6b RSI: 0000000000300021 RDI: ffff8807ea532e68
[ 218.235446] RBP: ffff8807effa1d08 R08: 0000000000000000 R09: 0000000000000000
[ 218.235449] R10: ffff8807ff804240 R11: ffffffff8136d2a1 R12: 0000000000000000
[ 218.235451] R13: ffff8807ebddd480 R14: 0000000000000001 R15: 0000000000000012
[ 218.235455] FS: 0000000000000000(0000) GS:ffff88101fce0000(0000) knlGS:0000000000000000
[ 218.235458] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 218.235461] CR2: 00000000013b1c08 CR3: 0000000001c0e000 CR4: 00000000000407e0
[ 218.235463] Stack:
[ 218.235465] ffffffff81551236 ffff8807ea532ef0 0000000000000000 ffff8807ea532e68
[ 218.235476] ffff8807ea532ef0 ffff8807ebddbf60 0000000000000000 ffff8807effa1d48
[ 218.235483] ffffffff81545c4d ffff8807ea532f50 ffff8807ebddb4d0 00000000000002a0
[ 218.235490] Call Trace:
[ 218.235499] [<ffffffff81551236>] ? usb_disable_device+0x126/0x290
[ 218.235506] [<ffffffff81545c4d>] usb_disconnect+0xad/0x200
[ 218.235511] [<ffffffff815487d3>] hub_port_connect_change+0xd3/0xb20
[ 218.235518] [<ffffffff8154333d>] ? hub_port_status+0xdd/0x120
[ 218.235523] [<ffffffff815496f4>] hub_events+0x4d4/0xa20
[ 218.235528] [<ffffffff81549c75>] hub_thread+0x35/0x160
[ 218.235535] [<ffffffff810add60>] ? prepare_to_wait_event+0x100/0x100
[ 218.235540] [<ffffffff81549c40>] ? hub_events+0xa20/0xa20
[ 218.235549] [<ffffffff8108deb2>] kthread+0xd2/0xf0
[ 218.235554] [<ffffffff8108dde0>] ? kthread_create_on_node+0x1c0/0x1c0
[ 218.235564] [<ffffffff8173c2e8>] ret_from_fork+0x58/0x90
[ 218.235570] [<ffffffff8108dde0>] ? kthread_create_on_node+0x1c0/0x1c0
[ 218.235572] Code: e9 48 8b 52 10 48 85 d2 74 e0 f6 42 03 02 74 da 83 7f 1c 05 75 d4 48 8b 97 40 03 00 00 48 85 d2 74 c8 48 8b 52 10 48 85 d2 74 bf <f6> 42 03 02 74 b9 48 83 bf 50 03 00 00 00 74 af 55 45 31 c9 41
[ 218.235618] RIP [<ffffffff815444b6>] usb_disable_ltm+0x56/0xb0
[ 218.235624] RSP <ffff8807effa1cd0>
[ 218.235655] ---[ end trace 954cac763165b767 ]---
Without slub_debug you end up getting a double free and messing up the
allocator and apparmor tends to be the first one to notice:
[ 574.027518] hub 4-0:1.0: Cannot enable port 3. Maybe the USB cable is bad?
[ 574.548076] usb 4-3: USB disconnect, device number 2
[ 576.040995] ------------[ cut here ]------------
[ 576.041003] WARNING: CPU: 17 PID: 11627 at /build/linux-03BQvT/linux-3.13.0/include/linux/kref.h:47 apparmor_file_alloc_security+0x167/0x180()
[ 576.041005] Modules linked in: tcp_diag inet_diag xt_u32 ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables xt_NFLOG xt_tcpudp xt_comment ipt_REJECT xt_multiport xt_connmark xt_conntrack xt_mark iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_filter ip_tables x_tables pci_stub vboxpci(OX) vboxnetadp(OX) vboxnetflt(OX) vboxdrv(OX) nfnetlink_log nfnetlink autofs4 rfcomm bnep bluetooth binfmt_misc honeevent(OX) rpcsec_gss_krb5 nfsd auth_rpcgss nfs_acl nfs lockd sunrpc fscache snd_hda_codec_hdmi snd_hda_codec_realtek nvidia(POX) snd_hda_intel parport_pc snd_hda_codec ppdev lp snd_hwdep snd_pcm snd_page_alloc snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device snd_timer snd mei_me parport gpio_ich hpuefi(OX) sb_edac edac_core lpc_ich drm mei joydev hp_wmi sparse_keymap tpm_infineon soundcore mac_hid intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm crct10dif_pclmul crc32_pclmul aesni_intel aes_x86_64 lrw serio_raw gf128mul glue_helper ablk_helper cryptd shpchp wmi hid_generic usbhid hid psmouse e1000e isci ahci libsas ptp libahci scsi_transport_sas pps_core pata_acpi
[ 576.041068] CPU: 17 PID: 11627 Comm: at-spi-bus-laun Tainted: P OX 3.13.0-83-generic #127-Ubuntu
[ 576.041070] Hardware name: Hewlett-Packard HP Z620 Workstation/158A, BIOS J61 v03.87 02/09/2015
[ 576.041071] 0000000000000009 ffff880efd08fcf0 ffffffff81725992 0000000000000000
[ 576.041076] ffff880efd08fd28 ffffffff8106790d ffff8807ff810430 ffff880035d22a00
[ 576.041079] ffff880f63216000 ffff880efd08ff2c 00000000ffffff9c ffff880efd08fd38
[ 576.041082] Call Trace:
[ 576.041088] [<ffffffff81725992>] dump_stack+0x45/0x56
[ 576.041091] [<ffffffff8106790d>] warn_slowpath_common+0x7d/0xa0
[ 576.041094] [<ffffffff810679ea>] warn_slowpath_null+0x1a/0x20
[ 576.041096] [<ffffffff81316b67>] apparmor_file_alloc_security+0x167/0x180
[ 576.041100] [<ffffffff812d9076>] security_file_alloc+0x16/0x20
[ 576.041105] [<ffffffff811c04e0>] get_empty_filp+0x90/0x180
[ 576.041108] [<ffffffff811ce00d>] path_openat+0x3d/0x640
[ 576.041111] [<ffffffff811cd7db>] ? filename_lookup+0x2b/0xc0
[ 576.041114] [<ffffffff811cf47a>] do_filp_open+0x3a/0x90
[ 576.041116] [<ffffffff811c83a7>] ? path_get+0x27/0x30
[ 576.041120] [<ffffffff810fed4d>] ? __audit_getname+0x9d/0xa0
[ 576.041123] [<ffffffff811dc2d7>] ? __alloc_fd+0xa7/0x130
[ 576.041126] [<ffffffff811bda09>] do_sys_open+0x129/0x280
[ 576.041128] [<ffffffff811bdb7e>] SyS_open+0x1e/0x20
[ 576.041131] [<ffffffff8173659d>] system_call_fastpath+0x1a/0x1f
[ 576.041133] ---[ end trace 5de8dc1cac0eb1c6 ]---
[ 576.041171] BUG: unable to handle kernel paging request at 000000000000472e
[ 576.041174] IP: [<ffffffff811a38b0>] kmem_cache_alloc_trace+0x80/0x1f0
[ 576.041177] PGD 0
[ 576.041179] Oops: 0000 [#1] SMP
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1582864/+subscriptions
References
