This bug was fixed in the package linux - 4.19.0-12.13
---------------
linux (4.19.0-12.13) disco; urgency=medium
* linux: 4.19.0-12.13 -proposed tracker (LP: #1813664)
* kernel oops in bcache module (LP: #1793901)
- SAUCE: bcache: never writeback a discard operation
* Disco update: 4.19.18 upstream stable release (LP: #1813611)
- ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped
address
- mlxsw: spectrum: Disable lag port TX before removing it
- mlxsw: spectrum_switchdev: Set PVID correctly during VLAN deletion
- net: dsa: mv88x6xxx: mv88e6390 errata
- net, skbuff: do not prefer skb allocation fails early
- qmi_wwan: add MTU default to qmap network interface
- ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
- net: clear skb->tstamp in bridge forwarding path
- netfilter: ipset: Allow matching on destination MAC address for mac and
ipmac sets
- gpio: pl061: Move irq_chip definition inside struct pl061
- drm/amd/display: Guard against null stream_state in set_crc_source
- drm/amdkfd: fix interrupt spin lock
- ixgbe: allow IPsec Tx offload in VEPA mode
- platform/x86: asus-wmi: Tell the EC the OS will handle the display off
hotkey
- e1000e: allow non-monotonic SYSTIM readings
- usb: typec: tcpm: Do not disconnect link for self powered devices
- selftests/bpf: enable (uncomment) all tests in test_libbpf.sh
- of: overlay: add missing of_node_put() after add new node to changeset
- writeback: don't decrement wb->refcnt if !wb->bdi
- serial: set suppress_bind_attrs flag only if builtin
- bpf: Allow narrow loads with offset > 0
- ALSA: oxfw: add support for APOGEE duet FireWire
- x86/mce: Fix -Wmissing-prototypes warnings
- MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
- crypto: ecc - regularize scalar for scalar multiplication
- arm64: perf: set suppress_bind_attrs flag to true
- drm/atomic-helper: Complete fake_commit->flip_done potentially earlier
- clk: meson: meson8b: fix incorrect divider mapping in cpu_scale_table
- samples: bpf: fix: error handling regarding kprobe_events
- usb: gadget: udc: renesas_usb3: add a safety connection way for
forced_b_device
- fpga: altera-cvp: fix probing for multiple FPGAs on the bus
- selinux: always allow mounting submounts
- ASoC: pcm3168a: Don't disable pcm3168a when CONFIG_PM defined
- scsi: qedi: Check for session online before getting iSCSI TLV data.
- drm/amdgpu: Reorder uvd ring init before uvd resume
- rxe: IB_WR_REG_MR does not capture MR's iova field
- efi/libstub: Disable some warnings for x86{,_64}
- jffs2: Fix use of uninitialized delayed_work, lockdep breakage
- clk: imx: make mux parent strings const
- pstore/ram: Do not treat empty buffers as valid
- media: uvcvideo: Refactor teardown of uvc on USB disconnect
- powerpc/xmon: Fix invocation inside lock region
- powerpc/pseries/cpuidle: Fix preempt warning
- media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
- ASoC: use dma_ops of parent device for acp_audio_dma
- media: venus: core: Set dma maximum segment size
- staging: erofs: fix use-after-free of on-stack `z_erofs_vle_unzip_io'
- net: call sk_dst_reset when set SO_DONTROUTE
- scsi: target: use consistent left-aligned ASCII INQUIRY data
- scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long
enough
- selftests: do not macro-expand failed assertion expressions
- arm64: kasan: Increase stack size for KASAN_EXTRA
- clk: imx6q: reset exclusive gates on init
- arm64: Fix minor issues with the dcache_by_line_op macro
- bpf: relax verifier restriction on BPF_MOV | BPF_ALU
- kconfig: fix file name and line number of warn_ignored_character()
- kconfig: fix memory leak when EOF is encountered in quotation
- mmc: atmel-mci: do not assume idle after atmci_request_end
- btrfs: volumes: Make sure there is no overlap of dev extents at mount time
- btrfs: alloc_chunk: fix more DUP stripe size handling
- btrfs: fix use-after-free due to race between replace start and cancel
- btrfs: improve error handling of btrfs_add_link
- tty/serial: do not free trasnmit buffer page under port lock
- perf intel-pt: Fix error with config term "pt=0"
- perf tests ARM: Disable breakpoint tests 32-bit
- perf svghelper: Fix unchecked usage of strncpy()
- perf parse-events: Fix unchecked usage of strncpy()
- perf vendor events intel: Fix Load_Miss_Real_Latency on SKL/SKX
- netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
- netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine
- netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine
- x86/topology: Use total_cpus for max logical packages calculation
- dm crypt: use u64 instead of sector_t to store iv_offset
- dm kcopyd: Fix bug causing workqueue stalls
- perf stat: Avoid segfaults caused by negated options
- tools lib subcmd: Don't add the kernel sources to the include path
- dm snapshot: Fix excessive memory usage and workqueue stalls
- perf cs-etm: Correct packets swapping in cs_etm__flush()
- perf tools: Add missing sigqueue() prototype for systems lacking it
- perf tools: Add missing open_memstream() prototype for systems lacking it
- quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls.
- clocksource/drivers/integrator-ap: Add missing of_node_put()
- dm: Check for device sector overflow if CONFIG_LBDAF is not set
- Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029
- ALSA: bebob: fix model-id of unit for Apogee Ensemble
- sysfs: Disable lockdep for driver bind/unbind files
- IB/usnic: Fix potential deadlock
- scsi: mpt3sas: fix memory ordering on 64bit writes
- scsi: smartpqi: correct lun reset issues
- ath10k: fix peer stats null pointer dereference
- scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown()
- scsi: megaraid: fix out-of-bound array accesses
- iomap: don't search past page end in iomap_is_partially_uptodate
- ocfs2: fix panic due to unrecovered local alloc
- mm/page-writeback.c: don't break integrity writeback on ->writepage()
error
- mm/swap: use nr_node_ids for avail_lists in swap_info_struct
- userfaultfd: clear flag if remap event not enabled
- mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
- iwlwifi: mvm: Send LQ command as async when necessary
- Bluetooth: Fix unnecessary error message for HCI request completion
- ipmi: fix use-after-free of user->release_barrier.rda
- ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
- ipmi: Prevent use-after-free in deliver_response
- ipmi:ssif: Fix handling of multi-part return messages
- ipmi: Don't initialize anything in the core until something uses it
- Linux 4.19.18
* tls selftest failures/hangs on i386 (LP: #1813607)
- [Config] CONFIG_TLS=n for i386
* Intel XL710 - i40e driver does not work with kernel 4.15 (Ubuntu 18.04)
(LP: #1779756)
- i40e: prevent overlapping tx_timeout recover
* Disco update: 4.19.17 upstream stable release (LP: #1813016)
- tty/ldsem: Wake up readers after timed out down_write()
- tty: Don't hold ldisc lock in tty_reopen() if ldisc present
- can: gw: ensure DLC boundaries after CAN frame modification
- netfilter: nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS
- netfilter: nf_conncount: split gc in two phases
- netfilter: nf_conncount: restart search when nodes have been erased
- netfilter: nf_conncount: merge lookup and add functions
- netfilter: nf_conncount: move all list iterations under spinlock
- netfilter: nf_conncount: speculative garbage collection on empty lists
- netfilter: nf_conncount: fix argument order to find_next_bit
- mmc: sdhci-msm: Disable CDR function on TX
- Revert "scsi: target: iscsi: cxgbit: fix csk leak"
- scsi: target: iscsi: cxgbit: fix csk leak
- scsi: target: iscsi: cxgbit: fix csk leak
- arm64/kvm: consistently handle host HCR_EL2 flags
- arm64: Don't trap host pointer auth use to EL2
- ipv6: fix kernel-infoleak in ipv6_local_error()
- net: bridge: fix a bug on using a neighbour cache entry without checking
its
state
- packet: Do not leak dev refcounts on error exit
- tcp: change txhash on SYN-data timeout
- tun: publish tfile after it's fully initialized
- lan743x: Remove phy_read from link status change function
- smc: move unhash as early as possible in smc_release()
- r8169: don't try to read counters if chip is in a PCI power-save state
- bonding: update nest level on unlink
- ip: on queued skb use skb_header_pointer instead of pskb_may_pull
- r8169: load Realtek PHY driver module before r8169
- crypto: sm3 - fix undefined shift by >= width of value
- crypto: caam - fix zero-length buffer DMA mapping
- crypto: authencesn - Avoid twice completion call in decrypt path
- crypto: ccree - convert to use crypto_authenc_extractkeys()
- crypto: bcm - convert to use crypto_authenc_extractkeys()
- crypto: authenc - fix parsing key with misaligned rta_len
- crypto: talitos - reorder code in talitos_edesc_alloc()
- crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK
- xen: Fix x86 sched_clock() interface for xen
- Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io"
- btrfs: wait on ordered extents on abort cleanup
- Yama: Check for pid death before checking ancestry
- scsi: core: Synchronize request queue PM status only on successful resume
- scsi: sd: Fix cache_type_store()
- mips: fix n32 compat_ipc_parse_version
- MIPS: BCM47XX: Setup struct device for the SoC
- MIPS: lantiq: Fix IPI interrupt handling
- drm/i915/gvt: Fix mmap range check
- OF: properties: add missing of_node_put
- mfd: tps6586x: Handle interrupts on suspend
- media: v4l: ioctl: Validate num_planes for debug messages
- RDMA/nldev: Don't expose unsafe global rkey to regular user
- RDMA/vmw_pvrdma: Return the correct opcode when creating WR
- kbuild: Disable LD_DEAD_CODE_DATA_ELIMINATION with ftrace & GCC <= 4.7
- net: dsa: realtek-smi: fix OF child-node lookup
- pstore/ram: Avoid allocation and leak of platform data
- arm64: kaslr: ensure randomized quantities are clean to the PoC
- arm64: dts: marvell: armada-ap806: reserve PSCI area
- Disable MSI also when pcie-octeon.pcie_disable on
- fix int_sqrt64() for very large numbers
- omap2fb: Fix stack memory disclosure
- media: vivid: fix error handling of kthread_run
- media: vivid: set min width/height to a value > 0
- bpf: in __bpf_redirect_no_mac pull mac only if present
- ipv6: make icmp6_send() robust against null skb->dev
- LSM: Check for NULL cred-security on free
- media: vb2: vb2_mmap: move lock up
- sunrpc: handle ENOMEM in rpcb_getport_async
- netfilter: ebtables: account ebt_table_info to kmemcg
- block: use rcu_work instead of call_rcu to avoid sleep in softirq
- selinux: fix GPF on invalid policy
- blockdev: Fix livelocks on loop device
- sctp: allocate sctp_sockaddr_entry with kzalloc
- tipc: fix uninit-value in in tipc_conn_rcv_sub
- tipc: fix uninit-value in tipc_nl_compat_link_reset_stats
- tipc: fix uninit-value in tipc_nl_compat_bearer_enable
- tipc: fix uninit-value in tipc_nl_compat_link_set
- tipc: fix uninit-value in tipc_nl_compat_name_table_dump
- tipc: fix uninit-value in tipc_nl_compat_doit
- block/loop: Don't grab "struct file" for vfs_getattr() operation.
- block/loop: Use global lock for ioctl() operation.
- loop: Fold __loop_release into loop_release
- loop: Get rid of loop_index_mutex
- loop: Push lo_ctl_mutex down into individual ioctls
- loop: Split setting of lo_state from loop_clr_fd
- loop: Push loop_ctl_mutex down into loop_clr_fd()
- loop: Push loop_ctl_mutex down to loop_get_status()
- loop: Push loop_ctl_mutex down to loop_set_status()
- loop: Push loop_ctl_mutex down to loop_set_fd()
- loop: Push loop_ctl_mutex down to loop_change_fd()
- loop: Move special partition reread handling in loop_clr_fd()
- loop: Move loop_reread_partitions() out of loop_ctl_mutex
- loop: Fix deadlock when calling blkdev_reread_part()
- loop: Avoid circular locking dependency between loop_ctl_mutex and
bd_mutex
- loop: Get rid of 'nested' acquisition of loop_ctl_mutex
- loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl()
- loop: drop caches if offset or block_size are changed
- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock
- selftests: Fix test errors related to lib.mk khdr target
- media: vb2: be sure to unlock mutex on errors
- nbd: Use set_blocksize() to set device blocksize
- Linux 4.19.17
* Enable sound card power saving by default (LP: #1804265)
- [Config] CONFIG_SND_HDA_POWER_SAVE_DEFAULT=1
* Fix non-working QCA Rome Bluetooth after S3 (LP: #1812812)
- USB: Add new USB LPM helpers
- USB: Consolidate LPM checks to avoid enabling LPM twice
* [SRU] Fix Xorg crash with nomodeset when BIOS enable 64-bit fb addr
(LP: #1812797)
- vgaarb: Add support for 64-bit frame buffer address
- vgaarb: Keep adding VGA device in queue
* bluetooth controller not detected with 4.15 kernel (LP: #1810797)
- SAUCE: btqcomsmd: introduce BT_QCOMSMD_HACK
- [Config] arm64: snapdragon: BT_QCOMSMD_HACK=y
* [19.04 FEAT| Enable virtio-gpu for s390x (LP: #1799467)
- [Config] enable virtio-gpu for s390x
* Miscellaneous Ubuntu changes
- Revert "UBUNTU: SAUCE: selftests: disable some failing networking tests"
- SAUCE: selftests: net: replace AF_MAX with INT_MAX in socket.c
- SAUCE: selftests/ftrace: Fix tab expansion in trace_marker snapshot
trigger
test
- update dkms package versions
* Miscellaneous upstream changes
- selftests/ftrace: Fix checkbashisms errors
- selftests/powerpc/pmu: Link ebb tests with -no-pie
-- Seth Forshee <seth.fors...@canonical.com> Mon, 28 Jan 2019 15:38:30
-0600
** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1793901
Title:
kernel oops in bcache module
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Trusty:
Fix Committed
Status in linux source package in Xenial:
Fix Committed
Status in linux source package in Bionic:
Fix Committed
Status in linux source package in Cosmic:
Fix Committed
Bug description:
SRU Justification
=================
[Impact]
Some users see panics like the following when performing fstrim on a
bcached volume:
[ 529.803060] BUG: unable to handle kernel NULL pointer dereference at
0000000000000008
[ 530.183928] #PF error: [normal kernel read fault]
[ 530.412392] PGD 8000001f42163067 P4D 8000001f42163067 PUD 1f42168067 PMD 0
[ 530.750887] Oops: 0000 [#1] SMP PTI
[ 530.920869] CPU: 10 PID: 4167 Comm: fstrim Kdump: loaded Not tainted
5.0.0-rc1+ #3
[ 531.290204] Hardware name: HP ProLiant DL360 Gen9/ProLiant DL360 Gen9,
BIOS P89 12/27/2015
[ 531.693137] RIP: 0010:blk_queue_split+0x148/0x620
[ 531.922205] Code: 60 38 89 55 a0 45 31 db 45 31 f6 45 31 c9 31 ff 89 4d 98
85 db 0f 84 7f 04 00 00 44 8b 6d 98 4c 89 ee 48 c1 e6 04 49 03 70 78 <8b> 46 08
44 8b 56 0c 48
8b 16 44 29 e0 39 d8 48 89 55 a8 0f 47 c3
[ 532.838634] RSP: 0018:ffffb9b708df39b0 EFLAGS: 00010246
[ 533.093571] RAX: 00000000ffffffff RBX: 0000000000046000 RCX:
0000000000000000
[ 533.441865] RDX: 0000000000000200 RSI: 0000000000000000 RDI:
0000000000000000
[ 533.789922] RBP: ffffb9b708df3a48 R08: ffff940d3b3fdd20 R09:
0000000000000000
[ 534.137512] R10: ffffb9b708df3958 R11: 0000000000000000 R12:
0000000000000000
[ 534.485329] R13: 0000000000000000 R14: 0000000000000000 R15:
ffff940d39212020
[ 534.833319] FS: 00007efec26e3840(0000) GS:ffff940d1f480000(0000)
knlGS:0000000000000000
[ 535.224098] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 535.504318] CR2: 0000000000000008 CR3: 0000001f4e256004 CR4:
00000000001606e0
[ 535.851759] Call Trace:
[ 535.970308] ? mempool_alloc_slab+0x15/0x20
[ 536.174152] ? bch_data_insert+0x42/0xd0 [bcache]
[ 536.403399] blk_mq_make_request+0x97/0x4f0
[ 536.607036] generic_make_request+0x1e2/0x410
[ 536.819164] submit_bio+0x73/0x150
[ 536.980168] ? submit_bio+0x73/0x150
[ 537.149731] ? bio_associate_blkg_from_css+0x3b/0x60
[ 537.391595] ? _cond_resched+0x1a/0x50
[ 537.573774] submit_bio_wait+0x59/0x90
[ 537.756105] blkdev_issue_discard+0x80/0xd0
[ 537.959590] ext4_trim_fs+0x4a9/0x9e0
[ 538.137636] ? ext4_trim_fs+0x4a9/0x9e0
[ 538.324087] ext4_ioctl+0xea4/0x1530
[ 538.497712] ? _copy_to_user+0x2a/0x40
[ 538.679632] do_vfs_ioctl+0xa6/0x600
[ 538.853127] ? __do_sys_newfstat+0x44/0x70
[ 539.051951] ksys_ioctl+0x6d/0x80
[ 539.212785] __x64_sys_ioctl+0x1a/0x20
[ 539.394918] do_syscall_64+0x5a/0x110
[ 539.568674] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[Fix]
Under certain conditions, the test for whether an operation should be
written back to the underlying device was incorrect. Specifically, in
should_writeback(), we were hitting a case where an optimisation for
partial stripe conditions was returning true and so should_writeback()
was returning true early. This caused the code to go down an incorrect
path and create bios that contained NULL pointers.
To fix this issue, make sure that should_writeback() on a discard op
never returns true.
[Test Case]
We have observed it on some systems where both:
1) LVM/devmapper is involved (bcache backing device is LVM volume) and
2) writeback cache is involved (bcache cache_mode is writeback)
Not every machine exhibits the bug. On one machine that does exhibit
the bug, we can reliably reproduce it with:
# echo writeback > /sys/block/bcache0/bcache/cache_mode
# mount /dev/bcache0 /test
# for i in {0..10}; do file="$(mktemp /test/zero.XXX)"; dd if=/dev/zero
of="$file" bs=1M count=256; sync; rm $file; done; fstrim -v /test
[Regression Potential]
This could affect any device where bcache is used.
In mitigation, however: the patch is simple, is limited to considering
discard operations. The patch has been accepted upstream [1] and the
maintainer will be including it in SuSE kernels [2]. A Gentoo user
validated the upstream patch independently [3].
[1] https://www.spinics.net/lists/linux-bcache/msg06997.html
[2] https://www.spinics.net/lists/linux-bcache/msg06998.html
[3] https://bugzilla.kernel.org/show_bug.cgi?id=196103#c3
[Original Description]
This was on an 18.04.1 install running the 4.15-34 generic kernel image,
running from a normal ext4 root device.
I had just a short while before created a new bcache device that was mounted
but to which no data had been written yet. Then without any apparent particular
reason, an apport error popped up to inform of a bcache kernel oops. Crash log
was uploaded but no idea how to link it, so I attach it as well.
Mostly I would like to know how concerned I should be as after a previous,
successful test I wanted to move the whole install to bcache. Ideally, if this
is a bug or similar, it would be nice if it could get fixed.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-34-generic 4.15.0-34.37
ProcVersionSignature: Ubuntu 4.15.0-34.37-generic 4.15.18
Uname: Linux 4.15.0-34-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset
nvidia
ApportVersion: 2.20.9-0ubuntu7.3
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Sat Sep 22 18:20:22 2018
HibernationDevice: RESUME=UUID=6bcbe7fa-85b7-4baf-9b69-0558a668bcdd
InstallationDate: Installed on 2014-07-29 (1515 days ago)
InstallationMedia: It
IwConfig:
zthnhe3w6d no wireless extensions.
eth1 no wireless extensions.
lo no wireless extensions.
MachineType: System manufacturer System Product Name
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=de_DE.UTF-8
SHELL=/bin/bash
ProcFB: 0 EFI VGA
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-34-generic
root=UUID=ebbab625-f14e-44ba-84d5-025ed92a5b2a ro quiet splash
RelatedPackageVersions:
linux-restricted-modules-4.15.0-34-generic N/A
linux-backports-modules-4.15.0-34-generic N/A
linux-firmware 1.173.1
RfKill:
0: hci0: Bluetooth
Soft blocked: yes
Hard blocked: no
SourcePackage: linux
UpgradeStatus: Upgraded to bionic on 2018-09-07 (15 days ago)
dmi.bios.date: 10/22/2015
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 0604
dmi.board.asset.tag: Default string
dmi.board.name: H170I-PLUS D3
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: Rev X.0x
dmi.chassis.asset.tag: Default string
dmi.chassis.type: 3
dmi.chassis.vendor: Default string
dmi.chassis.version: Default string
dmi.modalias:
dmi:bvnAmericanMegatrendsInc.:bvr0604:bd10/22/2015:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnH170I-PLUSD3:rvrRevX.0x:cvnDefaultstring:ct3:cvrDefaultstring:
dmi.product.family: Default string
dmi.product.name: System Product Name
dmi.product.version: System Version
dmi.sys.vendor: System manufacturer
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793901/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
