This bug was fixed in the package linux - 4.19.0-12.13 --------------- linux (4.19.0-12.13) disco; urgency=medium
* linux: 4.19.0-12.13 -proposed tracker (LP: #1813664) * kernel oops in bcache module (LP: #1793901) - SAUCE: bcache: never writeback a discard operation * Disco update: 4.19.18 upstream stable release (LP: #1813611) - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address - mlxsw: spectrum: Disable lag port TX before removing it - mlxsw: spectrum_switchdev: Set PVID correctly during VLAN deletion - net: dsa: mv88x6xxx: mv88e6390 errata - net, skbuff: do not prefer skb allocation fails early - qmi_wwan: add MTU default to qmap network interface - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses - net: clear skb->tstamp in bridge forwarding path - netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets - gpio: pl061: Move irq_chip definition inside struct pl061 - drm/amd/display: Guard against null stream_state in set_crc_source - drm/amdkfd: fix interrupt spin lock - ixgbe: allow IPsec Tx offload in VEPA mode - platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey - e1000e: allow non-monotonic SYSTIM readings - usb: typec: tcpm: Do not disconnect link for self powered devices - selftests/bpf: enable (uncomment) all tests in test_libbpf.sh - of: overlay: add missing of_node_put() after add new node to changeset - writeback: don't decrement wb->refcnt if !wb->bdi - serial: set suppress_bind_attrs flag only if builtin - bpf: Allow narrow loads with offset > 0 - ALSA: oxfw: add support for APOGEE duet FireWire - x86/mce: Fix -Wmissing-prototypes warnings - MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur - crypto: ecc - regularize scalar for scalar multiplication - arm64: perf: set suppress_bind_attrs flag to true - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier - clk: meson: meson8b: fix incorrect divider mapping in cpu_scale_table - samples: bpf: fix: error handling regarding kprobe_events - usb: gadget: udc: renesas_usb3: add a safety connection way for forced_b_device - fpga: altera-cvp: fix probing for multiple FPGAs on the bus - selinux: always allow mounting submounts - ASoC: pcm3168a: Don't disable pcm3168a when CONFIG_PM defined - scsi: qedi: Check for session online before getting iSCSI TLV data. - drm/amdgpu: Reorder uvd ring init before uvd resume - rxe: IB_WR_REG_MR does not capture MR's iova field - efi/libstub: Disable some warnings for x86{,_64} - jffs2: Fix use of uninitialized delayed_work, lockdep breakage - clk: imx: make mux parent strings const - pstore/ram: Do not treat empty buffers as valid - media: uvcvideo: Refactor teardown of uvc on USB disconnect - powerpc/xmon: Fix invocation inside lock region - powerpc/pseries/cpuidle: Fix preempt warning - media: firewire: Fix app_info parameter type in avc_ca{,_app}_info - ASoC: use dma_ops of parent device for acp_audio_dma - media: venus: core: Set dma maximum segment size - staging: erofs: fix use-after-free of on-stack `z_erofs_vle_unzip_io' - net: call sk_dst_reset when set SO_DONTROUTE - scsi: target: use consistent left-aligned ASCII INQUIRY data - scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long enough - selftests: do not macro-expand failed assertion expressions - arm64: kasan: Increase stack size for KASAN_EXTRA - clk: imx6q: reset exclusive gates on init - arm64: Fix minor issues with the dcache_by_line_op macro - bpf: relax verifier restriction on BPF_MOV | BPF_ALU - kconfig: fix file name and line number of warn_ignored_character() - kconfig: fix memory leak when EOF is encountered in quotation - mmc: atmel-mci: do not assume idle after atmci_request_end - btrfs: volumes: Make sure there is no overlap of dev extents at mount time - btrfs: alloc_chunk: fix more DUP stripe size handling - btrfs: fix use-after-free due to race between replace start and cancel - btrfs: improve error handling of btrfs_add_link - tty/serial: do not free trasnmit buffer page under port lock - perf intel-pt: Fix error with config term "pt=0" - perf tests ARM: Disable breakpoint tests 32-bit - perf svghelper: Fix unchecked usage of strncpy() - perf parse-events: Fix unchecked usage of strncpy() - perf vendor events intel: Fix Load_Miss_Real_Latency on SKL/SKX - netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set - netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine - netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine - x86/topology: Use total_cpus for max logical packages calculation - dm crypt: use u64 instead of sector_t to store iv_offset - dm kcopyd: Fix bug causing workqueue stalls - perf stat: Avoid segfaults caused by negated options - tools lib subcmd: Don't add the kernel sources to the include path - dm snapshot: Fix excessive memory usage and workqueue stalls - perf cs-etm: Correct packets swapping in cs_etm__flush() - perf tools: Add missing sigqueue() prototype for systems lacking it - perf tools: Add missing open_memstream() prototype for systems lacking it - quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls. - clocksource/drivers/integrator-ap: Add missing of_node_put() - dm: Check for device sector overflow if CONFIG_LBDAF is not set - Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029 - ALSA: bebob: fix model-id of unit for Apogee Ensemble - sysfs: Disable lockdep for driver bind/unbind files - IB/usnic: Fix potential deadlock - scsi: mpt3sas: fix memory ordering on 64bit writes - scsi: smartpqi: correct lun reset issues - ath10k: fix peer stats null pointer dereference - scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown() - scsi: megaraid: fix out-of-bound array accesses - iomap: don't search past page end in iomap_is_partially_uptodate - ocfs2: fix panic due to unrecovered local alloc - mm/page-writeback.c: don't break integrity writeback on ->writepage() error - mm/swap: use nr_node_ids for avail_lists in swap_info_struct - userfaultfd: clear flag if remap event not enabled - mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps - iwlwifi: mvm: Send LQ command as async when necessary - Bluetooth: Fix unnecessary error message for HCI request completion - ipmi: fix use-after-free of user->release_barrier.rda - ipmi: msghandler: Fix potential Spectre v1 vulnerabilities - ipmi: Prevent use-after-free in deliver_response - ipmi:ssif: Fix handling of multi-part return messages - ipmi: Don't initialize anything in the core until something uses it - Linux 4.19.18 * tls selftest failures/hangs on i386 (LP: #1813607) - [Config] CONFIG_TLS=n for i386 * Intel XL710 - i40e driver does not work with kernel 4.15 (Ubuntu 18.04) (LP: #1779756) - i40e: prevent overlapping tx_timeout recover * Disco update: 4.19.17 upstream stable release (LP: #1813016) - tty/ldsem: Wake up readers after timed out down_write() - tty: Don't hold ldisc lock in tty_reopen() if ldisc present - can: gw: ensure DLC boundaries after CAN frame modification - netfilter: nf_conncount: replace CONNCOUNT_LOCK_SLOTS with CONNCOUNT_SLOTS - netfilter: nf_conncount: split gc in two phases - netfilter: nf_conncount: restart search when nodes have been erased - netfilter: nf_conncount: merge lookup and add functions - netfilter: nf_conncount: move all list iterations under spinlock - netfilter: nf_conncount: speculative garbage collection on empty lists - netfilter: nf_conncount: fix argument order to find_next_bit - mmc: sdhci-msm: Disable CDR function on TX - Revert "scsi: target: iscsi: cxgbit: fix csk leak" - scsi: target: iscsi: cxgbit: fix csk leak - scsi: target: iscsi: cxgbit: fix csk leak - arm64/kvm: consistently handle host HCR_EL2 flags - arm64: Don't trap host pointer auth use to EL2 - ipv6: fix kernel-infoleak in ipv6_local_error() - net: bridge: fix a bug on using a neighbour cache entry without checking its state - packet: Do not leak dev refcounts on error exit - tcp: change txhash on SYN-data timeout - tun: publish tfile after it's fully initialized - lan743x: Remove phy_read from link status change function - smc: move unhash as early as possible in smc_release() - r8169: don't try to read counters if chip is in a PCI power-save state - bonding: update nest level on unlink - ip: on queued skb use skb_header_pointer instead of pskb_may_pull - r8169: load Realtek PHY driver module before r8169 - crypto: sm3 - fix undefined shift by >= width of value - crypto: caam - fix zero-length buffer DMA mapping - crypto: authencesn - Avoid twice completion call in decrypt path - crypto: ccree - convert to use crypto_authenc_extractkeys() - crypto: bcm - convert to use crypto_authenc_extractkeys() - crypto: authenc - fix parsing key with misaligned rta_len - crypto: talitos - reorder code in talitos_edesc_alloc() - crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK - xen: Fix x86 sched_clock() interface for xen - Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io" - btrfs: wait on ordered extents on abort cleanup - Yama: Check for pid death before checking ancestry - scsi: core: Synchronize request queue PM status only on successful resume - scsi: sd: Fix cache_type_store() - mips: fix n32 compat_ipc_parse_version - MIPS: BCM47XX: Setup struct device for the SoC - MIPS: lantiq: Fix IPI interrupt handling - drm/i915/gvt: Fix mmap range check - OF: properties: add missing of_node_put - mfd: tps6586x: Handle interrupts on suspend - media: v4l: ioctl: Validate num_planes for debug messages - RDMA/nldev: Don't expose unsafe global rkey to regular user - RDMA/vmw_pvrdma: Return the correct opcode when creating WR - kbuild: Disable LD_DEAD_CODE_DATA_ELIMINATION with ftrace & GCC <= 4.7 - net: dsa: realtek-smi: fix OF child-node lookup - pstore/ram: Avoid allocation and leak of platform data - arm64: kaslr: ensure randomized quantities are clean to the PoC - arm64: dts: marvell: armada-ap806: reserve PSCI area - Disable MSI also when pcie-octeon.pcie_disable on - fix int_sqrt64() for very large numbers - omap2fb: Fix stack memory disclosure - media: vivid: fix error handling of kthread_run - media: vivid: set min width/height to a value > 0 - bpf: in __bpf_redirect_no_mac pull mac only if present - ipv6: make icmp6_send() robust against null skb->dev - LSM: Check for NULL cred-security on free - media: vb2: vb2_mmap: move lock up - sunrpc: handle ENOMEM in rpcb_getport_async - netfilter: ebtables: account ebt_table_info to kmemcg - block: use rcu_work instead of call_rcu to avoid sleep in softirq - selinux: fix GPF on invalid policy - blockdev: Fix livelocks on loop device - sctp: allocate sctp_sockaddr_entry with kzalloc - tipc: fix uninit-value in in tipc_conn_rcv_sub - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats - tipc: fix uninit-value in tipc_nl_compat_bearer_enable - tipc: fix uninit-value in tipc_nl_compat_link_set - tipc: fix uninit-value in tipc_nl_compat_name_table_dump - tipc: fix uninit-value in tipc_nl_compat_doit - block/loop: Don't grab "struct file" for vfs_getattr() operation. - block/loop: Use global lock for ioctl() operation. - loop: Fold __loop_release into loop_release - loop: Get rid of loop_index_mutex - loop: Push lo_ctl_mutex down into individual ioctls - loop: Split setting of lo_state from loop_clr_fd - loop: Push loop_ctl_mutex down into loop_clr_fd() - loop: Push loop_ctl_mutex down to loop_get_status() - loop: Push loop_ctl_mutex down to loop_set_status() - loop: Push loop_ctl_mutex down to loop_set_fd() - loop: Push loop_ctl_mutex down to loop_change_fd() - loop: Move special partition reread handling in loop_clr_fd() - loop: Move loop_reread_partitions() out of loop_ctl_mutex - loop: Fix deadlock when calling blkdev_reread_part() - loop: Avoid circular locking dependency between loop_ctl_mutex and bd_mutex - loop: Get rid of 'nested' acquisition of loop_ctl_mutex - loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() - loop: drop caches if offset or block_size are changed - drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock - selftests: Fix test errors related to lib.mk khdr target - media: vb2: be sure to unlock mutex on errors - nbd: Use set_blocksize() to set device blocksize - Linux 4.19.17 * Enable sound card power saving by default (LP: #1804265) - [Config] CONFIG_SND_HDA_POWER_SAVE_DEFAULT=1 * Fix non-working QCA Rome Bluetooth after S3 (LP: #1812812) - USB: Add new USB LPM helpers - USB: Consolidate LPM checks to avoid enabling LPM twice * [SRU] Fix Xorg crash with nomodeset when BIOS enable 64-bit fb addr (LP: #1812797) - vgaarb: Add support for 64-bit frame buffer address - vgaarb: Keep adding VGA device in queue * bluetooth controller not detected with 4.15 kernel (LP: #1810797) - SAUCE: btqcomsmd: introduce BT_QCOMSMD_HACK - [Config] arm64: snapdragon: BT_QCOMSMD_HACK=y * [19.04 FEAT| Enable virtio-gpu for s390x (LP: #1799467) - [Config] enable virtio-gpu for s390x * Miscellaneous Ubuntu changes - Revert "UBUNTU: SAUCE: selftests: disable some failing networking tests" - SAUCE: selftests: net: replace AF_MAX with INT_MAX in socket.c - SAUCE: selftests/ftrace: Fix tab expansion in trace_marker snapshot trigger test - update dkms package versions * Miscellaneous upstream changes - selftests/ftrace: Fix checkbashisms errors - selftests/powerpc/pmu: Link ebb tests with -no-pie -- Seth Forshee <seth.fors...@canonical.com> Mon, 28 Jan 2019 15:38:30 -0600 ** Changed in: linux (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1793901 Title: kernel oops in bcache module Status in linux package in Ubuntu: Fix Released Status in linux source package in Trusty: Fix Committed Status in linux source package in Xenial: Fix Committed Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Committed Bug description: SRU Justification ================= [Impact] Some users see panics like the following when performing fstrim on a bcached volume: [ 529.803060] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 [ 530.183928] #PF error: [normal kernel read fault] [ 530.412392] PGD 8000001f42163067 P4D 8000001f42163067 PUD 1f42168067 PMD 0 [ 530.750887] Oops: 0000 [#1] SMP PTI [ 530.920869] CPU: 10 PID: 4167 Comm: fstrim Kdump: loaded Not tainted 5.0.0-rc1+ #3 [ 531.290204] Hardware name: HP ProLiant DL360 Gen9/ProLiant DL360 Gen9, BIOS P89 12/27/2015 [ 531.693137] RIP: 0010:blk_queue_split+0x148/0x620 [ 531.922205] Code: 60 38 89 55 a0 45 31 db 45 31 f6 45 31 c9 31 ff 89 4d 98 85 db 0f 84 7f 04 00 00 44 8b 6d 98 4c 89 ee 48 c1 e6 04 49 03 70 78 <8b> 46 08 44 8b 56 0c 48 8b 16 44 29 e0 39 d8 48 89 55 a8 0f 47 c3 [ 532.838634] RSP: 0018:ffffb9b708df39b0 EFLAGS: 00010246 [ 533.093571] RAX: 00000000ffffffff RBX: 0000000000046000 RCX: 0000000000000000 [ 533.441865] RDX: 0000000000000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 533.789922] RBP: ffffb9b708df3a48 R08: ffff940d3b3fdd20 R09: 0000000000000000 [ 534.137512] R10: ffffb9b708df3958 R11: 0000000000000000 R12: 0000000000000000 [ 534.485329] R13: 0000000000000000 R14: 0000000000000000 R15: ffff940d39212020 [ 534.833319] FS: 00007efec26e3840(0000) GS:ffff940d1f480000(0000) knlGS:0000000000000000 [ 535.224098] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 535.504318] CR2: 0000000000000008 CR3: 0000001f4e256004 CR4: 00000000001606e0 [ 535.851759] Call Trace: [ 535.970308] ? mempool_alloc_slab+0x15/0x20 [ 536.174152] ? bch_data_insert+0x42/0xd0 [bcache] [ 536.403399] blk_mq_make_request+0x97/0x4f0 [ 536.607036] generic_make_request+0x1e2/0x410 [ 536.819164] submit_bio+0x73/0x150 [ 536.980168] ? submit_bio+0x73/0x150 [ 537.149731] ? bio_associate_blkg_from_css+0x3b/0x60 [ 537.391595] ? _cond_resched+0x1a/0x50 [ 537.573774] submit_bio_wait+0x59/0x90 [ 537.756105] blkdev_issue_discard+0x80/0xd0 [ 537.959590] ext4_trim_fs+0x4a9/0x9e0 [ 538.137636] ? ext4_trim_fs+0x4a9/0x9e0 [ 538.324087] ext4_ioctl+0xea4/0x1530 [ 538.497712] ? _copy_to_user+0x2a/0x40 [ 538.679632] do_vfs_ioctl+0xa6/0x600 [ 538.853127] ? __do_sys_newfstat+0x44/0x70 [ 539.051951] ksys_ioctl+0x6d/0x80 [ 539.212785] __x64_sys_ioctl+0x1a/0x20 [ 539.394918] do_syscall_64+0x5a/0x110 [ 539.568674] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [Fix] Under certain conditions, the test for whether an operation should be written back to the underlying device was incorrect. Specifically, in should_writeback(), we were hitting a case where an optimisation for partial stripe conditions was returning true and so should_writeback() was returning true early. This caused the code to go down an incorrect path and create bios that contained NULL pointers. To fix this issue, make sure that should_writeback() on a discard op never returns true. [Test Case] We have observed it on some systems where both: 1) LVM/devmapper is involved (bcache backing device is LVM volume) and 2) writeback cache is involved (bcache cache_mode is writeback) Not every machine exhibits the bug. On one machine that does exhibit the bug, we can reliably reproduce it with: # echo writeback > /sys/block/bcache0/bcache/cache_mode # mount /dev/bcache0 /test # for i in {0..10}; do file="$(mktemp /test/zero.XXX)"; dd if=/dev/zero of="$file" bs=1M count=256; sync; rm $file; done; fstrim -v /test [Regression Potential] This could affect any device where bcache is used. In mitigation, however: the patch is simple, is limited to considering discard operations. The patch has been accepted upstream [1] and the maintainer will be including it in SuSE kernels [2]. A Gentoo user validated the upstream patch independently [3]. [1] https://www.spinics.net/lists/linux-bcache/msg06997.html [2] https://www.spinics.net/lists/linux-bcache/msg06998.html [3] https://bugzilla.kernel.org/show_bug.cgi?id=196103#c3 [Original Description] This was on an 18.04.1 install running the 4.15-34 generic kernel image, running from a normal ext4 root device. I had just a short while before created a new bcache device that was mounted but to which no data had been written yet. Then without any apparent particular reason, an apport error popped up to inform of a bcache kernel oops. Crash log was uploaded but no idea how to link it, so I attach it as well. Mostly I would like to know how concerned I should be as after a previous, successful test I wanted to move the whole install to bcache. Ideally, if this is a bug or similar, it would be nice if it could get fixed. ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-image-4.15.0-34-generic 4.15.0-34.37 ProcVersionSignature: Ubuntu 4.15.0-34.37-generic 4.15.18 Uname: Linux 4.15.0-34-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia ApportVersion: 2.20.9-0ubuntu7.3 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Sat Sep 22 18:20:22 2018 HibernationDevice: RESUME=UUID=6bcbe7fa-85b7-4baf-9b69-0558a668bcdd InstallationDate: Installed on 2014-07-29 (1515 days ago) InstallationMedia: It IwConfig: zthnhe3w6d no wireless extensions. eth1 no wireless extensions. lo no wireless extensions. MachineType: System manufacturer System Product Name ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=de_DE.UTF-8 SHELL=/bin/bash ProcFB: 0 EFI VGA ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-34-generic root=UUID=ebbab625-f14e-44ba-84d5-025ed92a5b2a ro quiet splash RelatedPackageVersions: linux-restricted-modules-4.15.0-34-generic N/A linux-backports-modules-4.15.0-34-generic N/A linux-firmware 1.173.1 RfKill: 0: hci0: Bluetooth Soft blocked: yes Hard blocked: no SourcePackage: linux UpgradeStatus: Upgraded to bionic on 2018-09-07 (15 days ago) dmi.bios.date: 10/22/2015 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 0604 dmi.board.asset.tag: Default string dmi.board.name: H170I-PLUS D3 dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: Rev X.0x dmi.chassis.asset.tag: Default string dmi.chassis.type: 3 dmi.chassis.vendor: Default string dmi.chassis.version: Default string dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr0604:bd10/22/2015:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnH170I-PLUSD3:rvrRevX.0x:cvnDefaultstring:ct3:cvrDefaultstring: dmi.product.family: Default string dmi.product.name: System Product Name dmi.product.version: System Version dmi.sys.vendor: System manufacturer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793901/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp