Launchpad has imported 10 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=1254310.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
This bug was fixed in the package linux - 4.2.0-36.41
---
linux (4.2.0-36.41) wily; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1571667
[ Benjamin Tissoires ]
* SAUCE: Input: synaptics - handle spurious release of trackstick
buttons, again
- LP:
This bug was fixed in the package linux - 4.2.0-36.41
---
linux (4.2.0-36.41) wily; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1571667
[ Benjamin Tissoires ]
* SAUCE: Input: synaptics - handle spurious release of trackstick
buttons, again
- LP:
Done.
** Tags removed: verification-needed-wily
** Tags added: verification-done-wily
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1505948
Title:
Memory arena corruption with FUSE
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
wily' to 'verification-done-wily'.
If verification is not done by 5 working days from
** Branch linked: lp:ubuntu/trusty-proposed/linux-lts-wily
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1505948
Title:
Memory arena corruption with FUSE (was Memory allocation failure
** Changed in: linux (Ubuntu Wily)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1505948
Title:
Memory arena corruption with FUSE (was
This bug was fixed in the package linux - 4.4.0-16.32
---
linux (4.4.0-16.32) xenial; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1561727
* fix thermal throttling due to commit "Thermal: initialize thermal zone
device correctly" (LP: #1561676)
-
** Changed in: linux (Ubuntu Xenial)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1505948
Title:
Memory arena corruption with FUSE (was
** Description changed:
+ == SRU Justification ==
+
+ Impact: Races in fuse's synchronous io handling can result in use-after-
+ free bugs which are causing kernel crashes.
+
+ Fix: Two commits from fuse-next, one which simply caches the result of a
+ test to avoid a use-after-free and another
** Also affects: linux (Ubuntu Xenial)
Importance: High
Status: Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1505948
Title:
Memory arena corruption with FUSE (was
Great, thanks!
Robert
Am 11.03.2016 15:01 schrieb "Seth Forshee" :
> On Fri, Mar 11, 2016 at 01:03:32PM -, Robert Doebbelin wrote:
> > Thank you Seth for taking a close look at the problem and my proposed
> > fix. As mentioned on the mailing list my test runs
On Fri, Mar 11, 2016 at 01:03:32PM -, Robert Doebbelin wrote:
> Thank you Seth for taking a close look at the problem and my proposed
> fix. As mentioned on the mailing list my test runs fine now with the two
> fixes.
>
> However, I prefer your fix as it prevents us from running into this
>
Thank you Seth for taking a close look at the problem and my proposed
fix. As mentioned on the mailing list my test runs fine now with the two
fixes.
However, I prefer your fix as it prevents us from running into this
issue again. Our test system is happily installing VMs for two hours now
using
I don't seem to be able to reproduce.
I did try making a patch though that you can try that adds a separate
reference count to fuse_io_priv separate from the request count. I don't
know if it fixes anything that moving spin_unlock() doesn't, but to me
this seems more straightforward and less
I've been looking at the code, but I haven't found anything aside from
the two races mentioned on the mailing list thread. Those could explain
the original problems, but I don't have any ideas about the problems
seen with the fixes applied yet.
I'm trying to reproduce now using the steps you
** Bug watch added: Red Hat Bugzilla #1254310
https://bugzilla.redhat.com/show_bug.cgi?id=1254310
** Also affects: linux (Fedora) via
https://bugzilla.redhat.com/show_bug.cgi?id=1254310
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a
This also affects the Xenial Standard Kernel.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1505948
Title:
Memory arena corruption with FUSE (was Memory allocation failure
crashes
The bug triggers with the debug kernel, however there is no message like
"fuse_direct_IO: io->reg would have gone negative" in the journal:
Jan 29 16:22:18 ubuntu dnsmasq-dhcp[896]: DHCPREQUEST(virbr0) 192.168.122.93
52:54:00:45:1c:61
Jan 29 16:22:18 ubuntu dnsmasq-dhcp[896]: DHCPACK(virbr0)
Interesting that implies that we submitted some kind of async IO, and
the IO must have completed and free(io). This implies that the io->req
count is getting out of sync with the world. A quick eyeball says we are
handling them right, but something is exploding. To try and confirm
this is
We've been able to confirm an out of bounds write in fuse_direct_io with
the slub_debug boot option on linux-lts-wily.
** Attachment added: "Screen Shot 2016-01-26 at 10.00.03.png"
We've been able to confirm an out of bounds write in fuse_direct_io with
the slub_debug boot option on linux-lts-wily.
** Attachment added: "Screen Shot 2016-01-26 at 10.00.03.png"
Enabling KASAN on a Wily kernel prints the following:
Jan 27 12:02:05 ubuntu kernel:
==
Jan 27 12:02:05 ubuntu kernel: BUG: KASan: use after free in
fuse_direct_IO+0xb1a/0xcc0 at addr 88036c414390
Jan 27 12:02:05 ubuntu kernel:
** Summary changed:
- Memory allocation failure crashes kernel hard, presumably related to FUSE
+ Memory arena corruption with FUSE (was Memory allocation failure crashes
kernel hard, presumably related to FUSE)
--
You received this bug notification because you are a member of Kernel
Packages,
24 matches
Mail list logo