[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

Launchpad has imported 10 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=1254310. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

This bug was fixed in the package linux - 4.2.0-36.41 --- linux (4.2.0-36.41) wily; urgency=low [ Kamal Mostafa ] * Release Tracking Bug - LP: #1571667 [ Benjamin Tissoires ] * SAUCE: Input: synaptics - handle spurious release of trackstick buttons, again - LP:

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

This bug was fixed in the package linux - 4.2.0-36.41 --- linux (4.2.0-36.41) wily; urgency=low [ Kamal Mostafa ] * Release Tracking Bug - LP: #1571667 [ Benjamin Tissoires ] * SAUCE: Input: synaptics - handle spurious release of trackstick buttons, again - LP:

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

Done. ** Tags removed: verification-needed-wily ** Tags added: verification-done-wily -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1505948 Title: Memory arena corruption with FUSE

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- wily' to 'verification-done-wily'. If verification is not done by 5 working days from

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

** Branch linked: lp:ubuntu/trusty-proposed/linux-lts-wily -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1505948 Title: Memory arena corruption with FUSE (was Memory allocation failure

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

** Changed in: linux (Ubuntu Wily) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1505948 Title: Memory arena corruption with FUSE (was

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

This bug was fixed in the package linux - 4.4.0-16.32 --- linux (4.4.0-16.32) xenial; urgency=low [ Tim Gardner ] * Release Tracking Bug - LP: #1561727 * fix thermal throttling due to commit "Thermal: initialize thermal zone device correctly" (LP: #1561676) -

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

** Changed in: linux (Ubuntu Xenial) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1505948 Title: Memory arena corruption with FUSE (was

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

** Description changed: + == SRU Justification == + + Impact: Races in fuse's synchronous io handling can result in use-after- + free bugs which are causing kernel crashes. + + Fix: Two commits from fuse-next, one which simply caches the result of a + test to avoid a use-after-free and another

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

** Also affects: linux (Ubuntu Xenial) Importance: High Status: Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1505948 Title: Memory arena corruption with FUSE (was

Re: [Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

Great, thanks! Robert Am 11.03.2016 15:01 schrieb "Seth Forshee" : > On Fri, Mar 11, 2016 at 01:03:32PM -, Robert Doebbelin wrote: > > Thank you Seth for taking a close look at the problem and my proposed > > fix. As mentioned on the mailing list my test runs

Re: [Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

On Fri, Mar 11, 2016 at 01:03:32PM -, Robert Doebbelin wrote: > Thank you Seth for taking a close look at the problem and my proposed > fix. As mentioned on the mailing list my test runs fine now with the two > fixes. > > However, I prefer your fix as it prevents us from running into this >

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

Thank you Seth for taking a close look at the problem and my proposed fix. As mentioned on the mailing list my test runs fine now with the two fixes. However, I prefer your fix as it prevents us from running into this issue again. Our test system is happily installing VMs for two hours now using

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

I don't seem to be able to reproduce. I did try making a patch though that you can try that adds a separate reference count to fuse_io_priv separate from the request count. I don't know if it fixes anything that moving spin_unlock() doesn't, but to me this seems more straightforward and less

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

I've been looking at the code, but I haven't found anything aside from the two races mentioned on the mailing list thread. Those could explain the original problems, but I don't have any ideas about the problems seen with the fixes applied yet. I'm trying to reproduce now using the steps you

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

** Bug watch added: Red Hat Bugzilla #1254310 https://bugzilla.redhat.com/show_bug.cgi?id=1254310 ** Also affects: linux (Fedora) via https://bugzilla.redhat.com/show_bug.cgi?id=1254310 Importance: Unknown Status: Unknown -- You received this bug notification because you are a

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

This also affects the Xenial Standard Kernel. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1505948 Title: Memory arena corruption with FUSE (was Memory allocation failure crashes

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

The bug triggers with the debug kernel, however there is no message like "fuse_direct_IO: io->reg would have gone negative" in the journal: Jan 29 16:22:18 ubuntu dnsmasq-dhcp[896]: DHCPREQUEST(virbr0) 192.168.122.93 52:54:00:45:1c:61 Jan 29 16:22:18 ubuntu dnsmasq-dhcp[896]: DHCPACK(virbr0)

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

Interesting that implies that we submitted some kind of async IO, and the IO must have completed and free(io). This implies that the io->req count is getting out of sync with the world. A quick eyeball says we are handling them right, but something is exploding. To try and confirm this is

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

We've been able to confirm an out of bounds write in fuse_direct_io with the slub_debug boot option on linux-lts-wily. ** Attachment added: "Screen Shot 2016-01-26 at 10.00.03.png"

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

We've been able to confirm an out of bounds write in fuse_direct_io with the slub_debug boot option on linux-lts-wily. ** Attachment added: "Screen Shot 2016-01-26 at 10.00.03.png"

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

Enabling KASAN on a Wily kernel prints the following: Jan 27 12:02:05 ubuntu kernel: == Jan 27 12:02:05 ubuntu kernel: BUG: KASan: use after free in fuse_direct_IO+0xb1a/0xcc0 at addr 88036c414390 Jan 27 12:02:05 ubuntu kernel:

[Kernel-packages] [Bug 1505948] Re: Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE)

** Summary changed: - Memory allocation failure crashes kernel hard, presumably related to FUSE + Memory arena corruption with FUSE (was Memory allocation failure crashes kernel hard, presumably related to FUSE) -- You received this bug notification because you are a member of Kernel Packages,