This bug was fixed in the package linux - 4.4.0-23.41
---------------
linux (4.4.0-23.41) xenial; urgency=low
[ Kamal Mostafa ]
* Release Tracking Bug
- LP: #1582431
* zfs: disable module checks for zfs when cross-compiling (LP: #1581127)
- [Packaging] disable zfs module checks when cross-compiling
* Xenial update to v4.4.10 stable release (LP: #1580754)
- Revert "UBUNTU: SAUCE: (no-up) ACPICA: Dispatcher: Update thread ID for
recursive method calls"
- Revert "UBUNTU: SAUCE: nbd: ratelimit error msgs after socket close"
- Revert: "powerpc/tm: Check for already reclaimed tasks"
- RDMA/iw_cxgb4: Fix bar2 virt addr calculation for T4 chips
- ipvs: handle ip_vs_fill_iph_skb_off failure
- ipvs: correct initial offset of Call-ID header search in SIP persistence
engine
- ipvs: drop first packet to redirect conntrack
- mfd: intel-lpss: Remove clock tree on error path
- nbd: ratelimit error msgs after socket close
- ata: ahci_xgene: dereferencing uninitialized pointer in probe
- mwifiex: fix corner case association failure
- CNS3xxx: Fix PCI cns3xxx_write_config()
- clk-divider: make sure read-only dividers do not write to their register
- soc: rockchip: power-domain: fix err handle while probing
- clk: rockchip: free memory in error cases when registering clock branches
- clk: meson: Fix meson_clk_register_clks() signature type mismatch
- clk: qcom: msm8960: fix ce3_core clk enable register
- clk: versatile: sp810: support reentrance
- clk: qcom: msm8960: Fix ce3_src register offset
- lpfc: fix misleading indentation
- ath9k: ar5008_hw_cmn_spur_mitigate: add missing mask_m & mask_p
initialisation
- mac80211: fix statistics leak if dev_alloc_name() fails
- tracing: Don't display trigger file for events that can't be enabled
- MD: make bio mergeable
- Minimal fix-up of bad hashing behavior of hash_64()
- mm, cma: prevent nr_isolated_* counters from going negative
- mm/zswap: provide unique zpool name
- ARM: EXYNOS: Properly skip unitialized parent clock in power domain on
- ARM: SoCFPGA: Fix secondary CPU startup in thumb2 kernel
- xen: Fix page <-> pfn conversion on 32 bit systems
- xen/balloon: Fix crash when ballooning on x86 32 bit PAE
- xen/evtchn: fix ring resize when binding new events
- HID: wacom: Add support for DTK-1651
- HID: Fix boot delay for Creative SB Omni Surround 5.1 with quirk
- Input: zforce_ts - fix dual touch recognition
- proc: prevent accessing /proc/<PID>/environ until it's ready
- mm: update min_free_kbytes from khugepaged after core initialization
- batman-adv: fix DAT candidate selection (must use vid)
- batman-adv: Check skb size before using encapsulated ETH+VLAN header
- batman-adv: Fix broadcast/ogm queue limit on a removed interface
- batman-adv: Reduce refcnt of removed router when updating route
- writeback: Fix performance regression in wb_over_bg_thresh()
- MAINTAINERS: Remove asterisk from EFI directory names
- x86/tsc: Read all ratio bits from MSR_PLATFORM_INFO
- ARM: cpuidle: Pass on arm_cpuidle_suspend()'s return value
- ARC: Add missing io barriers to io{read,write}{16,32}be()
- x86/sysfb_efi: Fix valid BAR address range check
- ACPICA: Dispatcher: Update thread ID for recursive method calls
- powerpc: Fix bad inline asm constraint in create_zero_mask()
- libahci: save port map for forced port map
- ata: ahci-platform: Add ports-implemented DT bindings.
- USB: serial: cp210x: add ID for Link ECU
- USB: serial: cp210x: add Straizona Focusers device ids
- nvmem: mxs-ocotp: fix buffer overflow in read
- gpu: ipu-v3: Fix imx-ipuv3-crtc module autoloading
- drm/amdgpu: make sure vertical front porch is at least 1
- drm/amdgpu: set metadata pointer to NULL after freeing.
- iio: ak8975: Fix NULL pointer exception on early interrupt
- iio: ak8975: fix maybe-uninitialized warning
- drm/radeon: make sure vertical front porch is at least 1
- drm/i915/ddi: Fix eDP VDD handling during booting and suspend/resume
- drm/i915: Fix eDP low vswing for Broadwell
- drm/i915: Make RPS EI/thresholds multiple of 25 on SNB-BDW
- drm/i915: Fake HDMI live status
- lib/test-string_helpers.c: fix and improve string_get_size() tests
- drm/i915/skl: Fix DMC load on Skylake J0 and K0
- Linux 4.4.10
* HDMI audio playback noise observed on AMD Polaris 10/11 GPU (LP: #1577288)
- ALSA: hda: add AMD Polaris-10/11 AZ PCI IDs with proper driver caps
* [i915_bpo] Update i915 backport driver (LP: #1580114)
- SAUCE: i915_bpo: Drop is_preliminary from BXT/KBL.
- SAUCE: i915_bpo: Sync with v4.6-rc7
* CVE-2016-4486 (LP: #1578497)
- net: fix infoleak in rtnetlink
* CVE-2016-4485 (LP: #1578496)
- net: fix infoleak in llc
* drm.ko < kernel version 4.5 has a dead lock bug (LP: #1579610)
- drm: Balance error path for GEM handle allocation
* Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: -fstack-protector-strong not
supported by compiler (LP: #1574982)
- SAUCE: (no-up) disable -pie when gcc has it enabled by default
* system freeze after vt switching (LP: #1542939)
- drm/atomic: Add __drm_atomic_helper_connector_reset, v2.
- drm/atomic: Remove drm_atomic_connectors_for_crtc.
* CVE-2016-4558 (LP: #1579140)
- bpf: fix refcnt overflow
* Kernel Panic on EC2 After Upgrading from 14.04 to 16.04 via do-release-
upgrade -d (LP: #1573231)
- SAUCE: (no-up) x86/topology: Handle CPUID bogosity gracefully
* PCI Call Traces hw csum failure in dmesg with 4.4.0-2-generic
(LP: #1544978)
- net/mlx4_en: Fix endianness bug in IPV6 csum calculation
* Missing libunwind support in perf (LP: #1248289)
- [Config] Add liblzma-dev to enable libunwind support in perf
* thunderbolt hotplug is broken (LP: #1577898)
- SAUCE: (no-up) ACPICA: Dispatcher: Update thread ID for recursive method
calls
* Kernel can be oopsed using remap_file_pages (LP: #1558120)
- SAUCE: mm/mmap: fix oopsing on remap_file_pages
* ZFS is confused by user namespaces (uid/gid mapping) when used with
acltype=posixac (LP: #1567558)
- zfs: Fix user namespaces uid/gid mapping
* oops when propagating mounts into containers - RIP:
0010:[<ffffffff8123cb3e>] [<ffffffff8123cb3e>] propagate_one+0xbe/0x1c0
(LP: #1572316)
- fs/pnode.c: treat zero mnt_group_id-s as unequal
- propogate_mnt: Handle the first propogated copy being a slave
* OOPS on wily+ for Haswell-ULT and Broadwell (LP: #1577748)
- PNP: Add Broadwell to Intel MCH size workaround
- PNP: Add Haswell-ULT to Intel MCH size workaround
* Xenial update to v4.4.9 stable release (LP: #1578798)
- block: loop: fix filesystem corruption in case of aio/dio
- x86/mce: Avoid using object after free in genpool
- kvm: x86: do not leak guest xcr0 into host interrupt handlers
- ARM: dts: AM43x-epos: Fix clk parent for synctimer
- ARM: mvebu: Correct unit address for linksys
- ARM: OMAP2: Fix up interconnect barrier initialization for DRA7
- ARM: OMAP2+: hwmod: Fix updating of sysconfig register
- assoc_array: don't call compare_object() on a node
- usb: xhci: applying XHCI_PME_STUCK_QUIRK to Intel BXT B0 host
- xhci: resume USB 3 roothub first
- usb: xhci: fix wild pointers in xhci_mem_cleanup
- xhci: fix 10 second timeout on removal of PCI hotpluggable xhci
controllers
- usb: hcd: out of bounds access in for_each_companion
- usb: gadget: f_fs: Fix use-after-free
- dm cache metadata: fix READ_LOCK macros and cleanup WRITE_LOCK macros
- dm cache metadata: fix cmd_read_lock() acquiring write lock
- lib: lz4: fixed zram with lz4 on big endian machines
- debugfs: Make automount point inodes permanently empty
- dmaengine: dw: fix master selection
- dmaengine: hsu: correct use of channel status register
- dmaengine: pxa_dma: fix the maximum requestor line
- sched/cgroup: Fix/cleanup cgroup teardown/init
- x86/mm/xen: Suppress hugetlbfs in PV guests
- x86 EDAC, sb_edac.c: Repair damage introduced when "fixing" channel
address
- ALSA: hda - Don't trust the reported actual power state
- ALSA: hda/realtek - Add ALC3234 headset mode for Optiplex 9020m
- ALSA: hda - Keep powering up ADCs on Cirrus codecs
- ALSA: hda - add PCI ID for Intel Broxton-T
- ALSA: pcxhr: Fix missing mutex unlock
- ALSA: hda - Add dock support for ThinkPad X260
- asm-generic/futex: Re-enable preemption in futex_atomic_cmpxchg_inatomic()
- futex: Handle unlock_pi race gracefully
- futex: Acknowledge a new waiter in counter before plist
- drm/nouveau/core: use vzalloc for allocating ramht
- drm/qxl: fix cursor position with non-zero hotspot
- drm/i915: Fix race condition in intel_dp_destroy_mst_connector()
- Revert "drm/radeon: disable runtime pm on PX laptops without dGPU power
control"
- Revert "drm/amdgpu: disable runtime pm on PX laptops without dGPU power
control"
- cpufreq: intel_pstate: Fix processing for turbo activation ratio
- iwlwifi: pcie: lower the debug level for RSA semaphore access
- iwlwifi: mvm: fix memory leak in paging
- crypto: ccp - Prevent information leakage on export
- crypto: sha1-mb - use corrcet pointer while completing jobs
- crypto: talitos - fix crash in talitos_cra_init()
- crypto: talitos - fix AEAD tcrypt tests
- powerpc: scan_features() updates incorrect bits for REAL_LE
- powerpc: Update cpu_user_features2 in scan_features()
- powerpc: Update TM user feature bits in scan_features()
- nl80211: check netlink protocol in socket release notification
- netlink: don't send NETLINK_URELEASE for unbound sockets
- Input: pmic8xxx-pwrkey - fix algorithm for converting trigger delay
- xen kconfig: don't "select INPUT_XEN_KBDDEV_FRONTEND"
- pinctrl: mediatek: correct debounce time unit in mtk_gpio_set_debounce
- pinctrl: single: Fix pcs_parse_bits_in_pinctrl_entry to use __ffs than ffs
- iommu/amd: Fix checking of pci dma aliases
- iommu/dma: Restore scatterlist offsets correctly
- drm/amdgpu: when suspending, if uvd/vce was running. need to cancel delay
work.
- drm/amdgpu: use defines for CRTCs and AMFT blocks
- drm/amdgpu: bump the afmt limit for CZ, ST, Polaris
- amdgpu/uvd: add uvd fw version for amdgpu
- drm/amdgpu: fix regression on CIK (v2)
- drm/radeon: add a quirk for a XFX R9 270X
- drm/radeon: fix initial connector audio value
- drm/radeon: forbid mapping of userptr bo through radeon device file
- drm/radeon: fix vertical bars appear on monitor (v2)
- drm: Loongson-3 doesn't fully support wc memory
- drm/nouveau/gr/gf100: select a stream master to fixup tfb offset queries
- drm/dp/mst: Validate port in drm_dp_payload_send_msg()
- drm/dp/mst: Restore primary hub guid on resume
- drm/dp/mst: Get validated port ref in drm_dp_update_payload_part1()
- pwm: brcmstb: Fix check of devm_ioremap_resource() return code
- drm/i915: Cleanup phys status page too
- drm/i915: skl_update_scaler() wants a rotation bitmask instead of bit
number
- drm/amdkfd: uninitialized variable in dbgdev_wave_control_set_registers()
- drm/i915: Fixup the free space logic in ring_prepare
- drm/i915: Use fw_domains_put_with_fifo() on HSW
- perf intel-pt: Fix segfault tracing transactions
- i2c: cpm: Fix build break due to incompatible pointer types
- i2c: exynos5: Fix possible ABBA deadlock by keeping I2C clock prepared
- toshiba_acpi: Fix regression caused by hotkey enabling value
- EDAC: i7core, sb_edac: Don't return NOTIFY_BAD from mce_decoder callback
- ASoC: s3c24xx: use const snd_soc_component_driver pointer
- ASoC: ssm4567: Reset device before regcache_sync()
- ASoC: dapm: Make sure we have a card when displaying component widgets
- ASoC: rt5640: Correct the digital interface data select
- vb2-memops: Fix over allocation of frame vectors
- v4l2-dv-timings.h: fix polarity for 4k formats
- cxl: Keep IRQ mappings on context teardown
- IB/mlx5: Expose correct max_sge_rd limit
- IB/security: Restrict use of the write() interface
- efi: Fix out-of-bounds read in variable_matches()
- efi: Expose non-blocking set_variable() wrapper to efivars
- x86/apic: Handle zero vector gracefully in clear_vector_irq()
- workqueue: fix ghost PENDING flag while doing MQ IO
- slub: clean up code for kmem cgroup support to kmem_cache_free_bulk
- cgroup, cpuset: replace cpuset_post_attach_flush() with
cgroup_subsys->post_attach callback
- memcg: relocate charge moving from ->attach to ->post_attach
- mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check
- numa: fix /proc/<pid>/numa_maps for THP
- mm: vmscan: reclaim highmem zone if buffer_heads is over limit
- mm/hwpoison: fix wrong num_poisoned_pages accounting
- cgroup: make sure a parent css isn't freed before its children
- videobuf2-core: Check user space planes array in dqbuf
- videobuf2-v4l2: Verify planes array in buffer dequeueing
- Revert "regulator: core: Fix nested locking of supplies"
- regulator: core: fix regulator_lock_supply regression
- regulator: core: Ensure we lock all regulators
- regulator: core: Fix nested locking of supplies
- locking/mcs: Fix mcs_spin_lock() ordering
- spi/rockchip: Make sure spi clk is on in rockchip_spi_set_cs
- irqchip/sunxi-nmi: Fix error check of of_io_request_and_map()
- irqchip/mxs: Fix error check of of_io_request_and_map()
- regulator: s5m8767: fix get_register() error handling
- paride: make 'verbose' parameter an 'int' again
- scsi_dh: force modular build if SCSI is a module
- fbdev: da8xx-fb: fix videomodes of lcd panels
- misc/bmp085: Enable building as a module
- misc: mic/scif: fix wrap around tests
- PM / OPP: Initialize u_volt_min/max to a valid value
- PM / Domains: Fix removal of a subdomain
- rtc: hym8563: fix invalid year calculation
- rtc: vr41xx: Wire up alarm_irq_enable
- rtc: ds1685: passing bogus values to irq_restore
- rtc: rx8025: remove rv8803 id
- rtc: max77686: Properly handle regmap_irq_get_virq() error code
- drivers/misc/ad525x_dpot: AD5274 fix RDAC read back errors
- perf evlist: Reference count the cpu and thread maps at set_maps()
- x86/mm/kmmio: Fix mmiotrace for hugepages
- ext4: fix NULL pointer dereference in ext4_mark_inode_dirty()
- serial: sh-sci: Remove cpufreq notifier to fix crash/deadlock
- mtd: spi-nor: remove micron_quad_enable()
- mtd: brcmnand: Fix v7.1 register offsets
- mtd: nand: Drop mtd.owner requirement in nand_scan
- perf hists browser: Only offer symbol scripting when a symbol is under the
cursor
- perf tools: handle spaces in file names obtained from /proc/pid/maps
- perf stat: Document --detailed option
- ext4: fix races between page faults and hole punching
- ext4: move unlocked dio protection from ext4_alloc_file_blocks()
- ext4: fix races between buffered IO and collapse / insert range
- ext4: fix races of writeback with punch hole and zero range
- ARM: OMAP3: Add cpuidle parameters table for omap3430
- ARM: prima2: always enable reset controller
- ARM: EXYNOS: select THERMAL_OF
- ARM: dts: armada-375: use armada-370-sata for SATA
- ARM: dts: pxa: fix dma engine node to pxa3xx-nand
- bus: imx-weim: Take the 'status' property value into account
- jme: Do not enable NIC WoL functions on S0
- jme: Fix device PM wakeup API usage
- unbreak allmodconfig KCONFIG_ALLCONFIG=...
- thermal: rockchip: fix a impossible condition caused by the warning
- sunrpc/cache: drop reference when sunrpc_cache_pipe_upcall() detects a
race
- megaraid_sas: add missing curly braces in ioctl handler
- stm class: Select CONFIG_SRCU
- extcon: max77843: Use correct size for reading the interrupt register
- Linux 4.4.9
* Stoney powerplay support (LP: #1578305)
- amdgpu/powerplay: Add Stoney to list of early init cases
* CVE-2016-2117 (LP: #1561403)
- atl2: Disable unimplemented scatter/gather feature
* CVE-2016-2187 (LP: #1575706)
- Input: gtco - fix crash on detecting device without endpoints
* zfs posix default permissions lost on reboot or unmount (LP: #1574801)
- Fix ZPL miswrite of default POSIX ACL
* WARNING: at /build/linux-aWXT0l/linux-4.4.0/drivers/pci/pci.c:1595
[travis3EN] (LP: #1574697)
- net/mlx4_core: Implement pci_resume callback
- net/mlx4_core: Avoid repeated calls to pci enable/disable
* Add support to thinkpad keyboard backlight (LP: #1574498)
- thinkpad_acpi: Add support for keyboard backlight
* Please enable kconfig X86_LEGACY_VM86 for i386 (LP: #1499089)
- [Config] CONFIG_VM86=y, CONFIG_X86_LEGACY_VM86=y
* Miscellaneous Ubuntu changes
- updateconfigs for Linux v4.4.9
-- Kamal Mostafa <ka...@canonical.com> Mon, 16 May 2016 15:16:29 -0700
** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2117
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2187
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4485
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4486
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-4558
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1558120
Title:
Kernel can be oopsed using remap_file_pages
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Wily:
Fix Committed
Status in linux source package in Xenial:
Fix Committed
Bug description:
[SRU][WILY][XENIAL]
[JUSTIFICATION]
Running stress-ng --remap 4 will trip an oops on the remap.
The bug is introduced by the mm/mmap.c changes in patch
d15bd6cdbb1c2080fb1fca0035e5af1994f4d14f ("UBUNTU: SAUCE: AUFS").
AUFS introduced a subtle bug into remap_file_pages; calls to
do_mmap_pgoff can lead to a change of the vma->vm_file and so the
vma_fput(vma) on the file is incorrect; we should instead fput on the
original file.
[FIX]
fput the original file rather than the vma->vm_file. Without the fix,
stress-ng --remap 4 will produce an oops in a few seconds, with the fix it is
rock solid.
[REGRESSION POTENTIAL]
This only changes the deprecated system call remap_file_pages which is not
used much and it is also deprecated, so it should be avoided by user space
applications anyhow.
--------------------------------------------------------------------
While faffing around with the deprecated system call remap_file_pages
I was able to trigger an OOPs that can be reproduced every time.
uname -a
Linux lenovo 4.4.0-13-generic #29-Ubuntu SMP Fri Mar 11 19:31:18 UTC 2016
x86_64 x86_64 x86_64 GNU/Linux
[ 27.298469] mmap: stress-ng-remap (4061) uses deprecated
remap_file_pages() syscall. See Documentation/vm/remap_file_pages.txt.
[ 28.956497] BUG: unable to handle kernel NULL pointer dereference at
0000000000000228
[ 28.956555] IP: [<ffffffff811a94f8>] shmem_fault+0x38/0x1e0
[ 28.956594] PGD aded1067 PUD add32067 PMD 0
[ 28.956625] Oops: 0000 [#1] SMP
[ 28.956649] Modules linked in: nls_iso8859_1 drbg ansi_cprng xt_CHECKSUM
iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4
nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT
nf_reject_ipv4 xt_tcpudp bridge stp llc ebtable_filter ebtables ip6table_filter
ip6_tables iptable_filter ip_tables x_tables binfmt_misc zfs(PO) zunicode(PO)
zcommon(PO) znvpair(PO) spl(O) zavl(PO) uvcvideo intel_rapl
x86_pkg_temp_thermal intel_powerclamp videobuf2_vmalloc coretemp
videobuf2_memops crct10dif_pclmul videobuf2_v4l2 crc32_pclmul videobuf2_core
v4l2_common snd_hda_codec_hdmi videodev aesni_intel snd_hda_codec_realtek
snd_hda_codec_generic media aes_x86_64 lrw snd_seq_midi gf128mul glue_helper
ablk_helper snd_seq_midi_event cryptd snd_hda_intel snd_hda_codec snd_hda_core
[ 28.957162] snd_hwdep snd_rawmidi joydev input_leds arc4 serio_raw
rtl8192ce rtl_pci rtl8192c_common snd_pcm rtlwifi snd_seq mac80211
thinkpad_acpi nvram cfg80211 snd_seq_device mei_me mei lpc_ich snd_timer shpchp
snd soundcore mac_hid kvm_intel kvm irqbypass parport_pc ppdev lp parport
autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor
async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear mmc_block i915
psmouse i2c_algo_bit drm_kms_helper e1000e ahci syscopyarea libahci sdhci_pci
sysfillrect sysimgblt sdhci ptp fb_sys_fops pps_core drm wmi fjes video
[ 28.957570] CPU: 2 PID: 4061 Comm: stress-ng-remap Tainted: P O
4.4.0-13-generic #29-Ubuntu
[ 28.957623] Hardware name: LENOVO 2320CTO/2320CTO, BIOS G2ET31WW (1.11 )
05/24/2012
[ 28.957666] task: ffff8800add2ee00 ti: ffff8800adf7c000 task.ti:
ffff8800adf7c000
[ 28.957707] RIP: 0010:[<ffffffff811a94f8>] [<ffffffff811a94f8>]
shmem_fault+0x38/0x1e0
[ 28.957754] RSP: 0000:ffff8800adf7fd38 EFLAGS: 00010246
[ 28.957780] RAX: ffff880194f06900 RBX: 0000000000000000 RCX:
0000000000000054
[ 28.957820] RDX: 0000000000000000 RSI: ffff8800adf7fda8 RDI:
ffff8800a990f0c8
[ 28.957860] RBP: ffff8800adf7fd98 R08: 0000000000000000 R09:
ffff8800adf7fe68
[ 28.957899] R10: 0000000000000000 R11: 00003ffffffff000 R12:
ffff8800a990f0c8
[ 28.957939] R13: ffff8800adf7fe68 R14: ffff8800adf0de90 R15:
00007f83ba57b000
[ 28.957979] FS: 00007f83bc46c740(0000) GS:ffff88019e280000(0000)
knlGS:0000000000000000
[ 28.958024] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 28.958056] CR2: 0000000000000228 CR3: 00000000ade92000 CR4:
00000000001406e0
[ 28.958096] Stack:
[ 28.958109] ffff8800aafb3840 00000200adf7fd68 ffff8800adfaf108
ffff8800adfaf190
[ 28.958158] ffffffff81a25e80 ffff8800adfaf190 0000000000000000
00000000b7865150
[ 28.958206] 0000000000000000 ffff8800a990f0c8 ffff8800adf7fe68
ffff8800adf0de90
[ 28.958254] Call Trace:
[ 28.958273] [<ffffffff811ba900>] __do_fault+0x50/0xe0
[ 28.958305] [<ffffffff811be33b>] handle_mm_fault+0xf8b/0x1820
[ 28.958339] [<ffffffff81221e52>] ? __dentry_kill+0x162/0x1e0
[ 28.958374] [<ffffffff8122b6a4>] ? mntput+0x24/0x40
[ 28.958405] [<ffffffff8106a537>] __do_page_fault+0x197/0x400
[ 28.958439] [<ffffffff8106a7c2>] do_page_fault+0x22/0x30
[ 28.958472] [<ffffffff8181eef8>] page_fault+0x28/0x30
[ 28.958501] Code: 41 54 53 49 89 fc 48 83 ec 40 c7 45 ac 00 02 00 00 65 48
8b 04 25 28 00 00 00 48 89 45 d8 31 c0 48 8b 87 a0 00 00 00 48 8b 58 20 <48> 83
bb 28 02 00 00 00 0f 85 98 00 00 00 48 8b 43 30 48 8d 56
[ 28.958726] RIP [<ffffffff811a94f8>] shmem_fault+0x38/0x1e0
How to reproduce:
git clone git://kernel.ubuntu.com/cking/stress-ng
cd stress-ng
make clean; make
./stress-ng --remap 8 -t 20
---
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/pcmC0D0p: king 2522 F...m pulseaudio
/dev/snd/controlC0: king 2522 F.... pulseaudio
CurrentDesktop: Unity
DistroRelease: Ubuntu 16.04
EcryptfsInUse: Yes
HibernationDevice: RESUME=UUID=bdef26b7-e88c-4196-97a3-b6d47447ce86
InstallationDate: Installed on 2015-11-04 (135 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
MachineType: LENOVO 2320CTO
Package: linux (not installed)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic
root=UUID=324e5943-0fda-445d-a814-d3a80ff92ab8 ro quiet splash nomdmonddf
nomdmonisw vt.handoff=7
ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5
RelatedPackageVersions:
linux-restricted-modules-4.4.0-13-generic N/A
linux-backports-modules-4.4.0-13-generic N/A
linux-firmware 1.156
RfKill:
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no
Tags: xenial
Uname: Linux 4.4.0-13-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip libvirtd lpadmin lxd plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 05/24/2012
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ET31WW (1.11 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2320CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias:
dmi:bvnLENOVO:bvrG2ET31WW(1.11):bd05/24/2012:svnLENOVO:pn2320CTO:pvrThinkPadX230:rvnLENOVO:rn2320CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2320CTO
dmi.product.version: ThinkPad X230
dmi.sys.vendor: LENOVO
---
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/pcmC0D0p: king 2522 F...m pulseaudio
/dev/snd/controlC0: king 2522 F.... pulseaudio
CurrentDesktop: Unity
DistroRelease: Ubuntu 16.04
EcryptfsInUse: Yes
HibernationDevice: RESUME=UUID=bdef26b7-e88c-4196-97a3-b6d47447ce86
InstallationDate: Installed on 2015-11-04 (135 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
MachineType: LENOVO 2320CTO
Package: linux (not installed)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic
root=UUID=324e5943-0fda-445d-a814-d3a80ff92ab8 ro quiet splash nomdmonddf
nomdmonisw vt.handoff=7
ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5
RelatedPackageVersions:
linux-restricted-modules-4.4.0-13-generic N/A
linux-backports-modules-4.4.0-13-generic N/A
linux-firmware 1.156
RfKill:
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no
Tags: xenial
Uname: Linux 4.4.0-13-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip libvirtd lpadmin lxd plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 05/24/2012
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ET31WW (1.11 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2320CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias:
dmi:bvnLENOVO:bvrG2ET31WW(1.11):bd05/24/2012:svnLENOVO:pn2320CTO:pvrThinkPadX230:rvnLENOVO:rn2320CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2320CTO
dmi.product.version: ThinkPad X230
dmi.sys.vendor: LENOVO
---
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/pcmC0D0p: king 2522 F...m pulseaudio
/dev/snd/controlC0: king 2522 F.... pulseaudio
CurrentDesktop: Unity
DistroRelease: Ubuntu 16.04
EcryptfsInUse: Yes
HibernationDevice: RESUME=UUID=bdef26b7-e88c-4196-97a3-b6d47447ce86
InstallationDate: Installed on 2015-11-04 (135 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
MachineType: LENOVO 2320CTO
Package: linux (not installed)
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-13-generic
root=UUID=324e5943-0fda-445d-a814-d3a80ff92ab8 ro quiet splash nomdmonddf
nomdmonisw vt.handoff=7
ProcVersionSignature: Ubuntu 4.4.0-13.29-generic 4.4.5
RelatedPackageVersions:
linux-restricted-modules-4.4.0-13-generic N/A
linux-backports-modules-4.4.0-13-generic N/A
linux-firmware 1.156
RfKill:
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: no
Tags: xenial
Uname: Linux 4.4.0-13-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip libvirtd lpadmin lxd plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 05/24/2012
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ET31WW (1.11 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2320CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias:
dmi:bvnLENOVO:bvrG2ET31WW(1.11):bd05/24/2012:svnLENOVO:pn2320CTO:pvrThinkPadX230:rvnLENOVO:rn2320CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2320CTO
dmi.product.version: ThinkPad X230
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1558120/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
