Ubuntu
linux package

Bug #1572562
Activity log

Activity log for bug #1572562

Date	Who	What changed	Old value	New value	Message
2016-04-20 13:09:01	Gavin Guo	bug			added bug
2016-04-20 13:12:33	Gavin Guo	description	The following error message could be observed during the kernel building stress test of the command: "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Bad access happens when we read page->mapping->flags, and page->mapping is a pointer to anon_vma which is already freed in the do_exit path. ================================================================== BUG: KASan: out of bounds access in isolate_migratepages_range+0x663/0xb30 at addr ffff880279cc76d1 Read of size 8 by task cc1/27473 ============================================================================= BUG anon_vma (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in anon_vma_prepare+0x189/0x250 age=7323 cpu=16 pid=31029 __slab_alloc+0x4f8/0x560 kmem_cache_alloc+0x18b/0x1e0 anon_vma_prepare+0x189/0x250 do_wp_page+0x837/0xb10 handle_mm_fault+0x884/0x1160 __do_page_fault+0x218/0x750 do_page_fault+0x1a/0x70 page_fault+0x28/0x30 INFO: Freed in __put_anon_vma+0x69/0xe0 age=8588 cpu=4 pid=29418 __slab_free+0x2ab/0x3f0 kmem_cache_free+0x1c1/0x200 __put_anon_vma+0x69/0xe0 unlink_anon_vmas+0x2a8/0x320 free_pgtables+0x50/0x1c0 exit_mmap+0xca/0x1e0 mmput+0x82/0x1b0 do_exit+0x391/0x1060 do_group_exit+0x86/0x130 SyS_exit_group+0x1d/0x20 system_call_fastpath+0x1a/0x1f INFO: Slab 0xffffea0009e73100 objects=43 used=30 fp=0xffff880279cc67a8 flags=0x2ffff0000004080 INFO: Object 0xffff880279cc7658 @offset=13912 fp=0xffff880279cc7c38 Bytes b4 ffff880279cc7648: 10 00 00 00 5b 17 00 00 ef 25 6b 03 01 00 00 00 ....[....%k..... Object ffff880279cc7658: 58 76 cc 79 02 88 ff ff 00 00 00 00 00 00 00 00 Xv.y............ Object ffff880279cc7668: 00 00 00 00 5a 5a 5a 5a 70 76 cc 79 02 88 ff ff ....ZZZZpv.y.... Object ffff880279cc7678: 70 76 cc 79 02 88 ff ff 01 00 00 00 03 00 00 00 pv.y............ Object ffff880279cc7688: 58 76 cc 79 02 88 ff ff b8 2a 20 31 02 88 ff ff Xv.y.....* 1.... CPU: 8 PID: 27473 Comm: cc1 Tainted: G B 3.13.0-76-generic #120hf00073670v20160120b0h5d3e6ab Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.3.0.080120140402 08/01/2014 ffffea0009e73100 ffff880736bbf750 ffffffff81a6e195 ffff8804e881b840 ffff880736bbf780 ffffffff81244c1d ffff8804e881b840 ffffea0009e73100 ffff880279cc7658 ffffea001aa99c98 ffff880736bbf7a8 ffffffff8124ad66 Call Trace: [<ffffffff81a6e195>] dump_stack+0x45/0x56 [<ffffffff81244c1d>] print_trailer+0xfd/0x170 [<ffffffff8124ad66>] object_err+0x36/0x40 [<ffffffff8124cd29>] kasan_report_error+0x1e9/0x3a0 [<ffffffff8125d9f8>] ? memcg_check_events+0x28/0x380 [<ffffffff81221c2d>] ? rmap_walk+0x32d/0x340 [<ffffffff8124d390>] kasan_report+0x40/0x50 [<ffffffff81205ee3>] ? isolate_migratepages_range+0x663/0xb30 [<ffffffff8124c019>] __asan_load8+0x69/0xa0 [<ffffffff81205ee3>] isolate_migratepages_range+0x663/0xb30 [<ffffffff811dc5e7>] ? zone_watermark_ok+0x57/0x70 [<ffffffff812067c6>] compact_zone+0x416/0x700 [<ffffffff81206b45>] compact_zone_order+0x95/0x100 [<ffffffff81207002>] try_to_compact_pages+0x102/0x1a0 [<ffffffff811e21e6>] __alloc_pages_direct_compact+0x96/0x290 [<ffffffff811e2d5e>] __alloc_pages_nodemask+0x97e/0xc40 [<ffffffff8123ce24>] alloc_pages_vma+0xb4/0x200 [<ffffffff812572ca>] do_huge_pmd_anonymous_page+0x13a/0x490 [<ffffffff8120f072>] ? do_numa_page+0x192/0x200 [<ffffffff81210c07>] handle_mm_fault+0x267/0x1160 [<ffffffff81a7d028>] __do_page_fault+0x218/0x750 [<ffffffff8121aead>] ? do_mmap_pgoff+0x47d/0x500 [<ffffffff811fd699>] ? vm_mmap_pgoff+0xa9/0xd0 [<ffffffff81a7d57a>] do_page_fault+0x1a/0x70 [<ffffffff81a785a8>] page_fault+0x28/0x30 Memory state around the buggy address: ffff880279cc7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7600: fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 >ffff880279cc7680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff880279cc7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7780: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 ================================================================== gavin@rotom:~/ddebs/ddebs-3.13.0-76.120hf00073670v20160120b0h5d3e6ab$ addr2line 0xffffffff81205ee3 -e usr/lib/debug/boot/vmlinux-3.13.0-76-generic -fi constant_test_bit /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 mapping_balloon /home/gavin/ubuntu-trusty-amd64/include/linux/pagemap.h:69 __is_movable_balloon_page /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:131 balloon_page_movable /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:156 isolate_migratepages_range /home/gavin/ubuntu-trusty-amd64/mm/compaction.c:554 >8------------------8< /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 310 static __always_inline int constant_test_bit(long nr, const volatile unsigned long *addr) 311 { 312 return ((1UL << (nr & (BITS_PER_LONG-1))) & 313 (addr[nr >> _BITOPS_LONG_SHIFT])) != 0; 314 }	In the v3.13.0-76 kernel with KASan backported. The following error message could be observed during the kernel building stress test of the command: "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Bad access happens when we read page->mapping->flags, and page->mapping is a pointer to anon_vma which is already freed in the do_exit path. ================================================================== BUG: KASan: out of bounds access in isolate_migratepages_range+0x663/0xb30 at addr ffff880279cc76d1 Read of size 8 by task cc1/27473 ============================================================================= BUG anon_vma (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in anon_vma_prepare+0x189/0x250 age=7323 cpu=16 pid=31029 __slab_alloc+0x4f8/0x560 kmem_cache_alloc+0x18b/0x1e0 anon_vma_prepare+0x189/0x250 do_wp_page+0x837/0xb10 handle_mm_fault+0x884/0x1160 __do_page_fault+0x218/0x750 do_page_fault+0x1a/0x70 page_fault+0x28/0x30 INFO: Freed in __put_anon_vma+0x69/0xe0 age=8588 cpu=4 pid=29418 __slab_free+0x2ab/0x3f0 kmem_cache_free+0x1c1/0x200 __put_anon_vma+0x69/0xe0 unlink_anon_vmas+0x2a8/0x320 free_pgtables+0x50/0x1c0 exit_mmap+0xca/0x1e0 mmput+0x82/0x1b0 do_exit+0x391/0x1060 do_group_exit+0x86/0x130 SyS_exit_group+0x1d/0x20 system_call_fastpath+0x1a/0x1f INFO: Slab 0xffffea0009e73100 objects=43 used=30 fp=0xffff880279cc67a8 flags=0x2ffff0000004080 INFO: Object 0xffff880279cc7658 @offset=13912 fp=0xffff880279cc7c38 Bytes b4 ffff880279cc7648: 10 00 00 00 5b 17 00 00 ef 25 6b 03 01 00 00 00 ....[....%k..... Object ffff880279cc7658: 58 76 cc 79 02 88 ff ff 00 00 00 00 00 00 00 00 Xv.y............ Object ffff880279cc7668: 00 00 00 00 5a 5a 5a 5a 70 76 cc 79 02 88 ff ff ....ZZZZpv.y.... Object ffff880279cc7678: 70 76 cc 79 02 88 ff ff 01 00 00 00 03 00 00 00 pv.y............ Object ffff880279cc7688: 58 76 cc 79 02 88 ff ff b8 2a 20 31 02 88 ff ff Xv.y.....* 1.... CPU: 8 PID: 27473 Comm: cc1 Tainted: G B 3.13.0-76-generic #120hf00073670v20160120b0h5d3e6ab Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.3.0.080120140402 08/01/2014 ffffea0009e73100 ffff880736bbf750 ffffffff81a6e195 ffff8804e881b840 ffff880736bbf780 ffffffff81244c1d ffff8804e881b840 ffffea0009e73100 ffff880279cc7658 ffffea001aa99c98 ffff880736bbf7a8 ffffffff8124ad66 Call Trace: [<ffffffff81a6e195>] dump_stack+0x45/0x56 [<ffffffff81244c1d>] print_trailer+0xfd/0x170 [<ffffffff8124ad66>] object_err+0x36/0x40 [<ffffffff8124cd29>] kasan_report_error+0x1e9/0x3a0 [<ffffffff8125d9f8>] ? memcg_check_events+0x28/0x380 [<ffffffff81221c2d>] ? rmap_walk+0x32d/0x340 [<ffffffff8124d390>] kasan_report+0x40/0x50 [<ffffffff81205ee3>] ? isolate_migratepages_range+0x663/0xb30 [<ffffffff8124c019>] __asan_load8+0x69/0xa0 [<ffffffff81205ee3>] isolate_migratepages_range+0x663/0xb30 [<ffffffff811dc5e7>] ? zone_watermark_ok+0x57/0x70 [<ffffffff812067c6>] compact_zone+0x416/0x700 [<ffffffff81206b45>] compact_zone_order+0x95/0x100 [<ffffffff81207002>] try_to_compact_pages+0x102/0x1a0 [<ffffffff811e21e6>] __alloc_pages_direct_compact+0x96/0x290 [<ffffffff811e2d5e>] __alloc_pages_nodemask+0x97e/0xc40 [<ffffffff8123ce24>] alloc_pages_vma+0xb4/0x200 [<ffffffff812572ca>] do_huge_pmd_anonymous_page+0x13a/0x490 [<ffffffff8120f072>] ? do_numa_page+0x192/0x200 [<ffffffff81210c07>] handle_mm_fault+0x267/0x1160 [<ffffffff81a7d028>] __do_page_fault+0x218/0x750 [<ffffffff8121aead>] ? do_mmap_pgoff+0x47d/0x500 [<ffffffff811fd699>] ? vm_mmap_pgoff+0xa9/0xd0 [<ffffffff81a7d57a>] do_page_fault+0x1a/0x70 [<ffffffff81a785a8>] page_fault+0x28/0x30 Memory state around the buggy address: ffff880279cc7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7600: fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 >ffff880279cc7680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff880279cc7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7780: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 ================================================================== gavin@rotom:~/ddebs/ddebs-3.13.0-76.120hf00073670v20160120b0h5d3e6ab$ addr2line 0xffffffff81205ee3 -e usr/lib/debug/boot/vmlinux-3.13.0-76-generic -fi constant_test_bit /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 mapping_balloon /home/gavin/ubuntu-trusty-amd64/include/linux/pagemap.h:69 __is_movable_balloon_page /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:131 balloon_page_movable /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:156 isolate_migratepages_range /home/gavin/ubuntu-trusty-amd64/mm/compaction.c:554 >8------------------8< /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 310 static __always_inline int constant_test_bit(long nr, const volatile unsigned long *addr) 311 { 312 return ((1UL << (nr & (BITS_PER_LONG-1))) & 313 (addr[nr >> _BITOPS_LONG_SHIFT])) != 0; 314 }
2016-04-20 13:30:07	Brad Figg	linux (Ubuntu): status	New	Incomplete
2016-04-20 13:48:30	Gavin Guo	description	In the v3.13.0-76 kernel with KASan backported. The following error message could be observed during the kernel building stress test of the command: "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Bad access happens when we read page->mapping->flags, and page->mapping is a pointer to anon_vma which is already freed in the do_exit path. ================================================================== BUG: KASan: out of bounds access in isolate_migratepages_range+0x663/0xb30 at addr ffff880279cc76d1 Read of size 8 by task cc1/27473 ============================================================================= BUG anon_vma (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in anon_vma_prepare+0x189/0x250 age=7323 cpu=16 pid=31029 __slab_alloc+0x4f8/0x560 kmem_cache_alloc+0x18b/0x1e0 anon_vma_prepare+0x189/0x250 do_wp_page+0x837/0xb10 handle_mm_fault+0x884/0x1160 __do_page_fault+0x218/0x750 do_page_fault+0x1a/0x70 page_fault+0x28/0x30 INFO: Freed in __put_anon_vma+0x69/0xe0 age=8588 cpu=4 pid=29418 __slab_free+0x2ab/0x3f0 kmem_cache_free+0x1c1/0x200 __put_anon_vma+0x69/0xe0 unlink_anon_vmas+0x2a8/0x320 free_pgtables+0x50/0x1c0 exit_mmap+0xca/0x1e0 mmput+0x82/0x1b0 do_exit+0x391/0x1060 do_group_exit+0x86/0x130 SyS_exit_group+0x1d/0x20 system_call_fastpath+0x1a/0x1f INFO: Slab 0xffffea0009e73100 objects=43 used=30 fp=0xffff880279cc67a8 flags=0x2ffff0000004080 INFO: Object 0xffff880279cc7658 @offset=13912 fp=0xffff880279cc7c38 Bytes b4 ffff880279cc7648: 10 00 00 00 5b 17 00 00 ef 25 6b 03 01 00 00 00 ....[....%k..... Object ffff880279cc7658: 58 76 cc 79 02 88 ff ff 00 00 00 00 00 00 00 00 Xv.y............ Object ffff880279cc7668: 00 00 00 00 5a 5a 5a 5a 70 76 cc 79 02 88 ff ff ....ZZZZpv.y.... Object ffff880279cc7678: 70 76 cc 79 02 88 ff ff 01 00 00 00 03 00 00 00 pv.y............ Object ffff880279cc7688: 58 76 cc 79 02 88 ff ff b8 2a 20 31 02 88 ff ff Xv.y.....* 1.... CPU: 8 PID: 27473 Comm: cc1 Tainted: G B 3.13.0-76-generic #120hf00073670v20160120b0h5d3e6ab Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.3.0.080120140402 08/01/2014 ffffea0009e73100 ffff880736bbf750 ffffffff81a6e195 ffff8804e881b840 ffff880736bbf780 ffffffff81244c1d ffff8804e881b840 ffffea0009e73100 ffff880279cc7658 ffffea001aa99c98 ffff880736bbf7a8 ffffffff8124ad66 Call Trace: [<ffffffff81a6e195>] dump_stack+0x45/0x56 [<ffffffff81244c1d>] print_trailer+0xfd/0x170 [<ffffffff8124ad66>] object_err+0x36/0x40 [<ffffffff8124cd29>] kasan_report_error+0x1e9/0x3a0 [<ffffffff8125d9f8>] ? memcg_check_events+0x28/0x380 [<ffffffff81221c2d>] ? rmap_walk+0x32d/0x340 [<ffffffff8124d390>] kasan_report+0x40/0x50 [<ffffffff81205ee3>] ? isolate_migratepages_range+0x663/0xb30 [<ffffffff8124c019>] __asan_load8+0x69/0xa0 [<ffffffff81205ee3>] isolate_migratepages_range+0x663/0xb30 [<ffffffff811dc5e7>] ? zone_watermark_ok+0x57/0x70 [<ffffffff812067c6>] compact_zone+0x416/0x700 [<ffffffff81206b45>] compact_zone_order+0x95/0x100 [<ffffffff81207002>] try_to_compact_pages+0x102/0x1a0 [<ffffffff811e21e6>] __alloc_pages_direct_compact+0x96/0x290 [<ffffffff811e2d5e>] __alloc_pages_nodemask+0x97e/0xc40 [<ffffffff8123ce24>] alloc_pages_vma+0xb4/0x200 [<ffffffff812572ca>] do_huge_pmd_anonymous_page+0x13a/0x490 [<ffffffff8120f072>] ? do_numa_page+0x192/0x200 [<ffffffff81210c07>] handle_mm_fault+0x267/0x1160 [<ffffffff81a7d028>] __do_page_fault+0x218/0x750 [<ffffffff8121aead>] ? do_mmap_pgoff+0x47d/0x500 [<ffffffff811fd699>] ? vm_mmap_pgoff+0xa9/0xd0 [<ffffffff81a7d57a>] do_page_fault+0x1a/0x70 [<ffffffff81a785a8>] page_fault+0x28/0x30 Memory state around the buggy address: ffff880279cc7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7600: fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 >ffff880279cc7680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff880279cc7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7780: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 ================================================================== gavin@rotom:~/ddebs/ddebs-3.13.0-76.120hf00073670v20160120b0h5d3e6ab$ addr2line 0xffffffff81205ee3 -e usr/lib/debug/boot/vmlinux-3.13.0-76-generic -fi constant_test_bit /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 mapping_balloon /home/gavin/ubuntu-trusty-amd64/include/linux/pagemap.h:69 __is_movable_balloon_page /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:131 balloon_page_movable /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:156 isolate_migratepages_range /home/gavin/ubuntu-trusty-amd64/mm/compaction.c:554 >8------------------8< /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 310 static __always_inline int constant_test_bit(long nr, const volatile unsigned long *addr) 311 { 312 return ((1UL << (nr & (BITS_PER_LONG-1))) & 313 (addr[nr >> _BITOPS_LONG_SHIFT])) != 0; 314 }	In the v3.13.0-76 kernel with KASan backported. The following error message could be observed during the kernel building stress test of the command[1]: "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Bad access happens when we read page->mapping->flags, and page->mapping is a pointer to anon_vma which is already freed in the do_exit path. ================================================================== BUG: KASan: out of bounds access in isolate_migratepages_range+0x663/0xb30 at addr ffff880279cc76d1 Read of size 8 by task cc1/27473 ============================================================================= BUG anon_vma (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in anon_vma_prepare+0x189/0x250 age=7323 cpu=16 pid=31029 __slab_alloc+0x4f8/0x560 kmem_cache_alloc+0x18b/0x1e0 anon_vma_prepare+0x189/0x250 do_wp_page+0x837/0xb10 handle_mm_fault+0x884/0x1160 __do_page_fault+0x218/0x750 do_page_fault+0x1a/0x70 page_fault+0x28/0x30 INFO: Freed in __put_anon_vma+0x69/0xe0 age=8588 cpu=4 pid=29418 __slab_free+0x2ab/0x3f0 kmem_cache_free+0x1c1/0x200 __put_anon_vma+0x69/0xe0 unlink_anon_vmas+0x2a8/0x320 free_pgtables+0x50/0x1c0 exit_mmap+0xca/0x1e0 mmput+0x82/0x1b0 do_exit+0x391/0x1060 do_group_exit+0x86/0x130 SyS_exit_group+0x1d/0x20 system_call_fastpath+0x1a/0x1f INFO: Slab 0xffffea0009e73100 objects=43 used=30 fp=0xffff880279cc67a8 flags=0x2ffff0000004080 INFO: Object 0xffff880279cc7658 @offset=13912 fp=0xffff880279cc7c38 Bytes b4 ffff880279cc7648: 10 00 00 00 5b 17 00 00 ef 25 6b 03 01 00 00 00 ....[....%k..... Object ffff880279cc7658: 58 76 cc 79 02 88 ff ff 00 00 00 00 00 00 00 00 Xv.y............ Object ffff880279cc7668: 00 00 00 00 5a 5a 5a 5a 70 76 cc 79 02 88 ff ff ....ZZZZpv.y.... Object ffff880279cc7678: 70 76 cc 79 02 88 ff ff 01 00 00 00 03 00 00 00 pv.y............ Object ffff880279cc7688: 58 76 cc 79 02 88 ff ff b8 2a 20 31 02 88 ff ff Xv.y.....* 1.... CPU: 8 PID: 27473 Comm: cc1 Tainted: G B 3.13.0-76-generic #120hf00073670v20160120b0h5d3e6ab Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.3.0.080120140402 08/01/2014 ffffea0009e73100 ffff880736bbf750 ffffffff81a6e195 ffff8804e881b840 ffff880736bbf780 ffffffff81244c1d ffff8804e881b840 ffffea0009e73100 ffff880279cc7658 ffffea001aa99c98 ffff880736bbf7a8 ffffffff8124ad66 Call Trace: [<ffffffff81a6e195>] dump_stack+0x45/0x56 [<ffffffff81244c1d>] print_trailer+0xfd/0x170 [<ffffffff8124ad66>] object_err+0x36/0x40 [<ffffffff8124cd29>] kasan_report_error+0x1e9/0x3a0 [<ffffffff8125d9f8>] ? memcg_check_events+0x28/0x380 [<ffffffff81221c2d>] ? rmap_walk+0x32d/0x340 [<ffffffff8124d390>] kasan_report+0x40/0x50 [<ffffffff81205ee3>] ? isolate_migratepages_range+0x663/0xb30 [<ffffffff8124c019>] __asan_load8+0x69/0xa0 [<ffffffff81205ee3>] isolate_migratepages_range+0x663/0xb30 [<ffffffff811dc5e7>] ? zone_watermark_ok+0x57/0x70 [<ffffffff812067c6>] compact_zone+0x416/0x700 [<ffffffff81206b45>] compact_zone_order+0x95/0x100 [<ffffffff81207002>] try_to_compact_pages+0x102/0x1a0 [<ffffffff811e21e6>] __alloc_pages_direct_compact+0x96/0x290 [<ffffffff811e2d5e>] __alloc_pages_nodemask+0x97e/0xc40 [<ffffffff8123ce24>] alloc_pages_vma+0xb4/0x200 [<ffffffff812572ca>] do_huge_pmd_anonymous_page+0x13a/0x490 [<ffffffff8120f072>] ? do_numa_page+0x192/0x200 [<ffffffff81210c07>] handle_mm_fault+0x267/0x1160 [<ffffffff81a7d028>] __do_page_fault+0x218/0x750 [<ffffffff8121aead>] ? do_mmap_pgoff+0x47d/0x500 [<ffffffff811fd699>] ? vm_mmap_pgoff+0xa9/0xd0 [<ffffffff81a7d57a>] do_page_fault+0x1a/0x70 [<ffffffff81a785a8>] page_fault+0x28/0x30 Memory state around the buggy address: ffff880279cc7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7600: fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 >ffff880279cc7680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff880279cc7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7780: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 ================================================================== gavin@rotom:~/ddebs/ddebs-3.13.0-76.120hf00073670v20160120b0h5d3e6ab$ addr2line 0xffffffff81205ee3 -e usr/lib/debug/boot/vmlinux-3.13.0-76-generic -fi constant_test_bit /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 mapping_balloon /home/gavin/ubuntu-trusty-amd64/include/linux/pagemap.h:69 __is_movable_balloon_page /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:131 balloon_page_movable /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:156 isolate_migratepages_range /home/gavin/ubuntu-trusty-amd64/mm/compaction.c:554 >8------------------8< /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 310 static __always_inline int constant_test_bit(long nr, const volatile unsigned long *addr) 311 { 312 return ((1UL << (nr & (BITS_PER_LONG-1))) & 313 (addr[nr >> _BITOPS_LONG_SHIFT])) != 0; 314 } Reference: [1]. http://kernel.ubuntu.com/git/gavinguo/stress-test.git/
2016-04-20 13:48:36	Gavin Guo	linux (Ubuntu): assignee		Gavin Guo (mimi0213kimo)
2016-05-16 02:59:36	Gavin Guo	description	In the v3.13.0-76 kernel with KASan backported. The following error message could be observed during the kernel building stress test of the command[1]: "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Bad access happens when we read page->mapping->flags, and page->mapping is a pointer to anon_vma which is already freed in the do_exit path. ================================================================== BUG: KASan: out of bounds access in isolate_migratepages_range+0x663/0xb30 at addr ffff880279cc76d1 Read of size 8 by task cc1/27473 ============================================================================= BUG anon_vma (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in anon_vma_prepare+0x189/0x250 age=7323 cpu=16 pid=31029 __slab_alloc+0x4f8/0x560 kmem_cache_alloc+0x18b/0x1e0 anon_vma_prepare+0x189/0x250 do_wp_page+0x837/0xb10 handle_mm_fault+0x884/0x1160 __do_page_fault+0x218/0x750 do_page_fault+0x1a/0x70 page_fault+0x28/0x30 INFO: Freed in __put_anon_vma+0x69/0xe0 age=8588 cpu=4 pid=29418 __slab_free+0x2ab/0x3f0 kmem_cache_free+0x1c1/0x200 __put_anon_vma+0x69/0xe0 unlink_anon_vmas+0x2a8/0x320 free_pgtables+0x50/0x1c0 exit_mmap+0xca/0x1e0 mmput+0x82/0x1b0 do_exit+0x391/0x1060 do_group_exit+0x86/0x130 SyS_exit_group+0x1d/0x20 system_call_fastpath+0x1a/0x1f INFO: Slab 0xffffea0009e73100 objects=43 used=30 fp=0xffff880279cc67a8 flags=0x2ffff0000004080 INFO: Object 0xffff880279cc7658 @offset=13912 fp=0xffff880279cc7c38 Bytes b4 ffff880279cc7648: 10 00 00 00 5b 17 00 00 ef 25 6b 03 01 00 00 00 ....[....%k..... Object ffff880279cc7658: 58 76 cc 79 02 88 ff ff 00 00 00 00 00 00 00 00 Xv.y............ Object ffff880279cc7668: 00 00 00 00 5a 5a 5a 5a 70 76 cc 79 02 88 ff ff ....ZZZZpv.y.... Object ffff880279cc7678: 70 76 cc 79 02 88 ff ff 01 00 00 00 03 00 00 00 pv.y............ Object ffff880279cc7688: 58 76 cc 79 02 88 ff ff b8 2a 20 31 02 88 ff ff Xv.y.....* 1.... CPU: 8 PID: 27473 Comm: cc1 Tainted: G B 3.13.0-76-generic #120hf00073670v20160120b0h5d3e6ab Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.3.0.080120140402 08/01/2014 ffffea0009e73100 ffff880736bbf750 ffffffff81a6e195 ffff8804e881b840 ffff880736bbf780 ffffffff81244c1d ffff8804e881b840 ffffea0009e73100 ffff880279cc7658 ffffea001aa99c98 ffff880736bbf7a8 ffffffff8124ad66 Call Trace: [<ffffffff81a6e195>] dump_stack+0x45/0x56 [<ffffffff81244c1d>] print_trailer+0xfd/0x170 [<ffffffff8124ad66>] object_err+0x36/0x40 [<ffffffff8124cd29>] kasan_report_error+0x1e9/0x3a0 [<ffffffff8125d9f8>] ? memcg_check_events+0x28/0x380 [<ffffffff81221c2d>] ? rmap_walk+0x32d/0x340 [<ffffffff8124d390>] kasan_report+0x40/0x50 [<ffffffff81205ee3>] ? isolate_migratepages_range+0x663/0xb30 [<ffffffff8124c019>] __asan_load8+0x69/0xa0 [<ffffffff81205ee3>] isolate_migratepages_range+0x663/0xb30 [<ffffffff811dc5e7>] ? zone_watermark_ok+0x57/0x70 [<ffffffff812067c6>] compact_zone+0x416/0x700 [<ffffffff81206b45>] compact_zone_order+0x95/0x100 [<ffffffff81207002>] try_to_compact_pages+0x102/0x1a0 [<ffffffff811e21e6>] __alloc_pages_direct_compact+0x96/0x290 [<ffffffff811e2d5e>] __alloc_pages_nodemask+0x97e/0xc40 [<ffffffff8123ce24>] alloc_pages_vma+0xb4/0x200 [<ffffffff812572ca>] do_huge_pmd_anonymous_page+0x13a/0x490 [<ffffffff8120f072>] ? do_numa_page+0x192/0x200 [<ffffffff81210c07>] handle_mm_fault+0x267/0x1160 [<ffffffff81a7d028>] __do_page_fault+0x218/0x750 [<ffffffff8121aead>] ? do_mmap_pgoff+0x47d/0x500 [<ffffffff811fd699>] ? vm_mmap_pgoff+0xa9/0xd0 [<ffffffff81a7d57a>] do_page_fault+0x1a/0x70 [<ffffffff81a785a8>] page_fault+0x28/0x30 Memory state around the buggy address: ffff880279cc7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7600: fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 >ffff880279cc7680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff880279cc7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7780: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 ================================================================== gavin@rotom:~/ddebs/ddebs-3.13.0-76.120hf00073670v20160120b0h5d3e6ab$ addr2line 0xffffffff81205ee3 -e usr/lib/debug/boot/vmlinux-3.13.0-76-generic -fi constant_test_bit /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 mapping_balloon /home/gavin/ubuntu-trusty-amd64/include/linux/pagemap.h:69 __is_movable_balloon_page /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:131 balloon_page_movable /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:156 isolate_migratepages_range /home/gavin/ubuntu-trusty-amd64/mm/compaction.c:554 >8------------------8< /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 310 static __always_inline int constant_test_bit(long nr, const volatile unsigned long *addr) 311 { 312 return ((1UL << (nr & (BITS_PER_LONG-1))) & 313 (addr[nr >> _BITOPS_LONG_SHIFT])) != 0; 314 } Reference: [1]. http://kernel.ubuntu.com/git/gavinguo/stress-test.git/	[Impact] In the v3.13.0-76 kernel with KASan backported. The following error message could be observed during the kernel building stress test of the command[1]: "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Bad access happens when we read page->mapping->flags, and page->mapping is a pointer to anon_vma which is already freed in the do_exit path. ================================================================== BUG: KASan: out of bounds access in isolate_migratepages_range+0x663/0xb30 at addr ffff880279cc76d1 Read of size 8 by task cc1/27473 ============================================================================= BUG anon_vma (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in anon_vma_prepare+0x189/0x250 age=7323 cpu=16 pid=31029 __slab_alloc+0x4f8/0x560 kmem_cache_alloc+0x18b/0x1e0 anon_vma_prepare+0x189/0x250 do_wp_page+0x837/0xb10 handle_mm_fault+0x884/0x1160 __do_page_fault+0x218/0x750 do_page_fault+0x1a/0x70 page_fault+0x28/0x30 INFO: Freed in __put_anon_vma+0x69/0xe0 age=8588 cpu=4 pid=29418 __slab_free+0x2ab/0x3f0 kmem_cache_free+0x1c1/0x200 __put_anon_vma+0x69/0xe0 unlink_anon_vmas+0x2a8/0x320 free_pgtables+0x50/0x1c0 exit_mmap+0xca/0x1e0 mmput+0x82/0x1b0 do_exit+0x391/0x1060 do_group_exit+0x86/0x130 SyS_exit_group+0x1d/0x20 system_call_fastpath+0x1a/0x1f INFO: Slab 0xffffea0009e73100 objects=43 used=30 fp=0xffff880279cc67a8 flags=0x2ffff0000004080 INFO: Object 0xffff880279cc7658 @offset=13912 fp=0xffff880279cc7c38 Bytes b4 ffff880279cc7648: 10 00 00 00 5b 17 00 00 ef 25 6b 03 01 00 00 00 ....[....%k..... Object ffff880279cc7658: 58 76 cc 79 02 88 ff ff 00 00 00 00 00 00 00 00 Xv.y............ Object ffff880279cc7668: 00 00 00 00 5a 5a 5a 5a 70 76 cc 79 02 88 ff ff ....ZZZZpv.y.... Object ffff880279cc7678: 70 76 cc 79 02 88 ff ff 01 00 00 00 03 00 00 00 pv.y............ Object ffff880279cc7688: 58 76 cc 79 02 88 ff ff b8 2a 20 31 02 88 ff ff Xv.y.....* 1.... CPU: 8 PID: 27473 Comm: cc1 Tainted: G B 3.13.0-76-generic #120hf00073670v20160120b0h5d3e6ab Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.3.0.080120140402 08/01/2014 ffffea0009e73100 ffff880736bbf750 ffffffff81a6e195 ffff8804e881b840 ffff880736bbf780 ffffffff81244c1d ffff8804e881b840 ffffea0009e73100 ffff880279cc7658 ffffea001aa99c98 ffff880736bbf7a8 ffffffff8124ad66 Call Trace: [<ffffffff81a6e195>] dump_stack+0x45/0x56 [<ffffffff81244c1d>] print_trailer+0xfd/0x170 [<ffffffff8124ad66>] object_err+0x36/0x40 [<ffffffff8124cd29>] kasan_report_error+0x1e9/0x3a0 [<ffffffff8125d9f8>] ? memcg_check_events+0x28/0x380 [<ffffffff81221c2d>] ? rmap_walk+0x32d/0x340 [<ffffffff8124d390>] kasan_report+0x40/0x50 [<ffffffff81205ee3>] ? isolate_migratepages_range+0x663/0xb30 [<ffffffff8124c019>] __asan_load8+0x69/0xa0 [<ffffffff81205ee3>] isolate_migratepages_range+0x663/0xb30 [<ffffffff811dc5e7>] ? zone_watermark_ok+0x57/0x70 [<ffffffff812067c6>] compact_zone+0x416/0x700 [<ffffffff81206b45>] compact_zone_order+0x95/0x100 [<ffffffff81207002>] try_to_compact_pages+0x102/0x1a0 [<ffffffff811e21e6>] __alloc_pages_direct_compact+0x96/0x290 [<ffffffff811e2d5e>] __alloc_pages_nodemask+0x97e/0xc40 [<ffffffff8123ce24>] alloc_pages_vma+0xb4/0x200 [<ffffffff812572ca>] do_huge_pmd_anonymous_page+0x13a/0x490 [<ffffffff8120f072>] ? do_numa_page+0x192/0x200 [<ffffffff81210c07>] handle_mm_fault+0x267/0x1160 [<ffffffff81a7d028>] __do_page_fault+0x218/0x750 [<ffffffff8121aead>] ? do_mmap_pgoff+0x47d/0x500 [<ffffffff811fd699>] ? vm_mmap_pgoff+0xa9/0xd0 [<ffffffff81a7d57a>] do_page_fault+0x1a/0x70 [<ffffffff81a785a8>] page_fault+0x28/0x30 Memory state around the buggy address: ffff880279cc7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7600: fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 >ffff880279cc7680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff880279cc7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7780: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 ================================================================== gavin@rotom:~/ddebs/ddebs-3.13.0-76.120hf00073670v20160120b0h5d3e6ab$ addr2line 0xffffffff81205ee3 -e usr/lib/debug/boot/vmlinux-3.13.0-76-generic -fi constant_test_bit /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 mapping_balloon /home/gavin/ubuntu-trusty-amd64/include/linux/pagemap.h:69 __is_movable_balloon_page /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:131 balloon_page_movable /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:156 isolate_migratepages_range /home/gavin/ubuntu-trusty-amd64/mm/compaction.c:554 >8------------------8< /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 310 static __always_inline int constant_test_bit(long nr, const volatile unsigned long *addr) 311 { 312 return ((1UL << (nr & (BITS_PER_LONG-1))) & 313 (addr[nr >> _BITOPS_LONG_SHIFT])) != 0; 314 } [Fix] - The first patach is the solution commit which moves the PageBalloon check to page->_mapcount. d6d86c0a7f8d ("mm/balloon_compaction: redesign ballooned pages management") - The second one is the patch to remove the isolation check when the CONFIG_BALLOON_COMPACTION is not defined. 4d88e6f7d5ff ("mm/balloon_compaction: fix deflation when compaction is disabled") [Test Case] "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Reference: [1]. http://kernel.ubuntu.com/git/gavinguo/stress-test.git/
2016-05-16 03:06:38	Gavin Guo	description	[Impact] In the v3.13.0-76 kernel with KASan backported. The following error message could be observed during the kernel building stress test of the command[1]: "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Bad access happens when we read page->mapping->flags, and page->mapping is a pointer to anon_vma which is already freed in the do_exit path. ================================================================== BUG: KASan: out of bounds access in isolate_migratepages_range+0x663/0xb30 at addr ffff880279cc76d1 Read of size 8 by task cc1/27473 ============================================================================= BUG anon_vma (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in anon_vma_prepare+0x189/0x250 age=7323 cpu=16 pid=31029 __slab_alloc+0x4f8/0x560 kmem_cache_alloc+0x18b/0x1e0 anon_vma_prepare+0x189/0x250 do_wp_page+0x837/0xb10 handle_mm_fault+0x884/0x1160 __do_page_fault+0x218/0x750 do_page_fault+0x1a/0x70 page_fault+0x28/0x30 INFO: Freed in __put_anon_vma+0x69/0xe0 age=8588 cpu=4 pid=29418 __slab_free+0x2ab/0x3f0 kmem_cache_free+0x1c1/0x200 __put_anon_vma+0x69/0xe0 unlink_anon_vmas+0x2a8/0x320 free_pgtables+0x50/0x1c0 exit_mmap+0xca/0x1e0 mmput+0x82/0x1b0 do_exit+0x391/0x1060 do_group_exit+0x86/0x130 SyS_exit_group+0x1d/0x20 system_call_fastpath+0x1a/0x1f INFO: Slab 0xffffea0009e73100 objects=43 used=30 fp=0xffff880279cc67a8 flags=0x2ffff0000004080 INFO: Object 0xffff880279cc7658 @offset=13912 fp=0xffff880279cc7c38 Bytes b4 ffff880279cc7648: 10 00 00 00 5b 17 00 00 ef 25 6b 03 01 00 00 00 ....[....%k..... Object ffff880279cc7658: 58 76 cc 79 02 88 ff ff 00 00 00 00 00 00 00 00 Xv.y............ Object ffff880279cc7668: 00 00 00 00 5a 5a 5a 5a 70 76 cc 79 02 88 ff ff ....ZZZZpv.y.... Object ffff880279cc7678: 70 76 cc 79 02 88 ff ff 01 00 00 00 03 00 00 00 pv.y............ Object ffff880279cc7688: 58 76 cc 79 02 88 ff ff b8 2a 20 31 02 88 ff ff Xv.y.....* 1.... CPU: 8 PID: 27473 Comm: cc1 Tainted: G B 3.13.0-76-generic #120hf00073670v20160120b0h5d3e6ab Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.3.0.080120140402 08/01/2014 ffffea0009e73100 ffff880736bbf750 ffffffff81a6e195 ffff8804e881b840 ffff880736bbf780 ffffffff81244c1d ffff8804e881b840 ffffea0009e73100 ffff880279cc7658 ffffea001aa99c98 ffff880736bbf7a8 ffffffff8124ad66 Call Trace: [<ffffffff81a6e195>] dump_stack+0x45/0x56 [<ffffffff81244c1d>] print_trailer+0xfd/0x170 [<ffffffff8124ad66>] object_err+0x36/0x40 [<ffffffff8124cd29>] kasan_report_error+0x1e9/0x3a0 [<ffffffff8125d9f8>] ? memcg_check_events+0x28/0x380 [<ffffffff81221c2d>] ? rmap_walk+0x32d/0x340 [<ffffffff8124d390>] kasan_report+0x40/0x50 [<ffffffff81205ee3>] ? isolate_migratepages_range+0x663/0xb30 [<ffffffff8124c019>] __asan_load8+0x69/0xa0 [<ffffffff81205ee3>] isolate_migratepages_range+0x663/0xb30 [<ffffffff811dc5e7>] ? zone_watermark_ok+0x57/0x70 [<ffffffff812067c6>] compact_zone+0x416/0x700 [<ffffffff81206b45>] compact_zone_order+0x95/0x100 [<ffffffff81207002>] try_to_compact_pages+0x102/0x1a0 [<ffffffff811e21e6>] __alloc_pages_direct_compact+0x96/0x290 [<ffffffff811e2d5e>] __alloc_pages_nodemask+0x97e/0xc40 [<ffffffff8123ce24>] alloc_pages_vma+0xb4/0x200 [<ffffffff812572ca>] do_huge_pmd_anonymous_page+0x13a/0x490 [<ffffffff8120f072>] ? do_numa_page+0x192/0x200 [<ffffffff81210c07>] handle_mm_fault+0x267/0x1160 [<ffffffff81a7d028>] __do_page_fault+0x218/0x750 [<ffffffff8121aead>] ? do_mmap_pgoff+0x47d/0x500 [<ffffffff811fd699>] ? vm_mmap_pgoff+0xa9/0xd0 [<ffffffff81a7d57a>] do_page_fault+0x1a/0x70 [<ffffffff81a785a8>] page_fault+0x28/0x30 Memory state around the buggy address: ffff880279cc7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7600: fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 >ffff880279cc7680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff880279cc7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7780: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 ================================================================== gavin@rotom:~/ddebs/ddebs-3.13.0-76.120hf00073670v20160120b0h5d3e6ab$ addr2line 0xffffffff81205ee3 -e usr/lib/debug/boot/vmlinux-3.13.0-76-generic -fi constant_test_bit /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 mapping_balloon /home/gavin/ubuntu-trusty-amd64/include/linux/pagemap.h:69 __is_movable_balloon_page /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:131 balloon_page_movable /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:156 isolate_migratepages_range /home/gavin/ubuntu-trusty-amd64/mm/compaction.c:554 >8------------------8< /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 310 static __always_inline int constant_test_bit(long nr, const volatile unsigned long *addr) 311 { 312 return ((1UL << (nr & (BITS_PER_LONG-1))) & 313 (addr[nr >> _BITOPS_LONG_SHIFT])) != 0; 314 } [Fix] - The first patach is the solution commit which moves the PageBalloon check to page->_mapcount. d6d86c0a7f8d ("mm/balloon_compaction: redesign ballooned pages management") - The second one is the patch to remove the isolation check when the CONFIG_BALLOON_COMPACTION is not defined. 4d88e6f7d5ff ("mm/balloon_compaction: fix deflation when compaction is disabled") [Test Case] "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Reference: [1]. http://kernel.ubuntu.com/git/gavinguo/stress-test.git/	[Impact] In the v3.13.0-76 kernel with KASan backported. The following error message could be observed during the kernel building stress test of the command[1]: "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Bad access happens when we read page->mapping->flags, and page->mapping is a pointer to anon_vma which is already freed in the do_exit path. ================================================================== BUG: KASan: out of bounds access in isolate_migratepages_range+0x663/0xb30 at addr ffff880279cc76d1 Read of size 8 by task cc1/27473 ============================================================================= BUG anon_vma (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in anon_vma_prepare+0x189/0x250 age=7323 cpu=16 pid=31029 __slab_alloc+0x4f8/0x560 kmem_cache_alloc+0x18b/0x1e0 anon_vma_prepare+0x189/0x250 do_wp_page+0x837/0xb10 handle_mm_fault+0x884/0x1160 __do_page_fault+0x218/0x750 do_page_fault+0x1a/0x70 page_fault+0x28/0x30 INFO: Freed in __put_anon_vma+0x69/0xe0 age=8588 cpu=4 pid=29418 __slab_free+0x2ab/0x3f0 kmem_cache_free+0x1c1/0x200 __put_anon_vma+0x69/0xe0 unlink_anon_vmas+0x2a8/0x320 free_pgtables+0x50/0x1c0 exit_mmap+0xca/0x1e0 mmput+0x82/0x1b0 do_exit+0x391/0x1060 do_group_exit+0x86/0x130 SyS_exit_group+0x1d/0x20 system_call_fastpath+0x1a/0x1f INFO: Slab 0xffffea0009e73100 objects=43 used=30 fp=0xffff880279cc67a8 flags=0x2ffff0000004080 INFO: Object 0xffff880279cc7658 @offset=13912 fp=0xffff880279cc7c38 Bytes b4 ffff880279cc7648: 10 00 00 00 5b 17 00 00 ef 25 6b 03 01 00 00 00 ....[....%k..... Object ffff880279cc7658: 58 76 cc 79 02 88 ff ff 00 00 00 00 00 00 00 00 Xv.y............ Object ffff880279cc7668: 00 00 00 00 5a 5a 5a 5a 70 76 cc 79 02 88 ff ff ....ZZZZpv.y.... Object ffff880279cc7678: 70 76 cc 79 02 88 ff ff 01 00 00 00 03 00 00 00 pv.y............ Object ffff880279cc7688: 58 76 cc 79 02 88 ff ff b8 2a 20 31 02 88 ff ff Xv.y.....* 1.... CPU: 8 PID: 27473 Comm: cc1 Tainted: G B 3.13.0-76-generic #120hf00073670v20160120b0h5d3e6ab Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.3.0.080120140402 08/01/2014 ffffea0009e73100 ffff880736bbf750 ffffffff81a6e195 ffff8804e881b840 ffff880736bbf780 ffffffff81244c1d ffff8804e881b840 ffffea0009e73100 ffff880279cc7658 ffffea001aa99c98 ffff880736bbf7a8 ffffffff8124ad66 Call Trace: [<ffffffff81a6e195>] dump_stack+0x45/0x56 [<ffffffff81244c1d>] print_trailer+0xfd/0x170 [<ffffffff8124ad66>] object_err+0x36/0x40 [<ffffffff8124cd29>] kasan_report_error+0x1e9/0x3a0 [<ffffffff8125d9f8>] ? memcg_check_events+0x28/0x380 [<ffffffff81221c2d>] ? rmap_walk+0x32d/0x340 [<ffffffff8124d390>] kasan_report+0x40/0x50 [<ffffffff81205ee3>] ? isolate_migratepages_range+0x663/0xb30 [<ffffffff8124c019>] __asan_load8+0x69/0xa0 [<ffffffff81205ee3>] isolate_migratepages_range+0x663/0xb30 [<ffffffff811dc5e7>] ? zone_watermark_ok+0x57/0x70 [<ffffffff812067c6>] compact_zone+0x416/0x700 [<ffffffff81206b45>] compact_zone_order+0x95/0x100 [<ffffffff81207002>] try_to_compact_pages+0x102/0x1a0 [<ffffffff811e21e6>] __alloc_pages_direct_compact+0x96/0x290 [<ffffffff811e2d5e>] __alloc_pages_nodemask+0x97e/0xc40 [<ffffffff8123ce24>] alloc_pages_vma+0xb4/0x200 [<ffffffff812572ca>] do_huge_pmd_anonymous_page+0x13a/0x490 [<ffffffff8120f072>] ? do_numa_page+0x192/0x200 [<ffffffff81210c07>] handle_mm_fault+0x267/0x1160 [<ffffffff81a7d028>] __do_page_fault+0x218/0x750 [<ffffffff8121aead>] ? do_mmap_pgoff+0x47d/0x500 [<ffffffff811fd699>] ? vm_mmap_pgoff+0xa9/0xd0 [<ffffffff81a7d57a>] do_page_fault+0x1a/0x70 [<ffffffff81a785a8>] page_fault+0x28/0x30 Memory state around the buggy address: ffff880279cc7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7600: fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 >ffff880279cc7680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff880279cc7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7780: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 ================================================================== gavin@rotom:~/ddebs/ddebs-3.13.0-76.120hf00073670v20160120b0h5d3e6ab$ addr2line 0xffffffff81205ee3 -e usr/lib/debug/boot/vmlinux-3.13.0-76-generic -fi constant_test_bit /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 mapping_balloon /home/gavin/ubuntu-trusty-amd64/include/linux/pagemap.h:69 __is_movable_balloon_page /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:131 balloon_page_movable /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:156 isolate_migratepages_range /home/gavin/ubuntu-trusty-amd64/mm/compaction.c:554 >8------------------8< /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 310 static __always_inline int constant_test_bit(long nr, const volatile unsigned long *addr) 311 { 312 return ((1UL << (nr & (BITS_PER_LONG-1))) & 313 (addr[nr >> _BITOPS_LONG_SHIFT])) != 0; 314 } [Fix] - The first patach is the solution commit which moves the PageBalloon check to page->_mapcount. d6d86c0a7f8d ("mm/balloon_compaction: redesign ballooned pages management") - The second one is the patch to remove the isolation check when the CONFIG_BALLOON_COMPACTION is not defined. 4d88e6f7d5ff ("mm/balloon_compaction: fix deflation when compaction is disabled") [Test Case] Running the following command on the Trusty kernel(Ubuntu-3.13.0-86.130) with KASan backported. The bug error messages cannot be observed in the dmesg. "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Reference: [1]. http://kernel.ubuntu.com/git/gavinguo/stress-test.git/
2016-05-16 06:25:36	Gavin Guo	description	[Impact] In the v3.13.0-76 kernel with KASan backported. The following error message could be observed during the kernel building stress test of the command[1]: "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Bad access happens when we read page->mapping->flags, and page->mapping is a pointer to anon_vma which is already freed in the do_exit path. ================================================================== BUG: KASan: out of bounds access in isolate_migratepages_range+0x663/0xb30 at addr ffff880279cc76d1 Read of size 8 by task cc1/27473 ============================================================================= BUG anon_vma (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in anon_vma_prepare+0x189/0x250 age=7323 cpu=16 pid=31029 __slab_alloc+0x4f8/0x560 kmem_cache_alloc+0x18b/0x1e0 anon_vma_prepare+0x189/0x250 do_wp_page+0x837/0xb10 handle_mm_fault+0x884/0x1160 __do_page_fault+0x218/0x750 do_page_fault+0x1a/0x70 page_fault+0x28/0x30 INFO: Freed in __put_anon_vma+0x69/0xe0 age=8588 cpu=4 pid=29418 __slab_free+0x2ab/0x3f0 kmem_cache_free+0x1c1/0x200 __put_anon_vma+0x69/0xe0 unlink_anon_vmas+0x2a8/0x320 free_pgtables+0x50/0x1c0 exit_mmap+0xca/0x1e0 mmput+0x82/0x1b0 do_exit+0x391/0x1060 do_group_exit+0x86/0x130 SyS_exit_group+0x1d/0x20 system_call_fastpath+0x1a/0x1f INFO: Slab 0xffffea0009e73100 objects=43 used=30 fp=0xffff880279cc67a8 flags=0x2ffff0000004080 INFO: Object 0xffff880279cc7658 @offset=13912 fp=0xffff880279cc7c38 Bytes b4 ffff880279cc7648: 10 00 00 00 5b 17 00 00 ef 25 6b 03 01 00 00 00 ....[....%k..... Object ffff880279cc7658: 58 76 cc 79 02 88 ff ff 00 00 00 00 00 00 00 00 Xv.y............ Object ffff880279cc7668: 00 00 00 00 5a 5a 5a 5a 70 76 cc 79 02 88 ff ff ....ZZZZpv.y.... Object ffff880279cc7678: 70 76 cc 79 02 88 ff ff 01 00 00 00 03 00 00 00 pv.y............ Object ffff880279cc7688: 58 76 cc 79 02 88 ff ff b8 2a 20 31 02 88 ff ff Xv.y.....* 1.... CPU: 8 PID: 27473 Comm: cc1 Tainted: G B 3.13.0-76-generic #120hf00073670v20160120b0h5d3e6ab Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.3.0.080120140402 08/01/2014 ffffea0009e73100 ffff880736bbf750 ffffffff81a6e195 ffff8804e881b840 ffff880736bbf780 ffffffff81244c1d ffff8804e881b840 ffffea0009e73100 ffff880279cc7658 ffffea001aa99c98 ffff880736bbf7a8 ffffffff8124ad66 Call Trace: [<ffffffff81a6e195>] dump_stack+0x45/0x56 [<ffffffff81244c1d>] print_trailer+0xfd/0x170 [<ffffffff8124ad66>] object_err+0x36/0x40 [<ffffffff8124cd29>] kasan_report_error+0x1e9/0x3a0 [<ffffffff8125d9f8>] ? memcg_check_events+0x28/0x380 [<ffffffff81221c2d>] ? rmap_walk+0x32d/0x340 [<ffffffff8124d390>] kasan_report+0x40/0x50 [<ffffffff81205ee3>] ? isolate_migratepages_range+0x663/0xb30 [<ffffffff8124c019>] __asan_load8+0x69/0xa0 [<ffffffff81205ee3>] isolate_migratepages_range+0x663/0xb30 [<ffffffff811dc5e7>] ? zone_watermark_ok+0x57/0x70 [<ffffffff812067c6>] compact_zone+0x416/0x700 [<ffffffff81206b45>] compact_zone_order+0x95/0x100 [<ffffffff81207002>] try_to_compact_pages+0x102/0x1a0 [<ffffffff811e21e6>] __alloc_pages_direct_compact+0x96/0x290 [<ffffffff811e2d5e>] __alloc_pages_nodemask+0x97e/0xc40 [<ffffffff8123ce24>] alloc_pages_vma+0xb4/0x200 [<ffffffff812572ca>] do_huge_pmd_anonymous_page+0x13a/0x490 [<ffffffff8120f072>] ? do_numa_page+0x192/0x200 [<ffffffff81210c07>] handle_mm_fault+0x267/0x1160 [<ffffffff81a7d028>] __do_page_fault+0x218/0x750 [<ffffffff8121aead>] ? do_mmap_pgoff+0x47d/0x500 [<ffffffff811fd699>] ? vm_mmap_pgoff+0xa9/0xd0 [<ffffffff81a7d57a>] do_page_fault+0x1a/0x70 [<ffffffff81a785a8>] page_fault+0x28/0x30 Memory state around the buggy address: ffff880279cc7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7600: fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 >ffff880279cc7680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff880279cc7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7780: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 ================================================================== gavin@rotom:~/ddebs/ddebs-3.13.0-76.120hf00073670v20160120b0h5d3e6ab$ addr2line 0xffffffff81205ee3 -e usr/lib/debug/boot/vmlinux-3.13.0-76-generic -fi constant_test_bit /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 mapping_balloon /home/gavin/ubuntu-trusty-amd64/include/linux/pagemap.h:69 __is_movable_balloon_page /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:131 balloon_page_movable /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:156 isolate_migratepages_range /home/gavin/ubuntu-trusty-amd64/mm/compaction.c:554 >8------------------8< /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 310 static __always_inline int constant_test_bit(long nr, const volatile unsigned long *addr) 311 { 312 return ((1UL << (nr & (BITS_PER_LONG-1))) & 313 (addr[nr >> _BITOPS_LONG_SHIFT])) != 0; 314 } [Fix] - The first patach is the solution commit which moves the PageBalloon check to page->_mapcount. d6d86c0a7f8d ("mm/balloon_compaction: redesign ballooned pages management") - The second one is the patch to remove the isolation check when the CONFIG_BALLOON_COMPACTION is not defined. 4d88e6f7d5ff ("mm/balloon_compaction: fix deflation when compaction is disabled") [Test Case] Running the following command on the Trusty kernel(Ubuntu-3.13.0-86.130) with KASan backported. The bug error messages cannot be observed in the dmesg. "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Reference: [1]. http://kernel.ubuntu.com/git/gavinguo/stress-test.git/	[Impact] In the v3.13.0-76 kernel with KASan backported. The following error message could be observed during the kernel building stress test of the command[1]: "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Bad access happens when we read page->mapping->flags, and page->mapping is a pointer to anon_vma which is already freed in the do_exit path. ================================================================== BUG: KASan: out of bounds access in isolate_migratepages_range+0x663/0xb30 at addr ffff880279cc76d1 Read of size 8 by task cc1/27473 ============================================================================= BUG anon_vma (Not tainted): kasan: bad access detected ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in anon_vma_prepare+0x189/0x250 age=7323 cpu=16 pid=31029 __slab_alloc+0x4f8/0x560 kmem_cache_alloc+0x18b/0x1e0 anon_vma_prepare+0x189/0x250 do_wp_page+0x837/0xb10 handle_mm_fault+0x884/0x1160 __do_page_fault+0x218/0x750 do_page_fault+0x1a/0x70 page_fault+0x28/0x30 INFO: Freed in __put_anon_vma+0x69/0xe0 age=8588 cpu=4 pid=29418 __slab_free+0x2ab/0x3f0 kmem_cache_free+0x1c1/0x200 __put_anon_vma+0x69/0xe0 unlink_anon_vmas+0x2a8/0x320 free_pgtables+0x50/0x1c0 exit_mmap+0xca/0x1e0 mmput+0x82/0x1b0 do_exit+0x391/0x1060 do_group_exit+0x86/0x130 SyS_exit_group+0x1d/0x20 system_call_fastpath+0x1a/0x1f INFO: Slab 0xffffea0009e73100 objects=43 used=30 fp=0xffff880279cc67a8 flags=0x2ffff0000004080 INFO: Object 0xffff880279cc7658 @offset=13912 fp=0xffff880279cc7c38 Bytes b4 ffff880279cc7648: 10 00 00 00 5b 17 00 00 ef 25 6b 03 01 00 00 00 ....[....%k..... Object ffff880279cc7658: 58 76 cc 79 02 88 ff ff 00 00 00 00 00 00 00 00 Xv.y............ Object ffff880279cc7668: 00 00 00 00 5a 5a 5a 5a 70 76 cc 79 02 88 ff ff ....ZZZZpv.y.... Object ffff880279cc7678: 70 76 cc 79 02 88 ff ff 01 00 00 00 03 00 00 00 pv.y............ Object ffff880279cc7688: 58 76 cc 79 02 88 ff ff b8 2a 20 31 02 88 ff ff Xv.y.....* 1.... CPU: 8 PID: 27473 Comm: cc1 Tainted: G B 3.13.0-76-generic #120hf00073670v20160120b0h5d3e6ab Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.3.0.080120140402 08/01/2014 ffffea0009e73100 ffff880736bbf750 ffffffff81a6e195 ffff8804e881b840 ffff880736bbf780 ffffffff81244c1d ffff8804e881b840 ffffea0009e73100 ffff880279cc7658 ffffea001aa99c98 ffff880736bbf7a8 ffffffff8124ad66 Call Trace: [<ffffffff81a6e195>] dump_stack+0x45/0x56 [<ffffffff81244c1d>] print_trailer+0xfd/0x170 [<ffffffff8124ad66>] object_err+0x36/0x40 [<ffffffff8124cd29>] kasan_report_error+0x1e9/0x3a0 [<ffffffff8125d9f8>] ? memcg_check_events+0x28/0x380 [<ffffffff81221c2d>] ? rmap_walk+0x32d/0x340 [<ffffffff8124d390>] kasan_report+0x40/0x50 [<ffffffff81205ee3>] ? isolate_migratepages_range+0x663/0xb30 [<ffffffff8124c019>] __asan_load8+0x69/0xa0 [<ffffffff81205ee3>] isolate_migratepages_range+0x663/0xb30 [<ffffffff811dc5e7>] ? zone_watermark_ok+0x57/0x70 [<ffffffff812067c6>] compact_zone+0x416/0x700 [<ffffffff81206b45>] compact_zone_order+0x95/0x100 [<ffffffff81207002>] try_to_compact_pages+0x102/0x1a0 [<ffffffff811e21e6>] __alloc_pages_direct_compact+0x96/0x290 [<ffffffff811e2d5e>] __alloc_pages_nodemask+0x97e/0xc40 [<ffffffff8123ce24>] alloc_pages_vma+0xb4/0x200 [<ffffffff812572ca>] do_huge_pmd_anonymous_page+0x13a/0x490 [<ffffffff8120f072>] ? do_numa_page+0x192/0x200 [<ffffffff81210c07>] handle_mm_fault+0x267/0x1160 [<ffffffff81a7d028>] __do_page_fault+0x218/0x750 [<ffffffff8121aead>] ? do_mmap_pgoff+0x47d/0x500 [<ffffffff811fd699>] ? vm_mmap_pgoff+0xa9/0xd0 [<ffffffff81a7d57a>] do_page_fault+0x1a/0x70 [<ffffffff81a785a8>] page_fault+0x28/0x30 Memory state around the buggy address: ffff880279cc7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7600: fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 >ffff880279cc7680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff880279cc7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff880279cc7780: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 ================================================================== gavin@rotom:~/ddebs/ddebs-3.13.0-76.120hf00073670v20160120b0h5d3e6ab$ addr2line 0xffffffff81205ee3 -e usr/lib/debug/boot/vmlinux-3.13.0-76-generic -fi constant_test_bit /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 mapping_balloon /home/gavin/ubuntu-trusty-amd64/include/linux/pagemap.h:69 __is_movable_balloon_page /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:131 balloon_page_movable /home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:156 isolate_migratepages_range /home/gavin/ubuntu-trusty-amd64/mm/compaction.c:554 >8------------------8< /home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313 310 static __always_inline int constant_test_bit(long nr, const volatile unsigned long *addr) 311 { 312 return ((1UL << (nr & (BITS_PER_LONG-1))) & 313 (addr[nr >> _BITOPS_LONG_SHIFT])) != 0; 314 } >8------------------8< Related upstream mailing list discussion: - mm: compaction: buffer overflow in isolate_migratepages_range https://lkml.org/lkml/2014/8/9/162 - [PATCH v3 1/4] mm/balloon_compaction: redesign ballooned pages management http://www.spinics.net/lists/linux-mm/msg79249.html [Fix] - The first patach is the solution commit which moves the PageBalloon check to page->_mapcount. d6d86c0a7f8d ("mm/balloon_compaction: redesign ballooned pages management") - The second one is the patch to remove the isolation check when the CONFIG_BALLOON_COMPACTION is not defined. 4d88e6f7d5ff ("mm/balloon_compaction: fix deflation when compaction is disabled") [Test Case] Running the following command on the Trusty kernel(Ubuntu-3.13.0-86.130) with KASan backported. The bug error messages cannot be observed in the dmesg. "./parallel-73670.sh -r 2 -k 40" That means building 40 kernels in the same time with 2 rounds. Reference: [1]. http://kernel.ubuntu.com/git/gavinguo/stress-test.git/
2016-05-20 15:57:48	Kamal Mostafa	nominated for series		Ubuntu Trusty
2016-05-20 15:57:48	Kamal Mostafa	bug task added		linux (Ubuntu Trusty)
2016-05-20 15:58:53	Kamal Mostafa	linux (Ubuntu Trusty): status	New	Fix Committed
2016-05-20 15:59:37	Kamal Mostafa	linux (Ubuntu): status	Incomplete	Confirmed
2016-06-14 14:20:11	Kamal Mostafa	tags	sts trusty	sts trusty verification-needed-trusty
2016-06-17 08:02:48	Gavin Guo	tags	sts trusty verification-needed-trusty	sts trusty verification-done-trusty
2016-06-17 08:05:53	Gavin Guo	attachment added		kern.log https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1572562/+attachment/4685474/+files/kern.log
2016-06-27 19:04:21	Launchpad Janitor	linux (Ubuntu Trusty): status	Fix Committed	Fix Released
2016-06-27 19:04:21	Launchpad Janitor	cve linked		2016-3134
2016-06-27 19:04:21	Launchpad Janitor	cve linked		2016-4482
2016-06-27 19:04:21	Launchpad Janitor	cve linked		2016-4565
2016-06-27 19:04:21	Launchpad Janitor	cve linked		2016-4569
2016-06-27 19:04:21	Launchpad Janitor	cve linked		2016-4578
2016-06-27 19:04:21	Launchpad Janitor	cve linked		2016-4580
2016-06-27 19:04:21	Launchpad Janitor	cve linked		2016-4913
2016-07-07 14:55:26	Joseph Salisbury	linux (Ubuntu Trusty): assignee		Gavin Guo (mimi0213kimo)
2016-07-07 14:55:32	Joseph Salisbury	linux (Ubuntu): status	Confirmed	Fix Released
2016-07-07 14:55:34	Joseph Salisbury	linux (Ubuntu): importance	Undecided	Medium
2016-07-07 14:55:36	Joseph Salisbury	linux (Ubuntu Trusty): importance	Undecided	Medium

Ubuntulinux package

Activity log for bug #1572562

Ubuntu
linux package