Ubuntu
linux package

kernel panic when umouting rootfs

Trusty (14.04)
Bug #1541313

Bug #1541313 reported by Nicolas Dichtel on 2016-02-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	linux (Ubuntu)	Fix Released	High	Joseph Salisbury
	Trusty	Fix Released	High	Joseph Salisbury

Bug Description

This upstream commit is missing:
da362b09e42e umount: Do not allow unmounting rootfs.
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=da362b09e42e

The commit log of this patch explains how to reproduce the kernel panic (see below).

Note that this patch depends on
5ff9d8a65ce8 vfs: Lock in place mounts from more privileged users
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ff9d8a65ce8

root@ubuntu1404:~# uname -a
Linux ubuntu1404 3.13.0-71-generic #114-Ubuntu SMP Tue Dec 1 02:34:22 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
root@ubuntu1404:~# ./a.out
[ 199.274374] ------------[ cut here ]------------
[ 199.274865] kernel BUG at /build/linux-hEVYOL/linux-3.13.0/fs/pnode.c:372!
[ 199.275473] invalid opcode: 0000 [#1] SMP
[ 199.275850] Modules linked in: nfsv3 rpcsec_gss_krb5 nfsv4 crct10dif_pclmul crc32_pclmul ghash_clmulni_intel ppdev aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd serio_raw nfsd auth_rpcgss parport_pc nfs_acl nfs i2c_piix4 mac_hid lockd sunrpc fscache lp parport psmouse pata_acpi floppy
[ 199.276005] CPU: 0 PID: 893 Comm: a.out Not tainted 3.13.0-71-generic #114-Ubuntu
[ 199.276005] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.1-0-g4adadbd-20150316_085822-nilsson.home.kraxel.org 04/01/2014
[ 199.276005] task: ffff88003ba6b000 ti: ffff88003ad8e000 task.ti: ffff88003ad8e000
[ 199.276005] RIP: 0010:[<ffffffff811eb4d3>] [<ffffffff811eb4d3>] propagate_umount+0x143/0x150
[ 199.276005] RSP: 0018:ffff88003ad8fe90 EFLAGS: 00010246
[ 199.276005] RAX: ffff88003d9b41a0 RBX: 0000000000000002 RCX: ffff88003d9b41a0
[ 199.276005] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88003ad8fec0
[ 199.276005] RBP: ffff88003ad8fea8 R08: ffff88003d9b4190 R09: ffff88003ad8fec0
[ 199.276005] R10: ffffffff811ce392 R11: ffffea0000e72e00 R12: ffff88003d9b4140
[ 199.276005] R13: ffff88003d9b4140 R14: ffff88003d9b4140 R15: 0000000000000000
[ 199.276005] FS: 00007f72c3f0c740(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000
[ 199.276005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 199.276005] CR2: 00007f72c3a2d110 CR3: 000000003d3fd000 CR4: 00000000001407f0
[ 199.276005] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 199.276005] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 199.276005] Stack:
[ 199.276005] 0000000000000002 ffff88003d9b4160 ffff88003e035000 ffff88003ad8fed8
[ 199.276005] ffffffff811ddfcc 00000002ffffff9c ffff88003d9b4140 0000000000000002
[ 199.276005] ffff88003d9b4160 ffff88003ad8ff38 ffffffff811de9cf ffffffff811ce392
[ 199.276005] Call Trace:
[ 199.276005] [<ffffffff811ddfcc>] umount_tree+0x25c/0x270
[ 199.276005] [<ffffffff811de9cf>] do_umount+0x12f/0x320
[ 199.276005] [<ffffffff811ce392>] ? final_putname+0x22/0x50
[ 199.276005] [<ffffffff811ce599>] ? putname+0x29/0x40
[ 199.276005] [<ffffffff811df75b>] SyS_umount+0x10b/0x120
[ 199.276005] [<ffffffff8173545d>] system_call_fastpath+0x1a/0x1f
[ 199.276005] Code: 50 08 48 89 02 49 89 45 08 e9 57 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 4c 89 e6 4c 89 e7 e8 d5 f6 ff ff 48 89 c3 e9 19 ff ff ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 0f 1f 44 00 00 55 b8 01
[ 199.276005] RIP [<ffffffff811eb4d3>] propagate_umount+0x143/0x150
[ 199.276005] RSP <ffff88003ad8fe90>
[ 199.297648] ---[ end trace 6262a5eb9740f9d0 ]---

Tags:

CVE References

2016-2384

Revision history for this message

Brad Figg (brad-figg) wrote on 2016-02-03: Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1541313

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status:	New → Incomplete
tags:	added: trusty

Revision history for this message

Nicolas Dichtel (nicolas-dichtel) wrote on 2016-02-03:

It's a kernel panic, so yes, I'm unable to do anything after the bug.

Changed in linux (Ubuntu):
status:	Incomplete → Confirmed

Joseph Salisbury (jsalisbury) on 2016-02-04

Changed in linux (Ubuntu):
importance:	Undecided → High
tags:	added: kernel-da-key
Changed in linux (Ubuntu Trusty):
status:	New → Confirmed
importance:	Undecided → High
status:	Confirmed → Triaged
Changed in linux (Ubuntu):
status:	Confirmed → Triaged

Joseph Salisbury (jsalisbury) on 2016-02-04

Changed in linux (Ubuntu):
status:	Triaged → In Progress
Changed in linux (Ubuntu Trusty):
status:	Triaged → In Progress
assignee:	nobody → Joseph Salisbury (jsalisbury)
Changed in linux (Ubuntu):
assignee:	nobody → Joseph Salisbury (jsalisbury)

Revision history for this message

Joseph Salisbury (jsalisbury) wrote on 2016-02-04:

I built a Trusty test kernel with a cherry-pick of commit da362b09e42e. The test kernel can be downloaded from:

http://kernel.ubuntu.com/~jsalisbury/lp1541313/

Can you test this kernel and see if it resolves this bug?

Thanks in advance!

Revision history for this message

Nicolas Dichtel (nicolas-dichtel) wrote on 2016-02-05:

It does, thank you!

Brad Figg (brad-figg) on 2016-02-16

Changed in linux (Ubuntu Trusty):
status:	In Progress → Fix Committed

Revision history for this message

Brad Figg (brad-figg) wrote on 2016-02-25:

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:

added: verification-needed-trusty

Revision history for this message

Nicolas Dichtel (nicolas-dichtel) wrote on 2016-02-29:

Tests are ok here.

tags:

added: verification-done-trusty
removed: verification-needed-trusty

Joseph Salisbury (jsalisbury) on 2016-03-02

Changed in linux (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-03-14:

Download full text (14.5 KiB)

This bug was fixed in the package linux - 3.13.0-83.127

---------------
linux (3.13.0-83.127) trusty; urgency=low

[ Brad Figg ]

* Release Tracking Bug
- LP: #1555839

[ Florian Westphal ]

  * SAUCE: [nf,v2] netfilter: x_tables: don't rely on well-behaving
    userspace
    - LP: #1555338

linux (3.13.0-82.126) trusty; urgency=low

[ Brad Figg ]

* Release Tracking Bug
- LP: #1554732

[ Upstream Kernel Changes ]

  * Revert "drm/radeon: call hpd_irq_event on resume"
    - LP: #1554608
  * net: generic dev_disable_lro() stacked device handling
    - LP: #1547680

linux (3.13.0-81.125) trusty; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
- LP: #1552316

[ Upstream Kernel Changes ]

  * Revert "firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6"
    - LP: #1551419
  * bcache: Fix a lockdep splat in an error path
    - LP: #1551327

linux (3.13.0-80.124) trusty; urgency=low

[ Brad Figg ]

* Release Tracking Bug
- LP: #1548519

[ Andy Whitcroft ]

  * [Debian] hv: hv_set_ifconfig -- convert to python3
    - LP: #1506521
  * [Debian] hv: hv_set_ifconfig -- switch to approved indentation
    - LP: #1540586
  * [Debian] hv: hv_set_ifconfig -- fix numerous parameter handling issues
    - LP: #1540586

[ Dan Streetman ]

* SAUCE: nbd: ratelimit error msgs after socket close
- LP: #1505564

[ Upstream Kernel Changes ]

This bug was fixed in the package linux - 3.13.0-83.127

---------------
linux (3.13.0-83.127) trusty; urgency=low

[ Brad Figg ]

* Release Tracking Bug
    - LP: #1555839

[ Florian Westphal ]

* SAUCE: [nf,v2] netfilter: x_tables: don't rely on well-behaving
    userspace
    - LP: #1555338

linux (3.13.0-82.126) trusty; urgency=low

[ Brad Figg ]

* Release Tracking Bug
    - LP: #1554732

[ Upstream Kernel Changes ]

* Revert "drm/radeon: call hpd_irq_event on resume"
    - LP: #1554608
  * net: generic dev_disable_lro() stacked device handling
    - LP: #1547680

linux (3.13.0-81.125) trusty; urgency=low

[ Luis Henriques ]

* Release Tracking Bug
    - LP: #1552316

[ Upstream Kernel Changes ]

* Revert "firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6"
    - LP: #1551419
  * bcache: Fix a lockdep splat in an error path
    - LP: #1551327

linux (3.13.0-80.124) trusty; urgency=low

[ Brad Figg ]

* Release Tracking Bug
    - LP: #1548519

[ Andy Whitcroft ]

[ Dan Streetman ]

* SAUCE: nbd: ratelimit error msgs after socket close
    - LP: #1505564

[ Upstream Kernel Changes ]

* Revert "workqueue: make sure delayed work run in local cpu"
    - LP: #1546320
  * [media] gspca: ov534/topro: prevent a division by 0
    - LP: #1542497
  * [media] media: dvb-core: Don't force CAN_INVERSION_AUTO in oneshot mode
    - LP: #1542497
  * tools lib traceevent: Fix output of %llu for 64 bit values read on 32
    bit machines
    - LP: #1542497
  * KVM: x86: correctly print #AC in traces
    - LP: #1542497
  * drm/radeon: call hpd_irq_event on resume
    - LP: #1542497
  * xhci: refuse loading if nousb is used
    - LP: #1542497
  * arm64: Clear out any singlestep state on a ptrace detach operation
    - LP: #1542497
  * time: Avoid signed overflow in timekeeping_get_ns()
    - LP: #1542497
  * rtlwifi: fix memory leak for USB device
    - LP: #1542497
  * wlcore/wl12xx: spi: fix oops on firmware load
    - LP: #1542497
  * EDAC, mc_sysfs: Fix freeing bus' name
    - LP: #1542497
  * EDAC: Don't try to cancel workqueue when it's never setup
    - LP: #1542497
  * EDAC: Robustify workqueues destruction
    - LP: #1542497
  * powerpc: Make value-returning atomics fully ordered
    - LP: #1542497
  * powerpc: Make {cmp}xchg* and their atomic_ versions fully ordered
    - LP: #1542497
  * dm space map metadata: remove unused variable in brb_pop()
    - LP: #1542497
  * dm thin: fix race condition when destroying thin pool workqueue
    - LP: #1542497
  * futex: Drop refcount if requeue_pi() acquired the rtmutex
    - LP: #1542497
  * drm/radeon: clean up fujitsu quirks
    - LP: #1542497
  * mmc: sdio: Fix invalid vdd in voltage switch power cycle
    - LP: #1542497
  * mmc: sdhci: Fix sdhci_runtime_pm_bus_on/off()
    - LP: #1542497
  * udf: limit the maximum number of indirect extents in a row
    - LP: #1542497
  * nfs: Fix race in __update_open_stateid()
    - LP: #1542497
  * USB: cp210x: add ID for ELV Marble Sound Board 1
    - LP: #1542497
  * NFSv4: Don't perform cached access checks before we've OPENed the file
    - LP: #1542497
  * NFS: Fix attribute cache revalidation
    - LP: #1542497
  * posix-clock: Fix return code on the poll method's error path
    - LP: #1542497
  * rtlwifi: rtl8192de: Fix incorrect module parameter descriptions
    - LP: #1542497
  * rtlwifi: rtl8192se: Fix module parameter initialization
    - LP: #1542497
  * rtlwifi: rtl8192ce: Fix handling of module parameters
    - LP: #1542497
  * rtlwifi: rtl8192cu: Add missing parameter setup
    - LP: #1542497
  * bcache: fix a livelock when we cause a huge number of cache misses
    - LP: #1542497
  * bcache: Add a cond_resched() call to gc
    - LP: #1542497
  * bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing
    device
    - LP: #1542497
  * bcache: fix a leak in bch_cached_dev_run()
    - LP: #1542497
  * bcache: unregister reboot notifier if bcache fails to unregister device
    - LP: #1542497
  * bcache: add mutex lock for bch_is_open
    - LP: #1542497
  * bcache: allows use of register in udev to avoid "device_busy" error.
    - LP: #1542497
  * bcache: Change refill_dirty() to always scan entire disk if necessary
    - LP: #1542497
  * wlcore/wl12xx: spi: fix NULL pointer dereference (Oops)
    - LP: #1542497
  * Input: i8042 - add Fujitsu Lifebook U745 to the nomux list
    - LP: #1542497
  * libxfs: pack the agfl header structure so XFS_AGFL_SIZE is correct
    - LP: #1542497
  * x86/xen: don't reset vcpu_info on a cancelled suspend
    - LP: #1542497
  * udf: Prevent buffer overrun with multi-byte characters
    - LP: #1542497
  * udf: Check output buffer length when converting name to CS0
    - LP: #1542497
  * PCI: host: Mark PCIe/PCI (MSI) IRQ cascade handlers as IRQF_NO_THREAD
    - LP: #1542497
  * iwlwifi: update and fix 7265 series PCI IDs
    - LP: #1542497
  * locks: fix unlock when fcntl_setlk races with a close
    - LP: #1542497
  * ASoC: compress: Fix compress device direction check
    - LP: #1542497
  * dm snapshot: fix hung bios when copy error occurs
    - LP: #1542497
  * uml: fix hostfs mknod()
    - LP: #1542497
  * uml: flush stdout before forking
    - LP: #1542497
  * drm/nouveau/kms: take mode_config mutex in connector hotplug path
    - LP: #1542497
  * x86/boot: Double BOOT_HEAP_SIZE to 64KB
    - LP: #1542497
  * s390: fix normalization bug in exception table sorting
    - LP: #1542497
  * xfs: inode recovery readahead can race with inode buffer creation
    - LP: #1542497
  * clocksource/drivers/vt8500: Increase the minimum delta
    - LP: #1542497
  * Input: elantech - mark protocols v2 and v3 as semi-mt
    - LP: #1542497
  * x86/reboot/quirks: Add iMac10,1 to pci_reboot_dmi_table[]
    - LP: #1542497
  * ALSA: seq: Fix missing NULL check at remove_events ioctl
    - LP: #1542497
  * ALSA: seq: Fix race at timer setup and close
    - LP: #1542497
  * virtio_balloon: fix race by fill and leak
    - LP: #1542497
  * virtio_balloon: fix race between migration and ballooning
    - LP: #1542497
  * parisc: Fix __ARCH_SI_PREAMBLE_SIZE
    - LP: #1542497
  * scripts/recordmcount.pl: support data in text section on powerpc
    - LP: #1542497
  * powerpc/module: Handle R_PPC64_ENTRY relocations
    - LP: #1542497
  * ALSA: timer: Fix double unlink of active_list
    - LP: #1542497
  * dmaengine: dw: fix cyclic transfer setup
    - LP: #1542497
  * dmaengine: dw: fix cyclic transfer callbacks
    - LP: #1542497
  * mmc: mmci: fix an ages old detection error
    - LP: #1542497
  * ALSA: timer: Fix race among timer ioctls
    - LP: #1542497
  * sparc64: fix incorrect sign extension in sys_sparc64_personality
    - LP: #1542497
  * cifs: Ratelimit kernel log messages
    - LP: #1542497
  * cifs: fix race between call_async() and reconnect()
    - LP: #1542497
  * cifs_dbg() outputs an uninitialized buffer in cifs_readdir()
    - LP: #1542497
  * m32r: fix m32104ut_defconfig build fail
    - LP: #1542497
  * dma-debug: switch check from _text to _stext
    - LP: #1542497
  * scripts/bloat-o-meter: fix python3 syntax error
    - LP: #1542497
  * ocfs2/dlm: ignore cleaning the migration mle that is inuse
    - LP: #1542497
  * ALSA: timer: Harden slave timer list handling
    - LP: #1542497
  * mm: soft-offline: check return value in second __get_any_page() call
    - LP: #1542497
  * memcg: only free spare array when readers are done
    - LP: #1542497
  * panic: release stale console lock to always get the logbuf printed out
    - LP: #1542497
  * kernel/panic.c: turn off locks debug before releasing console lock
    - LP: #1542497
  * printk: do cond_resched() between lines while outputting to consoles
    - LP: #1542497
  * ALSA: hda - Fix bass pin fixup for ASUS N550JX
    - LP: #1542497
  * crypto: af_alg - Disallow bind/setkey/... after accept(2)
    - LP: #1542497
  * crypto: af_alg - Fix socket double-free when accept fails
    - LP: #1542497
  * crypto: af_alg - Add nokey compatibility path
    - LP: #1542497
  * crypto: hash - Add crypto_ahash_has_setkey
    - LP: #1542497
  * crypto: af_alg - Allow af_af_alg_release_parent to be called on nokey
    path
    - LP: #1542497
  * crypto: af_alg - Forbid bind(2) when nokey child sockets are present
    - LP: #1542497
  * ALSA: hrtimer: Fix stall by hrtimer_cancel()
    - LP: #1542497
  * ALSA: pcm: Fix snd_pcm_hw_params struct copy in compat mode
    - LP: #1542497
  * ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode
    - LP: #1542497
  * ALSA: control: Avoid kernel warnings from tlv ioctl with numid 0
    - LP: #1542497
  * crypto: algif_skcipher - Load TX SG list after waiting
    - LP: #1542497
  * crypto: crc32c - Fix crc32c soft dependency
    - LP: #1542497
  * IB/qib: fix mcast detach when qp not attached
    - LP: #1542497
  * iscsi-target: Fix potential dead-lock during node acl delete
    - LP: #1542497
  * ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with
    ocfs2_unblock_lock
    - LP: #1542497
  * [media] rc: allow rc modules to be loaded if rc-main is not a module
    - LP: #1542497
  * SCSI: initio: remove duplicate module device table
    - LP: #1542497
  * clk: xgene: Fix divider with non-zero shift value
    - LP: #1542497
  * ath9k_htc: check for underflow in ath9k_htc_rx_msg()
    - LP: #1542497
  * mtd: nand: fix ONFI parameter page layout
    - LP: #1542497
  * ALSA: fm801: propagate TUNER_ONLY bit when autodetected
    - LP: #1542497
  * pinctrl: bcm2835: Fix memory leak in error path
    - LP: #1542497
  * kconfig: return 'false' instead of 'no' in bool function
    - LP: #1542497
  * perf/x86: Fix filter_events() bug with event mappings
    - LP: #1542497
  * power: test_power: correctly handle empty writes
    - LP: #1542497
  * firmware: actually return NULL on failed request_firmware_nowait()
    - LP: #1542497
  * mmc: sd: limit SD card power limit according to cards capabilities
    - LP: #1542497
  * Btrfs: clean up an error code in btrfs_init_space_info()
    - LP: #1542497
  * batman-adv: Avoid recursive call_rcu for batadv_bla_claim
    - LP: #1542497
  * batman-adv: Avoid recursive call_rcu for batadv_nc_node
    - LP: #1542497
  * batman-adv: Drop immediate orig_node free function
    - LP: #1542497
  * printk: help pr_debug and pr_devel to optimize out arguments
    - LP: #1542497
  * mmc: debugfs: correct wrong voltage value
    - LP: #1542497
  * IB/mlx4: Initialize hop_limit when creating address handle
    - LP: #1542497
  * veth: don’t modify ip_summed; doing so treats packets with bad
    checksums as good.
    - LP: #1542497
  * sctp: sctp should release assoc when sctp_make_abort_user return NULL
    in sctp_close
    - LP: #1542497
  * connector: bump skb->users before callback invocation
    - LP: #1542497
  * unix: properly account for FDs passed over unix sockets
    - LP: #1542497
  * bridge: Only call /sbin/bridge-stp for the initial network namespace
    - LP: #1542497
  * net: sctp: prevent writes to cookie_hmac_alg from accessing invalid
    memory
    - LP: #1542497
  * tcp_yeah: don't set ssthresh below 2
    - LP: #1542497
  * bonding: Prevent IPv6 link local address on enslaved devices
    - LP: #1542497
  * phonet: properly unshare skbs in phonet_rcv()
    - LP: #1542497
  * ipv6: update skb->csum when CE mark is propagated
    - LP: #1542497
  * team: Replace rcu_read_lock with a mutex in team_vlan_rx_kill_vid
    - LP: #1542497
  * Linux 3.13.11-ckt34
    - LP: #1542497
  * qeth: initialize net_device with carrier off
    - LP: #1541907
  * umount: Do not allow unmounting rootfs.
    - LP: #1541313
  * [media] usbvision fix overflow of interfaces array
    - LP: #1546273
  * [media] usbvision: fix leak of usb_dev on failure paths in
    usbvision_probe()
    - LP: #1546273
  * [media] usbvision: fix crash on detecting device with invalid
    configuration
    - LP: #1546273
  * tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
    - LP: #1546273
  * USB: serial: visor: fix crash on detecting device without write_urbs
    - LP: #1546273
  * ASN.1: Fix non-match detection failure on data overrun
    - LP: #1546273
  * iio: adis_buffer: Fix out-of-bounds memory access
    - LP: #1546273
  * x86/irq: Call chip->irq_set_affinity in proper context
    - LP: #1546273
  * usb: cdc-acm: handle unlinked urb in acm read callback
    - LP: #1546273
  * usb: cdc-acm: send zero packet for intel 7260 modem
    - LP: #1546273
  * cdc-acm:exclude Samsung phone 04e8:685d
    - LP: #1546273
  * usb: hub: do not clear BOS field during reset device
    - LP: #1546273
  * USB: cp210x: add ID for IAI USB to RS485 adaptor
    - LP: #1546273
  * USB: visor: fix null-deref at probe
    - LP: #1546273
  * USB: serial: option: Adding support for Telit LE922
    - LP: #1546273
  * ALSA: seq: Fix incorrect sanity check at snd_seq_oss_synth_cleanup()
    - LP: #1546273
  * ALSA: seq: Degrade the error message for too many opens
    - LP: #1546273
  * USB: serial: ftdi_sio: add support for Yaesu SCU-18 cable
    - LP: #1546273
  * USB: option: fix Cinterion AHxx enumeration
    - LP: #1546273
  * ALSA: compress: Disable GET_CODEC_CAPS ioctl for some architectures
    - LP: #1546273
  * ALSA: usb-audio: Fix TEAC UD-501/UD-503/NT-503 usb delay
    - LP: #1546273
  * arm64: errata: Add -mpc-relative-literal-loads to build flags
    - LP: #1533009, #1546273
  * SCSI: fix crashes in sd and sr runtime PM
    - LP: #1546273
  * n_tty: Fix unsafe reference to "other" ldisc
    - LP: #1546273
  * ALSA: dummy: Disable switching timer backend via sysfs
    - LP: #1546273
  * drm/vmwgfx: respect 'nomodeset'
    - LP: #1546273
  * x86/mm/pat: Avoid truncation when converting cpa->numpages to address
    - LP: #1546273
  * perf annotate browser: Fix behaviour of Shift-Tab with nothing focussed
    - LP: #1546273
  * powerpc/perf: Remove PPMU_HAS_SSLOT flag for Power8
    - LP: #1546273
  * Linux 3.13.11-ckt35
    - LP: #1546273
  * netfilter: bridge: don't use nf_bridge_info data to store mac header
    - LP: #1463911
  * netfilter: bridge: restore vlan tag when refragmenting
    - LP: #1463911
  * netfilter: bridge: forward IPv6 fragmented packets
    - LP: #1463911
  * netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in
    br_validate_ipv6
    - LP: #1463911
  * ALSA: usb-audio: avoid freeing umidi object twice
    - LP: #1546177
    - CVE-2016-2384
  * vmstat: explicitly schedule per-cpu work on the CPU we need it to run
    on
    - LP: #1546320

-- Brad Figg <brad.figg@canonical.com>  Thu, 10 Mar 2016 14:41:56 -0800

Changed in linux (Ubuntu Trusty):
status:	Fix Committed → Fix Released

Po-Hsu Lin (cypressyew) on 2019-10-03

Changed in linux (Ubuntu):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulinux package

kernel panic when umouting rootfs

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
linux package