This bug was fixed in the package linux - 4.4.0-157.185

---------------
linux (4.4.0-157.185) xenial; urgency=medium

  * linux: 4.4.0-157.185 -proposed tracker (LP: #1837476)

  * systemd 229-4ubuntu21.22 ADT test failure with linux 4.4.0-156.183 (storage)
    (LP: #1837235)
    - Revert "block/bio: Do not zero user pages"
    - Revert "block: Clear kernel memory before copying to user"
    - Revert "bio_copy_from_iter(): get rid of copying iov_iter"

linux (4.4.0-156.183) xenial; urgency=medium

  * linux: 4.4.0-156.183 -proposed tracker (LP: #1836880)

  * BCM43602 802.11ac Wireless regression - PCI ID 14e4:43ba (LP: #1836801)
    - brcmfmac: add eth_type_trans back for PCIe full dongle

linux (4.4.0-155.182) xenial; urgency=medium

  * linux: 4.4.0-155.182 -proposed tracker (LP: #1834918)

  * Geneve tunnels don't work when ipv6 is disabled (LP: #1794232)
    - geneve: correctly handle ipv6.disable module parameter

  * Kernel modules generated incorrectly when system is localized to a non-
    English language (LP: #1828084)
    - scripts: override locale from environment when running recordmcount.pl

  * Handle overflow in proc_get_long of sysctl (LP: #1833935)
    - sysctl: handle overflow in proc_get_long

  * Xenial update: 4.4.181 upstream stable release (LP: #1832661)
    - x86/speculation/mds: Revert CPU buffer clear on double fault exit
    - x86/speculation/mds: Improve CPU buffer clear documentation
    - ARM: exynos: Fix a leaked reference by adding missing of_node_put
    - crypto: vmx - fix copy-paste error in CTR mode
    - crypto: crct10dif-generic - fix use via crypto_shash_digest()
    - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
    - ALSA: usb-audio: Fix a memory leak bug
    - ALSA: hda/hdmi - Consider eld_valid when reporting jack event
    - ALSA: hda/realtek - EAPD turn on later
    - ASoC: max98090: Fix restore of DAPM Muxes
    - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
    - mm/mincore.c: make mincore() more conservative
    - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
    - mfd: da9063: Fix OTP control register names to match datasheets for
      DA9063/63L
    - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
    - ext4: actually request zeroing of inode table after grow
    - ext4: fix ext4_show_options for file systems w/o journal
    - Btrfs: do not start a transaction at iterate_extent_inodes()
    - bcache: fix a race between cache register and cacheset unregister
    - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
    - ipmi:ssif: compare block number correctly for multi-part return messages
    - crypto: gcm - Fix error return code in crypto_gcm_create_common()
    - crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
    - crypto: chacha20poly1305 - set cra_name correctly
    - crypto: salsa20 - don't access already-freed walk.iv
    - crypto: arm/aes-neonbs - don't access already-freed walk.iv
    - writeback: synchronize sync(2) against cgroup writeback membership 
switches
    - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going
      into workqueue when umount
    - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
    - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
    - net: avoid weird emergency message
    - net/mlx4_core: Change the error print to info print
    - ppp: deflate: Fix possible crash in deflate_init
    - tipc: switch order of device registration to fix a crash
    - tipc: fix modprobe tipc failed after switch order of device registration
    - stm class: Fix channel free in stm output free path
    - md: add mddev->pers to avoid potential NULL pointer dereference
    - intel_th: msu: Fix single mode with IOMMU
    - of: fix clang -Wunsequenced for be32_to_cpu()
    - cifs: fix strcat buffer overflow and reduce raciness in
      smb21_set_oplock_level()
    - media: ov6650: Fix sensor possibly not detected on probe
    - NFS4: Fix v4.0 client state corruption when mount
    - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
    - fuse: fix writepages on 32bit
    - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
    - iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
    - ceph: flush dirty inodes before proceeding with remount
    - tracing: Fix partial reading of trace event's id file
    - memory: tegra: Fix integer overflow on tick value calculation
    - perf intel-pt: Fix instructions sampling rate
    - perf intel-pt: Fix improved sample timestamp
    - perf intel-pt: Fix sample timestamp wrt non-taken branches
    - fbdev: sm712fb: fix brightness control on reboot, don't set SR30
    - fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
    - fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
    - fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
    - fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping
      VRAM
    - fbdev: sm712fb: fix support for 1024x768-16 mode
    - fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
    - fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
    - PCI: Mark Atheros AR9462 to avoid bus reset
    - dm delay: fix a crash when invalid device is specified
    - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
    - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
    - vti4: ipip tunnel deregistration fixes.
    - xfrm4: Fix uninitialized memory read in _decode_session4
    - KVM: arm/arm64: Ensure vcpu target is unset on reset failure
    - power: supply: sysfs: prevent endless uevent loop with
      CONFIG_POWER_SUPPLY_DEBUG
    - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
    - perf bench numa: Add define for RUSAGE_THREAD if not present
    - Revert "Don't jump to compute_result state from check_result state"
    - md/raid: raid5 preserve the writeback action after the parity check
    - btrfs: Honour FITRIM range constraints during free space trim
    - fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
    - ext4: do not delete unlinked inode from orphan list on failed truncate
    - KVM: x86: fix return value for reserved EFER
    - bio: fix improper use of smp_mb__before_atomic()
    - Revert "scsi: sd: Keep disk read-only when re-reading partition"
    - crypto: vmx - CTR: always increment IV as quadword
    - gfs2: Fix sign extension bug in gfs2_update_stats
    - Btrfs: fix race between ranged fsync and writeback of adjacent ranges
    - btrfs: sysfs: don't leak memory when failing add fsid
    - fbdev: fix divide error in fb_var_to_videomode
    - hugetlb: use same fault hash key for shared and private mappings
    - fbdev: fix WARNING in __alloc_pages_nodemask bug
    - media: cpia2: Fix use-after-free in cpia2_exit
    - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
    - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
    - at76c50x-usb: Don't register led_trigger if usb_register_driver failed
    - perf tools: No need to include bitops.h in util.h
    - gfs2: Fix lru_count going negative
    - cxgb4: Fix error path in cxgb4_init_module
    - mmc: core: Verify SD bus width
    - powerpc/boot: Fix missing check of lseek() return value
    - ASoC: imx: fix fiq dependencies
    - spi: pxa2xx: fix SCR (divisor) calculation
    - brcm80211: potential NULL dereference in
      brcmf_cfg80211_vndr_cmds_dcmd_handler()
    - rtc: 88pm860x: prevent use-after-free on device remove
    - w1: fix the resume command API
    - dmaengine: pl330: _stop: clear interrupt status
    - mac80211/cfg80211: update bss channel on channel switch
    - ASoC: fsl_sai: Update is_slave_mode with correct value
    - mwifiex: prevent an array overflow
    - net: cw1200: fix a NULL pointer dereference
    - bcache: return error immediately in bch_journal_replay()
    - bcache: fix failure in journal relplay
    - bcache: add failure check to run_cache_set() for journal replay
    - bcache: avoid clang -Wunintialized warning
    - x86/build: Move _etext to actual end of .text
    - smpboot: Place the __percpu annotation correctly
    - x86/mm: Remove in_nmi() warning from 64-bit implementation of
      vmalloc_fault()
    - mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC
      versions
    - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
    - pinctrl: pistachio: fix leaked of_node references
    - dmaengine: at_xdmac: remove BUG_ON macro in tasklet
    - media: coda: clear error return value before picture run
    - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
    - media: au0828: stop video streaming only when last user stops
    - media: ov2659: make S_FMT succeed even if requested format doesn't match
    - audit: fix a memory leak bug
    - media: au0828: Fix NULL pointer dereference in 
au0828_analog_stream_enable()
    - media: pvrusb2: Prevent a buffer overflow
    - powerpc/numa: improve control of topology updates
    - sched/core: Check quota and period overflow at usec to nsec conversion
    - sched/core: Handle overflow in cpu_shares_write_u64
    - USB: core: Don't unbind interfaces following device reset failure
    - x86/irq/64: Limit IST stack overflow check to #DB stack
    - i40e: don't allow changes to HW VLAN stripping on active port VLANs
    - RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
    - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
    - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
    - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
    - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
    - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
    - scsi: libsas: Do discovery on empty PHY to update PHY info
    - mmc_spi: add a status check for spi_sync_locked
    - mmc: sdhci-of-esdhc: add erratum eSDHC5 support
    - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
    - PM / core: Propagate dev->power.wakeup_path when no callbacks
    - extcon: arizona: Disable mic detect if running when driver is removed
    - s390: cio: fix cio_irb declaration
    - cpufreq: ppc_cbe: fix possible object reference leak
    - cpufreq/pasemi: fix possible object reference leak
    - cpufreq: pmac32: fix possible object reference leak
    - x86/build: Keep local relocations with ld.lld
    - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
    - iio: hmc5843: fix potential NULL pointer dereferences
    - iio: common: ssp_sensors: Initialize calculated_time in
      ssp_common_process_data
    - rtlwifi: fix a potential NULL pointer dereference
    - brcmfmac: fix missing checks for kmemdup
    - b43: shut up clang -Wuninitialized variable warning
    - brcmfmac: convert dev_init_lock mutex to completion
    - brcmfmac: fix race during disconnect when USB completion is in progress
    - scsi: ufs: Fix regulator load and icc-level configuration
    - scsi: ufs: Avoid configuring regulator with undefined voltage range
    - arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
    - x86/ia32: Fix ia32_restore_sigcontext() AC leak
    - chardev: add additional check for minor range overlap
    - HID: core: move Usage Page concatenation to Main item
    - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
    - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
    - cxgb3/l2t: Fix undefined behaviour
    - spi: tegra114: reset controller on probe
    - media: wl128x: prevent two potential buffer overflows
    - virtio_console: initialize vtermno value for ports
    - tty: ipwireless: fix missing checks for ioremap
    - rcutorture: Fix cleanup path for invalid torture_type strings
    - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
    - scsi: qla4xxx: avoid freeing unallocated dma memory
    - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
    - media: go7007: avoid clang frame overflow warning with KASAN
    - media: saa7146: avoid high stack usage with clang
    - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
    - spi : spi-topcliff-pch: Fix to handle empty DMA buffers
    - spi: rspi: Fix sequencer reset during initialization
    - spi: Fix zero length xfer bug
    - ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
    - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
    - llc: fix skb leak in llc_build_and_send_ui_pkt()
    - net-gro: fix use-after-free read in napi_gro_frags()
    - net: stmmac: fix reset gpio free missing
    - usbnet: fix kernel crash after disconnect
    - tipc: Avoid copying bytes beyond the supplied data
    - bnxt_en: Fix aggregation buffer leak under OOM condition.
    - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
    - crypto: vmx - ghash: do nosimd fallback manually
    - xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
    - Revert "tipc: fix modprobe tipc failed after switch order of device
      registration"
    - tipc: fix modprobe tipc failed after switch order of device registration 
-v2
    - sparc64: Fix regression in non-hypervisor TLB flush xcall
    - include/linux/bitops.h: sanitize rotate primitives
    - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
    - usb: xhci: avoid null pointer deref when bos field is NULL
    - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
    - USB: sisusbvga: fix oops in error path of sisusb_probe
    - USB: Add LPM quirk for Surface Dock GigE adapter
    - USB: rio500: refuse more than one device at a time
    - USB: rio500: fix memory leak in close after disconnect
    - media: usb: siano: Fix general protection fault in smsusb
    - media: usb: siano: Fix false-positive "uninitialized variable" warning
    - media: smsusb: better handle optional alignment
    - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
    - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only 
sdevs)
    - Btrfs: fix race updating log root item during fsync
    - ALSA: hda/realtek - Set default power save node to 0
    - drm/nouveau/i2c: Disable i2c bus access after ->fini()
    - tty: serial: msm_serial: Fix XON/XOFF
    - tty: max310x: Fix external crystal register setup
    - memcg: make it work on sparse non-0-node systems
    - kernel/signal.c: trace_signal_deliver when signal_group_exit
    - CIFS: cifs_read_allocate_pages: don't iterate through whole page array on
      ENOMEM
    - binder: Replace "%p" with "%pK" for stable
    - binder: replace "%p" with "%pK"
    - brcmfmac: Add length checks on firmware events
    - brcmfmac: screening firmware event packet
    - brcmfmac: revise handling events in receive path
    - brcmfmac: fix incorrect event channel deduction
    - brcmfmac: add length checks in scheduled scan result handler
    - brcmfmac: add subtype check for event handling in data path
    - userfaultfd: don't pin the user memory in userfaultfd_file_create()
    - Revert "x86/build: Move _etext to actual end of .text"
    - net: cdc_ncm: GetNtbFormat endian fix
    - usb: gadget: fix request length error for isoc transfer
    - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
    - ethtool: fix potential userspace buffer overflow
    - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
    - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
    - net: rds: fix memory leak in rds_ib_flush_mr_pool
    - pktgen: do not sleep with the thread lock held.
    - rcu: locking and unlocking need to always be at least barriers
    - parisc: Use implicit space register selection for loading the coherence
      index of I/O pdirs
    - fuse: fallocate: fix return with locked inode
    - MIPS: pistachio: Build uImage.gz by default
    - genwqe: Prevent an integer overflow in the ioctl
    - drm/gma500/cdv: Check vbt config bits when detecting lvds panels
    - fs: stream_open - opener for stream-like files so that read and write can
      run simultaneously without deadlock
    - fuse: Add FOPEN_STREAM to use stream_open()
    - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
    - ethtool: check the return value of get_regs_len
    - Linux 4.4.181

  * CVE-2019-2054
    - arm/ptrace: run seccomp after ptrace

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - x86/speculation: Remove redundant arch_smt_update() invocation

  * Revert x86/vdso linker changes from #1830890 as this causes glibc
    2.29-0ubuntu3 FTBFS on eoan (LP: #1834315)
    - Revert "x86/vdso: Pass --eh-frame-hdr to the linker"
    - Revert "x86: vdso: Use $LD instead of $CC to link"

  * CONFIG_LOG_BUF_SHIFT set to 14 is too low on arm64 (LP: #1824864)
    - [Config] CONFIG_LOG_BUF_SHIFT=18 on all 64bit arches

  * CVE-2019-11833
    - ext4: zero out the unused memory region in the extent tree block

  * idle-page oopses when accessing page frames that are out of range
    (LP: #1833410)
    - mm/page_idle.c: fix oops because end_pfn is larger than max_pfn

  * Performance degradation when copying from LVM snapshot backed by NVMe disk
    (LP: #1833319)
    - NVMe: Allow request merges

  * Bluetooth regressions with Xenial kernel 4.4.0-152.179 (LP: #1833698)
    - Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR
      connections"

  * 4.4.0-145-generic Kernel Panic  ip6_expire_frag_queue (LP: #1824687)
    - SAUCE: ipv6: frags: fix skb extraction in ip6_expire_frag_queue()

  * [Xenial] Customer can not SSH to Linux VM due to "VSC State Unhealthy"
    (LP: #1826416)
    - vmbus: fix missing signaling in hv_signal_on_read()

  * Xenial update: 4.4.180 upstream stable release (LP: #1830176)
    - kbuild: simplify ld-option implementation
    - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
    - cifs: do not attempt cifs operation on smb2+ rename error
    - MIPS: scall64-o32: Fix indirect syscall number load
    - trace: Fix preempt_enable_no_resched() abuse
    - sched/numa: Fix a possible divide-by-zero
    - ceph: ensure d_name stability in ceph_dentry_hash()
    - ceph: fix ci->i_head_snapc leak
    - nfsd: Don't release the callback slot unless it was actually held
    - sunrpc: don't mark uninitialised items as VALID.
    - USB: Add new USB LPM helpers
    - USB: Consolidate LPM checks to avoid enabling LPM twice
    - powerpc/xmon: Add RFI flush related fields to paca dump
    - powerpc/64s: Improve RFI L1-D cache flush fallback
    - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
    - Revert "UBUNTU: SAUCE: powerpc/64s: Add support for a store forwarding
      barrier at kernel entry/exit"
    - powerpc/64s: Add support for a store forwarding barrier at kernel 
entry/exit
    - powerpc/64s: Add barrier_nospec
    - powerpc/64s: Add support for ori barrier_nospec patching
    - powerpc/64s: Patch barrier_nospec in modules
    - powerpc/64s: Enable barrier_nospec based on firmware settings
    - powerpc/64: Use barrier_nospec in syscall entry
    - powerpc: Use barrier_nospec in copy_from_user()
    - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
    - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
    - powerpc/64: Disable the speculation barrier from the command line
    - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
    - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
    - powerpc/64: Call setup_barrier_nospec() from setup_arch()
    - powerpc/64: Make meltdown reporting Book3S 64 specific
    - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
    - powerpc/asm: Add a patch_site macro & helpers for patching instructions
    - powerpc/64s: Add new security feature flags for count cache flush
    - powerpc/64s: Add support for software count cache flush
    - powerpc/pseries: Query hypervisor for count cache flush settings
    - powerpc/powernv: Query firmware for count cache flush settings
    - powerpc: Avoid code patching freed init sections
    - powerpc/fsl: Add infrastructure to fixup branch predictor flush
    - powerpc/fsl: Add macro to flush the branch predictor
    - powerpc/fsl: Fix spectre_v2 mitigations reporting
    - powerpc/fsl: Add nospectre_v2 command line argument
    - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
    - powerpc/fsl: Update Spectre v2 reporting
    - powerpc/security: Fix spectre_v2 reporting
    - powerpc/fsl: Fix the flush of branch predictor.
    - tipc: handle the err returned from cmd header function
    - slip: make slhc_free() silently accept an error pointer
    - intel_th: gth: Fix an off-by-one in output unassigning
    - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
    - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
    - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
    - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
    - tipc: check link name with right length in tipc_nl_compat_link_set
    - bpf: reject wrong sized filters earlier
    - Revert "block/loop: Use global lock for ioctl() operation."
    - ipv4: add sanity checks in ipv4_link_failure()
    - team: fix possible recursive locking when add slaves
    - net: stmmac: move stmmac_check_ether_addr() to driver probe
    - ipv4: set the tcp_min_rtt_wlen range from 0 to one day
    - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
    - powerpc/fsl: Flush branch predictor when entering KVM
    - powerpc/fsl: Emulate SPRN_BUCSR register
    - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
    - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
    - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
    - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot 
arg
    - Documentation: Add nospectre_v1 parameter
    - usbnet: ipheth: prevent TX queue timeouts when device not ready
    - usbnet: ipheth: fix potential null pointer dereference in 
ipheth_carrier_set
    - qlcnic: Avoid potential NULL pointer dereference
    - netfilter: bridge: set skb transport_header before entering
      NF_INET_PRE_ROUTING
    - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
    - usb: gadget: net2280: Fix overrun of OUT messages
    - usb: gadget: net2280: Fix net2280_dequeue()
    - usb: gadget: net2272: Fix net2272_dequeue()
    - ARM: dts: pfla02: increase phy reset duration
    - net: ks8851: Dequeue RX packets explicitly
    - net: ks8851: Reassert reset pin if chip ID check fails
    - net: ks8851: Delay requesting IRQ until opened
    - net: ks8851: Set initial carrier state to down
    - net: xilinx: fix possible object reference leak
    - net: ibm: fix possible object reference leak
    - net: ethernet: ti: fix possible object reference leak
    - scsi: qla4xxx: fix a potential NULL pointer dereference
    - usb: u132-hcd: fix resource leak
    - ceph: fix use-after-free on symlink traversal
    - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
    - libata: fix using DMA buffers on stack
    - kconfig/[mn]conf: handle backspace (^H) key
    - ALSA: line6: use dynamic buffers
    - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
    - ipv6/flowlabel: wait rcu grace period before put_pid()
    - ipv6: invert flowlabel sharing check in process and user mode
    - bnxt_en: Improve multicast address setup logic.
    - packet: validate msg_namelen in send directly
    - USB: yurex: Fix protection fault after device removal
    - USB: w1 ds2490: Fix bug caused by improper use of altsetting array
    - USB: core: Fix unterminated string returned by usb_string()
    - USB: core: Fix bug caused by duplicate interface PM usage counter
    - HID: debug: fix race condition with between rdesc_show() and device 
removal
    - rtc: sh: Fix invalid alarm warning for non-enabled alarm
    - bonding: show full hw address in sysfs for slave entries
    - jffs2: fix use-after-free on symlink traversal
    - debugfs: fix use-after-free on symlink traversal
    - rtc: da9063: set uie_unsupported when relevant
    - vfio/pci: use correct format characters
    - scsi: storvsc: Fix calculation of sub-channel count
    - net: hns: Use NAPI_POLL_WEIGHT for hns driver
    - net: hns: Fix WARNING when remove HNS driver with SMMU enabled
    - hugetlbfs: fix memory leak for resv_map
    - xsysace: Fix error handling in ace_setup
    - ARM: orion: don't use using 64-bit DMA masks
    - ARM: iop: don't use using 64-bit DMA masks
    - usb: usbip: fix isoc packet num validation in get_pipe
    - staging: iio: adt7316: allow adt751x to use internal vref for all dacs
    - staging: iio: adt7316: fix the dac read calculation
    - staging: iio: adt7316: fix the dac write calculation
    - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
    - selinux: never allow relabeling on context mounts
    - x86/mce: Improve error message when kernel cannot recover, p2
    - media: v4l2: i2c: ov7670: Fix PLL bypass register values
    - scsi: libsas: fix a race condition when smp task timeout
    - ASoC:soc-pcm:fix a codec fixup issue in TDM case
    - ASoC: cs4270: Set auto-increment bit for register writes
    - ASoC: tlv320aic32x4: Fix Common Pins
    - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
    - scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
    - iommu/amd: Set exclusion range correctly
    - genirq: Prevent use-after-free and work list corruption
    - usb: dwc3: Fix default lpm_nyet_threshold value
    - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
    - Bluetooth: hidp: fix buffer overflow
    - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
    - UAS: fix alignment of scatter/gather segments
    - ipv6: fix a potential deadlock in do_ipv6_setsockopt()
    - ASoC: Intel: avoid Oops if DMA setup fails
    - timer/debug: Change /proc/timer_stats from 0644 to 0600
    - netfilter: compat: initialize all fields in xt_init
    - platform/x86: sony-laptop: Fix unintentional fall-through
    - iio: adc: xilinx: fix potential use-after-free on remove
    - HID: input: add mapping for Expose/Overview key
    - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
    - libnvdimm/btt: Fix a kmemdup failure check
    - s390/dasd: Fix capacity calculation for large volumes
    - s390/3270: fix lockdep false positive on view->lock
    - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in
      tracing
    - tools lib traceevent: Fix missing equality check for strcmp
    - init: initialize jump labels before command line option parsing
    - ipvs: do not schedule icmp errors from tunnels
    - s390: ctcm: fix ctcm_new_device error return code
    - gpu: ipu-v3: dp: fix CSC handling
    - cw1200: fix missing unlock on error in cw1200_hw_scan()
    - Don't jump to compute_result state from check_result state
    - x86/microcode/intel: Add a helper which gives the microcode revision
    - x86: stop exporting msr-index.h to userland
    - x86/microcode/intel: Check microcode revision before updating sibling
      threads
    - x86/MCE: Save microcode revision in machine check records
    - x86/bugs: Add AMD's variant of SSB_NO
    - x86/bugs: Add AMD's SPEC_CTRL MSR usage
    - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU 
features
    - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
    - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
    - x86/microcode: Update the new microcode revision unconditionally
    - x86/mm: Use WRITE_ONCE() when setting PTEs
    - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
    - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
    - x86/speculation: Propagate information about RSB filling mitigation to 
sysfs
    - x86/speculation: Update the TIF_SSBD comment
    - x86/speculation: Clean up spectre_v2_parse_cmdline()
    - x86/speculation: Move STIPB/IBPB string conditionals out of
      cpu_show_common()
    - x86/speculation: Disable STIBP when enhanced IBRS is in use
    - x86/speculation: Rename SSBD update functions
    - x86/speculation: Reorganize speculation control MSRs update
    - x86/Kconfig: Select SCHED_SMT if SMP enabled
    - x86/speculation: Mark string arrays const correctly
    - x86/speculataion: Mark command line parser data __initdata
    - x86/speculation: Add command line control for indirect branch speculation
    - x86/speculation: Prepare for per task indirect branch speculation control
    - x86/process: Consolidate and simplify switch_to_xtra() code
    - x86/speculation: Avoid __switch_to_xtra() calls
    - x86/speculation: Prepare for conditional IBPB in switch_mm()
    - x86/speculation: Split out TIF update
    - x86/speculation: Prepare arch_smt_update() for PRCTL mode
    - x86/speculation: Prevent stale SPEC_CTRL msr content
    - x86/speculation: Add prctl() control for indirect branch speculation
    - x86/speculation: Enable prctl mode for spectre_v2_user
    - x86/speculation: Add seccomp Spectre v2 user space protection mode
    - x86/speculation: Provide IBPB always command line options
    - x86/cpu/bugs: Use __initconst for 'const' init data
    - USB: serial: use variable for status
    - USB: serial: fix unthrottle races
    - bridge: Fix error path for kobject_init_and_add()
    - net: ucc_geth - fix Oops when changing number of buffers in the ring
    - packet: Fix error path in packet_init
    - vlan: disable SIOCSHWTSTAMP in container
    - vrf: sit mtu should not be updated when vrf netdev is the link
    - ipv4: Fix raw socket lookup for local traffic
    - bonding: fix arp_validate toggling in active-backup mode
    - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
    - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
    - powerpc/booke64: set RI in default MSR
    - powerpc/lib: fix book3s/32 boot failure due to code patching
    - Linux 4.4.180
    - SAUCE: Clarify IBRS/IBPB runtime state change messages
    - SAUCE: x86/speculation: Move STIBP hunks
    - SAUCE: powerpc/speculation: Support 'mitigations=' cmdline option
    - SAUCE: x86/speculation: Update 'mitigations=' documentation
    - SAUCE: Show 'pti' instead of 'kaiser' in /proc/cpuinfo
    - SAUCE: perf/bench: Drop definition of BIT in numa.c
    - SAUCE: x86/speculation: Fix SSB command line documentation

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091
    - SAUCE: Synchronize MDS mitigations with upstream
    - Documentation: Correct the possible MDS sysfs values
    - x86/speculation/mds: Fix documentation typo

  * CVE-2019-11091
    - x86/mds: Add MDSUM variant to the MDS documentation

 -- Stefan Bader <stefan.ba...@canonical.com>  Tue, 23 Jul 2019 10:55:25
+0200

** Changed in: linux (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12126

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12127

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12130

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11091

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11833

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-2054

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1824687

Title:
  4.4.0-145-generic Kernel Panic  ip6_expire_frag_queue

Status in linux package in Ubuntu:
  Triaged
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Cosmic:
  Incomplete
Status in linux source package in Disco:
  Triaged

Bug description:
  [SRU Justification]

  == Impact ==

  Since 05c0b86b96 "ipv6: frags: rewrite ip6_expire_frag_queue()" the
  16.04/4.4 kernel crashes whenever that functions gets called (on busy
  systems this can be every 3-4 hours). While this potentially affects
  Cosmic and later, too, the fix differs on later kernels (Bionic is not
  yet affected as it does not yet carry updates to the frags handling).

  == Fix ==

  For Xenial and Cosmic, the proposed fix would be additional changes to 
ip6_expipre_frag_queue(), taken from follow-up changes to ip_expire().
  For Disco, I would hold back because we have a backlog of stable patches 
there and depending on what got backported to 5.0.y there would be a simpler 
fix.
  For current development kernels, one just needs to ensure that the following 
upstream change is included: 47d3d7fdb10a "ip6: fix skb leak in 
ip6frag_expire_frag_queue()".

  == Testcase ==

  Unfortunately this could not be re-created locally. But a test kernel
  which had the proposed fix applied was showing good testing (see
  comment #37 and #38).

  == Risk of Regression ==

  The modified function is only called in rare cases and the positive
  testing in production would cover this. So I would consider it low.

  ---

  Description:  Ubuntu 16.04.6 LTS
  Release:      16.04

  After upgrading our server to this Kernel we experience frequent Kernel 
panics (Attachment).
  Every 3 hours.
  Our machine has a throuput of about 600 Mbits/s
  The Panics are around the area of ip6_expire_frag_queue.

    __pskb_pull_tail
    ip6_dst_lookup_tail
    _decode_session6
    __xfrm_decode_session
    icmpv6_route_lookup
    icmp6_send

  It seems similar to Bug Report in Debian.
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922488

  According to the bug finder of above bug it also occurred after using a 
Kernel with the change of
  rewrite ip6_expire_frag_queue()

  Intermediate solution. We disabled IPv6 on this machine to avoid further 
Panics.
  Please let me know what information is missing. The ubuntu-bug linux was 
send. And I hope it is attached to this report.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: linux-image-4.4.0-145-generic 4.4.0-145.171
  ProcVersionSignature: Ubuntu 4.4.0-145.171-generic 4.4.176
  Uname: Linux 4.4.0-145-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.18
  Architecture: amd64
  Date: Sun Apr 14 11:40:11 2019
  InstallationDate: Installed on 2018-03-18 (391 days ago)
  InstallationMedia: Ubuntu-Server 16.04.4 LTS "Xenial Xerus" - Release amd64 
(20180228)
  ProcEnviron:
   LANGUAGE=en_GB:en
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  SourcePackage: linux-signed
  UpgradeStatus: Upgraded to xenial on 2018-10-21 (174 days ago)
  ---
  AlsaDevices:
   total 0
   crw-rw---- 1 root audio 116,  1 Apr 12 21:04 seq
   crw-rw---- 1 root audio 116, 33 Apr 12 21:04 timer
  AplayDevices: Error: [Errno 2] No such file or directory
  ApportVersion: 2.20.1-0ubuntu2.18
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', 
'/dev/snd/timer'] failed with exit code 1:
  DistroRelease: Ubuntu 16.04
  HibernationDevice: RESUME=/dev/mapper/tor3--vg-swap_1
  InstallationDate: Installed on 2018-03-18 (393 days ago)
  InstallationMedia: Ubuntu-Server 16.04.4 LTS "Xenial Xerus" - Release amd64 
(20180228)
  IwConfig: Error: [Errno 2] No such file or directory
  Lsusb:
   Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
   Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
   Bus 001 Device 003: ID 0557:2221 ATEN International Co., Ltd Winbond Hermon
   Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
   Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
  MachineType: Supermicro X9SRE/X9SRE-3F/X9SRi/X9SRi-3F
  Package: linux (not installed)
  PciMultimedia:

  ProcEnviron:
   LANGUAGE=en_GB:en
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 VESA VGA
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.4.0-145-generic 
root=/dev/mapper/hostname--vg-root ro
  ProcVersionSignature: Ubuntu 4.4.0-145.171-generic 4.4.176
  RelatedPackageVersions:
   linux-restricted-modules-4.4.0-145-generic N/A
   linux-backports-modules-4.4.0-145-generic  N/A
   linux-firmware                             1.157.21
  RfKill: Error: [Errno 2] No such file or directory
  Tags:  xenial xenial
  Uname: Linux 4.4.0-145-generic x86_64
  UpgradeStatus: Upgraded to xenial on 2018-10-21 (176 days ago)
  UserGroups:

  _MarkForUpload: True
  dmi.bios.date: 10/08/2012
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: 1.0c
  dmi.board.asset.tag: To be filled by O.E.M.
  dmi.board.name: X9SRE/X9SRE-3F/X9SRi/X9SRi-3F
  dmi.board.vendor: Supermicro
  dmi.board.version: 1.2
  dmi.chassis.asset.tag: To Be Filled By O.E.M.
  dmi.chassis.type: 3
  dmi.chassis.vendor: Supermicro
  dmi.chassis.version: 0123456789
  dmi.modalias: 
dmi:bvnAmericanMegatrendsInc.:bvr1.0c:bd10/08/2012:svnSupermicro:pnX9SRE/X9SRE-3F/X9SRi/X9SRi-3F:pvr0123456789:rvnSupermicro:rnX9SRE/X9SRE-3F/X9SRi/X9SRi-3F:rvr1.2:cvnSupermicro:ct3:cvr0123456789:
  dmi.product.name: X9SRE/X9SRE-3F/X9SRi/X9SRi-3F
  dmi.product.version: 0123456789
  dmi.sys.vendor: Supermicro

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824687/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to     : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

Reply via email to