This bug was fixed in the package linux - 4.4.0-157.185 --------------- linux (4.4.0-157.185) xenial; urgency=medium
* linux: 4.4.0-157.185 -proposed tracker (LP: #1837476) * systemd 229-4ubuntu21.22 ADT test failure with linux 4.4.0-156.183 (storage) (LP: #1837235) - Revert "block/bio: Do not zero user pages" - Revert "block: Clear kernel memory before copying to user" - Revert "bio_copy_from_iter(): get rid of copying iov_iter" linux (4.4.0-156.183) xenial; urgency=medium * linux: 4.4.0-156.183 -proposed tracker (LP: #1836880) * BCM43602 802.11ac Wireless regression - PCI ID 14e4:43ba (LP: #1836801) - brcmfmac: add eth_type_trans back for PCIe full dongle linux (4.4.0-155.182) xenial; urgency=medium * linux: 4.4.0-155.182 -proposed tracker (LP: #1834918) * Geneve tunnels don't work when ipv6 is disabled (LP: #1794232) - geneve: correctly handle ipv6.disable module parameter * Kernel modules generated incorrectly when system is localized to a non- English language (LP: #1828084) - scripts: override locale from environment when running recordmcount.pl * Handle overflow in proc_get_long of sysctl (LP: #1833935) - sysctl: handle overflow in proc_get_long * Xenial update: 4.4.181 upstream stable release (LP: #1832661) - x86/speculation/mds: Revert CPU buffer clear on double fault exit - x86/speculation/mds: Improve CPU buffer clear documentation - ARM: exynos: Fix a leaked reference by adding missing of_node_put - crypto: vmx - fix copy-paste error in CTR mode - crypto: crct10dif-generic - fix use via crypto_shash_digest() - crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() - ALSA: usb-audio: Fix a memory leak bug - ALSA: hda/hdmi - Consider eld_valid when reporting jack event - ALSA: hda/realtek - EAPD turn on later - ASoC: max98090: Fix restore of DAPM Muxes - ASoC: RT5677-SPI: Disable 16Bit SPI Transfers - mm/mincore.c: make mincore() more conservative - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget - mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L - tty/vt: fix write/write race in ioctl(KDSKBSENT) handler - ext4: actually request zeroing of inode table after grow - ext4: fix ext4_show_options for file systems w/o journal - Btrfs: do not start a transaction at iterate_extent_inodes() - bcache: fix a race between cache register and cacheset unregister - bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() - ipmi:ssif: compare block number correctly for multi-part return messages - crypto: gcm - Fix error return code in crypto_gcm_create_common() - crypto: gcm - fix incompatibility between "gcm" and "gcm_base" - crypto: chacha20poly1305 - set cra_name correctly - crypto: salsa20 - don't access already-freed walk.iv - crypto: arm/aes-neonbs - don't access already-freed walk.iv - writeback: synchronize sync(2) against cgroup writeback membership switches - fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount - ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug - KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes - net: avoid weird emergency message - net/mlx4_core: Change the error print to info print - ppp: deflate: Fix possible crash in deflate_init - tipc: switch order of device registration to fix a crash - tipc: fix modprobe tipc failed after switch order of device registration - stm class: Fix channel free in stm output free path - md: add mddev->pers to avoid potential NULL pointer dereference - intel_th: msu: Fix single mode with IOMMU - of: fix clang -Wunsequenced for be32_to_cpu() - cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() - media: ov6650: Fix sensor possibly not detected on probe - NFS4: Fix v4.0 client state corruption when mount - clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider - fuse: fix writepages on 32bit - fuse: honor RLIMIT_FSIZE in fuse_file_fallocate - iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114 - ceph: flush dirty inodes before proceeding with remount - tracing: Fix partial reading of trace event's id file - memory: tegra: Fix integer overflow on tick value calculation - perf intel-pt: Fix instructions sampling rate - perf intel-pt: Fix improved sample timestamp - perf intel-pt: Fix sample timestamp wrt non-taken branches - fbdev: sm712fb: fix brightness control on reboot, don't set SR30 - fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75 - fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F - fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA - fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM - fbdev: sm712fb: fix support for 1024x768-16 mode - fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display - fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting - PCI: Mark Atheros AR9462 to avoid bus reset - dm delay: fix a crash when invalid device is specified - xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink - xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module - vti4: ipip tunnel deregistration fixes. - xfrm4: Fix uninitialized memory read in _decode_session4 - KVM: arm/arm64: Ensure vcpu target is unset on reset failure - power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG - ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour - perf bench numa: Add define for RUSAGE_THREAD if not present - Revert "Don't jump to compute_result state from check_result state" - md/raid: raid5 preserve the writeback action after the parity check - btrfs: Honour FITRIM range constraints during free space trim - fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough - ext4: do not delete unlinked inode from orphan list on failed truncate - KVM: x86: fix return value for reserved EFER - bio: fix improper use of smp_mb__before_atomic() - Revert "scsi: sd: Keep disk read-only when re-reading partition" - crypto: vmx - CTR: always increment IV as quadword - gfs2: Fix sign extension bug in gfs2_update_stats - Btrfs: fix race between ranged fsync and writeback of adjacent ranges - btrfs: sysfs: don't leak memory when failing add fsid - fbdev: fix divide error in fb_var_to_videomode - hugetlb: use same fault hash key for shared and private mappings - fbdev: fix WARNING in __alloc_pages_nodemask bug - media: cpia2: Fix use-after-free in cpia2_exit - media: vivid: use vfree() instead of kfree() for dev->bitmap_cap - ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit - at76c50x-usb: Don't register led_trigger if usb_register_driver failed - perf tools: No need to include bitops.h in util.h - gfs2: Fix lru_count going negative - cxgb4: Fix error path in cxgb4_init_module - mmc: core: Verify SD bus width - powerpc/boot: Fix missing check of lseek() return value - ASoC: imx: fix fiq dependencies - spi: pxa2xx: fix SCR (divisor) calculation - brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() - rtc: 88pm860x: prevent use-after-free on device remove - w1: fix the resume command API - dmaengine: pl330: _stop: clear interrupt status - mac80211/cfg80211: update bss channel on channel switch - ASoC: fsl_sai: Update is_slave_mode with correct value - mwifiex: prevent an array overflow - net: cw1200: fix a NULL pointer dereference - bcache: return error immediately in bch_journal_replay() - bcache: fix failure in journal relplay - bcache: add failure check to run_cache_set() for journal replay - bcache: avoid clang -Wunintialized warning - x86/build: Move _etext to actual end of .text - smpboot: Place the __percpu annotation correctly - x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() - mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions - HID: logitech-hidpp: use RAP instead of FAP to get the protocol version - pinctrl: pistachio: fix leaked of_node references - dmaengine: at_xdmac: remove BUG_ON macro in tasklet - media: coda: clear error return value before picture run - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper - media: au0828: stop video streaming only when last user stops - media: ov2659: make S_FMT succeed even if requested format doesn't match - audit: fix a memory leak bug - media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() - media: pvrusb2: Prevent a buffer overflow - powerpc/numa: improve control of topology updates - sched/core: Check quota and period overflow at usec to nsec conversion - sched/core: Handle overflow in cpu_shares_write_u64 - USB: core: Don't unbind interfaces following device reset failure - x86/irq/64: Limit IST stack overflow check to #DB stack - i40e: don't allow changes to HW VLAN stripping on active port VLANs - RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure - hwmon: (vt1211) Use request_muxed_region for Super-IO accesses - hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses - hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses - hwmon: (pc87427) Use request_muxed_region for Super-IO accesses - hwmon: (f71805f) Use request_muxed_region for Super-IO accesses - scsi: libsas: Do discovery on empty PHY to update PHY info - mmc_spi: add a status check for spi_sync_locked - mmc: sdhci-of-esdhc: add erratum eSDHC5 support - mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support - PM / core: Propagate dev->power.wakeup_path when no callbacks - extcon: arizona: Disable mic detect if running when driver is removed - s390: cio: fix cio_irb declaration - cpufreq: ppc_cbe: fix possible object reference leak - cpufreq/pasemi: fix possible object reference leak - cpufreq: pmac32: fix possible object reference leak - x86/build: Keep local relocations with ld.lld - iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion - iio: hmc5843: fix potential NULL pointer dereferences - iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data - rtlwifi: fix a potential NULL pointer dereference - brcmfmac: fix missing checks for kmemdup - b43: shut up clang -Wuninitialized variable warning - brcmfmac: convert dev_init_lock mutex to completion - brcmfmac: fix race during disconnect when USB completion is in progress - scsi: ufs: Fix regulator load and icc-level configuration - scsi: ufs: Avoid configuring regulator with undefined voltage range - arm64: cpu_ops: fix a leaked reference by adding missing of_node_put - x86/ia32: Fix ia32_restore_sigcontext() AC leak - chardev: add additional check for minor range overlap - HID: core: move Usage Page concatenation to Main item - ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put - ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put - cxgb3/l2t: Fix undefined behaviour - spi: tegra114: reset controller on probe - media: wl128x: prevent two potential buffer overflows - virtio_console: initialize vtermno value for ports - tty: ipwireless: fix missing checks for ioremap - rcutorture: Fix cleanup path for invalid torture_type strings - usb: core: Add PM runtime calls to usb_hcd_platform_shutdown - scsi: qla4xxx: avoid freeing unallocated dma memory - media: m88ds3103: serialize reset messages in m88ds3103_set_frontend - media: go7007: avoid clang frame overflow warning with KASAN - media: saa7146: avoid high stack usage with clang - scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices - spi : spi-topcliff-pch: Fix to handle empty DMA buffers - spi: rspi: Fix sequencer reset during initialization - spi: Fix zero length xfer bug - ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM - ipv6: Consider sk_bound_dev_if when binding a raw socket to an address - llc: fix skb leak in llc_build_and_send_ui_pkt() - net-gro: fix use-after-free read in napi_gro_frags() - net: stmmac: fix reset gpio free missing - usbnet: fix kernel crash after disconnect - tipc: Avoid copying bytes beyond the supplied data - bnxt_en: Fix aggregation buffer leak under OOM condition. - net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value - crypto: vmx - ghash: do nosimd fallback manually - xen/pciback: Don't disable PCI_COMMAND on PCI device reset. - Revert "tipc: fix modprobe tipc failed after switch order of device registration" - tipc: fix modprobe tipc failed after switch order of device registration -v2 - sparc64: Fix regression in non-hypervisor TLB flush xcall - include/linux/bitops.h: sanitize rotate primitives - xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() - usb: xhci: avoid null pointer deref when bos field is NULL - USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor - USB: sisusbvga: fix oops in error path of sisusb_probe - USB: Add LPM quirk for Surface Dock GigE adapter - USB: rio500: refuse more than one device at a time - USB: rio500: fix memory leak in close after disconnect - media: usb: siano: Fix general protection fault in smsusb - media: usb: siano: Fix false-positive "uninitialized variable" warning - media: smsusb: better handle optional alignment - scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove - scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) - Btrfs: fix race updating log root item during fsync - ALSA: hda/realtek - Set default power save node to 0 - drm/nouveau/i2c: Disable i2c bus access after ->fini() - tty: serial: msm_serial: Fix XON/XOFF - tty: max310x: Fix external crystal register setup - memcg: make it work on sparse non-0-node systems - kernel/signal.c: trace_signal_deliver when signal_group_exit - CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM - binder: Replace "%p" with "%pK" for stable - binder: replace "%p" with "%pK" - brcmfmac: Add length checks on firmware events - brcmfmac: screening firmware event packet - brcmfmac: revise handling events in receive path - brcmfmac: fix incorrect event channel deduction - brcmfmac: add length checks in scheduled scan result handler - brcmfmac: add subtype check for event handling in data path - userfaultfd: don't pin the user memory in userfaultfd_file_create() - Revert "x86/build: Move _etext to actual end of .text" - net: cdc_ncm: GetNtbFormat endian fix - usb: gadget: fix request length error for isoc transfer - media: uvcvideo: Fix uvc_alloc_entity() allocation alignment - ethtool: fix potential userspace buffer overflow - neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit - net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query - net: rds: fix memory leak in rds_ib_flush_mr_pool - pktgen: do not sleep with the thread lock held. - rcu: locking and unlocking need to always be at least barriers - parisc: Use implicit space register selection for loading the coherence index of I/O pdirs - fuse: fallocate: fix return with locked inode - MIPS: pistachio: Build uImage.gz by default - genwqe: Prevent an integer overflow in the ioctl - drm/gma500/cdv: Check vbt config bits when detecting lvds panels - fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock - fuse: Add FOPEN_STREAM to use stream_open() - ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled - ethtool: check the return value of get_regs_len - Linux 4.4.181 * CVE-2019-2054 - arm/ptrace: run seccomp after ptrace * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 - x86/speculation: Remove redundant arch_smt_update() invocation * Revert x86/vdso linker changes from #1830890 as this causes glibc 2.29-0ubuntu3 FTBFS on eoan (LP: #1834315) - Revert "x86/vdso: Pass --eh-frame-hdr to the linker" - Revert "x86: vdso: Use $LD instead of $CC to link" * CONFIG_LOG_BUF_SHIFT set to 14 is too low on arm64 (LP: #1824864) - [Config] CONFIG_LOG_BUF_SHIFT=18 on all 64bit arches * CVE-2019-11833 - ext4: zero out the unused memory region in the extent tree block * idle-page oopses when accessing page frames that are out of range (LP: #1833410) - mm/page_idle.c: fix oops because end_pfn is larger than max_pfn * Performance degradation when copying from LVM snapshot backed by NVMe disk (LP: #1833319) - NVMe: Allow request merges * Bluetooth regressions with Xenial kernel 4.4.0-152.179 (LP: #1833698) - Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" * 4.4.0-145-generic Kernel Panic ip6_expire_frag_queue (LP: #1824687) - SAUCE: ipv6: frags: fix skb extraction in ip6_expire_frag_queue() * [Xenial] Customer can not SSH to Linux VM due to "VSC State Unhealthy" (LP: #1826416) - vmbus: fix missing signaling in hv_signal_on_read() * Xenial update: 4.4.180 upstream stable release (LP: #1830176) - kbuild: simplify ld-option implementation - KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number - cifs: do not attempt cifs operation on smb2+ rename error - MIPS: scall64-o32: Fix indirect syscall number load - trace: Fix preempt_enable_no_resched() abuse - sched/numa: Fix a possible divide-by-zero - ceph: ensure d_name stability in ceph_dentry_hash() - ceph: fix ci->i_head_snapc leak - nfsd: Don't release the callback slot unless it was actually held - sunrpc: don't mark uninitialised items as VALID. - USB: Add new USB LPM helpers - USB: Consolidate LPM checks to avoid enabling LPM twice - powerpc/xmon: Add RFI flush related fields to paca dump - powerpc/64s: Improve RFI L1-D cache flush fallback - powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() - Revert "UBUNTU: SAUCE: powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit" - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit - powerpc/64s: Add barrier_nospec - powerpc/64s: Add support for ori barrier_nospec patching - powerpc/64s: Patch barrier_nospec in modules - powerpc/64s: Enable barrier_nospec based on firmware settings - powerpc/64: Use barrier_nospec in syscall entry - powerpc: Use barrier_nospec in copy_from_user() - powerpc/64s: Enhance the information in cpu_show_spectre_v1() - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 - powerpc/64: Disable the speculation barrier from the command line - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC - powerpc/64: Call setup_barrier_nospec() from setup_arch() - powerpc/64: Make meltdown reporting Book3S 64 specific - powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E - powerpc/asm: Add a patch_site macro & helpers for patching instructions - powerpc/64s: Add new security feature flags for count cache flush - powerpc/64s: Add support for software count cache flush - powerpc/pseries: Query hypervisor for count cache flush settings - powerpc/powernv: Query firmware for count cache flush settings - powerpc: Avoid code patching freed init sections - powerpc/fsl: Add infrastructure to fixup branch predictor flush - powerpc/fsl: Add macro to flush the branch predictor - powerpc/fsl: Fix spectre_v2 mitigations reporting - powerpc/fsl: Add nospectre_v2 command line argument - powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) - powerpc/fsl: Update Spectre v2 reporting - powerpc/security: Fix spectre_v2 reporting - powerpc/fsl: Fix the flush of branch predictor. - tipc: handle the err returned from cmd header function - slip: make slhc_free() silently accept an error pointer - intel_th: gth: Fix an off-by-one in output unassigning - fs/proc/proc_sysctl.c: Fix a NULL pointer dereference - NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. - netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON - tipc: check bearer name with right length in tipc_nl_compat_bearer_enable - tipc: check link name with right length in tipc_nl_compat_link_set - bpf: reject wrong sized filters earlier - Revert "block/loop: Use global lock for ioctl() operation." - ipv4: add sanity checks in ipv4_link_failure() - team: fix possible recursive locking when add slaves - net: stmmac: move stmmac_check_ether_addr() to driver probe - ipv4: set the tcp_min_rtt_wlen range from 0 to one day - powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used - powerpc/fsl: Flush branch predictor when entering KVM - powerpc/fsl: Emulate SPRN_BUCSR register - powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) - powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms - powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' - powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg - Documentation: Add nospectre_v1 parameter - usbnet: ipheth: prevent TX queue timeouts when device not ready - usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set - qlcnic: Avoid potential NULL pointer dereference - netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING - sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() - usb: gadget: net2280: Fix overrun of OUT messages - usb: gadget: net2280: Fix net2280_dequeue() - usb: gadget: net2272: Fix net2272_dequeue() - ARM: dts: pfla02: increase phy reset duration - net: ks8851: Dequeue RX packets explicitly - net: ks8851: Reassert reset pin if chip ID check fails - net: ks8851: Delay requesting IRQ until opened - net: ks8851: Set initial carrier state to down - net: xilinx: fix possible object reference leak - net: ibm: fix possible object reference leak - net: ethernet: ti: fix possible object reference leak - scsi: qla4xxx: fix a potential NULL pointer dereference - usb: u132-hcd: fix resource leak - ceph: fix use-after-free on symlink traversal - scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN - libata: fix using DMA buffers on stack - kconfig/[mn]conf: handle backspace (^H) key - ALSA: line6: use dynamic buffers - ipv4: ip_do_fragment: Preserve skb_iif during fragmentation - ipv6/flowlabel: wait rcu grace period before put_pid() - ipv6: invert flowlabel sharing check in process and user mode - bnxt_en: Improve multicast address setup logic. - packet: validate msg_namelen in send directly - USB: yurex: Fix protection fault after device removal - USB: w1 ds2490: Fix bug caused by improper use of altsetting array - USB: core: Fix unterminated string returned by usb_string() - USB: core: Fix bug caused by duplicate interface PM usage counter - HID: debug: fix race condition with between rdesc_show() and device removal - rtc: sh: Fix invalid alarm warning for non-enabled alarm - bonding: show full hw address in sysfs for slave entries - jffs2: fix use-after-free on symlink traversal - debugfs: fix use-after-free on symlink traversal - rtc: da9063: set uie_unsupported when relevant - vfio/pci: use correct format characters - scsi: storvsc: Fix calculation of sub-channel count - net: hns: Use NAPI_POLL_WEIGHT for hns driver - net: hns: Fix WARNING when remove HNS driver with SMMU enabled - hugetlbfs: fix memory leak for resv_map - xsysace: Fix error handling in ace_setup - ARM: orion: don't use using 64-bit DMA masks - ARM: iop: don't use using 64-bit DMA masks - usb: usbip: fix isoc packet num validation in get_pipe - staging: iio: adt7316: allow adt751x to use internal vref for all dacs - staging: iio: adt7316: fix the dac read calculation - staging: iio: adt7316: fix the dac write calculation - Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ - selinux: never allow relabeling on context mounts - x86/mce: Improve error message when kernel cannot recover, p2 - media: v4l2: i2c: ov7670: Fix PLL bypass register values - scsi: libsas: fix a race condition when smp task timeout - ASoC:soc-pcm:fix a codec fixup issue in TDM case - ASoC: cs4270: Set auto-increment bit for register writes - ASoC: tlv320aic32x4: Fix Common Pins - perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS - scsi: csiostor: fix missing data copy in csio_scsi_err_handler() - iommu/amd: Set exclusion range correctly - genirq: Prevent use-after-free and work list corruption - usb: dwc3: Fix default lpm_nyet_threshold value - scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines - Bluetooth: hidp: fix buffer overflow - Bluetooth: Align minimum encryption key size for LE and BR/EDR connections - UAS: fix alignment of scatter/gather segments - ipv6: fix a potential deadlock in do_ipv6_setsockopt() - ASoC: Intel: avoid Oops if DMA setup fails - timer/debug: Change /proc/timer_stats from 0644 to 0600 - netfilter: compat: initialize all fields in xt_init - platform/x86: sony-laptop: Fix unintentional fall-through - iio: adc: xilinx: fix potential use-after-free on remove - HID: input: add mapping for Expose/Overview key - HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys - libnvdimm/btt: Fix a kmemdup failure check - s390/dasd: Fix capacity calculation for large volumes - s390/3270: fix lockdep false positive on view->lock - KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing - tools lib traceevent: Fix missing equality check for strcmp - init: initialize jump labels before command line option parsing - ipvs: do not schedule icmp errors from tunnels - s390: ctcm: fix ctcm_new_device error return code - gpu: ipu-v3: dp: fix CSC handling - cw1200: fix missing unlock on error in cw1200_hw_scan() - Don't jump to compute_result state from check_result state - x86/microcode/intel: Add a helper which gives the microcode revision - x86: stop exporting msr-index.h to userland - x86/microcode/intel: Check microcode revision before updating sibling threads - x86/MCE: Save microcode revision in machine check records - x86/bugs: Add AMD's variant of SSB_NO - x86/bugs: Add AMD's SPEC_CTRL MSR usage - x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features - x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR - x86/microcode: Make sure boot_cpu_data.microcode is up-to-date - x86/microcode: Update the new microcode revision unconditionally - x86/mm: Use WRITE_ONCE() when setting PTEs - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation - x86/speculation: Propagate information about RSB filling mitigation to sysfs - x86/speculation: Update the TIF_SSBD comment - x86/speculation: Clean up spectre_v2_parse_cmdline() - x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() - x86/speculation: Disable STIBP when enhanced IBRS is in use - x86/speculation: Rename SSBD update functions - x86/speculation: Reorganize speculation control MSRs update - x86/Kconfig: Select SCHED_SMT if SMP enabled - x86/speculation: Mark string arrays const correctly - x86/speculataion: Mark command line parser data __initdata - x86/speculation: Add command line control for indirect branch speculation - x86/speculation: Prepare for per task indirect branch speculation control - x86/process: Consolidate and simplify switch_to_xtra() code - x86/speculation: Avoid __switch_to_xtra() calls - x86/speculation: Prepare for conditional IBPB in switch_mm() - x86/speculation: Split out TIF update - x86/speculation: Prepare arch_smt_update() for PRCTL mode - x86/speculation: Prevent stale SPEC_CTRL msr content - x86/speculation: Add prctl() control for indirect branch speculation - x86/speculation: Enable prctl mode for spectre_v2_user - x86/speculation: Add seccomp Spectre v2 user space protection mode - x86/speculation: Provide IBPB always command line options - x86/cpu/bugs: Use __initconst for 'const' init data - USB: serial: use variable for status - USB: serial: fix unthrottle races - bridge: Fix error path for kobject_init_and_add() - net: ucc_geth - fix Oops when changing number of buffers in the ring - packet: Fix error path in packet_init - vlan: disable SIOCSHWTSTAMP in container - vrf: sit mtu should not be updated when vrf netdev is the link - ipv4: Fix raw socket lookup for local traffic - bonding: fix arp_validate toggling in active-backup mode - drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl - drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl - powerpc/booke64: set RI in default MSR - powerpc/lib: fix book3s/32 boot failure due to code patching - Linux 4.4.180 - SAUCE: Clarify IBRS/IBPB runtime state change messages - SAUCE: x86/speculation: Move STIBP hunks - SAUCE: powerpc/speculation: Support 'mitigations=' cmdline option - SAUCE: x86/speculation: Update 'mitigations=' documentation - SAUCE: Show 'pti' instead of 'kaiser' in /proc/cpuinfo - SAUCE: perf/bench: Drop definition of BIT in numa.c - SAUCE: x86/speculation: Fix SSB command line documentation * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 // CVE-2019-11091 - SAUCE: Synchronize MDS mitigations with upstream - Documentation: Correct the possible MDS sysfs values - x86/speculation/mds: Fix documentation typo * CVE-2019-11091 - x86/mds: Add MDSUM variant to the MDS documentation -- Stefan Bader <stefan.ba...@canonical.com> Tue, 23 Jul 2019 10:55:25 +0200 ** Changed in: linux (Ubuntu Xenial) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12126 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12127 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12130 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11091 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11833 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-2054 -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1824687 Title: 4.4.0-145-generic Kernel Panic ip6_expire_frag_queue Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Fix Released Status in linux source package in Cosmic: Incomplete Status in linux source package in Disco: Triaged Bug description: [SRU Justification] == Impact == Since 05c0b86b96 "ipv6: frags: rewrite ip6_expire_frag_queue()" the 16.04/4.4 kernel crashes whenever that functions gets called (on busy systems this can be every 3-4 hours). While this potentially affects Cosmic and later, too, the fix differs on later kernels (Bionic is not yet affected as it does not yet carry updates to the frags handling). == Fix == For Xenial and Cosmic, the proposed fix would be additional changes to ip6_expipre_frag_queue(), taken from follow-up changes to ip_expire(). For Disco, I would hold back because we have a backlog of stable patches there and depending on what got backported to 5.0.y there would be a simpler fix. For current development kernels, one just needs to ensure that the following upstream change is included: 47d3d7fdb10a "ip6: fix skb leak in ip6frag_expire_frag_queue()". == Testcase == Unfortunately this could not be re-created locally. But a test kernel which had the proposed fix applied was showing good testing (see comment #37 and #38). == Risk of Regression == The modified function is only called in rare cases and the positive testing in production would cover this. So I would consider it low. --- Description: Ubuntu 16.04.6 LTS Release: 16.04 After upgrading our server to this Kernel we experience frequent Kernel panics (Attachment). Every 3 hours. Our machine has a throuput of about 600 Mbits/s The Panics are around the area of ip6_expire_frag_queue. __pskb_pull_tail ip6_dst_lookup_tail _decode_session6 __xfrm_decode_session icmpv6_route_lookup icmp6_send It seems similar to Bug Report in Debian. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922488 According to the bug finder of above bug it also occurred after using a Kernel with the change of rewrite ip6_expire_frag_queue() Intermediate solution. We disabled IPv6 on this machine to avoid further Panics. Please let me know what information is missing. The ubuntu-bug linux was send. And I hope it is attached to this report. ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: linux-image-4.4.0-145-generic 4.4.0-145.171 ProcVersionSignature: Ubuntu 4.4.0-145.171-generic 4.4.176 Uname: Linux 4.4.0-145-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.18 Architecture: amd64 Date: Sun Apr 14 11:40:11 2019 InstallationDate: Installed on 2018-03-18 (391 days ago) InstallationMedia: Ubuntu-Server 16.04.4 LTS "Xenial Xerus" - Release amd64 (20180228) ProcEnviron: LANGUAGE=en_GB:en TERM=xterm-256color PATH=(custom, no user) LANG=en_GB.UTF-8 SHELL=/bin/bash SourcePackage: linux-signed UpgradeStatus: Upgraded to xenial on 2018-10-21 (174 days ago) --- AlsaDevices: total 0 crw-rw---- 1 root audio 116, 1 Apr 12 21:04 seq crw-rw---- 1 root audio 116, 33 Apr 12 21:04 timer AplayDevices: Error: [Errno 2] No such file or directory ApportVersion: 2.20.1-0ubuntu2.18 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: DistroRelease: Ubuntu 16.04 HibernationDevice: RESUME=/dev/mapper/tor3--vg-swap_1 InstallationDate: Installed on 2018-03-18 (393 days ago) InstallationMedia: Ubuntu-Server 16.04.4 LTS "Xenial Xerus" - Release amd64 (20180228) IwConfig: Error: [Errno 2] No such file or directory Lsusb: Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 001 Device 003: ID 0557:2221 ATEN International Co., Ltd Winbond Hermon Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub MachineType: Supermicro X9SRE/X9SRE-3F/X9SRi/X9SRi-3F Package: linux (not installed) PciMultimedia: ProcEnviron: LANGUAGE=en_GB:en TERM=xterm-256color PATH=(custom, no user) LANG=en_GB.UTF-8 SHELL=/bin/bash ProcFB: 0 VESA VGA ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.4.0-145-generic root=/dev/mapper/hostname--vg-root ro ProcVersionSignature: Ubuntu 4.4.0-145.171-generic 4.4.176 RelatedPackageVersions: linux-restricted-modules-4.4.0-145-generic N/A linux-backports-modules-4.4.0-145-generic N/A linux-firmware 1.157.21 RfKill: Error: [Errno 2] No such file or directory Tags: xenial xenial Uname: Linux 4.4.0-145-generic x86_64 UpgradeStatus: Upgraded to xenial on 2018-10-21 (176 days ago) UserGroups: _MarkForUpload: True dmi.bios.date: 10/08/2012 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 1.0c dmi.board.asset.tag: To be filled by O.E.M. dmi.board.name: X9SRE/X9SRE-3F/X9SRi/X9SRi-3F dmi.board.vendor: Supermicro dmi.board.version: 1.2 dmi.chassis.asset.tag: To Be Filled By O.E.M. dmi.chassis.type: 3 dmi.chassis.vendor: Supermicro dmi.chassis.version: 0123456789 dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr1.0c:bd10/08/2012:svnSupermicro:pnX9SRE/X9SRE-3F/X9SRi/X9SRi-3F:pvr0123456789:rvnSupermicro:rnX9SRE/X9SRE-3F/X9SRi/X9SRi-3F:rvr1.2:cvnSupermicro:ct3:cvr0123456789: dmi.product.name: X9SRE/X9SRE-3F/X9SRi/X9SRi-3F dmi.product.version: 0123456789 dmi.sys.vendor: Supermicro To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1824687/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp