This bug was fixed in the package linux - 4.10.0-26.30

---------------
linux (4.10.0-26.30) zesty; urgency=low

  * linux: 4.10.0-26.30 -proposed tracker (LP: #1700528)

  * CVE-2017-1000364
    - Revert "UBUNTU: SAUCE: mm: Only expand stack if guard area is hit"
    - Revert "mm: do not collapse stack gap into THP"
    - Revert "mm: enlarge stack guard gap"
    - mm: larger stack guard gap, between vmas
    - mm: fix new crash in unmapped_area_topdown()
    - Allow stack to grow up to address space limit

linux (4.10.0-25.29) zesty; urgency=low

  * linux: 4.10.0-25.29 -proposed tracker (LP: #1699028)

  * CVE-2017-1000364
    - SAUCE: mm: Only expand stack if guard area is hit

  * CVE-2017-9074
    - ipv6: Prevent overrun when parsing v6 header options
    - ipv6: Check ip6_find_1stfragopt() return value properly.

  * [Zesty] QDF2400 ARM64 server - NMI watchdog: BUG: soft lockup - CPU#8 stuck
    for 22s!  (LP: #1680549)
    - iommu/dma: Stop getting dma_32bit_pfn wrong
    - iommu/dma: Implement PCI allocation optimisation
    - iommu/dma: Convert to address-based allocation
    - iommu/dma: Clean up MSI IOVA allocation
    - iommu/dma: Plumb in the per-CPU IOVA caches
    - iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range

  * Zesty update to 4.10.17 stable release (LP: #1692898)
    - xen: adjust early dom0 p2m handling to xen hypervisor behavior
    - target: Fix compare_and_write_callback handling for non GOOD status
    - target/fileio: Fix zero-length READ and WRITE handling
    - iscsi-target: Set session_fall_back_to_erl0 when forcing reinstatement
    - usb: xhci: bInterval quirk for TI TUSB73x0
    - usb: host: xhci: print correct command ring address
    - USB: serial: ftdi_sio: add device ID for Microsemi/Arrow SF2PLUS Dev Kit
    - USB: Proper handling of Race Condition when two USB class drivers try to
      call init_usb_class simultaneously
    - USB: Revert "cdc-wdm: fix "out-of-sync" due to missing notifications"
    - staging: vt6656: use off stack for in buffer USB transfers.
    - staging: vt6656: use off stack for out buffer USB transfers.
    - staging: gdm724x: gdm_mux: fix use-after-free on module unload
    - staging: wilc1000: Fix problem with wrong vif index
    - staging: comedi: jr3_pci: fix possible null pointer dereference
    - staging: comedi: jr3_pci: cope with jiffies wraparound
    - usb: misc: add missing continue in switch
    - usb: gadget: legacy gadgets are optional
    - usb: Make sure usb/phy/of gets built-in
    - usb: hub: Fix error loop seen after hub communication errors
    - usb: hub: Do not attempt to autosuspend disconnected devices
    - x86/boot: Fix BSS corruption/overwrite bug in early x86 kernel startup
    - selftests/x86/ldt_gdt_32: Work around a glibc sigaction() bug
    - x86, pmem: Fix cache flushing for iovec write < 8 bytes
    - um: Fix PTRACE_POKEUSER on x86_64
    - perf/x86: Fix Broadwell-EP DRAM RAPL events
    - KVM: x86: fix user triggerable warning in kvm_apic_accept_events()
    - KVM: arm/arm64: fix races in kvm_psci_vcpu_on
    - arm64: KVM: Fix decoding of Rt/Rt2 when trapping AArch32 CP accesses
    - block: fix blk_integrity_register to use template's interval_exp if not 0
    - crypto: s5p-sss - Close possible race for completed requests
    - crypto: algif_aead - Require setkey before accept(2)
    - crypto: ccp - Use only the relevant interrupt bits
    - crypto: ccp - Disable interrupts early on unload
    - crypto: ccp - Change ISR handler method for a v3 CCP
    - crypto: ccp - Change ISR handler method for a v5 CCP
    - dm crypt: rewrite (wipe) key in crypto layer using random data
    - dm era: save spacemap metadata root after the pre-commit
    - dm rq: check blk_mq_register_dev() return value in
      dm_mq_init_request_queue()
    - dm thin: fix a memory leak when passing discard bio down
    - vfio/type1: Remove locked page accounting workqueue
    - iov_iter: don't revert iov buffer if csum error
    - IB/core: Fix sysfs registration error flow
    - IB/core: For multicast functions, verify that LIDs are multicast LIDs
    - IB/IPoIB: ibX: failed to create mcg debug file
    - IB/mlx4: Fix ib device initialization error flow
    - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level
    - IB/hfi1: Prevent kernel QP post send hard lockups
    - perf auxtrace: Fix no_size logic in addr_filter__resolve_kernel_syms()
    - perf annotate s390: Fix perf annotate error -95 (4.10 regression)
    - perf annotate s390: Implement jump types for perf annotate
    - jbd2: fix dbench4 performance regression for 'nobarrier' mounts
    - ext4: evict inline data when writing to memory map
    - orangefs: fix bounds check for listxattr
    - orangefs: clean up oversize xattr validation
    - orangefs: do not set getattr_time on orangefs_lookup
    - orangefs: do not check possibly stale size on truncate
    - fs/xattr.c: zero out memory copied to userspace in getxattr
    - ceph: fix memory leak in __ceph_setxattr()
    - fs/block_dev: always invalidate cleancache in invalidate_bdev()
    - mm: prevent potential recursive reclaim due to clearing PF_MEMALLOC
    - Fix match_prepath()
    - Set unicode flag on cifs echo request to avoid Mac error
    - SMB3: Work around mount failure when using SMB3 dialect to Macs
    - CIFS: fix mapping of SFM_SPACE and SFM_PERIOD
    - cifs: fix leak in FSCTL_ENUM_SNAPS response handling
    - cifs: fix CIFS_ENUMERATE_SNAPSHOTS oops
    - CIFS: fix oplock break deadlocks
    - cifs: fix CIFS_IOC_GET_MNT_INFO oops
    - CIFS: add misssing SFM mapping for doublequote
    - ovl: do not set overlay.opaque on non-dir create
    - padata: free correct variable
    - md/raid1: avoid reusing a resync bio after error handling.
    - device-dax: fix cdev leak
    - device-dax: fix sysfs attribute deadlock
    - dax: prevent invalidation of mapped DAX entries
    - mm: fix data corruption due to stale mmap reads
    - f2fs: fix fs corruption due to zero inode page
    - fscrypt: fix context consistency check when key(s) unavailable
    - serial: samsung: Use right device for DMA-mapping calls
    - serial: omap: fix runtime-pm handling on unbind
    - serial: omap: suspend device on probe errors
    - tty: pty: Fix ldisc flush after userspace become aware of the data already
    - Bluetooth: Fix user channel for 32bit userspace on 64bit kernel
    - Bluetooth: hci_bcm: add missing tty-device sanity check
    - Bluetooth: hci_intel: add missing tty-device sanity check
    - libnvdimm, region: fix flush hint detection crash
    - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify
    - libnvdimm: fix nvdimm_bus_lock() vs device_lock() ordering
    - libnvdimm, pfn: fix 'npfns' vs section alignment
    - pstore: Shut down worker when unregistering
    - Linux 4.10.17

  * [SRU][Zesty] Support SMMU passthrough using the default domain
    (LP: #1688158)
    - iommu/arm-smmu: Restrict domain attributes to UNMANAGED domains
    - iommu/arm-smmu: Install bypass S2CRs for IOMMU_DOMAIN_IDENTITY domains
    - iommu/arm-smmu-v3: Make arm_smmu_install_ste_for_dev return void
    - iommu: Rename iommu_get_instance()
    - iommu: Rename struct iommu_device
    - iommu: Introduce new 'struct iommu_device'
    - iommu: Add sysfs bindings for struct iommu_device
    - iommu: Make iommu_device_link/unlink take a struct iommu_device
    - iommu: Add iommu_device_set_fwnode() interface
    - iommu/arm-smmu: Make use of the iommu_register interface
    - iommu/arm-smmu-v3: Install bypass STEs for IOMMU_DOMAIN_IDENTITY domains
    - iommu: Allow default domain type to be set on the kernel command line
    - arm64: dma-mapping: Only swizzle DMA ops for IOMMU_DOMAIN_DMA
    - iommu/vt-d: Fix crash on boot when DMAR is disabled

  * Enable Matrox driver for Ubuntu 16.04.3 (LP: #1693337)
    - [Config] Enable CONFIG_DRM_MGAG200 as module
    - drm/mgag200: Added support for the new device G200eH3

  * Ubuntu16.04.03: POWER9 XIVE: msgsnd/doorbell IPI support (backport)
    (LP: #1691973)
    - powerpc/64s: Add msgp facility unavailable log string
    - powerpc/64s: Add SCV FSCR bit for ISA v3.0
    - powerpc/xmon: Dump memory in CPU endian format
    - powerpc/xive: Native exploitation of the XIVE interrupt controller
    - powerpc: Change the doorbell IPI calling convention
    - powerpc: Introduce msgsnd/doorbell barrier primitives
    - powerpc/64s: Avoid a branch for ppc_msgsnd
    - powerpc/powernv: POWER9 support for msgsnd/doorbell IPI
    - powerpc: Add optional smp_ops->prepare_cpu SMP callback
    - powerpc: Add more PPC bit conversion macros
    - powerpc/powernv: Add XIVE related definitions to opal-api.h
    - powerpc/smp: Remove migrate_irq() custom implementation
    - powerpc/powernv: Fix oops on P9 DD1 in cause_ipi()
    - (config) Update configs with PPC_XIVE options

  * CVE-2017-100363
    - char: lp: fix possible integer overflow in lp_setup()

  * CVE-2017-9242
    - ipv6: fix out of bound writes in __ip6_append_data()

  * CVE-2017-9075
    - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent

  * CVE-2017-9076
    - ipv6/dccp: do not inherit ipv6_mc_list from parent

  * CVE-2017-9077
    - ipv6/dccp: do not inherit ipv6_mc_list from parent

  * CVE-2017-8890
    - dccp/tcp: do not inherit mc_list from parent

  * Module signing exclusion for staging drivers does not work properly
    (LP: #1690908)
    - SAUCE: Fix module signing exclusion in package builds

  * extend-diff-ignore should use exact matches (LP: #1693504)
    - [Packaging] exact extend-diff-ignore matches

  * Marvell MacchiatoBin crashes in fintek_8250_probe() (LP: #1692548)
    - drivers/tty: 8250: only call fintek_8250_probe when doing port I/O

  * arm-smmu arm-smmu.2.auto: Unhandled context fault (LP: #1694506)
    - net: thunderx: Fix IOMMU translation faults

  * arm64: mbigen updates (LP: #1692783)
    - Revert "UBUNTU: SAUCE: irqchip: mbigen: Add ACPI support"
    - irqchip/mbigen: Add ACPI support
    - irqchip/mbigen: Fix return value check in mbigen_device_probe()
    - irqchip/mbigen: Fix memory mapping code
    - irqchip/mbigen: Fix potential NULL dereferencing
    - irqchip/mbigen: Fix the clear register offset calculation

  * System doesn't boot properly on Gigabyte AM4 motherboards (AMD Ryzen)
    (LP: #1671360)
    - pinctrl: amd: make use of raw_spinlock variants
    - pinctrl/amd: Use regular interrupt instead of chained

  * PowerPC: Pstore dump for powerpc is broken (LP: #1691045)
    - pstore: Fix flags to enable dumps on powerpc

  * Dell Inspiron on kernel 4.10 : battery detected only after AC power adapter
    event (LP: #1678590)
    - ACPI / blacklist: add _REV quirk for Dell Inspiron 7537

  * APST quirk needed for Intel NVMe (LP: #1686592)
    - nvme: Quirk APST on Intel 600P/P3100 devices

  * Merlin SGMII fail on Ubuntu Xenial HWE kernel (LP: #1686305)
    - drivers: net: phy: xgene: Fix mdio write

  * Zesty update to 4.10.16 stable release (LP: #1691369)
    - 9p: fix a potential acl leak
    - drm/sti: fix GDP size to support up to UHD resolution
    - hwmon: (it87) Fix pwm4 detection for IT8620 and IT8628
    - mtd: nand: Add OX820 NAND hardware dependency
    - tpm: fix RC value check in tpm2_seal_trusted
    - tmp: use pdev for parent device in tpm_chip_alloc
    - crypto: caam - fix error path for ctx_dma mapping failure
    - crypto: caam - don't dma_map key for hash algorithms
    - power: supply: lp8788: prevent out of bounds array access
    - cpupower: Fix turbo frequency reporting for pre-Sandy Bridge cores
    - powerpc/perf: Fix perf_get_data_addr() for power9 DD1
    - powerpc/perf: Handle sdar_mode for marked event in power9
    - powerpc/mm: Fixup wrong LPCR_VRMASD value
    - powerpc/powernv: Fix opal_exit tracepoint opcode
    - powerpc/mm: Fix build break when CMA=n && SPAPR_TCE_IOMMU=y
    - powerpc/ftrace: Fix confusing help text for DISABLE_MPROFILE_KERNEL
    - powerpc: Correctly disable latent entropy GCC plugin on prom_init.o
    - power: supply: bq24190_charger: Fix irq trigger to IRQF_TRIGGER_FALLING
    - power: supply: bq24190_charger: Call set_mode_host() on pm_resume()
    - power: supply: bq24190_charger: Install irq_handler_thread() at end of
      probe()
    - power: supply: bq24190_charger: Call power_supply_changed() for relevant
      component
    - power: supply: bq24190_charger: Don't read fault register outside
      irq_handle_thread()
    - power: supply: bq24190_charger: Handle fault before status on interrupt
    - arm64: dts: r8a7795: Mark EthernetAVB device node disabled
    - arm: dts: qcom: Fix ipq board clock rates
    - arm64: remove wrong CONFIG_PROC_SYSCTL ifdef
    - arm64: Improve detection of user/non-user mappings in set_pte(_at)
    - spi: armada-3700: Remove spi_master_put in a3700_spi_remove()
    - leds: ktd2692: avoid harmless maybe-uninitialized warning
    - ARM: pxa: ezx: fix a910 camera data
    - ARM: dts: NSP: GPIO reboot open-source
    - ARM: dts: imx6sx-udoo-neo: Fix reboot hang
    - ARM: OMAP5 / DRA7: Fix HYP mode boot for thumb2 build
    - ARM: OMAP3: Fix smartreflex platform data regression
    - ARM: dts: am57xx-idk: tpic2810 is on I2C bus, not SPI
    - ARM: dts: sun7i: lamobo-r1: Fix CPU port RGMII settings
    - mwifiex: debugfs: Fix (sometimes) off-by-1 SSID print
    - mwifiex: remove redundant dma padding in AMSDU
    - mwifiex: Avoid skipping WEP key deletion for AP
    - mwifiex: don't enable/disable IRQ 0 during suspend/resume
    - mwifiex: set adapter->dev before starting to use mwifiex_dbg()
    - iwlwifi: mvm: properly check for transport data in dump
    - iwlwifi: mvm: don't restart HW if suspend fails with unified image
    - iwlwifi: mvm: overwrite skb info later
    - iwlwifi: pcie: don't increment / decrement a bool
    - iwlwifi: pcie: trans: Remove unused 'shift_param'
    - iwlwifi: pcie: fix the set of DMA memory mask
    - iwlwifi: mvm: fix reorder timer re-arming
    - iwlwifi: mvm: Use aux queue for offchannel frames in dqa
    - iwlwifi: mvm/pcie: adjust A-MSDU tx_cmd length in PCIe
    - iwlwifi: mvm: fix pending frame counter calculation
    - iwlwifi: mvm: fix references to first_agg_queue in DQA mode
    - iwlwifi: mvm: synchronize firmware DMA paging memory
    - iwlwifi: mvm: writing zero bytes to debugfs causes a crash
    - iwlwifi: mvm: fix accessing fw_id_to_mac_id
    - x86/ioapic: Restore IO-APIC irq_chip retrigger callback
    - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression >= 0
    - x86/mpx: Re-add MPX to selftests Makefile
    - clk: Make x86/ conditional on CONFIG_COMMON_CLK
    - platform/x86: intel_pmc_core: fix out-of-bounds accesses on stack
    - kprobes/x86: Fix kernel panic when certain exception-handling addresses 
are
      probed
    - x86/platform/intel-mid: Correct MSI IRQ line for watchdog device
    - Revert "KVM: nested VMX: disable perf cpuid reporting"
    - KVM: nVMX: initialize PML fields in vmcs02
    - KVM: nVMX: do not leak PML full vmexit to L1
    - usb: dwc2: host: use msleep() for long delay
    - usb: host: ehci-exynos: Decrese node refcount on exynos_ehci_get_phy() 
error
      paths
    - usb: host: ohci-exynos: Decrese node refcount on exynos_ehci_get_phy() 
error
      paths
    - usb: chipidea: Only read/write OTGSC from one place
    - usb: chipidea: Handle extcon events properly
    - USB: serial: keyspan_pda: fix receive sanity checks
    - USB: serial: digi_acceleport: fix incomplete rx sanity check
    - USB: serial: ssu100: fix control-message error handling
    - USB: serial: io_edgeport: fix epic-descriptor handling
    - USB: serial: ti_usb_3410_5052: fix control-message error handling
    - USB: serial: ark3116: fix open error handling
    - USB: serial: ftdi_sio: fix latency-timer error handling
    - USB: serial: quatech2: fix control-message error handling
    - USB: serial: mct_u232: fix modem-status error handling
    - USB: serial: ch341: fix modem-status handling
    - USB: serial: io_edgeport: fix descriptor error handling
    - clk: rockchip: add "," to mux_pll_src_apll_dpll_gpll_usb480m_p on rk3036
    - phy: qcom-usb-hs: Add depends on EXTCON
    - serial: 8250_omap: Fix probe and remove for PM runtime
    - scsi: qedi: Fix possible memory leak in qedi_iscsi_update_conn()
    - scsi: qedi: fix build error without DEBUG_FS
    - scsi: qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr
    - scsi: mac_scsi: Fix MAC_SCSI=m option when SCSI=m
    - scsi: smartpqi: fix time handling
    - MIPS: R2-on-R6 MULTU/MADDU/MSUBU emulation bugfix
    - brcmfmac: Ensure pointer correctly set if skb data location changes
    - brcmfmac: Make skb header writable before use
    - staging/lustre/llite: move root_squash from sysfs to debugfs
    - staging: wlan-ng: add missing byte order conversion
    - staging: emxx_udc: remove incorrect __init annotations
    - staging: lustre: ptlrpc: avoid warning on missing return
    - ALSA: hda - Fix deadlock of controller device lock at unbinding
    - sparc64: fix fault handling in NGbzero.S and GENbzero.S
    - tcp: do not underestimate skb->truesize in tcp_trim_head()
    - net: adjust skb->truesize in ___pskb_trim()
    - net: macb: fix phy interrupt parsing
    - geneve: fix incorrect setting of UDP checksum flag
    - bpf: enhance verifier to understand stack pointer arithmetic
    - bpf, arm64: fix jit branch offset related to ldimm64
    - tcp: fix wraparound issue in tcp_lp
    - net: ipv6: Do not duplicate DAD on link up
    - net: usb: qmi_wwan: add Telit ME910 support
    - tcp: do not inherit fastopen_req from parent
    - ipv4, ipv6: ensure raw socket message is big enough to hold an IP header
    - rtnetlink: NUL-terminate IFLA_PHYS_PORT_NAME string
    - ipv6: initialize route null entry in addrconf_init()
    - ipv6: reorder ip6_route_dev_notifier after ipv6_dev_notf
    - bnxt_en: allocate enough space for ->ntp_fltr_bmap
    - bpf: don't let ldimm64 leak map addresses on unprivileged
    - net: mdio-mux: bcm-iproc: call mdiobus_free() in error path
    - openvswitch: Set internal device max mtu to ETH_MAX_MTU.
    - f2fs: sanity check segment count
    - xen: Revert commits da72ff5bfcb0 and 72a9b186292d
    - drm/hisilicon/hibmc: Fix wrong pointer passed to PTR_ERR()
    - drm: mxsfb: drm_dev_alloc() returns error pointers
    - drm/ttm: fix use-after-free races in vm fault handling
    - block: get rid of blk_integrity_revalidate()
    - Linux 4.10.16
    - [Config] Remove CONFIG_MTD_NAND_OXNAS=m
    - Ignore missing oxnas_nand

  * Keyboard backlight control does not work on some dell laptops.
    (LP: #1693126)
    - platform/x86: dell-laptop: Add Latitude 7480 and others to the DMI 
whitelist
    - platform/x86: dell-laptop: Add keyboard backlight timeout AC settings

  * Hardware transaction memory corruption (LP: #1691477)
    - powerpc/tm: Fix FP and VMX register corruption

  * Offlined CPUs of a core fail to come up online on POWER9 DD1 (Ubuntu 17.04)
    (LP: #1685792)
    - powerpc/powernv: Move CPU-Offline idle state invocation from smp.c to 
idle.c
    - powerpc/powernv/smp: Add busy-wait loop as fall back for CPU-Hotplug
    - powerpc/powernv/idle: Don't override default/deepest directly in kernel
    - powerpc/powernv: Recover correct PACA on wakeup from a stop on P9 DD1

  * [Regression] NUMA_BALANCING disabled on arm64 (LP: #1690914)
    - [Config] CONFIG_NUMA_BALANCING{,_DEFAULT_ENABLED}=y on arm64

  * ATS fix: Fix opal_npu_destroy_context call (LP: #1692580)
    - powerpc/powernv/npu-dma.c: Fix opal_npu_destroy_context() call

  * powerpc/powernv: Introduce address translation services for Nvlink2
    (LP: #1690412)
    - powerpc/powernv: Require MMU_NOTIFIER to fix NPU build
    - drivers/of/base.c: Add of_property_read_u64_index
    - powerpc/powernv: Add sanity checks to pnv_pci_get_{gpu|npu}_dev
    - powerpc/powernv: Introduce address translation services for Nvlink2

  * exec'ing a setuid binary from a threaded program sometimes fails to setuid
    (LP: #1672819)
    - SAUCE: exec: ensure file system accounting in check_unsafe_exec is correct

 -- Juerg Haefliger <juerg.haefli...@canonical.com>  Mon, 26 Jun 2017
18:09:03 +0200

** Changed in: linux (Ubuntu Zesty)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-1000364

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-100363

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8890

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9074

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9075

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9076

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9077

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9242

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1680549

Title:
  [Zesty] QDF2400 ARM64 server - NMI watchdog: BUG: soft lockup - CPU#8
  stuck for 22s!

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Zesty:
  Fix Released

Bug description:
  [IMPACT]
  Booting Zesty 4.10 kernel on Qualcomm Centriq 2400 ARM64 servers causes soft 
lockups on multiple CPUs.

  [  104.205397] Modules linked in: nls_iso8859_1 cdc_acm bridge stp llc
  ipmi_ssif ipmi_devintf ipmi_msghandler shpchp hdma hdma_mgmt i2c_qup
  cppc_cpufreq ib_iser rdma_cm iw_cm ib_cm ib_core configfs iscsi_tcp
  libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10
  raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor
  raid6_pq libcrc32c raid1 raid0 multipath linear uas usb_storage at803x
  aes_ce_blk aes_ce_cipher crc32_ce crct10dif_ce ghash_ce sha2_ce
  sha1_ce mlx5_core devlink ptp pps_core ahci_platform libahci_platform
  libahci qcom_emac sdhci_acpi sdhci xhci_plat_hcd pinctrl_qdf2xxx fjes
  aes_neon_blk crypto_simd cryptd

  [  104.205442] CPU: 47 PID: 0 Comm: swapper/47 Tainted: G             L  
4.10.0-16-generic #18ubuntuRC03+<redacted>.1
  [  104.205443] Hardware name: Qualcomm QDF2400 DP/ABW|SYS|CVR,1DPC|V3         
  , BIOS XBL.DF.2.0.R3-00153 QDF2400_REL CRM 02/ 8/2017
  [  104.205444] task: ffff9fa30ed49c00 task.stack: ffff9fa30ed5c000
  [  104.205447] PC is at _raw_spin_unlock_irqrestore+0x2c/0x38
  [  104.205450] LR is at alloc_iova+0x1cc/0x2a0
  [  104.205451] pc : [<ffff3f0624a00974>] lr : [<ffff3f0624682e8c>] pstate: 
20400145
  [  104.205452] sp : ffff9fa31fbecc00
  [  104.205453] x29: ffff9fa31fbecc00 x28: 0000000ffffefe46
  [  104.205455] x27: 0000000000000040 x26: 0000000fffffffff
  [  104.205458] x25: ffff3f06251f8000 x24: 0000000000000001
  [  104.205460] x23: ffff9fa30da06008 x22: 0000000000000000
  [  104.205462] x21: ffff9fa2e2af8740 x20: ffff9fa30da06008
  [  104.205464] x19: 0000000000000140 x18: 00000000a5e112c1
  [  104.205466] x17: 000000004d48a1ed x16: 00000000b0f9c455
  [  104.205468] x15: 00000000aa4269e9 x14: 0000000085094ac4
  [  104.205471] x13: 000000009b3b00da x12: 000000008aae8d9c
  [  104.205473] x11: ffff9fa31fbf90b0 x10: ffff3f0624eb70eb
  [  104.205475] x9 : 0000000000000000 x8 : 0000000000000004
  [  104.205477] x7 : ffff9fa2e2875400 x6 : 0000000000000000
  [  104.205479] x5 : ffff9fa2e2875401 x4 : 0000000000000000
  [  104.205481] x3 : ffff9fa2e2a27b00 x2 : ffff9fa2e2875400
  [  104.205483] x1 : 0000000000000140 x0 : 000000000000f7c2

  [  111.198062] INFO: rcu_sched self-detected stall on CPU
  [  111.198971] INFO: rcu_sched detected stalls on CPUs/tasks:
  [  111.198977]        31-...: (1 GPs behind) idle=1b3/2/0 softirq=432/433 
fqs=6805
  [  111.198979]        32-...: (1 GPs behind) idle=291/1/0 softirq=469/470 
fqs=6805
  [  111.198980]        (detected by 2, t=15002 jiffies, g=143, c=142, q=6968)
  [  111.199000] Task dump for CPU 31:
  [  111.199002] swapper/31      R  running task        0     0      1 
0x00000002
  [  111.199006] Call trace:
  [  111.199012] [<ffff3f0624086250>] __switch_to+0x98/0xb0
  [  111.199014] [<0000000b7160dcd2>] 0xb7160dcd2
  [  111.199015] Task dump for CPU 32:
  [  111.199016] swapper/32      R  running task        0     0      1 
0x00000002
  [  111.199018] Call trace:
  [  111.199019] [<ffff3f0624086250>] __switch_to+0x98/0xb0
  [  111.199020] [<0000000bcde2fa4e>] 0xbcde2fa4e
  [  111.227703]        31-...: (1 GPs behind) idle=1b3/2/0 softirq=432/433 
fqs=6809
  [  111.234558]         (t=15010 jiffies g=143 c=142 q=6968)
  [  111.239334] Task dump for CPU 31:
  [  111.239335] swapper/31      R  running task        0     0      1 
0x00000002
  [  111.239338] Call trace:
  [  111.239344] [<ffff3f062408b030>] dump_backtrace+0x0/0x2b0
  [  111.239346] [<ffff3f062408b304>] show_stack+0x24/0x30
  [  111.239350] [<ffff3f0624103f80>] sched_show_task+0x128/0x178
  [  111.239352] [<ffff3f0624106d68>] dump_cpu_task+0x48/0x58
  [  111.239356] [<ffff3f0624200d38>] rcu_dump_cpu_stacks+0xbc/0xf0
  [  111.239359] [<ffff3f06241409e8>] rcu_check_callbacks+0x7a8/0x968
  [  111.239362] [<ffff3f0624146e1c>] update_process_times+0x34/0x60
  [  111.239365] [<ffff3f0624159118>] tick_sched_handle.isra.7+0x38/0x70
  [  111.239367] [<ffff3f062415919c>] tick_sched_timer+0x4c/0x98
  [  111.239369] [<ffff3f06241477a0>] __hrtimer_run_queues+0xe8/0x2e8
  [  111.239371] [<ffff3f0624148340>] hrtimer_interrupt+0xa8/0x228
  [  111.239376] [<ffff3f062487c02c>] arch_timer_handler_phys+0x3c/0x50
  [  111.239379] [<ffff3f0624133964>] handle_percpu_devid_irq+0x8c/0x230
  [  111.239383] [<ffff3f062412d8b4>] generic_handle_irq+0x34/0x50
  [  111.239385] [<ffff3f062412dfe0>] __handle_domain_irq+0x68/0xc0
  [  111.239386] [<ffff3f06240818b4>] gic_handle_irq+0xc4/0x170
  [  111.239388] Exception stack(0xffff9fa31fa7caa0 to 0xffff9fa31fa7cbd0)
  [  111.239390] caa0: ffff9fa31fa7cad0 0001000000000000 ffff9fa31fa7cc00 
ffff3f0624a00974
  [  111.239392] cac0: 0000000020400145 0000000000000001 00000000000000fe 
0000000000000140
  [  111.239394] cae0: ffff9fa2e10b1c00 ffff9fa2e11c8800 0000000000000000 
ffff9fa2e10b1c01
  [  111.239396] cb00: 0000000000000000 ffff9fa2e10b1c00 ffff9fa3035ee681 
0000000000000000
  [  111.239397] cb20: ffff7e7e8b8533e0 ffff9fa31fa890b0 0000000000000000 
000000009b3b00da
  [  111.239399] cb40: 0000000085094ac4 00000000aa4269e9 0000000046e68d43 
000000004d48a1ed
  [  111.239401] cb60: 00000000a5e112c1 0000000000000140 ffff9fa30da06008 
ffff9fa2e1073ac0
  [  111.239403] cb80: 0000000000000000 ffff9fa30da06008 0000000000000001 
ffff3f06251f8000
  [  111.239404] cba0: 0000000fffffffff 0000000000000040 0000000ffffef50a 
ffff9fa31fa7cc00
  [  111.239406] cbc0: ffff3f0624682e8c ffff9fa31fa7cc00
  [  111.239407] [<ffff3f062408315c>] el1_irq+0xdc/0x180
  [  111.239411] [<ffff3f0624682e8c>] alloc_iova+0x1cc/0x2a0
  [  111.239413] [<ffff3f0624680488>] __alloc_iova+0x78/0x88
  [  111.239414] [<ffff3f0624680528>] __iommu_dma_map+0x90/0x128
  [  111.239416] [<ffff3f0624680e30>] iommu_dma_map_page+0x60/0x78
  [  111.239420] [<ffff3f062409c8fc>] __iommu_map_page+0x5c/0xd0
  [  111.239565] [<ffff3f06201046d0>] mlx5e_alloc_rx_wqe+0x118/0x318 [mlx5_core]
  [  111.239607] [<ffff3f06201050e8>] mlx5e_post_rx_wqes+0xa0/0x110 [mlx5_core]
  [  111.239647] [<ffff3f06201075dc>] mlx5e_napi_poll+0x22c/0x518 [mlx5_core]
  [  111.239650] [<ffff3f06248cdda0>] net_rx_action+0x2e8/0x3f0
  [  111.239652] [<ffff3f0624081aa8>] __do_softirq+0x148/0x31c
  [  111.239656] [<ffff3f06240d3d68>] irq_exit+0xd0/0x120
  [  111.239658] [<ffff3f062412dfe4>] __handle_domain_irq+0x6c/0xc0
  [  111.239660] [<ffff3f06240818b4>] gic_handle_irq+0xc4/0x170
  [  111.239661] Exception stack(0xffff9fa30ecffd80 to 0xffff9fa30ecffeb0)
  [  111.239663] fd80: ffff9fa31fa85200 0000609cfabd2000 0000000006400000 
0000000000000004
  [  111.239665] fda0: 0000000000003296 0000000000000015 000000005c57e302 
0000000000000000
  [  111.239667] fdc0: 0000000000000000 0000000000000000 0000000000000000 
0000000000000000
  [  111.239668] fde0: 0000000000000000 0000000000000000 0000000000000000 
0000000000000000
  [  111.239670] fe00: 0000000000000000 0000000000000000 00000000ffffffff 
0000000b7179114e
  [  111.239672] fe20: ffff9fa3041c8000 0000000000000003 ffff3f0625292eb8 
0000000000000000
  [  111.239673] fe40: 0000000b7160dcd2 0000000000000003 0000000000000000 
0000000000000000
  [  111.239675] fe60: 0000000000000000 ffff9fa30ecffeb0 ffff3f06248549bc 
ffff9fa30ecffeb0
  [  111.239677] fe80: ffff3f06248549c4 0000000060400145 ffff9fa30ecffeb0 
ffff3f06248549bc
  [  111.239678] fea0: ffffffffffffffff 0000000b7160dcd2
  [  111.239680] [<ffff3f062408315c>] el1_irq+0xdc/0x180
  [  111.239684] [<ffff3f06248549c4>] cpuidle_enter_state+0x124/0x318
  [  111.239686] [<ffff3f0624854c2c>] cpuidle_enter+0x34/0x48
  [  111.239689] [<ffff3f062411c030>] call_cpuidle+0x40/0x70
  [  111.239691] [<ffff3f062411c344>] do_idle+0x1ac/0x1f8
  [  111.239693] [<ffff3f062411c5c4>] cpu_startup_entry+0x2c/0x30
  [  111.239695] [<ffff3f0624091008>] secondary_start_kernel+0x158/0x198
  [  111.239696] [<00000000112091a4>] 0x112091a4
  [  111.239697] Task dump for CPU 32:
  [  111.239699] swapper/32      R  running task        0     0      1 
0x00000002
  [  111.239701] Call trace:
  [  111.239704] [<ffff3f0624086250>] __switch_to+0x98/0xb0
  [  111.239705] [<0000000bcde2fa4e>] 0xbcde2fa4e
  [  129.361765] ip_tables: (C) 2000-2006 Netfilter Core Team
  [  129.397270] ip6_tables: (C) 2000-2006 Netfilter Core Team
  [  129.438584] Ebtables v2.0 registered

  [FIX]
  The following patches cherry-picked from linux-next fixes this issue.
  5016bdb796b3 iommu/iova: Fix underflow bug in __alloc_and_insert_iova_range
  d9a5f8adaec9 iommu/dma: Plumb in the per-CPU IOVA caches
  fc7f6142bacb iommu/dma: Clean up MSI IOVA allocation
  568c61384ea1 iommu/dma: Convert to address-based allocation
  dddd632b072f iommu/dma: Implement PCI allocation optimisation
  de84f5f049d9 iommu/dma: Stop getting dma_32bit_pfn wrong

  [Test case]
  After applying the patches the kernel boot with no soft lockups. This was 
tested by me on Zesty 4.10.0-20.22 kernel on QDF2400 SDP.

  [Regression Potential]
  These patches applicable to iommu driver and does not impact any platform 
code. Please see the comments section for regression tests on ARM64, Power8 and 
intel platforms.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680549/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to