← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1672470] Re: ip_rcv_finish() NULL pointer kernel panic

 

This bug was fixed in the package linux - 4.4.0-75.96

---------------
linux (4.4.0-75.96) xenial; urgency=low

  * linux: 4.4.0-75.96 -proposed tracker (LP: #1684441)

  * [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself
    (LP: #1682561)
    - Drivers: hv: util: move waiting for release to hv_utils_transport itself

linux (4.4.0-74.95) xenial; urgency=low

  * linux: 4.4.0-74.95 -proposed tracker (LP: #1682041)

  * [Hyper-V] hv: vmbus: Raise retry/wait limits in vmbus_post_msg()
    (LP: #1681893)
    - Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()

linux (4.4.0-73.94) xenial; urgency=low

  * linux: 4.4.0-73.94 -proposed tracker (LP: #1680416)

  * CVE-2017-6353
    - sctp: deny peeloff operation on asocs with threads sleeping on it

  * vfat: missing iso8859-1 charset (LP: #1677230)
    - [Config] NLS_ISO8859_1=y

  * Regression: KVM modules should be on main kernel package (LP: #1678099)
    - [Config] powerpc: Add kvm-hv and kvm-pr to the generic inclusion list

  * linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial
    4.4.0-63.84~14.04.2 (LP: #1664912)
    - SAUCE: apparmor: fix link auditing failure due to, uninitialized var

  * regession tests failing after stackprofile test is run (LP: #1661030)
    - SAUCE: fix regression with domain change in complain mode

  * Permission denied and inconsistent behavior in complain mode with 'ip netns
    list' command (LP: #1648903)
    - SAUCE: fix regression with domain change in complain mode

  * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
    from a unshared mount namespace (LP: #1656121)
    - SAUCE: apparmor: null profiles should inherit parent control flags

  * apparmor refcount leak of profile namespace when removing profiles
    (LP: #1660849)
    - SAUCE: apparmor: fix ns ref count link when removing profiles from policy

  * tor in lxd: apparmor="DENIED" operation="change_onexec"
    namespace="root//CONTAINERNAME_<var-lib-lxd>" profile="unconfined"
    name="system_tor" (LP: #1648143)
    - SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked
      namespaces

  * apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840)
    - SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails

  * apparmor  auditing denied access of special apparmor .null fi\ le
    (LP: #1660836)
    - SAUCE: apparmor: Don't audit denied access of special apparmor .null file

  * apparmor label leak when new label is unused (LP: #1660834)
    - SAUCE: apparmor: fix label leak when new label is unused

  * apparmor reference count bug in label_merge_insert() (LP: #1660833)
    - SAUCE: apparmor: fix reference count bug in label_merge_insert()

  * apparmor's raw_data file in securityfs is sometimes truncated (LP: #1638996)
    - SAUCE: apparmor: fix replacement race in reading rawdata

  * unix domain socket cross permission check failing with nested namespaces
    (LP: #1660832)
    - SAUCE: apparmor: fix cross ns perm of unix domain sockets

  * Xenial update to v4.4.59 stable release (LP: #1678960)
    - xfrm: policy: init locks early
    - virtio_balloon: init 1st buffer in stats vq
    - pinctrl: qcom: Don't clear status bit on irq_unmask
    - c6x/ptrace: Remove useless PTRACE_SETREGSET implementation
    - h8300/ptrace: Fix incorrect register transfer count
    - mips/ptrace: Preserve previous registers for short regset write
    - sparc/ptrace: Preserve previous registers for short regset write
    - metag/ptrace: Preserve previous registers for short regset write
    - metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS
    - metag/ptrace: Reject partial NT_METAG_RPIPE writes
    - fscrypt: remove broken support for detecting keyring key revocation
    - sched/rt: Add a missing rescheduling point
    - Linux 4.4.59

  * Update ENA driver to 1.1.2 from net-next (LP: #1664312)
    - net: ena: Remove unnecessary pci_set_drvdata()
    - net: ena: Fix error return code in ena_device_init()
    - net: ena: change the return type of ena_set_push_mode() to be void.
    - net: ena: use setup_timer() and mod_timer()
    - net/ena: remove ntuple filter support from device feature list
    - net/ena: fix queues number calculation
    - net/ena: fix ethtool RSS flow configuration
    - net/ena: fix RSS default hash configuration
    - net/ena: fix NULL dereference when removing the driver after device reset
      failed
    - net/ena: refactor ena_get_stats64 to be atomic context safe
    - net/ena: fix potential access to freed memory during device reset
    - net/ena: use READ_ONCE to access completion descriptors
    - net/ena: reduce the severity of ena printouts
    - net/ena: change driver's default timeouts
    - net/ena: change condition for host attribute configuration
    - net/ena: update driver version to 1.1.2

  * Xenial update to v4.4.58 stable release (LP: #1677600)
    - net/openvswitch: Set the ipv6 source tunnel key address attribute correctly
    - net: bcmgenet: Do not suspend PHY if Wake-on-LAN is enabled
    - net: properly release sk_frag.page
    - amd-xgbe: Fix jumbo MTU processing on newer hardware
    - net: unix: properly re-increment inflight counter of GC discarded candidates
    - net/mlx5: Increase number of max QPs in default profile
    - net/mlx5e: Count LRO packets correctly
    - net: bcmgenet: remove bcmgenet_internal_phy_setup()
    - ipv4: provide stronger user input validation in nl_fib_input()
    - socket, bpf: fix sk_filter use after free in sk_clone_lock
    - tcp: initialize icsk_ack.lrcvtime at session start time
    - Input: elan_i2c - add ASUS EeeBook X205TA special touchpad fw
    - Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000
    - Input: iforce - validate number of endpoints before using them
    - Input: ims-pcu - validate number of endpoints before using them
    - Input: hanwang - validate number of endpoints before using them
    - Input: yealink - validate number of endpoints before using them
    - Input: cm109 - validate number of endpoints before using them
    - Input: kbtab - validate number of endpoints before using them
    - Input: sur40 - validate number of endpoints before using them
    - ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()
    - ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call
    - ALSA: hda - Adding a group of pin definition to fix headset problem
    - USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems
    - USB: serial: qcserial: add Dell DW5811e
    - ACM gadget: fix endianness in notifications
    - usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval
    - usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk
    - USB: uss720: fix NULL-deref at probe
    - USB: lvtest: fix NULL-deref at probe
    - USB: idmouse: fix NULL-deref at probe
    - USB: wusbcore: fix NULL-deref at probe
    - usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer
    - usb: hub: Fix crash after failure to read BOS descriptor
    - uwb: i1480-dfu: fix NULL-deref at probe
    - uwb: hwa-rc: fix NULL-deref at probe
    - mmc: ushc: fix NULL-deref at probe
    - iio: adc: ti_am335x_adc: fix fifo overrun recovery
    - iio: hid-sensor-trigger: Change get poll value function order to avoid
      sensor properties losing after resume from S3
    - parport: fix attempt to write duplicate procfiles
    - ext4: mark inode dirty after converting inline directory
    - mmc: sdhci: Do not disable interrupts while waiting for clock
    - xen/acpi: upload PM state from init-domain to Xen
    - iommu/vt-d: Fix NULL pointer dereference in device_to_iommu
    - ARM: at91: pm: cpu_idle: switch DDR to power-down mode
    - ARM: dts: at91: sama5d2: add dma properties to UART nodes
    - cpufreq: Restore policy min/max limits on CPU online
    - raid10: increment write counter after bio is split
    - libceph: don't set weight to IN when OSD is destroyed
    - xfs: don't allow di_size with high bit set
    - xfs: fix up xfs_swap_extent_forks inline extent handling
    - nl80211: fix dumpit error path RTNL deadlocks
    - USB: usbtmc: add missing endpoint sanity check
    - xfs: clear _XBF_PAGES from buffers when readahead page
    - igb: add i211 to i210 PHY workaround
    - vfio/spapr: Postpone allocation of userspace version of TCE table
    - block: allow WRITE_SAME commands with the SG_IO ioctl
    - fbcon: Fix vc attr at deinit
    - crypto: algif_hash - avoid zero-sized array
    - Linux 4.4.58

  * PS/2 mouse does not work on Dell embedded computer (LP: #1591053)
    - Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000

  * Xenial update to v4.4.57 stable release (LP: #1676424)
    - give up on gcc ilog2() constant optimizations
    - perf/core: Fix event inheritance on fork()
    - cpufreq: Fix and clean up show_cpuinfo_cur_freq()
    - powerpc/boot: Fix zImage TOC alignment
    - md/raid1/10: fix potential deadlock
    - target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export
    - scsi: lpfc: Add shutdown method for kexec
    - scsi: libiscsi: add lock around task lists to fix list corruption regression
    - target: Fix VERIFY_16 handling in sbc_parse_cdb
    - isdn/gigaset: fix NULL-deref at probe
    - gfs2: Avoid alignment hole in struct lm_lockname
    - percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages
    - ext4: fix fencepost in s_first_meta_bg validation
    - Linux 4.4.57

  * Xenial update to v4.4.56 stable release (LP: #1675789)
    - netlink: remove mmapped netlink support
    - [Config] CONFIG_NETLINK_MMAP disappeared
    - vxlan: correctly validate VXLAN ID against VXLAN_N_VID
    - vti6: return GRE_KEY for vti6
    - ipv4: mask tos for input route
    - l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
    - net: don't call strlen() on the user buffer in packet_bind_spkt()
    - net: net_enable_timestamp() can be called from irq contexts
    - dccp: Unlock sock before calling sk_free()
    - tcp: fix various issues for sockets morphing to listen state
    - net: fix socket refcounting in skb_complete_wifi_ack()
    - net: fix socket refcounting in skb_complete_tx_timestamp()
    - dccp: fix use-after-free in dccp_feat_activate_values
    - vrf: Fix use-after-free in vrf_xmit
    - uapi: fix linux/packet_diag.h userspace compilation error
    - act_connmark: avoid crashing on malformed nlattrs with null parms
    - mpls: Send route delete notifications when router module is unloaded
    - ipv6: make ECMP route replacement less greedy
    - ipv6: avoid write to a possibly cloned skb
    - dccp/tcp: fix routing redirect race
    - dccp: fix memory leak during tear-down of unsuccessful connection request
    - net sched actions: decrement module reference count after table flush.
    - fscrypt: fix renaming and linking special files
    - fscrypto: lock inode while setting encryption policy
    - x86/kasan: Fix boot with KASAN=y and PROFILE_ANNOTATED_BRANCHES=y
    - x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm
    - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI
    - futex: Add missing error handling to FUTEX_REQUEUE_PI
    - Linux 4.4.56

  * Kernel linux-image-4.4.0-67-generic prevent the boot on Microsoft Hyper-v
    2012r2 Gen2 VM (LP: #1674635)
    - scsi: storvsc: Workaround for virtual DVD SCSI version

  * [Hyper-V][Mellanox] net/mlx4_core: Avoid delays during VF driver device
    shutdown (LP: #1672785)
    - net/mlx4_core: Avoid delays during VF driver device shutdown

  * Channel data values for IIO based st_sensors (st_accel, st_pressure) are
    incorrect (LP: #1676356)
    - iio: core: added support for IIO_VAL_INT
    - iio: st_sensors: simplify buffer address handling
    - iio: st_sensors: read each channel individually
    - iio:st_sensors: emulate SMBus block read if needed
    - iio:st_sensors: align on storagebits boundaries
    - iio:st_pressure: temperature triggered buffering
    - iio:st_pressure: clean useless static channel initializers
    - iio: st_pressure: Fix data sign

  * Enable lspcon on i915 (LP: #1676747)
    - drm: Helper for lspcon in drm_dp_dual_mode
    - drm/i915: Add lspcon support for I915 driver
    - drm/i915: Parse VBT data for lspcon
    - drm/i915: Enable lspcon initialization
    - drm/i915: Add lspcon resume function

  * stress_smoke_test passing and exiting rc=9 (linux 4.9.0-12.13 ADT test
    failure with linux 4.9.0-12.13) (LP: #1658633)
    - ext4: lock the xattr block before checksuming it

  * Fix line-out port noise on Baytrail-I with RT5660 based sound card
    (LP: #1675327)
    - SAUCE: (no-up): ASoC: Intel: bytcr-rt5660: Fix noise in line-out

  * Kernel 4.4.0-67 Defaults to ACPI-cpufreq rather than P-State - Dell
    Precision 5520  (LP: #1674390)
    - cpufreq: intel_pstate: Enable HWP by default

  * ip_rcv_finish() NULL pointer kernel panic (LP: #1672470)
    - bridge: drop netfilter fake rtable unconditionally

  * dm-queue-length module is not included in installer/initramfs (LP: #1673350)
    - d-i: Also add dm-queue-length to multipath modules

  * Broadcom bluetooth modules sometimes fail to initialize (LP: #1483101)
    - Bluetooth: btbcm: Add a delay for module reset

  * Need support of Broadcom bluetooth device [413c:8143] (LP: #1166113)
    - Bluetooth: btusb: Add support for 413c:8143

  * i40e Intel X710 error during device probe prevents link set up and ip
    association (LP: #1672550)
    - i40e: check for and deal with non-contiguous TCs

  * CIFS: Call echo service immediately after socket reconnect (LP: #1669941)
    - Call echo service immediately after socket reconnect

  * FC Adapter (LPe32000-based) prints "iotag out of range", goes offline, and
    delays boot a lot (Ubuntu17.04/Emulex/lpfc)) (LP: #1670490)
    - scsi: lpfc: Add missing memory barrier

  * No C-State Deeper than C3 utilized by Kaby Lake 7820HQ in Precision 5520
    (LP: #1672439)
    - intel_idle: Add KBL support

  * [Hyper-V] Missing PCI patches breaking SR-IOV hot remove (LP: #1670518)
    - PCI: hv: Fix hv_pci_remove() for hot-remove
    - PCI: hv: Delete the device earlier from hbus->children for hot-remove
    - PCI: hv: Make unnecessarily global IRQ masking functions static
    - PCI: hv: Allocate physically contiguous hypercall params buffer

  * Xenial update to v4.4.55 stable release (LP: #1674292)
    - USB: serial: digi_acceleport: fix OOB data sanity check
    - USB: serial: digi_acceleport: fix OOB-event processing
    - crypto: improve gcc optimization flags for serpent and wp512
    - MIPS: Update defconfigs for NF_CT_PROTO_DCCP/UDPLITE change
    - MIPS: ip27: Disable qlge driver in defconfig
    - MIPS: Update ip27_defconfig for SCSI_DH change
    - MIPS: ip22: Fix ip28 build for modern gcc
    - MIPS: Update lemote2f_defconfig for CPU_FREQ_STAT change
    - mtd: pmcmsp: use kstrndup instead of kmalloc+strncpy
    - MIPS: ralink: Cosmetic change to prom_init().
    - MIPS: ralink: Remove unused rt*_wdt_reset functions
    - cpmac: remove hopeless #warning
    - mm: memcontrol: avoid unused function warning
    - MIPS: DEC: Avoid la pseudo-instruction in delay slots
    - MIPS: Netlogic: Fix CP0_EBASE redefinition warnings
    - tracing: Add #undef to fix compile error
    - powerpc: Emulation support for load/store instructions on LE
    - usb: gadget: dummy_hcd: clear usb_gadget region before registration
    - usb: dwc3: gadget: make Set Endpoint Configuration macros safe
    - usb: gadget: function: f_fs: pass companion descriptor along
    - usb: host: xhci-dbg: HCIVERSION should be a binary number
    - usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci
      controllers
    - USB: serial: safe_serial: fix information leak in completion handler
    - USB: serial: omninet: fix reference leaks at open
    - USB: iowarrior: fix NULL-deref at probe
    - USB: iowarrior: fix NULL-deref in write
    - USB: serial: io_ti: fix NULL-deref in interrupt callback
    - USB: serial: io_ti: fix information leak in completion handler
    - serial: samsung: Continue to work if DMA request fails
    - mvsas: fix misleading indentation
    - KVM: s390: Fix guest migration for huge guests resulting in panic
    - s390/kdump: Use "LINUX" ELF note name instead of "CORE"
    - nfit, libnvdimm: fix interleave set cookie calculation
    - dm: flush queued bios when process blocks to avoid deadlock
    - ext4: don't BUG when truncating encrypted inodes on the orphan list
    - Linux 4.4.55

  * Xenial update to v4.4.54 stable release (LP: #1673541)
    - serial: 8250_pci: Add MKS Tenta SCOM-0800 and SCOM-0801 cards
    - KVM: s390: Disable dirty log retrieval for UCONTROL guests
    - KVM: VMX: use correct vmcs_read/write for guest segment selector/base
    - Bluetooth: Add another AR3012 04ca:3018 device
    - s390/qdio: clear DSCI prior to scanning multiple input queues
    - s390/dcssblk: fix device size calculation in dcssblk_direct_access()
    - s390: TASK_SIZE for kernel threads
    - s390: make setup_randomness work
    - s390: use correct input data address for setup_randomness
    - net: mvpp2: fix DMA address calculation in mvpp2_txq_inc_put()
    - mnt: Tuck mounts under others instead of creating shadow/side mounts.
    - IB/ipoib: Fix deadlock between rmmod and set_mode
    - IB/IPoIB: Add destination address when re-queue packet
    - IB/srp: Avoid that duplicate responses trigger a kernel bug
    - IB/srp: Fix race conditions related to task management
    - ktest: Fix child exit code processing
    - ceph: remove req from unsafe list when unregistering it
    - target: Fix NULL dereference during LUN lookup + active I/O shutdown
    - nlm: Ensure callback code also checks that the files match
    - pwm: pca9685: Fix period change with same duty cycle
    - xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD
    - mac80211: flush delayed work when entering suspend
    - drm/amdgpu: add more cases to DCE11 possible crtc mask setup
    - drm/ast: Fix test for VGA enabled
    - drm/ast: Call open_key before enable_mmio in POST code
    - drm/ast: Fix AST2400 POST failure without BMC FW or VBIOS
    - drm/edid: Add EDID_QUIRK_FORCE_8BPC quirk for Rotel RSX-1058
    - drm/ttm: Make sure BOs being swapped out are cacheable
    - drm/atomic: fix an error code in mode_fixup()
    - fakelb: fix schedule while atomic
    - drm/i915/dsi: Do not clear DPOUNIT_CLOCK_GATE_DISABLE from
      vlv_init_display_clock_gating
    - libceph: use BUG() instead of BUG_ON(1)
    - fat: fix using uninitialized fields of fat_inode/fsinfo_inode
    - drivers: hv: Turn off write permission on the hypercall page
    - Linux 4.4.54

  * Xenial update to v4.4.53 stable release (LP: #1673538)
    - samples: move mic/mpssd example code from Documentation
    - MIPS: Fix special case in 64 bit IP checksumming.
    - MIPS: BCM47XX: Fix button inversion for Asus WL-500W
    - MIPS: OCTEON: Fix copy_from_user fault handling for large buffers
    - MIPS: Lantiq: Keep ethernet enabled during boot
    - MIPS: Clear ISA bit correctly in get_frame_info()
    - MIPS: Prevent unaligned accesses during stack unwinding
    - MIPS: Fix get_frame_info() handling of microMIPS function size
    - MIPS: Fix is_jump_ins() handling of 16b microMIPS instructions
    - MIPS: Calculate microMIPS ra properly when unwinding the stack
    - MIPS: Handle microMIPS jumps in the same way as MIPS32/MIPS64 jumps
    - am437x-vpfe: always assign bpp variable
    - uvcvideo: Fix a wrong macro
    - media: fix dm1105.c build error
    - ARM: at91: define LPDDR types
    - ARM: dts: at91: Enable DMA on sama5d4_xplained console
    - ARM: dts: at91: Enable DMA on sama5d2_xplained console
    - ALSA: hda/realtek - Cannot adjust speaker's volume on a Dell AIO
    - ALSA: hda - fix Lewisburg audio issue
    - ALSA: timer: Reject user params with too small ticks
    - ALSA: ctxfi: Fallback DMA mask to 32bit
    - ALSA: seq: Fix link corruption by event error handling
    - ALSA: hda - Add subwoofer support for Dell Inspiron 17 7000 Gaming
    - ALSA: hda - Fix micmute hotkey problem for a lenovo AIO machine
    - staging: rtl: fix possible NULL pointer dereference
    - regulator: Fix regulator_summary for deviceless consumers
    - iommu/vt-d: Fix some macros that are incorrectly specified in intel-iommu
    - iommu/vt-d: Tylersburg isoch identity map check is done too late.
    - mm/page_alloc: fix nodes for reclaim in fast path
    - mm: vmpressure: fix sending wrong events on underflow
    - mm: do not access page->mapping directly on page_endio
    - ipc/shm: Fix shmat mmap nil-page protection
    - dm cache: fix corruption seen when using cache > 2TB
    - dm stats: fix a leaked s->histogram_boundaries array
    - Revert "scsi: storvsc: properly set residual data length on errors"
    - scsi: storvsc: properly set residual data length on errors
    - scsi: aacraid: Reorder Adapter status check
    - scsi: use 'scsi_device_from_queue()' for scsi_dh
    - sd: get disk reference in sd_check_events()
    - Fix: Disable sys_membarrier when nohz_full is enabled
    - jbd2: don't leak modified metadata buffers on an aborted journal
    - block/loop: fix race between I/O and set_status
    - loop: fix LO_FLAGS_PARTSCAN hang
    - ext4: Include forgotten start block on fallocate insert range
    - ext4: do not polute the extents cache while shifting extents
    - ext4: trim allocation requests to group size
    - ext4: fix data corruption in data=journal mode
    - ext4: fix inline data error paths
    - ext4: preserve the needs_recovery flag when the journal is aborted
    - ext4: return EROFS if device is r/o and journal replay is needed
    - samples/seccomp: fix 64-bit comparison macros
    - target: Obtain se_node_acl->acl_kref during get_initiator_node_acl
    - target: Fix multi-session dynamic se_node_acl double free OOPs
    - ath5k: drop bogus warning on drv_set_key with unsupported cipher
    - ath9k: fix race condition in enabling/disabling IRQs
    - ath9k: use correct OTP register offsets for the AR9340 and AR9550
    - crypto: testmgr - Pad aes_ccm_enc_tv_template vector
    - fuse: add missing FR_FORCE
    - arm/arm64: KVM: Enforce unconditional flush to PoC when mapping to stage-2
    - iio: pressure: mpl115: do not rely on structure field ordering
    - iio: pressure: mpl3115: do not rely on structure field ordering
    - can: usb_8dev: Fix memory leak of priv->cmd_msg_buffer
    - w1: don't leak refcount on slave attach failure in w1_attach_slave_device()
    - w1: ds2490: USB transfer buffers need to be DMAable
    - usb: musb: da8xx: Remove CPPI 3.0 quirk and methods
    - usb: host: xhci: plat: check hcc_params after add hcd
    - usb: gadget: udc: fsl: Add missing complete function.
    - hv: allocate synic pages for all present CPUs
    - hv: init percpu_list in hv_synic_alloc()
    - Drivers: hv: util: kvp: Fix a rescind processing issue
    - Drivers: hv: util: Fcopy: Fix a rescind processing issue
    - Drivers: hv: util: Backup: Fix a rescind processing issue
    - RDMA/core: Fix incorrect structure packing for booleans
    - rdma_cm: fail iwarp accepts w/o connection params
    - gfs2: Add missing rcu locking for glock lookup
    - rtlwifi: Fix alignment issues
    - rtlwifi: rtl8192c-common: Fix "BUG: KASAN:
    - nfsd: minor nfsd_setattr cleanup
    - nfsd: special case truncates some more
    - NFSv4: Fix memory and state leak in _nfs4_open_and_get_state
    - NFSv4: fix getacl head length estimation
    - NFSv4: fix getacl ERANGE for some ACL buffer sizes
    - rtc: sun6i: Add some locking
    - rtc: sun6i: Switch to the external oscillator
    - md linear: fix a race between linear_add() and linear_congested()
    - bcma: use (get|put)_device when probing/removing device driver
    - dmaengine: ipu: Make sure the interrupt routine checks all interrupts.
    - powerpc/xmon: Fix data-breakpoint
    - MIPS: IP22: Reformat inline assembler code to modern standards.
    - MIPS: IP22: Fix build error due to binutils 2.25 uselessnes.
    - scsi: lpfc: Correct WQ creation for pagesize
    - Linux 4.4.53

  * move aufs.ko from -extra to linux-image package (LP: #1673498)
    - [config] aufs.ko moved to linux-image package

  * [Xenial] net: better skb->sender_cpu and skb->napi_id cohabitation
    (LP: #1673303)
    - net: better skb->sender_cpu and skb->napi_id cohabitation

  * lsattr 32bit does not work on 64bit kernel (Inappropriate ioctl error)
    (LP: #1619918)
    - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls

  * linux-tools-common should Depends: lsb-release (LP: #1667571)
    - [Config] linux-tools-common depends on lsb-release

  * Add Use-After-Free Patch for Ubuntu16.10 - EEH on BELL3 adapter fails to
    recover (serial/tty) (LP: #1669153)
    - 8250_pci: Fix potential use-after-free in error path

  * [Hyper-V] pci-hyperv: Use device serial number as PCI domain (LP: #1667527)
    - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
    - PCI: hv: Use device serial number as PCI domain

  * [Xenial - 16.04 ]Bonding driver - stack corruption when trying to copy 20
    bytes to a sockaddr (LP: #1668042)
    - net/bonding: Enforce active-backup policy for IPoIB bonds

  * Request to backport cxlflash patches to Xenial SRU stream (LP: #1623750)
    - scsi: cxlflash: Scan host only after the port is ready for I/O
    - scsi: cxlflash: Remove the device cleanly in the system shutdown path
    - scsi: cxlflash: Fix to avoid EEH and host reset collisions
    - scsi: cxlflash: Improve EEH recovery time

  * Xenial update to v4.4.52 stable release (LP: #1669016)
    - net/llc: avoid BUG_ON() in skb_orphan()
    - packet: fix races in fanout_add()
    - packet: Do not call fanout_release from atomic contexts
    - irda: Fix lockdep annotations in hashbin_delete().
    - ip: fix IP_CHECKSUM handling
    - net: socket: fix recvmmsg not returning error from sock_error
    - tty: serial: msm: Fix module autoload
    - USB: serial: mos7840: fix another NULL-deref at open
    - USB: serial: cp210x: add new IDs for GE Bx50v3 boards
    - USB: serial: ftdi_sio: fix modem-status error handling
    - USB: serial: ftdi_sio: fix extreme low-latency setting
    - USB: serial: ftdi_sio: fix line-status over-reporting
    - USB: serial: spcp8x5: fix modem-status handling
    - USB: serial: opticon: fix CTS retrieval at open
    - USB: serial: ark3116: fix register-accessor error handling
    - x86/platform/goldfish: Prevent unconditional loading
    - goldfish: Sanitize the broken interrupt handler
    - block: fix double-free in the failure path of cgwb_bdi_init()
    - rtlwifi: rtl_usb: Fix for URB leaking when doing ifconfig up/down
    - Revert "usb: chipidea: imx: enable CI_HDRC_SET_NON_ZERO_TTHA"
    - kvm: vmx: ensure VMCS is current while enabling PML
    - Linux 4.4.52

  * Xenial update to v4.4.51 stable release (LP: #1669015)
    - vfs: fix uninitialized flags in splice_to_pipe()
    - siano: make it work again with CONFIG_VMAP_STACK
    - fuse: fix use after free issue in fuse_dev_do_read()
    - scsi: don't BUG_ON() empty DMA transfers
    - Fix missing sanity check in /dev/sg
    - Input: elan_i2c - add ELAN0605 to the ACPI table
    - drm/radeon: Use mode h/vdisplay fields to hide out of bounds HW cursor
    - drm/dp/mst: fix kernel oops when turning off secondary monitor
    - futex: Move futex_init() to core_initcall
    - ARM: 8658/1: uaccess: fix zeroing of 64-bit get_user()
    - printk: use rcuidle console tracepoint
    - NTB: ntb_transport: fix debugfs_remove_recursive
    - ntb_transport: Pick an unused queue
    - bcache: Make gc wakeup sane, remove set_task_state()
    - mmc: core: fix multi-bit bus width without high-speed mode
    - Linux 4.4.51

  * Xenial update to v4.4.50 stable release (LP: #1666324)
    - can: Fix kernel panic at security_sock_rcv_skb
    - ipv6: fix ip6_tnl_parse_tlv_enc_lim()
    - ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()
    - tcp: fix 0 divide in __tcp_select_window()
    - net: use a work queue to defer net_disable_timestamp() work
    - ipv4: keep skb->dst around in presence of IP options
    - netlabel: out of bound access in cipso_v4_validate()
    - ip6_gre: fix ip6gre_err() invalid reads
    - ipv6: tcp: add a missing tcp_v6_restore_cb()
    - tcp: avoid infinite loop in tcp_splice_read()
    - tun: read vnet_hdr_sz once
    - macvtap: read vnet_hdr_size once
    - mlx4: Invoke softirqs after napi_reschedule
    - sctp: avoid BUG_ON on sctp_wait_for_sndbuf
    - sit: fix a double free on error path
    - net: introduce device min_header_len
    - packet: round up linear to header len
    - ping: fix a null pointer dereference
    - l2tp: do not use udp_ioctl()
    - Linux 4.4.50

  * FlashGT Integration and Setup: fsbmc30: After 17th reboot of soft bootme,
    HTX & Linux errors seen with 256 virtual LUNs (LP: #1667239)
    - cxl: Fix coredump generation when cxl_get_fd() is used

  * [Hyper-V] Ubuntu 14.04.2 LTS Generation 2 SCSI Errors on VSS Based Backups
    (LP: #1470250)
    - Drivers: hv: vss: Operation timeouts should match host expectation
    - SAUCE: Tools: hv: vss: Thaw the filesystem and continue after freeze fails

  * kernel 4.4.0-63 with USB WLAN RTL8192CU freezes desktop (LP: #1666421)
    - rtlwifi: rtl_usb: Fix missing entry in USB driver's private data

  * Export symbol "dev_pm_qos_update_user_latency_tolerance" (LP: #1666401)
    - PM / QoS: Export dev_pm_qos_update_user_latency_tolerance

  * Linux ZFS port doesn't respect RLIMIT_FSIZE (LP: #1656259)
    - SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu16

 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>  Wed, 19 Apr 2017 17:14:23
+0200

** Changed in: linux (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-6353

** Changed in: linux (Ubuntu Yakkety)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1672470

Title:
  ip_rcv_finish() NULL pointer kernel panic

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Trusty:
  Invalid
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Yakkety:
  Fix Released
Status in linux source package in Zesty:
  Fix Released

Bug description:
  [Impact]

  When using iptables rules affecting bridge traffic, and if affected
  traffic is flowing through bridge while br_netfilter module is loaded
  or unloaded, a kernel panic may occur.

  [Test Case]

  It's difficult to reproduce because of a very small race condition
  window during br_netfilter load/unload when the module is receiving
  traffic but has not yet registered its hooks (or, has unregistered its
  hooks but still has traffic it's processing).  A system must be set up
  using a bridge, and iptable netfilter rules must be set up to process
  the bridge traffic.  Then the system should be rebooted until the
  problem occurs, or the br_netfilter module should be loaded/unloaded
  until the problem occurs.

  [Regression Potential]

  Changing how the br_netfilter module switches its fake dst for a real
  dst may, if done incorrectly, result in more kernel panics if other
  code tries to process the br_netfilter module's fake dst.

  [Other Info]

  The br_netfilter module processes packets traveling through its
  bridge, and while processing each skb it places a special fake dst
  onto the skb.  When the skb leaves the bridge, it removes the fake dst
  and places a real dst onto it.  However, it uses a hook to do this,
  and when the br_netfilter module is unloading it unregisters that
  hook.  Any skbs that are currently being processed in the bridge by
  the br_netfilter module, but that leave the bridge after the hook is
  unregistered (or, during br_netfilter module load, before the hook is
  registered) will still have the fake dst; when other code then tries
  to process that dst, it causes a kernel panic because the dst is
  invalid.

  Recent upstream discussion:
  https://www.spinics.net/lists/netdev/msg416912.html

  Upstream patch:
  https://patchwork.ozlabs.org/patch/738275/
  upstream commit is a13b2082ece95247779b9995c4e91b4246bed023

  example panic report:

  [ 214.518262] BUG: unable to handle kernel NULL pointer dereference at (null)
  [ 214.612199] IP: [< (null)>] (null)
  [ 214.672744] PGD 0 [ 214.696887] Oops: 0010 [#1] SMP [ 214.735697] Modules linked in: br_netfilter(+) tun 8021q bridge stp llc bonding iTCO_wdt iTCO_vendor_support tpm_tis tpm kvm_intel kvm irqbypass sb_edac edac_core ixgbe mdio ipmi_si ipmi_msghandler lpc_ich mfd_core mousedev evdev igb dca procmemro(O) nokeyctl(O) noptrace(O)
  [ 215.029240] CPU: 34 PID: 0 Comm: swapper/34 Tainted: G O 4.4.39 #1
  [ 215.116720] Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.13a.0.0713160937 07/13/16
  [ 215.241644] task: ffff882038fb4380 ti: ffff8810392b0000 task.ti: ffff8810392b0000
  [ 215.331207] RIP: 0010:[<0000000000000000>] [< (null)>] (null)
  [ 215.420877] RSP: 0018:ffff88103fec3880 EFLAGS: 00010286
  [ 215.484436] RAX: ffff881011631000 RBX: ffff881011067100 RCX: 0000000000000000
  [ 215.569836] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff881011067100
  [ 215.655234] RBP: ffff88103fec38a8 R08: 0000000000000008 R09: ffff8810116300a0
  [ 215.740629] R10: 0000000000000000 R11: 0000000000000000 R12: ffff881018917dce
  [ 215.826030] R13: ffffffff81c9be00 R14: ffffffff81c9be00 R15: ffff881011630078
  [ 215.911432] FS: 0000000000000000(0000) GS:ffff88103fec0000(0000) knlGS:0000000000000000
  [ 216.008274] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [ 216.077032] CR2: 0000000000000000 CR3: 0000001011b9d000 CR4: 00000000001406e0
  [ 216.162430] Stack:
  [ 216.186461] ffffffff8157d7f9 ffff881011067100 ffff881018917dce ffff881011630000
  [ 216.275407] ffffffff81c9be00 ffff88103fec3918 ffffffff8157e0db 0000000000000000
  [ 216.364352] 0000000000000000 0000000000000000 0000000000000000 0000000000000000
  [ 216.453301] Call Trace:
  [ 216.482536] <IRQ> [ 216.505533] [<ffffffff8157d7f9>] ? ip_rcv_finish+0x99/0x320
  [ 216.575442] [<ffffffff8157e0db>] ip_rcv+0x25b/0x370
  [ 216.634842] [<ffffffff81540e0b>] __netif_receive_skb_core+0x2cb/0xa20
  [ 216.712965] [<ffffffff81541578>] __netif_receive_skb+0x18/0x60
  [ 216.783801] [<ffffffff815415e3>] netif_receive_skb_internal+0x23/0x80
  [ 216.861921] [<ffffffff8154165c>] netif_receive_skb+0x1c/0x70
  [ 216.930686] [<ffffffffa02f6439>] br_handle_frame_finish+0x1b9/0x5b0 [bridge]
  [ 217.016091] [<ffffffff81187a00>] ? ___slab_alloc+0x1d0/0x440
  [ 217.084849] [<ffffffffa0584074>] br_nf_pre_routing_finish+0x174/0x3d0 [br_netfilter]
  [ 217.178568] [<ffffffffa0584c07>] ? br_nf_pre_routing+0x97/0x470 [br_netfilter]
  [ 217.266052] [<ffffffffa02f6280>] ? br_handle_local_finish+0x80/0x80 [bridge]
  [ 217.351450] [<ffffffffa0584d17>] br_nf_pre_routing+0x1a7/0x470 [br_netfilter]
  [ 217.437891] [<ffffffff81572f6d>] nf_iterate+0x5d/0x70
  [ 217.499367] [<ffffffff81572fe4>] nf_hook_slow+0x64/0xc0
  [ 217.562928] [<ffffffffa02f69e9>] br_handle_frame+0x1b9/0x290 [bridge]
  [ 217.641048] [<ffffffffa02f6280>] ? br_handle_local_finish+0x80/0x80 [bridge]
  [ 217.726446] [<ffffffff81540e82>] __netif_receive_skb_core+0x342/0xa20
  [ 217.804566] [<ffffffff815a7916>] ? tcp4_gro_receive+0x126/0x1d0
  [ 217.876445] [<ffffffff815b7446>] ? inet_gro_receive+0x1c6/0x250
  [ 217.948322] [<ffffffff81541578>] __netif_receive_skb+0x18/0x60
  [ 218.019161] [<ffffffff815415e3>] netif_receive_skb_internal+0x23/0x80
  [ 218.097281] [<ffffffff81542213>] napi_gro_receive+0xc3/0x110
  [ 218.166051] [<ffffffffa00a801f>] ixgbe_clean_rx_irq+0x52f/0xa70 [ixgbe]
  [ 218.246255] [<ffffffffa00a9248>] ixgbe_poll+0x438/0x790 [ixgbe]
  [ 218.318131] [<ffffffff81541a6e>] net_rx_action+0x1ee/0x320
  [ 218.384813] [<ffffffff8109c837>] ? handle_irq_event_percpu+0x167/0x1d0
  [ 218.463973] [<ffffffff8105c3c1>] __do_softirq+0x101/0x280
  [ 218.529608] [<ffffffff8105c69e>] irq_exit+0x8e/0x90
  [ 218.589007] [<ffffffff816dd504>] do_IRQ+0x54/0xd0
  [ 218.646323] [<ffffffff816dba02>] common_interrupt+0x82/0x82

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1672470/+subscriptions