This bug was fixed in the package linux-hwe - 4.10.0-33.37~16.04.1
---------------
linux-hwe (4.10.0-33.37~16.04.1) xenial; urgency=low
* linux-hwe: 4.10.0-33.37~16.04.1 -proposed tracker (LP: #1709304)
* linux: 4.10.0-33.37 -proposed tracker (LP: #1709303)
* CVE-2017-1000112
- Revert "udp: consistently apply ufo or fragmentation"
- udp: consistently apply ufo or fragmentation
* CVE-2017-1000111
- Revert "net-packet: fix race in packet_set_ring on PACKET_RESERVE"
- packet: fix tp_reserve race in packet_set_ring
* ThunderX: soft lockup on 4.8+ kernels when running qemu-efi with vhost=on
(LP: #1673564)
- irqchip/gic-v3: Add missing system register definitions
- arm64: KVM: Do not use stack-protector to compile EL2 code
- KVM: arm/arm64: vgic-v3: Use PREbits to infer the number of ICH_APxRn_EL2
registers
- KVM: arm/arm64: vgic-v3: Fix nr_pre_bits bitfield extraction
- arm64: Add a facility to turn an ESR syndrome into a sysreg encoding
- KVM: arm/arm64: vgic-v3: Add accessors for the ICH_APxRn_EL2 registers
- KVM: arm64: Make kvm_condition_valid32() accessible from EL2
- KVM: arm64: vgic-v3: Add hook to handle guest GICv3 sysreg accesses at EL2
- KVM: arm64: vgic-v3: Add ICV_BPR1_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_IGRPEN1_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_IAR1_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_EOIR1_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_AP1Rn_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_HPPIR1_EL1 handler
- KVM: arm64: vgic-v3: Enable trapping of Group-1 system registers
- KVM: arm64: Enable GICv3 Group-1 sysreg trapping via command-line
- KVM: arm64: vgic-v3: Add ICV_BPR0_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_IGNREN0_EL1 handler
- KVM: arm64: vgic-v3: Add misc Group-0 handlers
- KVM: arm64: vgic-v3: Enable trapping of Group-0 system registers
- KVM: arm64: Enable GICv3 Group-0 sysreg trapping via command-line
- arm64: Add MIDR values for Cavium cn83XX SoCs
- [Config] CONFIG_CAVIUM_ERRATUM_30115=y
- arm64: Add workaround for Cavium Thunder erratum 30115
- KVM: arm64: vgic-v3: Add ICV_DIR_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_RPR_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_CTLR_EL1 handler
- KVM: arm64: vgic-v3: Add ICV_PMR_EL1 handler
- KVM: arm64: Enable GICv3 common sysreg trapping via command-line
- KVM: arm64: vgic-v3: Log which GICv3 system registers are trapped
- arm64: KVM: Make unexpected reads from WO registers inject an undef
- KVM: arm64: Log an error if trapping a read-from-write-only GICv3 access
- KVM: arm64: Log an error if trapping a write-to-read-only GICv3 access
* ibmvscsis: Do not send aborted task response (LP: #1689365)
- target: Fix unknown fabric callback queue-full errors
- ibmvscsis: Do not send aborted task response
- ibmvscsis: Clear left-over abort_cmd pointers
- ibmvscsis: Fix the incorrect req_lim_delta
* hisi_sas performance improvements (LP: #1708734)
- scsi: hisi_sas: define hisi_sas_device.device_id as int
- scsi: hisi_sas: optimise the usage of hisi_hba.lock
- scsi: hisi_sas: relocate sata_done_v2_hw()
- scsi: hisi_sas: optimise DMA slot memory
* hisi_sas driver reports mistakes timed out task for internal abort
(LP: #1708730)
- scsi: hisi_sas: fix timeout check in hisi_sas_internal_task_abort()
* scsi: hisi_sas: add null check before indirect pointer dereference
(LP: #1708714)
- scsi: hisi_sas: add null check before indirect pointer dereference
* [LTCTest][Opal][FW860.20] HMI recoverable errors failed to recover and
system goes to dump state. (LP: #1684054)
- powerpc/64: Fix HMI exception on LE with CONFIG_RELOCATABLE=y
* Set CONFIG_SATA_HIGHBANK=y on armhf (LP: #1703430)
- [Config] CONFIG_SATA_HIGHBANK=y
* Adt tests of src:linux time out often on armhf lxc containers (LP: #1705495)
- [Packaging] tests -- reduce rebuild test to one flavour
* support Hip07/08 I2C controller (LP: #1708293)
- ACPI / APD: Add clock frequency for Hisilicon Hip07/08 I2C controller
- i2c: designware: Add ACPI HID for Hisilicon Hip07/08 I2C controller
* Mute key LED does not work on HP ProBook 440 (LP: #1705586)
- ALSA: hda - Add HP ZBook 15u G3 Conexant CX20724 GPIO mute leds
- ALSA: hda - Add mute led support for HP ProBook 440 G4
* Hisilicon D05 onboard fibre NIC link indicator LEDs don't work
(LP: #1704903)
- net: hns: add acpi function of xge led control
* zesty unable to handle kernel NULL pointer dereference (LP: #1680904)
- drm/i915: Do not drop pagetables when empty
* hns: use after free in hns_nic_net_xmit_hw (LP: #1704885)
- net: hns: Fix a skb used after free bug
* [ARM64] config EDAC_GHES=y depends on EDAC_MM_EDAC=y (LP: #1706141)
- [Config] set EDAC_MM_EDAC=y for ARM64
* [Hyper-V] hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
(LP: #1690174)
- hv_netvsc: Exclude non-TCP port numbers from vRSS hashing
* ath10k doesn't report full RSSI information (LP: #1706531)
- ath10k: add per chain RSSI reporting
* ideapad_laptop don't support v310-14isk (LP: #1705378)
- platform/x86: ideapad-laptop: Add several models to no_hw_rfkill
* hns: ethtool selftest crashes system (LP: #1705712)
- net/hns:bugfix of ethtool -t phy self_test
* ath9k freezes suspend resume Ubuntu 17.04 (LP: #1697027)
- ath9k: fix an invalid pointer dereference in ath9k_rng_stop()
* xhci_hcd: ERROR Transfer event TRB DMA ptr not part of current TD ep_index 2
comp_code 13 (LP: #1667750)
- xhci: Bad Ethernet performance plugged in ASM1042A host
* Migrating KSM page causes the VM lock up as the KSM page merging list is too
large (LP: #1680513)
- ksm: introduce ksm_max_page_sharing per page deduplication limit
- ksm: fix use after free with merge_across_nodes = 0
- ksm: cleanup stable_node chain collapse case
- ksm: swap the two output parameters of chain/chain_prune
- ksm: optimize refile of stable_node_dup at the head of the chain
* Change CONFIG_IBMVETH to module (LP: #1704479)
- [Config] CONFIG_IBMVETH=m
* CVE-2017-7487
- ipx: call ipxitf_put() in ioctl error path
* Hotkeys on new Thinkpad systems aren't working (LP: #1705169)
- platform/x86: thinkpad_acpi: guard generic hotkey case
- platform/x86: thinkpad_acpi: add mapping for new hotkeys
* misleading kernel warning skb_warn_bad_offload during checksum calculation
(LP: #1705447)
- net: reduce skb_warn_bad_offload() noise
* Ubuntu 16.04.02: ibmveth: Support to enable LSO/CSO for Trunk VEA
(LP: #1692538)
- ibmveth: Support to enable LSO/CSO for Trunk VEA.
* bonding: stack dump when unregistering a netdev (LP: #1704102)
- bonding: avoid NETDEV_CHANGEMTU event when unregistering slave
* Ubuntu 16.04 IOB Error when the Mustang board rebooted (LP: #1693673)
- drivers: net: xgene: Fix redundant prefetch buffer cleanup
* Ubuntu16.04: NVMe 4K+T10 DIF/DIX format returns I/O error on dd with split
op (LP: #1689946)
- blk-mq: NVMe 512B/4K+T10 DIF/DIX format returns I/O error on dd with split
op
* linux >= 4.2: bonding 802.3ad does not work with 5G, 25G and 50G link speeds
(LP: #1697892)
- bonding: add 802.3ad support for 25G speeds
- bonding: fix 802.3ad support for 5G and 50G speeds
* [SRU][Zesty] arm64: Add support for handling memory corruption
(LP: #1696852)
- arm64: mm: Update perf accounting to handle poison faults
- arm64: hugetlb: Fix huge_pte_offset to return poisoned page table entries
- arm64: kconfig: allow support for memory failure handling
- arm64: hwpoison: add VM_FAULT_HWPOISON[_LARGE] handling
* [SRU][Zesty] Add UEFI 2.6 and ACPI 6.1 updates for RAS on ARM64
(LP: #1696570)
- acpi: apei: read ack upon ghes record consumption
- ras: acpi/apei: cper: add support for generic data v3 structure
- cper: add timestamp print to CPER status printing
- efi: parse ARM processor error
- arm64: exception: handle Synchronous External Abort
- acpi: apei: handle SEA notification type for ARMv8
- acpi: apei: panic OS with fatal error status block
- efi: print unrecognized CPER section
- ras: acpi / apei: generate trace event for unrecognized CPER section
- trace, ras: add ARM processor error trace event
- ras: mark stub functions as 'inline'
- arm/arm64: KVM: add guest SEA support
- acpi: apei: check for pending errors when probing GHES entries
- [Config] CONFIG_ACPI_APEI_SEA=y
-- Stefan Bader <stefan.ba...@canonical.com> Fri, 11 Aug 2017 11:40:30
+0200
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1680904
Title:
zesty unable to handle kernel NULL pointer dereference
Status in Linux:
Fix Released
Status in linux package in Ubuntu:
Fix Committed
Status in linux-hwe package in Ubuntu:
Fix Released
Status in linux source package in Zesty:
Fix Released
Status in linux-hwe source package in Zesty:
Confirmed
Bug description:
Upgraded to zesty about a week ago. Ran into this on latest kernel.
(during high load, nothing in particular seems to cause it to happen).
Did not happen with previous (4.10.0.14.16) kernel. Only after update
to 4.10.0.15.17, has happened about 3 times since then (or other
crashes), this is the one I could capture.
kern.log entries below. Let me know if you need anything else from me.
Thanks!
Apr 7 11:20:28 doe kernel: [26003.796278] BUG: unable to handle kernel NULL
pointer dereference at 0000000000000018
Apr 7 11:20:28 doe kernel: [26003.796375] IP:
gen8_ppgtt_alloc_page_directories.isra.38+0x115/0x250 [i915]
Apr 7 11:20:28 doe kernel: [26003.796404] PGD 0
Apr 7 11:20:28 doe kernel: [26003.796405]
Apr 7 11:20:28 doe kernel: [26003.796427] Oops: 0002 [#1] SMP
Apr 7 11:20:28 doe kernel: [26003.796441] Modules linked in: xt_REDIRECT
nf_nat_redirect xt_hl scsi_transport_iscsi binfmt_misc veth ip6table_nat
nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_filter ip6_tables
ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_CHECKSUM xt_comment xt_tcpudp
iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack
libcrc32c iptable_mangle iptable_filter ccm rfcomm bridge stp llc cmac bnep
zfs(PO) zunicode(PO) zavl(PO) zcommon(PO) znvpair(PO) spl(O) nls_iso8859_1
hid_multitouch joydev i2c_designware_platform i2c_designware_core
snd_hda_codec_hdmi snd_soc_skl snd_soc_skl_ipc snd_soc_sst_ipc snd_soc_sst_dsp
snd_hda_codec_realtek snd_hda_ext_core snd_soc_sst_match snd_hda_codec_generic
snd_soc_core snd_compress ac97_bus snd_pcm_dmaengine snd_hda_intel
snd_hda_codec snd_hda_core asus_nb_wmi
Apr 7 11:20:28 doe kernel: [26003.796722] snd_hwdep asus_wmi sparse_keymap
snd_pcm arc4 snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device
iwlmvm snd_timer mac80211 intel_rapl x86_pkg_temp_thermal snd intel_powerclamp
uvcvideo coretemp kvm_intel iwlwifi videobuf2_vmalloc kvm videobuf2_memops
irqbypass videobuf2_v4l2 intel_cstate videobuf2_core intel_rapl_perf cfg80211
videodev input_leds serio_raw media shpchp soundcore btusb btrtl hci_uart btbcm
elan_i2c btqca btintel acpi_als int3403_thermal bluetooth kfifo_buf
industrialio mac_hid idma64 mei_me virt_dma intel_pch_thermal acpi_pad
int3400_thermal intel_lpss_pci int3402_thermal mei intel_lpss_acpi
acpi_thermal_rel processor_thermal_device intel_lpss tpm_crb
int340x_thermal_zone int3406_thermal intel_soc_dts_iosf asus_wireless
parport_pc ppdev lp parport ip_tables
Apr 7 11:20:28 doe kernel: [26003.797026] x_tables autofs4 algif_skcipher
af_alg dm_crypt crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc i915
aesni_intel aes_x86_64 crypto_simd glue_helper cryptd i2c_algo_bit
drm_kms_helper syscopyarea sysfillrect ahci sysimgblt libahci fb_sys_fops drm
wmi i2c_hid hid pinctrl_sunrisepoint video pinctrl_intel fjes
Apr 7 11:20:28 doe kernel: [26003.797142] CPU: 0 PID: 8418 Comm:
chromium-browse Tainted: P O 4.10.0-15-generic #17-Ubuntu
Apr 7 11:20:28 doe kernel: [26003.797175] Hardware name: ASUSTeK COMPUTER
INC. UX305CA/UX305CA, BIOS UX305CA.201 09/11/2015
Apr 7 11:20:28 doe kernel: [26003.797206] task: ffff9bbaa201dc00 task.stack:
ffffc25b5ea8c000
Apr 7 11:20:28 doe kernel: [26003.797250] RIP:
0010:gen8_ppgtt_alloc_page_directories.isra.38+0x115/0x250 [i915]
Apr 7 11:20:28 doe kernel: [26003.797279] RSP: 0018:ffffc25b5ea8f880 EFLAGS:
00010246
Apr 7 11:20:28 doe kernel: [26003.797299] RAX: ffff9bba689be580 RBX:
0000000000000003 RCX: 0000000000000003
Apr 7 11:20:28 doe kernel: [26003.797325] RDX: 0000000000000000 RSI:
ffff9bbae7c0a000 RDI: ffff9bbba0418000
Apr 7 11:20:28 doe kernel: [26003.797351] RBP: ffffc25b5ea8f8d8 R08:
0000000000000000 R09: 0000000000000000
Apr 7 11:20:28 doe kernel: [26003.797378] R10: 0000000000000000 R11:
0000000000000041 R12: ffff9bbb5f00a000
Apr 7 11:20:28 doe kernel: [26003.797405] R13: ffff9bbba932bb10 R14:
00000000fff97000 R15: 0000000000008000
Apr 7 11:20:28 doe kernel: [26003.797440] FS: 00007f70bd1df6c0(0000)
GS:ffff9bbbb3c00000(0000) knlGS:0000000000000000
Apr 7 11:20:28 doe kernel: [26003.797470] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
Apr 7 11:20:28 doe kernel: [26003.797497] CR2: 0000000000000018 CR3:
0000000169420000 CR4: 00000000003406f0
Apr 7 11:20:28 doe kernel: [26003.797523] Call Trace:
Apr 7 11:20:28 doe kernel: [26003.797553]
gen8_alloc_va_range_3lvl+0xfb/0x9e0 [i915]
Apr 7 11:20:28 doe kernel: [26003.797576] ?
__alloc_pages_nodemask+0x209/0x260
Apr 7 11:20:28 doe kernel: [26003.797610] gen8_alloc_va_range+0x23d/0x470
[i915]
Apr 7 11:20:28 doe kernel: [26003.797648] i915_vma_bind+0x7e/0x170 [i915]
Apr 7 11:20:28 doe kernel: [26003.797683] __i915_vma_do_pin+0x2a5/0x450
[i915]
Apr 7 11:20:28 doe kernel: [26003.797720]
i915_gem_execbuffer_reserve_vma.isra.31+0x144/0x1b0 [i915]
Apr 7 11:20:28 doe kernel: [26003.797761]
i915_gem_execbuffer_reserve.isra.32+0x39e/0x3d0 [i915]
Apr 7 11:20:28 doe kernel: [26003.797800]
i915_gem_do_execbuffer.isra.38+0x4a2/0x1750 [i915]
Apr 7 11:20:28 doe kernel: [26003.797824] ? radix_tree_lookup_slot+0x22/0x50
Apr 7 11:20:28 doe kernel: [26003.797846] ? shmem_getpage_gfp+0xf9/0xc10
Apr 7 11:20:28 doe kernel: [26003.797881] i915_gem_execbuffer2+0xa1/0x1e0
[i915]
Apr 7 11:20:28 doe kernel: [26003.797917] drm_ioctl+0x21b/0x4c0 [drm]
Apr 7 11:20:28 doe kernel: [26003.797948] ? i915_gem_execbuffer+0x310/0x310
[i915]
Apr 7 11:20:28 doe kernel: [26003.797969] ? __seccomp_filter+0x67/0x250
Apr 7 11:20:28 doe kernel: [26003.797990] do_vfs_ioctl+0xa3/0x610
Apr 7 11:20:28 doe kernel: [26003.798012] ? __secure_computing+0x3f/0xd0
Apr 7 11:20:28 doe kernel: [26003.798039] ? syscall_trace_enter+0xcd/0x2e0
Apr 7 11:20:28 doe kernel: [26003.798064] SyS_ioctl+0x79/0x90
Apr 7 11:20:28 doe kernel: [26003.798085] do_syscall_64+0x5b/0xc0
Apr 7 11:20:28 doe kernel: [26003.798102]
entry_SYSCALL64_slow_path+0x25/0x25
Apr 7 11:20:28 doe kernel: [26003.798120] RIP: 0033:0x7f70a7aa7907
Apr 7 11:20:28 doe kernel: [26003.798135] RSP: 002b:00007ffe44fb4878 EFLAGS:
00000246 ORIG_RAX: 0000000000000010
Apr 7 11:20:28 doe kernel: [26003.798163] RAX: ffffffffffffffda RBX:
0000559898103980 RCX: 00007f70a7aa7907
Apr 7 11:20:28 doe kernel: [26003.798188] RDX: 00007ffe44fb48c0 RSI:
00000000c0406469 RDI: 00000000000000ef
Apr 7 11:20:28 doe kernel: [26003.798214] RBP: 00007ffe44fb48c0 R08:
0000000000000000 R09: 0000000000000000
Apr 7 11:20:28 doe kernel: [26003.798240] R10: 0000000000000050 R11:
0000000000000246 R12: 00000000c0406469
Apr 7 11:20:28 doe kernel: [26003.798266] R13: 00000000000000ef R14:
0000000000000000 R15: 0000000000000000
Apr 7 11:20:28 doe kernel: [26003.798293] Code: e6 48 8b 90 20 03 00 00 48
8b b8 d8 02 00 00 48 8b 52 08 48 83 ca 03 e8 ca cd ff ff 48 8b 45 b0 48 8b 4d
c8 48 8b 10 48 8b 45 d0 <4c> 89 24 ca 48 0f ab 08 0f 1f 44 00 00 e9 53 ffff ff
65 8b 05
Apr 7 11:20:28 doe kernel: [26003.798399] RIP:
gen8_ppgtt_alloc_page_directories.isra.38+0x115/0x250 [i915] RSP:
ffffc25b5ea8f880
Apr 7 11:20:28 doe kernel: [26003.798435] CR2: 0000000000000018
Apr 7 11:20:28 doe kernel: [26003.826121] ---[ end trace 667fce1b2de2d471
]---
ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: linux-image-4.10.0-15-generic 4.10.0-15.17
ProcVersionSignature: Ubuntu 4.10.0-15.17-generic 4.10.5
Uname: Linux 4.10.0-15-generic x86_64
NonfreeKernelModules: zfs zunicode zavl zcommon znvpair
ApportVersion: 2.20.4-0ubuntu3
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC0: lutostag 3280 F.... pulseaudio
CurrentDesktop: Unity:Unity7
Date: Fri Apr 7 11:30:42 2017
HibernationDevice: RESUME=UUID=f32bc2f0-9063-4554-8204-936f2f51ffb3
InstallationDate: Installed on 2016-09-20 (199 days ago)
InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64
(20160719)
Lsusb:
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 003: ID 8087:0a2a Intel Corp.
Bus 001 Device 002: ID 0bda:57cb Realtek Semiconductor Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: ASUSTeK COMPUTER INC. UX305CA
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.10.0-15-generic.efi.signed
root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7
RelatedPackageVersions:
linux-restricted-modules-4.10.0-15-generic N/A
linux-backports-modules-4.10.0-15-generic N/A
linux-firmware 1.164
SourcePackage: linux
UpgradeStatus: Upgraded to zesty on 2017-03-27 (10 days ago)
dmi.bios.date: 09/11/2015
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: UX305CA.201
dmi.board.asset.tag: ATN12345678901234567
dmi.board.name: UX305CA
dmi.board.vendor: ASUSTeK COMPUTER INC.
dmi.board.version: 1.0
dmi.chassis.asset.tag: ATN12345678901234567
dmi.chassis.type: 10
dmi.chassis.vendor: ASUSTeK COMPUTER INC.
dmi.chassis.version: 1.0
dmi.modalias:
dmi:bvnAmericanMegatrendsInc.:bvrUX305CA.201:bd09/11/2015:svnASUSTeKCOMPUTERINC.:pnUX305CA:pvr1.0:rvnASUSTeKCOMPUTERINC.:rnUX305CA:rvr1.0:cvnASUSTeKCOMPUTERINC.:ct10:cvr1.0:
dmi.product.name: UX305CA
dmi.product.version: 1.0
dmi.sys.vendor: ASUSTeK COMPUTER INC.
To manage notifications about this bug go to:
https://bugs.launchpad.net/linux/+bug/1680904/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
