This bug was fixed in the package linux - 4.10.0-15.17
---------------
linux (4.10.0-15.17) zesty; urgency=low
[ Tim Gardner ]
* Release Tracking Bug
- LP: #1675868
* In ZZ-BML (POWER9):ubuntu17.04 installation Fails (LP: #1675771)
- powerpc/64s: fix handling of non-synchronous machine checks
- powerpc/64s: allow machine check handler to set severity and initiator
- powerpc/64s: POWER9 machine check handler
* [Feature] R3 mwait support for Knights Mill (LP: #1637550)
- x86/cpufeature: Enable RING3MWAIT for Knights Landing
- x86/cpufeature: Enable RING3MWAIT for Knights Mill
- x86/msr: Add MSR_MISC_FEATURE_ENABLES and RING3MWAIT bit
- x86/elf: Add HWCAP2 to expose ring 3 MONITOR/MWAIT
- x86/cpufeature: Add RING3MWAIT to CPU features
* [Feature] GLK:New device IDs (LP: #1645951)
- mfd: intel-lpss: Add Intel Gemini Lake PCI IDs
- pwm: lpss: Add Intel Gemini Lake PCI ID
- i2c: i801: Add support for Intel Gemini Lake
- spi: pxa2xx: Add support for Intel Gemini Lake
- [Config] CONFIG_PINCTRL_GEMINILAKE=m
- pinctrl: intel: Add Intel Gemini Lake pin controller support
* Zesty update to v4.10.5 stable release (LP: #1675032)
- net/mlx5e: Register/unregister vport representors on interface
attach/detach
- net/mlx5e: Do not reduce LRO WQE size when not using build_skb
- net/mlx5e: Fix broken CQE compression initialization
- net/mlx5e: Update MPWQE stride size when modifying CQE compress state
- net/mlx5e: Fix wrong CQE decompression
- vxlan: correctly validate VXLAN ID against VXLAN_N_VID
- vti6: return GRE_KEY for vti6
- vxlan: don't allow overwrite of config src addr
- ipv4: add missing initialization for flowi4_uid
- ipv4: mask tos for input route
- sctp: set sin_port for addr param when checking duplicate address
- net sched actions: decrement module reference count after table flush.
- l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
- vxlan: lock RCU on TX path
- geneve: lock RCU on TX path
- mlxsw: spectrum_router: Avoid potential packets loss
- net: bridge: allow IPv6 when multicast flood is disabled
- net: don't call strlen() on the user buffer in packet_bind_spkt()
- net: net_enable_timestamp() can be called from irq contexts
- ipv6: orphan skbs in reassembly unit
- dccp: Unlock sock before calling sk_free()
- amd-xgbe: Stop the PHY before releasing interrupts
- amd-xgbe: Be sure to set MDIO modes on device (re)start
- amd-xgbe: Don't overwrite SFP PHY mod_absent settings
- bonding: use ETH_MAX_MTU as max mtu
- strparser: destroy workqueue on module exit
- tcp: fix various issues for sockets morphing to listen state
- net: fix socket refcounting in skb_complete_wifi_ack()
- net: fix socket refcounting in skb_complete_tx_timestamp()
- net/sched: act_skbmod: remove unneeded rcu_read_unlock in tcf_skbmod_dump
- dccp: fix use-after-free in dccp_feat_activate_values
- team: use ETH_MAX_MTU as max mtu
- vrf: Fix use-after-free in vrf_xmit
- net/tunnel: set inner protocol in network gro hooks
- uapi: fix linux/packet_diag.h userspace compilation error
- amd-xgbe: Enable IRQs only if napi_complete_done() is true
- act_connmark: avoid crashing on malformed nlattrs with null parms
- mpls: Send route delete notifications when router module is unloaded
- mpls: Do not decrement alive counter for unregister events
- ipv6: make ECMP route replacement less greedy
- ipv6: avoid write to a possibly cloned skb
- net: use net->count to check whether a netns is alive or not
- dccp/tcp: fix routing redirect race
- tun: fix premature POLLOUT notification on tun devices
- dccp: fix memory leak during tear-down of unsuccessful connection request
- arm64: KVM: VHE: Clear HCR_TGE when invalidating guest TLBs
- drm/i915/lspcon: Enable AUX interrupts for resume time initialization
- drm/i915/gen9+: Enable hotplug detection early
- drm/i915/lspcon: Fix resume time initialization due to unasserted HPD
- x86/unwind: Fix last frame check for aligned function stacks
- x86/tsc: Fix ART for TSC_KNOWN_FREQ
- x86/kasan: Fix boot with KASAN=y and PROFILE_ANNOTATED_BRANCHES=y
- x86/intel_rdt: Put group node in rdtgroup_kn_unlock
- x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm
- futex: Fix potential use-after-free in FUTEX_REQUEUE_PI
- futex: Add missing error handling to FUTEX_REQUEUE_PI
- locking/rwsem: Fix down_write_killable() for
CONFIG_RWSEM_GENERIC_SPINLOCK=y
- crypto: powerpc - Fix initialisation of crc32c context
- crypto: s5p-sss - Fix spinlock recursion on LRW(AES)
- Linux 4.10.5
* Ubuntu server enables screenblanking, concealing crashdumps (DPMS is not
used) (LP: #869017)
- SAUCE: Disable default console blanking interval
* CVE-CVE-2017-5986
- sctp: deny peeloff operation on asocs with threads sleeping on it
* tty: acpi/spcr: QDF2400 E44 checks for wrong OEM revision (LP: #1674466)
- tty: acpi/spcr: QDF2400 E44 checks for wrong OEM revision
* Ubuntu 17.04: machine crashes with Oops in dccp_v4_ctl_send_reset while
running stress-ng. (LP: #1654073)
- tcp/dccp: block BH for SYN processing
* POWER9: Additional patches for TTY and CPU_IDLE (LP: #1674325)
- tty: Fix ldisc crash on reopened tty
- SAUCE: powerpc/powernv/cpuidle: Pass correct drv->cpumask for registration
* Fix MODULE_FIRMWARE for intel 6030 wireless (LP: #1674334)
- iwlwifi: fix MODULE_FIRMWARE for 6030
* [zesty] net sched actions - Adding support for user cookies (LP: #1674087)
- net sched actions: Add support for user cookies
- net sched actions: do not overwrite status of action creation.
* Zesty update to v4.10.4 stable release (LP: #1674288)
- iio: 104-quad-8: Fix off-by-one error when addressing flag register
- ARM: qcom_defconfig: Enable RPM/RPM-SMD clocks
- USB: serial: digi_acceleport: fix OOB data sanity check
- USB: serial: digi_acceleport: fix OOB-event processing
- crypto: improve gcc optimization flags for serpent and wp512
- MIPS: Update defconfigs for NF_CT_PROTO_DCCP/UDPLITE change
- MIPS: VDSO: avoid duplicate CAC_BASE definition
- MIPS: ip27: Disable qlge driver in defconfig
- MIPS: Update ip27_defconfig for SCSI_DH change
- MIPS: ip22: Fix ip28 build for modern gcc
- MIPS: Update lemote2f_defconfig for CPU_FREQ_STAT change
- mtd: pmcmsp: use kstrndup instead of kmalloc+strncpy
- MIPS: ralink: Cosmetic change to prom_init().
- MIPS: ralink: Remove unused timer functions
- MIPS: ralink: Remove unused rt*_wdt_reset functions
- i2c: bcm2835: Avoid possible NULL ptr dereference
- tracing: Add #undef to fix compile error
- ucount: Remove the atomicity from ucount->count
- efi/arm: Fix boot crash with CONFIG_CPUMASK_OFFSTACK=y
- dw2102: don't do DMA on stack
- i2c: add missing of_node_put in i2c_mux_del_adapters
- powerpc: Emulation support for load/store instructions on LE
- powerpc/booke: Fix boot crash due to null hugepd
- powerpc/xics: Work around limitations of OPAL XICS priority handling
- PCI: Prevent VPD access for QLogic ISP2722
- usb: gadget: dummy_hcd: clear usb_gadget region before registration
- usb: dwc3: gadget: make Set Endpoint Configuration macros safe
- usb: dwc3-omap: Fix missing break in dwc3_omap_set_mailbox()
- usb: ohci-at91: Do not drop unhandled USB suspend control requests
- usb: gadget: function: f_fs: pass companion descriptor along
- Revert "usb: gadget: uvc: Add missing call for additional setup data"
- usb: host: xhci-dbg: HCIVERSION should be a binary number
- usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci
controllers
- USB: serial: safe_serial: fix information leak in completion handler
- USB: serial: omninet: fix reference leaks at open
- USB: iowarrior: fix NULL-deref at probe
- USB: iowarrior: fix NULL-deref in write
- USB: serial: io_ti: fix NULL-deref in interrupt callback
- USB: serial: io_ti: fix information leak in completion handler
- serial: samsung: Continue to work if DMA request fails
- KVM: s390: Fix guest migration for huge guests resulting in panic
- KVM: arm/arm64: Let vcpu thread modify its own active state
- drm/i915/gvt: Fix superfluous newline in GVT_DISPLAY_READY env var
- serial_ir: ensure we're ready to receive interrupts
- dm: flush queued bios when process blocks to avoid deadlock
- rc: raw decoder for keymap protocol is not loaded on register
- ext4: don't BUG when truncating encrypted inodes on the orphan list
- IB/mlx5: Verify that Q counters are supported
- Linux 4.10.4
* ip_rcv_finish() NULL pointer kernel panic (LP: #1672470)
- bridge: drop netfilter fake rtable unconditionally
* Miscellaneous Ubuntu changes
- [Config] Remove powerpc architecture build
- [Config] updateconfigs after removing powerpc builds
- [Config] Update annotations after removing powerpc configs
-- Tim Gardner <tim.gard...@canonical.com> Mon, 20 Mar 2017 05:15:32
-0600
** Changed in: linux (Ubuntu Zesty)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-5986
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1654073
Title:
Ubuntu 17.04: machine crashes with Oops in dccp_v4_ctl_send_reset
while running stress-ng.
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Zesty:
Fix Released
Bug description:
== Comment: #0 - PAVITHRA R. PRAKASH - 2016-12-28 03:39:50 ==
---Problem Description---
Ubuntu 17.04: machine crashes with Oops while running stress-ng.
---Steps followed-----
1. Install 17.04 on NV machine.
2. apt-get install stress-ng
3. stress-ng -a 0
Logs
====
dccp af_alg joydev input_leds mac_hid at24 nvmem_core ofpart cmdlinepart
powernv_flash mtd opal_prd powernv_rng ipmi_powernv ipmi_msghandler ibmpowernv
uio_pdrv_genirq uio vmx_crypto ib_iser rdma_cm iw_cm ib_cm ib_core configfs
iscsi_tcp libiscsi_tcp libiscsi scsi_tran[165938083361,3] OPAL: Trying a CPU
re-init with flags: 0x1
[166456504189,3] OPAL: CPU 0x29 not in OPAL !
[167510150475,3] OPAL: Trying a CPU re-init with flags: 0x2
[168022446397,3] OPAL: CPU 0x29 not in OPAL !
sport_iscsi ip_tables x_tables autofs4 btrfs raid10 raid456 async_raid6_recov
async_memcpy async_pq async_xor async_tx xor raid6_pq raid1 raid0 multipath
linear ses enclosure scsi_transport_sas hid_generic ast i2c_algo_bit ttm
drm_kms_helper syscopyarea sysfillrect sysimgblt bnx2x fb_sys_fops drm aacraid
tg3 usbhid uas hid usb_storage mdio ahci libcrc32c libahci crc32c_vpmsum
[ 237.047216] CPU: 33 PID: 34694 Comm: stress-ng-dccp Not tainted
4.9.0-11-generic #12-Ubuntu
[ 237.047315] task: c000003312a69400 task.stack: c000003779698000
[ 237.047402] NIP: d00000002e7b0a7c LR: d00000002e7b21cc CTR:
c000000000a0dd00
[ 237.047509] REGS: c000003fff68f670 TRAP: 0300 Not tainted
(4.9.0-11-generic)
[ 237.047613] MSR: 900000010280b033
<SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE,TM[E]>[ 237.049028] CR: 24002282 XER:
20000000
[ 237.049103] CFAR: c000000000008a60 DAR: 00000000000002f4 DSISR: 40000000
SOFTE: 1
GPR00: d00000002e7b21cc c000003fff68f8f0 d00000002e7bb670 0000000000000001
GPR04: c000002b5dbdc400 c000003c74c0a460 0000000000000474 c000003c74c0a474
GPR08: c000003c74c0a000 0000000000000000 c00000348cd25200 0000000000000000
GPR12: 0000000000002200 c000000007b72900 c000003fff68c000 0000000000000000
GPR16: 0000000000000000 0000000000000040 0000000000000001 0000000000002713
GPR20: 000000000000cc84 000000000100007f 000000000100007f c0000000013b2f00
GPR24: 0000000000000001 0000000000000001 0000000000000000 0000000000000004
GPR28: c0000000013b2f00 c000003c74c0a474 0000000000000000 c000002b5dbdc400
NIP [d00000002e7b0a7c] dccp_v4_ctl_send_reset+0xa4/0x2f0 [dccp_ipv4]
[ 237.051403] LR [d00000002e7b21cc] dccp_v4_rcv+0x5d4/0x850 [dccp_ipv4]
[ 237.051486] Call Trace:
[ 237.051529] [c000003fff68f8f0] [000000002713cc84] 0x2713cc84 (unreliable)
[ 237.051649] [c000003fff68f970] [d00000002e7b21cc] dccp_v4_rcv+0x5d4/0x850
[dccp_ipv4]
[ 237.051779] [c000003fff68fa50] [c000000000a01e40]
ip_local_deliver_finish+0x170/0x350
[ 237.051932] [c000003fff68faa0] [c000000000a0276c]
ip_local_deliver+0x5c/0x130
[ 237.052038] [c000003fff68fb10] [c000000000a02278] ip_rcv_finish+0x258/0x510
[ 237.052151] [c000003fff68fba0] [c000000000a02b44] ip_rcv+0x304/0x420
[ 237.052263] [c000003fff68fc30] [c0000000009a28bc]
__netif_receive_skb_core+0x97c/0xda0
[ 237.052388] [c000003fff68fd10] [c0000000009a7ab4]
process_backlog+0xd4/0x1e0
[ 237.052489] [c000003fff68fd80] [c0000000009a6f0c] net_rx_action+0x35c/0x480
[ 237.052603] [c000003fff68fe90] [c000000000b22a6c] __do_softirq+0x18c/0x3fc
[ 237.052726] [c000003fff68ff90] [c000000000029fb0] call_do_softirq+0x14/0x24
[ 237.052848] [c00000377969b920] [c00000000001765c]
do_softirq_own_stack+0x5c/0xa0
[ 237.052992] [c00000377969b960] [c0000000000cfd48]
do_softirq.part.3+0x68/0x90
[ 237.053112] [c00000377969b990] [c0000000000cfe44]
__local_bh_enable_ip+0xd4/0x100
[ 237.053240] [c00000377969b9b0] [c000000000a06724]
ip_finish_output2+0x244/0x460
[ 237.053372] [c00000377969ba50] [c000000000a0977c] ip_output+0xcc/0x180
[ 237.053485] [c00000377969bae0] [c000000000a08c78] ip_local_out+0x68/0x90
[ 237.053607] [c00000377969bb20] [d000000021966978]
dccp_transmit_skb+0x320/0x550 [dccp]
[ 237.053739] [c00000377969bb90] [d00000002196732c] dccp_connect+0xf4/0x1f0
[dccp]
[ 237.053890] [c00000377969bc10] [d00000002e7b0320]
dccp_v4_connect+0x308/0x400 [dccp_ipv4]
[ 237.054213] [c00000377969bc90] [c000000000a51678]
__inet_stream_connect+0x158/0x400
[ 237.065276] [c00000377969bd20] [c000000000a51978]
inet_stream_connect+0x58/0x90
[ 237.074757] [c00000377969bd60] [c00000000097eeac] SyS_connect+0x10c/0x130
[ 237.092889] [c00000377969be30] [c00000000000bd84] system_call+0x38/0xe0
[ 237.107020] Instruction dump:
[ 237.107085] 7ca82a14 f9210020 f9210028 ebdc0b98 f9210030 f9210038 f9210040
f9210048
[ 237.117663] 419e01c4 e86a00ae 2fa30000 419e01b8 <893e02f4> e95e0060
7c9f2378 897e0149
[ 237.133181] ---[ end trace ef25e246c86e0bcc ]---
[ 237.133270]
[ 237.146244] Sending IPI to other CPUs
[ 237.147330] IPI complete
== Comment: #8 - Kevin W. Rudd - 2017-01-03 15:16:06 ==
The panic happened because the control socks had been cleared:
dccp = {
v4_ctl_sk = 0x0,
v6_ctl_sk = 0x0
},
dccp_v4_ctl_send_reset() ended up calling dccp_v4_route_skb() with a
NULL ctl_sk. Close race of some sort?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1654073/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
