I think that I've figured out this lockup thanks to some information in duplicate bugs. Specifically, this comment:
https://bugs.launchpad.net/ubuntu/+source/intel- microcode/+bug/1760264/comments/7 as well as the nice git bisect work of jsalisbury that I recently discovered in bug 1746418. This is the problematic commit: https://git.launchpad.net/~ubuntu- kernel/ubuntu/+source/linux/+git/artful/commit/?id=96d520d When the kernel does a task switch due to a task that was confined by AppArmor exiting, the task's pi_lock is taken in the exit() path and then switch_mm() is calling ___ptrace_may_access() which then calls down into apparmor which then calls into audit if the old task can't ptrace the new task. Eventually, the audit subsystem tries to take the pi_lock again when waking up the task. This would be a little easier to be sure of with a nice lockdep warning from a debug kernel build but I'm fairly sure this is what's going on. I suspect that swapping out the commit above with this upstream commit will fix the problem: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=18bf3c3ea It doesn't call into AppArmor to see if IBPB should be used when switching tasks. I'll build a test kernel for affected folks to test with. In the meantime, if someone affected wanted to boot with the apparmor=0 kernel command line option (with the latest artful kernel, without the noibpb kernel command line option, and with the latest intel-microcode package), I'd really appreciate it. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1759920 Title: intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux- image-4.13.0-37-generic) Status in intel-microcode package in Ubuntu: Confirmed Status in linux package in Ubuntu: Confirmed Status in intel-microcode source package in Xenial: Confirmed Status in linux source package in Xenial: Confirmed Status in intel-microcode source package in Artful: Confirmed Status in linux source package in Artful: Confirmed Bug description: I don't know if this is a problem with the kernel or the microcode, but we have a significant number of computers in our organization (on both 16.04 and 17.10) that fail if they have both updated. Booting with either linux-image-4.13.0-36-generic or intel-microcode 3.20180108.0+really20170707ubuntu17.10.1 allows all these computers to boot. ## Workaround ## 1. Boot the system with the dis_ucode_ldr kernel boot parameter to temporary avoid the problem: https://wiki.ubuntu.com/Kernel/KernelBootParameters 2. Install the previous version of package from https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+build/14261530/+files/intel-microcode_3.20180108.0+really20170707ubuntu16.04.1_amd64.deb 3. (Optional) Hold the package so that it won't be upgraded accidentally sudo apt-mark hold intel-microcode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/intel-microcode/+bug/1759920/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
