Bug #1672470 “ip_rcv_finish() NULL pointer kernel panic” : Zesty (17.04) : Bugs : linux package : Ubuntu

Dan Streetman (ddstreet) on 2017-03-13

Changed in linux (Ubuntu):
assignee:	nobody → Dan Streetman (ddstreet)
importance:	Undecided → Medium
status:	New → In Progress
tags:	added: sts

Joseph Salisbury (jsalisbury) on 2017-03-13

Changed in linux (Ubuntu Yakkety):
importance:	Undecided → Medium
Changed in linux (Ubuntu Xenial):
importance:	Undecided → Medium
Changed in linux (Ubuntu Vivid):
importance:	Undecided → Medium
Changed in linux (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in linux (Ubuntu Yakkety):
status:	New → Confirmed
Changed in linux (Ubuntu Xenial):
status:	New → Confirmed
Changed in linux (Ubuntu Vivid):
status:	New → Confirmed
Changed in linux (Ubuntu Trusty):
status:	New → Confirmed

Dan Streetman (ddstreet) on 2017-03-13

no longer affects:

linux (Ubuntu Vivid)

Revision history for this message

Dan Streetman (ddstreet) wrote on 2017-03-17:

#1

I verified the Trusty kernel isn't affected, this only applies to Xenial and later.

Changed in linux (Ubuntu Trusty):
status:	Confirmed → Invalid
Changed in linux (Ubuntu Xenial):
status:	Confirmed → In Progress
Changed in linux (Ubuntu Yakkety):
status:	Confirmed → In Progress
assignee:	nobody → Dan Streetman (ddstreet)
Changed in linux (Ubuntu Xenial):
assignee:	nobody → Dan Streetman (ddstreet)

Dan Streetman (ddstreet) on 2017-03-17

description:

updated

Tim Gardner (timg-tpi) on 2017-03-27

Changed in linux (Ubuntu Zesty):
status:	In Progress → Fix Committed

Thadeu Lima de Souza Cascardo (cascardo) on 2017-03-29

Changed in linux (Ubuntu Xenial):
status:	In Progress → Fix Committed

Thadeu Lima de Souza Cascardo (cascardo) on 2017-03-29

Changed in linux (Ubuntu Yakkety):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-04-04:

#2

Download full text (9.0 KiB)

This bug was fixed in the package linux - 4.10.0-15.17

---------------
linux (4.10.0-15.17) zesty; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
- LP: #1675868

  * In ZZ-BML (POWER9):ubuntu17.04 installation Fails (LP: #1675771)
    - powerpc/64s: fix handling of non-synchronous machine checks
    - powerpc/64s: allow machine check handler to set severity and initiator
    - powerpc/64s: POWER9 machine check handler

  * [Feature] R3 mwait support for Knights Mill (LP: #1637550)
    - x86/cpufeature: Enable RING3MWAIT for Knights Landing
    - x86/cpufeature: Enable RING3MWAIT for Knights Mill
    - x86/msr: Add MSR_MISC_FEATURE_ENABLES and RING3MWAIT bit
    - x86/elf: Add HWCAP2 to expose ring 3 MONITOR/MWAIT
    - x86/cpufeature: Add RING3MWAIT to CPU features

  * [Feature] GLK:New device IDs (LP: #1645951)
    - mfd: intel-lpss: Add Intel Gemini Lake PCI IDs
    - pwm: lpss: Add Intel Gemini Lake PCI ID
    - i2c: i801: Add support for Intel Gemini Lake
    - spi: pxa2xx: Add support for Intel Gemini Lake
    - [Config] CONFIG_PINCTRL_GEMINILAKE=m
    - pinctrl: intel: Add Intel Gemini Lake pin controller support

  * Zesty update to v4.10.5 stable release (LP: #1675032)
    - net/mlx5e: Register/unregister vport representors on interface attach/detach
    - net/mlx5e: Do not reduce LRO WQE size when not using build_skb
    - net/mlx5e: Fix broken CQE compression initialization
    - net/mlx5e: Update MPWQE stride size when modifying CQE compress state
    - net/mlx5e: Fix wrong CQE decompression
    - vxlan: correctly validate VXLAN ID against VXLAN_N_VID
    - vti6: return GRE_KEY for vti6
    - vxlan: don't allow overwrite of config src addr
    - ipv4: add missing initialization for flowi4_uid
    - ipv4: mask tos for input route
    - sctp: set sin_port for addr param when checking duplicate address
    - net sched actions: decrement module reference count after table flush.
    - l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
    - vxlan: lock RCU on TX path
    - geneve: lock RCU on TX path
    - mlxsw: spectrum_router: Avoid potential packets loss
    - net: bridge: allow IPv6 when multicast flood is disabled
    - net: don't call strlen() on the user buffer in packet_bind_spkt()
    - net: net_enable_timestamp() can be called from irq contexts
    - ipv6: orphan skbs in reassembly unit
    - dccp: Unlock sock before calling sk_free()
    - amd-xgbe: Stop the PHY before releasing interrupts
    - amd-xgbe: Be sure to set MDIO modes on device (re)start
    - amd-xgbe: Don't overwrite SFP PHY mod_absent settings
    - bonding: use ETH_MAX_MTU as max mtu
    - strparser: destroy workqueue on module exit
    - tcp: fix various issues for sockets morphing to listen state
    - net: fix socket refcounting in skb_complete_wifi_ack()
    - net: fix socket refcounting in skb_complete_tx_timestamp()
    - net/sched: act_skbmod: remove unneeded rcu_read_unlock in tcf_skbmod_dump
    - dccp: fix use-after-free in dccp_feat_activate_values
    - team: use ETH_MAX_MTU as max mtu
    - vrf: Fix use-after-free in vrf_xmit
    - net/tunnel: set inner protocol in network gro hooks
    - uapi: fix linux/packet_diag.h use...

This bug was fixed in the package linux - 4.10.0-15.17

---------------
linux (4.10.0-15.17) zesty; urgency=low

[ Tim Gardner ]

* Release Tracking Bug
    - LP: #1675868

* In ZZ-BML (POWER9):ubuntu17.04 installation Fails (LP: #1675771)
    - powerpc/64s: fix handling of non-synchronous machine checks
    - powerpc/64s: allow machine check handler to set severity and initiator
    - powerpc/64s: POWER9 machine check handler

* [Feature] R3 mwait support for Knights Mill (LP: #1637550)
    - x86/cpufeature: Enable RING3MWAIT for Knights Landing
    - x86/cpufeature: Enable RING3MWAIT for Knights Mill
    - x86/msr: Add MSR_MISC_FEATURE_ENABLES and RING3MWAIT bit
    - x86/elf: Add HWCAP2 to expose ring 3 MONITOR/MWAIT
    - x86/cpufeature: Add RING3MWAIT to CPU features

* [Feature] GLK:New device IDs (LP: #1645951)
    - mfd: intel-lpss: Add Intel Gemini Lake PCI IDs
    - pwm: lpss: Add Intel Gemini Lake PCI ID
    - i2c: i801: Add support for Intel Gemini Lake
    - spi: pxa2xx: Add support for Intel Gemini Lake
    - [Config] CONFIG_PINCTRL_GEMINILAKE=m
    - pinctrl: intel: Add Intel Gemini Lake pin controller support

* Zesty update to v4.10.5 stable release (LP: #1675032)
    - net/mlx5e: Register/unregister vport representors on interface attach/detach
    - net/mlx5e: Do not reduce LRO WQE size when not using build_skb
    - net/mlx5e: Fix broken CQE compression initialization
    - net/mlx5e: Update MPWQE stride size when modifying CQE compress state
    - net/mlx5e: Fix wrong CQE decompression
    - vxlan: correctly validate VXLAN ID against VXLAN_N_VID
    - vti6: return GRE_KEY for vti6
    - vxlan: don't allow overwrite of config src addr
    - ipv4: add missing initialization for flowi4_uid
    - ipv4: mask tos for input route
    - sctp: set sin_port for addr param when checking duplicate address
    - net sched actions: decrement module reference count after table flush.
    - l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
    - vxlan: lock RCU on TX path
    - geneve: lock RCU on TX path
    - mlxsw: spectrum_router: Avoid potential packets loss
    - net: bridge: allow IPv6 when multicast flood is disabled
    - net: don't call strlen() on the user buffer in packet_bind_spkt()
    - net: net_enable_timestamp() can be called from irq contexts
    - ipv6: orphan skbs in reassembly unit
    - dccp: Unlock sock before calling sk_free()
    - amd-xgbe: Stop the PHY before releasing interrupts
    - amd-xgbe: Be sure to set MDIO modes on device (re)start
    - amd-xgbe: Don't overwrite SFP PHY mod_absent settings
    - bonding: use ETH_MAX_MTU as max mtu
    - strparser: destroy workqueue on module exit
    - tcp: fix various issues for sockets morphing to listen state
    - net: fix socket refcounting in skb_complete_wifi_ack()
    - net: fix socket refcounting in skb_complete_tx_timestamp()
    - net/sched: act_skbmod: remove unneeded rcu_read_unlock in tcf_skbmod_dump
    - dccp: fix use-after-free in dccp_feat_activate_values
    - team: use ETH_MAX_MTU as max mtu
    - vrf: Fix use-after-free in vrf_xmit
    - net/tunnel: set inner protocol in network gro hooks
    - uapi: fix linux/packet_diag.h userspace compilation error
    - amd-xgbe: Enable IRQs only if napi_complete_done() is true
    - act_connmark: avoid crashing on malformed nlattrs with null parms
    - mpls: Send route delete notifications when router module is unloaded
    - mpls: Do not decrement alive counter for unregister events
    - ipv6: make ECMP route replacement less greedy
    - ipv6: avoid write to a possibly cloned skb
    - net: use net->count to check whether a netns is alive or not
    - dccp/tcp: fix routing redirect race
    - tun: fix premature POLLOUT notification on tun devices
    - dccp: fix memory leak during tear-down of unsuccessful connection request
    - arm64: KVM: VHE: Clear HCR_TGE when invalidating guest TLBs
    - drm/i915/lspcon: Enable AUX interrupts for resume time initialization
    - drm/i915/gen9+: Enable hotplug detection early
    - drm/i915/lspcon: Fix resume time initialization due to unasserted HPD
    - x86/unwind: Fix last frame check for aligned function stacks
    - x86/tsc: Fix ART for TSC_KNOWN_FREQ
    - x86/kasan: Fix boot with KASAN=y and PROFILE_ANNOTATED_BRANCHES=y
    - x86/intel_rdt: Put group node in rdtgroup_kn_unlock
    - x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm
    - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI
    - futex: Add missing error handling to FUTEX_REQUEUE_PI
    - locking/rwsem: Fix down_write_killable() for CONFIG_RWSEM_GENERIC_SPINLOCK=y
    - crypto: powerpc - Fix initialisation of crc32c context
    - crypto: s5p-sss - Fix spinlock recursion on LRW(AES)
    - Linux 4.10.5

* Ubuntu server enables screenblanking, concealing crashdumps (DPMS is not
    used) (LP: #869017)
    - SAUCE: Disable default console blanking interval

* CVE-CVE-2017-5986
    - sctp: deny peeloff operation on asocs with threads sleeping on it

* tty: acpi/spcr: QDF2400 E44 checks for wrong OEM revision (LP: #1674466)
    - tty: acpi/spcr: QDF2400 E44 checks for wrong OEM revision

* Ubuntu 17.04: machine crashes with Oops in dccp_v4_ctl_send_reset while
    running stress-ng. (LP: #1654073)
    - tcp/dccp: block BH for SYN processing

* POWER9: Additional patches for TTY and CPU_IDLE (LP: #1674325)
    - tty: Fix ldisc crash on reopened tty
    - SAUCE: powerpc/powernv/cpuidle: Pass correct drv->cpumask for registration

* Fix MODULE_FIRMWARE for intel 6030 wireless (LP: #1674334)
    - iwlwifi: fix MODULE_FIRMWARE for 6030

* [zesty] net sched actions - Adding support for user cookies (LP: #1674087)
    - net sched actions: Add support for user cookies
    - net sched actions: do not overwrite status of action creation.

* Zesty update to v4.10.4 stable release (LP: #1674288)
    - iio: 104-quad-8: Fix off-by-one error when addressing flag register
    - ARM: qcom_defconfig: Enable RPM/RPM-SMD clocks
    - USB: serial: digi_acceleport: fix OOB data sanity check
    - USB: serial: digi_acceleport: fix OOB-event processing
    - crypto: improve gcc optimization flags for serpent and wp512
    - MIPS: Update defconfigs for NF_CT_PROTO_DCCP/UDPLITE change
    - MIPS: VDSO: avoid duplicate CAC_BASE definition
    - MIPS: ip27: Disable qlge driver in defconfig
    - MIPS: Update ip27_defconfig for SCSI_DH change
    - MIPS: ip22: Fix ip28 build for modern gcc
    - MIPS: Update lemote2f_defconfig for CPU_FREQ_STAT change
    - mtd: pmcmsp: use kstrndup instead of kmalloc+strncpy
    - MIPS: ralink: Cosmetic change to prom_init().
    - MIPS: ralink: Remove unused timer functions
    - MIPS: ralink: Remove unused rt*_wdt_reset functions
    - i2c: bcm2835: Avoid possible NULL ptr dereference
    - tracing: Add #undef to fix compile error
    - ucount: Remove the atomicity from ucount->count
    - efi/arm: Fix boot crash with CONFIG_CPUMASK_OFFSTACK=y
    - dw2102: don't do DMA on stack
    - i2c: add missing of_node_put in i2c_mux_del_adapters
    - powerpc: Emulation support for load/store instructions on LE
    - powerpc/booke: Fix boot crash due to null hugepd
    - powerpc/xics: Work around limitations of OPAL XICS priority handling
    - PCI: Prevent VPD access for QLogic ISP2722
    - usb: gadget: dummy_hcd: clear usb_gadget region before registration
    - usb: dwc3: gadget: make Set Endpoint Configuration macros safe
    - usb: dwc3-omap: Fix missing break in dwc3_omap_set_mailbox()
    - usb: ohci-at91: Do not drop unhandled USB suspend control requests
    - usb: gadget: function: f_fs: pass companion descriptor along
    - Revert "usb: gadget: uvc: Add missing call for additional setup data"
    - usb: host: xhci-dbg: HCIVERSION should be a binary number
    - usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci controllers
    - USB: serial: safe_serial: fix information leak in completion handler
    - USB: serial: omninet: fix reference leaks at open
    - USB: iowarrior: fix NULL-deref at probe
    - USB: iowarrior: fix NULL-deref in write
    - USB: serial: io_ti: fix NULL-deref in interrupt callback
    - USB: serial: io_ti: fix information leak in completion handler
    - serial: samsung: Continue to work if DMA request fails
    - KVM: s390: Fix guest migration for huge guests resulting in panic
    - KVM: arm/arm64: Let vcpu thread modify its own active state
    - drm/i915/gvt: Fix superfluous newline in GVT_DISPLAY_READY env var
    - serial_ir: ensure we're ready to receive interrupts
    - dm: flush queued bios when process blocks to avoid deadlock
    - rc: raw decoder for keymap protocol is not loaded on register
    - ext4: don't BUG when truncating encrypted inodes on the orphan list
    - IB/mlx5: Verify that Q counters are supported
    - Linux 4.10.4

* ip_rcv_finish() NULL pointer kernel panic (LP: #1672470)
    - bridge: drop netfilter fake rtable unconditionally

* Miscellaneous Ubuntu changes
    - [Config] Remove powerpc architecture build
    - [Config] updateconfigs after removing powerpc builds
    - [Config] Update annotations after removing powerpc configs

-- Tim Gardner <tim.gardner@canonical.com>  Mon, 20 Mar 2017 05:15:32 -0600

Changed in linux (Ubuntu Zesty):
status:	Fix Committed → Fix Released

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2017-04-13:

#3

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags:	added: verification-needed-xenial
tags:	added: verification-needed-yakkety

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2017-04-13:

#4

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-yakkety' to 'verification-done-yakkety'. If the problem still exists, change the tag 'verification-needed-yakkety' to 'verification-failed-yakkety'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Revision history for this message

Dan Streetman (ddstreet) wrote on 2017-04-17:

#5

With a virsh guest installed with standard xenial, using the 4.4.0-72-generic kernel, I created a bridge and attached the virtio interface to it. I then started iperf3 -s on the guest, and started iperf3 -c GUESTIP -t 300 on the host, to create continuous traffic to the guest.

Then I added a simple iptables rule:
$ sudo iptables -A INPUT -s 192.168.122.0/24 -j MARK --set-mark 1234

that rule matches all incoming iperf3 packets. Then, simply modprobing the br_netfilter module reproduces this kernel oops.

I then added xenial-proposed to the apt sources, and upgraded the kernel to version 4.4.0-74-generic, and re-ran the above test, which allowed the br_netfilter module to be loaded with no kernel oops or other problem.

Revision history for this message

Dan Streetman (ddstreet) wrote on 2017-04-17:

#6

Same test setup as above, but using yakkety with kernel 4.8.0-46-generic, reproduces the kernel oops. After upgrading to kernel 4.8.0-48-generic, the kernel oops no longer happens when modprobing or rmmoding br_netfilter.

tags:

added: verification-done-xenial verification-done-yakkety
removed: verification-needed-xenial verification-needed-yakkety

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-04-24:

#7

Download full text (29.1 KiB)

This bug was fixed in the package linux - 4.4.0-75.96

---------------
linux (4.4.0-75.96) xenial; urgency=low

* linux: 4.4.0-75.96 -proposed tracker (LP: #1684441)

  * [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself
    (LP: #1682561)
    - Drivers: hv: util: move waiting for release to hv_utils_transport itself

linux (4.4.0-74.95) xenial; urgency=low

* linux: 4.4.0-74.95 -proposed tracker (LP: #1682041)

  * [Hyper-V] hv: vmbus: Raise retry/wait limits in vmbus_post_msg()
    (LP: #1681893)
    - Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()

linux (4.4.0-73.94) xenial; urgency=low

* linux: 4.4.0-73.94 -proposed tracker (LP: #1680416)

* CVE-2017-6353
- sctp: deny peeloff operation on asocs with threads sleeping on it

* vfat: missing iso8859-1 charset (LP: #1677230)
- [Config] NLS_ISO8859_1=y

* Regression: KVM modules should be on main kernel package (LP: #1678099)
- [Config] powerpc: Add kvm-hv and kvm-pr to the generic inclusion list

  * linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial
    4.4.0-63.84~14.04.2 (LP: #1664912)
    - SAUCE: apparmor: fix link auditing failure due to, uninitialized var

* regession tests failing after stackprofile test is run (LP: #1661030)
- SAUCE: fix regression with domain change in complain mode

  * Permission denied and inconsistent behavior in complain mode with 'ip netns
    list' command (LP: #1648903)
    - SAUCE: fix regression with domain change in complain mode

  * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
    from a unshared mount namespace (LP: #1656121)
    - SAUCE: apparmor: null profiles should inherit parent control flags

  * apparmor refcount leak of profile namespace when removing profiles
    (LP: #1660849)
    - SAUCE: apparmor: fix ns ref count link when removing profiles from policy

  * tor in lxd: apparmor="DENIED" operation="change_onexec"
    namespace="root//CONTAINERNAME_<var-lib-lxd>" profile="unconfined"
    name="system_tor" (LP: #1648143)
    - SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked
      namespaces

* apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840)
- SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails

  * apparmor auditing denied access of special apparmor .null fi\ le
    (LP: #1660836)
    - SAUCE: apparmor: Don't audit denied access of special apparmor .null file

* apparmor label leak when new label is unused (LP: #1660834)
- SAUCE: apparmor: fix label leak when new label is unused

* apparmor reference count bug in label_merge_insert() (LP: #1660833)
- SAUCE: apparmor: fix reference count bug in label_merge_insert()

* apparmor's raw_data file in securityfs is sometimes truncated (LP: #1638996)
- SAUCE: apparmor: fix replacement race in reading rawdata

  * unix domain socket cross permission check failing with nested namespaces
    (LP: #1660832)
    - SAUCE: apparmor: fix cross ns perm of unix domain sockets

  * Xenial update to v4.4.59 stable release (LP: #1678960)
    - xfrm: policy: init locks early
    - virtio_balloon: init ...

This bug was fixed in the package linux - 4.4.0-75.96

---------------
linux (4.4.0-75.96) xenial; urgency=low

* linux: 4.4.0-75.96 -proposed tracker (LP: #1684441)

* [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself
    (LP: #1682561)
    - Drivers: hv: util: move waiting for release to hv_utils_transport itself

linux (4.4.0-74.95) xenial; urgency=low

* linux: 4.4.0-74.95 -proposed tracker (LP: #1682041)

* [Hyper-V] hv: vmbus: Raise retry/wait limits in vmbus_post_msg()
    (LP: #1681893)
    - Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()

linux (4.4.0-73.94) xenial; urgency=low

* linux: 4.4.0-73.94 -proposed tracker (LP: #1680416)

* CVE-2017-6353
    - sctp: deny peeloff operation on asocs with threads sleeping on it

* vfat: missing iso8859-1 charset (LP: #1677230)
    - [Config] NLS_ISO8859_1=y

* Regression: KVM modules should be on main kernel package (LP: #1678099)
    - [Config] powerpc: Add kvm-hv and kvm-pr to the generic inclusion list

* linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial
    4.4.0-63.84~14.04.2 (LP: #1664912)
    - SAUCE: apparmor: fix link auditing failure due to, uninitialized var

* regession tests failing after stackprofile test is run (LP: #1661030)
    - SAUCE: fix regression with domain change in complain mode

* Permission denied and inconsistent behavior in complain mode with 'ip netns
    list' command (LP: #1648903)
    - SAUCE: fix regression with domain change in complain mode

* unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt
    from a unshared mount namespace (LP: #1656121)
    - SAUCE: apparmor: null profiles should inherit parent control flags

* apparmor refcount leak of profile namespace when removing profiles
    (LP: #1660849)
    - SAUCE: apparmor: fix ns ref count link when removing profiles from policy

* tor in lxd: apparmor="DENIED" operation="change_onexec"
    namespace="root//CONTAINERNAME_<var-lib-lxd>" profile="unconfined"
    name="system_tor" (LP: #1648143)
    - SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked
      namespaces

* apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840)
    - SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails

* apparmor  auditing denied access of special apparmor .null fi\ le
    (LP: #1660836)
    - SAUCE: apparmor: Don't audit denied access of special apparmor .null file

* apparmor label leak when new label is unused (LP: #1660834)
    - SAUCE: apparmor: fix label leak when new label is unused

* apparmor reference count bug in label_merge_insert() (LP: #1660833)
    - SAUCE: apparmor: fix reference count bug in label_merge_insert()

* apparmor's raw_data file in securityfs is sometimes truncated (LP: #1638996)
    - SAUCE: apparmor: fix replacement race in reading rawdata

* unix domain socket cross permission check failing with nested namespaces
    (LP: #1660832)
    - SAUCE: apparmor: fix cross ns perm of unix domain sockets

* Xenial update to v4.4.59 stable release (LP: #1678960)
    - xfrm: policy: init locks early
    - virtio_balloon: init 1st buffer in stats vq
    - pinctrl: qcom: Don't clear status bit on irq_unmask
    - c6x/ptrace: Remove useless PTRACE_SETREGSET implementation
    - h8300/ptrace: Fix incorrect register transfer count
    - mips/ptrace: Preserve previous registers for short regset write
    - sparc/ptrace: Preserve previous registers for short regset write
    - metag/ptrace: Preserve previous registers for short regset write
    - metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS
    - metag/ptrace: Reject partial NT_METAG_RPIPE writes
    - fscrypt: remove broken support for detecting keyring key revocation
    - sched/rt: Add a missing rescheduling point
    - Linux 4.4.59

* Update ENA driver to 1.1.2 from net-next (LP: #1664312)
    - net: ena: Remove unnecessary pci_set_drvdata()
    - net: ena: Fix error return code in ena_device_init()
    - net: ena: change the return type of ena_set_push_mode() to be void.
    - net: ena: use setup_timer() and mod_timer()
    - net/ena: remove ntuple filter support from device feature list
    - net/ena: fix queues number calculation
    - net/ena: fix ethtool RSS flow configuration
    - net/ena: fix RSS default hash configuration
    - net/ena: fix NULL dereference when removing the driver after device reset
      failed
    - net/ena: refactor ena_get_stats64 to be atomic context safe
    - net/ena: fix potential access to freed memory during device reset
    - net/ena: use READ_ONCE to access completion descriptors
    - net/ena: reduce the severity of ena printouts
    - net/ena: change driver's default timeouts
    - net/ena: change condition for host attribute configuration
    - net/ena: update driver version to 1.1.2

* Xenial update to v4.4.58 stable release (LP: #1677600)
    - net/openvswitch: Set the ipv6 source tunnel key address attribute correctly
    - net: bcmgenet: Do not suspend PHY if Wake-on-LAN is enabled
    - net: properly release sk_frag.page
    - amd-xgbe: Fix jumbo MTU processing on newer hardware
    - net: unix: properly re-increment inflight counter of GC discarded candidates
    - net/mlx5: Increase number of max QPs in default profile
    - net/mlx5e: Count LRO packets correctly
    - net: bcmgenet: remove bcmgenet_internal_phy_setup()
    - ipv4: provide stronger user input validation in nl_fib_input()
    - socket, bpf: fix sk_filter use after free in sk_clone_lock
    - tcp: initialize icsk_ack.lrcvtime at session start time
    - Input: elan_i2c - add ASUS EeeBook X205TA special touchpad fw
    - Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000
    - Input: iforce - validate number of endpoints before using them
    - Input: ims-pcu - validate number of endpoints before using them
    - Input: hanwang - validate number of endpoints before using them
    - Input: yealink - validate number of endpoints before using them
    - Input: cm109 - validate number of endpoints before using them
    - Input: kbtab - validate number of endpoints before using them
    - Input: sur40 - validate number of endpoints before using them
    - ALSA: seq: Fix racy cell insertions during snd_seq_pool_done()
    - ALSA: ctxfi: Fix the incorrect check of dma_set_mask() call
    - ALSA: hda - Adding a group of pin definition to fix headset problem
    - USB: serial: option: add Quectel UC15, UC20, EC21, and EC25 modems
    - USB: serial: qcserial: add Dell DW5811e
    - ACM gadget: fix endianness in notifications
    - usb: gadget: f_uvc: Fix SuperSpeed companion descriptor's wBytesPerInterval
    - usb-core: Add LINEAR_FRAME_INTR_BINTERVAL USB quirk
    - USB: uss720: fix NULL-deref at probe
    - USB: lvtest: fix NULL-deref at probe
    - USB: idmouse: fix NULL-deref at probe
    - USB: wusbcore: fix NULL-deref at probe
    - usb: musb: cppi41: don't check early-TX-interrupt for Isoch transfer
    - usb: hub: Fix crash after failure to read BOS descriptor
    - uwb: i1480-dfu: fix NULL-deref at probe
    - uwb: hwa-rc: fix NULL-deref at probe
    - mmc: ushc: fix NULL-deref at probe
    - iio: adc: ti_am335x_adc: fix fifo overrun recovery
    - iio: hid-sensor-trigger: Change get poll value function order to avoid
      sensor properties losing after resume from S3
    - parport: fix attempt to write duplicate procfiles
    - ext4: mark inode dirty after converting inline directory
    - mmc: sdhci: Do not disable interrupts while waiting for clock
    - xen/acpi: upload PM state from init-domain to Xen
    - iommu/vt-d: Fix NULL pointer dereference in device_to_iommu
    - ARM: at91: pm: cpu_idle: switch DDR to power-down mode
    - ARM: dts: at91: sama5d2: add dma properties to UART nodes
    - cpufreq: Restore policy min/max limits on CPU online
    - raid10: increment write counter after bio is split
    - libceph: don't set weight to IN when OSD is destroyed
    - xfs: don't allow di_size with high bit set
    - xfs: fix up xfs_swap_extent_forks inline extent handling
    - nl80211: fix dumpit error path RTNL deadlocks
    - USB: usbtmc: add missing endpoint sanity check
    - xfs: clear _XBF_PAGES from buffers when readahead page
    - igb: add i211 to i210 PHY workaround
    - vfio/spapr: Postpone allocation of userspace version of TCE table
    - block: allow WRITE_SAME commands with the SG_IO ioctl
    - fbcon: Fix vc attr at deinit
    - crypto: algif_hash - avoid zero-sized array
    - Linux 4.4.58

* PS/2 mouse does not work on Dell embedded computer (LP: #1591053)
    - Input: i8042 - add noloop quirk for Dell Embedded Box PC 3000

* Xenial update to v4.4.57 stable release (LP: #1676424)
    - give up on gcc ilog2() constant optimizations
    - perf/core: Fix event inheritance on fork()
    - cpufreq: Fix and clean up show_cpuinfo_cur_freq()
    - powerpc/boot: Fix zImage TOC alignment
    - md/raid1/10: fix potential deadlock
    - target/pscsi: Fix TYPE_TAPE + TYPE_MEDIMUM_CHANGER export
    - scsi: lpfc: Add shutdown method for kexec
    - scsi: libiscsi: add lock around task lists to fix list corruption regression
    - target: Fix VERIFY_16 handling in sbc_parse_cdb
    - isdn/gigaset: fix NULL-deref at probe
    - gfs2: Avoid alignment hole in struct lm_lockname
    - percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages
    - ext4: fix fencepost in s_first_meta_bg validation
    - Linux 4.4.57

* Xenial update to v4.4.56 stable release (LP: #1675789)
    - netlink: remove mmapped netlink support
    - [Config] CONFIG_NETLINK_MMAP disappeared
    - vxlan: correctly validate VXLAN ID against VXLAN_N_VID
    - vti6: return GRE_KEY for vti6
    - ipv4: mask tos for input route
    - l2tp: avoid use-after-free caused by l2tp_ip_backlog_recv
    - net: don't call strlen() on the user buffer in packet_bind_spkt()
    - net: net_enable_timestamp() can be called from irq contexts
    - dccp: Unlock sock before calling sk_free()
    - tcp: fix various issues for sockets morphing to listen state
    - net: fix socket refcounting in skb_complete_wifi_ack()
    - net: fix socket refcounting in skb_complete_tx_timestamp()
    - dccp: fix use-after-free in dccp_feat_activate_values
    - vrf: Fix use-after-free in vrf_xmit
    - uapi: fix linux/packet_diag.h userspace compilation error
    - act_connmark: avoid crashing on malformed nlattrs with null parms
    - mpls: Send route delete notifications when router module is unloaded
    - ipv6: make ECMP route replacement less greedy
    - ipv6: avoid write to a possibly cloned skb
    - dccp/tcp: fix routing redirect race
    - dccp: fix memory leak during tear-down of unsuccessful connection request
    - net sched actions: decrement module reference count after table flush.
    - fscrypt: fix renaming and linking special files
    - fscrypto: lock inode while setting encryption policy
    - x86/kasan: Fix boot with KASAN=y and PROFILE_ANNOTATED_BRANCHES=y
    - x86/perf: Fix CR4.PCE propagation to use active_mm instead of mm
    - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI
    - futex: Add missing error handling to FUTEX_REQUEUE_PI
    - Linux 4.4.56

* Kernel linux-image-4.4.0-67-generic prevent the boot on Microsoft Hyper-v
    2012r2 Gen2 VM (LP: #1674635)
    - scsi: storvsc: Workaround for virtual DVD SCSI version

* [Hyper-V][Mellanox] net/mlx4_core: Avoid delays during VF driver device
    shutdown (LP: #1672785)
    - net/mlx4_core: Avoid delays during VF driver device shutdown

* Channel data values for IIO based st_sensors (st_accel, st_pressure) are
    incorrect (LP: #1676356)
    - iio: core: added support for IIO_VAL_INT
    - iio: st_sensors: simplify buffer address handling
    - iio: st_sensors: read each channel individually
    - iio:st_sensors: emulate SMBus block read if needed
    - iio:st_sensors: align on storagebits boundaries
    - iio:st_pressure: temperature triggered buffering
    - iio:st_pressure: clean useless static channel initializers
    - iio: st_pressure: Fix data sign

* Enable lspcon on i915 (LP: #1676747)
    - drm: Helper for lspcon in drm_dp_dual_mode
    - drm/i915: Add lspcon support for I915 driver
    - drm/i915: Parse VBT data for lspcon
    - drm/i915: Enable lspcon initialization
    - drm/i915: Add lspcon resume function

* stress_smoke_test passing and exiting rc=9 (linux 4.9.0-12.13 ADT test
    failure with linux 4.9.0-12.13) (LP: #1658633)
    - ext4: lock the xattr block before checksuming it

* Fix line-out port noise on Baytrail-I with RT5660 based sound card
    (LP: #1675327)
    - SAUCE: (no-up): ASoC: Intel: bytcr-rt5660: Fix noise in line-out

* Kernel 4.4.0-67 Defaults to ACPI-cpufreq rather than P-State - Dell
    Precision 5520  (LP: #1674390)
    - cpufreq: intel_pstate: Enable HWP by default

* ip_rcv_finish() NULL pointer kernel panic (LP: #1672470)
    - bridge: drop netfilter fake rtable unconditionally

* dm-queue-length module is not included in installer/initramfs (LP: #1673350)
    - d-i: Also add dm-queue-length to multipath modules

* Broadcom bluetooth modules sometimes fail to initialize (LP: #1483101)
    - Bluetooth: btbcm: Add a delay for module reset

* Need support of Broadcom bluetooth device [413c:8143] (LP: #1166113)
    - Bluetooth: btusb: Add support for 413c:8143

* i40e Intel X710 error during device probe prevents link set up and ip
    association (LP: #1672550)
    - i40e: check for and deal with non-contiguous TCs

* CIFS: Call echo service immediately after socket reconnect (LP: #1669941)
    - Call echo service immediately after socket reconnect

* FC Adapter (LPe32000-based) prints "iotag out of range", goes offline, and
    delays boot a lot (Ubuntu17.04/Emulex/lpfc)) (LP: #1670490)
    - scsi: lpfc: Add missing memory barrier

* No C-State Deeper than C3 utilized by Kaby Lake 7820HQ in Precision 5520
    (LP: #1672439)
    - intel_idle: Add KBL support

* [Hyper-V] Missing PCI patches breaking SR-IOV hot remove (LP: #1670518)
    - PCI: hv: Fix hv_pci_remove() for hot-remove
    - PCI: hv: Delete the device earlier from hbus->children for hot-remove
    - PCI: hv: Make unnecessarily global IRQ masking functions static
    - PCI: hv: Allocate physically contiguous hypercall params buffer

* Xenial update to v4.4.55 stable release (LP: #1674292)
    - USB: serial: digi_acceleport: fix OOB data sanity check
    - USB: serial: digi_acceleport: fix OOB-event processing
    - crypto: improve gcc optimization flags for serpent and wp512
    - MIPS: Update defconfigs for NF_CT_PROTO_DCCP/UDPLITE change
    - MIPS: ip27: Disable qlge driver in defconfig
    - MIPS: Update ip27_defconfig for SCSI_DH change
    - MIPS: ip22: Fix ip28 build for modern gcc
    - MIPS: Update lemote2f_defconfig for CPU_FREQ_STAT change
    - mtd: pmcmsp: use kstrndup instead of kmalloc+strncpy
    - MIPS: ralink: Cosmetic change to prom_init().
    - MIPS: ralink: Remove unused rt*_wdt_reset functions
    - cpmac: remove hopeless #warning
    - mm: memcontrol: avoid unused function warning
    - MIPS: DEC: Avoid la pseudo-instruction in delay slots
    - MIPS: Netlogic: Fix CP0_EBASE redefinition warnings
    - tracing: Add #undef to fix compile error
    - powerpc: Emulation support for load/store instructions on LE
    - usb: gadget: dummy_hcd: clear usb_gadget region before registration
    - usb: dwc3: gadget: make Set Endpoint Configuration macros safe
    - usb: gadget: function: f_fs: pass companion descriptor along
    - usb: host: xhci-dbg: HCIVERSION should be a binary number
    - usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci
      controllers
    - USB: serial: safe_serial: fix information leak in completion handler
    - USB: serial: omninet: fix reference leaks at open
    - USB: iowarrior: fix NULL-deref at probe
    - USB: iowarrior: fix NULL-deref in write
    - USB: serial: io_ti: fix NULL-deref in interrupt callback
    - USB: serial: io_ti: fix information leak in completion handler
    - serial: samsung: Continue to work if DMA request fails
    - mvsas: fix misleading indentation
    - KVM: s390: Fix guest migration for huge guests resulting in panic
    - s390/kdump: Use "LINUX" ELF note name instead of "CORE"
    - nfit, libnvdimm: fix interleave set cookie calculation
    - dm: flush queued bios when process blocks to avoid deadlock
    - ext4: don't BUG when truncating encrypted inodes on the orphan list
    - Linux 4.4.55

* Xenial update to v4.4.54 stable release (LP: #1673541)
    - serial: 8250_pci: Add MKS Tenta SCOM-0800 and SCOM-0801 cards
    - KVM: s390: Disable dirty log retrieval for UCONTROL guests
    - KVM: VMX: use correct vmcs_read/write for guest segment selector/base
    - Bluetooth: Add another AR3012 04ca:3018 device
    - s390/qdio: clear DSCI prior to scanning multiple input queues
    - s390/dcssblk: fix device size calculation in dcssblk_direct_access()
    - s390: TASK_SIZE for kernel threads
    - s390: make setup_randomness work
    - s390: use correct input data address for setup_randomness
    - net: mvpp2: fix DMA address calculation in mvpp2_txq_inc_put()
    - mnt: Tuck mounts under others instead of creating shadow/side mounts.
    - IB/ipoib: Fix deadlock between rmmod and set_mode
    - IB/IPoIB: Add destination address when re-queue packet
    - IB/srp: Avoid that duplicate responses trigger a kernel bug
    - IB/srp: Fix race conditions related to task management
    - ktest: Fix child exit code processing
    - ceph: remove req from unsafe list when unregistering it
    - target: Fix NULL dereference during LUN lookup + active I/O shutdown
    - nlm: Ensure callback code also checks that the files match
    - pwm: pca9685: Fix period change with same duty cycle
    - xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD
    - mac80211: flush delayed work when entering suspend
    - drm/amdgpu: add more cases to DCE11 possible crtc mask setup
    - drm/ast: Fix test for VGA enabled
    - drm/ast: Call open_key before enable_mmio in POST code
    - drm/ast: Fix AST2400 POST failure without BMC FW or VBIOS
    - drm/edid: Add EDID_QUIRK_FORCE_8BPC quirk for Rotel RSX-1058
    - drm/ttm: Make sure BOs being swapped out are cacheable
    - drm/atomic: fix an error code in mode_fixup()
    - fakelb: fix schedule while atomic
    - drm/i915/dsi: Do not clear DPOUNIT_CLOCK_GATE_DISABLE from
      vlv_init_display_clock_gating
    - libceph: use BUG() instead of BUG_ON(1)
    - fat: fix using uninitialized fields of fat_inode/fsinfo_inode
    - drivers: hv: Turn off write permission on the hypercall page
    - Linux 4.4.54

* Xenial update to v4.4.53 stable release (LP: #1673538)
    - samples: move mic/mpssd example code from Documentation
    - MIPS: Fix special case in 64 bit IP checksumming.
    - MIPS: BCM47XX: Fix button inversion for Asus WL-500W
    - MIPS: OCTEON: Fix copy_from_user fault handling for large buffers
    - MIPS: Lantiq: Keep ethernet enabled during boot
    - MIPS: Clear ISA bit correctly in get_frame_info()
    - MIPS: Prevent unaligned accesses during stack unwinding
    - MIPS: Fix get_frame_info() handling of microMIPS function size
    - MIPS: Fix is_jump_ins() handling of 16b microMIPS instructions
    - MIPS: Calculate microMIPS ra properly when unwinding the stack
    - MIPS: Handle microMIPS jumps in the same way as MIPS32/MIPS64 jumps
    - am437x-vpfe: always assign bpp variable
    - uvcvideo: Fix a wrong macro
    - media: fix dm1105.c build error
    - ARM: at91: define LPDDR types
    - ARM: dts: at91: Enable DMA on sama5d4_xplained console
    - ARM: dts: at91: Enable DMA on sama5d2_xplained console
    - ALSA: hda/realtek - Cannot adjust speaker's volume on a Dell AIO
    - ALSA: hda - fix Lewisburg audio issue
    - ALSA: timer: Reject user params with too small ticks
    - ALSA: ctxfi: Fallback DMA mask to 32bit
    - ALSA: seq: Fix link corruption by event error handling
    - ALSA: hda - Add subwoofer support for Dell Inspiron 17 7000 Gaming
    - ALSA: hda - Fix micmute hotkey problem for a lenovo AIO machine
    - staging: rtl: fix possible NULL pointer dereference
    - regulator: Fix regulator_summary for deviceless consumers
    - iommu/vt-d: Fix some macros that are incorrectly specified in intel-iommu
    - iommu/vt-d: Tylersburg isoch identity map check is done too late.
    - mm/page_alloc: fix nodes for reclaim in fast path
    - mm: vmpressure: fix sending wrong events on underflow
    - mm: do not access page->mapping directly on page_endio
    - ipc/shm: Fix shmat mmap nil-page protection
    - dm cache: fix corruption seen when using cache > 2TB
    - dm stats: fix a leaked s->histogram_boundaries array
    - Revert "scsi: storvsc: properly set residual data length on errors"
    - scsi: storvsc: properly set residual data length on errors
    - scsi: aacraid: Reorder Adapter status check
    - scsi: use 'scsi_device_from_queue()' for scsi_dh
    - sd: get disk reference in sd_check_events()
    - Fix: Disable sys_membarrier when nohz_full is enabled
    - jbd2: don't leak modified metadata buffers on an aborted journal
    - block/loop: fix race between I/O and set_status
    - loop: fix LO_FLAGS_PARTSCAN hang
    - ext4: Include forgotten start block on fallocate insert range
    - ext4: do not polute the extents cache while shifting extents
    - ext4: trim allocation requests to group size
    - ext4: fix data corruption in data=journal mode
    - ext4: fix inline data error paths
    - ext4: preserve the needs_recovery flag when the journal is aborted
    - ext4: return EROFS if device is r/o and journal replay is needed
    - samples/seccomp: fix 64-bit comparison macros
    - target: Obtain se_node_acl->acl_kref during get_initiator_node_acl
    - target: Fix multi-session dynamic se_node_acl double free OOPs
    - ath5k: drop bogus warning on drv_set_key with unsupported cipher
    - ath9k: fix race condition in enabling/disabling IRQs
    - ath9k: use correct OTP register offsets for the AR9340 and AR9550
    - crypto: testmgr - Pad aes_ccm_enc_tv_template vector
    - fuse: add missing FR_FORCE
    - arm/arm64: KVM: Enforce unconditional flush to PoC when mapping to stage-2
    - iio: pressure: mpl115: do not rely on structure field ordering
    - iio: pressure: mpl3115: do not rely on structure field ordering
    - can: usb_8dev: Fix memory leak of priv->cmd_msg_buffer
    - w1: don't leak refcount on slave attach failure in w1_attach_slave_device()
    - w1: ds2490: USB transfer buffers need to be DMAable
    - usb: musb: da8xx: Remove CPPI 3.0 quirk and methods
    - usb: host: xhci: plat: check hcc_params after add hcd
    - usb: gadget: udc: fsl: Add missing complete function.
    - hv: allocate synic pages for all present CPUs
    - hv: init percpu_list in hv_synic_alloc()
    - Drivers: hv: util: kvp: Fix a rescind processing issue
    - Drivers: hv: util: Fcopy: Fix a rescind processing issue
    - Drivers: hv: util: Backup: Fix a rescind processing issue
    - RDMA/core: Fix incorrect structure packing for booleans
    - rdma_cm: fail iwarp accepts w/o connection params
    - gfs2: Add missing rcu locking for glock lookup
    - rtlwifi: Fix alignment issues
    - rtlwifi: rtl8192c-common: Fix "BUG: KASAN:
    - nfsd: minor nfsd_setattr cleanup
    - nfsd: special case truncates some more
    - NFSv4: Fix memory and state leak in _nfs4_open_and_get_state
    - NFSv4: fix getacl head length estimation
    - NFSv4: fix getacl ERANGE for some ACL buffer sizes
    - rtc: sun6i: Add some locking
    - rtc: sun6i: Switch to the external oscillator
    - md linear: fix a race between linear_add() and linear_congested()
    - bcma: use (get|put)_device when probing/removing device driver
    - dmaengine: ipu: Make sure the interrupt routine checks all interrupts.
    - powerpc/xmon: Fix data-breakpoint
    - MIPS: IP22: Reformat inline assembler code to modern standards.
    - MIPS: IP22: Fix build error due to binutils 2.25 uselessnes.
    - scsi: lpfc: Correct WQ creation for pagesize
    - Linux 4.4.53

* move aufs.ko from -extra to linux-image package (LP: #1673498)
    - [config] aufs.ko moved to linux-image package

* [Xenial] net: better skb->sender_cpu and skb->napi_id cohabitation
    (LP: #1673303)
    - net: better skb->sender_cpu and skb->napi_id cohabitation

* lsattr 32bit does not work on 64bit kernel (Inappropriate ioctl error)
    (LP: #1619918)
    - btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls

* linux-tools-common should Depends: lsb-release (LP: #1667571)
    - [Config] linux-tools-common depends on lsb-release

* Add Use-After-Free Patch for Ubuntu16.10 - EEH on BELL3 adapter fails to
    recover (serial/tty) (LP: #1669153)
    - 8250_pci: Fix potential use-after-free in error path

* [Hyper-V] pci-hyperv: Use device serial number as PCI domain (LP: #1667527)
    - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs
    - PCI: hv: Use device serial number as PCI domain

* [Xenial - 16.04 ]Bonding driver - stack corruption when trying to copy 20
    bytes to a sockaddr (LP: #1668042)
    - net/bonding: Enforce active-backup policy for IPoIB bonds

* Request to backport cxlflash patches to Xenial SRU stream (LP: #1623750)
    - scsi: cxlflash: Scan host only after the port is ready for I/O
    - scsi: cxlflash: Remove the device cleanly in the system shutdown path
    - scsi: cxlflash: Fix to avoid EEH and host reset collisions
    - scsi: cxlflash: Improve EEH recovery time

* Xenial update to v4.4.52 stable release (LP: #1669016)
    - net/llc: avoid BUG_ON() in skb_orphan()
    - packet: fix races in fanout_add()
    - packet: Do not call fanout_release from atomic contexts
    - irda: Fix lockdep annotations in hashbin_delete().
    - ip: fix IP_CHECKSUM handling
    - net: socket: fix recvmmsg not returning error from sock_error
    - tty: serial: msm: Fix module autoload
    - USB: serial: mos7840: fix another NULL-deref at open
    - USB: serial: cp210x: add new IDs for GE Bx50v3 boards
    - USB: serial: ftdi_sio: fix modem-status error handling
    - USB: serial: ftdi_sio: fix extreme low-latency setting
    - USB: serial: ftdi_sio: fix line-status over-reporting
    - USB: serial: spcp8x5: fix modem-status handling
    - USB: serial: opticon: fix CTS retrieval at open
    - USB: serial: ark3116: fix register-accessor error handling
    - x86/platform/goldfish: Prevent unconditional loading
    - goldfish: Sanitize the broken interrupt handler
    - block: fix double-free in the failure path of cgwb_bdi_init()
    - rtlwifi: rtl_usb: Fix for URB leaking when doing ifconfig up/down
    - Revert "usb: chipidea: imx: enable CI_HDRC_SET_NON_ZERO_TTHA"
    - kvm: vmx: ensure VMCS is current while enabling PML
    - Linux 4.4.52

* Xenial update to v4.4.51 stable release (LP: #1669015)
    - vfs: fix uninitialized flags in splice_to_pipe()
    - siano: make it work again with CONFIG_VMAP_STACK
    - fuse: fix use after free issue in fuse_dev_do_read()
    - scsi: don't BUG_ON() empty DMA transfers
    - Fix missing sanity check in /dev/sg
    - Input: elan_i2c - add ELAN0605 to the ACPI table
    - drm/radeon: Use mode h/vdisplay fields to hide out of bounds HW cursor
    - drm/dp/mst: fix kernel oops when turning off secondary monitor
    - futex: Move futex_init() to core_initcall
    - ARM: 8658/1: uaccess: fix zeroing of 64-bit get_user()
    - printk: use rcuidle console tracepoint
    - NTB: ntb_transport: fix debugfs_remove_recursive
    - ntb_transport: Pick an unused queue
    - bcache: Make gc wakeup sane, remove set_task_state()
    - mmc: core: fix multi-bit bus width without high-speed mode
    - Linux 4.4.51

* Xenial update to v4.4.50 stable release (LP: #1666324)
    - can: Fix kernel panic at security_sock_rcv_skb
    - ipv6: fix ip6_tnl_parse_tlv_enc_lim()
    - ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim()
    - tcp: fix 0 divide in __tcp_select_window()
    - net: use a work queue to defer net_disable_timestamp() work
    - ipv4: keep skb->dst around in presence of IP options
    - netlabel: out of bound access in cipso_v4_validate()
    - ip6_gre: fix ip6gre_err() invalid reads
    - ipv6: tcp: add a missing tcp_v6_restore_cb()
    - tcp: avoid infinite loop in tcp_splice_read()
    - tun: read vnet_hdr_sz once
    - macvtap: read vnet_hdr_size once
    - mlx4: Invoke softirqs after napi_reschedule
    - sctp: avoid BUG_ON on sctp_wait_for_sndbuf
    - sit: fix a double free on error path
    - net: introduce device min_header_len
    - packet: round up linear to header len
    - ping: fix a null pointer dereference
    - l2tp: do not use udp_ioctl()
    - Linux 4.4.50

* FlashGT Integration and Setup: fsbmc30: After 17th reboot of soft bootme,
    HTX & Linux errors seen with 256 virtual LUNs (LP: #1667239)
    - cxl: Fix coredump generation when cxl_get_fd() is used

* [Hyper-V] Ubuntu 14.04.2 LTS Generation 2 SCSI Errors on VSS Based Backups
    (LP: #1470250)
    - Drivers: hv: vss: Operation timeouts should match host expectation
    - SAUCE: Tools: hv: vss: Thaw the filesystem and continue after freeze fails

* kernel 4.4.0-63 with USB WLAN RTL8192CU freezes desktop (LP: #1666421)
    - rtlwifi: rtl_usb: Fix missing entry in USB driver's private data

* Export symbol "dev_pm_qos_update_user_latency_tolerance" (LP: #1666401)
    - PM / QoS: Export dev_pm_qos_update_user_latency_tolerance

* Linux ZFS port doesn't respect RLIMIT_FSIZE (LP: #1656259)
    - SAUCE: (noup) Update zfs to 0.6.5.6-0ubuntu16

-- Stefan Bader <stefan.bader@canonical.com>  Wed, 19 Apr 2017 17:14:23 +0200

Changed in linux (Ubuntu Xenial):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-04-24:

#8

Download full text (14.5 KiB)

This bug was fixed in the package linux - 4.8.0-49.52

---------------
linux (4.8.0-49.52) yakkety; urgency=low

* linux: 4.8.0-49.52 -proposed tracker (LP: #1684427)

  * [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself
    (LP: #1682561)
    - Drivers: hv: util: move waiting for release to hv_utils_transport itself

linux (4.8.0-48.51) yakkety; urgency=low

* linux: 4.8.0-48.51 -proposed tracker (LP: #1682034)

  * [Hyper-V] hv: vmbus: Raise retry/wait limits in vmbus_post_msg()
    (LP: #1681893)
    - Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg()

linux (4.8.0-47.50) yakkety; urgency=low

* linux: 4.8.0-47.50 -proposed tracker (LP: #1679678)

* CVE-2017-6353
- sctp: deny peeloff operation on asocs with threads sleeping on it

* CVE-2017-5986
- sctp: avoid BUG_ON on sctp_wait_for_sndbuf

* vfat: missing iso8859-1 charset (LP: #1677230)
- [Config] NLS_ISO8859_1=y

* [Hyper-V] pci-hyperv: Use device serial number as PCI domain (LP: #1667527)
- net/mlx4_core: Use cq quota in SRIOV when creating completion EQs