4.4.0-127.153 generates many "sit: non-ECT" messages

Bug #1772775 reported by Simon Déziel on 2018-05-23
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
High
Unassigned
Xenial
High
Joseph Salisbury

Bug Description

== SRU Justification ==
A regression was introduce in Xenial linux-image-4.4.0-127-generic. It
was found that this regression was introduced by mainline commit
b699d0035836. This commit was applied to Xenial via the 4.4.128 upstream stable
updates.

Upstream decided to revert this commit in mainline commit f4eb17e1efe5,
which was added in v4.12-rc5.

== Fix ==
f4eb17e1efe5 ("Revert "sit: reload iphdr in ipip6_rcv"")

== Regression Potential ==
Low. This is a revert request to resolve a regression. The revert was
also performed upstream.

== Test Case ==
A test kernel was built with this patch and tested by the original bug reporter.
The bug reporter states the test kernel resolved the bug.

Since deploying linux-image-4.4.0-127-generic (4.4.0-127.153) on a Xenial VM with a sit tunnel, I get such messages:

May 22 10:49:38 gw kernel: [ 68.121601] sit: non-ECT from 0.0.0.0 with TOS=0x5

Those are logged quite often:

# grep -cF 'sit: non-ECT' /var/log/syslog
9108

Reverting to linux-image-4.4.0-124-generic (4.4.0-124.148) fixes the issue.

# lsb_release -rd
Description: Ubuntu 16.04.4 LTS
Release: 16.04
# apt-cache policy linux-image-4.4.0-127-generic
linux-image-4.4.0-127-generic:
  Installed: 4.4.0-127.153
  Candidate: 4.4.0-127.153
  Version table:
 *** 4.4.0-127.153 500
        500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: linux-image-4.4.0-127-generic 4.4.0-127.153
ProcVersionSignature: Ubuntu 4.4.0-127.153-generic 4.4.128
Uname: Linux 4.4.0-127-generic x86_64
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 May 22 20:08 seq
 crw-rw---- 1 root audio 116, 33 May 22 20:08 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.1-0ubuntu2.17
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: [Errno 2] No such file or directory: 'fuser'
CRDA: N/A
Date: Tue May 22 21:18:45 2018
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lspci: Error: [Errno 2] No such file or directory: 'lspci'
Lsusb: Error: [Errno 2] No such file or directory: 'lsusb'
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
PciMultimedia:

ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcFB: 0 EFI VGA
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-127-generic root=UUID=67f7ee15-64f4-4c85-805c-08386d5fed8b ro console=ttyS0 net.ifnames=0 kaslr vsyscall=none nmi_watchdog=0 possible_cpus=1 pti=on nr_cpus=1
RelatedPackageVersions:
 linux-restricted-modules-4.4.0-127-generic N/A
 linux-backports-modules-4.4.0-127-generic N/A
 linux-firmware N/A
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: Ubuntu-1.8.2-1ubuntu1
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-i440fx-2.5
dmi.modalias: dmi:bvnSeaBIOS:bvrUbuntu-1.8.2-1ubuntu1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-2.5:cvnQEMU:ct1:cvrpc-i440fx-2.5:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-2.5
dmi.sys.vendor: QEMU
---
AlsaDevices:
 total 0
 crw-rw---- 1 root audio 116, 1 May 22 21:33 seq
 crw-rw---- 1 root audio 116, 33 May 22 21:33 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.20.1-0ubuntu2.17
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: [Errno 2] No such file or directory
CRDA: N/A
DistroRelease: Ubuntu 16.04
IwConfig: Error: [Errno 2] No such file or directory
Lspci: Error: [Errno 2] No such file or directory
Lsusb: Error: [Errno 2] No such file or directory
MachineType: QEMU Standard PC (i440FX + PIIX, 1996)
Package: linux (not installed)
PciMultimedia:

ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcFB: 0 EFI VGA
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-124-generic root=UUID=67f7ee15-64f4-4c85-805c-08386d5fed8b ro kaslr net.ifnames=0 nmi_watchdog=0 nr_cpus=1 pti=on console=ttyS0 vsyscall=none
ProcVersionSignature: Ubuntu 4.4.0-124.148-generic 4.4.117
RelatedPackageVersions:
 linux-restricted-modules-4.4.0-124-generic N/A
 linux-backports-modules-4.4.0-124-generic N/A
 linux-firmware N/A
RfKill: Error: [Errno 2] No such file or directory
Tags: xenial
Uname: Linux 4.4.0-124-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

_MarkForUpload: True
dmi.bios.date: 04/01/2014
dmi.bios.vendor: SeaBIOS
dmi.bios.version: Ubuntu-1.8.2-1ubuntu1
dmi.chassis.type: 1
dmi.chassis.vendor: QEMU
dmi.chassis.version: pc-i440fx-2.5
dmi.modalias: dmi:bvnSeaBIOS:bvrUbuntu-1.8.2-1ubuntu1:bd04/01/2014:svnQEMU:pnStandardPC(i440FX+PIIX,1996):pvrpc-i440fx-2.5:cvnQEMU:ct1:cvrpc-i440fx-2.5:
dmi.product.name: Standard PC (i440FX + PIIX, 1996)
dmi.product.version: pc-i440fx-2.5
dmi.sys.vendor: QEMU

CVE References

Simon Déziel (sdeziel) wrote :
Simon Déziel (sdeziel) wrote :

I don't know if that matters but I use fq_codel and have been for a long while.

# sysctl net.core.default_qdisc
net.core.default_qdisc = fq_codel

tags: added: regression-update

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1772775

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Simon Déziel (sdeziel) wrote :

Between 4.4.0-124.148 and 4.4.0-127.153, the following commits references "sit":

    - sit: reload iphdr in ipip6_rcv
    - ipv6: sit: better validate user provided tunnel names
    - ipv6 sit: work around bogus gcc-8 -Wrestrict warning

apport information

tags: added: apport-collected
description: updated

apport information

apport information

apport information

apport information

apport information

apport information

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Joseph Salisbury (jsalisbury) wrote :

Would it be possible for you to test the latest upstream kernel? Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Please test the latest v4.17 kernel[0].

If this bug is fixed in the mainline kernel, please add the following tag 'kernel-fixed-upstream'.

If the mainline kernel does not fix this bug, please add the tag: 'kernel-bug-exists-upstream'.

Once testing of the upstream kernel is complete, please mark this bug as "Confirmed".

Thanks in advance.

[0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.17-rc6

Changed in linux (Ubuntu):
importance: Undecided → Medium
tags: added: kernel-da-key
Changed in linux (Ubuntu):
status: Confirmed → Incomplete
Jamie Strandboge (jdstrand) wrote :

I too am seeing this after the most recent upgrade:

$ grep -cF 'sit: non-ECT' /var/log/syslog
2917

Simon Déziel (sdeziel) wrote :

I just tested with linux-image-unsigned-4.17.0-041700rc6-generic (4.17.0-041700rc6.201805202330) and didn't see the message.

tags: added: kernel-fixed-upstrea
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
Changed in linux (Ubuntu):
importance: Medium → High
Changed in linux (Ubuntu Xenial):
status: New → Confirmed
importance: Undecided → High
Changed in linux (Ubuntu):
status: Confirmed → Invalid
Changed in linux (Ubuntu Xenial):
status: Confirmed → In Progress
assignee: nobody → Joseph Salisbury (jsalisbury)
Joseph Salisbury (jsalisbury) wrote :

Its possible the following commit is the fix:
f4eb17e1efe5 ("Revert "sit: reload iphdr in ipip6_rcv"")

This commit was added to mainline in v4.12-rc5, which could be why this bug was not seen in Artful or newer.

I built a test kernel with commit f4eb17e1efe5. The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1772775

Can you test this kernel and see if it resolves this bug?

Simon Déziel (sdeziel) wrote :

Thanks Joseph, this indeed fixes the issue.

Joseph Salisbury (jsalisbury) wrote :

Thanks for testing. I'll submit an SRU request for this commit.

Joseph Salisbury (jsalisbury) wrote :
description: updated
Juerg Haefliger (juergh) on 2018-06-07
Changed in linux (Ubuntu Xenial):
status: In Progress → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed-xenial'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-xenial
Simon Déziel (sdeziel) wrote :

Thanks, this is fixed in 4.4.0-129.155:

sdeziel@gw:~$ uname -a
Linux gw 4.4.0-129-generic #155-Ubuntu SMP Tue Jun 12 10:25:57 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
sdeziel@gw:~$ journalctl -k | grep 'sit: non-ECT'
sdeziel@gw:~$

tags: added: verification-done-xenial
removed: verification-needed-xenial
ByungYeol Woo (wby1089) wrote :

I experienced simmilar problem of "vxlan: non-ECT with TOS=0x02" with Intel NIC.
I issued to bugzilla and intel community, but I couldn't found a solution.

Could you please check following URLs?:

https://communities.intel.com/thread/120521
https://bugzilla.kernel.org/show_bug.cgi?id=198489

Launchpad Janitor (janitor) wrote :
Download full text (29.8 KiB)

This bug was fixed in the package linux - 4.4.0-130.156

---------------
linux (4.4.0-130.156) xenial; urgency=medium

  * linux: 4.4.0-130.156 -proposed tracker (LP: #1776822)

  * CVE-2018-3665 (x86)
    - x86/fpu: Fix early FPU command-line parsing
    - x86/fpu: Fix 'no387' regression
    - x86/fpu: Disable MPX when eagerfpu is off
    - x86/fpu: Default eagerfpu=on on all CPUs
    - x86/fpu: Fix FNSAVE usage in eagerfpu mode
    - x86/fpu: Fix math emulation in eager fpu mode
    - x86/fpu: Fix eager-FPU handling on legacy FPU machines

linux (4.4.0-129.155) xenial; urgency=medium

  * linux: 4.4.0-129.155 -proposed tracker (LP: #1776352)

  * Xenial update to 4.4.134 stable release (LP: #1775771)
    - MIPS: ptrace: Expose FIR register through FP regset
    - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
    - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
    - affs_lookup(): close a race with affs_remove_link()
    - aio: fix io_destroy(2) vs. lookup_ioctx() race
    - ALSA: timer: Fix pause event notification
    - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
    - libata: Blacklist some Sandisk SSDs for NCQ
    - libata: blacklist Micron 500IT SSD with MU01 firmware
    - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
    - Revert "ipc/shm: Fix shmat mmap nil-page protection"
    - ipc/shm: fix shmat() nil address after round-down when remapping
    - kasan: fix memory hotplug during boot
    - kernel/sys.c: fix potential Spectre v1 issue
    - kernel/signal.c: avoid undefined behaviour in kill_something_info
    - xfs: remove racy hasattr check from attr ops
    - do d_instantiate/unlock_new_inode combinations safely
    - firewire-ohci: work around oversized DMA reads on JMicron controllers
    - NFSv4: always set NFS_LOCK_LOST when a lock is lost.
    - ALSA: hda - Use IS_REACHABLE() for dependency on input
    - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read()
    - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
    - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into
      account
    - PCI: Add function 1 DMA alias quirk for Marvell 9128
    - tools lib traceevent: Simplify pointer print logic and fix %pF
    - perf callchain: Fix attr.sample_max_stack setting
    - tools lib traceevent: Fix get_field_str() for dynamic strings
    - dm thin: fix documentation relative to low water mark threshold
    - nfs: Do not convert nfs_idmap_cache_timeout to jiffies
    - watchdog: sp5100_tco: Fix watchdog disable bit
    - kconfig: Don't leak main menus during parsing
    - kconfig: Fix automatic menu creation mem leak
    - kconfig: Fix expr_free() E_NOT leak
    - ipmi/powernv: Fix error return code in ipmi_powernv_probe()
    - Btrfs: set plug for fsync
    - btrfs: Fix out of bounds access in btrfs_search_slot
    - Btrfs: fix scrub to repair raid6 corruption
    - scsi: fas216: fix sense buffer initialization
    - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
    - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
    - powerpc/numa: Use ibm,max-associativity-domains to discover possib...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.