kernel BUG at /build/buildd/linux-2.6.32/drivers/net/tun.c:725! - tun_chr_aio_read+0x428/0x430

Bug #698883 reported by dann frazier
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Fix Released
Tim Gardner
Fix Released
Fix Released

Bug Description

Binary package hint: linux-image-2.6.32-25-server

SRU Justification:
 Avoids crash
 BUG() causes system to crash
 Upstream reduced BUG() to a WARN_ON_ONCE w/ additional diagnostic info.
 Upstream commit ef3db4a5954281bc1ea49a4739c88eaea091dc71.
 A tractable case would presumably require packet injection. Otherwise, a long
 stable run on a configuration that has hit this problem before.

This was originally reported by a customer in restricted LP #680356. A custom kernel w/ this fix was applied and neither the issue nor a regression has been observed in the following month.

Upstream change follows - it cherry-picks cleanly into the lucid git tree.

commit ef3db4a5954281bc1ea49a4739c88eaea091dc71
Author: Michael S. Tsirkin <email address hidden>
Date: Wed Jul 21 04:32:45 2010 +0000

    tun: avoid BUG, dump packet on GSO errors

    There are still some LRO cards that cause GSO errors in tun,
    and BUG on this is an unfriendly way to tell the admin
    to disable LRO.

    Further, experience shows we might have more GSO bugs lurking.
    as a recent example.
    dumping a packet will make it easier to figure it out.

    Replace BUG with warning+dump+drop the packet to make
    GSO errors in tun less critical and easier to debug.

    Signed-off-by: Michael S. Tsirkin <email address hidden>
    Tested-by: Alex Unigovsky <email address hidden>
    Acked-by: Herbert Xu <email address hidden>
    Signed-off-by: David S. Miller <email address hidden>

Revision history for this message
Jeremy Foshee (jeremyfoshee) wrote :

Hi dann,

Please be sure to confirm this issue exists with the latest development release of Ubuntu. ISO CD images are available from . If the issue remains, please run the following command from a Terminal (Applications->Accessories->Terminal). It will automatically gather and attach updated debug information to this report.

apport-collect -p linux 698883

Also, if you could test the latest upstream kernel available that would be great. It will allow additional upstream developers to examine the issue. Refer to . Once you've tested the upstream kernel, please remove the 'needs-upstream-testing' tag. This can be done by clicking on the yellow pencil icon next to the tag located at the bottom of the bug description and deleting the 'needs-upstream-testing' text. Please let us know your results.

Thanks in advance.

    [This is an automated message. Apologies if it has reached you inappropriately; please just reply to this message indicating so.]

tags: added: needs-kernel-logs
tags: added: needs-upstream-testing
tags: added: kj-triage
Changed in linux (Ubuntu):
status: New → Incomplete
tags: removed: needs-kernel-logs needs-upstream-testing
Changed in linux (Ubuntu):
status: Incomplete → Invalid
Changed in linux (Ubuntu Lucid):
status: New → Triaged
Revision history for this message
Tim Gardner (timg-tpi) wrote :

Lucid commit 'tun: avoid BUG, dump packet on GSO errors'

Changed in linux (Ubuntu Maverick):
status: New → Fix Released
Changed in linux (Ubuntu Natty):
status: Invalid → Fix Released
Changed in linux (Ubuntu Lucid):
assignee: nobody → Tim Gardner (timg-tpi)
status: Triaged → Fix Committed
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Accepted linux into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See for documentation how to enable and use -proposed. Thank you in advance!

Steve Conklin (sconklin)
tags: added: verification-needed-lucid
Revision history for this message
dann frazier (dannf) wrote :

I don't have an easy way to trigger this code path. That said, I've noticed no regressions after upgrading to We've also been testing a lucid kernel + this fix for a few months on several systems w/o any obvious regressions.

Revision history for this message
Chris Van Hoof (vanhoof) wrote :

Updating to verification-done per conversation with the kernel team yesterday

tags: added: verification-done
removed: verification-needed-lucid
Tim Gardner (timg-tpi)
tags: added: verification-done-lucid
removed: verification-done
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (5.4 KiB)

This bug was fixed in the package linux - 2.6.32-29.58

linux (2.6.32-29.58) lucid-proposed; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #716551

  [ Upstream Kernel Changes ]

  * net: fix rds_iovec page count overflow, CVE-2010-3865
    - LP: #709153
    - CVE-2010-3865
  * net: ax25: fix information leak to userland, CVE-2010-3875
    - LP: #710714
    - CVE-2010-3875
  * net: ax25: fix information leak to userland harder, CVE-2010-3875
    - LP: #710714
    - CVE-2010-3875
  * net: packet: fix information leak to userland, CVE-2010-3876
    - LP: #710714
    - CVE-2010-3876
  * net: tipc: fix information leak to userland, CVE-2010-3877
    - LP: #711291
    - CVE-2010-3877
  * inet_diag: Make sure we actually run the same bytecode we audited,
    - LP: #711865
    - CVE-2010-3880

linux (2.6.32-29.57) lucid-proposed; urgency=low

  [ Steve Conklin ]

  * Tracking Bug
    - LP: #708864

  [ Tim Gardner ]

  * [Config] Set CONFIG_NR_CPUS=256 for amd64 server
    - LP: #706058

  [ Upstream Kernel Changes ]

  * Input: i8042 - introduce 'notimeout' blacklist for Dell Vostro V13
    - LP: #380126
  * tun: avoid BUG, dump packet on GSO errors
    - LP: #698883
  * TTY: Fix error return from tty_ldisc_open()
    - LP: #705045
  * x86, hotplug: Use mwait to offline a processor, fix the legacy case
    - LP: #705045
  * fuse: verify ioctl retries
    - LP: #705045
  * fuse: fix ioctl when server is 32bit
    - LP: #705045
  * ALSA: hda: Use model=lg quirk for LG P1 Express to enable playback and
    - LP: #595482, #705045
  * nohz: Fix printk_needs_cpu() return value on offline cpus
    - LP: #705045
  * nohz: Fix get_next_timer_interrupt() vs cpu hotplug
    - LP: #705045
  * nfsd: Fix possible BUG_ON firing in set_change_info
    - LP: #705045
  * NFS: Fix fcntl F_GETLK not reporting some conflicts
    - LP: #705045
  * sunrpc: prevent use-after-free on clearing XPT_BUSY
    - LP: #705045
  * hwmon: (adm1026) Allow 1 as a valid divider value
    - LP: #705045
  * hwmon: (adm1026) Fix setting fan_div
    - LP: #705045
  * amd64_edac: Fix interleaving check
    - LP: #705045
  * IB/uverbs: Handle large number of entries in poll CQ
    - LP: #705045
  * PM / Hibernate: Fix PM_POST_* notification with user-space suspend
    - LP: #705045
  * ACPICA: Fix Scope() op in module level code
    - LP: #705045
  * ACPI: EC: Add another dmi match entry for MSI hardware
    - LP: #705045
  * orinoco: fix TKIP countermeasure behaviour
    - LP: #705045
  * orinoco: clear countermeasure setting on commit
    - LP: #705045
  * x86, amd: Fix panic on AMD CPU family 0x15
    - LP: #705045
  * md: fix bug with re-adding of partially recovered device.
    - LP: #705045
  * tracing: Fix panic when lseek() called on "trace" opened for writing
    - LP: #705045
  * x86, gcc-4.6: Use gcc -m options when building vdso
    - LP: #705045
  * x86: Enable the intr-remap fault handling after local APIC setup
    - LP: #705045
  * x86, vt-d: Handle previous faults after enabling fault handling
    - LP: #705045
  * x86, vt-d: Fix the vt-d fault handling irq migration in the x2apic mode
    - LP: #705045
  * x8...


Changed in linux (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.