Ubuntu
linux-lts-backport-natty package

  1. Natty (11.04)
  2. Bug #843892
  3. Activity log

Activity log for bug #843892

Date Who What changed Old value New value Message
2011-09-07 13:40:21 Alex Bligh bug added bug
2011-09-07 13:40:21 Alex Bligh attachment added Oops under 2.6.38-10-server on lucid https://bugs.launchpad.net/bugs/843892/+attachment/2367210/+files/kernel2.txt
2011-09-07 13:41:52 Alex Bligh affects ubuntu linux-lts-backport-natty (Ubuntu)
2011-09-08 05:52:50 Stefan Metzmacher bug added subscriber Stefan Metzmacher
2011-09-08 17:04:02 Serge Hallyn linux-lts-backport-natty (Ubuntu): importance Undecided Medium
2011-09-08 17:04:05 Serge Hallyn linux-lts-backport-natty (Ubuntu): status New Incomplete
2011-09-09 15:27:21 Alex Bligh attachment added oops.txt https://bugs.launchpad.net/ubuntu/+source/linux-lts-backport-natty/+bug/843892/+attachment/2376908/+files/oops.txt
2011-09-10 18:16:32 Alex Bligh attachment added Perl program to demonstrate crash repeatably https://bugs.launchpad.net/ubuntu/+source/linux-lts-backport-natty/+bug/843892/+attachment/2382526/+files/testns.pl
2011-09-10 18:16:56 Alex Bligh linux-lts-backport-natty (Ubuntu): status Incomplete New
2011-09-10 18:33:53 Alex Bligh attachment added Patch to fix oops https://bugs.launchpad.net/ubuntu/+source/linux-lts-backport-natty/+bug/843892/+attachment/2382583/+files/0001-Check-net-nfnl-for-NULL-in-ctnetlink_conntrack_event.patch
2011-09-10 18:58:44 Alex Bligh description On linux-image-2.6.38-11-generic, destroying a container causes a kernel OOPS and an immediate reboot. This is totally repeatable. This is on XUbuntu (but I doubt that makes any difference as we've done it on a headless Ubuntu server too). Procedure to repeat: lxc-create -n foo lxc-start -n foo Press ^C This happens with containers created otherwise than using lxc, so it is not a bug in lxc. The oops is in general not possible to catch as the reboot is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a different way, but Oopses at the same time and I believe is the same bug. Bug information as required 1. System information. lsb_release -rd gives: Description: Ubuntu 11.04 Release: 11.04 2. apt-cache policy linux-image-2.6.38-11-generic linux-image-2.6.38-11-generic: Installed: 2.6.38-11.49 Candidate: 2.6.38-11.49 Version table: *** 2.6.38-11.49 0 500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages 100 /var/lib/dpkg/status 2.6.38-11.48 0 500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages 3) What I expected to happen: Container deleted, command prompt returns. 4) What actually happened: Immediate machine reboot, all data lost 5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root. On linux-image-2.6.38-11-generic and linux-image-3.0.0-10-server, destroying a container causes a kernel OOPS and hang. This is totally repeatable. Procedure to repeat: Use the attached perl program. The perl program: a) sets up a veth device b) forks c) does clone(NS_NEWNET) on the child d) moves one end of the veth device into the child's network namespace e) pings between the parent and the child and runs conntrack -L f) kills the child after a while. [NB: this section used to mention lxc - this is a red herring caused by some surprising semantics of lxc, and in fact is nothing to do with the bug] The oops is in general not possible to catch save via the console as the reboot/hang is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a marginally different way, but has the same call stack. Bug information as required 1. System information. lsb_release -rd gives: Description: Ubuntu 11.04 Release: 11.04 or on another machine showing the same issue $ lsb_release -rd Description: Ubuntu oneiric (development branch) Release: 11.10 2. apt-cache policy linux-image-2.6.38-11-generic linux-image-2.6.38-11-generic:  Installed: 2.6.38-11.49  Candidate: 2.6.38-11.49  Version table: *** 2.6.38-11.49 0        500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages        100 /var/lib/dpkg/status     2.6.38-11.48 0        500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages        500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages or on the second machine: $ apt-cache policy linux-image-3.0.0-10-server linux-image-3.0.0-10-server: Installed: 3.0.0-10.16 Candidate: 3.0.0-10.16 Version table: *** 3.0.0-10.16 0 500 http://gb.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages 100 /var/lib/dpkg/status 3) What I expected to happen: Test program continues to run, showing ICMP traffic moving periodically 4) What actually happened: Kernel hang within 10-20 seconds, Oops on console, data lost 5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root.
2011-09-10 19:06:27 Alex Bligh bug task added linux (Ubuntu)
2011-09-10 19:09:12 Brad Figg linux (Ubuntu): status New Incomplete
2011-09-10 19:09:14 Brad Figg tags natty
2011-09-10 19:14:33 Alex Bligh tags natty apport-collected natty oneiric
2011-09-10 19:14:34 Alex Bligh description On linux-image-2.6.38-11-generic and linux-image-3.0.0-10-server, destroying a container causes a kernel OOPS and hang. This is totally repeatable. Procedure to repeat: Use the attached perl program. The perl program: a) sets up a veth device b) forks c) does clone(NS_NEWNET) on the child d) moves one end of the veth device into the child's network namespace e) pings between the parent and the child and runs conntrack -L f) kills the child after a while. [NB: this section used to mention lxc - this is a red herring caused by some surprising semantics of lxc, and in fact is nothing to do with the bug] The oops is in general not possible to catch save via the console as the reboot/hang is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a marginally different way, but has the same call stack. Bug information as required 1. System information. lsb_release -rd gives: Description: Ubuntu 11.04 Release: 11.04 or on another machine showing the same issue $ lsb_release -rd Description: Ubuntu oneiric (development branch) Release: 11.10 2. apt-cache policy linux-image-2.6.38-11-generic linux-image-2.6.38-11-generic:  Installed: 2.6.38-11.49  Candidate: 2.6.38-11.49  Version table: *** 2.6.38-11.49 0        500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages        100 /var/lib/dpkg/status     2.6.38-11.48 0        500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages        500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages or on the second machine: $ apt-cache policy linux-image-3.0.0-10-server linux-image-3.0.0-10-server: Installed: 3.0.0-10.16 Candidate: 3.0.0-10.16 Version table: *** 3.0.0-10.16 0 500 http://gb.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages 100 /var/lib/dpkg/status 3) What I expected to happen: Test program continues to run, showing ICMP traffic moving periodically 4) What actually happened: Kernel hang within 10-20 seconds, Oops on console, data lost 5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root. On linux-image-2.6.38-11-generic and linux-image-3.0.0-10-server, destroying a container causes a kernel OOPS and hang. This is totally repeatable. Procedure to repeat: Use the attached perl program. The perl program: a) sets up a veth device b) forks c) does clone(NS_NEWNET) on the child d) moves one end of the veth device into the child's network namespace e) pings between the parent and the child and runs conntrack -L f) kills the child after a while. [NB: this section used to mention lxc - this is a red herring caused by some surprising semantics of lxc, and in fact is nothing to do with the bug] The oops is in general not possible to catch save via the console as the reboot/hang is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a marginally different way, but has the same call stack. Bug information as required 1. System information. lsb_release -rd gives: Description: Ubuntu 11.04 Release: 11.04 or on another machine showing the same issue $ lsb_release -rd Description: Ubuntu oneiric (development branch) Release: 11.10 2. apt-cache policy linux-image-2.6.38-11-generic linux-image-2.6.38-11-generic:  Installed: 2.6.38-11.49  Candidate: 2.6.38-11.49  Version table: *** 2.6.38-11.49 0        500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages        100 /var/lib/dpkg/status     2.6.38-11.48 0        500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages        500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages or on the second machine: $ apt-cache policy linux-image-3.0.0-10-server linux-image-3.0.0-10-server: Installed: 3.0.0-10.16 Candidate: 3.0.0-10.16 Version table: *** 3.0.0-10.16 0 500 http://gb.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages 100 /var/lib/dpkg/status 3) What I expected to happen: Test program continues to run, showing ICMP traffic moving periodically 4) What actually happened: Kernel hang within 10-20 seconds, Oops on console, data lost 5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root. --- AlsaDevices: total 0 crw-rw---- 1 root audio 116, 1 2011-09-10 19:18 seq crw-rw---- 1 root audio 116, 33 2011-09-10 19:18 timer AplayDevices: Error: [Errno 2] No such file or directory ApportVersion: 1.22.1-0ubuntu2 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: [Errno 2] No such file or directory DistroRelease: Ubuntu 11.10 HibernationDevice: RESUME=UUID=49b12664-6859-4b83-b861-2354c9c23c26 InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Alpha amd64 (20110301.4) IwConfig: lo no wireless extensions. eth0 no wireless extensions. Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd MachineType: Bochs Bochs Package: linux-lts-backport-natty PciMultimedia: ProcEnviron: LANG=en_GB.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.0.0-11-server root=/dev/mapper/hostname-root ro crashkernel=384M-2G:64M,2G-:128M quiet ProcVersionSignature: Ubuntu 3.0.0-11.17-server 3.0.4 RelatedPackageVersions: linux-restricted-modules-3.0.0-11-server N/A linux-backports-modules-3.0.0-11-server N/A linux-firmware 1.60 RfKill: Error: [Errno 2] No such file or directory Tags: oneiric Uname: Linux 3.0.0-11-server x86_64 UpgradeStatus: Upgraded to oneiric on 2011-09-10 (0 days ago) UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare dmi.bios.date: 01/01/2007 dmi.bios.vendor: Bochs dmi.bios.version: Bochs dmi.chassis.type: 1 dmi.chassis.vendor: Bochs dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2007:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr: dmi.product.name: Bochs dmi.sys.vendor: Bochs
2011-09-10 19:14:36 Alex Bligh attachment added AcpiTables.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382675/+files/AcpiTables.txt
2011-09-10 19:14:37 Alex Bligh attachment added BootDmesg.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382676/+files/BootDmesg.txt
2011-09-10 19:14:39 Alex Bligh attachment added CurrentDmesg.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382677/+files/CurrentDmesg.txt
2011-09-10 19:14:40 Alex Bligh attachment added Lspci.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382678/+files/Lspci.txt
2011-09-10 19:14:41 Alex Bligh attachment added ProcCpuinfo.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382679/+files/ProcCpuinfo.txt
2011-09-10 19:14:42 Alex Bligh attachment added ProcInterrupts.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382680/+files/ProcInterrupts.txt
2011-09-10 19:14:44 Alex Bligh attachment added ProcModules.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382681/+files/ProcModules.txt
2011-09-10 19:14:45 Alex Bligh attachment added UdevDb.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382682/+files/UdevDb.txt
2011-09-10 19:14:47 Alex Bligh attachment added UdevLog.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382683/+files/UdevLog.txt
2011-09-10 19:14:48 Alex Bligh attachment added WifiSyslog.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382684/+files/WifiSyslog.txt
2011-09-10 19:15:25 Alex Bligh linux (Ubuntu): status Incomplete Confirmed
2011-09-10 20:07:42 Ubuntu Foundations Team Bug Bot tags apport-collected natty oneiric apport-collected natty oneiric patch
2011-09-10 20:07:43 Ubuntu Foundations Team Bug Bot bug added subscriber Ubuntu Review Team
2011-09-14 15:31:13 Brad Figg linux (Ubuntu): status Confirmed Incomplete
2011-09-14 15:31:16 Brad Figg tags apport-collected natty oneiric patch apport-collected kernel-request-3.0.0-11.18 natty oneiric patch
2011-09-14 15:51:14 Alex Bligh linux (Ubuntu): status Incomplete Confirmed
2011-09-21 16:38:18 Leann Ogasawara linux (Ubuntu): importance Undecided Medium
2011-09-21 16:38:18 Leann Ogasawara linux (Ubuntu): status Confirmed In Progress
2011-09-21 16:38:18 Leann Ogasawara linux (Ubuntu): assignee Leann Ogasawara (leannogasawara)
2011-09-21 18:14:17 Leann Ogasawara nominated for series Ubuntu Oneiric
2011-09-21 18:14:17 Leann Ogasawara bug task added linux (Ubuntu Oneiric)
2011-09-21 18:14:17 Leann Ogasawara bug task added linux-lts-backport-natty (Ubuntu Oneiric)
2011-09-21 19:03:16 Leann Ogasawara description On linux-image-2.6.38-11-generic and linux-image-3.0.0-10-server, destroying a container causes a kernel OOPS and hang. This is totally repeatable. Procedure to repeat: Use the attached perl program. The perl program: a) sets up a veth device b) forks c) does clone(NS_NEWNET) on the child d) moves one end of the veth device into the child's network namespace e) pings between the parent and the child and runs conntrack -L f) kills the child after a while. [NB: this section used to mention lxc - this is a red herring caused by some surprising semantics of lxc, and in fact is nothing to do with the bug] The oops is in general not possible to catch save via the console as the reboot/hang is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a marginally different way, but has the same call stack. Bug information as required 1. System information. lsb_release -rd gives: Description: Ubuntu 11.04 Release: 11.04 or on another machine showing the same issue $ lsb_release -rd Description: Ubuntu oneiric (development branch) Release: 11.10 2. apt-cache policy linux-image-2.6.38-11-generic linux-image-2.6.38-11-generic:  Installed: 2.6.38-11.49  Candidate: 2.6.38-11.49  Version table: *** 2.6.38-11.49 0        500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages        100 /var/lib/dpkg/status     2.6.38-11.48 0        500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages        500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages or on the second machine: $ apt-cache policy linux-image-3.0.0-10-server linux-image-3.0.0-10-server: Installed: 3.0.0-10.16 Candidate: 3.0.0-10.16 Version table: *** 3.0.0-10.16 0 500 http://gb.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages 100 /var/lib/dpkg/status 3) What I expected to happen: Test program continues to run, showing ICMP traffic moving periodically 4) What actually happened: Kernel hang within 10-20 seconds, Oops on console, data lost 5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root. --- AlsaDevices: total 0 crw-rw---- 1 root audio 116, 1 2011-09-10 19:18 seq crw-rw---- 1 root audio 116, 33 2011-09-10 19:18 timer AplayDevices: Error: [Errno 2] No such file or directory ApportVersion: 1.22.1-0ubuntu2 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: [Errno 2] No such file or directory DistroRelease: Ubuntu 11.10 HibernationDevice: RESUME=UUID=49b12664-6859-4b83-b861-2354c9c23c26 InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Alpha amd64 (20110301.4) IwConfig: lo no wireless extensions. eth0 no wireless extensions. Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd MachineType: Bochs Bochs Package: linux-lts-backport-natty PciMultimedia: ProcEnviron: LANG=en_GB.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.0.0-11-server root=/dev/mapper/hostname-root ro crashkernel=384M-2G:64M,2G-:128M quiet ProcVersionSignature: Ubuntu 3.0.0-11.17-server 3.0.4 RelatedPackageVersions: linux-restricted-modules-3.0.0-11-server N/A linux-backports-modules-3.0.0-11-server N/A linux-firmware 1.60 RfKill: Error: [Errno 2] No such file or directory Tags: oneiric Uname: Linux 3.0.0-11-server x86_64 UpgradeStatus: Upgraded to oneiric on 2011-09-10 (0 days ago) UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare dmi.bios.date: 01/01/2007 dmi.bios.vendor: Bochs dmi.bios.version: Bochs dmi.chassis.type: 1 dmi.chassis.vendor: Bochs dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2007:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr: dmi.product.name: Bochs dmi.sys.vendor: Bochs == SRU Justification == == Impact == It's been reported that on destroying a container causes a kernel Oops and will hang the system. Issue is reproducible. == Test Case == See reproducer below as described by user. == Fix == http://marc.info/?l=linux-mm-commits&m=131603308900694&w=2 ----- On linux-image-2.6.38-11-generic and linux-image-3.0.0-10-server, destroying a container causes a kernel OOPS and hang. This is totally repeatable. Procedure to repeat: Use the attached perl program. The perl program: a) sets up a veth device b) forks c) does clone(NS_NEWNET) on the child d) moves one end of the veth device into the child's network namespace e) pings between the parent and the child and runs conntrack -L f) kills the child after a while. [NB: this section used to mention lxc - this is a red herring caused by some surprising semantics of lxc, and in fact is nothing to do with the bug] The oops is in general not possible to catch save via the console as the reboot/hang is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a marginally different way, but has the same call stack. Bug information as required 1. System information. lsb_release -rd gives: Description: Ubuntu 11.04 Release: 11.04 or on another machine showing the same issue $ lsb_release -rd Description: Ubuntu oneiric (development branch) Release: 11.10 2. apt-cache policy linux-image-2.6.38-11-generic linux-image-2.6.38-11-generic:  Installed: 2.6.38-11.49  Candidate: 2.6.38-11.49  Version table: *** 2.6.38-11.49 0        500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages        100 /var/lib/dpkg/status     2.6.38-11.48 0        500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages        500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages or on the second machine: $ apt-cache policy linux-image-3.0.0-10-server linux-image-3.0.0-10-server:   Installed: 3.0.0-10.16   Candidate: 3.0.0-10.16   Version table:  *** 3.0.0-10.16 0         500 http://gb.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages         100 /var/lib/dpkg/status 3) What I expected to happen: Test program continues to run, showing ICMP traffic moving periodically 4) What actually happened: Kernel hang within 10-20 seconds, Oops on console, data lost 5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root. --- AlsaDevices:  total 0  crw-rw---- 1 root audio 116, 1 2011-09-10 19:18 seq  crw-rw---- 1 root audio 116, 33 2011-09-10 19:18 timer AplayDevices: Error: [Errno 2] No such file or directory ApportVersion: 1.22.1-0ubuntu2 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: [Errno 2] No such file or directory DistroRelease: Ubuntu 11.10 HibernationDevice: RESUME=UUID=49b12664-6859-4b83-b861-2354c9c23c26 InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Alpha amd64 (20110301.4) IwConfig:  lo no wireless extensions.  eth0 no wireless extensions. Lsusb:  Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub  Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd MachineType: Bochs Bochs Package: linux-lts-backport-natty PciMultimedia: ProcEnviron:  LANG=en_GB.UTF-8  SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.0.0-11-server root=/dev/mapper/hostname-root ro crashkernel=384M-2G:64M,2G-:128M quiet ProcVersionSignature: Ubuntu 3.0.0-11.17-server 3.0.4 RelatedPackageVersions:  linux-restricted-modules-3.0.0-11-server N/A  linux-backports-modules-3.0.0-11-server N/A  linux-firmware 1.60 RfKill: Error: [Errno 2] No such file or directory Tags: oneiric Uname: Linux 3.0.0-11-server x86_64 UpgradeStatus: Upgraded to oneiric on 2011-09-10 (0 days ago) UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare dmi.bios.date: 01/01/2007 dmi.bios.vendor: Bochs dmi.bios.version: Bochs dmi.chassis.type: 1 dmi.chassis.vendor: Bochs dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2007:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr: dmi.product.name: Bochs dmi.sys.vendor: Bochs
2011-09-21 19:07:31 Leann Ogasawara nominated for series Ubuntu Natty
2011-09-21 19:07:31 Leann Ogasawara bug task added linux (Ubuntu Natty)
2011-09-21 19:07:31 Leann Ogasawara bug task added linux-lts-backport-natty (Ubuntu Natty)
2011-09-21 19:25:51 Leann Ogasawara description == SRU Justification == == Impact == It's been reported that on destroying a container causes a kernel Oops and will hang the system. Issue is reproducible. == Test Case == See reproducer below as described by user. == Fix == http://marc.info/?l=linux-mm-commits&m=131603308900694&w=2 ----- On linux-image-2.6.38-11-generic and linux-image-3.0.0-10-server, destroying a container causes a kernel OOPS and hang. This is totally repeatable. Procedure to repeat: Use the attached perl program. The perl program: a) sets up a veth device b) forks c) does clone(NS_NEWNET) on the child d) moves one end of the veth device into the child's network namespace e) pings between the parent and the child and runs conntrack -L f) kills the child after a while. [NB: this section used to mention lxc - this is a red herring caused by some surprising semantics of lxc, and in fact is nothing to do with the bug] The oops is in general not possible to catch save via the console as the reboot/hang is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a marginally different way, but has the same call stack. Bug information as required 1. System information. lsb_release -rd gives: Description: Ubuntu 11.04 Release: 11.04 or on another machine showing the same issue $ lsb_release -rd Description: Ubuntu oneiric (development branch) Release: 11.10 2. apt-cache policy linux-image-2.6.38-11-generic linux-image-2.6.38-11-generic:  Installed: 2.6.38-11.49  Candidate: 2.6.38-11.49  Version table: *** 2.6.38-11.49 0        500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages        100 /var/lib/dpkg/status     2.6.38-11.48 0        500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages        500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages or on the second machine: $ apt-cache policy linux-image-3.0.0-10-server linux-image-3.0.0-10-server:   Installed: 3.0.0-10.16   Candidate: 3.0.0-10.16   Version table:  *** 3.0.0-10.16 0         500 http://gb.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages         100 /var/lib/dpkg/status 3) What I expected to happen: Test program continues to run, showing ICMP traffic moving periodically 4) What actually happened: Kernel hang within 10-20 seconds, Oops on console, data lost 5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root. --- AlsaDevices:  total 0  crw-rw---- 1 root audio 116, 1 2011-09-10 19:18 seq  crw-rw---- 1 root audio 116, 33 2011-09-10 19:18 timer AplayDevices: Error: [Errno 2] No such file or directory ApportVersion: 1.22.1-0ubuntu2 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: [Errno 2] No such file or directory DistroRelease: Ubuntu 11.10 HibernationDevice: RESUME=UUID=49b12664-6859-4b83-b861-2354c9c23c26 InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Alpha amd64 (20110301.4) IwConfig:  lo no wireless extensions.  eth0 no wireless extensions. Lsusb:  Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub  Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd MachineType: Bochs Bochs Package: linux-lts-backport-natty PciMultimedia: ProcEnviron:  LANG=en_GB.UTF-8  SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.0.0-11-server root=/dev/mapper/hostname-root ro crashkernel=384M-2G:64M,2G-:128M quiet ProcVersionSignature: Ubuntu 3.0.0-11.17-server 3.0.4 RelatedPackageVersions:  linux-restricted-modules-3.0.0-11-server N/A  linux-backports-modules-3.0.0-11-server N/A  linux-firmware 1.60 RfKill: Error: [Errno 2] No such file or directory Tags: oneiric Uname: Linux 3.0.0-11-server x86_64 UpgradeStatus: Upgraded to oneiric on 2011-09-10 (0 days ago) UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare dmi.bios.date: 01/01/2007 dmi.bios.vendor: Bochs dmi.bios.version: Bochs dmi.chassis.type: 1 dmi.chassis.vendor: Bochs dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2007:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr: dmi.product.name: Bochs dmi.sys.vendor: Bochs == SRU Justification == Destroying a container causes a kernel Oops and will hang the system. The issue is reproducible. The user has successfully tested the patch against Oneiric and can confirm the Oops no longer occurs when using a patched Oneiric kernel. The patch has been submitted upstream (CC'd upstream stable) and is currently queued in the -mm tree. It also appears it will hit the 3.2 merge window. Please consider for SRU against Oneiric and Natty. == Impact == The commit message of the patch notes that this will likely affect 2.6.26 and newer kernels, ie affects Lucid, Maverick, Natty, Oneiric. However, due to the nature of our SRU process, the bug reporter is likely only able to readily test Natty and Oneiric. Thus I'm only submitting this for SRU against Oneiric and Natty. == Test Case == See reproducer in comment #6 == Fix == http://marc.info/?l=linux-mm-commits&m=131603308900694&w=2 ----- On linux-image-2.6.38-11-generic and linux-image-3.0.0-10-server, destroying a container causes a kernel OOPS and hang. This is totally repeatable. Procedure to repeat: Use the attached perl program. The perl program: a) sets up a veth device b) forks c) does clone(NS_NEWNET) on the child d) moves one end of the veth device into the child's network namespace e) pings between the parent and the child and runs conntrack -L f) kills the child after a while. [NB: this section used to mention lxc - this is a red herring caused by some surprising semantics of lxc, and in fact is nothing to do with the bug] The oops is in general not possible to catch save via the console as the reboot/hang is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a marginally different way, but has the same call stack. Bug information as required 1. System information. lsb_release -rd gives: Description: Ubuntu 11.04 Release: 11.04 or on another machine showing the same issue $ lsb_release -rd Description: Ubuntu oneiric (development branch) Release: 11.10 2. apt-cache policy linux-image-2.6.38-11-generic linux-image-2.6.38-11-generic:  Installed: 2.6.38-11.49  Candidate: 2.6.38-11.49  Version table: *** 2.6.38-11.49 0        500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages        100 /var/lib/dpkg/status     2.6.38-11.48 0        500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages        500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages or on the second machine: $ apt-cache policy linux-image-3.0.0-10-server linux-image-3.0.0-10-server:   Installed: 3.0.0-10.16   Candidate: 3.0.0-10.16   Version table:  *** 3.0.0-10.16 0         500 http://gb.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages         100 /var/lib/dpkg/status 3) What I expected to happen: Test program continues to run, showing ICMP traffic moving periodically 4) What actually happened: Kernel hang within 10-20 seconds, Oops on console, data lost 5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root. --- AlsaDevices:  total 0  crw-rw---- 1 root audio 116, 1 2011-09-10 19:18 seq  crw-rw---- 1 root audio 116, 33 2011-09-10 19:18 timer AplayDevices: Error: [Errno 2] No such file or directory ApportVersion: 1.22.1-0ubuntu2 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: [Errno 2] No such file or directory DistroRelease: Ubuntu 11.10 HibernationDevice: RESUME=UUID=49b12664-6859-4b83-b861-2354c9c23c26 InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Alpha amd64 (20110301.4) IwConfig:  lo no wireless extensions.  eth0 no wireless extensions. Lsusb:  Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub  Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd MachineType: Bochs Bochs Package: linux-lts-backport-natty PciMultimedia: ProcEnviron:  LANG=en_GB.UTF-8  SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.0.0-11-server root=/dev/mapper/hostname-root ro crashkernel=384M-2G:64M,2G-:128M quiet ProcVersionSignature: Ubuntu 3.0.0-11.17-server 3.0.4 RelatedPackageVersions:  linux-restricted-modules-3.0.0-11-server N/A  linux-backports-modules-3.0.0-11-server N/A  linux-firmware 1.60 RfKill: Error: [Errno 2] No such file or directory Tags: oneiric Uname: Linux 3.0.0-11-server x86_64 UpgradeStatus: Upgraded to oneiric on 2011-09-10 (0 days ago) UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare dmi.bios.date: 01/01/2007 dmi.bios.vendor: Bochs dmi.bios.version: Bochs dmi.chassis.type: 1 dmi.chassis.vendor: Bochs dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2007:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr: dmi.product.name: Bochs dmi.sys.vendor: Bochs
2011-09-21 19:26:04 Leann Ogasawara linux (Ubuntu Natty): importance Undecided Medium
2011-09-21 19:26:04 Leann Ogasawara linux (Ubuntu Natty): status New In Progress
2011-09-21 19:26:04 Leann Ogasawara linux (Ubuntu Natty): assignee Leann Ogasawara (leannogasawara)
2011-09-22 13:45:23 Leann Ogasawara linux (Ubuntu Natty): status In Progress Fix Committed
2011-09-22 13:45:31 Leann Ogasawara linux (Ubuntu Oneiric): status In Progress Fix Committed
2011-09-23 21:14:02 Launchpad Janitor linux (Ubuntu Oneiric): status Fix Committed Fix Released
2011-10-04 06:24:03 Launchpad Janitor branch linked lp:ubuntu/lucid-proposed/linux-lts-backport-natty
2011-10-04 14:07:49 Herton R. Krzesinski tags apport-collected kernel-request-3.0.0-11.18 natty oneiric patch apport-collected kernel-request-3.0.0-11.18 natty oneiric patch verification-needed-natty
2011-10-07 06:48:07 Launchpad Janitor linux-lts-backport-natty (Ubuntu): status New Confirmed
2011-10-07 06:48:07 Launchpad Janitor linux-lts-backport-natty (Ubuntu Natty): status New Confirmed
2011-10-09 14:40:19 Alex Bligh tags apport-collected kernel-request-3.0.0-11.18 natty oneiric patch verification-needed-natty apport-collected kernel-request-3.0.0-11.18 natty oneiric patch verification-done-natty
2011-10-17 14:01:12 Chaskiel Grundman bug added subscriber Chaskiel Grundman
2011-10-19 21:18:52 Chaskiel Grundman attachment added testns-2.6.38-12.51.log https://bugs.launchpad.net/ubuntu/+source/linux-lts-backport-natty/+bug/843892/+attachment/2561717/+files/testns-2.6.38-12.51.log
2011-10-25 05:26:37 Launchpad Janitor linux (Ubuntu Natty): status Fix Committed Fix Released
2011-10-25 05:26:37 Launchpad Janitor cve linked 2011-2213
2011-10-25 05:26:37 Launchpad Janitor cve linked 2011-2497
2011-10-25 05:26:37 Launchpad Janitor cve linked 2011-2695
2011-10-25 05:26:37 Launchpad Janitor cve linked 2011-2700
2011-10-25 05:26:37 Launchpad Janitor cve linked 2011-2723
2011-10-25 05:26:37 Launchpad Janitor cve linked 2011-2928
2011-10-25 05:26:37 Launchpad Janitor cve linked 2011-3188
2011-10-25 05:26:37 Launchpad Janitor cve linked 2011-3191
2011-10-25 05:29:42 Launchpad Janitor linux-lts-backport-natty (Ubuntu): status Confirmed Fix Released
2011-12-01 18:42:55 Brad Figg linux-lts-backport-natty (Ubuntu Natty): status Confirmed Fix Released
2011-12-01 18:42:58 Brad Figg linux-lts-backport-natty (Ubuntu Oneiric): status Confirmed Fix Released
2011-12-08 00:29:52 Joseph Heck bug added subscriber Joseph Heck
2013-01-15 23:35:01 tapczan bug added subscriber tapczan