2011-09-07 13:40:21 |
Alex Bligh |
bug |
|
|
added bug |
2011-09-07 13:40:21 |
Alex Bligh |
attachment added |
|
Oops under 2.6.38-10-server on lucid https://bugs.launchpad.net/bugs/843892/+attachment/2367210/+files/kernel2.txt |
|
2011-09-07 13:41:52 |
Alex Bligh |
affects |
ubuntu |
linux-lts-backport-natty (Ubuntu) |
|
2011-09-08 05:52:50 |
Stefan Metzmacher |
bug |
|
|
added subscriber Stefan Metzmacher |
2011-09-08 17:04:02 |
Serge Hallyn |
linux-lts-backport-natty (Ubuntu): importance |
Undecided |
Medium |
|
2011-09-08 17:04:05 |
Serge Hallyn |
linux-lts-backport-natty (Ubuntu): status |
New |
Incomplete |
|
2011-09-09 15:27:21 |
Alex Bligh |
attachment added |
|
oops.txt https://bugs.launchpad.net/ubuntu/+source/linux-lts-backport-natty/+bug/843892/+attachment/2376908/+files/oops.txt |
|
2011-09-10 18:16:32 |
Alex Bligh |
attachment added |
|
Perl program to demonstrate crash repeatably https://bugs.launchpad.net/ubuntu/+source/linux-lts-backport-natty/+bug/843892/+attachment/2382526/+files/testns.pl |
|
2011-09-10 18:16:56 |
Alex Bligh |
linux-lts-backport-natty (Ubuntu): status |
Incomplete |
New |
|
2011-09-10 18:33:53 |
Alex Bligh |
attachment added |
|
Patch to fix oops https://bugs.launchpad.net/ubuntu/+source/linux-lts-backport-natty/+bug/843892/+attachment/2382583/+files/0001-Check-net-nfnl-for-NULL-in-ctnetlink_conntrack_event.patch |
|
2011-09-10 18:58:44 |
Alex Bligh |
description |
On linux-image-2.6.38-11-generic, destroying a container causes a kernel OOPS and an immediate reboot. This is totally repeatable. This is on XUbuntu (but I doubt that makes any difference as we've done it on a headless Ubuntu server too).
Procedure to repeat:
lxc-create -n foo
lxc-start -n foo
Press ^C
This happens with containers created otherwise than using lxc, so it is not a bug in lxc.
The oops is in general not possible to catch as the reboot is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a different way, but Oopses at the same time and I believe is the same bug.
Bug information as required
1. System information.
lsb_release -rd gives:
Description: Ubuntu 11.04
Release: 11.04
2. apt-cache policy linux-image-2.6.38-11-generic
linux-image-2.6.38-11-generic:
Installed: 2.6.38-11.49
Candidate: 2.6.38-11.49
Version table:
*** 2.6.38-11.49 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages
100 /var/lib/dpkg/status
2.6.38-11.48 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages
3) What I expected to happen:
Container deleted, command prompt returns.
4) What actually happened:
Immediate machine reboot, all data lost
5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root. |
On linux-image-2.6.38-11-generic and linux-image-3.0.0-10-server, destroying a container causes a kernel OOPS and hang. This is totally repeatable.
Procedure to repeat:
Use the attached perl program.
The perl program:
a) sets up a veth device
b) forks
c) does clone(NS_NEWNET) on the child
d) moves one end of the veth device into the child's network namespace
e) pings between the parent and the child and runs conntrack -L
f) kills the child after a while.
[NB: this section used to mention lxc - this is a red herring caused by some surprising semantics of lxc, and in fact is nothing to do with the bug]
The oops is in general not possible to catch save via the console as the reboot/hang is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a marginally different way, but has the same call stack.
Bug information as required
1. System information.
lsb_release -rd gives:
Description: Ubuntu 11.04
Release: 11.04
or on another machine showing the same issue
$ lsb_release -rd
Description: Ubuntu oneiric (development branch)
Release: 11.10
2. apt-cache policy linux-image-2.6.38-11-generic
linux-image-2.6.38-11-generic:
Installed: 2.6.38-11.49
Candidate: 2.6.38-11.49
Version table:
*** 2.6.38-11.49 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages
100 /var/lib/dpkg/status
2.6.38-11.48 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages
or on the second machine:
$ apt-cache policy linux-image-3.0.0-10-server
linux-image-3.0.0-10-server:
Installed: 3.0.0-10.16
Candidate: 3.0.0-10.16
Version table:
*** 3.0.0-10.16 0
500 http://gb.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages
100 /var/lib/dpkg/status
3) What I expected to happen:
Test program continues to run, showing ICMP traffic moving periodically
4) What actually happened:
Kernel hang within 10-20 seconds, Oops on console, data lost
5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root. |
|
2011-09-10 19:06:27 |
Alex Bligh |
bug task added |
|
linux (Ubuntu) |
|
2011-09-10 19:09:12 |
Brad Figg |
linux (Ubuntu): status |
New |
Incomplete |
|
2011-09-10 19:09:14 |
Brad Figg |
tags |
|
natty |
|
2011-09-10 19:14:33 |
Alex Bligh |
tags |
natty |
apport-collected natty oneiric |
|
2011-09-10 19:14:34 |
Alex Bligh |
description |
On linux-image-2.6.38-11-generic and linux-image-3.0.0-10-server, destroying a container causes a kernel OOPS and hang. This is totally repeatable.
Procedure to repeat:
Use the attached perl program.
The perl program:
a) sets up a veth device
b) forks
c) does clone(NS_NEWNET) on the child
d) moves one end of the veth device into the child's network namespace
e) pings between the parent and the child and runs conntrack -L
f) kills the child after a while.
[NB: this section used to mention lxc - this is a red herring caused by some surprising semantics of lxc, and in fact is nothing to do with the bug]
The oops is in general not possible to catch save via the console as the reboot/hang is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a marginally different way, but has the same call stack.
Bug information as required
1. System information.
lsb_release -rd gives:
Description: Ubuntu 11.04
Release: 11.04
or on another machine showing the same issue
$ lsb_release -rd
Description: Ubuntu oneiric (development branch)
Release: 11.10
2. apt-cache policy linux-image-2.6.38-11-generic
linux-image-2.6.38-11-generic:
Installed: 2.6.38-11.49
Candidate: 2.6.38-11.49
Version table:
*** 2.6.38-11.49 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages
100 /var/lib/dpkg/status
2.6.38-11.48 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages
or on the second machine:
$ apt-cache policy linux-image-3.0.0-10-server
linux-image-3.0.0-10-server:
Installed: 3.0.0-10.16
Candidate: 3.0.0-10.16
Version table:
*** 3.0.0-10.16 0
500 http://gb.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages
100 /var/lib/dpkg/status
3) What I expected to happen:
Test program continues to run, showing ICMP traffic moving periodically
4) What actually happened:
Kernel hang within 10-20 seconds, Oops on console, data lost
5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root. |
On linux-image-2.6.38-11-generic and linux-image-3.0.0-10-server, destroying a container causes a kernel OOPS and hang. This is totally repeatable.
Procedure to repeat:
Use the attached perl program.
The perl program:
a) sets up a veth device
b) forks
c) does clone(NS_NEWNET) on the child
d) moves one end of the veth device into the child's network namespace
e) pings between the parent and the child and runs conntrack -L
f) kills the child after a while.
[NB: this section used to mention lxc - this is a red herring caused by some surprising semantics of lxc, and in fact is nothing to do with the bug]
The oops is in general not possible to catch save via the console as the reboot/hang is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a marginally different way, but has the same call stack.
Bug information as required
1. System information.
lsb_release -rd gives:
Description: Ubuntu 11.04
Release: 11.04
or on another machine showing the same issue
$ lsb_release -rd
Description: Ubuntu oneiric (development branch)
Release: 11.10
2. apt-cache policy linux-image-2.6.38-11-generic
linux-image-2.6.38-11-generic:
Installed: 2.6.38-11.49
Candidate: 2.6.38-11.49
Version table:
*** 2.6.38-11.49 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages
100 /var/lib/dpkg/status
2.6.38-11.48 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages
or on the second machine:
$ apt-cache policy linux-image-3.0.0-10-server
linux-image-3.0.0-10-server:
Installed: 3.0.0-10.16
Candidate: 3.0.0-10.16
Version table:
*** 3.0.0-10.16 0
500 http://gb.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages
100 /var/lib/dpkg/status
3) What I expected to happen:
Test program continues to run, showing ICMP traffic moving periodically
4) What actually happened:
Kernel hang within 10-20 seconds, Oops on console, data lost
5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root.
---
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 2011-09-10 19:18 seq
crw-rw---- 1 root audio 116, 33 2011-09-10 19:18 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 1.22.1-0ubuntu2
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory
DistroRelease: Ubuntu 11.10
HibernationDevice: RESUME=UUID=49b12664-6859-4b83-b861-2354c9c23c26
InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Alpha amd64 (20110301.4)
IwConfig:
lo no wireless extensions.
eth0 no wireless extensions.
Lsusb:
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd
MachineType: Bochs Bochs
Package: linux-lts-backport-natty
PciMultimedia:
ProcEnviron:
LANG=en_GB.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.0.0-11-server root=/dev/mapper/hostname-root ro crashkernel=384M-2G:64M,2G-:128M quiet
ProcVersionSignature: Ubuntu 3.0.0-11.17-server 3.0.4
RelatedPackageVersions:
linux-restricted-modules-3.0.0-11-server N/A
linux-backports-modules-3.0.0-11-server N/A
linux-firmware 1.60
RfKill: Error: [Errno 2] No such file or directory
Tags: oneiric
Uname: Linux 3.0.0-11-server x86_64
UpgradeStatus: Upgraded to oneiric on 2011-09-10 (0 days ago)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
dmi.bios.date: 01/01/2007
dmi.bios.vendor: Bochs
dmi.bios.version: Bochs
dmi.chassis.type: 1
dmi.chassis.vendor: Bochs
dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2007:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr:
dmi.product.name: Bochs
dmi.sys.vendor: Bochs |
|
2011-09-10 19:14:36 |
Alex Bligh |
attachment added |
|
AcpiTables.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382675/+files/AcpiTables.txt |
|
2011-09-10 19:14:37 |
Alex Bligh |
attachment added |
|
BootDmesg.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382676/+files/BootDmesg.txt |
|
2011-09-10 19:14:39 |
Alex Bligh |
attachment added |
|
CurrentDmesg.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382677/+files/CurrentDmesg.txt |
|
2011-09-10 19:14:40 |
Alex Bligh |
attachment added |
|
Lspci.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382678/+files/Lspci.txt |
|
2011-09-10 19:14:41 |
Alex Bligh |
attachment added |
|
ProcCpuinfo.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382679/+files/ProcCpuinfo.txt |
|
2011-09-10 19:14:42 |
Alex Bligh |
attachment added |
|
ProcInterrupts.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382680/+files/ProcInterrupts.txt |
|
2011-09-10 19:14:44 |
Alex Bligh |
attachment added |
|
ProcModules.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382681/+files/ProcModules.txt |
|
2011-09-10 19:14:45 |
Alex Bligh |
attachment added |
|
UdevDb.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382682/+files/UdevDb.txt |
|
2011-09-10 19:14:47 |
Alex Bligh |
attachment added |
|
UdevLog.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382683/+files/UdevLog.txt |
|
2011-09-10 19:14:48 |
Alex Bligh |
attachment added |
|
WifiSyslog.txt https://bugs.launchpad.net/bugs/843892/+attachment/2382684/+files/WifiSyslog.txt |
|
2011-09-10 19:15:25 |
Alex Bligh |
linux (Ubuntu): status |
Incomplete |
Confirmed |
|
2011-09-10 20:07:42 |
Ubuntu Foundations Team Bug Bot |
tags |
apport-collected natty oneiric |
apport-collected natty oneiric patch |
|
2011-09-10 20:07:43 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
2011-09-14 15:31:13 |
Brad Figg |
linux (Ubuntu): status |
Confirmed |
Incomplete |
|
2011-09-14 15:31:16 |
Brad Figg |
tags |
apport-collected natty oneiric patch |
apport-collected kernel-request-3.0.0-11.18 natty oneiric patch |
|
2011-09-14 15:51:14 |
Alex Bligh |
linux (Ubuntu): status |
Incomplete |
Confirmed |
|
2011-09-21 16:38:18 |
Leann Ogasawara |
linux (Ubuntu): importance |
Undecided |
Medium |
|
2011-09-21 16:38:18 |
Leann Ogasawara |
linux (Ubuntu): status |
Confirmed |
In Progress |
|
2011-09-21 16:38:18 |
Leann Ogasawara |
linux (Ubuntu): assignee |
|
Leann Ogasawara (leannogasawara) |
|
2011-09-21 18:14:17 |
Leann Ogasawara |
nominated for series |
|
Ubuntu Oneiric |
|
2011-09-21 18:14:17 |
Leann Ogasawara |
bug task added |
|
linux (Ubuntu Oneiric) |
|
2011-09-21 18:14:17 |
Leann Ogasawara |
bug task added |
|
linux-lts-backport-natty (Ubuntu Oneiric) |
|
2011-09-21 19:03:16 |
Leann Ogasawara |
description |
On linux-image-2.6.38-11-generic and linux-image-3.0.0-10-server, destroying a container causes a kernel OOPS and hang. This is totally repeatable.
Procedure to repeat:
Use the attached perl program.
The perl program:
a) sets up a veth device
b) forks
c) does clone(NS_NEWNET) on the child
d) moves one end of the veth device into the child's network namespace
e) pings between the parent and the child and runs conntrack -L
f) kills the child after a while.
[NB: this section used to mention lxc - this is a red herring caused by some surprising semantics of lxc, and in fact is nothing to do with the bug]
The oops is in general not possible to catch save via the console as the reboot/hang is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a marginally different way, but has the same call stack.
Bug information as required
1. System information.
lsb_release -rd gives:
Description: Ubuntu 11.04
Release: 11.04
or on another machine showing the same issue
$ lsb_release -rd
Description: Ubuntu oneiric (development branch)
Release: 11.10
2. apt-cache policy linux-image-2.6.38-11-generic
linux-image-2.6.38-11-generic:
Installed: 2.6.38-11.49
Candidate: 2.6.38-11.49
Version table:
*** 2.6.38-11.49 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages
100 /var/lib/dpkg/status
2.6.38-11.48 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages
or on the second machine:
$ apt-cache policy linux-image-3.0.0-10-server
linux-image-3.0.0-10-server:
Installed: 3.0.0-10.16
Candidate: 3.0.0-10.16
Version table:
*** 3.0.0-10.16 0
500 http://gb.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages
100 /var/lib/dpkg/status
3) What I expected to happen:
Test program continues to run, showing ICMP traffic moving periodically
4) What actually happened:
Kernel hang within 10-20 seconds, Oops on console, data lost
5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root.
---
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 2011-09-10 19:18 seq
crw-rw---- 1 root audio 116, 33 2011-09-10 19:18 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 1.22.1-0ubuntu2
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory
DistroRelease: Ubuntu 11.10
HibernationDevice: RESUME=UUID=49b12664-6859-4b83-b861-2354c9c23c26
InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Alpha amd64 (20110301.4)
IwConfig:
lo no wireless extensions.
eth0 no wireless extensions.
Lsusb:
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd
MachineType: Bochs Bochs
Package: linux-lts-backport-natty
PciMultimedia:
ProcEnviron:
LANG=en_GB.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.0.0-11-server root=/dev/mapper/hostname-root ro crashkernel=384M-2G:64M,2G-:128M quiet
ProcVersionSignature: Ubuntu 3.0.0-11.17-server 3.0.4
RelatedPackageVersions:
linux-restricted-modules-3.0.0-11-server N/A
linux-backports-modules-3.0.0-11-server N/A
linux-firmware 1.60
RfKill: Error: [Errno 2] No such file or directory
Tags: oneiric
Uname: Linux 3.0.0-11-server x86_64
UpgradeStatus: Upgraded to oneiric on 2011-09-10 (0 days ago)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
dmi.bios.date: 01/01/2007
dmi.bios.vendor: Bochs
dmi.bios.version: Bochs
dmi.chassis.type: 1
dmi.chassis.vendor: Bochs
dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2007:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr:
dmi.product.name: Bochs
dmi.sys.vendor: Bochs |
== SRU Justification ==
== Impact ==
It's been reported that on destroying a container causes a kernel Oops and will hang the system. Issue is reproducible.
== Test Case ==
See reproducer below as described by user.
== Fix ==
http://marc.info/?l=linux-mm-commits&m=131603308900694&w=2
-----
On linux-image-2.6.38-11-generic and linux-image-3.0.0-10-server, destroying a container causes a kernel OOPS and hang. This is totally repeatable.
Procedure to repeat:
Use the attached perl program.
The perl program:
a) sets up a veth device
b) forks
c) does clone(NS_NEWNET) on the child
d) moves one end of the veth device into the child's network namespace
e) pings between the parent and the child and runs conntrack -L
f) kills the child after a while.
[NB: this section used to mention lxc - this is a red herring caused by some surprising semantics of lxc, and in fact is nothing to do with the bug]
The oops is in general not possible to catch save via the console as the reboot/hang is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a marginally different way, but has the same call stack.
Bug information as required
1. System information.
lsb_release -rd gives:
Description: Ubuntu 11.04
Release: 11.04
or on another machine showing the same issue
$ lsb_release -rd
Description: Ubuntu oneiric (development branch)
Release: 11.10
2. apt-cache policy linux-image-2.6.38-11-generic
linux-image-2.6.38-11-generic:
Installed: 2.6.38-11.49
Candidate: 2.6.38-11.49
Version table:
*** 2.6.38-11.49 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages
100 /var/lib/dpkg/status
2.6.38-11.48 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages
or on the second machine:
$ apt-cache policy linux-image-3.0.0-10-server
linux-image-3.0.0-10-server:
Installed: 3.0.0-10.16
Candidate: 3.0.0-10.16
Version table:
*** 3.0.0-10.16 0
500 http://gb.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages
100 /var/lib/dpkg/status
3) What I expected to happen:
Test program continues to run, showing ICMP traffic moving periodically
4) What actually happened:
Kernel hang within 10-20 seconds, Oops on console, data lost
5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root.
---
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 2011-09-10 19:18 seq
crw-rw---- 1 root audio 116, 33 2011-09-10 19:18 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 1.22.1-0ubuntu2
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory
DistroRelease: Ubuntu 11.10
HibernationDevice: RESUME=UUID=49b12664-6859-4b83-b861-2354c9c23c26
InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Alpha amd64 (20110301.4)
IwConfig:
lo no wireless extensions.
eth0 no wireless extensions.
Lsusb:
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd
MachineType: Bochs Bochs
Package: linux-lts-backport-natty
PciMultimedia:
ProcEnviron:
LANG=en_GB.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.0.0-11-server root=/dev/mapper/hostname-root ro crashkernel=384M-2G:64M,2G-:128M quiet
ProcVersionSignature: Ubuntu 3.0.0-11.17-server 3.0.4
RelatedPackageVersions:
linux-restricted-modules-3.0.0-11-server N/A
linux-backports-modules-3.0.0-11-server N/A
linux-firmware 1.60
RfKill: Error: [Errno 2] No such file or directory
Tags: oneiric
Uname: Linux 3.0.0-11-server x86_64
UpgradeStatus: Upgraded to oneiric on 2011-09-10 (0 days ago)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
dmi.bios.date: 01/01/2007
dmi.bios.vendor: Bochs
dmi.bios.version: Bochs
dmi.chassis.type: 1
dmi.chassis.vendor: Bochs
dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2007:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr:
dmi.product.name: Bochs
dmi.sys.vendor: Bochs |
|
2011-09-21 19:07:31 |
Leann Ogasawara |
nominated for series |
|
Ubuntu Natty |
|
2011-09-21 19:07:31 |
Leann Ogasawara |
bug task added |
|
linux (Ubuntu Natty) |
|
2011-09-21 19:07:31 |
Leann Ogasawara |
bug task added |
|
linux-lts-backport-natty (Ubuntu Natty) |
|
2011-09-21 19:25:51 |
Leann Ogasawara |
description |
== SRU Justification ==
== Impact ==
It's been reported that on destroying a container causes a kernel Oops and will hang the system. Issue is reproducible.
== Test Case ==
See reproducer below as described by user.
== Fix ==
http://marc.info/?l=linux-mm-commits&m=131603308900694&w=2
-----
On linux-image-2.6.38-11-generic and linux-image-3.0.0-10-server, destroying a container causes a kernel OOPS and hang. This is totally repeatable.
Procedure to repeat:
Use the attached perl program.
The perl program:
a) sets up a veth device
b) forks
c) does clone(NS_NEWNET) on the child
d) moves one end of the veth device into the child's network namespace
e) pings between the parent and the child and runs conntrack -L
f) kills the child after a while.
[NB: this section used to mention lxc - this is a red herring caused by some surprising semantics of lxc, and in fact is nothing to do with the bug]
The oops is in general not possible to catch save via the console as the reboot/hang is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a marginally different way, but has the same call stack.
Bug information as required
1. System information.
lsb_release -rd gives:
Description: Ubuntu 11.04
Release: 11.04
or on another machine showing the same issue
$ lsb_release -rd
Description: Ubuntu oneiric (development branch)
Release: 11.10
2. apt-cache policy linux-image-2.6.38-11-generic
linux-image-2.6.38-11-generic:
Installed: 2.6.38-11.49
Candidate: 2.6.38-11.49
Version table:
*** 2.6.38-11.49 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages
100 /var/lib/dpkg/status
2.6.38-11.48 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages
or on the second machine:
$ apt-cache policy linux-image-3.0.0-10-server
linux-image-3.0.0-10-server:
Installed: 3.0.0-10.16
Candidate: 3.0.0-10.16
Version table:
*** 3.0.0-10.16 0
500 http://gb.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages
100 /var/lib/dpkg/status
3) What I expected to happen:
Test program continues to run, showing ICMP traffic moving periodically
4) What actually happened:
Kernel hang within 10-20 seconds, Oops on console, data lost
5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root.
---
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 2011-09-10 19:18 seq
crw-rw---- 1 root audio 116, 33 2011-09-10 19:18 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 1.22.1-0ubuntu2
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory
DistroRelease: Ubuntu 11.10
HibernationDevice: RESUME=UUID=49b12664-6859-4b83-b861-2354c9c23c26
InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Alpha amd64 (20110301.4)
IwConfig:
lo no wireless extensions.
eth0 no wireless extensions.
Lsusb:
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd
MachineType: Bochs Bochs
Package: linux-lts-backport-natty
PciMultimedia:
ProcEnviron:
LANG=en_GB.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.0.0-11-server root=/dev/mapper/hostname-root ro crashkernel=384M-2G:64M,2G-:128M quiet
ProcVersionSignature: Ubuntu 3.0.0-11.17-server 3.0.4
RelatedPackageVersions:
linux-restricted-modules-3.0.0-11-server N/A
linux-backports-modules-3.0.0-11-server N/A
linux-firmware 1.60
RfKill: Error: [Errno 2] No such file or directory
Tags: oneiric
Uname: Linux 3.0.0-11-server x86_64
UpgradeStatus: Upgraded to oneiric on 2011-09-10 (0 days ago)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
dmi.bios.date: 01/01/2007
dmi.bios.vendor: Bochs
dmi.bios.version: Bochs
dmi.chassis.type: 1
dmi.chassis.vendor: Bochs
dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2007:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr:
dmi.product.name: Bochs
dmi.sys.vendor: Bochs |
== SRU Justification ==
Destroying a container causes a kernel Oops and will hang the system. The issue is reproducible. The user has successfully tested the patch against Oneiric and can confirm the Oops no longer occurs when using a patched Oneiric kernel. The patch has been submitted upstream (CC'd upstream stable) and is currently queued in the -mm tree. It also appears it will hit the 3.2 merge window. Please consider for SRU against Oneiric and Natty.
== Impact ==
The commit message of the patch notes that this will likely affect 2.6.26 and newer kernels, ie affects Lucid, Maverick, Natty, Oneiric. However, due to the nature of our SRU process, the bug reporter is likely only able to readily test Natty and Oneiric. Thus I'm only submitting this for SRU against Oneiric and Natty.
== Test Case ==
See reproducer in comment #6
== Fix ==
http://marc.info/?l=linux-mm-commits&m=131603308900694&w=2
-----
On linux-image-2.6.38-11-generic and linux-image-3.0.0-10-server, destroying a container causes a kernel OOPS and hang. This is totally repeatable.
Procedure to repeat:
Use the attached perl program.
The perl program:
a) sets up a veth device
b) forks
c) does clone(NS_NEWNET) on the child
d) moves one end of the veth device into the child's network namespace
e) pings between the parent and the child and runs conntrack -L
f) kills the child after a while.
[NB: this section used to mention lxc - this is a red herring caused by some surprising semantics of lxc, and in fact is nothing to do with the bug]
The oops is in general not possible to catch save via the console as the reboot/hang is immediate. However, I have attached an Oops from a marginally different kernel (2.6.38-10-server on Lucid) which is created in a marginally different way, but has the same call stack.
Bug information as required
1. System information.
lsb_release -rd gives:
Description: Ubuntu 11.04
Release: 11.04
or on another machine showing the same issue
$ lsb_release -rd
Description: Ubuntu oneiric (development branch)
Release: 11.10
2. apt-cache policy linux-image-2.6.38-11-generic
linux-image-2.6.38-11-generic:
Installed: 2.6.38-11.49
Candidate: 2.6.38-11.49
Version table:
*** 2.6.38-11.49 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-proposed/main amd64 Packages
100 /var/lib/dpkg/status
2.6.38-11.48 0
500 http://gb.archive.ubuntu.com/ubuntu/ natty-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu/ natty-security/main amd64 Packages
or on the second machine:
$ apt-cache policy linux-image-3.0.0-10-server
linux-image-3.0.0-10-server:
Installed: 3.0.0-10.16
Candidate: 3.0.0-10.16
Version table:
*** 3.0.0-10.16 0
500 http://gb.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages
100 /var/lib/dpkg/status
3) What I expected to happen:
Test program continues to run, showing ICMP traffic moving periodically
4) What actually happened:
Kernel hang within 10-20 seconds, Oops on console, data lost
5) We currently do not believe this to be a security vulnerability as containers cannot be created as non-root.
---
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 2011-09-10 19:18 seq
crw-rw---- 1 root audio 116, 33 2011-09-10 19:18 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 1.22.1-0ubuntu2
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory
DistroRelease: Ubuntu 11.10
HibernationDevice: RESUME=UUID=49b12664-6859-4b83-b861-2354c9c23c26
InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Alpha amd64 (20110301.4)
IwConfig:
lo no wireless extensions.
eth0 no wireless extensions.
Lsusb:
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 002: ID 0627:0001 Adomax Technology Co., Ltd
MachineType: Bochs Bochs
Package: linux-lts-backport-natty
PciMultimedia:
ProcEnviron:
LANG=en_GB.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.0.0-11-server root=/dev/mapper/hostname-root ro crashkernel=384M-2G:64M,2G-:128M quiet
ProcVersionSignature: Ubuntu 3.0.0-11.17-server 3.0.4
RelatedPackageVersions:
linux-restricted-modules-3.0.0-11-server N/A
linux-backports-modules-3.0.0-11-server N/A
linux-firmware 1.60
RfKill: Error: [Errno 2] No such file or directory
Tags: oneiric
Uname: Linux 3.0.0-11-server x86_64
UpgradeStatus: Upgraded to oneiric on 2011-09-10 (0 days ago)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
dmi.bios.date: 01/01/2007
dmi.bios.vendor: Bochs
dmi.bios.version: Bochs
dmi.chassis.type: 1
dmi.chassis.vendor: Bochs
dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2007:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr:
dmi.product.name: Bochs
dmi.sys.vendor: Bochs |
|
2011-09-21 19:26:04 |
Leann Ogasawara |
linux (Ubuntu Natty): importance |
Undecided |
Medium |
|
2011-09-21 19:26:04 |
Leann Ogasawara |
linux (Ubuntu Natty): status |
New |
In Progress |
|
2011-09-21 19:26:04 |
Leann Ogasawara |
linux (Ubuntu Natty): assignee |
|
Leann Ogasawara (leannogasawara) |
|
2011-09-22 13:45:23 |
Leann Ogasawara |
linux (Ubuntu Natty): status |
In Progress |
Fix Committed |
|
2011-09-22 13:45:31 |
Leann Ogasawara |
linux (Ubuntu Oneiric): status |
In Progress |
Fix Committed |
|
2011-09-23 21:14:02 |
Launchpad Janitor |
linux (Ubuntu Oneiric): status |
Fix Committed |
Fix Released |
|
2011-10-04 06:24:03 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-proposed/linux-lts-backport-natty |
|
2011-10-04 14:07:49 |
Herton R. Krzesinski |
tags |
apport-collected kernel-request-3.0.0-11.18 natty oneiric patch |
apport-collected kernel-request-3.0.0-11.18 natty oneiric patch verification-needed-natty |
|
2011-10-07 06:48:07 |
Launchpad Janitor |
linux-lts-backport-natty (Ubuntu): status |
New |
Confirmed |
|
2011-10-07 06:48:07 |
Launchpad Janitor |
linux-lts-backport-natty (Ubuntu Natty): status |
New |
Confirmed |
|
2011-10-09 14:40:19 |
Alex Bligh |
tags |
apport-collected kernel-request-3.0.0-11.18 natty oneiric patch verification-needed-natty |
apport-collected kernel-request-3.0.0-11.18 natty oneiric patch verification-done-natty |
|
2011-10-17 14:01:12 |
Chaskiel Grundman |
bug |
|
|
added subscriber Chaskiel Grundman |
2011-10-19 21:18:52 |
Chaskiel Grundman |
attachment added |
|
testns-2.6.38-12.51.log https://bugs.launchpad.net/ubuntu/+source/linux-lts-backport-natty/+bug/843892/+attachment/2561717/+files/testns-2.6.38-12.51.log |
|
2011-10-25 05:26:37 |
Launchpad Janitor |
linux (Ubuntu Natty): status |
Fix Committed |
Fix Released |
|
2011-10-25 05:26:37 |
Launchpad Janitor |
cve linked |
|
2011-2213 |
|
2011-10-25 05:26:37 |
Launchpad Janitor |
cve linked |
|
2011-2497 |
|
2011-10-25 05:26:37 |
Launchpad Janitor |
cve linked |
|
2011-2695 |
|
2011-10-25 05:26:37 |
Launchpad Janitor |
cve linked |
|
2011-2700 |
|
2011-10-25 05:26:37 |
Launchpad Janitor |
cve linked |
|
2011-2723 |
|
2011-10-25 05:26:37 |
Launchpad Janitor |
cve linked |
|
2011-2928 |
|
2011-10-25 05:26:37 |
Launchpad Janitor |
cve linked |
|
2011-3188 |
|
2011-10-25 05:26:37 |
Launchpad Janitor |
cve linked |
|
2011-3191 |
|
2011-10-25 05:29:42 |
Launchpad Janitor |
linux-lts-backport-natty (Ubuntu): status |
Confirmed |
Fix Released |
|
2011-12-01 18:42:55 |
Brad Figg |
linux-lts-backport-natty (Ubuntu Natty): status |
Confirmed |
Fix Released |
|
2011-12-01 18:42:58 |
Brad Figg |
linux-lts-backport-natty (Ubuntu Oneiric): status |
Confirmed |
Fix Released |
|
2011-12-08 00:29:52 |
Joseph Heck |
bug |
|
|
added subscriber Joseph Heck |
2013-01-15 23:35:01 |
tapczan |
bug |
|
|
added subscriber tapczan |