Kernel panic on 3.8.0-29 when using ipvs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
High
|
Luis Henriques | ||
Raring |
Fix Released
|
Undecided
|
Luis Henriques | ||
Saucy |
Fix Released
|
High
|
Luis Henriques |
Bug Description
SRU Justification:
Impact:
A NULL pointer dereferrence will occur when a user adds an IPVS service. This occurs since kernel 3.8.0-28.41 (Raring), after commit:
dc7b3eb ipvs: Fix reuse connection if real server is dead
The NULL pointer occurs when accessing the ipvs variable in line 1658:
1658 if (unlikely(
1659 unlikely(
1660 is_new_conn(skb, &iph)) {
1661 ip_vs_conn_
1662 __ip_vs_
1663 cp = NULL;
1664 }
Mainline kernel has this variable initialised earlier, with commit:
0c12582 ipvs: add backup_only flag to avoid loops
Fix:
Apply commit 0c12582 "ipvs: add backup_only flag to avoid loops" fix the problem. Bug reporter has claimed success with a test kernel that contains this commit.
Testcase:
Simply running the command:
sudo ipvsadm -A -u 10.0.50.4:53
Will trigger the bug.
---
In kernel 3.8.0-29 and higher (I've tested 3.8.0-30 and 3.8.0-31), the kernel panics when adding IPVS service. Specifically, when I execute the following command:
sudo ipvsadm -A -u 10.0.50.4:53
The kernel immediately panics. I've reverted the kernel to 3.8.0-27, and IPVS executes without a problem.
The panic is completely reproducable, using a clean install, no extra packages installed, all packages upgraded.
I've attached the apport report of the system running 3.8.0-29.
Best,
Luc van Donkersgoed
---
AlsaDevices:
total 0
crw-rw---T 1 root audio 116, 1 Oct 11 10:04 seq
crw-rw---T 1 root audio 116, 33 Oct 11 10:04 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.9.2-0ubuntu8.3
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory
DistroRelease: Ubuntu 13.04
HibernationDevice: RESUME=
InstallationDate: Installed on 2012-12-03 (311 days ago)
InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
IwConfig:
eth0 no wireless extensions.
lo no wireless extensions.
Lsusb: Error: command ['lsusb'] failed with exit code 1: unable to initialize libusb: -99
MachineType: VMware, Inc. VMware Virtual Platform
MarkForUpload: True
Package: linux (not installed)
PciMultimedia:
ProcFB:
ProcKernelCmdLine: BOOT_IMAGE=
ProcVersionSign
RelatedPackageV
linux-
linux-
linux-firmware 1.106
RfKill: Error: [Errno 2] No such file or directory
Tags: raring
Uname: Linux 3.8.0-31-generic x86_64
UpgradeStatus: Upgraded to raring on 2013-10-10 (0 days ago)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
dmi.bios.date: 06/22/2012
dmi.bios.vendor: Phoenix Technologies LTD
dmi.bios.version: 6.00
dmi.board.name: 440BX Desktop Reference Platform
dmi.board.vendor: Intel Corporation
dmi.board.version: None
dmi.chassis.
dmi.chassis.type: 1
dmi.chassis.vendor: No Enclosure
dmi.chassis.
dmi.modalias: dmi:bvnPhoenixT
dmi.product.name: VMware Virtual Platform
dmi.product.
dmi.sys.vendor: VMware, Inc.
Changed in linux (Ubuntu): | |
importance: | Undecided → High |
tags: | added: regression-update |
Changed in linux (Ubuntu): | |
assignee: | nobody → Luis Henriques (henrix) |
description: | updated |
Changed in linux (Ubuntu Raring): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu Saucy): | |
status: | Confirmed → Fix Released |
Changed in linux (Ubuntu Raring): | |
assignee: | nobody → Luis Henriques (henrix) |
tags: |
added: verification-done-raring removed: verification-needed-raring |
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 1238494
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.