[Kernel-packages] [Bug 1216444] Re: Vhost-net made unstable by linux_3.8.0-28.41
*** This bug is a duplicate of bug 1208532 *** https://bugs.launchpad.net/bugs/1208532 This appears to be a duplicate of bug 1208532 . There is a test kernel for that bug available at: http://kernel.ubuntu.com/~jsalisbury/lp1208532/509384a/ Do you have an easy way to reproduce this bug? If so, can you test the test kernel I posted? ** Changed in: linux (Ubuntu) Importance: Undecided = Medium ** This bug has been marked a duplicate of bug 1208532 put_page failures with 3.8.0-27.40 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1216444 Title: Vhost-net made unstable by linux_3.8.0-28.41 Status in “linux” package in Ubuntu: Confirmed Bug description: On multiple machines with vm's using vhost-net this bug takes out the guest network interface under load. The vm is only able to see broadcast traffic after this happens. Started happening immediately after upgrading from linux-image-3.8.0-27-generic to linux- image-3.8.0-29-generic. This changelog entry from linux_3.8.0-28.41 seems particularly relevant: * vhost-net: fix use-after-free in vhost_net_flush - LP: #1202992 - CVE-2013-4127 Also seems to be giving the fedora folks fits as well: https://bugzilla.redhat.com/show_bug.cgi?id=975065 Aug 24 20:00:55 gwbvm4 kernel: [277318.536525] BUG: unable to handle kernel NULL pointer dereference at 01ea Aug 24 20:00:55 gwbvm4 kernel: [277318.537027] IP: [8113c1a5] put_page+0x5/0x40 Aug 24 20:00:55 gwbvm4 kernel: [277318.537359] PGD 0 Aug 24 20:00:55 gwbvm4 kernel: [277318.537505] Oops: [#1] SMP Aug 24 20:00:55 gwbvm4 kernel: [277318.537716] Modules linked in: xt_recent(F) nfnetlink_log(F) nfnetlink(F) vhost_net macvtap(F) macvlan(F) brcompat(OF) openvswitch(OF) mptctl(F) mptbase(F) ipmi_devintf ipmi_si ipmi_msghandler ebtable_nat(F) ebtables(F) ipt_MASQUERADE(F) iptable_nat(F) nf_nat_ipv4(F) xt_CHECKSUM(F) iptable_mangle(F) ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp(F) libiscsi_tcp(F) libiscsi(F) scsi_transport_iscsi(F) stp(F) llc(F) ip6t_REJECT(F) xt_hl(F) ip6t_rt(F) nf_conntrack_ipv6(F) nf_defrag_ipv6(F) ipt_REJECT(F) xt_comment(F) xt_limit(F) xt_tcpudp(F) vesafb(F) xt_addrtype(F) nf_conntrack_ipv4(F) nf_defrag_ipv4(F) xt_state(F) ip6table_filter(F) ip6_tables(F) nf_conntrack_netbios_ns(F) nf_conntrack_broadcast(F) nf_nat_ftp(F) nf_nat(F) nf_conntrack_ftp(F) nf_conntrack(F) iptable_filter(F) ip_tables(F) coretemp x_tables(F) kvm_intel kvm ghash_clmulni_intel(F) aesni_intel(F) aes_x86_64(F) xts(F) lrw(F) gf128mul(F) ablk_helper(F) cryptd(F) gpio_ich lpc_ich microcode(F) serio_r Aug 24 20:00:55 gwbvm4 kernel: aw(F) i7core_edac mac_hid edac_core lp(F) parport(F) btrfs(F) zlib_deflate(F) libcrc32c(F) ahci(F) libahci(F) igb cxgb3 dca ptp hpsa mdio pps_core [last unloaded: bridge] Aug 24 20:00:55 gwbvm4 kernel: [277318.544745] CPU 0 Aug 24 20:00:55 gwbvm4 kernel: [277318.544866] Pid: 5489, comm: vhost-5488 Tainted: GF IO 3.8.0-29-generic #42-Ubuntu HP ProLiant DL160 G6 Aug 24 20:00:55 gwbvm4 kernel: [277318.545560] RIP: 0010:[8113c1a5] [8113c1a5] put_page+0x5/0x40 Aug 24 20:00:55 gwbvm4 kernel: [277318.546034] RSP: 0018:8817ccbc1c78 EFLAGS: 00010202 Aug 24 20:00:55 gwbvm4 kernel: [277318.546356] RAX: 8809728a1ac0 RBX: 0012 RCX: 8809728a1ac0 Aug 24 20:00:55 gwbvm4 kernel: [277318.569029] RDX: 0140 RSI: 8809728a1ac0 RDI: 01ea Aug 24 20:00:55 gwbvm4 kernel: [277318.592195] RBP: 8817ccbc1c90 R08: 880970704518 R09: 0010 Aug 24 20:00:55 gwbvm4 kernel: [277318.615537] R10: 0001 R11: 0007 R12: 881645ca5100 Aug 24 20:00:55 gwbvm4 kernel: [277318.639881] R13: 814dfa35 R14: 000c R15: 881645ca5100 Aug 24 20:00:55 gwbvm4 kernel: [277318.664386] FS: () GS:880c0fc0() knlGS: Aug 24 20:00:55 gwbvm4 kernel: [277318.689030] CS: 0010 DS: ES: CR0: 8005003b Aug 24 20:00:55 gwbvm4 kernel: [277318.701226] CR2: 01ea CR3: 00069ca0b000 CR4: 27e0 Aug 24 20:00:55 gwbvm4 kernel: [277318.725240] DR0: DR1: DR2: Aug 24 20:00:55 gwbvm4 kernel: [277318.749120] DR3: DR6: 0ff0 DR7: 0400 Aug 24 20:00:55 gwbvm4 kernel: [277318.773018] Process vhost-5488 (pid: 5489, threadinfo 8817ccbc, task 8817f6a8) Aug 24 20:00:55 gwbvm4 kernel: [277318.796899] Stack: Aug 24 20:00:55 gwbvm4 kernel: [277318.808406] 815bcebf 881645ca5100 881645ca5100 8817ccbc1ca8 Aug 24 20:00:55 gwbvm4 kernel: [277318.831675] 815bcf5a 8809707043d8 8817ccbc1cd0 815bd012 Aug 24 20:00:55 gwbvm4 kernel:
[Kernel-packages] [Bug 1216444] Re: Vhost-net made unstable by linux_3.8.0-28.41
apport information ** Tags added: apport-collected ** Description changed: On multiple machines with vm's using vhost-net this bug takes out the guest network interface under load. The vm is only able to see broadcast traffic after this happens. Started happening immediately after upgrading from linux-image-3.8.0-27-generic to linux- image-3.8.0-29-generic. This changelog entry from linux_3.8.0-28.41 seems particularly relevant: * vhost-net: fix use-after-free in vhost_net_flush - LP: #1202992 - CVE-2013-4127 Also seems to be giving the fedora folks fits as well: https://bugzilla.redhat.com/show_bug.cgi?id=975065 Aug 24 20:00:55 gwbvm4 kernel: [277318.536525] BUG: unable to handle kernel NULL pointer dereference at 01ea Aug 24 20:00:55 gwbvm4 kernel: [277318.537027] IP: [8113c1a5] put_page+0x5/0x40 Aug 24 20:00:55 gwbvm4 kernel: [277318.537359] PGD 0 Aug 24 20:00:55 gwbvm4 kernel: [277318.537505] Oops: [#1] SMP Aug 24 20:00:55 gwbvm4 kernel: [277318.537716] Modules linked in: xt_recent(F) nfnetlink_log(F) nfnetlink(F) vhost_net macvtap(F) macvlan(F) brcompat(OF) openvswitch(OF) mptctl(F) mptbase(F) ipmi_devintf ipmi_si ipmi_msghandler ebtable_nat(F) ebtables(F) ipt_MASQUERADE(F) iptable_nat(F) nf_nat_ipv4(F) xt_CHECKSUM(F) iptable_mangle(F) ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp(F) libiscsi_tcp(F) libiscsi(F) scsi_transport_iscsi(F) stp(F) llc(F) ip6t_REJECT(F) xt_hl(F) ip6t_rt(F) nf_conntrack_ipv6(F) nf_defrag_ipv6(F) ipt_REJECT(F) xt_comment(F) xt_limit(F) xt_tcpudp(F) vesafb(F) xt_addrtype(F) nf_conntrack_ipv4(F) nf_defrag_ipv4(F) xt_state(F) ip6table_filter(F) ip6_tables(F) nf_conntrack_netbios_ns(F) nf_conntrack_broadcast(F) nf_nat_ftp(F) nf_nat(F) nf_conntrack_ftp(F) nf_conntrack(F) iptable_filter(F) ip_tables(F) coretemp x_tables(F) kvm_intel kvm ghash_clmulni_intel(F) aesni_intel(F) aes_x86_64(F) xts(F) lrw(F) gf128mul(F) ablk_helper(F) cryptd(F) gpio_ich lpc_ich microcode(F) serio_r Aug 24 20:00:55 gwbvm4 kernel: aw(F) i7core_edac mac_hid edac_core lp(F) parport(F) btrfs(F) zlib_deflate(F) libcrc32c(F) ahci(F) libahci(F) igb cxgb3 dca ptp hpsa mdio pps_core [last unloaded: bridge] Aug 24 20:00:55 gwbvm4 kernel: [277318.544745] CPU 0 Aug 24 20:00:55 gwbvm4 kernel: [277318.544866] Pid: 5489, comm: vhost-5488 Tainted: GF IO 3.8.0-29-generic #42-Ubuntu HP ProLiant DL160 G6 Aug 24 20:00:55 gwbvm4 kernel: [277318.545560] RIP: 0010:[8113c1a5] [8113c1a5] put_page+0x5/0x40 Aug 24 20:00:55 gwbvm4 kernel: [277318.546034] RSP: 0018:8817ccbc1c78 EFLAGS: 00010202 Aug 24 20:00:55 gwbvm4 kernel: [277318.546356] RAX: 8809728a1ac0 RBX: 0012 RCX: 8809728a1ac0 Aug 24 20:00:55 gwbvm4 kernel: [277318.569029] RDX: 0140 RSI: 8809728a1ac0 RDI: 01ea Aug 24 20:00:55 gwbvm4 kernel: [277318.592195] RBP: 8817ccbc1c90 R08: 880970704518 R09: 0010 Aug 24 20:00:55 gwbvm4 kernel: [277318.615537] R10: 0001 R11: 0007 R12: 881645ca5100 Aug 24 20:00:55 gwbvm4 kernel: [277318.639881] R13: 814dfa35 R14: 000c R15: 881645ca5100 Aug 24 20:00:55 gwbvm4 kernel: [277318.664386] FS: () GS:880c0fc0() knlGS: Aug 24 20:00:55 gwbvm4 kernel: [277318.689030] CS: 0010 DS: ES: CR0: 8005003b Aug 24 20:00:55 gwbvm4 kernel: [277318.701226] CR2: 01ea CR3: 00069ca0b000 CR4: 27e0 Aug 24 20:00:55 gwbvm4 kernel: [277318.725240] DR0: DR1: DR2: Aug 24 20:00:55 gwbvm4 kernel: [277318.749120] DR3: DR6: 0ff0 DR7: 0400 Aug 24 20:00:55 gwbvm4 kernel: [277318.773018] Process vhost-5488 (pid: 5489, threadinfo 8817ccbc, task 8817f6a8) Aug 24 20:00:55 gwbvm4 kernel: [277318.796899] Stack: Aug 24 20:00:55 gwbvm4 kernel: [277318.808406] 815bcebf 881645ca5100 881645ca5100 8817ccbc1ca8 Aug 24 20:00:55 gwbvm4 kernel: [277318.831675] 815bcf5a 8809707043d8 8817ccbc1cd0 815bd012 Aug 24 20:00:55 gwbvm4 kernel: [277318.81] 8809707043d8 f4ee 880a2c048800 8817ccbc1d58 Aug 24 20:00:55 gwbvm4 kernel: [277318.879408] Call Trace: Aug 24 20:00:55 gwbvm4 kernel: [277318.891138] [815bcebf] ? skb_release_data+0x8f/0x110 Aug 24 20:00:55 gwbvm4 kernel: [277318.903096] [815bcf5a] __kfree_skb+0x1a/0xa0 Aug 24 20:00:55 gwbvm4 kernel: [277318.914622] [815bd012] kfree_skb+0x32/0x90 Aug 24 20:00:55 gwbvm4 kernel: [277318.925947] [814dfa35] tun_get_user+0x5f5/0x720 Aug 24 20:00:55 gwbvm4 kernel: [277318.937089] [814dfbb7] tun_sendmsg+0x57/0x80 Aug 24 20:00:55 gwbvm4 kernel: [277318.947987] [a0435656] handle_tx+0x266/0x580
[Kernel-packages] [Bug 1216444] Re: Vhost-net made unstable by linux_3.8.0-28.41
** Attachment added: lspci-vnvn.log https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1216444/+attachment/3786561/+files/lspci-vnvn.log -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1216444 Title: Vhost-net made unstable by linux_3.8.0-28.41 Status in “linux” package in Ubuntu: New Bug description: On multiple machines with vm's using vhost-net this bug takes out the guest network interface under load. The vm is only able to see broadcast traffic after this happens. Started happening immediately after upgrading from linux-image-3.8.0-27-generic to linux- image-3.8.0-29-generic. This changelog entry from linux_3.8.0-28.41 seems particularly relevant: * vhost-net: fix use-after-free in vhost_net_flush - LP: #1202992 - CVE-2013-4127 Also seems to be giving the fedora folks fits as well: https://bugzilla.redhat.com/show_bug.cgi?id=975065 Aug 24 20:00:55 gwbvm4 kernel: [277318.536525] BUG: unable to handle kernel NULL pointer dereference at 01ea Aug 24 20:00:55 gwbvm4 kernel: [277318.537027] IP: [8113c1a5] put_page+0x5/0x40 Aug 24 20:00:55 gwbvm4 kernel: [277318.537359] PGD 0 Aug 24 20:00:55 gwbvm4 kernel: [277318.537505] Oops: [#1] SMP Aug 24 20:00:55 gwbvm4 kernel: [277318.537716] Modules linked in: xt_recent(F) nfnetlink_log(F) nfnetlink(F) vhost_net macvtap(F) macvlan(F) brcompat(OF) openvswitch(OF) mptctl(F) mptbase(F) ipmi_devintf ipmi_si ipmi_msghandler ebtable_nat(F) ebtables(F) ipt_MASQUERADE(F) iptable_nat(F) nf_nat_ipv4(F) xt_CHECKSUM(F) iptable_mangle(F) ib_iser rdma_cm ib_addr iw_cm ib_cm ib_sa ib_mad ib_core iscsi_tcp(F) libiscsi_tcp(F) libiscsi(F) scsi_transport_iscsi(F) stp(F) llc(F) ip6t_REJECT(F) xt_hl(F) ip6t_rt(F) nf_conntrack_ipv6(F) nf_defrag_ipv6(F) ipt_REJECT(F) xt_comment(F) xt_limit(F) xt_tcpudp(F) vesafb(F) xt_addrtype(F) nf_conntrack_ipv4(F) nf_defrag_ipv4(F) xt_state(F) ip6table_filter(F) ip6_tables(F) nf_conntrack_netbios_ns(F) nf_conntrack_broadcast(F) nf_nat_ftp(F) nf_nat(F) nf_conntrack_ftp(F) nf_conntrack(F) iptable_filter(F) ip_tables(F) coretemp x_tables(F) kvm_intel kvm ghash_clmulni_intel(F) aesni_intel(F) aes_x86_64(F) xts(F) lrw(F) gf128mul(F) ablk_helper(F) cryptd(F) gpio_ich lpc_ich microcode(F) serio_r Aug 24 20:00:55 gwbvm4 kernel: aw(F) i7core_edac mac_hid edac_core lp(F) parport(F) btrfs(F) zlib_deflate(F) libcrc32c(F) ahci(F) libahci(F) igb cxgb3 dca ptp hpsa mdio pps_core [last unloaded: bridge] Aug 24 20:00:55 gwbvm4 kernel: [277318.544745] CPU 0 Aug 24 20:00:55 gwbvm4 kernel: [277318.544866] Pid: 5489, comm: vhost-5488 Tainted: GF IO 3.8.0-29-generic #42-Ubuntu HP ProLiant DL160 G6 Aug 24 20:00:55 gwbvm4 kernel: [277318.545560] RIP: 0010:[8113c1a5] [8113c1a5] put_page+0x5/0x40 Aug 24 20:00:55 gwbvm4 kernel: [277318.546034] RSP: 0018:8817ccbc1c78 EFLAGS: 00010202 Aug 24 20:00:55 gwbvm4 kernel: [277318.546356] RAX: 8809728a1ac0 RBX: 0012 RCX: 8809728a1ac0 Aug 24 20:00:55 gwbvm4 kernel: [277318.569029] RDX: 0140 RSI: 8809728a1ac0 RDI: 01ea Aug 24 20:00:55 gwbvm4 kernel: [277318.592195] RBP: 8817ccbc1c90 R08: 880970704518 R09: 0010 Aug 24 20:00:55 gwbvm4 kernel: [277318.615537] R10: 0001 R11: 0007 R12: 881645ca5100 Aug 24 20:00:55 gwbvm4 kernel: [277318.639881] R13: 814dfa35 R14: 000c R15: 881645ca5100 Aug 24 20:00:55 gwbvm4 kernel: [277318.664386] FS: () GS:880c0fc0() knlGS: Aug 24 20:00:55 gwbvm4 kernel: [277318.689030] CS: 0010 DS: ES: CR0: 8005003b Aug 24 20:00:55 gwbvm4 kernel: [277318.701226] CR2: 01ea CR3: 00069ca0b000 CR4: 27e0 Aug 24 20:00:55 gwbvm4 kernel: [277318.725240] DR0: DR1: DR2: Aug 24 20:00:55 gwbvm4 kernel: [277318.749120] DR3: DR6: 0ff0 DR7: 0400 Aug 24 20:00:55 gwbvm4 kernel: [277318.773018] Process vhost-5488 (pid: 5489, threadinfo 8817ccbc, task 8817f6a8) Aug 24 20:00:55 gwbvm4 kernel: [277318.796899] Stack: Aug 24 20:00:55 gwbvm4 kernel: [277318.808406] 815bcebf 881645ca5100 881645ca5100 8817ccbc1ca8 Aug 24 20:00:55 gwbvm4 kernel: [277318.831675] 815bcf5a 8809707043d8 8817ccbc1cd0 815bd012 Aug 24 20:00:55 gwbvm4 kernel: [277318.81] 8809707043d8 f4ee 880a2c048800 8817ccbc1d58 Aug 24 20:00:55 gwbvm4 kernel: [277318.879408] Call Trace: Aug 24 20:00:55 gwbvm4 kernel: [277318.891138] [815bcebf] ? skb_release_data+0x8f/0x110 Aug 24 20:00:55 gwbvm4 kernel: [277318.903096] [815bcf5a] __kfree_skb+0x1a/0xa0 Aug 24 20:00:55 gwbvm4