[Bug 1703401] Re: NULL pointer dereference triggered by openvswitch autopkg testcase

[Po-Hsu Lin]

** Changed in: linux (Ubuntu)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1703401

Title:
  NULL pointer dereference triggered by openvswitch autopkg testcase

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1703401/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1703401] Re: NULL pointer dereference triggered by openvswitch autopkg testcase

[Launchpad Bug Tracker]

This bug was fixed in the package linux - 3.13.0-125.174

---
linux (3.13.0-125.174) trusty; urgency=low

  * linux: 3.13.0-125.174 -proposed tracker (LP: #1703396)

  * NULL pointer dereference triggered by openvswitch autopkg testcase
(LP: #1703401)
- Revert "rtnl/do_setlink(): notify when a netdev is modified"
- Revert "rtnl/do_setlink(): last arg is now a set of flags"
- Revert "rtnl/do_setlink(): set modified when IFLA_LINKMODE is updated"
- Revert "rtnl/do_setlink(): set modified when IFLA_TXQLEN is updated"
- Revert "rtnetlink: provide api for getting and setting slave info"

linux (3.13.0-124.173) trusty; urgency=low

  * linux: 3.13.0-124.173 -proposed tracker (LP: #1701042)

  * CVE-2017-7895
- nfsd: Remove assignments inside conditions
- svcrdma: Do not add XDR padding to xdr_buf page vector
- nfsd4: minor NFSv2/v3 write decoding cleanup
- nfsd: stricter decoding of write-like NFSv2/v3 ops

  * CVE-2017-9605
- drm/vmwgfx: Make sure backup_handle is always valid

  * CVE-2017-1000380
- ALSA: timer: Fix race between read and ioctl
- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT

  * linux <3.18: netlink notification is missing when an interface is modified
(LP: #1690094)
- rtnetlink: provide api for getting and setting slave info
- rtnl/do_setlink(): set modified when IFLA_TXQLEN is updated
- rtnl/do_setlink(): set modified when IFLA_LINKMODE is updated
- rtnl/do_setlink(): last arg is now a set of flags
- rtnl/do_setlink(): notify when a netdev is modified

  * CVE-2015-8944
- Make file credentials available to the seqfile interfaces
- /proc/iomem: only expose physical resource addresses to privileged users

  * CVE-2016-10088
- sg_write()/bsg_write() is not fit to be called under KERNEL_DS

  * CVE-2017-7346
- drm/vmwgfx: limit the number of mip levels in 
vmw_gb_surface_define_ioctl()

  * CVE-2015-8966
- arm: fix handling of F_OFD_... in oabi_fcntl64()

  * Missing IOTLB flush causes DMAR errors with SR-IOV (LP: #1697053)
- iommu/vt-d: Fix missing IOTLB flush in intel_iommu_unmap()

  * CVE-2017-8924
- USB: serial: io_ti: fix information leak in completion handler

  * CVE-2017-8925
- USB: serial: omninet: fix reference leaks at open

  * CVE-2015-8967
- arm64: make sys_call_table const

  * CVE-2015-8964
- tty: Prevent ldisc drivers from re-using stale tty fields

  * CVE-2015-8955
- arm64: perf: reject groups spanning multiple HW PMUs

  * CVE-2015-8962
- sg: Fix double-free when drives detach during SG_IO

  * CVE-2015-8963
- perf: Fix race in swevent hash

  * CVE-2017-9074
- ipv6: Check ip6_find_1stfragopt() return value properly.

  * CVE-2014-9900
- net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()

 -- Thadeu Lima de Souza Cascardo   Mon, 10 Jul
2017 13:02:31 -0300

** Changed in: linux (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9900

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8944

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8955

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8962

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8963

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8964

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8966

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8967

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-10088

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-1000380

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7346

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7895

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8924

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8925

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9074

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9605

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1703401

Title:
  NULL pointer dereference triggered by openvswitch autopkg testcase

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1703401/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1703401] Re: NULL pointer dereference triggered by openvswitch autopkg testcase

[Joseph Salisbury]

** Also affects: linux (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Trusty)
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1703401

Title:
  NULL pointer dereference triggered by openvswitch autopkg testcase

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1703401/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1703401] Re: NULL pointer dereference triggered by openvswitch autopkg testcase

[Kleber Sacilotto de Souza]

** Description changed:

  Trusty kernel 3.13.0-124.173, current on -proposed, has a regression
- introduced by the patches for bug#1690094.
+ introduced by the patches for bug #1690094.
  
  This is causing the openvswitch autopkgtest testcase to hang:
  
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-trusty/trusty/amd64/o/openvswitch/20170710_093748_a5f0a@/log.gz
  
  because of the following kernel bug:
  
  ==
  [   16.371056] random: nonblocking pool is initialized
  [   22.187846] gre: GRE over IPv4 demultiplexor driver
  [   22.190604] openvswitch: Open vSwitch switching datapath
  [   27.919352] gre: GRE over IPv4 demultiplexor driver
  [   27.920959] openvswitch: Open vSwitch switching datapath
  [   28.230062] IPv6: ADDRCONF(NETDEV_UP): s1-eth1: link is not ready
  [   28.255859] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth1: link becomes ready
  [   28.294253] IPv6: ADDRCONF(NETDEV_UP): s1-eth2: link is not ready
  [   28.310647] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth2: link becomes ready
  [   28.341512] IPv6: ADDRCONF(NETDEV_UP): s1-eth3: link is not ready
  [   28.358174] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth3: link becomes ready
  [   28.386774] IPv6: ADDRCONF(NETDEV_UP): s1-eth4: link is not ready
  [   28.402249] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth4: link becomes ready
  [   28.431979] IPv6: ADDRCONF(NETDEV_UP): s1-eth5: link is not ready
  [   28.446848] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth5: link becomes ready
  [   28.482404] IPv6: ADDRCONF(NETDEV_UP): s1-eth6: link is not ready
  [   28.498450] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth6: link becomes ready
  [   28.530356] IPv6: ADDRCONF(NETDEV_UP): s1-eth7: link is not ready
  [   28.546206] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth7: link becomes ready
  [   28.578384] IPv6: ADDRCONF(NETDEV_UP): s2-eth1: link is not ready
  [   28.594164] IPv6: ADDRCONF(NETDEV_CHANGE): s2-eth1: link becomes ready
  [   28.623885] IPv6: ADDRCONF(NETDEV_UP): s2-eth2: link is not ready
  [   28.642570] IPv6: ADDRCONF(NETDEV_CHANGE): s2-eth2: link becomes ready
  [   28.669156] IPv6: ADDRCONF(NETDEV_UP): s2-eth3: link is not ready
  [   28.683255] IPv6: ADDRCONF(NETDEV_CHANGE): s2-eth3: link becomes ready
  [   28.716490] IPv6: ADDRCONF(NETDEV_UP): s2-eth4: link is not ready
  [   28.734239] IPv6: ADDRCONF(NETDEV_CHANGE): s2-eth4: link becomes ready
  [   28.763779] IPv6: ADDRCONF(NETDEV_UP): s2-eth5: link is not ready
  [   28.782221] IPv6: ADDRCONF(NETDEV_CHANGE): s2-eth5: link becomes ready
  [   28.810559] IPv6: ADDRCONF(NETDEV_UP): s2-eth6: link is not ready
  [   28.826181] IPv6: ADDRCONF(NETDEV_CHANGE): s2-eth6: link becomes ready
  [   28.856232] IPv6: ADDRCONF(NETDEV_UP): s2-eth7: link is not ready
  [   28.875082] IPv6: ADDRCONF(NETDEV_CHANGE): s2-eth7: link becomes ready
  [   28.901120] IPv6: ADDRCONF(NETDEV_UP): s1-eth8: link is not ready
  [   28.909372] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth8: link becomes ready
  [   28.986164] device ovs-system entered promiscuous mode
  [   29.001788] device s1 entered promiscuous mode
  [   29.021015] BUG: unable to handle kernel NULL pointer dereference at 
00a8
  [   29.021600] IP: [] if_nlmsg_size+0xfb/0x240
- [   29.021990] PGD 3bfec067 PUD 36c7e067 PMD 0 
- [   29.022303] Oops:  [#1] SMP 
+ [   29.021990] PGD 3bfec067 PUD 36c7e067 PMD 0
+ [   29.022303] Oops:  [#1] SMP
  [   29.022540] Modules linked in: veth openvswitch gre vxlan ip_tunnel 
libcrc32c 9p ppdev kvm_intel kvm 9pnet_virtio serio_raw 9pnet parport_pc 
parport i2c_piix4 mac_hid psmouse floppy pata_acpi [last unloaded:]
  [   29.023992] CPU: 0 PID: 2255 Comm: ovs-vswitchd Not tainted 
3.13.0-124-generic #173-Ubuntu
  [   29.024012] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1ubuntu1 04/01/2014
  [   29.024012] task: 88003d5f1800 ti: 880036c7c000 task.ti: 
880036c7c000
  [   29.024012] RIP: 0010:[]  [] 
if_nlmsg_size+0xfb/0x240
  [   29.024012] RSP: 0018:880036c7d850  EFLAGS: 00010286
  [   29.024012] RAX: 88003bb41000 RBX: 88003ac9b000 RCX: 
00d0
  [   29.024012] RDX:  RSI:  RDI: 
88003ac9b000
  [   29.024012] RBP: 880036c7d888 R08:  R09: 

  [   29.024012] R10: 44ed R11: 006d65747379732d R12: 
0344
  [   29.024012] R13:  R14: a011c000 R15: 
0014
  [   29.024012] FS:  7f2a595e3980() GS:88003fc0() 
knlGS:
  [   29.024012] CS:  0010 DS:  ES:  CR0: 80050033
  [   29.024012] CR2: 00a8 CR3: 3d5ff000 CR4: 
06f0
  [   29.024012] Stack:
  [   29.024012]  88003bb41000  00d0 
0010
  [   29.024012]  81cdaf00  88003ac9b000 
880036c7d8d8
  [   29.024012]  81642f82 

[Bug 1703401] Re: NULL pointer dereference triggered by openvswitch autopkg testcase

[Thadeu Lima de Souza Cascardo]

** Changed in: linux (Ubuntu)
   Status: Incomplete => In Progress

** Changed in: linux (Ubuntu)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1703401

Title:
  NULL pointer dereference triggered by openvswitch autopkg testcase

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1703401/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1703401] Re: NULL pointer dereference triggered by openvswitch autopkg testcase

[Kleber Sacilotto de Souza]

apport information

** Tags added: apport-collected

** Description changed:

  Trusty kernel 3.13.0-124.173, current on -proposed, has a regression
  introduced by the patches for bug#1690094.
  
  This is causing the openvswitch autopkgtest testcase to hang:
  
https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-trusty/trusty/amd64/o/openvswitch/20170710_093748_a5f0a@/log.gz
  
  because of the following kernel bug:
  
  ==
  [   16.371056] random: nonblocking pool is initialized
  [   22.187846] gre: GRE over IPv4 demultiplexor driver
  [   22.190604] openvswitch: Open vSwitch switching datapath
  [   27.919352] gre: GRE over IPv4 demultiplexor driver
  [   27.920959] openvswitch: Open vSwitch switching datapath
  [   28.230062] IPv6: ADDRCONF(NETDEV_UP): s1-eth1: link is not ready
  [   28.255859] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth1: link becomes ready
  [   28.294253] IPv6: ADDRCONF(NETDEV_UP): s1-eth2: link is not ready
  [   28.310647] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth2: link becomes ready
  [   28.341512] IPv6: ADDRCONF(NETDEV_UP): s1-eth3: link is not ready
  [   28.358174] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth3: link becomes ready
  [   28.386774] IPv6: ADDRCONF(NETDEV_UP): s1-eth4: link is not ready
  [   28.402249] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth4: link becomes ready
  [   28.431979] IPv6: ADDRCONF(NETDEV_UP): s1-eth5: link is not ready
  [   28.446848] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth5: link becomes ready
  [   28.482404] IPv6: ADDRCONF(NETDEV_UP): s1-eth6: link is not ready
  [   28.498450] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth6: link becomes ready
  [   28.530356] IPv6: ADDRCONF(NETDEV_UP): s1-eth7: link is not ready
  [   28.546206] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth7: link becomes ready
  [   28.578384] IPv6: ADDRCONF(NETDEV_UP): s2-eth1: link is not ready
  [   28.594164] IPv6: ADDRCONF(NETDEV_CHANGE): s2-eth1: link becomes ready
  [   28.623885] IPv6: ADDRCONF(NETDEV_UP): s2-eth2: link is not ready
  [   28.642570] IPv6: ADDRCONF(NETDEV_CHANGE): s2-eth2: link becomes ready
  [   28.669156] IPv6: ADDRCONF(NETDEV_UP): s2-eth3: link is not ready
  [   28.683255] IPv6: ADDRCONF(NETDEV_CHANGE): s2-eth3: link becomes ready
  [   28.716490] IPv6: ADDRCONF(NETDEV_UP): s2-eth4: link is not ready
  [   28.734239] IPv6: ADDRCONF(NETDEV_CHANGE): s2-eth4: link becomes ready
  [   28.763779] IPv6: ADDRCONF(NETDEV_UP): s2-eth5: link is not ready
  [   28.782221] IPv6: ADDRCONF(NETDEV_CHANGE): s2-eth5: link becomes ready
  [   28.810559] IPv6: ADDRCONF(NETDEV_UP): s2-eth6: link is not ready
  [   28.826181] IPv6: ADDRCONF(NETDEV_CHANGE): s2-eth6: link becomes ready
  [   28.856232] IPv6: ADDRCONF(NETDEV_UP): s2-eth7: link is not ready
  [   28.875082] IPv6: ADDRCONF(NETDEV_CHANGE): s2-eth7: link becomes ready
  [   28.901120] IPv6: ADDRCONF(NETDEV_UP): s1-eth8: link is not ready
  [   28.909372] IPv6: ADDRCONF(NETDEV_CHANGE): s1-eth8: link becomes ready
  [   28.986164] device ovs-system entered promiscuous mode
  [   29.001788] device s1 entered promiscuous mode
  [   29.021015] BUG: unable to handle kernel NULL pointer dereference at 
00a8
  [   29.021600] IP: [] if_nlmsg_size+0xfb/0x240
  [   29.021990] PGD 3bfec067 PUD 36c7e067 PMD 0 
  [   29.022303] Oops:  [#1] SMP 
  [   29.022540] Modules linked in: veth openvswitch gre vxlan ip_tunnel 
libcrc32c 9p ppdev kvm_intel kvm 9pnet_virtio serio_raw 9pnet parport_pc 
parport i2c_piix4 mac_hid psmouse floppy pata_acpi [last unloaded:]
  [   29.023992] CPU: 0 PID: 2255 Comm: ovs-vswitchd Not tainted 
3.13.0-124-generic #173-Ubuntu
  [   29.024012] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
1.10.2-1ubuntu1 04/01/2014
  [   29.024012] task: 88003d5f1800 ti: 880036c7c000 task.ti: 
880036c7c000
  [   29.024012] RIP: 0010:[]  [] 
if_nlmsg_size+0xfb/0x240
  [   29.024012] RSP: 0018:880036c7d850  EFLAGS: 00010286
  [   29.024012] RAX: 88003bb41000 RBX: 88003ac9b000 RCX: 
00d0
  [   29.024012] RDX:  RSI:  RDI: 
88003ac9b000
  [   29.024012] RBP: 880036c7d888 R08:  R09: 

  [   29.024012] R10: 44ed R11: 006d65747379732d R12: 
0344
  [   29.024012] R13:  R14: a011c000 R15: 
0014
  [   29.024012] FS:  7f2a595e3980() GS:88003fc0() 
knlGS:
  [   29.024012] CS:  0010 DS:  ES:  CR0: 80050033
  [   29.024012] CR2: 00a8 CR3: 3d5ff000 CR4: 
06f0
  [   29.024012] Stack:
  [   29.024012]  88003bb41000  00d0 
0010
  [   29.024012]  81cdaf00  88003ac9b000 
880036c7d8d8
  [   29.024012]  81642f82 735f7265776f6cfa ff00316874652d31 
88003ac9b000
  [   29.024012] Call Trace: