[Kernel-packages] [Bug 1698264] Re: Processes in "D" state due to zap_pid_ns_processes kernel call with Ubuntu + Docker

Mon, 17 Jul 2017 04:52:35 -0700 

This bug was fixed in the package linux - 4.8.0-59.64

---------------
linux (4.8.0-59.64) yakkety; urgency=low

  * linux: 4.8.0-59.64 -proposed tracker (LP: #1701019)

  * KILLER1435-S[0489:e0a2] BT cannot search BT 4.0 device (LP: #1699651)
    - Bluetooth: btusb: Add support for 0489:e0a2 QCA_ROME device

  * CVE-2017-7895
    - nfsd4: minor NFSv2/v3 write decoding cleanup
    - nfsd: stricter decoding of write-like NFSv2/v3 ops

  * CVE-2017-5551
    - tmpfs: clear S_ISGID when setting posix ACLs

  * CVE-2017-9605
    - drm/vmwgfx: Make sure backup_handle is always valid

  * CVE-2017-1000380
    - ALSA: timer: Fix race between read and ioctl
    - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT

  * CVE-2017-9150
    - bpf: don't let ldimm64 leak map addresses on unprivileged

  * CVE-2017-5576
    - drm/vc4: Fix an integer overflow in temporary allocation layout.

  * Processes in "D" state due to zap_pid_ns_processes kernel call with Ubuntu +
    Docker (LP: #1698264)
    - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes

  * CVE-2016-9755
    - netfilter: ipv6: nf_defrag: drop mangled skb on ream error

  * CVE-2017-7346
    - drm/vmwgfx: limit the number of mip levels in 
vmw_gb_surface_define_ioctl()

  * CVE-2017-8924
    - USB: serial: io_ti: fix information leak in completion handler

  * CVE-2017-8925
    - USB: serial: omninet: fix reference leaks at open

  * CVE-2017-9074
    - ipv6: Check ip6_find_1stfragopt() return value properly.

  * CVE-2014-9900
    - net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()

  * OpenPower: Some multipaths temporarily have only a single path
    (LP: #1696445)
    - scsi: ses: don't get power status of SES device slot on probe

 -- Thadeu Lima de Souza Cascardo <casca...@canonical.com>  Thu, 29 Jun
2017 14:34:32 -0300

** Changed in: linux (Ubuntu Yakkety)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-9900

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-9755

** CVE added: https://cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-1000380

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5551

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5576

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7346

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7895

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8924

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-8925

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9074

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9150

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9605

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1698264

Title:
  Processes in "D" state due to zap_pid_ns_processes kernel call with
  Ubuntu + Docker

Status in linux package in Ubuntu:
  Fix Committed
Status in linux source package in Xenial:
  Fix Released
Status in linux source package in Yakkety:
  Fix Released
Status in linux source package in Zesty:
  Fix Committed

Bug description:
  SRU Justification

  Impact: In some cases some docker processes can be stuck in the D
  state after a container has terminated. They will remain in this state
  until reboot.

  Fix: Cherry pick upstream commit
  b9a985db98961ae1ba0be169f19df1c567e4ffe0, which has already been
  included as a stable commit in maintained upstream stable kernels.

  Test case: See below.

  Regression potential: Low, this is a simple change and as stated above
  the patch has already been shipped out in upstream stable kernels.

  ---

  (please refer to
  https://github.com/moby/moby/issues/31007#issuecomment-308877825 for
  context)

  Precondition: Ubuntu 16.04.2 with Docker 17.03 (kernel 4.4)

  Steps to reproduce:
  - Install latest Docker
  - Run 300 containers with health check (for i in {1..300}; do docker run -d 
-it --restart=always --name poc_$i talves/health_poc; done)
  - Send termination signal to the containers (docker kill -s TERM $(docker ps 
-q)
  - A few processes are going to be stuck in "uninterruptible sleep" ("D" 
state). The only know way to recover from this is host reboot

  Expected behavior:
  - All containers should be terminated without any dangling process

  Actual behavior:
  - Some processes are left in "D" state. In our production environment this 
leads over time to performance degradation and maintenance issues due to 
containers that cannot be stopped / removed.

  A fix is provided on kernel 4.12 - it would be nice if it could be
  backported and included in the next Ubuntu release within the
  supported kernel.

  Thanks in advance
  ---
  AlsaDevices:
   total 0
   crw-rw---- 1 root audio 116,  1 May 29 16:54 seq
   crw-rw---- 1 root audio 116, 33 May 29 16:54 timer
  AplayDevices: Error: [Errno 2] No such file or directory
  ApportVersion: 2.20.1-0ubuntu2.6
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory
  AudioDevicesInUse:
   Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with 
exit code 1: Cannot stat file /proc/11652/fd/4: Stale file handle
   Cannot stat file /proc/11652/fd/5: Stale file handle
   Cannot stat file /proc/11652/fd/6: Stale file handle
   Cannot stat file /proc/11652/fd/7: Stale file handle
   Cannot stat file /proc/11652/fd/11: Stale file handle
  DistroRelease: Ubuntu 16.04
  Ec2AMI: ami-45b69e52
  Ec2AMIManifest: (unknown)
  Ec2AvailabilityZone: us-east-1c
  Ec2InstanceType: t2.large
  Ec2Kernel: unavailable
  Ec2Ramdisk: unavailable
  IwConfig: Error: [Errno 2] No such file or directory
  Lsusb: Error: command ['lsusb'] failed with exit code 1:
  MachineType: Xen HVM domU
  Package: linux (not installed)
  PciMultimedia:

  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 cirrusdrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-78-generic 
root=UUID=9b05a884-ac72-4bd2-8660-3bfa5cb22246 ro net.ifnames=0 biosdevname=0 
cgroup_enable=memory swapaccount=1 console=tty1 console=ttyS0
  ProcVersionSignature: Ubuntu 4.4.0-78.99-generic 4.4.62
  RelatedPackageVersions:
   linux-restricted-modules-4.4.0-78-generic N/A
   linux-backports-modules-4.4.0-78-generic  N/A
   linux-firmware                            1.157.10
  RfKill: Error: [Errno 2] No such file or directory
  Tags:  xenial ec2-images
  Uname: Linux 4.4.0-78-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups:

  _MarkForUpload: True
  dmi.bios.date: 02/16/2017
  dmi.bios.vendor: Xen
  dmi.bios.version: 4.2.amazon
  dmi.chassis.type: 1
  dmi.chassis.vendor: Xen
  dmi.modalias: 
dmi:bvnXen:bvr4.2.amazon:bd02/16/2017:svnXen:pnHVMdomU:pvr4.2.amazon:cvnXen:ct1:cvr:
  dmi.product.name: HVM domU
  dmi.product.version: 4.2.amazon
  dmi.sys.vendor: Xen

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1698264/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to