3.13.0-71: IPv6 UDP DNS packets are not received

Hi Pali,

I'd like to try and reproduce this bug. Can you list the steps I would need to perform to reproduce the bug? Would it just be to use the Kopete client and try to connect to a jabber server?

Also, do I need to do some network reconfiguration? I am currently using IPv4, and do not have IPv6 configured.

I'm also going to build a test kernel for you to try with the following three commits reverted:
538c22c net/ipv6: Correct PIM6 mrt_lock handling
483d538 [stable-only] net: add length argument to skb_copy_and_csum_datagram_iov
16b7201 ipv6: fix exthdrs offload registration in out_rt path

If that does not fix the issue, we can perform a kernel bisect to identify the exact commit that introduced the regression.

Now I tested version 3.13.0-69.112~precise1 from https://launchpad.net/~canonical-kernel-team/+archive/ubuntu/ppa/+packages?field.name_filter=linux-lts-trusty&field.status_filter=&field.series_filter=precise and it has same problem as 3.13.0-71. So this bug was introduced somewhere between -68 and -69.

For reproducing just try to use Kopete IM client and try to connect to some jabber server. Kopete must use IPv6 recursive DNS server for translating jabber SRV or A records. DNS server address is read from standard file /etc/resolv.conf.

So if you do not have IPv6 connectivity, you can you start some recursive (or forward) DNS server on IPv6 localhost and set nameserver ::1 in /etc/resolv.conf. This is quick hack, but should work.

I see that NetworkManager on Ubuntu is already using dnsmasq (as forwarder), but does not have enabled IPv6 support on localhost. It automatically add "nameserver 127.0.0.1" line into /etc/resolv.conf.

To tell dnsmasq to listen also on IPv6 localhost add configuration like:
$ echo listen-address=::1 > /etc/NetworkManager/dnsmasq.d/ipv6
(and reboot)

And set "nameserver ::1" in /etc/resolv.conf (note that NetworkManager is changing that file when reconnecting...)

I built a Trusty test kernel with a revert of the three commits mentioned in comment: #1. The test kernel can be downloaded from:

http://kernel.ubuntu.com/~jsalisbury/lp1527902/

Can you test this kernel and see if it resolves this bug? If it does, then we can narrow which of those three commit is the cause. If the bug still exits, we will probably want to perform a kernel bisect.

Note, with this test kernel, you need to install both the linux-image and linux-image-extra .deb packages.

Thanks in advance!

Actually that last test kernel for specific to Trusty proper. I'll build one more, but using the trusty-lts repo.

Ok, a new lts-backport-trusty test kernel is available here:

http://kernel.ubuntu.com/~jsalisbury/lp1527902/

Now I tested your last build and it does *not* fix this bug :-(

thanks for testing , pali. I'm going to build one more test kernel. If that does not fix the bug, we'll have to perform a bisect.

I am able to perform dns lookups on a P+T box with -74 (and the OR has separatly confirmed -74 as affected), so this appears to not be systemic:

mru@grovel-x-p64p5:~$ cat /proc/version_signature
Ubuntu 3.13.0-74.118~precise1-generic 3.13.11-ckt30

mru@grovel-x-p64p5:~$ dig aaaa www.google.com @2001:4860:4860::8888

; <<>> DiG 9.8.1-P1 <<>> aaaa www.google.com @2001:4860:4860::8888
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33031
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com. IN AAAA

;; ANSWER SECTION:
www.google.com. 299 IN AAAA 2a00:1450:4009:811::2004

;; Query time: 39 msec
;; SERVER: 2001:4860:4860::8888#53(2001:4860:4860::8888)
;; WHEN: Wed Dec 23 19:17:07 2015
;; MSG SIZE rcvd: 60

mru@grovel-x-p64p5:~$ sudo tcpdump -n host 2001:4860:4860::8888
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:19:51.930966 IP6 2001:470:6973:2:18f8:278f:cd6d:654e.52306 > 2001:4860:4860::8888.53: 55720+ AAAA? www.google.com. (32)
19:19:51.971448 IP6 2001:4860:4860::8888.53 > 2001:470:6973:2:18f8:278f:cd6d:654e.52306: 55720 1/0/0 AAAA 2a00:1450:4009:811::2004 (60)

Looks like that program dig is not affected, so not all stub resolvers are non working.

Kopete uses libiris xmpp library which uses jdns resolver. It is 100% reproducable.

I tested also new upstream 4.x kernels and they do not have this problem. Only ubuntu kernels >= 3.13.0-69.

If you need to test jdns library, upstream project has also example dns lookup cmdline tool in git repo:
https://github.com/psi-im/iris/tree/master/src/jdns/tools/jdns

(Call it with arg "-6" against some IPv6 DNS server)

I tested it and it reacts exactly same as Kopete, on 3.13.0-69 kernel (and above) just do not receive UDP IPv6 packets. As I wrote in description strace show that every recvfrom() calls just return -EAGAIN. But wireshark see that packets was received.

I started a kernel bisect between 3.13.0-68 and 3.13.0-69. The kernel bisect will require testing of about 7-10 test kernels.

I built the first test kernel, up to the following commit:
40c4e87e71354ccad701b7f36e522424e6504bca

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1527902

Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.

Thanks in advance

We may want to perform a reverse bisect as well, since there seems to be a fix in the latest mainline kernel. Could you test the latest upstream 3.13 stable kernel as well, maybe the fix came down through a stable update. The latest upstream stable kernel can be downloaded from:

http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.13.11-ckt32-trusty/

I tested kernel 3.13.0-68-generic #111~Commit40c4e87e7 and this is good.

Now I tested also v3.13.11-ckt32-trusty kernel and this is bad.

Sorry for the delay, I was away for holiday break. I'll build the next test kernel and post it shortly.

I built the next test kernel, up to the following commit:
cc22adac97a74e19fa22f8b1f3ea50827c1b5e3f

The test kernel can be downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1527902

Can you test that kernel and report back if it has the bug or not? I will build the next test kernel based on your test results.

Thanks in advance

I am also seeing problems with UDP ... in my case, TFTP failures. Error message is " service tftp, recvfrom: Resource temporarily unavailable (errno = 11)" in syslog. I suspect this is the same issue: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808293

So it is same error code for recvfrom() on UDP packet. It is possible that it is same problem...

Anyway, currently I cannot test next kernel, so if you cannot reproduce that bug, you need to wait some time after I could test next kernel build...

I appreciate we might not be chasing the same bug ... so use with caution but here's some extra data points
3.13.0-68 - TFTP works
3.13.0-69.112~lp1527902Commitcc22adac - TFTP broken.

Good news, everyone! TL;DR:

Pali, I've (finally) managed to reproduce and fix this bug (IPv6 UDP DNS), with your recommendation of the program 'jdns'. For reference, here's my reproduction procedure, on a fresh install of Precise server (a slight variation on a method Pali developed):

sudo apt-get install dnsmasq
echo listen-address=::1 | sudo tee /etc/dnsmasq.d/ipv6
echo nameserver ::1 | sudo resolvconf -a lo.inet6
sudo /etc/init.d/dnsmasq restart
# fetch and build https://github.com/psi-im/iris/tree/master/src/jdns
./jdns -d -6 uni AAAA google.com ::1

    ... kernel versions >= 3.13.0-69.112~precise1 fail with "[1] Error: Timeout"

Ian, thanks very much for the pointer! Your mention of Debian bug 808293 led to this pending patch, which does fix this bug (and hopefully your tftp bug also): https://patchwork.ozlabs.org/patch/561746/ ("udp: properly support MSG_PEEK with truncated buffers")

Here's an amd64 test kernel which is 3.13.0-69.112~precise1 + a simple backport of that patch. Pali, this passes the 'jdns' test. Can you confirm that it resolves your original issue too? Ian, does it also fix your tftp problem?

http://kernel.ubuntu.com/~kamal/lp1527902/linux-image-3.13.0-69-generic_3.13.0-69.112~precise1+lp1527902_amd64.deb

Hello Kamal,

Yes, running, linux-image-3.13.0-69-generic_3.13.0-69.112~precise1+lp1527902 does indeed resolve my TFTP issues!

Thanks!

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-vivid' to 'verification-done-vivid'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Verified ok in Vivid 3.19.0-46.52 (proposed): The bug can't be reproduced in 3.19 (a separate upstream fix hides it), but this patch doesn't appear to break anything and does eliminate an unnecessary double checksum computation.

@Kamal: I tested your build 3.13.0-69-generic #112~precise1+lp1527902 and it fixed this problem.

Thanks for verifying that Pali. The fix is in the pipeline for all affected Ubuntu kernels.

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-wily' to 'verification-done-wily'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Verified ok in Wily 4.2.0-27.32 (proposed): The bug can't be reproduced in 4.2 (a separate upstream fix hides it), but this patch doesn't appear to break anything and does eliminate an unnecessary double checksum computation.

This bug was fixed in the package linux - 4.4.0-2.16

---------------
linux (4.4.0-2.16) xenial; urgency=low

  [ Andy Whitcroft ]

  * Release Tracking Bug
    - LP: #1539090
  * SAUCE: hv: hv_set_ifconfig -- convert to python3
    - LP: #1506521
  * SAUCE: dm: introduce a target_ioctl op to allow target specific ioctls
    - LP: #1538618

  [ Colin Ian King ]

  * SAUCE: ACPI / tables: Add acpi_force_32bit_fadt_addr option to force 32
    bit FADT addresses (LP: #1529381)
    - LP: #1529381

  [ John Johansen ]

  * SAUCE: (no-up): apparmor: fix for failed mediation of socket that is
    being shutdown
    - LP: #1446906

  [ Mahesh Salgaonkar ]

  * SAUCE: Powernv: Remove the usage of PACAR1 from opal wrappers
    - LP: #1537881
  * SAUCE: powerpc/book3s: Fix TB corruption in guest exit path on HMI
    interrupt.
    - LP: #1537881
  * SAUCE: KVM: PPC: Book3S HV: Fix soft lockups in KVM on HMI for time
    base errors
    - LP: #1537881

  [ Paolo Pisati ]

  * SAUCE: arm64: errata: Add -mpc-relative-literal-loads to erratum
    #843419 build flags
    - LP: #1533009
  * [Config] MFD_TPS65217=y && REGULATOR_TPS65217=y
  * [Config] disable ARCH_ZX (ZTE ZX Soc)

  [ Tim Gardner ]

  * Revert "SAUCE: (noup) cxlflash: a couple off by one bugs"
  * SAUCE: (no-up) Update bnx2x firmware to 7.12.30.0
    - LP: #1536719
  * SAUCE: drop obsolete bnx2x firmware
  * SAUCE: i40e: Silence 'may be used uninitialized' warnings
    - LP: #1536474
  * [Config] CONFIG_ZONE_DMA=y for amd64 lowlatency
    - LP: #1534647
  * [Config] Add pvpanic to virtual flavour
    - LP: #1537923
  * [Config] CONFIG_INTEL_PUNIT_IPC=m, CONFIG_INTEL_TELEMETRY=m
    - LP: #1520457

  [ Upstream Kernel Changes ]

  * i40evf: fix compiler warning of unused variable
    - LP: #1536474
  * intel: i40e: fix confused code
    - LP: #1536474
  * i40e/i40evf: remove unused tunnel parameter
    - LP: #1536474
  * i40e: Change BUG_ON to WARN_ON in service event complete
    - LP: #1536474
  * i40e: remove BUG_ON from feature string building
    - LP: #1536474
  * i40e: remove BUG_ON from FCoE setup
    - LP: #1536474
  * i40e: Workaround fix for mss < 256 issue
    - LP: #1536474
  * i40e/i40evf: Add a stat to track how many times we have to do a force
    WB
    - LP: #1536474
  * i40e: Move the saving of old link info from handle_link_event to
    link_event
    - LP: #1536474
  * i40e/i40evf: Add comment to #endif
    - LP: #1536474
  * i40e/i40evf: clean up error messages
    - LP: #1536474
  * i40evf: handle many MAC filters correctly
    - LP: #1536474
  * i40e: return the number of enabled queues for ETHTOOL_GRXRINGS
    - LP: #1536474
  * i40e: rework the functions to configure RSS with similar parameters
    - LP: #1536474
  * i40e: create a generic configure rss function
    - LP: #1536474
  * i40e: Bump version to 1.4.2
    - LP: #1536474
  * i40e: add new fields to store user configuration
    - LP: #1536474
  * i40e: rename rss_size to alloc_rss_size in i40e_pf
    - LP: #1536474
  * i40e/i40evf: Fix RS bit update in Tx path and disable force WB
    workaround
    - LP: #1536474
  * i40e/i40evf: prefetch skb data on transmit
    - LP: #1536474
  * i40evf: rename VF adapter s...

Hi Kamal! When will be this bug fixed in precise kernel release?

This bug was fixed in the package linux - 4.2.0-27.32

---------------
linux (4.2.0-27.32) wily; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1536867

  [ Andy Whitcroft ]

  * SAUCE: (no-up) add compat_uts_machine= kernel command line override
    - LP: #1520627

  [ Colin Ian King ]

  * SAUCE: (no-up) ACPI / tables: Add acpi_force_32bit_fadt_addr option to
    force 32 bit FADT addresses
    - LP: #1529381

  [ Eric Dumazet ]

  * SAUCE: (no-up) udp: properly support MSG_PEEK with truncated buffers
    - LP: #1527902

  [ Guilherme G. Piccoli ]

  * SAUCE: powerpc/eeh: Validate arch in eeh_add_device_early()
    - LP: #1486180

  [ Tim Gardner ]

  * SAUCE: (no-up) Revert "[SCSI] libiscsi: Reduce locking contention in
    fast path"
    - LP: #1517142
  * [Config] Add DRM ast driver to udeb installer image
    - LP: #1514711

  [ Upstream Kernel Changes ]

  * net/mlx5e: Re-eanble client vlan TX acceleration
    - LP: #1533249
  * net/mlx5e: Fix LSO vlan insertion
    - LP: #1533249
  * net/mlx5e: Fix inline header size calculation
    - LP: #1533249
  * net: usb: cdc_ncm: Adding Dell DW5812 LTE Verizon Mobile Broadband Card
    - LP: #1533118
  * net: usb: cdc_ncm: Adding Dell DW5813 LTE AT&T Mobile Broadband Card
    - LP: #1533118
  * powerpc/eeh: Fix recursive fenced PHB on Broadcom shiner adapter
    - LP: #1532942

linux (4.2.0-26.31) wily; urgency=low

  [ Luis Henriques ]

  * Release Tracking Bug
    - LP: #1535795
  * Merged back Ubuntu-4.2.0-25.30

 -- Brad Figg <email address hidden> Thu, 21 Jan 2016 18:44:37 -0800

@Pali- The 3.13 kernel (for Trusty and Precise) including this fix is planned for this week, so it should appear in 'Proposed' within the next few days -- then the usual week more of baking time before actual release. Sorry for the delay, and thanks for your patience!

Fix released in 3.19.0-47.53

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

Verified ok in Trusty (3.13.0-78.122) and Precise (3.13.0-78.122~precise1). The 'jdns' test (comment #20) passes for 3.13.0-78.122 kernels (but fails for the previous versions).

I think that unlike the bug title and description suggest, this bug is not limited to IPv6. I am having the same problem with FreeRADIUS when RADIUS packets are received over IPv4. This problem is fixed by the Kernel from trusty-proposed, too.

Actually, this problem looks a lot like a regression that already appeared in 3.13.0-66 and was fixed in 3.13.0-67 (see bug #1510213 which turned out to be the same problem as tracked in #1508510). So maybe, some measures should be taken to ensure that this regression does not make it into a released kernel again but it is detected during QA.

A side note regading the problem with FreeRADIUS: I only had this problem on a multi-core multi-socket machine. On a multi-core single-socket machine, it did not appear, but this might just have been a coincidence.

This bug was fixed in the package linux - 3.13.0-79.123

---------------
linux (3.13.0-79.123) trusty; urgency=low

  [ Seth Forshee ]

  * SAUCE: cred: Add clone_cred() interface
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Use mounter's credentials instead of full kernel
    credentials
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.*
    xattrs
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Be more careful about copying up sxid files
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Propogate nosuid from lower and upper mounts
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576

linux (3.13.0-78.122) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1540559

  [ Eric Dumazet ]

  * SAUCE: (no-up) udp: properly support MSG_PEEK with truncated buffers
    - LP: #1527902

  [ J. R. Okajima ]

  * SAUCE: ubuntu: aufs: tiny, extract a new func xino_fwrite_wkq()
    - LP: #1533043
  * SAUCE: ubuntu: aufs: for 4.3, XINO handles EINTR from the dying process
    - LP: #1533043

  [ Upstream Kernel Changes ]

  * Revert "[stable-only] net: add length argument to
    skb_copy_and_csum_datagram_iovec"
    - LP: #1538756
  * unregister_netdevice : move RTM_DELLINK to until after ndo_uninit
    - LP: #1525324
  * rtnetlink: delay RTM_DELLINK notification until after ndo_uninit()
    - LP: #1525324
  * Drivers: hv: Eliminate the channel spinlock in the callback path
    - LP: #1519897
  * Drivers: hv: vmbus: Implement per-CPU mapping of relid to channel
    - LP: #1519897
  * Drivers: hv: vmbus: Suport an API to send pagebuffers with additional
    control
    - LP: #1519897
  * Drivers: hv: vmbus: Suport an API to send packet with additional
    control
    - LP: #1519897
  * Drivers: hv: vmbus: Export the vmbus_sendpacket_pagebuffer_ctl()
    - LP: #1519897
  * Drivers: hv: vmbus: Fix a siganlling host signalling issue
    - LP: #1519897
  * Drivers: hv: vmbus: Fix a Host signaling bug
    - LP: #1519897
  * ARC: Fix silly typo in MAINTAINERS file
    - LP: #1538756
  * ip6mr: call del_timer_sync() in ip6mr_free_table()
    - LP: #1538756
  * gre6: allow to update all parameters via rtnl
    - LP: #1538756
  * atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation
    - LP: #1538756
  * sctp: use the same clock as if sock source timestamps were on
    - LP: #1538756
  * sctp: update the netstamp_needed counter when copying sockets
    - LP: #1538756
  * ipv6: sctp: clone options to avoid use after free
    - LP: #1538756
  * net: add validation for the socket syscall protocol argument
    - LP: #1538756
  * sh_eth: fix kernel oops in skb_put()
    - LP: #1538756
  * pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
    - LP: #1538756
  * bluetooth: Validate socket address length in sco_sock_bind().
    - LP: #1538756
  * af_unix: Revert 'lock_interruptible' in stream receive code
    - LP: #1538756
  * KEYS: Fix race between read and revoke
    - LP: #1538756
  * tools: Add a "make all" rule
    - LP: #1538...

This bug was fixed in the package linux-lts-utopic - 3.16.0-62.82~14.04.1

---------------
linux-lts-utopic (3.16.0-62.82~14.04.1) trusty; urgency=low

  [ Seth Forshee ]

  * SAUCE: cred: Add clone_cred() interface
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Use mounter's credentials instead of selectively
    raising caps
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.*
    xattrs
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Be more careful about copying up sxid files
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Propogate nosuid from lower and upper mounts
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576

linux-lts-utopic (3.16.0-61.81~14.04.1) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1541076

  [ Eric Dumazet ]

  * SAUCE: (no-up) udp: properly support MSG_PEEK with truncated buffers
    - LP: #1527902

  [ J. R. Okajima ]

  * SAUCE: ubuntu: aufs: tiny, extract a new func xino_fwrite_wkq()
    - LP: #1533043
  * SAUCE: ubuntu: aufs: for 4.3, XINO handles EINTR from the dying process
    - LP: #1533043

  [ Upstream Kernel Changes ]

  * Revert "[stable-only] net: add length argument to
    skb_copy_and_csum_datagram_iovec"
    - LP: #1540412
  * xfrm: dst_entries_init() per-net dst_ops
    - LP: #1486670
  * fuse: break infinite loop in fuse_fill_write_pages()
    - LP: #1540412
  * usb: gadget: pxa27x: fix suspend callback
    - LP: #1540412
  * iio: fix some warning messages
    - LP: #1540412
  * USB: cp210x: Remove CP2110 ID from compatibility list
    - LP: #1540412
  * USB: cdc_acm: Ignore Infineon Flash Loader utility
    - LP: #1540412
  * USB: serial: Another Infineon flash loader USB ID
    - LP: #1540412
  * ext4: Fix handling of extended tv_sec
    - LP: #1540412
  * jbd2: Fix unreclaimed pages after truncate in data=journal mode
    - LP: #1540412
  * drm/ttm: Fixed a read/write lock imbalance
    - LP: #1540412
  * AHCI: Fix softreset failed issue of Port Multiplier
    - LP: #1540412
  * sata_sil: disable trim
    - LP: #1540412
  * usb-storage: Fix scsi-sd failure "Invalid field in cdb" for USB adapter
    JMicron
    - LP: #1540412
  * staging: lustre: echo_copy.._lsm() dereferences userland pointers
    directly
    - LP: #1540412
  * irqchip/versatile-fpga: Fix PCI IRQ mapping on Versatile PB
    - LP: #1540412
  * usb: core : hub: Fix BOS 'NULL pointer' kernel panic
    - LP: #1540412
  * USB: whci-hcd: add check for dma mapping error
    - LP: #1540412
  * usb: Use the USB_SS_MULT() macro to decode burst multiplier for log
    message
    - LP: #1540412
  * dm btree: fix leak of bufio-backed block in btree_split_sibling error
    path
    - LP: #1540412
  * perf: Fix PERF_EVENT_IOC_PERIOD deadlock
    - LP: #1540412
  * usb: xhci: fix config fail of FS hub behind a HS hub with MTT
    - LP: #1540412
  * ALSA: rme96: Fix unexpected volume reset after rate changes
    - LP: #1540412
  * ALSA: hda - Add inverted dmic for Packard Bell DOTS
    - LP: #1523232, #1540412
  * v...

This bug was fixed in the package linux-lts-trusty - 3.13.0-79.123~precise1

---------------
linux-lts-trusty (3.13.0-79.123~precise1) precise; urgency=low

  [ Seth Forshee ]

  * SAUCE: cred: Add clone_cred() interface
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Use mounter's credentials instead of full kernel
    credentials
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.*
    xattrs
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Be more careful about copying up sxid files
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576
  * SAUCE: overlayfs: Propogate nosuid from lower and upper mounts
    - LP: #1534961, #1535150
    - CVE-2016-1575 CVE-2016-1576

linux (3.13.0-78.122) trusty; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #1540559

  [ Eric Dumazet ]

  * SAUCE: (no-up) udp: properly support MSG_PEEK with truncated buffers
    - LP: #1527902

  [ J. R. Okajima ]

  * SAUCE: ubuntu: aufs: tiny, extract a new func xino_fwrite_wkq()
    - LP: #1533043
  * SAUCE: ubuntu: aufs: for 4.3, XINO handles EINTR from the dying process
    - LP: #1533043

  [ Upstream Kernel Changes ]

  * Revert "[stable-only] net: add length argument to
    skb_copy_and_csum_datagram_iovec"
    - LP: #1538756
  * unregister_netdevice : move RTM_DELLINK to until after ndo_uninit
    - LP: #1525324
  * rtnetlink: delay RTM_DELLINK notification until after ndo_uninit()
    - LP: #1525324
  * Drivers: hv: Eliminate the channel spinlock in the callback path
    - LP: #1519897
  * Drivers: hv: vmbus: Implement per-CPU mapping of relid to channel
    - LP: #1519897
  * Drivers: hv: vmbus: Suport an API to send pagebuffers with additional
    control
    - LP: #1519897
  * Drivers: hv: vmbus: Suport an API to send packet with additional
    control
    - LP: #1519897
  * Drivers: hv: vmbus: Export the vmbus_sendpacket_pagebuffer_ctl()
    - LP: #1519897
  * Drivers: hv: vmbus: Fix a siganlling host signalling issue
    - LP: #1519897
  * Drivers: hv: vmbus: Fix a Host signaling bug
    - LP: #1519897
  * ARC: Fix silly typo in MAINTAINERS file
    - LP: #1538756
  * ip6mr: call del_timer_sync() in ip6mr_free_table()
    - LP: #1538756
  * gre6: allow to update all parameters via rtnl
    - LP: #1538756
  * atl1c: Improve driver not to do order 4 GFP_ATOMIC allocation
    - LP: #1538756
  * sctp: use the same clock as if sock source timestamps were on
    - LP: #1538756
  * sctp: update the netstamp_needed counter when copying sockets
    - LP: #1538756
  * ipv6: sctp: clone options to avoid use after free
    - LP: #1538756
  * net: add validation for the socket syscall protocol argument
    - LP: #1538756
  * sh_eth: fix kernel oops in skb_put()
    - LP: #1538756
  * pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
    - LP: #1538756
  * bluetooth: Validate socket address length in sco_sock_bind().
    - LP: #1538756
  * af_unix: Revert 'lock_interruptible' in stream receive code
    - LP: #1538756
  * KEYS: Fix race between read and revoke
    - LP: #1538756
  * too...