[Group.of.nepali.translators] [Bug 1672470] Re: ip_rcv_finish() NULL pointer kernel panic
This bug was fixed in the package linux - 4.4.0-75.96 --- linux (4.4.0-75.96) xenial; urgency=low * linux: 4.4.0-75.96 -proposed tracker (LP: #1684441) * [Hyper-V] hv: util: move waiting for release to hv_utils_transport itself (LP: #1682561) - Drivers: hv: util: move waiting for release to hv_utils_transport itself linux (4.4.0-74.95) xenial; urgency=low * linux: 4.4.0-74.95 -proposed tracker (LP: #1682041) * [Hyper-V] hv: vmbus: Raise retry/wait limits in vmbus_post_msg() (LP: #1681893) - Drivers: hv: vmbus: Raise retry/wait limits in vmbus_post_msg() linux (4.4.0-73.94) xenial; urgency=low * linux: 4.4.0-73.94 -proposed tracker (LP: #1680416) * CVE-2017-6353 - sctp: deny peeloff operation on asocs with threads sleeping on it * vfat: missing iso8859-1 charset (LP: #1677230) - [Config] NLS_ISO8859_1=y * Regression: KVM modules should be on main kernel package (LP: #1678099) - [Config] powerpc: Add kvm-hv and kvm-pr to the generic inclusion list * linux-lts-xenial 4.4.0-63.84~14.04.2 ADT test failure with linux-lts-xenial 4.4.0-63.84~14.04.2 (LP: #1664912) - SAUCE: apparmor: fix link auditing failure due to, uninitialized var * regession tests failing after stackprofile test is run (LP: #1661030) - SAUCE: fix regression with domain change in complain mode * Permission denied and inconsistent behavior in complain mode with 'ip netns list' command (LP: #1648903) - SAUCE: fix regression with domain change in complain mode * unexpected errno=13 and disconnected path when trying to open /proc/1/ns/mnt from a unshared mount namespace (LP: #1656121) - SAUCE: apparmor: null profiles should inherit parent control flags * apparmor refcount leak of profile namespace when removing profiles (LP: #1660849) - SAUCE: apparmor: fix ns ref count link when removing profiles from policy * tor in lxd: apparmor="DENIED" operation="change_onexec" namespace="root//CONTAINERNAME_" profile="unconfined" name="system_tor" (LP: #1648143) - SAUCE: apparmor: Fix no_new_privs blocking change_onexec when using stacked namespaces * apparmor oops in bind_mnt when dev_path lookup fails (LP: #1660840) - SAUCE: apparmor: fix oops in bind_mnt when dev_path lookup fails * apparmor auditing denied access of special apparmor .null fi\ le (LP: #1660836) - SAUCE: apparmor: Don't audit denied access of special apparmor .null file * apparmor label leak when new label is unused (LP: #1660834) - SAUCE: apparmor: fix label leak when new label is unused * apparmor reference count bug in label_merge_insert() (LP: #1660833) - SAUCE: apparmor: fix reference count bug in label_merge_insert() * apparmor's raw_data file in securityfs is sometimes truncated (LP: #1638996) - SAUCE: apparmor: fix replacement race in reading rawdata * unix domain socket cross permission check failing with nested namespaces (LP: #1660832) - SAUCE: apparmor: fix cross ns perm of unix domain sockets * Xenial update to v4.4.59 stable release (LP: #1678960) - xfrm: policy: init locks early - virtio_balloon: init 1st buffer in stats vq - pinctrl: qcom: Don't clear status bit on irq_unmask - c6x/ptrace: Remove useless PTRACE_SETREGSET implementation - h8300/ptrace: Fix incorrect register transfer count - mips/ptrace: Preserve previous registers for short regset write - sparc/ptrace: Preserve previous registers for short regset write - metag/ptrace: Preserve previous registers for short regset write - metag/ptrace: Provide default TXSTATUS for short NT_PRSTATUS - metag/ptrace: Reject partial NT_METAG_RPIPE writes - fscrypt: remove broken support for detecting keyring key revocation - sched/rt: Add a missing rescheduling point - Linux 4.4.59 * Update ENA driver to 1.1.2 from net-next (LP: #1664312) - net: ena: Remove unnecessary pci_set_drvdata() - net: ena: Fix error return code in ena_device_init() - net: ena: change the return type of ena_set_push_mode() to be void. - net: ena: use setup_timer() and mod_timer() - net/ena: remove ntuple filter support from device feature list - net/ena: fix queues number calculation - net/ena: fix ethtool RSS flow configuration - net/ena: fix RSS default hash configuration - net/ena: fix NULL dereference when removing the driver after device reset failed - net/ena: refactor ena_get_stats64 to be atomic context safe - net/ena: fix potential access to freed memory during device reset - net/ena: use READ_ONCE to access completion descriptors - net/ena: reduce the severity of ena printouts - net/ena: change driver's default timeouts - net/ena: change condition for host attribute configuration - net/ena: update driver version to 1.1.2 * Xenial update to v4.4.58 stable release (LP: #1677600) - net/openvswitch: Set the ipv6 source tunnel key
[Group.of.nepali.translators] [Bug 1672470] Re: ip_rcv_finish() NULL pointer kernel panic
I verified the Trusty kernel isn't affected, this only applies to Xenial and later. ** Changed in: linux (Ubuntu Trusty) Status: Confirmed => Invalid ** Changed in: linux (Ubuntu Xenial) Status: Confirmed => In Progress ** Changed in: linux (Ubuntu Yakkety) Status: Confirmed => In Progress ** Changed in: linux (Ubuntu Yakkety) Assignee: (unassigned) => Dan Streetman (ddstreet) ** Changed in: linux (Ubuntu Xenial) Assignee: (unassigned) => Dan Streetman (ddstreet) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1672470 Title: ip_rcv_finish() NULL pointer kernel panic Status in linux package in Ubuntu: In Progress Status in linux source package in Trusty: Invalid Status in linux source package in Xenial: In Progress Status in linux source package in Yakkety: In Progress Status in linux source package in Zesty: In Progress Bug description: The br_netfilter module processes packets traveling through its bridge, and while processing each skb it places a special fake dst onto the skb. When the skb leaves the bridge, it removes the fake dst and places a real dst onto it. However, it uses a hook to do this, and when the br_netfilter module is unloading it unregisters that hook. Any skbs that are currently being processed in the bridge by the br_netfilter module, but that leave the bridge after the hook is unregistered (or, during br_netfilter module load, before the hook is registered) will still have the fake dst; when other code then tries to process that dst, it causes a kernel panic because the dst is invalid. Recent upstream discussion: https://www.spinics.net/lists/netdev/msg416912.html Upstream patch (not yet merged into net-next): https://patchwork.ozlabs.org/patch/738275/ example panic report: [ 214.518262] BUG: unable to handle kernel NULL pointer dereference at (null) [ 214.612199] IP: [< (null)>] (null) [ 214.672744] PGD 0 [ 214.696887] Oops: 0010 [#1] SMP [ 214.735697] Modules linked in: br_netfilter(+) tun 8021q bridge stp llc bonding iTCO_wdt iTCO_vendor_support tpm_tis tpm kvm_intel kvm irqbypass sb_edac edac_core ixgbe mdio ipmi_si ipmi_msghandler lpc_ich mfd_core mousedev evdev igb dca procmemro(O) nokeyctl(O) noptrace(O) [ 215.029240] CPU: 34 PID: 0 Comm: swapper/34 Tainted: G O 4.4.39 #1 [ 215.116720] Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.13a.0.0713160937 07/13/16 [ 215.241644] task: 882038fb4380 ti: 8810392b task.ti: 8810392b [ 215.331207] RIP: 0010:[<>] [< (null)>] (null) [ 215.420877] RSP: 0018:88103fec3880 EFLAGS: 00010286 [ 215.484436] RAX: 881011631000 RBX: 881011067100 RCX: [ 215.569836] RDX: RSI: RDI: 881011067100 [ 215.655234] RBP: 88103fec38a8 R08: 0008 R09: 8810116300a0 [ 215.740629] R10: R11: R12: 881018917dce [ 215.826030] R13: 81c9be00 R14: 81c9be00 R15: 881011630078 [ 215.911432] FS: () GS:88103fec() knlGS: [ 216.008274] CS: 0010 DS: ES: CR0: 80050033 [ 216.077032] CR2: CR3: 001011b9d000 CR4: 001406e0 [ 216.162430] Stack: [ 216.186461] 8157d7f9 881011067100 881018917dce 88101163 [ 216.275407] 81c9be00 88103fec3918 8157e0db [ 216.364352] [ 216.453301] Call Trace: [ 216.482536] [ 216.505533] [] ? ip_rcv_finish+0x99/0x320 [ 216.575442] [] ip_rcv+0x25b/0x370 [ 216.634842] [] __netif_receive_skb_core+0x2cb/0xa20 [ 216.712965] [] __netif_receive_skb+0x18/0x60 [ 216.783801] [] netif_receive_skb_internal+0x23/0x80 [ 216.861921] [] netif_receive_skb+0x1c/0x70 [ 216.930686] [] br_handle_frame_finish+0x1b9/0x5b0 [bridge] [ 217.016091] [] ? ___slab_alloc+0x1d0/0x440 [ 217.084849] [] br_nf_pre_routing_finish+0x174/0x3d0 [br_netfilter] [ 217.178568] [] ? br_nf_pre_routing+0x97/0x470 [br_netfilter] [ 217.266052] [] ? br_handle_local_finish+0x80/0x80 [bridge] [ 217.351450] [] br_nf_pre_routing+0x1a7/0x470 [br_netfilter] [ 217.437891] [] nf_iterate+0x5d/0x70 [ 217.499367] [] nf_hook_slow+0x64/0xc0 [ 217.562928] [] br_handle_frame+0x1b9/0x290 [bridge] [ 217.641048] [] ? br_handle_local_finish+0x80/0x80 [bridge] [ 217.726446] [] __netif_receive_skb_core+0x342/0xa20 [ 217.804566] [] ? tcp4_gro_receive+0x126/0x1d0 [ 217.876445] [] ? inet_gro_receive+0x1c6/0x250 [ 217.948322] [] __netif_receive_skb+0x18/0x60 [ 218.019161] [] netif_receive_skb_internal+0x23/0x80 [ 218.097281] [] napi_gro_receive+0xc3/0x110 [
[Group.of.nepali.translators] [Bug 1672470] Re: ip_rcv_finish() NULL pointer kernel panic
** No longer affects: linux (Ubuntu Vivid) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1672470 Title: ip_rcv_finish() NULL pointer kernel panic Status in linux package in Ubuntu: In Progress Status in linux source package in Trusty: Confirmed Status in linux source package in Xenial: Confirmed Status in linux source package in Yakkety: Confirmed Status in linux source package in Zesty: In Progress Bug description: The br_netfilter module processes packets traveling through its bridge, and while processing each skb it places a special fake dst onto the skb. When the skb leaves the bridge, it removes the fake dst and places a real dst onto it. However, it uses a hook to do this, and when the br_netfilter module is unloading it unregisters that hook. Any skbs that are currently being processed in the bridge by the br_netfilter module, but that leave the bridge after the hook is unregistered (or, during br_netfilter module load, before the hook is registered) will still have the fake dst; when other code then tries to process that dst, it causes a kernel panic because the dst is invalid. Recent upstream discussion: https://www.spinics.net/lists/netdev/msg416912.html Upstream patch (not yet merged into net-next): https://patchwork.ozlabs.org/patch/738275/ example panic report: [ 214.518262] BUG: unable to handle kernel NULL pointer dereference at (null) [ 214.612199] IP: [< (null)>] (null) [ 214.672744] PGD 0 [ 214.696887] Oops: 0010 [#1] SMP [ 214.735697] Modules linked in: br_netfilter(+) tun 8021q bridge stp llc bonding iTCO_wdt iTCO_vendor_support tpm_tis tpm kvm_intel kvm irqbypass sb_edac edac_core ixgbe mdio ipmi_si ipmi_msghandler lpc_ich mfd_core mousedev evdev igb dca procmemro(O) nokeyctl(O) noptrace(O) [ 215.029240] CPU: 34 PID: 0 Comm: swapper/34 Tainted: G O 4.4.39 #1 [ 215.116720] Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.13a.0.0713160937 07/13/16 [ 215.241644] task: 882038fb4380 ti: 8810392b task.ti: 8810392b [ 215.331207] RIP: 0010:[<>] [< (null)>] (null) [ 215.420877] RSP: 0018:88103fec3880 EFLAGS: 00010286 [ 215.484436] RAX: 881011631000 RBX: 881011067100 RCX: [ 215.569836] RDX: RSI: RDI: 881011067100 [ 215.655234] RBP: 88103fec38a8 R08: 0008 R09: 8810116300a0 [ 215.740629] R10: R11: R12: 881018917dce [ 215.826030] R13: 81c9be00 R14: 81c9be00 R15: 881011630078 [ 215.911432] FS: () GS:88103fec() knlGS: [ 216.008274] CS: 0010 DS: ES: CR0: 80050033 [ 216.077032] CR2: CR3: 001011b9d000 CR4: 001406e0 [ 216.162430] Stack: [ 216.186461] 8157d7f9 881011067100 881018917dce 88101163 [ 216.275407] 81c9be00 88103fec3918 8157e0db [ 216.364352] [ 216.453301] Call Trace: [ 216.482536] [ 216.505533] [] ? ip_rcv_finish+0x99/0x320 [ 216.575442] [] ip_rcv+0x25b/0x370 [ 216.634842] [] __netif_receive_skb_core+0x2cb/0xa20 [ 216.712965] [] __netif_receive_skb+0x18/0x60 [ 216.783801] [] netif_receive_skb_internal+0x23/0x80 [ 216.861921] [] netif_receive_skb+0x1c/0x70 [ 216.930686] [] br_handle_frame_finish+0x1b9/0x5b0 [bridge] [ 217.016091] [] ? ___slab_alloc+0x1d0/0x440 [ 217.084849] [] br_nf_pre_routing_finish+0x174/0x3d0 [br_netfilter] [ 217.178568] [] ? br_nf_pre_routing+0x97/0x470 [br_netfilter] [ 217.266052] [] ? br_handle_local_finish+0x80/0x80 [bridge] [ 217.351450] [] br_nf_pre_routing+0x1a7/0x470 [br_netfilter] [ 217.437891] [] nf_iterate+0x5d/0x70 [ 217.499367] [] nf_hook_slow+0x64/0xc0 [ 217.562928] [] br_handle_frame+0x1b9/0x290 [bridge] [ 217.641048] [] ? br_handle_local_finish+0x80/0x80 [bridge] [ 217.726446] [] __netif_receive_skb_core+0x342/0xa20 [ 217.804566] [] ? tcp4_gro_receive+0x126/0x1d0 [ 217.876445] [] ? inet_gro_receive+0x1c6/0x250 [ 217.948322] [] __netif_receive_skb+0x18/0x60 [ 218.019161] [] netif_receive_skb_internal+0x23/0x80 [ 218.097281] [] napi_gro_receive+0xc3/0x110 [ 218.166051] [] ixgbe_clean_rx_irq+0x52f/0xa70 [ixgbe] [ 218.246255] [] ixgbe_poll+0x438/0x790 [ixgbe] [ 218.318131] [] net_rx_action+0x1ee/0x320 [ 218.384813] [] ? handle_irq_event_percpu+0x167/0x1d0 [ 218.463973] [] __do_softirq+0x101/0x280 [ 218.529608] [] irq_exit+0x8e/0x90 [ 218.589007] [] do_IRQ+0x54/0xd0 [ 218.646323] [] common_interrupt+0x82/0x82 To manage notifications about this bug go to:
[Group.of.nepali.translators] [Bug 1672470] Re: ip_rcv_finish() NULL pointer kernel panic
** Also affects: linux (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Vivid) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Zesty) Importance: Medium Assignee: Dan Streetman (ddstreet) Status: In Progress ** Changed in: linux (Ubuntu Yakkety) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Xenial) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Vivid) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Trusty) Importance: Undecided => Medium ** Changed in: linux (Ubuntu Yakkety) Status: New => Confirmed ** Changed in: linux (Ubuntu Xenial) Status: New => Confirmed ** Changed in: linux (Ubuntu Vivid) Status: New => Confirmed ** Changed in: linux (Ubuntu Trusty) Status: New => Confirmed -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1672470 Title: ip_rcv_finish() NULL pointer kernel panic Status in linux package in Ubuntu: In Progress Status in linux source package in Trusty: Confirmed Status in linux source package in Vivid: Confirmed Status in linux source package in Xenial: Confirmed Status in linux source package in Yakkety: Confirmed Status in linux source package in Zesty: In Progress Bug description: The br_netfilter module processes packets traveling through its bridge, and while processing each skb it places a special fake dst onto the skb. When the skb leaves the bridge, it removes the fake dst and places a real dst onto it. However, it uses a hook to do this, and when the br_netfilter module is unloading it unregisters that hook. Any skbs that are currently being processed in the bridge by the br_netfilter module, but that leave the bridge after the hook is unregistered (or, during br_netfilter module load, before the hook is registered) will still have the fake dst; when other code then tries to process that dst, it causes a kernel panic because the dst is invalid. Recent upstream discussion: https://www.spinics.net/lists/netdev/msg416912.html Upstream patch (not yet merged into net-next): https://patchwork.ozlabs.org/patch/738275/ example panic report: [ 214.518262] BUG: unable to handle kernel NULL pointer dereference at (null) [ 214.612199] IP: [< (null)>] (null) [ 214.672744] PGD 0 [ 214.696887] Oops: 0010 [#1] SMP [ 214.735697] Modules linked in: br_netfilter(+) tun 8021q bridge stp llc bonding iTCO_wdt iTCO_vendor_support tpm_tis tpm kvm_intel kvm irqbypass sb_edac edac_core ixgbe mdio ipmi_si ipmi_msghandler lpc_ich mfd_core mousedev evdev igb dca procmemro(O) nokeyctl(O) noptrace(O) [ 215.029240] CPU: 34 PID: 0 Comm: swapper/34 Tainted: G O 4.4.39 #1 [ 215.116720] Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.13a.0.0713160937 07/13/16 [ 215.241644] task: 882038fb4380 ti: 8810392b task.ti: 8810392b [ 215.331207] RIP: 0010:[<>] [< (null)>] (null) [ 215.420877] RSP: 0018:88103fec3880 EFLAGS: 00010286 [ 215.484436] RAX: 881011631000 RBX: 881011067100 RCX: [ 215.569836] RDX: RSI: RDI: 881011067100 [ 215.655234] RBP: 88103fec38a8 R08: 0008 R09: 8810116300a0 [ 215.740629] R10: R11: R12: 881018917dce [ 215.826030] R13: 81c9be00 R14: 81c9be00 R15: 881011630078 [ 215.911432] FS: () GS:88103fec() knlGS: [ 216.008274] CS: 0010 DS: ES: CR0: 80050033 [ 216.077032] CR2: CR3: 001011b9d000 CR4: 001406e0 [ 216.162430] Stack: [ 216.186461] 8157d7f9 881011067100 881018917dce 88101163 [ 216.275407] 81c9be00 88103fec3918 8157e0db [ 216.364352] [ 216.453301] Call Trace: [ 216.482536] [ 216.505533] [] ? ip_rcv_finish+0x99/0x320 [ 216.575442] [] ip_rcv+0x25b/0x370 [ 216.634842] [] __netif_receive_skb_core+0x2cb/0xa20 [ 216.712965] [] __netif_receive_skb+0x18/0x60 [ 216.783801] [] netif_receive_skb_internal+0x23/0x80 [ 216.861921] [] netif_receive_skb+0x1c/0x70 [ 216.930686] [] br_handle_frame_finish+0x1b9/0x5b0 [bridge] [ 217.016091] [] ? ___slab_alloc+0x1d0/0x440 [ 217.084849] [] br_nf_pre_routing_finish+0x174/0x3d0 [br_netfilter] [ 217.178568] [] ? br_nf_pre_routing+0x97/0x470 [br_netfilter] [ 217.266052] [] ? br_handle_local_finish+0x80/0x80 [bridge] [