[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
** Tags added: cscc
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1793753
Title:
kernel panic - null pointer dereference on ipset operations
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
A regression was introduced in Xenial, even prior to v4.4 Final. I did
not test prior to this kernel once I found the bug was fixed in
mainline. The bug reporter experienced crashes on machines running
iptables using ipsets. He could get a trace from the console on one of
them which is attached to the bug report.
On these machines, some ipset commands are automatically run to update the
sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
I was able to reproduce this bug as was cking. This bug was found to be
fixed by mainline commits 596cf3fe5854 and e5173418ac59.
== Fixes ==
596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and
delete")
e5173418ac59 ("netfilter: ipset: Fix race between dump and swap")
== Regression Potential ==
Low. This fixes a regression and is limited to netfilter.
== Test Case ==
A test kernel was built with these patches and tested by myself and cking.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
I've tested the proposed kernel under the previous test environment -
after two hours the host was still up, where as it would have previously
crashed within 30 minutes or so. As such, this appears to prevent the
panic.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1793753
Title:
kernel panic - null pointer dereference on ipset operations
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
A regression was introduced in Xenial, even prior to v4.4 Final. I did
not test prior to this kernel once I found the bug was fixed in
mainline. The bug reporter experienced crashes on machines running
iptables using ipsets. He could get a trace from the console on one of
them which is attached to the bug report.
On these machines, some ipset commands are automatically run to update the
sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
I was able to reproduce this bug as was cking. This bug was found to be
fixed by mainline commits 596cf3fe5854 and e5173418ac59.
== Fixes ==
596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and
delete")
e5173418ac59 ("netfilter: ipset: Fix race between dump and swap")
== Regression Potential ==
Low. This fixes a regression and is limited to netfilter.
== Test Case ==
A test kernel was built with these patches and tested by myself and cking.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1793753
Title:
kernel panic - null pointer dereference on ipset operations
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
A regression was introduced in Xenial, even prior to v4.4 Final. I did
not test prior to this kernel once I found the bug was fixed in
mainline. The bug reporter experienced crashes on machines running
iptables using ipsets. He could get a trace from the console on one of
them which is attached to the bug report.
On these machines, some ipset commands are automatically run to update the
sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
I was able to reproduce this bug as was cking. This bug was found to be
fixed by mainline commits 596cf3fe5854 and e5173418ac59.
== Fixes ==
596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and
delete")
e5173418ac59 ("netfilter: ipset: Fix race between dump and swap")
== Regression Potential ==
Low. This fixes a regression and is limited to netfilter.
== Test Case ==
A test kernel was built with these patches and tested by myself and cking.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
I could reproduce the panic with a loop of ipset destroys / swaps / restores
and then saves in another. Standard xenial machines consistently panic within a
few minutes max.
With the same loops and the proposed kernel, I got them running overnight
without any issues.
I'll check with Joel and if he's also ok, we'll add the
verification-done-xenial tag.
Laurent
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1793753
Title:
kernel panic - null pointer dereference on ipset operations
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
A regression was introduced in Xenial, even prior to v4.4 Final. I did
not test prior to this kernel once I found the bug was fixed in
mainline. The bug reporter experienced crashes on machines running
iptables using ipsets. He could get a trace from the console on one of
them which is attached to the bug report.
On these machines, some ipset commands are automatically run to update the
sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
I was able to reproduce this bug as was cking. This bug was found to be
fixed by mainline commits 596cf3fe5854 and e5173418ac59.
== Fixes ==
596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and
delete")
e5173418ac59 ("netfilter: ipset: Fix race between dump and swap")
== Regression Potential ==
Low. This fixes a regression and is limited to netfilter.
== Test Case ==
A test kernel was built with these patches and tested by myself and cking.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
xenial' to 'verification-done-xenial'. If the problem still exists,
change the tag 'verification-needed-xenial' to 'verification-failed-
xenial'.
If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.
See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!
** Tags added: verification-needed-xenial
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1793753
Title:
kernel panic - null pointer dereference on ipset operations
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
A regression was introduced in Xenial, even prior to v4.4 Final. I did
not test prior to this kernel once I found the bug was fixed in
mainline. The bug reporter experienced crashes on machines running
iptables using ipsets. He could get a trace from the console on one of
them which is attached to the bug report.
On these machines, some ipset commands are automatically run to update the
sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
I was able to reproduce this bug as was cking. This bug was found to be
fixed by mainline commits 596cf3fe5854 and e5173418ac59.
== Fixes ==
596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and
delete")
e5173418ac59 ("netfilter: ipset: Fix race between dump and swap")
== Regression Potential ==
Low. This fixes a regression and is limited to netfilter.
== Test Case ==
A test kernel was built with these patches and tested by myself and cking.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
** Changed in: linux (Ubuntu Xenial)
Status: Fix Committed => Fix Released
** Changed in: linux (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1793753
Title:
kernel panic - null pointer dereference on ipset operations
Status in linux package in Ubuntu:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
A regression was introduced in Xenial, even prior to v4.4 Final. I did
not test prior to this kernel once I found the bug was fixed in
mainline. The bug reporter experienced crashes on machines running
iptables using ipsets. He could get a trace from the console on one of
them which is attached to the bug report.
On these machines, some ipset commands are automatically run to update the
sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
I was able to reproduce this bug as was cking. This bug was found to be
fixed by mainline commits 596cf3fe5854 and e5173418ac59.
== Fixes ==
596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and
delete")
e5173418ac59 ("netfilter: ipset: Fix race between dump and swap")
== Regression Potential ==
Low. This fixes a regression and is limited to netfilter.
== Test Case ==
A test kernel was built with these patches and tested by myself and cking.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
** Changed in: linux (Ubuntu Xenial)
Status: In Progress => Fix Committed
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1793753
Title:
kernel panic - null pointer dereference on ipset operations
Status in linux package in Ubuntu:
Fix Committed
Status in linux source package in Xenial:
Fix Committed
Bug description:
== SRU Justification ==
A regression was introduced in Xenial, even prior to v4.4 Final. I did
not test prior to this kernel once I found the bug was fixed in
mainline. The bug reporter experienced crashes on machines running
iptables using ipsets. He could get a trace from the console on one of
them which is attached to the bug report.
On these machines, some ipset commands are automatically run to update the
sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
I was able to reproduce this bug as was cking. This bug was found to be
fixed by mainline commits 596cf3fe5854 and e5173418ac59.
== Fixes ==
596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and
delete")
e5173418ac59 ("netfilter: ipset: Fix race between dump and swap")
== Regression Potential ==
Low. This fixes a regression and is limited to netfilter.
== Test Case ==
A test kernel was built with these patches and tested by myself and cking.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
SRU request submitted:
https://lists.ubuntu.com/archives/kernel-team/2018-September/095673.html
** Description changed:
- Hi,
- We've experienced crashes on machines running iptables using ipsets.
- We could get a trace from the console on one of them (attached file
kernel-trace.txt).
+ == SRU Justification ==
+ A regression was introduced in Xenial, even prior to v4.4 Final. I did
+ not test prior to this kernel once I found the bug was fixed in
+ mainline. The bug reporter experienced crashes on machines running
+ iptables using ipsets. He could get a trace from the console on one of
+ them which is attached to the bug report.
- On these machines, some ipset commands are automatically run to update the
sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
- We strongly suspect the panic is happening due to a race when ipset updates
happen at the same time as a dump.
+ On these machines, some ipset commands are automatically run to update the
+ sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
- These machines are running xenial. Before the crash, they were on
- 4.4.0-116-generic #140-Ubuntu, but then rebooted into 4.4.0-135-generic
- #161-Ubuntu.
+ I was able to reproduce this bug as was cking. This bug was found to be
+ fixed by mainline commits 596cf3fe5854 and e5173418ac59.
- I have an ipset save running in loops on one of these machines to try
- and reproduce quicker.
+
+ == Fixes ==
+ 596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and
delete")
+ e5173418ac59 ("netfilter: ipset: Fix race between dump and swap")
+
+ == Regression Potential ==
+ Low. This fixes a regression and is limited to netfilter.
+
+ == Test Case ==
+ A test kernel was built with these patches and tested by myself and cking.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1793753
Title:
kernel panic - null pointer dereference on ipset operations
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
In Progress
Bug description:
== SRU Justification ==
A regression was introduced in Xenial, even prior to v4.4 Final. I did
not test prior to this kernel once I found the bug was fixed in
mainline. The bug reporter experienced crashes on machines running
iptables using ipsets. He could get a trace from the console on one of
them which is attached to the bug report.
On these machines, some ipset commands are automatically run to update the
sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
I was able to reproduce this bug as was cking. This bug was found to be
fixed by mainline commits 596cf3fe5854 and e5173418ac59.
== Fixes ==
596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and
delete")
e5173418ac59 ("netfilter: ipset: Fix race between dump and swap")
== Regression Potential ==
Low. This fixes a regression and is limited to netfilter.
== Test Case ==
A test kernel was built with these patches and tested by myself and cking.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
A combination of two commits seems to resolve this bug:
596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and
delete")
e5173418ac59 ("netfilter: ipset: Fix race between dump and swap")
I built a Xenial test kernel with these two commits. The test kernel can be
downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1793753
Can you test this kernel and see if it resolves this bug?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1793753
Title:
kernel panic - null pointer dereference on ipset operations
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
In Progress
Bug description:
Hi,
We've experienced crashes on machines running iptables using ipsets.
We could get a trace from the console on one of them (attached file
kernel-trace.txt).
On these machines, some ipset commands are automatically run to update the
sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
We strongly suspect the panic is happening due to a race when ipset updates
happen at the same time as a dump.
These machines are running xenial. Before the crash, they were on
4.4.0-116-generic #140-Ubuntu, but then rebooted into
4.4.0-135-generic #161-Ubuntu.
I have an ipset save running in loops on one of these machines to try
and reproduce quicker.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
I believe this is the fix that landed in mainline as of v4.14-rc5: e517341 netfilter: ipset: Fix race between dump and swap I'm testing now and will post a test kernel for others to test as well. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1793753 Title: kernel panic - null pointer dereference on ipset operations Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: Hi, We've experienced crashes on machines running iptables using ipsets. We could get a trace from the console on one of them (attached file kernel-trace.txt). On these machines, some ipset commands are automatically run to update the sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). We strongly suspect the panic is happening due to a race when ipset updates happen at the same time as a dump. These machines are running xenial. Before the crash, they were on 4.4.0-116-generic #140-Ubuntu, but then rebooted into 4.4.0-135-generic #161-Ubuntu. I have an ipset save running in loops on one of these machines to try and reproduce quicker. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
I can reproduce this bug now as well as cking. Thanks for the assistance cking! This bug has actually been around prior 4.4.0, but it fixed in 4.15.0 or newer. Commit 596cf3fe5854fe does not actually fix this bug, but it does provide a test case to reproduce this. I will now perform a "Reverse" bisect and narrow down the commit(s) needed to resolve this bug. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1793753 Title: kernel panic - null pointer dereference on ipset operations Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: Hi, We've experienced crashes on machines running iptables using ipsets. We could get a trace from the console on one of them (attached file kernel-trace.txt). On these machines, some ipset commands are automatically run to update the sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). We strongly suspect the panic is happening due to a race when ipset updates happen at the same time as a dump. These machines are running xenial. Before the crash, they were on 4.4.0-116-generic #140-Ubuntu, but then rebooted into 4.4.0-135-generic #161-Ubuntu. I have an ipset save running in loops on one of these machines to try and reproduce quicker. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
I've been trying variations of this in a loop but have been unable to reproduce: ipset create hash_ip1 hash:ip family inet hashsize 1024 maxelem 50 counters ipset create hash_ip2 hash:ip family inet hashsize 30 maxelem 50 counters ipset create hash_ip3 hash:ip family inet hashsize 1024 maxelem 50 counters ipset save & ipset swap hash_ip3 hash_ip2 ipset destroy hash_ip3 @joel sing, is this similar to how you were able to reproduce the bug? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1793753 Title: kernel panic - null pointer dereference on ipset operations Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: Hi, We've experienced crashes on machines running iptables using ipsets. We could get a trace from the console on one of them (attached file kernel-trace.txt). On these machines, some ipset commands are automatically run to update the sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). We strongly suspect the panic is happening due to a race when ipset updates happen at the same time as a dump. These machines are running xenial. Before the crash, they were on 4.4.0-116-generic #140-Ubuntu, but then rebooted into 4.4.0-135-generic #161-Ubuntu. I have an ipset save running in loops on one of these machines to try and reproduce quicker. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
Just to confirm, this is a regression? This bug did not happen with 4.4.0-116, and started with 4.4.0-135? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1793753 Title: kernel panic - null pointer dereference on ipset operations Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: Hi, We've experienced crashes on machines running iptables using ipsets. We could get a trace from the console on one of them (attached file kernel-trace.txt). On these machines, some ipset commands are automatically run to update the sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). We strongly suspect the panic is happening due to a race when ipset updates happen at the same time as a dump. These machines are running xenial. Before the crash, they were on 4.4.0-116-generic #140-Ubuntu, but then rebooted into 4.4.0-135-generic #161-Ubuntu. I have an ipset save running in loops on one of these machines to try and reproduce quicker. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
Note, for the test kernel, you need to install both the linux-image and linux-image-extra .deb packages. ** Changed in: linux (Ubuntu Xenial) Status: Triaged => In Progress ** Changed in: linux (Ubuntu) Status: Triaged => In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1793753 Title: kernel panic - null pointer dereference on ipset operations Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: Hi, We've experienced crashes on machines running iptables using ipsets. We could get a trace from the console on one of them (attached file kernel-trace.txt). On these machines, some ipset commands are automatically run to update the sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). We strongly suspect the panic is happening due to a race when ipset updates happen at the same time as a dump. These machines are running xenial. Before the crash, they were on 4.4.0-116-generic #140-Ubuntu, but then rebooted into 4.4.0-135-generic #161-Ubuntu. I have an ipset save running in loops on one of these machines to try and reproduce quicker. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
I built a Xenial test kernel with commit 596cf3fe5854fe2b1703b0466ed6bf9cfb83c91e. The test kernel can be downloaded from: http://kernel.ubuntu.com/~jsalisbury/lp1793753 Can you test this kernel and see if it resolves this bug? If you are unable to test, could you provide the commands that you found to reproduce this bug? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1793753 Title: kernel panic - null pointer dereference on ipset operations Status in linux package in Ubuntu: In Progress Status in linux source package in Xenial: In Progress Bug description: Hi, We've experienced crashes on machines running iptables using ipsets. We could get a trace from the console on one of them (attached file kernel-trace.txt). On these machines, some ipset commands are automatically run to update the sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). We strongly suspect the panic is happening due to a race when ipset updates happen at the same time as a dump. These machines are running xenial. Before the crash, they were on 4.4.0-116-generic #140-Ubuntu, but then rebooted into 4.4.0-135-generic #161-Ubuntu. I have an ipset save running in loops on one of these machines to try and reproduce quicker. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
I'll try to reproduce this bug. @joel Sing do you happen to have the reproducer script available? In parallel, I'll also build a Xenial test kernel with the commit posted by @Haw Loeung in comment 4 ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed ** Changed in: linux (Ubuntu) Assignee: (unassigned) => Joseph Salisbury (jsalisbury) ** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Xenial) Importance: Undecided => High ** Changed in: linux (Ubuntu Xenial) Assignee: (unassigned) => Joseph Salisbury (jsalisbury) ** Changed in: linux (Ubuntu Xenial) Status: New => Triaged ** Changed in: linux (Ubuntu) Status: Confirmed => Triaged ** Changed in: linux (Ubuntu) Importance: High => Critical ** Changed in: linux (Ubuntu Xenial) Importance: High => Critical ** Tags added: kernel-key -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1793753 Title: kernel panic - null pointer dereference on ipset operations Status in linux package in Ubuntu: Triaged Status in linux source package in Xenial: Triaged Bug description: Hi, We've experienced crashes on machines running iptables using ipsets. We could get a trace from the console on one of them (attached file kernel-trace.txt). On these machines, some ipset commands are automatically run to update the sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). We strongly suspect the panic is happening due to a race when ipset updates happen at the same time as a dump. These machines are running xenial. Before the crash, they were on 4.4.0-116-generic #140-Ubuntu, but then rebooted into 4.4.0-135-generic #161-Ubuntu. I have an ipset save running in loops on one of these machines to try and reproduce quicker. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
Would it be possible for you to test the latest upstream kernel? Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Please test the latest v4.19 kernel[0]. If this bug is fixed in the mainline kernel, please add the following tag 'kernel-fixed-upstream'. If the mainline kernel does not fix this bug, please add the tag: 'kernel-bug-exists-upstream'. Once testing of the upstream kernel is complete, please mark this bug as "Confirmed". Thanks in advance. [0] http://kernel.ubuntu.com/~kernel-ppa/mainline/v4.19-rc5 ** Changed in: linux (Ubuntu) Importance: Undecided => High ** Changed in: linux (Ubuntu) Status: Confirmed => Incomplete ** Tags added: needs-bisect -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1793753 Title: kernel panic - null pointer dereference on ipset operations Status in linux package in Ubuntu: Incomplete Bug description: Hi, We've experienced crashes on machines running iptables using ipsets. We could get a trace from the console on one of them (attached file kernel-trace.txt). On these machines, some ipset commands are automatically run to update the sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). We strongly suspect the panic is happening due to a race when ipset updates happen at the same time as a dump. These machines are running xenial. Before the crash, they were on 4.4.0-116-generic #140-Ubuntu, but then rebooted into 4.4.0-135-generic #161-Ubuntu. I have an ipset save running in loops on one of these machines to try and reproduce quicker. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
Maybe it's fixed in this commit which landed in Linux 4.6-rc2: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=596cf3fe5854fe2b1703b0466ed6bf9cfb83c91e -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1793753 Title: kernel panic - null pointer dereference on ipset operations Status in linux package in Ubuntu: Confirmed Bug description: Hi, We've experienced crashes on machines running iptables using ipsets. We could get a trace from the console on one of them (attached file kernel-trace.txt). On these machines, some ipset commands are automatically run to update the sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). We strongly suspect the panic is happening due to a race when ipset updates happen at the same time as a dump. These machines are running xenial. Before the crash, they were on 4.4.0-116-generic #140-Ubuntu, but then rebooted into 4.4.0-135-generic #161-Ubuntu. I have an ipset save running in loops on one of these machines to try and reproduce quicker. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
I've been able to reproduce this panic by running Ubuntu Xenial under qemu, with a script that effectively does ipset restore/swap/destroy in a loop, while also running ipset save in a separate loop. ** Attachment added: "ipset-panic.txt" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+attachment/5191487/+files/ipset-panic.txt -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1793753 Title: kernel panic - null pointer dereference on ipset operations Status in linux package in Ubuntu: Confirmed Bug description: Hi, We've experienced crashes on machines running iptables using ipsets. We could get a trace from the console on one of them (attached file kernel-trace.txt). On these machines, some ipset commands are automatically run to update the sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). We strongly suspect the panic is happening due to a race when ipset updates happen at the same time as a dump. These machines are running xenial. Before the crash, they were on 4.4.0-116-generic #140-Ubuntu, but then rebooted into 4.4.0-135-generic #161-Ubuntu. I have an ipset save running in loops on one of these machines to try and reproduce quicker. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1793753] Re: kernel panic - null pointer dereference on ipset operations
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: linux (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1793753 Title: kernel panic - null pointer dereference on ipset operations Status in linux package in Ubuntu: Confirmed Bug description: Hi, We've experienced crashes on machines running iptables using ipsets. We could get a trace from the console on one of them (attached file kernel-trace.txt). On these machines, some ipset commands are automatically run to update the sets, and/or to dump them (ipset restore, swap, delete ... / ipset save). We strongly suspect the panic is happening due to a race when ipset updates happen at the same time as a dump. These machines are running xenial. Before the crash, they were on 4.4.0-116-generic #140-Ubuntu, but then rebooted into 4.4.0-135-generic #161-Ubuntu. I have an ipset save running in loops on one of these machines to try and reproduce quicker. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
