I can confirm that we experienced the same problem on one VM after upgrade from 4.4.0-179-generic to 4.4.0-184-generic last weekend. Since the rollback to the last working kernel this VM is running stable for over 25h now. Ubound Version 1.5.8 is also installed and running on this VM Don't have any crashdump, but the traceback looks the same:
[ 1963.770497] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 [ 1963.781264] IP: [<ffffffff818288ab>] icmp6_send+0x1fb/0x970 [ 1963.782881] PGD 0 [ 1963.783503] Oops: 0000 [#1] SMP [ 1963.784479] Modules linked in: binfmt_misc ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables ipt_REJECT nf_reject_ipv4 nf_log_ipv4 nf_log_common xt_LOG xt_limit xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter ip_tables x_tables kvm_intel kvm irqbypass input_leds joydev serio_raw i2c_piix4 mac_hid 8250_fintek autofs4 qxl ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops psmouse drm pata_acpi floppy [ 1963.794748] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.0-184-generic #214-Ubuntu [ 1963.796182] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 [ 1963.797696] task: ffff880236330d00 ti: ffff88023633c000 task.ti: ffff88023633c000 [ 1963.799081] RIP: 0010:[<ffffffff818288ab>] [<ffffffff818288ab>] icmp6_send+0x1fb/0x970 [ 1963.800628] RSP: 0018:ffff88023fd03d00 EFLAGS: 00010246 [ 1963.801630] RAX: 0000000000000000 RBX: ffff8800bbad6700 RCX: 0000000000000020 [ 1963.802948] RDX: 0000000000000001 RSI: 0000000000000200 RDI: ffff880232c86a56 [ 1963.804281] RBP: ffff88023fd03e20 R08: 0000000000000000 R09: ffff880232c86a66 [ 1963.805625] R10: 0000000000000080 R11: 0000000000000000 R12: ffff880232c86a4e [ 1963.806951] R13: ffffffff81efb6c0 R14: 0000000000000001 R15: 0000000000000003 [ 1963.808399] FS: 0000000000000000(0000) GS:ffff88023fd00000(0000) knlGS:0000000000000000 [ 1963.809910] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1963.810987] CR2: 0000000000000018 CR3: 0000000234d7a000 CR4: 0000000000000670 [ 1963.812324] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1963.813662] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1963.815001] Stack: [ 1963.815395] 0000000000000001 0000000000000000 0000000000000000 23dc61b86a54e883 [ 1963.816889] ffff8802371b3a98 ffff8802371b3ae0 00000000371b3a80 ffff880232c86a56 [ 1963.818372] ffff880200000001 ffffffff00000000 ffff880232c86a66 0000000000000000 [ 1963.819847] Call Trace: [ 1963.820317] <IRQ> [ 1963.820778] [<ffffffffc0158e40>] ? emulator_pio_in_emulated+0x1a0/0x1a0 [kvm] [ 1963.822192] [<ffffffff810a87bc>] ? notifier_call_chain+0x4c/0x70 [ 1963.823330] [<ffffffff81868280>] ? _raw_spin_unlock_bh+0x20/0x50 [ 1963.824475] [<ffffffff81841ed1>] icmpv6_send+0x21/0x30 [ 1963.825452] [<ffffffff8182fe95>] ip6_expire_frag_queue+0x115/0x1b0 [ 1963.826622] [<ffffffffc024b260>] ? nf_ct_net_exit+0x50/0x50 [nf_defrag_ipv6] [ 1963.827951] [<ffffffffc024b27f>] nf_ct_frag6_expire+0x1f/0x30 [nf_defrag_ipv6] [ 1963.829365] [<ffffffff810f57c7>] call_timer_fn+0x37/0x140 [ 1963.830428] [<ffffffffc024b260>] ? nf_ct_net_exit+0x50/0x50 [nf_defrag_ipv6] [ 1963.831826] [<ffffffff810f70d4>] run_timer_softirq+0x234/0x330 [ 1963.832958] [<ffffffff8108b509>] __do_softirq+0x109/0x2b0 [ 1963.834002] [<ffffffff8108b825>] irq_exit+0xa5/0xb0 [ 1963.834956] [<ffffffff8186c250>] smp_apic_timer_interrupt+0x50/0x70 [ 1963.836164] [<ffffffff81869994>] apic_timer_interrupt+0xd4/0xe0 [ 1963.837292] <EOI> [ 1963.837695] [<ffffffff81039130>] ? speculation_ctrl_update_tif+0x80/0x80 [ 1963.839394] [<ffffffff81067af2>] ? native_safe_halt+0x12/0x20 [ 1963.840723] [<ffffffff8103914e>] default_idle+0x1e/0xe0 [ 1963.841943] [<ffffffff81039ff5>] arch_cpu_idle+0x15/0x20 [ 1963.843171] [<ffffffff810cc03a>] default_idle_call+0x2a/0x40 [ 1963.844486] [<ffffffff810cc3b3>] cpu_startup_entry+0x303/0x360 [ 1963.845822] [<ffffffff81053e67>] start_secondary+0x177/0x1b0 [ 1963.847102] Code: 8b 5c 24 40 75 46 f6 c2 02 74 05 f6 c2 30 75 3c 48 8b 43 58 44 89 5c 24 34 89 54 24 40 44 89 44 24 48 4c 89 4c 24 60 48 83 e0 fe <48> 8b 78 18 e8 4c 0b 03 00 41 89 c2 4c 8b 4c 24 60 44 8b 44 24 [ 1963.852721] RIP [<ffffffff818288ab>] icmp6_send+0x1fb/0x970 [ 1963.854022] RSP <ffff88023fd03d00> [ 1963.854896] CR2: 0000000000000018 [ 1963.857283] ---[ end trace e8d1fc7789e99b6a ]--- [ 1963.858369] Kernel panic - not syncing: Fatal exception in interrupt [ 1963.860271] Kernel Offset: disabled [ 1963.861149] ---[ end Kernel panic - not syncing: Fatal exception in interrupt -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1883498 Title: Frequent Panic in ip6_expire_frag_queue->icmpv6_send on 4.4.0-184-generic Status in linux package in Ubuntu: Confirmed Bug description: I happened to do an upgrade on a number of servers last week. Some of them got 4.4.0-179-generic and the ones upgraded a bit later during the week got 4.4.0-184-generic as it was just released. The ones with 4.4.0-184-generic started getting stuck. With linux-crashdump installed I obtained the dmesgs and crash dumps. The backtrace appears somewhat similar to #202669 but that one only happened on bare hardware for us - this one is on KVM virtual instances. #202669 paniced in icmpv6_route_lookup and this one dies already in icmpv6_send. Between 2020-06-11 and 2020-06-15, on a set of 12 VMs running 4.4.0-184-generic, there were 85 crashes like this, on servers with noticeable IPv6 traffic. All of the 12 VMs with 4.4.0-184-generic crashed at least once. (There are more than 12 VMs experiencing this, this is just the set I had linux-crashdump on.) [57063.487084] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 [57063.487184] IP: [<ffffffff818288ab>] icmp6_send+0x1fb/0x970 [57063.487218] PGD 0 [57063.487231] Oops: 0000 [#1] SMP [57063.488665] Call Trace: [57063.488679] <IRQ> [57063.488705] [<ffffffff81756ee8>] ? __netif_receive_skb+0x18/0x60 [57063.488739] [<ffffffff810c3758>] ? task_tick_fair+0x4c8/0x8e0 [57063.488771] [<ffffffff81868280>] ? _raw_spin_unlock_bh+0x20/0x50 [57063.488802] [<ffffffff81841ed1>] icmpv6_send+0x21/0x30 [57063.488829] [<ffffffff8182fe95>] ip6_expire_frag_queue+0x115/0x1b0 [57063.488862] [<ffffffffc0366260>] ? nf_ct_net_exit+0x50/0x50 [nf_defrag_ipv6] [57063.488897] [<ffffffffc036627f>] nf_ct_frag6_expire+0x1f/0x30 [nf_defrag_ipv6] [57063.488937] [<ffffffff810f57c7>] call_timer_fn+0x37/0x140 [57063.488965] [<ffffffffc0366260>] ? nf_ct_net_exit+0x50/0x50 [nf_defrag_ipv6] [57063.489002] [<ffffffff810f70d4>] run_timer_softirq+0x234/0x330 ... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883498/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
