SRU request submitted:
https://lists.ubuntu.com/archives/kernel-team/2018-September/095673.html
** Description changed:
- Hi,
- We've experienced crashes on machines running iptables using ipsets.
- We could get a trace from the console on one of them (attached file
kernel-trace.txt).
+ == SRU Justification ==
+ A regression was introduced in Xenial, even prior to v4.4 Final. I did
+ not test prior to this kernel once I found the bug was fixed in
+ mainline. The bug reporter experienced crashes on machines running
+ iptables using ipsets. He could get a trace from the console on one of
+ them which is attached to the bug report.
- On these machines, some ipset commands are automatically run to update the
sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
- We strongly suspect the panic is happening due to a race when ipset updates
happen at the same time as a dump.
+ On these machines, some ipset commands are automatically run to update the
+ sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
- These machines are running xenial. Before the crash, they were on
- 4.4.0-116-generic #140-Ubuntu, but then rebooted into 4.4.0-135-generic
- #161-Ubuntu.
+ I was able to reproduce this bug as was cking. This bug was found to be
+ fixed by mainline commits 596cf3fe5854 and e5173418ac59.
- I have an ipset save running in loops on one of these machines to try
- and reproduce quicker.
+
+ == Fixes ==
+ 596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and
delete")
+ e5173418ac59 ("netfilter: ipset: Fix race between dump and swap")
+
+ == Regression Potential ==
+ Low. This fixes a regression and is limited to netfilter.
+
+ == Test Case ==
+ A test kernel was built with these patches and tested by myself and cking.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1793753
Title:
kernel panic - null pointer dereference on ipset operations
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
