A combination of two commits seems to resolve this bug:
596cf3fe5854 ("netfilter: ipset: fix race condition in ipset save, swap and
delete")
e5173418ac59 ("netfilter: ipset: Fix race between dump and swap")
I built a Xenial test kernel with these two commits. The test kernel can be
downloaded from:
http://kernel.ubuntu.com/~jsalisbury/lp1793753
Can you test this kernel and see if it resolves this bug?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1793753
Title:
kernel panic - null pointer dereference on ipset operations
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Xenial:
In Progress
Bug description:
Hi,
We've experienced crashes on machines running iptables using ipsets.
We could get a trace from the console on one of them (attached file
kernel-trace.txt).
On these machines, some ipset commands are automatically run to update the
sets, and/or to dump them (ipset restore, swap, delete ... / ipset save).
We strongly suspect the panic is happening due to a race when ipset updates
happen at the same time as a dump.
These machines are running xenial. Before the crash, they were on
4.4.0-116-generic #140-Ubuntu, but then rebooted into
4.4.0-135-generic #161-Ubuntu.
I have an ipset save running in loops on one of these machines to try
and reproduce quicker.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1793753/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
