Ubuntu
linux package

Bug #1883681
Comment #13

Comment 13 for bug 1883681

Revision history for this message

Mauricio Faria de Oliveira (mfo) wrote on 2020-06-17:

#13

Hi Anand,

Thanks for reporting this bug.

Could you please try the kernel version in xenial-proposed? [1]
(version: 4.4.0-185.215)

It has a patch for what seems to be this problem, according
to the stack trace seen in apport's kernel crash dump below.

The patch is: 'net: handle no dst on skb in icmp6_send'

[1] https://wiki.ubuntu.com/Testing/EnableProposed

cheers,
Mauricio

...

The stacktrace from apport's 'kernel crash dump' attachment
(linux-image-4.4.0-184-generic-202006151751.crash):

$ apport-unpack linux-image-4.4.0-184-generic-202006151751.crash k/
$ ls k
Architecture Date DistroRelease Package ProblemType Uname VmCoreDmesg
$ cat k/VmCoreDmesg
...
[ 13.702003] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[ 962.936170] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
[ 962.936250] IP: [<ffffffff818288ab>] icmp6_send+0x1fb/0x970
[ 962.936296] PGD 0
[ 962.936314] Oops: 0000 [#1] SMP
[ 962.936341] Modules linked in: xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter ip_tables x_tables vmw_vsock_vmci_transport vsock coretemp ppdev vmw_balloon input_leds joydev serio_raw shpchp vmw_vmci i2c_piix4 8250_fintek parport_pc mac_hid lp parport autofs4 xfs libcrc32c vmwgfx psmouse ttm drm_kms_helper syscopyarea sysfillrect mptspi sysimgblt mptscsih fb_sys_fops mptbase drm vmxnet3 scsi_transport_spi pata_acpi floppy fjes
[ 962.936723] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.4.0-184-generic #214-Ubuntu
[ 962.936775] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/17/2015
[ 962.936844] task: ffff88013a562700 ti: ffff88013a570000 task.ti: ffff88013a570000
[ 962.936893] RIP: 0010:[<ffffffff818288ab>] [<ffffffff818288ab>] icmp6_send+0x1fb/0x970
[ 962.936950] RSP: 0018:ffff88013fd83d00 EFLAGS: 00010246
[ 962.936986] RAX: 0000000000000000 RBX: ffff880139f88a00 RCX: 0000000000000020
[ 962.937032] RDX: 0000000000000001 RSI: 0000000000000200 RDI: ffff8800b8448fd6
[ 962.937079] RBP: ffff88013fd83e20 R08: 0000000000000000 R09: ffff8800b8448fe6
[ 962.937126] R10: 0000000000000080 R11: 0000000000000000 R12: ffff8800b8448fce
[ 962.937172] R13: ffffffff81efb6c0 R14: 0000000000000001 R15: 0000000000000003
[ 962.937219] FS: 0000000000000000(0000) GS:ffff88013fd80000(0000) knlGS:0000000000000000
[ 962.937272] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 962.937310] CR2: 0000000000000018 CR3: 00000000ba602000 CR4: 0000000000000670
[ 962.937429] Stack:
[ 962.937448] 0000000000000000 0000000000000000 000000e032fd4a6a ffff88010026d82b
[ 962.937505] ffffffff810baaea ffff88013fd963b0 0000000000000000 ffff8800b8448fd6
[ 962.937565] ffff880100000001 0000000000000000 ffff8800b8448fe6 ffffffff810c077a
[ 962.937623] Call Trace:
[ 962.937642] <IRQ>
[ 962.937664] [<ffffffff810baaea>] ? select_idle_sibling+0x2a/0x120
[ 962.937708] [<ffffffff810c077a>] ? enqueue_task_fair+0xaa/0x8b0
[ 962.937753] [<ffffffff81038119>] ? sched_clock+0x9/0x10
[ 962.937790] [<ffffffff810b8c8f>] ? sched_clock_cpu+0x8f/0xa0
[ 962.937832] [<ffffffff810b2524>] ? check_preempt_curr+0x54/0x90
[ 962.939091] [<ffffffff81868280>] ? _raw_spin_unlock_bh+0x20/0x50
[ 962.940307] [<ffffffff81841ed1>] icmpv6_send+0x21/0x30
[ 962.941522] [<ffffffff8182fe95>] ip6_expire_frag_queue+0x115/0x1b0
[ 962.942710] [<ffffffff8182ff30>] ? ip6_expire_frag_queue+0x1b0/0x1b0
[ 962.943892] [<ffffffff8182ff4f>] ip6_frag_expire+0x1f/0x30
[ 962.945057] [<ffffffff810f57c7>] call_timer_fn+0x37/0x140
[ 962.946241] [<ffffffff8182ff30>] ? ip6_expire_frag_queue+0x1b0/0x1b0
[ 962.947410] [<ffffffff810f70d4>] run_timer_softirq+0x234/0x330
[ 962.948537] [<ffffffff8108b509>] __do_softirq+0x109/0x2b0
[ 962.949638] [<ffffffff8108b825>] irq_exit+0xa5/0xb0
[ 962.950696] [<ffffffff8186c250>] smp_apic_timer_interrupt+0x50/0x70
[ 962.951734] [<ffffffff81869994>] apic_timer_interrupt+0xd4/0xe0
[ 962.952755] <EOI>
[ 962.952775] [<ffffffff81039130>] ? speculation_ctrl_update_tif+0x80/0x80
[ 962.954720] [<ffffffff81067af2>] ? native_safe_halt+0x12/0x20
[ 962.955703] [<ffffffff8103914e>] default_idle+0x1e/0xe0
[ 962.956652] [<ffffffff81039ff5>] arch_cpu_idle+0x15/0x20
[ 962.957571] [<ffffffff810cc03a>] default_idle_call+0x2a/0x40
[ 962.958491] [<ffffffff810cc3b3>] cpu_startup_entry+0x303/0x360
[ 962.959399] [<ffffffff81053e67>] start_secondary+0x177/0x1b0
[ 962.960305] Code: 8b 5c 24 40 75 46 f6 c2 02 74 05 f6 c2 30 75 3c 48 8b 43 58 44 89 5c 24 34 89 54 24 40 44 89 44 24 48 4c 89 4c 24 60 48 83 e0 fe <48> 8b 78 18 e8 4c 0b 03 00 41 89 c2 4c 8b 4c 24 60 44 8b 44 24
[ 962.963319] RIP [<ffffffff818288ab>] icmp6_send+0x1fb/0x970
[ 962.964291] RSP <ffff88013fd83d00>
[ 962.965247] CR2: 0000000000000018

Hi Anand,

Thanks for reporting this bug.

Could you please try the kernel version in xenial-proposed? [1]
(version: 4.4.0-185.215)

It has a patch for what seems to be this problem, according
to the stack trace seen in apport's kernel crash dump below.

The patch is: 'net: handle no dst on skb in icmp6_send'

[1] https://wiki.ubuntu.com/Testing/EnableProposed

cheers,
Mauricio

...

The stacktrace from apport's 'kernel crash dump' attachment
(linux-image-4.4.0-184-generic-202006151751.crash):

$ apport-unpack linux-image-4.4.0-184-generic-202006151751.crash k/
$ ls k
Architecture  Date  DistroRelease  Package  ProblemType  Uname  VmCoreDmesg
$ cat k/VmCoreDmesg
...
[   13.702003] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[  962.936170] BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
[  962.936250] IP: [<ffffffff818288ab>] icmp6_send+0x1fb/0x970
[  962.936296] PGD 0
[  962.936314] Oops: 0000 [#1] SMP
[  962.936341] Modules linked in: xt_tcpudp nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack iptable_filter ip_tables x_tables vmw_vsock_vmci_transport vsock coretemp ppdev vmw_balloon input_leds joydev serio_raw shpchp vmw_vmci i2c_piix4 8250_fintek parport_pc mac_hid lp parport autofs4 xfs libcrc32c vmwgfx psmouse ttm drm_kms_helper syscopyarea sysfillrect mptspi sysimgblt mptscsih fb_sys_fops mptbase drm vmxnet3 scsi_transport_spi pata_acpi floppy fjes
[  962.936723] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.4.0-184-generic #214-Ubuntu
[  962.936775] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 09/17/2015
[  962.936844] task: ffff88013a562700 ti: ffff88013a570000 task.ti: ffff88013a570000
[  962.936893] RIP: 0010:[<ffffffff818288ab>]  [<ffffffff818288ab>] icmp6_send+0x1fb/0x970
[  962.936950] RSP: 0018:ffff88013fd83d00  EFLAGS: 00010246
[  962.936986] RAX: 0000000000000000 RBX: ffff880139f88a00 RCX: 0000000000000020
[  962.937032] RDX: 0000000000000001 RSI: 0000000000000200 RDI: ffff8800b8448fd6
[  962.937079] RBP: ffff88013fd83e20 R08: 0000000000000000 R09: ffff8800b8448fe6
[  962.937126] R10: 0000000000000080 R11: 0000000000000000 R12: ffff8800b8448fce
[  962.937172] R13: ffffffff81efb6c0 R14: 0000000000000001 R15: 0000000000000003
[  962.937219] FS:  0000000000000000(0000) GS:ffff88013fd80000(0000) knlGS:0000000000000000
[  962.937272] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  962.937310] CR2: 0000000000000018 CR3: 00000000ba602000 CR4: 0000000000000670
[  962.937429] Stack:
[  962.937448]  0000000000000000 0000000000000000 000000e032fd4a6a ffff88010026d82b
[  962.937505]  ffffffff810baaea ffff88013fd963b0 0000000000000000 ffff8800b8448fd6
[  962.937565]  ffff880100000001 0000000000000000 ffff8800b8448fe6 ffffffff810c077a
[  962.937623] Call Trace:
[  962.937642]  <IRQ>
[  962.937664]  [<ffffffff810baaea>] ? select_idle_sibling+0x2a/0x120
[  962.937708]  [<ffffffff810c077a>] ? enqueue_task_fair+0xaa/0x8b0
[  962.937753]  [<ffffffff81038119>] ? sched_clock+0x9/0x10
[  962.937790]  [<ffffffff810b8c8f>] ? sched_clock_cpu+0x8f/0xa0
[  962.937832]  [<ffffffff810b2524>] ? check_preempt_curr+0x54/0x90
[  962.939091]  [<ffffffff81868280>] ? _raw_spin_unlock_bh+0x20/0x50
[  962.940307]  [<ffffffff81841ed1>] icmpv6_send+0x21/0x30
[  962.941522]  [<ffffffff8182fe95>] ip6_expire_frag_queue+0x115/0x1b0
[  962.942710]  [<ffffffff8182ff30>] ? ip6_expire_frag_queue+0x1b0/0x1b0
[  962.943892]  [<ffffffff8182ff4f>] ip6_frag_expire+0x1f/0x30
[  962.945057]  [<ffffffff810f57c7>] call_timer_fn+0x37/0x140
[  962.946241]  [<ffffffff8182ff30>] ? ip6_expire_frag_queue+0x1b0/0x1b0
[  962.947410]  [<ffffffff810f70d4>] run_timer_softirq+0x234/0x330
[  962.948537]  [<ffffffff8108b509>] __do_softirq+0x109/0x2b0
[  962.949638]  [<ffffffff8108b825>] irq_exit+0xa5/0xb0
[  962.950696]  [<ffffffff8186c250>] smp_apic_timer_interrupt+0x50/0x70
[  962.951734]  [<ffffffff81869994>] apic_timer_interrupt+0xd4/0xe0
[  962.952755]  <EOI>
[  962.952775]  [<ffffffff81039130>] ? speculation_ctrl_update_tif+0x80/0x80
[  962.954720]  [<ffffffff81067af2>] ? native_safe_halt+0x12/0x20
[  962.955703]  [<ffffffff8103914e>] default_idle+0x1e/0xe0
[  962.956652]  [<ffffffff81039ff5>] arch_cpu_idle+0x15/0x20
[  962.957571]  [<ffffffff810cc03a>] default_idle_call+0x2a/0x40
[  962.958491]  [<ffffffff810cc3b3>] cpu_startup_entry+0x303/0x360
[  962.959399]  [<ffffffff81053e67>] start_secondary+0x177/0x1b0
[  962.960305] Code: 8b 5c 24 40 75 46 f6 c2 02 74 05 f6 c2 30 75 3c 48 8b 43 58 44 89 5c 24 34 89 54 24 40 44 89 44 24 48 4c 89 4c 24 60 48 83 e0 fe <48> 8b 78 18 e8 4c 0b 03 00 41 89 c2 4c 8b 4c 24 60 44 8b 44 24
[  962.963319] RIP  [<ffffffff818288ab>] icmp6_send+0x1fb/0x970
[  962.964291]  RSP <ffff88013fd83d00>
[  962.965247] CR2: 0000000000000018

Ubuntulinux package

Comment 13 for bug 1883681

Ubuntu
linux package