group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1811803] Re: Crash on "ip link add foo type ipip"

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1811803@xxxxxxxxxxxxxxxxxx>
Date: Wed, 06 Mar 2019 10:49:37 -0000
Reply-to: Bug 1811803 <1811803@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package linux - 4.18.0-16.17

---------------
linux (4.18.0-16.17) cosmic; urgency=medium

  * linux: 4.18.0-16.17 -proposed tracker (LP: #1814749)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2018-16880
    - vhost: fix OOB in get_rx_bufs()

  * RTL8822BE WiFi Disabled in Kernel 4.18.0-12 (LP: #1806472)
    - SAUCE: staging: rtlwifi: allow RTLWIFI_DEBUG_ST to be disabled
    - [Config] CONFIG_RTLWIFI_DEBUG_ST=n
    - SAUCE: Add r8822be to signature inclusion list

  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation

  * CVE-2018-18397
    - userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
    - userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem
    - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
    - userfaultfd: shmem: add i_size checks
    - userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set

  * Ignore "incomplete report" from Elan touchpanels (LP: #1813733)
    - HID: i2c-hid: Ignore input report if there's no data present on Elan
      touchpanels

  * Vsock connect fails with ENODEV for large CID (LP: #1813934)
    - vhost/vsock: fix vhost vsock cid hashing inconsistent

  * Fix non-working pinctrl-intel (LP: #1811777)
    - pinctrl: intel: Do pin translation in other GPIO operations as well

  * ip6_gre: fix tunnel list corruption for x-netns (LP: #1812875)
    - ip6_gre: fix tunnel list corruption for x-netns

  * Backported commit breaks audio (fixed upstream) (LP: #1811566)
    - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0
    - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook
      Clapper
    - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook
      Gnawty

  * kvm_stat : missing python dependency (LP: #1798776)
    - tools/kvm_stat: switch to python3

  * [SRU] Fix Xorg crash with nomodeset when BIOS enable 64-bit fb addr
    (LP: #1812797)
    - vgaarb: Add support for 64-bit frame buffer address
    - vgaarb: Keep adding VGA device in queue

  * Fix non-working QCA Rome Bluetooth after S3 (LP: #1812812)
    - USB: Add new USB LPM helpers
    - USB: Consolidate LPM checks to avoid enabling LPM twice

  * [SRU] IO's are issued with incorrect Scatter Gather Buffer (LP: #1795453)
    - scsi: megaraid_sas: Use 63-bit DMA addressing

  * x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
    (LP: #1813532)
    - x86/mm: Do not warn about PCI BIOS W+X mappings

  * CVE-2019-6133
    - fork: record start_time late

  * Fix not working Goodix touchpad (LP: #1811929)
    - HID: i2c-hid: Disable runtime PM on Goodix touchpad

  * bluetooth controller not detected with 4.15 kernel (LP: #1810797)
    - SAUCE: btqcomsmd: introduce BT_QCOMSMD_HACK
    - [Config] arm64: snapdragon: BT_QCOMSMD_HACK=y

  * X1 Extreme: only one of the two SSDs is loaded (LP: #1811755)
    - nvme-core: rework a NQN copying operation
    - nvme: pad fake subsys NQN vid and ssvid with zeros
    - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN

  * Crash on "ip link add foo type ipip" (LP: #1811803)
    - SAUCE: fan: Fix NULL pointer dereference

 -- Stefan Bader <stefan.bader@xxxxxxxxxxxxx>  Thu, 07 Feb 2019 23:23:02
+0100

** Changed in: linux (Ubuntu Cosmic)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16880

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1811803

Title:
  Crash on "ip link add foo type ipip"

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Xenial:
  Fix Committed
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Cosmic:
  Fix Released
Status in linux source package in Disco:
  Fix Released

Bug description:
  On 4.18.0-13-generic #14-Ubuntu SMP Wed Dec 5 09:04:24 UTC 2018 x86_64
  x86_64 x86_64 GNU/Linux

  When I executed "sudo ip link add foo type ipip" kernel crashed,
  leaving the system working but mostly unusable (networking was flaky).
  dmesg showed:

  
  [156541.500970] ipip: IPv4 and MPLS over IPv4 tunneling driver
  [156541.502201] BUG: unable to handle kernel NULL pointer dereference at 0000000000000108
  [156541.502207] PGD 0 P4D 0 
  [156541.502210] Oops: 0000 [#1] SMP PTI
  [156541.502213] CPU: 9 PID: 29001 Comm: ip Tainted: G           OE     4.18.0-13-generic #14-Ubuntu
  [156541.502215] Hardware name: Dell Inc. XPS 15 9570/0HWTMH, BIOS 1.6.0 11/02/2018
  [156541.502223] RIP: 0010:ipip_netlink_fan.isra.11+0x5/0x250 [ipip]
  [156541.502224] Code: d9 fe ff ff 48 8d 93 78 09 00 00 eb 93 48 89 de 4c 89 e7 e8 cd 78 fe ff eb c3 e8 c6 79 5d e8 66 0f 1f 44 00 00 0f 1f 44 00 00 <48> 8b 87 08 01 00 00 48 85 c0 0f 84 1a 02 00 00 8b 12 85 d2 0f 85 
  [156541.502245] RSP: 0018:ffffbac005a2b588 EFLAGS: 00010246
  [156541.502246] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
  [156541.502248] RDX: ffffbac005a2b5d0 RSI: ffff9c1122439900 RDI: 0000000000000000
  [156541.502249] RBP: ffffbac005a2b600 R08: 0000000000000000 R09: ffffbac005a2b594
  [156541.502250] R10: ffffffffc0cb9120 R11: 0000000000000000 R12: ffff9c1122439000
  [156541.502251] R13: ffff9c1122439900 R14: ffffbac005a2b930 R15: ffffffffaa805780
  [156541.502253] FS:  00007fe219348680(0000) GS:ffff9c136be40000(0000) knlGS:0000000000000000
  [156541.502254] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [156541.502255] CR2: 0000000000000108 CR3: 000000010f724001 CR4: 00000000003606e0
  [156541.502257] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  [156541.502258] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
  [156541.502259] Call Trace:
  [156541.502265]  ? ipip_newlink+0x8c/0xc6 [ipip]
  [156541.502273]  rtnl_newlink+0x67b/0x8c0
  [156541.502279]  ? nla_parse+0x35/0xe0
  [156541.502280]  ? rtnl_newlink+0x12e/0x8c0
  [156541.502288]  ? get_page_from_freelist+0xf7e/0x1320
  [156541.502298]  ? mem_cgroup_commit_charge+0x82/0x530
  [156541.502302]  ? lru_cache_add_active_or_unevictable+0x39/0xb0
  [156541.502309]  ? handle_pte_fault+0x52c/0xbe0
  [156541.502313]  rtnetlink_rcv_msg+0x213/0x300
  [156541.502318]  ? copy_user_generic_unrolled+0x89/0xc0
  [156541.502320]  ? rtnl_calcit.isra.33+0x100/0x100
  [156541.502327]  netlink_rcv_skb+0x52/0x130
  [156541.502329]  rtnetlink_rcv+0x15/0x20
  [156541.502331]  netlink_unicast+0x1a4/0x260
  [156541.502333]  netlink_sendmsg+0x20b/0x3d0
  [156541.502340]  sock_sendmsg+0x3e/0x50
  [156541.502342]  ___sys_sendmsg+0x295/0x2f0
  [156541.502344]  ? handle_pte_fault+0x539/0xbe0
  [156541.502347]  ? __handle_mm_fault+0x42c/0x5b0
  [156541.502350]  __sys_sendmsg+0x5c/0xa0
  [156541.502353]  __x64_sys_sendmsg+0x1f/0x30
  [156541.502358]  do_syscall_64+0x5a/0x110
  [156541.502361]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
  [156541.502364] RIP: 0033:0x7fe219682234
  [156541.502365] Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 80 00 00 00 00 48 8d 05 c9 d4 0c 00 8b 00 85 c0 75 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 41 54 41 89 d4 55 48 89 f5 53 
  [156541.502390] RSP: 002b:00007ffe5887fbe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
  [156541.502392] RAX: ffffffffffffffda RBX: 000000005c3dbcf0 RCX: 00007fe219682234
  [156541.502393] RDX: 0000000000000000 RSI: 00007ffe5887fc50 RDI: 0000000000000003
  [156541.502394] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
  [156541.502396] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001
  [156541.502397] R13: 00005597e7c6c020 R14: 00007ffe5887fd4c R15: 0000000000000000
  [156541.502399] Modules linked in: ipip tunnel4 ip_tunnel veth sctp libcrc32c ses enclosure scsi_transport_sas uas usb_storage ath10k_pci thunderbolt rfcomm pci_stub vboxpci(OE) vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) ccm arc4 cmac bnep binfmt_misc nls_iso8859_1 snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic dell_wmi wmi_bmof mxm_wmi intel_wmi_thunderbolt snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm intel_rapl x86_pkg_temp_thermal dell_laptop intel_powerclamp ath10k_core dell_smbios coretemp dell_wmi_descriptor kvm_intel snd_seq_midi dcdbas snd_seq_midi_event ath snd_rawmidi mac80211 kvm snd_seq irqbypass uvcvideo intel_cstate videobuf2_vmalloc intel_rapl_perf snd_seq_device videobuf2_memops snd_timer videobuf2_v4l2 btusb serio_raw videobuf2_common btrtl btbcm snd rtsx_pci_ms
  [156541.502470]  videodev btintel soundcore cfg80211 memstick cdc_acm media input_leds bluetooth ecdh_generic mei_me joydev mei hid_multitouch idma64 virt_dma processor_thermal_device intel_soc_dts_iosf intel_pch_thermal ucsi_acpi typec_ucsi typec int3403_thermal int340x_thermal_zone int3400_thermal mac_hid acpi_thermal_rel dell_smo8800 intel_hid wmi sparse_keymap acpi_pad sch_fq_codel parport_pc ppdev lp parport ip_tables x_tables autofs4 algif_skcipher af_alg dm_crypt wacom usbhid hid_generic i915 crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc i2c_algo_bit drm_kms_helper aesni_intel syscopyarea sysfillrect aes_x86_64 sysimgblt rtsx_pci_sdmmc crypto_simd fb_sys_fops nvme cryptd glue_helper psmouse drm ahci nvme_core rtsx_pci i2c_i801 intel_lpss_pci libahci i2c_hid intel_lpss hid pinctrl_cannonlake
  [156541.502523]  video pinctrl_intel [last unloaded: ath10k_pci]
  [156541.502528] CR2: 0000000000000108
  [156541.502531] ---[ end trace 48bd88c62d9ac460 ]---
  [156541.502535] RIP: 0010:ipip_netlink_fan.isra.11+0x5/0x250 [ipip]
  [156541.502536] Code: d9 fe ff ff 48 8d 93 78 09 00 00 eb 93 48 89 de 4c 89 e7 e8 cd 78 fe ff eb c3 e8 c6 79 5d e8 66 0f 1f 44 00 00 0f 1f 44 00 00 <48> 8b 87 08 01 00 00 48 85 c0 0f 84 1a 02 00 00 8b 12 85 d2 0f 85 
  [156541.502558] RSP: 0018:ffffbac005a2b588 EFLAGS: 00010246
  [156541.502559] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
  [156541.502560] RDX: ffffbac005a2b5d0 RSI: ffff9c1122439900 RDI: 0000000000000000
  [156541.502561] RBP: ffffbac005a2b600 R08: 0000000000000000 R09: ffffbac005a2b594
  [156541.502563] R10: ffffffffc0cb9120 R11: 0000000000000000 R12: ffff9c1122439000
  [156541.502564] R13: ffff9c1122439900 R14: ffffbac005a2b930 R15: ffffffffaa805780
  [156541.502565] FS:  00007fe219348680(0000) GS:ffff9c136be40000(0000) knlGS:0000000000000000
  [156541.502567] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  [156541.502568] CR2: 0000000000000108 CR3: 000000010f724001 CR4: 00000000003606e0
  [156541.502569] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  [156541.502571] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1811803/+subscriptions