1919968 – [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference

Bug 1919968 - [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory address or nil pointer dereference

Summary: [release-4.7] Undiagnosed panic detected in pod runtime.go:76: invalid memory...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	openshift-apiserver
Sub Component:
Version:	4.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.7.0
Assignee:	Lukasz Szaszkiewicz
QA Contact:	Xingxing Xia
Docs Contact:
URL:
Whiteboard:
Depends On:	1875046
Blocks:	1919966
TreeView+	depends on / blocked

Reported:	2021-01-25 13:37 UTC by Lukasz Szaszkiewicz
Modified:	2021-02-24 15:56 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Fixes a data race in SerializeObject function in the Kube API server. Previously all sorts of errors including a data race were possible. An attempt to write to a nil writer might have lead to "invalid memory address" or "nil pointer dereference". Sharing the same instance of the writer might have also lead to "index out of range [43] with length 30 and recovered from err index > windowEnd" errors
Clone Of:	1919966
Environment:	Undiagnosed panic detected in pod
Last Closed:	2021-02-24 15:55:53 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2020:5633	0	None	None	None	2021-02-24 15:56:25 UTC

Comment 1 Lukasz Szaszkiewicz 2021-01-25 13:41:28 UTC

This BZ doesn't apply to 4.7. It was already fixed upstream (https://github.com/kubernetes/kubernetes/pull/94589). Can be moved to VERIFIED state.

Comment 3 Xingxing Xia 2021-01-26 12:04:27 UTC

Despite comment 1 says "doesn't apply to 4.7", still went through the bugs' comments and the k/k PR's comment & code diff to try to know what happened.
Also checked openshift/kubernets & openshift/openshift-apiserver 4.7 branches' code, indeed include the PR code.
Finally searched "kube-apiserver.*Observed a panic: runtime error: invalid memory address or nil pointer dereference" :
https://search.ci.openshift.org/?search=kube-apiserver.*Observed+a+panic%3A+runtime+error%3A+invalid+memory+address+or+nil+pointer+dereference&maxAge=168h&context=1&type=junit&name=&maxMatches=5&maxBytes=20971520&groupBy=job

Indeed, no 4.7 nightly tests hit it in kube-apiserver.

But searched "openshift-apiserver.*Observed a panic: runtime error: invalid memory address or nil pointer dereference" :
https://search.ci.openshift.org/?search=openshift-apiserver.*Observed+a+panic%3A+runtime+error%3A+invalid+memory+address+or+nil+pointer+dereference&maxAge=168h&context=1&type=junit&name=&maxMatches=5&maxBytes=20971520&groupBy=job

Found:
periodic-ci-openshift-release-master-ocp-4.7-e2e-vsphere-upi - 68 runs, 79% failed, 4% of failures match
#1353710954797338624	junit	20 hours ago (https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-release-master-ocp-4.7-e2e-vsphere-upi/1353710954797338624 4.7.0-0.nightly-2021-01-25-142332)
# Undiagnosed panic detected in pod
pods/openshift-apiserver_apiserver-5994f59d94-h4fkv_openshift-apiserver.log.gz:E0125 15:16:38.289815       1 runtime.go:76] Observed a panic: runtime error: invalid memory address or nil pointer dereference
pods/openshift-apiserver_apiserver-5994f59d94-h4fkv_openshift-apiserver.log.gz:E0125 15:16:38.339063       1 runtime.go:76] Observed a panic: runtime error: invalid memory address or nil pointer dereference

-------------------------------------------
periodic-ci-openshift-openshift-tests-private-release-4.7-sanity - 21 runs, 100% failed, 5% of failures match
#1351922587822723072	junit	5 days ago (https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-openshift-tests-private-release-4.7-sanity/1351922587822723072 4.7.0-0.nightly-2021-01-25-142332)

# Undiagnosed panic detected in pod
pods/openshift-apiserver_apiserver-6c8f449795-svkms_openshift-apiserver.log.gz:E0120 17:11:38.996955       1 runtime.go:76] Observed a panic: runtime error: invalid memory address or nil pointer dereference
pods/openshift-oauth-apiserver_apiserver-6b69d77f4c-8lmp8_oauth-apiserver.log.gz:E0120 17:11:38.996631       1 runtime.go:76] Observed a panic: runtime error: invalid memory address or nil pointer dereference

Comment 4 Xingxing Xia 2021-01-26 12:09:59 UTC

Correction: the second record #1351922587822723072 is 4.7.0-0.nightly-2021-01-19-095812

Comment 5 Lukasz Szaszkiewicz 2021-01-26 12:55:20 UTC

Hi Xingxing,

Thanks for verifying. You have run into a different panic :) It has already been fixed upstream (https://github.com/kubernetes/kubernetes/pull/97820) and will be fixed by https://bugzilla.redhat.com/show_bug.cgi?id=1917904 for OpenShift

To tell apart the panic msg you need to scroll down. If it has "k8s.io/apiserver/plugin/pkg/authorizer/webhook.(*WebhookAuthorizer).Authorize" then it will be addressed by 1917904.
For example:

E0125 15:16:38.289815       1 runtime.go:76] Observed a panic: runtime error: invalid memory address or nil pointer dereference
goroutine 224651 [running]:
k8s.io/apiserver/pkg/server/filters.(*timeoutHandler).ServeHTTP.func1.1(0xc007e935c0)
	k8s.io/apiserver.1/pkg/server/filters/timeout.go:106 +0x113
panic(0x2a0f120, 0x473beb0)
	runtime/panic.go:969 +0x1b9
k8s.io/apiserver/plugin/pkg/authorizer/webhook.(*WebhookAuthorizer).Authorize(0xc00052bb60, 0x338dda0, 0xc0079533e0, 0x33b4de0, 0xc0087bdd60, 0x2, 0x0, 0x0, 0x0, 0x0)

Comment 6 Xingxing Xia 2021-01-27 04:32:17 UTC

Lukasz, thanks for clarification. I'm not sure if you "scroll down" in browser, I didn't find the way in browser. Anyway, I downloaded must-gather from periodic-ci-openshift-release-master-ocp-4.7-e2e-vsphere-upi/1353710954797338624/artifacts/e2e-vsphere-upi/gather-must-gather/, indeed saw what you pointed in apiserver-5994f59d94-h4fkv pod logs. Thus moving this bug to VERIFIED.

Comment 9 errata-xmlrpc 2021-02-24 15:55:53 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633

Note You need to log in before you can comment on or make changes to this bug.