[Bug 852] IPv6 TEE target sends packets to original IP address on wrong network device

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Sat Nov 9 12:53:29 CET 2013 

https://bugzilla.netfilter.org/show_bug.cgi?id=852

--- Comment #5 from Alexander Neumann <netfilter at null.bumpern.de> 2013-11-09 12:53:27 CET ---
Hi there,

is it possible that the patch introduced another bug? In our infrastructure we
reject packets up to the beginning of the game. For tcp6 this means that a
tcp-reset packet is sent (via -j REJECT --reject-with tcp-reset). This crashes
the kernel, the first line logs the packet that causes the crash:

[  387.958800] FORWARD-DROP-TEAM: IN=tun2 OUT=tun2 MAC=
SRC=fd73:d95d:a475:01e0:0000:0000:0000:0017
DST=fd73:d95d:a475:0140:0000:0000:0000:0001 LEN=80 TC=0 HOPLIMIT=63 FLOWLBL=0
PROTO=TCP SPT=58273 DPT=80 WINDOW=26800 RES=0x00 SYN URGP=0 

[  387.979798] skbuff: skb_under_panic: text:ffffffff8164702a len:74 put:14
head:ffff880428bdfc00 data:ffff880428bdfbf2 tail:0x3c end:0xc0 dev:eth2

[  387.992870] ------------[ cut here ]------------

[  387.997499] Kernel BUG at ffffffff81723d21 [verbose debug info unavailable]

[  388.004497] invalid opcode: 0000 [#1] SMP 

[  388.008638] Modules linked in: ip6t_REJECT(F) ip6table_filter(F)
ip6table_nat(F) nf_conntrack_ipv6(F) nf_defrag_ipv6(F) nf_nat_ipv6(F)
ip6table_mangle(F) ip6_tables(F) ipt_REJECT(F) xt_limit(F) xt_LOG(F)
xt_pkttype(F) iptable_filter(F) xt_nat(F) xt_REDIRECT(F) xt_tcpudp(F)
xt_conntrack(F) iptable_nat(F) nf_conntrack_ipv4(F) nf_defrag_ipv4(F)
nf_nat_ipv4(F) nf_nat(F) xt_TCPOPTSTRIP(F) xt_HL(F) xt_TEE(F) nf_conntrack(F)
iptable_mangle(F) ip_tables(F) x_tables(F) bnep(F) rfcomm(F) bluetooth(F)
adt7475(F) hwmon_vid(F) nouveau(F) snd_hda_codec_realtek(F) snd_hda_intel(F)
snd_hda_codec(F) snd_hwdep(F) snd_pcm(F) mxm_wmi(F) snd_page_alloc(F) video(F)
ttm(F) snd_seq_midi(F) snd_seq_midi_event(F) drm_kms_helper(F) snd_rawmidi(F)
drm(F) snd_seq(F) snd_seq_device(F) snd_timer(F) i2c_algo_bit(F) snd(F)
psmouse(F) soundcore(F) gpio_ich(F) dell_wmi(F) serio_raw(F) sparse_keymap(F)
lpc_ich(F) wmi(F) dcdbas(F) i7core_edac(F) edac_core(F) mac_hid(F) ppdev(F)
parport_pc(F) lp(F) parport(F) hid_generic(F) usbhid(F) hid(F) usb_storage(F)
e1000e(F) ptp(F) e1000(F) pps_core(F)

[  388.103520] CPU: 1 PID: 1552 Comm: openvpn Tainted: GF            3.12.01+
#1

[  388.110671] Hardware name: Dell Inc. OptiPlex 980                 /0D441T,
BIOS A04 09/11/2010

[  388.122290] task: ffff8804252ddec0 ti: ffff8804239bc000 task.ti:
ffff8804239bc000

[  388.132809] RIP: 0010:[<ffffffff81723d21>]  [<ffffffff81723d21>]
skb_panic+0x63/0x65

[  388.143650] RSP: 0018:ffff88043fc436a0  EFLAGS: 00010292

[  388.152071] RAX: 0000000000000084 RBX: 0000000000000000 RCX:
0000000000000000

[  388.162356] RDX: ffff88043fc50088 RSI: ffff88043fc4e498 RDI:
0000000000000246

[  388.172658] RBP: ffff88043fc436c0 R08: 0000000000000082 R09:
00000000000003f9

[  388.182973] R10: 0000000000000001 R11: 0000000000cdcdcd R12:
ffff880428bddeb8

[  388.193317] R13: 00000000000086dd R14: ffff880424ffa000 R15:
000000000000003c

[  388.203698] FS:  00007f2e7f861740(0000) GS:ffff88043fc40000(0000)
knlGS:0000000000000000

[  388.215066] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033

[  388.224117] CR2: 00007f48c7badc50 CR3: 000000042391c000 CR4:
00000000000007e0

[  388.234502] Stack:

[  388.239712]  ffff880428bdfbf2 000000000000003c 00000000000000c0
ffff880424ffa000

[  388.250361]  ffff88043fc436d0 ffffffff81617f9a ffff88043fc43708
ffffffff8164702a

[  388.261057]  ffff88042774d500 ffff880428bdde00 0000000000000002
ffff880428bddeb8

[  388.271824] Call Trace:

[  388.277549]  <IRQ> 

[  388.279481]  [<ffffffff81617f9a>] skb_push+0x3a/0x40

[  388.291251]  [<ffffffff8164702a>] eth_header+0x3a/0x100

[  388.299801]  [<ffffffff816318e8>] neigh_resolve_output+0x108/0x220

[  388.309321]  [<ffffffff816c2d9e>] ip6_finish_output2+0x13e/0x470

[  388.318688]  [<ffffffff816c52e0>] ? ip6_fragment+0xa70/0xa70

[  388.327728]  [<ffffffff816c5378>] ip6_finish_output+0x98/0xc0

[  388.336862]  [<ffffffff816c53dc>] ip6_output+0x3c/0xb0

[  388.345391]  [<ffffffff816facc5>] ip6_local_out+0x25/0x30

[  388.354196]  [<ffffffffa0420522>] tee_tg6+0x192/0x238 [xt_TEE]

[  388.363460]  [<ffffffffa046c24a>] ip6t_do_table+0x2ba/0x661 [ip6_tables]

[  388.373601]  [<ffffffffa046c289>] ? ip6t_do_table+0x2f9/0x661 [ip6_tables]

[  388.383937]  [<ffffffffa047510b>] ip6table_mangle_hook+0x7b/0x154
[ip6table_mangle]

[  388.395087]  [<ffffffff81656dd6>] nf_iterate+0x86/0xb0

[  388.403746]  [<ffffffff816c52e0>] ? ip6_fragment+0xa70/0xa70

[  388.412942]  [<ffffffff81656e74>] nf_hook_slow+0x74/0x130

[  388.421884]  [<ffffffff816c52e0>] ? ip6_fragment+0xa70/0xa70

[  388.431004]  [<ffffffff816c5412>] ip6_output+0x72/0xb0

[  388.439530]  [<ffffffff816facc5>] ip6_local_out+0x25/0x30

[  388.448236]  [<ffffffffa04ab74f>] reject_tg6+0x6df/0x760 [ip6t_REJECT]

[  388.458005]  [<ffffffffa046c24a>] ip6t_do_table+0x2ba/0x661 [ip6_tables]

[  388.467938]  [<ffffffffa04a60cd>] ip6table_filter_hook+0x2d/0x30
[ip6table_filter]

[  388.478773]  [<ffffffff81656dd6>] nf_iterate+0x86/0xb0

[  388.487198]  [<ffffffff816c1d00>] ? dst_output+0x20/0x20

[  388.495805]  [<ffffffff81656e74>] nf_hook_slow+0x74/0x130

[  388.504511]  [<ffffffff816c1d00>] ? dst_output+0x20/0x20

[  388.513149]  [<ffffffff816c4480>] ip6_forward+0x400/0x7f0

[  388.521876]  [<ffffffff816d1cfa>] ? ip6_route_input+0x9a/0xc0

[  388.530955]  [<ffffffff816c54d0>] ip6_rcv_finish+0x80/0x90

[  388.539701]  [<ffffffff816c5be0>] ipv6_rcv+0x2e0/0x4f0

[  388.548014]  [<ffffffff81627822>] __netif_receive_skb_core+0x692/0x810

[  388.557651]  [<ffffffff8110a0ac>] ? acct_account_cputime+0x1c/0x20

[  388.566877]  [<ffffffff816279c1>] __netif_receive_skb+0x21/0x70

[  388.575764]  [<ffffffff81627ac2>] process_backlog+0xb2/0x190

[  388.584321]  [<ffffffff816282d1>] net_rx_action+0x151/0x250

[  388.592727]  [<ffffffff810690ff>] __do_softirq+0xef/0x280

[  388.600897]  [<ffffffff8173305c>] call_softirq+0x1c/0x30

[  388.608950]  <EOI> 

[  388.610879]  [<ffffffff81015d75>] do_softirq+0x75/0xb0

[  388.621591]  [<ffffffff81627008>] netif_rx_ni+0x28/0x30

[  388.629393]  [<ffffffff8151fcee>] tun_get_user+0x3ae/0x790

[  388.637389]  [<ffffffff815201cb>] tun_chr_aio_write+0x7b/0xa0

[  388.645596]  [<ffffffff811b1dd3>] do_sync_readv_writev+0x53/0x80

[  388.653975]  [<ffffffff811b31b4>] do_readv_writev+0xd4/0x270

[  388.661928]  [<ffffffff8110a0ac>] ? acct_account_cputime+0x1c/0x20

[  388.670336]  [<ffffffff8109b5f9>] ? account_user_time+0x99/0xb0

[  388.678432]  [<ffffffff8109bc6d>] ? vtime_account_user+0x5d/0x70

[  388.686613]  [<ffffffff811b3385>] vfs_writev+0x35/0x60

[  388.693876]  [<ffffffff811b3522>] SyS_writev+0x52/0xc0

[  388.701105]  [<ffffffff8173183f>] tracesys+0xe1/0xe6

[  388.708128] Code: 00 00 48 89 44 24 10 8b 87 d0 00 00 00 48 89 44 24 08 48
8b 87 e0 00 00 00 48 c7 c7 08 4e af 81 48 89 04 24 31 c0 e8 d9 87 ff ff <0f> 0b
66 66 66 66 90 55 48 89 e5 41 56 41 55 41 54 53 48 89 fb 

[  388.732577] RIP  [<ffffffff81723d21>] skb_panic+0x63/0x65

[  388.740264]  RSP <ffff88043fc436a0>

[  388.746107] ---[ end trace 62bfd693a7da048f ]---

[  388.753101] Kernel panic - not syncing: Fatal exception in interrupt

[  388.761786] drm_kms_helper: panic occurred, switching back to text console

[  388.770179] ------------[ cut here ]------------

[  388.776307] WARNING: CPU: 1 PID: 27 at arch/x86/kernel/smp.c:124
native_smp_send_reschedule+0x5e/0x60()

[  388.787206] Modules linked in: ip6t_REJECT(F) ip6table_filter(F)
ip6table_nat(F) nf_conntrack_ipv6(F) nf_defrag_ipv6(F) nf_nat_ipv6(F)
ip6table_mangle(F) ip6_tables(F) ipt_REJECT(F) xt_limit(F) xt_LOG(F)
xt_pkttype(F) iptable_filter(F) xt_nat(F) xt_REDIRECT(F) xt_tcpudp(F)
xt_conntrack(F) iptable_nat(F) nf_conntrack_ipv4(F) nf_defrag_ipv4(F)
nf_nat_ipv4(F) nf_nat(F) xt_TCPOPTSTRIP(F) xt_HL(F) xt_TEE(F) nf_conntrack(F)
iptable_mangle(F) ip_tables(F) x_tables(F) bnep(F) rfcomm(F) bluetooth(F)
adt7475(F) hwmon_vid(F) nouveau(F) snd_hda_codec_realtek(F) snd_hda_intel(F)
snd_hda_codec(F) snd_hwdep(F) snd_pcm(F) mxm_wmi(F) snd_page_alloc(F) video(F)
ttm(F) snd_seq_midi(F) snd_seq_midi_event(F) drm_kms_helper(F) snd_rawmidi(F)
drm(F) snd_seq(F) snd_seq_device(F) snd_timer(F) i2c_algo_bit(F) snd(F)
psmouse(F) soundcore(F) gpio_ich(F) dell_wmi(F) serio_raw(F) sparse_keymap(F)
lpc_ich(F) wmi(F) dcdbas(F) i7core_edac(F) edac_core(F) mac_hid(F) ppdev(F)
parport_pc(F) lp(F) parport(F) hid_generic(F) usbhid(F) hid(F) usb_storage(F)
e1000e(F) ptp(F) e1000(F) pps_core(F)

[  388.893324] CPU: 1 PID: 27 Comm: watchdog/1 Tainted: GF     D      3.12.01+
#1

[  388.902349] Hardware name: Dell Inc. OptiPlex 980                 /0D441T,
BIOS A04 09/11/2010

[  388.912782]  0000000000000009 ffff8804295b3a78 ffffffff81720b50
0000000000000000

[  388.922068]  ffff8804295b3ab0 ffffffff810640dc 0000000000000000
ffff88043fc54500

[  388.931372]  0000000100005679 ffff88043fc14500 0000000000000001
ffff8804295b3ac0

[  388.940687] Call Trace:

[  388.945017]  [<ffffffff81720b50>] dump_stack+0x45/0x56

[  388.952034]  [<ffffffff810640dc>] warn_slowpath_common+0x8c/0xc0

[  388.959920]  [<ffffffff8106412a>] warn_slowpath_null+0x1a/0x20

[  388.967629]  [<ffffffff8104054e>] native_smp_send_reschedule+0x5e/0x60

[  388.976033]  [<ffffffff810a4026>] trigger_load_balance+0x176/0x200

[  388.984081]  [<ffffffff81096d7f>] scheduler_tick+0xaf/0xf0

[  388.991438]  [<ffffffff81072ec7>] update_process_times+0x67/0x80

[  388.999321]  [<ffffffff810cb23e>] tick_sched_handle.isra.11+0x2e/0x70

[  389.007637]  [<ffffffff810cb3ec>] tick_sched_timer+0x4c/0x80

[  389.015177]  [<ffffffff8108b557>] __run_hrtimer+0x77/0x1c0

[  389.022544]  [<ffffffff810cb3a0>] ? tick_sched_do_timer+0x60/0x60

[  389.030515]  [<ffffffff8108bd6f>] hrtimer_interrupt+0xff/0x240

[  389.038229]  [<ffffffff8104d336>] hpet_interrupt_handler+0x16/0x40

[  389.046288]  [<ffffffff810b9d44>] handle_irq_event_percpu+0x54/0x1f0

[  389.054517]  [<ffffffff810b9f28>] handle_irq_event+0x48/0x70

[  389.062040]  [<ffffffff810bc857>] handle_edge_irq+0x77/0x110

[  389.069562]  [<ffffffff81015cee>] handle_irq+0x1e/0x30

[  389.076559]  [<ffffffff8173395a>] do_IRQ+0x5a/0xe0

[  389.083213]  [<ffffffff8172902d>] common_interrupt+0x6d/0x6d

[  389.090733]  [<ffffffff8101b965>] ? native_sched_clock+0x15/0x80

[  389.098601]  [<ffffffff81094ea3>] ? finish_task_switch+0x53/0x160

[  389.106560]  [<ffffffff81094f78>] ? finish_task_switch+0x128/0x160

[  389.114599]  [<ffffffff817261df>] __schedule+0x3cf/0x840

[  389.121771]  [<ffffffff81727329>] schedule+0x29/0x70

[  389.128595]  [<ffffffff810904ce>] smpboot_thread_fn+0xce/0x1a0

[  389.136276]  [<ffffffff81727329>] ? schedule+0x29/0x70

[  389.143265]  [<ffffffff81090400>] ? lg_global_unlock+0xc0/0xc0

[  389.150952]  [<ffffffff81087de0>] kthread+0xc0/0xd0

[  389.157685]  [<ffffffff81087d20>] ? kthread_create_on_node+0x120/0x120

[  389.166071]  [<ffffffff8173157c>] ret_from_fork+0x7c/0xb0

[  389.173329]  [<ffffffff81087d20>] ? kthread_create_on_node+0x120/0x120

[  389.181720] ---[ end trace 62bfd693a7da0490 ]---

[  389.190108] Rebooting in 5 seconds..

If you need anything else from me, feel free to contact me. Thanks!

Regards,
Alex

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list