[Bug 726] New: Oops in nf_conntrack.

bugzilla-daemon at bugzilla.netfilter.org bugzilla-daemon at bugzilla.netfilter.org
Tue Jun 28 12:59:33 CEST 2011 

http://bugzilla.netfilter.org/show_bug.cgi?id=726

           Summary: Oops in nf_conntrack.
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: x86_64
        OS/Version: Ubuntu
            Status: NEW
          Severity: critical
          Priority: P5
         Component: ip_conntrack
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: jakahudoklin at gmail.com
   Estimated Hours: 0.0


Created an attachment (id=355)
 --> (http://bugzilla.netfilter.org/attachment.cgi?id=355)
iptables config

I found bug in nf_conntrack, when cleaning up conenctions. It is highly
reproducaple with following setup:
kernel: Ubuntu 11.04(natty) 2.6.38-8-server
ifconfig: attached below
iptables: -t nat -A POSTROUTING -o eth0  -s 192.168.3.0/24  -j MASQUERADE
ipv4_coontrack turned on

Steps to reproduce(how i was able to reproduce, don't believe it is related to
lxc, because of kernel crash dump):
1. Create lxc container with template of your choice with ip in a network of
br0(bridge), of course also assign br0 its own ip.
2. Start lxc container with lxc-start -n name_of_container.
3. Connect to lxc container using ssh.
4. Stop lxc container with lxc-stop -n name_of_container while keeping ssh
connection open.
5. Ooops

Kernel crash dump:

[  619.840155] BUG: unable to handle kernel NULL pointer dereference at
0000000000000274
[  619.844513] IP: [<ffffffff8150aa99>] netlink_has_listeners+0x9/0x50
[  619.846648] PGD 0 
[  619.848773] Oops: 0000 [#1] SMP 
[  619.850114] last sysfs file:
/sys/devices/pci0000:00/0000:00:1a.7/usb1/1-2/1-2:1.0/ieee80211/phy0/rfkill0/uevent
[  619.850114] CPU 0 
[  619.850114] Modules linked in: ipt_LOG ipt_MASQUERADE xt_state
iptable_filter nf_nat_amanda nf_nat_h323 nf_nat_proto_udplite nf_nat_irc
nf_nat_tftp nf_nat_snmp_basic nf_nat_ftp nf_nat_proto_sctp libcrc32c
nf_nat_proto_dccp iptable_nat ip_tables nf_nat_pptp nf_nat_proto_gre nf_nat_sip
nf_nat ebt_dnat ebtable_nat ebtables ebt_snat act_nat nf_conntrack_ipv4
nf_defrag_ipv4 nf_conntrack_sane nf_conntrack_netlink nfnetlink
nf_conntrack_irc nf_conntrack_h323 ts_kmp nf_conntrack_amanda
nf_conntrack_proto_dccp nf_conntrack_proto_udplite nf_conntrack_pptp
nf_conntrack_tftp nf_conntrack_proto_gre nf_conntrack_proto_sctp
nf_conntrack_netbios_ns xt_conntrack x_tables nf_conntrack_ftp nf_conntrack_sip
nf_conntrack binfmt_misc veth vmnet vmblock vsock vmci vmmon nfsd parport_pc
exportfs ppdev nfs joydev bridge lockd stp fscache nfs_acl snd_hda_codec_hdmi
auth_rpcgss snd_hda_codec_realtek arc4 sunrpc snd_hda_intel snd_hda_codec
snd_hwdep snd_pcm rtl8187 snd_seq_midi i915 snd_rawmidi snd_seq_midi_event
snd_seq mac80211 snd_timer snd_seq_device cfg80211 uvcvideo drm_kms_helper snd
drm videodev soundcore vhba v4l2_compat_ioctl32 eeprom_93cx6 snd_page_alloc
psmouse i2c_algo_bit serio_raw sparse_keymap lp video parport r8169
[  619.850114] 
[  619.850114] Pid: 5, comm: kworker/u:0 Not tainted 2.6.38-8-server #42-Ubuntu
TOSHIBA Satellite L500/KSWAA
[  619.850114] RIP: 0010:[<ffffffff8150aa99>]  [<ffffffff8150aa99>]
netlink_has_listeners+0x9/0x50
[  619.850114] RSP: 0018:ffff880137907bf0  EFLAGS: 00010246
[  619.850114] RAX: ffff88009dce0000 RBX: ffff8801075c5000 RCX:
000000000000ffff
[  619.850114] RDX: 000000000000000e RSI: 0000000000000003 RDI:
0000000000000000
[  619.850114] RBP: ffff880137907bf0 R08: ffff880137906000 R09:
0000000000000001
[  619.850114] R10: 0000000000000000 R11: dead000000100100 R12:
ffff880137907cb0
[  619.850114] R13: ffff8801075c5000 R14: 0000000000000000 R15:
0000000000000004
[  619.850114] FS:  0000000000000000(0000) GS:ffff8800b5800000(0000)
knlGS:0000000000000000
[  619.850114] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  619.850114] CR2: 0000000000000274 CR3: 00000000b0603000 CR4:
00000000000406f0
[  619.850114] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[  619.850114] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
0000000000000400
[  619.850114] Process kworker/u:0 (pid: 5, threadinfo ffff880137906000, task
ffff8801378edb80)
[  619.850114] Stack:
[  619.850114]  ffff880137907c00 ffffffffa0523155 ffff880137907c90
ffffffffa05328eb
[  619.850114]  0000000000000282 ffffc90011100000 ffffc900110fffff
00000000093ca5c3
[  619.850114]  ffff88009dce0000 00000003ffffffff 0000000000000004
ffff880100000002
[  619.850114] Call Trace:
[  619.850114]  [<ffffffffa0523155>] nfnetlink_has_listeners+0x15/0x20
[nfnetlink]
[  619.850114]  [<ffffffffa05328eb>] ctnetlink_conntrack_event+0x67b/0x890
[nf_conntrack_netlink]
[  619.850114]  [<ffffffff81038c79>] ? default_spin_lock_flags+0x9/0x10
[  619.850114]  [<ffffffff814dd830>] ? cleanup_net+0x0/0x1d0
[  619.850114]  [<ffffffffa04a6150>] death_by_timeout+0xb0/0x170 [nf_conntrack]
[  619.850114]  [<ffffffffa04a5180>] ? kill_all+0x0/0x10 [nf_conntrack]
[  619.850114]  [<ffffffff814dd830>] ? cleanup_net+0x0/0x1d0
[  619.850114]  [<ffffffffa04a6288>] nf_ct_iterate_cleanup+0x78/0x90
[nf_conntrack]
[  619.850114]  [<ffffffffa04a62d9>] nf_conntrack_cleanup_net+0x39/0x110
[nf_conntrack]
[  619.850114]  [<ffffffffa04a7f37>] nf_conntrack_cleanup+0x27/0x60
[nf_conntrack]
[  619.850114]  [<ffffffffa04a822a>] nf_conntrack_net_exit+0x4a/0x70
[nf_conntrack]
[  619.850114]  [<ffffffff814dd5e5>] ops_exit_list.clone.0+0x35/0x70
[  619.850114]  [<ffffffff814dd942>] cleanup_net+0x112/0x1d0
[  619.850114]  [<ffffffff8108224d>] process_one_work+0x11d/0x420
[  619.850114]  [<ffffffff81082ce9>] worker_thread+0x169/0x360
[  619.850114]  [<ffffffff81082b80>] ? worker_thread+0x0/0x360
[  619.850114]  [<ffffffff810871f6>] kthread+0x96/0xa0
[  619.850114]  [<ffffffff8100cde4>] kernel_thread_helper+0x4/0x10
[  619.850114]  [<ffffffff81087160>] ? kthread+0x0/0xa0
[  619.850114]  [<ffffffff8100cde0>] ? kernel_thread_helper+0x0/0x10
[  619.850114] Code: 5e ff ff ff eb aa 66 66 66 2e 0f 1f 84 00 00 00 00 00 55
48 89 e5 0f 1f 44 00 00 0f 0b 0f 1f 44 00 00 55 48 89 e5 0f 1f 44 00 00 <f6> 87
74 02 00 00 01 74 30 0f b6 97 21 01 00 00 4c 8b 0d 70 56 
[  619.850114] RIP  [<ffffffff8150aa99>] netlink_has_listeners+0x9/0x50
[  619.850114]  RSP <ffff880137907bf0>
[  619.850114] CR2: 0000000000000274


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

More information about the netfilter-buglog mailing list