kernel crash in nf_nat_move_storage

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Thomas Woerner <twoerner@redhat.com>
To: netfilter-devel@vger.kernel.org
Subject: kernel crash in nf_nat_move_storage
Date: Wed, 30 Jan 2008 12:42:55 +0100	[thread overview]
Message-ID: <47A062BF.1010008@redhat.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 995 bytes --]

Hello,

Using port forwarding from port 80 to 21 with nf_conntrack_ftp loaded 
results in a kernel crash, when connecting to port 80 from a remote
host. This seems to be a problem for kernels > 2.6.18 including 2.6.24.

Steps to Reproduce:

host1> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT 
--to :21
host1> iptables -t filter -A INPUT -i eth0 -m state --state NEW -m tcp 
-p tcp --dport 21 -j ACCEPT
host1> modprobe ip_conntrack_ftp
host2> telnet host1 80

Attached is the kernel crash log for kernel 2.6.23.9-85.fc8PAE. I was 
told that this kernel crash dump is incomplete, but it took several 
attempts to get a log with more that 5 lines over serial console. The 
kernel seems to die too fast.

Thanks,
Thomas

-- 
Thomas Woerner
Software Engineer            Phone: +49-711-96437-310
Red Hat GmbH                 Fax  : +49-711-96437-111
Hauptstaetterstr. 58         Email: Thomas Woerner <twoerner@redhat.com>
D-70178 Stuttgart            Web  : http://www.redhat.de/

[-- Attachment #2: kernel-oups --]
[-- Type: text/plain, Size: 2924 bytes --]

sh-3.2# BUG: unable to handle kernel NULL pointer dereference at virtual addres4
printing eip: f8fcb087 *pdpt = 0000000037c82001 <1>*pde = 000000013f75d067 
Oops: 0000 [#1] SMP 
Modules linked in: nf_conntrack_ftp ipt_REJECT xt_state iptable_filter xt_tcpudd
CPU:    1
EIP:    0060:[<f8fcb087>]    Not tainted VLI
EFLAGS: 00010202   (2.6.23.9-85.fc8PAE #1)
EIP is at nf_nat_move_storage+0x23/0x69 [nf_nat]
eax: 00000004   ebx: f7e13d04   ecx: f7e13d00   edx: f7e13d00
esi: f7e13d10   edi: 00000000   ebp: f751b000   esp: c078bc84
ds: 007b   es: 007b   fs: 00d8  gs: 0000  ss: 0068
Process swapper (pid: 0, ti=c078b000 task=f7c02c20 task.ti=c38f1000)
Stack: f7885ea0 f8fcb064 00000001 f920c5dc 00000000 0000004c 00000028 00000000 
       00000000 f921d2c0 f751b000 f76418c0 f920a7a5 f9208d73 c078bce8 f8fce1e0 
       00000000 f8fcb9dd f751b000 00000000 f751b000 00000000 00000001 00000000 
Call Trace:
 [<f8fcb064>] nf_nat_move_storage+0x0/0x69 [nf_nat]
 [<f920c5dc>] __nf_ct_ext_add+0x128/0x1bc [nf_conntrack]
 [<f920a7a5>] nf_ct_helper_ext_add+0x9/0x15 [nf_conntrack]
 [<f9208d73>] nf_conntrack_alter_reply+0x73/0x96 [nf_conntrack]
 [<f8fcb9dd>] nf_nat_setup_info+0x3f3/0x54e [nf_nat]
 [<f92000ea>] ipt_dnat_target+0x0/0x14c [iptable_nat]
 [<f920022e>] ipt_dnat_target+0x144/0x14c [iptable_nat]
 [<f920c09d>] tcp_packet+0x9bc/0x9eb [nf_conntrack]
 [<c046760b>] __alloc_pages+0x64/0x2a2
 [<f92000ea>] ipt_dnat_target+0x0/0x14c [iptable_nat]
 [<f8fd759e>] ipt_do_table+0x3f0/0x482 [ip_tables]
 [<f9208ca8>] nf_conntrack_alloc+0x16d/0x1c5 [nf_conntrack]
 [<f920b3d6>] tcp_new+0xd1/0x1a4 [nf_conntrack]
 [<f920c4f8>] __nf_ct_ext_add+0x44/0x1bc [nf_conntrack]
 [<f9200257>] nf_nat_rule_find+0x21/0x5c [iptable_nat]
 [<f920040d>] nf_nat_fn+0x165/0x189 [iptable_nat]
 [<f920048e>] nf_nat_in+0x29/0x9c [iptable_nat]
 [<c05dab54>] ip_rcv_finish+0x0/0x291
 [<c05d5b9c>] nf_iterate+0x38/0x6a
 [<c05dab54>] ip_rcv_finish+0x0/0x291
 [<c05d5d07>] nf_hook_slow+0x4d/0xb5
 [<c05dab54>] ip_rcv_finish+0x0/0x291
 [<c05db261>] ip_rcv+0x20b/0x4ba
 [<c05dab54>] ip_rcv_finish+0x0/0x291
 [<c05be718>] netif_receive_skb+0x2e1/0x346
 [<f8e00e7d>] nv_napi_poll+0x48c/0x61e [forcedeth]
 [<c05c085c>] net_rx_action+0x9a/0x196
 [<c0432d62>] __do_softirq+0x66/0xd3
 [<c04073d5>] do_softirq+0x6c/0xce
 [<c04455e5>] tick_do_update_jiffies64+0x15/0xa8
 [<c04410ff>] ktime_get+0xf/0x2b
 [<c045c9f1>] handle_fasteoi_irq+0x0/0xa6
 [<c0432c25>] irq_exit+0x38/0x6b
 [<c04074d6>] do_IRQ+0x9f/0xb9
 [<c0403ddf>] default_idle+0x0/0x55
 [<c0405b6f>] common_interrupt+0x23/0x28
 [<c0403ddf>] default_idle+0x0/0x55
 [<c0422297>] native_safe_halt+0x2/0x3
 [<c0403e18>] default_idle+0x39/0x55
 [<c040340b>] cpu_idle+0xab/0xcc
 =======================
Code: 64 0f fe ff ff 31 c0 c3 57 56 89 d6 53 8b 90 ec 00 00 00 85 d2 74 0f 8a 4 
EIP: [<f8fcb087>] nf_nat_move_storage+0x23/0x69 [nf_nat] SS:ESP 0068:c078bc84
Kernel panic - not syncing: Fatal exception in interrupt

next             reply	other threads:[~2008-01-30 11:42 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-01-30 11:42 Thomas Woerner [this message]
2008-01-30 13:30 ` kernel crash in nf_nat_move_storage Patrick McHardy
2008-01-30 15:50   ` Thomas Woerner
2008-01-30 16:24     ` Thomas Woerner
2008-01-30 16:33       ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47A062BF.1010008@redhat.com \
    --to=twoerner@redhat.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.