From mboxrd@z Thu Jan 1 00:00:00 1970 From: Thomas Woerner Subject: Re: kernel crash in nf_nat_move_storage Date: Wed, 30 Jan 2008 16:50:32 +0100 Message-ID: <47A09CC8.8060608@redhat.com> References: <47A062BF.1010008@redhat.com> <47A07BE3.7000600@trash.net> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------050301020107000304050700" Cc: netfilter-devel@vger.kernel.org To: Patrick McHardy Return-path: Received: from mx1.redhat.com ([66.187.233.31]:60207 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753542AbYA3Puh (ORCPT ); Wed, 30 Jan 2008 10:50:37 -0500 In-Reply-To: <47A07BE3.7000600@trash.net> Sender: netfilter-devel-owner@vger.kernel.org List-ID: This is a multi-part message in MIME format. --------------050301020107000304050700 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Hello Patrick, after sucessfully testing 2.6.23.14-107.fc8 on my i386 test system, I installed 2.6.23.14-107.fc8 on the x86_64 system. At first I was not able to reproduce the problem, but after starting the ftp server (vsftpd) and using 'echo "quit" | telnet test-x86_64 80' several times, I got a backtrace again. Please have a look at the attachment. Thanks, Thomas Patrick McHardy wrote: > Thomas Woerner wrote: >> Hello, >> >> Using port forwarding from port 80 to 21 with nf_conntrack_ftp loaded >> results in a kernel crash, when connecting to port 80 from a remote >> host. This seems to be a problem for kernels > 2.6.18 including 2.6.24. >> >> Steps to Reproduce: >> >> host1> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT >> --to :21 >> host1> iptables -t filter -A INPUT -i eth0 -m state --state NEW -m tcp >> -p tcp --dport 21 -j ACCEPT >> host1> modprobe ip_conntrack_ftp >> host2> telnet host1 80 >> >> Attached is the kernel crash log for kernel 2.6.23.9-85.fc8PAE. I was >> told that this kernel crash dump is incomplete, but it took several >> attempts to get a log with more that 5 lines over serial console. The >> kernel seems to die too fast. > > > This is already fixed in 2.6.23.10. > - > To unsubscribe from this list: send the line "unsubscribe > netfilter-devel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Thomas Woerner Software Engineer Phone: +49-711-96437-310 Red Hat GmbH Fax : +49-711-96437-111 Hauptstaetterstr. 58 Email: Thomas Woerner D-70178 Stuttgart Web : http://www.redhat.de/ --------------050301020107000304050700 Content-Type: text/plain; name="oups3" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="oups3" stack segment: 0000 [1] SMP CPU 3 Modules linked in: nf_conntrack_ftp ipt_REJECT ipt_LOG xt_state iptable_filter xt_tcpudp iptable_nat nf_nat nf_conntrack_ipv4 nf_conntrack nfnetlink ip_tables x_tables cpufreq_ondemand dm_mirror dm_multipath dm_mod snd_intel8x0 snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss cfi_cmdset_0002 cfi_util snd_mixer_oss shpchp jedec_probe firewire_ohci firewire_core cfi_probe gen_probe snd_pcm parport_pc ck804xrom k8temp hwmon parport floppy sr_mod mtd chipreg map_funcs cdrom snd_timer forcedeth snd pcspkr soundcore sg i2c_nforce2 crc_itu_t serio_raw button snd_page_alloc i2c_core pata_amd ata_generic sata_nv libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd Pid: 0, comm: swapper Not tainted 2.6.23.14-107.fc8 #1 RIP: 0010:[] [] :nf_nat:nf_nat_move_storage+0x2f/0x8a RSP: 0018:ffff810001f7f9d0 EFLAGS: 00010206 RAX: 0000000000000008 RBX: ffff81007d306d08 RCX: ffff81007d306d00 RDX: ffff81007d306d00 RSI: ffff81007d306d20 RDI: ffff81007c1f8130 RBP: 73616c636632785c R08: ffff81007c1f8130 R09: 0000000000000000 R10: 000000004646dc9c R11: ffffffff8826a304 R12: ffff81007d306d20 R13: 0000000000000038 R14: 0000000000000001 R15: 0000000000000000 FS: 00002aaaad752260(0000) GS:ffff81007fead380(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: 00002aaaaace9958 CR3: 000000007c3df000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process swapper (pid: 0, threadinfo ffff810040f12000, task ffff810001f76820) Stack: 0000000000000070 ffff81007c1f8130 ffff81007fefb600 ffffffff8826bb32 0106d7be00000000 0000000000000000 ffffffff882a2640 ffff81007c1f8130 ffff81007c1f8130 0000000000000000 0000000000000001 ffffffff88269b3f Call Trace: [] :nf_conntrack:__nf_ct_ext_add+0x136/0x1bc [] :nf_conntrack:nf_ct_helper_ext_add+0xd/0x1c [] :nf_conntrack:nf_conntrack_alter_reply+0x89/0xb4 [] :nf_nat:nf_nat_setup_info+0x3f1/0x548 [] :iptable_nat:ipt_dnat_target+0x141/0x14c [] _write_lock_bh+0x9/0x1c [] :nf_conntrack:__nf_ct_refresh_acct+0x137/0x178 [] :ip_tables:ipt_do_table+0x4d6/0x592 [] :nf_nat:nf_nat_protocol_register+0xd/0x4a [] :iptable_nat:nf_nat_rule_find+0x17/0x57 [] :iptable_nat:nf_nat_fn+0x190/0x1bc [] :iptable_nat:nf_nat_in+0x23/0x9f [] nf_iterate+0x41/0x7d [] ip_rcv_finish+0x0/0x30b [] nf_hook_slow+0x5d/0xc0 [] ip_rcv_finish+0x0/0x30b [] ip_rcv+0x25c/0x58d [] netif_receive_skb+0x192/0x3ae [] __update_rq_clock+0x1a/0xed [] :forcedeth:nv_napi_poll+0x544/0x6cd [] net_rx_action+0xa8/0x1a3 [] __do_softirq+0x55/0xc3 [] ack_apic_level+0x10/0xd9 [] call_softirq+0x1c/0x28 [] do_softirq+0x2c/0x85 [] irq_exit+0x3f/0x84 [] do_IRQ+0x13e/0x161 [] default_idle+0x0/0x3d [] ret_from_intr+0x0/0xa [] lapic_next_event+0x0/0xa [] default_idle+0x29/0x3d [] cpu_idle+0x94/0xbc Code: 48 f7 45 78 80 01 00 00 74 4c 48 c7 c7 e0 18 28 88 e8 87 f2 RIP [] :nf_nat:nf_nat_move_storage+0x2f/0x8a RSP Kernel panic - not syncing: Aiee, killing interrupt handler! --------------050301020107000304050700--