From: Gao feng <gaofeng@cn.fujitsu.com>
To: canqun zhang <canqunzhang@gmail.com>
Cc: Patrick McHardy <kaber@trash.net>,
netfilter-devel@vger.kernel.org, netfilter@vger.kernel.org,
linux-kernel@vger.kernel.org,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>
Subject: Re: kernel panic when running /etc/init.d/iptables restart
Date: Tue, 25 Dec 2012 16:38:17 +0800 [thread overview]
Message-ID: <50D965F9.7090007@cn.fujitsu.com> (raw)
In-Reply-To: <CAFFEFTULzSysz+JCBC==VtKD8u1KO6EZnSdQ5XWM7um-zs9_pg@mail.gmail.com>
On 2012/12/25 15:25, canqun zhang wrote:
> Hi Gao feng
> The stack information is as follows. The kenel will panic because the
> nf_ct_destroy is NULL.
>
> Reproduction:
> (1) starting a lxc container
> (2) iptables -t nat -A POSTROUTING -s 10.48.254.18 -o eth1 -j
> MASQUERADE (run it on host machine)
> (3) /etc/ini.d/iptables save (run it on host machine)
> (4)/etc/init.d/iptables restart (run it on host machine)
>
Thanks!
It seems that nf_conntrack_l[3,4]proto_unregister doesn't make sure
nf_conns of the proto being destroyed.
If I'm right, there is another problem even your fix this panic problem.
the l3,14proto will be unregistered before all of it's nf_conns being destroyed.
So even nf_ct_destroy is not NULL,in destroy_conntrack we are not able to
find the right l4proto,the l4proto->destroy will be incorrect.resources will
not be released correctly.
So I think the root problem is we do register/unregister, set/unset both on the
first net (init_net), Maybe it's better to do register set on the first net, and
do unregister unset on the last net.
next prev parent reply other threads:[~2012-12-25 8:38 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-24 5:51 kernel panic when running /etc/init.d/iptables restart canqun zhang
2012-12-24 5:51 ` canqun zhang
2012-12-24 5:51 ` canqun zhang
2012-12-25 5:36 ` Gao feng
2012-12-25 5:36 ` Gao feng
2012-12-25 7:25 ` canqun zhang
2012-12-25 7:25 ` canqun zhang
2012-12-25 8:38 ` Gao feng [this message]
2012-12-25 10:45 ` canqun zhang
2012-12-28 3:27 ` canqun zhang
2012-12-28 3:39 ` canqun zhang
2012-12-25 8:50 ` Gao feng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50D965F9.7090007@cn.fujitsu.com \
--to=gaofeng@cn.fujitsu.com \
--cc=canqunzhang@gmail.com \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.