lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:	Tue, 16 Feb 2010 12:15:28 +0100
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Ramblewski David <David.Ramblewski@...sorigin.com>
Cc:	"netfilter-devel@...r.kernel.org" <netfilter-devel@...r.kernel.org>,
	netdev <netdev@...r.kernel.org>
Subject: RE: kernel stack  trace using conntrack

Le mardi 16 février 2010 à 11:25 +0100, Ramblewski David a écrit :
> Here it is:
> 
> [root@...nch03s ~]# uname -a
> Linux obench03s 2.6.32.8 #1 SMP PREEMPT Wed Feb 10 17:32:16 CET 2010 i686 i686 i386 GNU/Linux
> 
> [root@...nch03s ~]# lsmod
> Module                  Size  Used by
> nf_conntrack_netlink     9810  0
> nf_conntrack           50283  1 nf_conntrack_netlink
> bonding                69153  0
> usbhid                 14557  0
> ipmi_si                29902  0
> rtc_cmos                7175  0
> bnx2                   53497  0
> hpwdt                   5548  0
> rtc_core               11461  1 rtc_cmos
> rtc_lib                 2022  1 rtc_core
> hpilo                   6051  0
> ipmi_msghandler        27670  1 ipmi_si
> ehci_hcd               27584  0
> uhci_hcd               16357  0
> usbcore               120714  4 usbhid,ehci_hcd,uhci_hcd
> dm_mod                 49320  0
> [root@...nch03s ~]#
> 
> 
> [root@...nch03s ~]# iptables --version
> iptables v1.4.0
> [root@...nch03s ~]# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> [root@...nch03s ~]# iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> [root@...nch03s ~]# conntrack -L
> udp      17 27 src=10.24.230.151 dst=10.26.103.28 sport=510 dport=516 packets=5 bytes=295 [UNREPLIED] src=10.26.103.28 dst=10.24.230.151 sport=516 dport=510 packets=0 bytes=0 mark=0 secmark=0 use=2
> tcp      6 299 ESTABLISHED src=10.26.103.28 dst=10.28.64.65 sport=22 dport=53497 packets=89 bytes=8628 src=10.28.64.65 dst=10.26.103.28 sport=53497 dport=22 packets=127 bytes=10396 [ASSURED] mark=0 secmark=0 use=2
> udp      17 21 src=127.0.0.1 dst=127.0.0.1 sport=32070 dport=161 packets=6 bytes=492 [UNREPLIED] src=127.0.0.1 dst=127.0.0.1 sport=161 dport=32070 packets=0 bytes=0 mark=0 secmark=0 use=2
> conntrack v0.9.14 (conntrack-tools): 3 flow entries have been shown.
> [root@...nch03s ~]#
> 
> David

OK thanks David, I reproduced the problem on latest net-next-2.6 tree
too. I wonder why nobody hit this before.


[352468.556484] ------------[ cut here ]------------
[352468.556511] WARNING: at net/netfilter/nf_conntrack_extend.c:82
__nf_ct_ext_add+0x1c2/0x1e0 [nf_conntrack]()
[352468.556559] Hardware name: ProLiant BL460c G1
[352468.556582] Modules linked in: nf_defrag_ipv4 nf_conntrack_netlink
nf_conntrack sch_hfsc sch_sfq ipmi_devintf ipmi_si ipmi_msghandler hpilo
bonding [last unloaded: nf_conntrack_ipv4]
[352468.556675] Pid: 18852, comm: conntrack Tainted: G        W
2.6.33-rc5-02754-g0ea034c-dirty #545
[352468.556721] Call Trace:
[352468.556742]  [<c054d45f>] ? printk+0x1d/0x26
[352468.556767]  [<c023bbc2>] warn_slowpath_common+0x72/0xa0
[352468.556795]  [<fee75e42>] ? __nf_ct_ext_add+0x1c2/0x1e0
[nf_conntrack]
[352468.556825]  [<fee75e42>] ? __nf_ct_ext_add+0x1c2/0x1e0
[nf_conntrack]
[352468.556854]  [<c023bc0a>] warn_slowpath_null+0x1a/0x20
[352468.556882]  [<fee75e42>] __nf_ct_ext_add+0x1c2/0x1e0 [nf_conntrack]
[352468.556911]  [<fee70dcc>] ? nf_conntrack_alloc+0x10c/0x1a0
[nf_conntrack]
[352468.556940]  [<feecaf59>] ctnetlink_create_conntrack+0x339/0x360
[nf_conntrack_netlink]
[352468.556987]  [<feeca26b>] ? ctnetlink_parse_tuple+0x14b/0x1c0
[nf_conntrack_netlink]
[352468.557039]  [<fee6fd60>] ? __nf_conntrack_find+0x70/0x100
[nf_conntrack]
[352468.557068]  [<feecb090>] ctnetlink_new_conntrack+0x110/0x680
[nf_conntrack_netlink]
[352468.557113]  [<c04d93b5>] nfnetlink_rcv_msg+0x125/0x180
[352468.557140]  [<c054ec57>] ? __mutex_lock_slowpath+0x197/0x230
[352468.557167]  [<c04d9290>] ? nfnetlink_rcv_msg+0x0/0x180
[352468.557194]  [<c04d5896>] netlink_rcv_skb+0x96/0xc0
[352468.557219]  [<c04d927c>] nfnetlink_rcv+0x1c/0x30
[352468.557245]  [<c04d5545>] netlink_unicast+0x255/0x2a0
[352468.557274]  [<c04d5d3f>] netlink_sendmsg+0x1af/0x2b0
[352468.557300]  [<c04a86ec>] sock_sendmsg+0xac/0xe0
[352468.559358]  [<c029d042>] ? find_get_page+0x22/0xd0
[352468.559385]  [<c029d9dc>] ? filemap_fault+0x8c/0x3c0
[352468.559410]  [<c04a905a>] sys_sendto+0xaa/0xd0
[352468.559436]  [<c02b3780>] ? __do_fault+0x370/0x470
[352468.559462]  [<c02b54d9>] ? handle_mm_fault+0x1d9/0x7d0
[352468.559488]  [<c04aa245>] sys_socketcall+0x195/0x280
[352468.559514]  [<c0202c50>] sysenter_do_call+0x12/0x26
[352468.559539] ---[ end trace 6ecb842e4e35a653 ]---

Could you try following patch ?

Thanks

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 0ffe689..d2657aa 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -923,7 +923,7 @@ ctnetlink_change_status(struct nf_conn *ct, const struct nlattr * const cda[])
 	unsigned int status = ntohl(nla_get_be32(cda[CTA_STATUS]));
 	d = ct->status ^ status;
 
-	if (d & (IPS_EXPECTED|IPS_CONFIRMED|IPS_DYING))
+	if (d & (IPS_EXPECTED|IPS_DYING))
 		/* unchangeable */
 		return -EBUSY;
 
@@ -938,7 +938,7 @@ ctnetlink_change_status(struct nf_conn *ct, const struct nlattr * const cda[])
 	/* Be careful here, modifying NAT bits can screw up things,
 	 * so don't let users modify them directly if they don't pass
 	 * nf_nat_range. */
-	ct->status |= status & ~(IPS_NAT_DONE_MASK | IPS_NAT_MASK);
+	ct->status |= status & ~(IPS_NAT_DONE_MASK | IPS_NAT_MASK | IPS_CONFIRMED);
 	return 0;
 }
 
@@ -1193,7 +1193,6 @@ ctnetlink_create_conntrack(const struct nlattr * const cda[],
 	ct->timeout.expires = ntohl(nla_get_be32(cda[CTA_TIMEOUT]));
 
 	ct->timeout.expires = jiffies + ct->timeout.expires * HZ;
-	ct->status |= IPS_CONFIRMED;
 
 	rcu_read_lock();
  	if (cda[CTA_HELP]) {
@@ -1296,6 +1295,7 @@ ctnetlink_create_conntrack(const struct nlattr * const cda[],
 	}
 
 	add_timer(&ct->timeout);
+	ct->status |= IPS_CONFIRMED;
 	nf_conntrack_hash_insert(ct);
 	rcu_read_unlock();
 


--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists