← Back to team overview

kernel-packages team mailing list archive

[Bug 1466135] Re: nf_conntrack releases a conntrack with non-zero refcnt

 

I confirmed that the bug is no longer peresent when using linux-
image-3.13.0-58-generic_3.13.0-58.97_amd64 from trusty-proposed, using
the reproduction instructions from #2.

Thanks!

** Tags removed: verification-needed-trusty
** Tags added: verification-done-trusty

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1466135

Title:
  nf_conntrack releases a conntrack with non-zero refcnt

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Trusty:
  Fix Committed

Bug description:
  [Impact]
  Occasionally starting new containers or creating new net namespaces may soft lockup because of improper refcounting of conntrack entires.

  In the issue that I face, I can find a kworker thread using up an
  entire core, and when I cat /proc/$pid/stack I see this:

  <ffffffffbe01e9b6>] ___preempt_schedule+0x56/0xb0
  [<ffffffffc02223e4>] nf_ct_iterate_cleanup+0x134/0x160 [nf_conntrack]
  [<ffffffffc0223dae>] nf_conntrack_cleanup_net_list+0x4e/0x170
  [nf_conntrack]
  [<ffffffffc022436d>] nf_conntrack_pernet_exit+0x4d/0x60 [nf_conntrack]
  [<ffffffffbe6040d3>] ops_exit_list.isra.1+0x53/0x60
  [<ffffffffbe6048d0>] cleanup_net+0x100/0x1d0
  [<ffffffffbe084991>] process_one_work+0x171/0x470
  [<ffffffffbe08563b>] worker_thread+0x11b/0x3a0
  [<ffffffffbe08bb82>] kthread+0xd2/0xf0
  [<ffffffffbe71757c>] ret_from_fork+0x7c/0xb0
  [<ffffffffffffffff>] 0xffffffffffffffff

  The kworker is looping forever and failing to clean up conntrack state.
  All the while, it holds the global netns lock. Given that I've bisected
  to commit e53376bef2cd97d3e3f61fdc677fb8da7d03d0da which is to do with refcounting, I suspect that borked refcounting on conntrack entries makes them impossible to properly free/destroy, which prevents this worker from cleaning up the namespace, which then goes on to prevent anything else from interacting with namespaces (add/delete/etc).

  [Test Case]
  bug 1403152 has a testcase which can occasionally hit this issue

  [Fix]
  $ git describe --contains e53376bef2cd97d3e3f61fdc677fb8da7d03d0da
  v3.14-rc3~36^2~28^2~12

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1466135/+subscriptions


References