← Back to team overview

kernel-packages team mailing list archive

[Bug 1314274] Re: BUG in nf_nat_cleanup_conntrack

 

** Branch linked: lp:ubuntu/precise-proposed/linux-lts-trusty

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1314274

Title:
  BUG in nf_nat_cleanup_conntrack

Status in The Linux Kernel:
  Unknown
Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux” source package in Trusty:
  Fix Committed
Status in “linux” source package in Utopic:
  Fix Released

Bug description:
  SRU Justification:

  [Impact]
  A race condition can occur that can be triggered when cleaning up LXC containers that use NAT/netns. 

  [Fix]
  http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=945b2b2d259d1a4364a2799e80e8ff32f8c6ee6f

  [Testcase]
  Using many LXC containers with NAT/netns and creating and destroying may trigger this issue.

  --

  Seeing this bug, which has been reported upstream:

  https://bugzilla.kernel.org/show_bug.cgi?id=65191

  Our stacktrace:

  [17792296.022138] BUG: unable to handle kernel paging request at ffffc9000340a750
  [17792296.022161] IP: [<ffffffffa0137200>] nf_nat_cleanup_conntrack+0x40/0x70 [nf_nat]
  [17792296.022173] PGD 1b6426067 PUD 1b6427067 PMD 156481067 PTE 0
  [17792296.022196] Oops: 0002 [#1] SMP
  [17792296.022205] Modules linked in: xt_nat veth tcp_diag inet_diag xt_CHECKSUM iptable_mangle ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat bridge stp llc xt_owner ipt_REJECT xt_LOG xt_limit nf_conntrack_ipv4 nf_defrag_ipv4 xt_tcpudp xt_conntrack nf_conntrack iptable_filter ip_tables x_tables isofs dm_crypt raid10 raid456 async_memcpy async_raid6_recov async_pq async_xor async_tx xor raid6_pq raid1 raid0 multipath linear
  [17792296.022254] CPU: 4 PID: 6 Comm: kworker/u16:0 Not tainted 3.13.0-24-generic #46-Ubuntu
  [17792296.022267] Workqueue: netns cleanup_net
  [17792296.022271] task: ffff8801b39e0000 ti: ffff8801b39dc000 task.ti: ffff8801b39dc000
  [17792296.022276] RIP: e030:[<ffffffffa0137200>]  [<ffffffffa0137200>] nf_nat_cleanup_conntrack+0x40/0x70 [nf_nat]
  [17792296.022286] RSP: e02b:ffff8801b39ddcb8  EFLAGS: 00010246
  [17792296.022290] RAX: 0000000000000000 RBX: ffff880081691508 RCX: ffff8801b26b8988
  [17792296.022297] RDX: ffffc9000340a750 RSI: 000000001e321e30 RDI: ffffffffa013a4c0
  [17792296.022302] RBP: ffff8801b39ddcc0 R08: 0000000000000200 R09: 0000000000000000
  [17792296.022306] R10: 0000000000007ff0 R11: 0000000000000005 R12: ffff880081691480
  [17792296.022312] R13: ffff8800c07d0000 R14: ffff8800c07d0008 R15: ffff8801b26b8000
  [17792296.022324] FS:  00007fcd1d936740(0000) GS:ffff8801bed00000(0000) knlGS:0000000000000000
  [17792296.022329] CS:  e033 DS: 0000 ES: 0000 CR0: 000000008005003b
  [17792296.022333] CR2: ffffc9000340a750 CR3: 0000000001c0e000 CR4: 0000000000002660
  [17792296.022339] Stack:
  [17792296.022342]  0000000000000001 ffff8801b39ddce8 ffffffffa00f15a4 ffff8800c07d0000
  [17792296.022351]  ffff8801b26b8000 ffffffffa00b92c0 ffff8801b39ddd08 ffffffffa00e92d5
  [17792296.022358]  ffff8800c07d0000 ffff8801b26b8000 ffff8801b39ddd28 ffffffffa00ea7b4
  [17792296.022366] Call Trace:
  [17792296.022379]  [<ffffffffa00f15a4>] __nf_ct_ext_destroy+0x44/0x60 [nf_conntrack]
  [17792296.022388]  [<ffffffffa00e92d5>] nf_conntrack_free+0x25/0x60 [nf_conntrack]
  [17792296.022397]  [<ffffffffa00ea7b4>] destroy_conntrack+0xb4/0x110 [nf_conntrack]
  [17792296.022407]  [<ffffffffa00ee260>] ? nf_conntrack_helper_fini+0x30/0x30 [nf_conntrack]
  [17792296.022415]  [<ffffffff81649d77>] nf_conntrack_destroy+0x17/0x20
  [17792296.022423]  [<ffffffffa00ea23b>] nf_ct_iterate_cleanup+0x12b/0x150 [nf_conntrack]
  [17792296.022433]  [<ffffffffa00ee53d>] nf_ct_l3proto_pernet_unregister+0x1d/0x20 [nf_conntrack]
  [17792296.022441]  [<ffffffffa00b7309>] ipv4_net_exit+0x19/0x50 [nf_conntrack_ipv4]
  [17792296.022448]  [<ffffffff81612b49>] ops_exit_list.isra.1+0x39/0x60
  [17792296.022453]  [<ffffffff816133d0>] cleanup_net+0x110/0x250
  [17792296.022464]  [<ffffffff810838a2>] process_one_work+0x182/0x450
  [17792296.022470]  [<ffffffff81084641>] worker_thread+0x121/0x410
  [17792296.022476]  [<ffffffff81084520>] ? rescuer_thread+0x3e0/0x3e0
  [17792296.022483]  [<ffffffff8108b312>] kthread+0xd2/0xf0
  [17792296.022488]  [<ffffffff8108b240>] ? kthread_create_on_node+0x1d0/0x1d0
  [17792296.022496]  [<ffffffff8172637c>] ret_from_fork+0x7c/0xb0
  [17792296.022501]  [<ffffffff8108b240>] ? kthread_create_on_node+0x1d0/0x1d0
  [17792296.022505] Code: 53 0f b6 58 11 84 db 74 45 48 01 c3 74 40 48 83 7b 10 00 74 39 48 c7 c7 c0 a4 13 a0 e8 0a 68 5e e1 48 8b 03 48 8b 53 08 48 85 c0 <48> 89 02 74 04 48 89 50 08 48 b8 00 02 20 00 00 00 ad de 48 c7
  [17792296.022550] RIP  [<ffffffffa0137200>] nf_nat_cleanup_conntrack+0x40/0x70 [nf_nat]
  [17792296.022557]  RSP <ffff8801b39ddcb8>
  [17792296.022560] CR2: ffffc9000340a750
  [17792296.022569] ---[ end trace 321f62b987d4a83b ]---
  [17792296.022573] Kernel panic - not syncing: Fatal exception in interrupt

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: linux-image-3.13.0-24-generic 3.13.0-24.46
  ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
  Uname: Linux 3.13.0-24-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.14.1-0ubuntu3
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC3:  sconklin   2706 F.... pulseaudio
   /dev/snd/controlC2:  sconklin   2706 F.... pulseaudio
   /dev/snd/controlC1:  sconklin   2706 F.... pulseaudio
   /dev/snd/controlC0:  sconklin   2706 F.... pulseaudio
  CurrentDesktop: Unity
  Date: Tue Apr 29 11:25:06 2014
  HibernationDevice: RESUME=UUID=e701c443-34ca-4e0f-bd28-86dbe9ace3ab
  InstallationDate: Installed on 2014-02-19 (68 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140218)
  MachineType: ASUS All Series
  ProcFB:

  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-24-generic root=UUID=1cb2ef0d-01b3-450f-bfd1-5fb647a3cb30 ro quiet splash crashkernel=384M-:128M crashkernel=384M-:128M crashkernel=384M-:128M crashkernel=384M-:128M
  RelatedPackageVersions:
   linux-restricted-modules-3.13.0-24-generic N/A
   linux-backports-modules-3.13.0-24-generic  N/A
   linux-firmware                             1.127
  RfKill:

  SourcePackage: linux
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 11/20/2013
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: 1102
  dmi.board.asset.tag: To be filled by O.E.M.
  dmi.board.name: MAXIMUS VI GENE
  dmi.board.vendor: ASUSTeK COMPUTER INC.
  dmi.board.version: Rev 1.xx
  dmi.chassis.asset.tag: Asset-1234567890
  dmi.chassis.type: 3
  dmi.chassis.vendor: Chassis Manufacture
  dmi.chassis.version: Chassis Version
  dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr1102:bd11/20/2013:svnASUS:pnAllSeries:pvrSystemVersion:rvnASUSTeKCOMPUTERINC.:rnMAXIMUSVIGENE:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion:
  dmi.product.name: All Series
  dmi.product.version: System Version
  dmi.sys.vendor: ASUS

To manage notifications about this bug go to:
https://bugs.launchpad.net/linux/+bug/1314274/+subscriptions


References