Bug 481076
Summary: | kernel BUG at net/ipv4/netfilter/ip_nat_core.c:308 | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Shad L. Lords <slords> | ||||||
Component: | kernel | Assignee: | Herbert Xu <herbert.xu> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Red Hat Kernel QE team <kernel-qe> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | 5.2 | CC: | davem, qcai, tgraf, twoerner | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | i686 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2009-09-02 08:57:41 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Shad L. Lords
2009-01-22 01:48:17 UTC
This is a kernel problem, reassigning. Have you got bridge netfilter turned on (/proc/sys/net/bridge/bridge-nf-*)? It appears that I do. [root@xen64-6 ~]# ll /proc/sys/net/bridge/bridge-nf-* -rw-r--r-- 1 root root 0 Feb 9 06:43 /proc/sys/net/bridge/bridge-nf-call-arptables -rw-r--r-- 1 root root 0 Feb 9 06:43 /proc/sys/net/bridge/bridge-nf-call-ip6tables -rw-r--r-- 1 root root 0 Feb 9 06:43 /proc/sys/net/bridge/bridge-nf-call-iptables -rw-r--r-- 1 root root 0 Feb 9 06:43 /proc/sys/net/bridge/bridge-nf-filter-vlan-tagged [root@xen64-6 ~]# cat /proc/sys/net/bridge/bridge-nf-* 0 0 0 1 Hmm, you reported the problem under 32-bit. Have you seen this crash on xen64-6 as well? Nevermind, I've found a problem in RHEL5 that can cause this. Created attachment 331395 [details]
[NETFILTER]: nf_nat: don't add NAT extension for confirmed conntracks
commit 8c87238b726e543f8af4bdb4296020a328df4744
Author: Patrick McHardy <kaber>
Date: Mon Apr 14 11:15:51 2008 +0200
[NETFILTER]: nf_nat: don't add NAT extension for confirmed conntracks
Adding extensions to confirmed conntracks is not allowed to avoid races
on reallocation. Don't setup NAT for confirmed conntracks in case NAT
module is loaded late.
The has one side-effect, the connections existing before the NAT module
was loaded won't enter the bysource hash. The only case where this actually
makes a difference is in case of SNAT to a multirange where the IP before
NAT is also part of the range. Since old connections don't enter the
bysource hash the first new connection from the IP will have a new address
selected. This shouldn't matter at all.
Signed-off-by: Patrick McHardy <kaber>
Created attachment 331396 [details]
[NETFILTER]: nf_nat: don't add NAT extension for confirmed conntracks
Not sure if this is the same thing but this is what I'm seeing from a 64-bit box. It doesn't crash during the bootup process like the 32-bit box does. It actually gets to a login prompt and will sit there for 5-10 seconds before crashing. list_del corruption. next->prev should be ffff8800 1e3e7848, but was ffffc20000096e70 ----------- [cut here ] --------- [please bite here ] --------- Kernel BUG at lib/list_debug.c:70 invalid opcode: 0000 [1] SMP last sysfs file: /block/hda/removable CPU 0 Modules linked in: blktap blkbk ipt_MASQUERADE iptable_nat ip_nat ipt_REJECT aut ofs4 ipmi_devintf ipmi_si ipmi_msghandler gfs(U) lock_dlm gfs2(U) dlm configfs b ridge netloop netbk sunrpc dm_round_robin sd_mod sg ip_conntrack_netbios_ns xt_t cpudp xt_state ip_conntrack nfnetlink xt_multiport iptable_filter ip_tables x_ta bles ib_iser rdma_cm ib_cm iw_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi scsi_transport_iscsi scsi_mod dm_multipath video sbs backlight i2c_ec button ba ttery asus_acpi ac parport_pc lp parport i2c_amd756 i2c_amd8111 k8temp tg3 k8_ed ac amd_rng shpchp pcspkr i2c_core hwmon edac_mc serio_raw dm_snapshot dm_zero dm _mirror dm_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd Pid: 0, comm: swapper Tainted: G 2.6.18-92.1.22.el5xen #1 RIP: e030:[<ffffffff8033a54f>] [<ffffffff8033a54f>] list_del+0x48/0x71 RSP: e02b:ffffffff8062fe80 EFLAGS: 00010286 RAX: 0000000000000058 RBX: ffff88001e3e7848 RCX: ffffffff804dd7a8 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 RBP: ffffffff80680800 R08: ffffffff804dd7a8 R09: 0000000000004045 R10: 0000000000000010 R11: ffffffff8034dded R12: 0000000000000100 R13: ffffffff8833a07f R14: fffffffffffffffe R15: 0000000000000000 FS: 00002b40db8b2250(0000) GS:ffffffff805b0000(0000) knlGS:0000000000000000 CS: e033 DS: 0000 ES: 0000 Process swapper (pid: 0, threadinfo ffffffff805f0000, task ffffffff804d8b00) Stack: ffff88001e3e7788 ffffffff885720cc ffff88001e3e7788 ffffffff8833b10c ffff88001e3e7788 ffffffff80292b1d ffffffff8062feb0 ffffffff8062feb0 00000100805f1ea8 0000000000000001 Call Trace: <IRQ> [<ffffffff885720cc>] :ip_nat:ip_nat_cleanup_conntrack+0x26/0x35 [<ffffffff8833b10c>] :ip_conntrack:destroy_conntrack+0x60/0xdc [<ffffffff80292b1d>] run_timer_softirq+0x13f/0x1c6 [<ffffffff80212802>] __do_softirq+0x62/0xde [<ffffffff80260da4>] call_softirq+0x1c/0x278 [<ffffffff8026dcd2>] do_softirq+0x31/0x98 [<ffffffff8026db4d>] do_IRQ+0xec/0xf5 [<ffffffff803a0c69>] evtchn_do_upcall+0x86/0xe0 [<ffffffff802608d6>] do_hypervisor_callback+0x1e/0x2c <EOI> [<ffffffff802063aa>] hypercall_page+0x3aa/0x1000 [<ffffffff802063aa>] hypercall_page+0x3aa/0x1000 [<ffffffff8026082b>] error_exit+0x0/0x6e [<ffffffff8026f139>] raw_safe_halt+0x84/0xa8 [<ffffffff8026c683>] xen_idle+0x38/0x4a [<ffffffff8024aa8e>] cpu_idle+0x97/0xba [<ffffffff805fab09>] start_kernel+0x21f/0x224 [<ffffffff805fa1e5>] _sinittext+0x1e5/0x1eb Code: 0f 0b 68 f5 ff 48 80 c2 46 00 48 8b 13 48 8b 43 08 48 89 42 RIP [<ffffffff8033a54f>] list_del+0x48/0x71 RSP <ffffffff8062fe80> <0>Kernel panic - not syncing: Fatal exception (XEN) Domain 0 crashed: rebooting machine in 5 seconds. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. Shad, can you try the patch given here and see if it helps either the 32-bit case or the 64-bit one? Thanks! I'm not able to try the patch. However if you can build a kernel and put it somewhere I'd be able to try it. Updating PM score. in kernel-2.6.18-133.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5 Please do NOT transition this bugzilla state to VERIFIED until our QE team has sent specific instructions indicating when to do so. However feel free to provide a comment indicating that this fix has been verified. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-1243.html |