Bug 861597

Summary: oops in nf_ct_net_exit
Product: Red Hat Enterprise Linux 6 Reporter: Steve Dickson <steved>
Component: kernelAssignee: Red Hat Kernel Manager <kernel-mgr>
Status: CLOSED DUPLICATE QA Contact: Red Hat Kernel QE team <kernel-qe>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.4Keywords: Patch
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-10-23 04:42:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steve Dickson 2012-09-29 12:01:02 UTC 
Description of problem:

RIP: 0010:[<ffffffffa02fb110>] [<ffffffffa02fb110>] nf_ct_net_exit+0x20/0x60 [nf_defrag_ipv6]
RSP: 0018:ffff88003ef9fe00 EFLAGS: 00010286
RAX: ffffffffa02fb0f0 RBX: ffff88003b2291c0 RCX: 0000000000000000
RDX: 000000000000000d RSI: 00000000000001ae RDI: 0000000000000000
RBP: ffff88003ef9fe10 R08: 0000000000000000 R09: 00000000000001ae
R10: 0000000000000001 R11: 0000000000000000 R12: ffff88003b2291c0
R13: ffffffff81440900 R14: ffff88003ef9ffd8 R15: ffff8800022194c8
FS: 0000000000000000(0000) GS:ffff880002300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b
CR2: 0000000000000028 CR3: 000000003dc4c000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process netns (pid: 15, threadinfo ffff88003ef9e000, task ffff88003ef9d540)
Stack:
ffffffffa02fcc00 ffff88003b2291c0 ffff88003ef9fe30 ffffffff8144096e
<d> ffff8800022194c0 ffff8800022194c0 ffff88003ef9fee0 ffffffff8108e160
<d> 0000000000000000 0000000000000000 ffff88003ef9fe60 ffff88003ef9dbb8
Call Trace:
[<ffffffff8144096e>] cleanup_net+0x6e/0xa0
[<ffffffff8108e160>] worker_thread+0x170/0x2a0
[<ffffffff81093f50>] ? autoremove_wake_function+0x0/0x40
[<ffffffff8108dff0>] ? worker_thread+0x0/0x2a0
[<ffffffff81093be6>] kthread+0x96/0xa0
[<ffffffff8100c14a>] child_rip+0xa/0x20
[<ffffffff81093b50>] ? kthread+0x0/0xa0
[<ffffffff8100c140>] ? child_rip+0x0/0x20
Code: 66 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 48 83 ec 10 48 89 1c 24 4c 89 64 24 08 0f 1f 44 00 00 48 89 fb 48 8b bf 48 08 00 00 <4c> 8b 67 28 e8 87 4a 1f e1 48 81 fb c0 e0 00 82 74 08 4c 89 e7
RIP [<ffffffffa02fb110>] nf_ct_net_exit+0x20/0x60 [nf_defrag_ipv6]
RSP <ffff88003ef9fe00>
CR2: 0000000000000028

Version-Release number of selected component (if applicable):
kernel-2.6.32-312

How reproducible:
often 

Steps to Reproduce:
1. Boot or bring down the kernel. 
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Steve Dickson 2012-09-29 12:02:54 UTC 
Seems to fix the problem:

commit 4b7cc7fc26598914ba202d04d4196efb26b22e69
Author: Konstantin Khlebnikov <khlebnikov>
Date:   Tue Sep 25 06:07:50 2012 +0000

    nf_defrag_ipv6: fix oops on module unloading
    
    fix copy-paste error introduced in linux-next commit
    "ipv6: add a new namespace for nf_conntrack_reasm"
    
    Signed-off-by: Konstantin Khlebnikov <khlebnikov>
    Cc: Amerigo Wang <amwang>
    Cc: David S. Miller <davem>
    Acked-by: Cong Wang <amwang>
    Signed-off-by: David S. Miller <davem>

diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 1af12fd..18bd9bb 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -106,7 +106,7 @@ static int __net_init nf_ct_frag6_sysctl_register(struct net *net)
 	if (hdr == NULL)
 		goto err_reg;
 
-	net->ipv6.sysctl.frags_hdr = hdr;
+	net->nf_frag.sysctl.frags_hdr = hdr;
 	return 0;
 
 err_reg:
Comment 3 Linda Wang 2012-10-23 04:42:15 UTC 

*** This bug has been marked as a duplicate of bug 726807 ***