Bug 867688

Summary: sysctl table check failed: /net/ipv6/nf_conntrack_frag6_low_thresh Unknown sysctl binary path
Product: Red Hat Enterprise Linux 6 Reporter: Cong Wang <amwang>
Component: kernelAssignee: Cong Wang <amwang>
Status: CLOSED ERRATA QA Contact: Hangbin Liu <haliu>
Severity: low Docs Contact:
Priority: medium    
Version: 6.3CC: kzhang, rkhan
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 06:51:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Proposed patch none

Description Cong Wang 2012-10-18 05:28:30 UTC 
Description of problem:
On kernel-debug, I got the following error:

ip_tables: (C) 2000-2006 Netfilter Core Team
nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
ip6_tables: (C) 2000-2006 Netfilter Core Team
sysctl table check failed: /net/ipv6/nf_conntrack_frag6_low_thresh .3.12.30 Unkn
own sysctl binary path
Pid: 5079, comm: modprobe Not tainted 2.6.32-333.el6.x86_64.debug #1
Call Trace:
 [<ffffffff810a3ca9>] ? set_fail+0x59/0x60
 [<ffffffff810a4054>] ? sysctl_check_table+0x3a4/0x6c0
 [<ffffffff810a406e>] ? sysctl_check_table+0x3be/0x6c0
 [<ffffffff810a406e>] ? sysctl_check_table+0x3be/0x6c0
 [<ffffffff8107a6ad>] ? __register_sysctl_paths+0x11d/0x350
 [<ffffffff810b1d1d>] ? trace_hardirqs_on_caller+0x14d/0x190
 [<ffffffff8153aefa>] ? __mutex_lock_common+0x2ca/0x400
 [<ffffffff8146c56f>] ? register_pernet_subsys+0x1f/0x50
 [<ffffffff8151de31>] ? register_net_sysctl_table+0x61/0x70
 [<ffffffffa03061ab>] ? nf_ct_net_init+0x5b/0xe0 [nf_defrag_ipv6]
 [<ffffffff8146c2ea>] ? register_pernet_operations+0x6a/0xe0
 [<ffffffffa030b000>] ? nf_defrag_init+0x0/0x54 [nf_defrag_ipv6]
 [<ffffffff8146c57e>] ? register_pernet_subsys+0x2e/0x50
 [<ffffffffa03062ab>] ? nf_ct_frag6_init+0x7b/0xa0 [nf_defrag_ipv6]
 [<ffffffff8109f10b>] ? __blocking_notifier_call_chain+0x6b/0x90
 [<ffffffffa030b00e>] ? nf_defrag_init+0xe/0x54 [nf_defrag_ipv6]
 [<ffffffff8100204c>] ? do_one_initcall+0x3c/0x1d0
 [<ffffffff810c4d03>] ? sys_init_module+0xe3/0x260
 [<ffffffff8100b072>] ? system_call_fastpath+0x16/0x1b
nown sysctl binary path
Pid: 5079, comm: modprobe Not tainted 2.6.32-333.el6.x86_64.debug #1
Call Trace:
 [<ffffffff810a3ca9>] ? set_fail+0x59/0x60
 [<ffffffff810a4054>] ? sysctl_check_table+0x3a4/0x6c0
 [<ffffffff810a406e>] ? sysctl_check_table+0x3be/0x6c0
 [<ffffffff810a406e>] ? sysctl_check_table+0x3be/0x6c0
 [<ffffffff8107a6ad>] ? __register_sysctl_paths+0x11d/0x350
 [<ffffffff810b1d1d>] ? trace_hardirqs_on_caller+0x14d/0x190
 [<ffffffff8153aefa>] ? __mutex_lock_common+0x2ca/0x400
 [<ffffffff8146c56f>] ? register_pernet_subsys+0x1f/0x50
 [<ffffffff8151de31>] ? register_net_sysctl_table+0x61/0x70
 [<ffffffffa03061ab>] ? nf_ct_net_init+0x5b/0xe0 [nf_defrag_ipv6]
 [<ffffffff8146c2ea>] ? register_pernet_operations+0x6a/0xe0
 [<ffffffffa030b000>] ? nf_defrag_init+0x0/0x54 [nf_defrag_ipv6]
 [<ffffffff8146c57e>] ? register_pernet_subsys+0x2e/0x50
 [<ffffffffa03062ab>] ? nf_ct_frag6_init+0x7b/0xa0 [nf_defrag_ipv6]
 [<ffffffff8109f10b>] ? __blocking_notifier_call_chain+0x6b/0x90
 [<ffffffffa030b00e>] ? nf_defrag_init+0xe/0x54 [nf_defrag_ipv6]
 [<ffffffff8100204c>] ? do_one_initcall+0x3c/0x1d0
 [<ffffffff810c4d03>] ? sys_init_module+0xe3/0x260
 [<ffffffff8100b072>] ? system_call_fastpath+0x16/0x1b
nf_defrag_ipv6: can't initialize frag6.
can't load conntrack support for proto=10


Version-Release number of selected component (if applicable):
2.6.32-333.el6.x86_64.debug

How reproducible:
Always

Steps to Reproduce:
1. Configure conntrack for ip6tables
2. service ip6tables restart
3. Check dmesg
  

Additional info:
Only kernel-debug has CONFIG_SYSCTL_SYSCALL_CHECK=y, so this doesn't appear on non-debug kernel.
Comment 1 Cong Wang 2012-10-18 05:30:15 UTC 
The following patch could probably fix it.


diff --git a/kernel/sysctl_check.c b/kernel/sysctl_check.c
index c914448..ae7b5fc 100644
--- a/kernel/sysctl_check.c
+++ b/kernel/sysctl_check.c
@@ -538,6 +538,9 @@ static const struct trans_ctl_table trans_net_ipv6_table[] = {
        { NET_IPV6_IP6FRAG_LOW_THRESH,  "ip6frag_low_thresh" },
        { NET_IPV6_IP6FRAG_TIME,        "ip6frag_time" },
        { NET_IPV6_IP6FRAG_SECRET_INTERVAL,     "ip6frag_secret_interval" },
+       { NET_NF_CONNTRACK_FRAG6_TIMEOUT,       "nf_conntrack_frag6_timeout" },
+       { NET_NF_CONNTRACK_FRAG6_LOW_THRESH,    "nf_conntrack_frag6_low_thresh" } ,
+       { NET_NF_CONNTRACK_FRAG6_HIGH_THRESH,   "nf_conntrack_frag6_high_thresh" },
        { NET_IPV6_MLD_MAX_MSF,         "mld_max_msf" },
        { 2088 /* IPQ_QMAX */,          "ip6_queue_maxlen" },
        {}
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 3b69838..f975f03 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -64,6 +64,7 @@ static struct inet_frags nf_frags;
 #ifdef CONFIG_SYSCTL
 struct ctl_table nf_ct_frag6_sysctl_table[] = {
        {
+               .ctl_name       = NET_NF_CONNTRACK_FRAG6_TIMEOUT,
                .procname       = "nf_conntrack_frag6_timeout",
                .data           = &init_net.nf_frag.frags.timeout,
                .maxlen         = sizeof(unsigned int),
Comment 3 Cong Wang 2012-10-18 05:38:48 UTC 
Created attachment 629168 [details]
Proposed patch

Untested.
Comment 4 RHEL Program Management 2012-10-18 05:50:49 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release.  Product
Management has requested further review of this request by
Red Hat Engineering, for potential inclusion in a Red Hat
Enterprise Linux release for currently deployed products.
This request is not yet committed for inclusion in a release.
Comment 5 Jarod Wilson 2012-10-23 20:24:06 UTC 
Patch(es) available on kernel-2.6.32-336.el6
Comment 10 errata-xmlrpc 2013-02-21 06:51:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0496.html