Bug 430663 - kernel crash in nf_nat_move_storage
Summary: kernel crash in nf_nat_move_storage
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel   
(Show other bugs)
Version: 8
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2008-01-29 11:37 UTC by Thomas Woerner
Modified: 2008-02-11 22:39 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-02-11 22:39:30 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
All necessary files to reproduce the problem (20.00 KB, application/x-tar)
2008-01-29 11:37 UTC, Thomas Woerner
no flags Details
x86_64 crash log for (3.71 KB, text/plain)
2008-01-30 15:57 UTC, Thomas Woerner
no flags Details

Description Thomas Woerner 2008-01-29 11:37:59 UTC
Description of problem:
Using port forwarding from 80 to 21 with nf_conntrack_ftp loaded results in a
kernel crash, when connecting to port 80.

Version-Release number of selected component (if applicable):
Affected are kernels > 2.6.18 in F-7, F-8 and rawhide including
kernel-2.6.24-2.fc9. The RHEL-5 kernel is not crashing.

How reproducible:

Steps to Reproduce:
1. Set up port forwarding from port 80 to 21
2. Load nf_conntrack_ftp
3. Use telnet to connect to port 80 from remote.
Actual results:
Kernel crash

Expected results:
No crash

Additional info:
Please have a look at the attachment, all necesssary files are included:


Comment 1 Thomas Woerner 2008-01-29 11:37:59 UTC
Created attachment 293255 [details]
All necessary files to reproduce the problem

Comment 2 Chuck Ebbert 2008-01-29 17:09:15 UTC
The oops report is truncated at column 80 and is incomplete.

Comment 3 Chuck Ebbert 2008-01-29 17:31:41 UTC
Please post the complete oops report from

Comment 4 Chuck Ebbert 2008-01-29 17:50:00 UTC
This was supposedly fixed in and 2.6.24.

Comment 5 Thomas Woerner 2008-01-30 11:42:14 UTC
It is not fixed in 2.6.24, please see comment #0

After several attempts to get a crash dump over serial console, which is longer
than 2 to 5 lines, I was able to get the one which is already attached. I tried
to get a more complete one, but failed. It seems that the kernel is dying too
fast to get the dump out.

Steps to reproduce:
host1> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to :21
host1> iptables -t filter -A INPUT -i eth0 -m state --state NEW -m tcp -p tcp
--dport 21 -j ACCEPT
host1> modprobe ip_conntrack_ftp
host2> telnet host1 80

When you are opening the telnet connection to port 80 the kernel on host1 is
crashing immediately.

Comment 6 Thomas Woerner 2008-01-30 15:57:13 UTC
Created attachment 293422 [details]
x86_64 crash log for

Here is the crash log of kernel on my x86_64 system. The i386
system seems to be ok, but on x86_64 there is still a problem after starting
the ftp server and using 'echo "quit" | telnet test-system 80' several times.

Comment 7 Thomas Woerner 2008-01-30 16:19:30 UTC
The 2.6.24-7.fc9 seems to be ok on i686, but not on x86_64. The first telnet to
port 80 is reulting in a crash. Should I open another bug for this one against

Comment 8 Chuck Ebbert 2008-01-31 01:21:06 UTC
huh, #SS fault:

   0:   48 f7 45 78 80 01 00    testq  $0x180,0x78(%rbp)
   7:   00
   8:   74 4c                   je     0x56
   a:   48 c7 c7 e0 18 28 88    mov    $0xffffffff882818e0,%rdi

%rbp has a bogus (non-canonical) address. On i386 there is no such test possible
so it will just dereference the address if it is mapped.

The register contains 8 valid ASCII chars: "salcf x\"

Comment 9 Chuck Ebbert 2008-02-06 18:20:18 UTC
Fixed in

Comment 10 Fedora Update System 2008-02-11 03:34:19 UTC
kernel- has been submitted as an update for Fedora 8

Comment 11 Fedora Update System 2008-02-11 22:39:05 UTC
kernel- has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.