Description of problem: Using port forwarding from 80 to 21 with nf_conntrack_ftp loaded results in a kernel crash, when connecting to port 80. Version-Release number of selected component (if applicable): 2.6.23.9-85.fc8PAE Affected are kernels > 2.6.18 in F-7, F-8 and rawhide including kernel-2.6.24-2.fc9. The RHEL-5 kernel is not crashing. How reproducible: Always Steps to Reproduce: 1. Set up port forwarding from port 80 to 21 2. Load nf_conntrack_ftp 3. Use telnet to connect to port 80 from remote. Actual results: Kernel crash Expected results: No crash Additional info: Please have a look at the attachment, all necesssary files are included: kernel-ftp-forward-oups/ kernel-ftp-forward-oups/etc/ kernel-ftp-forward-oups/etc/sysconfig/ kernel-ftp-forward-oups/etc/sysconfig/iptables-config kernel-ftp-forward-oups/etc/sysconfig/iptables kernel-ftp-forward-oups/tmp/ kernel-ftp-forward-oups/tmp/kernel-oups kernel-ftp-forward-oups/tmp/uname-a.out kernel-ftp-forward-oups/tmp/lsmod.out
Created attachment 293255 [details] All necessary files to reproduce the problem
The oops report is truncated at column 80 and is incomplete.
Please post the complete oops report from 2.6.24.2
This was supposedly fixed in 2.6.23.10 and 2.6.24.
It is not fixed in 2.6.24, please see comment #0 After several attempts to get a crash dump over serial console, which is longer than 2 to 5 lines, I was able to get the one which is already attached. I tried to get a more complete one, but failed. It seems that the kernel is dying too fast to get the dump out. Steps to reproduce: host1> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to :21 host1> iptables -t filter -A INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT host1> modprobe ip_conntrack_ftp host2> telnet host1 80 When you are opening the telnet connection to port 80 the kernel on host1 is crashing immediately.
Created attachment 293422 [details] x86_64 crash log for 2.6.23.14-107.fc8 Here is the crash log of kernel 2.6.23.14-107.fc8 on my x86_64 system. The i386 system seems to be ok, but on x86_64 there is still a problem after starting the ftp server and using 'echo "quit" | telnet test-system 80' several times.
The 2.6.24-7.fc9 seems to be ok on i686, but not on x86_64. The first telnet to port 80 is reulting in a crash. Should I open another bug for this one against rawhide?
huh, #SS fault: 0: 48 f7 45 78 80 01 00 testq $0x180,0x78(%rbp) 7: 00 8: 74 4c je 0x56 a: 48 c7 c7 e0 18 28 88 mov $0xffffffff882818e0,%rdi %rbp has a bogus (non-canonical) address. On i386 there is no such test possible so it will just dereference the address if it is mapped. The register contains 8 valid ASCII chars: "salcf x\"
Fixed in 2.6.23.14-134
kernel-2.6.23.15-137.fc8 has been submitted as an update for Fedora 8
kernel-2.6.23.15-137.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.