Begin forwarded message:

Date: Fri, 14 Oct 2005 02:51:20 -0700
From: bugme-daemon@kernel-bugs.osdl.org
To: bugme-new@lists.osdl.org
Subject: [Bugme-new] [Bug 5438] New: kernel BUG/Oops triggered by conntrack (nfnetlink)


http://bugzilla.kernel.org/show_bug.cgi?id=5438

           Summary: kernel BUG/Oops triggered by conntrack (nfnetlink)
    Kernel Version: 2.6.14-rc4
            Status: NEW
          Severity: normal
             Owner: laforge@gnumonks.org
         Submitter: olel@ans.pl


Distribution: Slackware

Problem Description:

I have just installed conntrack 0.81+libnfnetlink-0.0.10+libnfnetlink_conntrack
(/usr/lib) forgetting to remove old version of libnfnetlink from /usr/local/bin:

# ldd /usr/bin/conntrack
        linux-gate.so.1 =>  (0xffffe000)
        libnfnetlink_conntrack.so.0 => /usr/lib/libnfnetlink_conntrack.so.0
(0xb7fa6000)
        libnfnetlink.so.0 => /usr/local/lib/libnfnetlink.so.0 (0xb7fa2000)
        libdl.so.2 => /lib/tls/libdl.so.2 (0xb7f9e000)
        libc.so.6 => /lib/tls/libc.so.6 (0xb7e82000)
        /lib/ld-linux.so.2 (0xb7fb2000)

Running conntrack -L triggers kernel BUG & Oops.

Two crashlogs from two different kernel runs:

#1:
------------[ cut here ]------------
kernel BUG at kernel/sched.c:2819!
invalid operand: 0000 [#1]
PREEMPT 
Modules linked in: bonding
CPU:    0
EIP:    0060:[<c011a828>]    Not tainted VLI
EFLAGS: 00010082   (2.6.14-rc4) 
EIP is at add_preempt_count+0x28/0x40
eax: c03e1fd5   ebx: c15c9a54   ecx: 00000001   edx: dcc92000
esi: c15c7460   edi: 00000292   ebp: dcc92000   esp: dcc92000
ds: 007b   es: 007b   ss: 0068
Process conntrack (pid: 255, threadinfo=dcc91000 task=dd3860b0)
Stack: 
Call Trace:
 =======================
 [<c03b38b0>] sock_rfree+0x0/0x20
 [<c03b3860>] sock_wfree+0x0/0x50
 [<c03b3860>] sock_wfree+0x0/0x50
 [<c03b3860>] sock_wfree+0x0/0x50
 [<c03b3860>] sock_wfree+0x0/0x50
 [<c03b3860>] sock_wfree+0x0/0x50
 [<c03b3860>] sock_wfree+0x0/0x50
 =======================
Unable to handle kernel NULL pointer dereference at virtual address 00000018
 printing eip:
c0103f2e
*pde = 00000000
Oops: 0000 [#2]
PREEMPT 
Modules linked in: bonding
CPU:    0
EIP:    0060:[<c0103f2e>]    Not tainted VLI
EFLAGS: 00010097   (2.6.14-rc4) 
EIP is at show_trace+0x2e/0x90
eax: 00000ffd   ebx: 00000018   ecx: 00000000   edx: 00000001
esi: 00000018   edi: 00000000   ebp: 00000068   esp: dcc91e60
ds: 007b   es: 007b   ss: 0068
Process conntrack (pid: 255, threadinfo=dcc91000 task=dd3860b0)
Stack: c04f034e c03b3860 dcc92000 00000000 00000000 c0104010 00000000 dcc92000 
       c063c760 dcc91fcc 00000000 c01041af 00000000 dcc92000 000000ff dcc91000 
       dd3860b0 00010082 c05634a2 00000001 00000000 dcc91fcc c04f043e dcc92000 
Call Trace:
 [<c03b3860>] sock_wfree+0x0/0x50
 [<c0104010>] show_stack+0x80/0xa0
 [<c01041af>] show_registers+0x15f/0x1d0
 [<c01043c7>] die+0xf7/0x1a0
 [<c0104720>] do_invalid_op+0x0/0xd0
 [<c01047d2>] do_invalid_op+0xb2/0xd0
 [<c011a828>] add_preempt_count+0x28/0x40
 [<c0103ccf>] error_code+0x4f/0x54
 [<c03e1fd5>] netlink_sendskb+0x25/0x60
 [<c011a828>] add_preempt_count+0x28/0x40
Code: 83 ec 08 8b 5c 24 1c 89 df 89 de 81 e7 00 f0 ff ff 8d b6 00 00 00 00 8d bf
 00 00 00 00 39 fe 76 49 8d 87 fd 0f 00 00 39 c6 73 3f <8b> 1e 83 c6 04 89 1c 24
 e8 c5 c4 02 00 85 c0 74 e1 89 5c 24 04 
 <6>note: conntrack[255] exited with preempt_count 3
Unable to handle kernel paging request at virtual address 08a80920
 printing eip:
c0120a9c
*pde = 00000000
Oops: 0002 [#3]
PREEMPT 
Modules linked in: bonding
CPU:    0
EIP:    0060:[<c0120a9c>]    Not tainted VLI
EFLAGS: 00010246   (2.6.14-rc4) 
EIP is at do_exit+0x1ec/0x490
eax: 08a80840   ebx: 08a80840   ecx: 00000001   edx: dcc91000
esi: dd3860b0   edi: dcc91000   ebp: 0000000b   esp: dcc91d68
ds: 007b   es: 007b   ss: 0068
Process conntrack (pid: 255, threadinfo=dcc91000 task=dd3860b0)
Stack: dffeea80 c0660af8 000000ff 00000003 00000001 dcc91000 dcc91e2c c04f1b53 
       0000000e c010446f dd3860b0 00000001 dcc91da0 00000002 dcc91e2c c04f1b53 
       00000000 000000ff 0000000b 0000000e c04f1af1 00000018 00000000 0000000e 
Call Trace:
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0103f2e>] show_trace+0x2e/0x90
 [<c03b3860>] sock_wfree+0x0/0x50
 [<c0104010>] show_stack+0x80/0xa0
 [<c01041af>] show_registers+0x15f/0x1d0
 [<c01043c7>] die+0xf7/0x1a0
 [<c0104720>] do_invalid_op+0x0/0xd0
 [<c01047d2>] do_invalid_op+0xb2/0xd0
 [<c011a828>] add_preempt_count+0x28/0x40
 [<c0103ccf>] error_code+0x4f/0x54
 [<c03e1fd5>] netlink_sendskb+0x25/0x60
 [<c011a828>] add_preempt_count+0x28/0x40
Code: 00 85 c0 0f 85 00 01 00 00 8b 46 04 8b 40 04 8b 58 24 85 db 74 40 b8 01 00
 00 00 e8 6f 9d ff ff e8 3a 7b 15 00 c1 e0 05 8d 04 18 <ff> 88 e0 00 00 00 83 3b
 02 0f 84 bf 00 00 00 b8 01 00 00 00 e8 
 <1>Fixing recursive fault but reboot is needed!
scheduling while atomic: conntrack/0x00000004/255
 [<c04b1f12>] schedule+0x632/0x640
 [<c0105509>] do_IRQ+0x59/0x80
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0120a9c>] do_exit+0x1ec/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0103f2e>] show_trace+0x2e/0x90
 [<c03b3860>] sock_wfree+0x0/0x50
 [<c0104010>] show_stack+0x80/0xa0
 [<c01041af>] show_registers+0x15f/0x1d0
 [<c01043c7>] die+0xf7/0x1a0
 [<c0104720>] do_invalid_op+0x0/0xd0
 [<c01047d2>] do_invalid_op+0xb2/0xd0
 [<c011a828>] add_preempt_count+0x28/0x40
 [<c0103ccf>] error_code+0x4f/0x54
 [<c03e1fd5>] netlink_sendskb+0x25/0x60
 [<c011a828>] add_preempt_count+0x28/0x40



#2:
------------[ cut here ]------------
kernel BUG at kernel/sched.c:2819!
invalid operand: 0000 [#1]
PREEMPT 
Modules linked in: bonding
CPU:    0
EIP:    0060:[<c011a828>]    Not tainted VLI
EFLAGS: 00010082   (2.6.14-rc4) 
EIP is at add_preempt_count+0x28/0x40
eax: c03e1fd5   ebx: c15c9a54   ecx: 00000001   edx: dccb0000
esi: dfb3de00   edi: 00000292   ebp: dccb0000   esp: dccb0000
ds: 007b   es: 007b   ss: 0068
Process dircolors (pid: 253, threadinfo=dccaf000 task=dd3e70b0)
Stack: 
Call Trace:
 =======================
 [<c03b38b0>] sock_rfree+0x0/0x20
Code: 74 26 00 55 89 c1 ba 00 f0 ff ff 21 e2 8b 42 14 89 e5 85 c0 78 15 01 c8 3c
f4 89 42 14 77 02 5d c3 0f 0b 08 0b b7 
1e 4f c0 eb f4 <0f> 0b 03 0b b7 1e 4f c0 eb e1 8d b4 26 00 00 00 00 8d bc 27 00 
 <1>Fixing recursive fault but reboot is needed!
Unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
c0119a76
*pde = 00000000
Oops: 0002 [#2]
PREEMPT 
Modules linked in: bonding
CPU:    0
EIP:    0060:[<c0119a76>]    Not tainted VLI
EFLAGS: 00010086   (2.6.14-rc4) 
EIP is at dequeue_task+0x16/0x50
eax: 00000000   ebx: dd3e70d0   ecx: dd3e70b0   edx: dd3e70b0
esi: 00000000   edi: dccaf000   ebp: dccafe38   esp: dccafe30
ds: 007b   es: 007b   ss: 0068
Process dircolors (pid: 253, threadinfo=dccaf000 task=dd3e70b0)
Stack: dd3e70b0 dd3e70b0 dccafe4c c0119d80 dd3e70b0 00000000 dd3e70b0 dccafe94 
       c04b1a20 dd3e70b0 c063b9e0 00000001 dccafe7c 00000046 dccafe7c dccafe90 
       00000000 0bebc200 52f4aa00 000f4276 dd3e70b0 dd3e71d8 dccaf000 dd3e70b0 
Call Trace:
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c0104720>] do_invalid_op+0x0/0xd0
 [<c01047d2>] do_invalid_op+0xb2/0xd0
 [<c011a828>] add_preempt_count+0x28/0x40
 [<c0103ccf>] error_code+0x4f/0x54
 [<c03e1fd5>] netlink_sendskb+0x25/0x60
 [<c011a828>] add_preempt_count+0x28/0x40
Code: 00 29 d0 8d 04 80 eb e8 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 89 e5 83
ec 08 89 74 24 04 8b 55 08 8b 75 0c 89 
1c 24 8d 5a 20 <ff> 0e 8b 42 20 8b 4b 04 89 01 89 48 04 c7 43 04 00 02 20 00 8b 
 <1>Fixing recursive fault but reboot is needed!
Unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
c0119a76
*pde = 00000000
Oops: 0002 [#3]
PREEMPT 
Modules linked in: bonding
CPU:    0
EIP:    0060:[<c0119a76>]    Not tainted VLI
EFLAGS: 00010096   (2.6.14-rc4) 
EIP is at dequeue_task+0x16/0x50
eax: 00000000   ebx: dd3e70d0   ecx: dd3e70b0   edx: dd3e70b0
esi: 00000000   edi: dccaf000   ebp: dccafcd4   esp: dccafccc
ds: 007b   es: 007b   ss: 0068
Process dircolors (pid: 253, threadinfo=dccaf000 task=dd3e70b0)
Stack: dd3e70b0 dd3e70b0 dccafce8 c0119d80 dd3e70b0 00000000 dd3e70b0 dccafd30 
       c04b1a20 dd3e70b0 c063b9e0 00000001 dccafd18 00000046 dccafd18 dccafd2c 
       00000000 0bebc200 5bd63940 000f4276 dd3e70b0 dd3e71d8 dccaf000 dd3e70b0 
Call Trace:
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c0104720>] do_invalid_op+0x0/0xd0
 [<c01047d2>] do_invalid_op+0xb2/0xd0
 [<c011a828>] add_preempt_count+0x28/0x40
 [<c0103ccf>] error_code+0x4f/0x54
 [<c03e1fd5>] netlink_sendskb+0x25/0x60
 [<c011a828>] add_preempt_count+0x28/0x40
Code: 00 29 d0 8d 04 80 eb e8 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 89 e5 83
ec 08 89 74 24 04 8b 55 08 8b 75 0c 89 
1c 24 8d 5a 20 <ff> 0e 8b 42 20 8b 4b 04 89 01 89 48 04 c7 43 04 00 02 20 00 8b 
 <1>Fixing recursive fault but reboot is needed!
Unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
c0119a76
*pde = 00000000
Oops: 0002 [#4]
PREEMPT 
Modules linked in: bonding
CPU:    0
EIP:    0060:[<c0119a76>]    Not tainted VLI
EFLAGS: 00010092   (2.6.14-rc4) 
EIP is at dequeue_task+0x16/0x50
eax: 00000000   ebx: dd3e70d0   ecx: dd3e70b0   edx: dd3e70b0
esi: 00000000   edi: dccaf000   ebp: dccafb70   esp: dccafb68
ds: 007b   es: 007b   ss: 0068
Process dircolors (pid: 253, threadinfo=dccaf000 task=dd3e70b0)
Stack: dd3e70b0 dd3e70b0 dccafb84 c0119d80 dd3e70b0 00000000 dd3e70b0 dccafbcc 
       c04b1a20 dd3e70b0 c063b9e0 00000001 dccafbb4 00000046 dccafbb4 dccafbc8 
       00000000 0bebc200 66be9500 000f4276 dd3e70b0 dd3e71d8 dccaf000 dd3e70b0 
Call Trace:
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c0104720>] do_invalid_op+0x0/0xd0
 [<c01047d2>] do_invalid_op+0xb2/0xd0
 [<c011a828>] add_preempt_count+0x28/0x40
 [<c0103ccf>] error_code+0x4f/0x54
 [<c03e1fd5>] netlink_sendskb+0x25/0x60
 [<c011a828>] add_preempt_count+0x28/0x40
Code: 00 29 d0 8d 04 80 eb e8 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 89 e5 83
ec 08 89 74 24 04 8b 55 08 8b 75 0c 89 
1c 24 8d 5a 20 <ff> 0e 8b 42 20 8b 4b 04 89 01 89 48 04 c7 43 04 00 02 20 00 8b 
 <1>Fixing recursive fault but reboot is needed!
Unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
c0119a76
*pde = 00000000
Oops: 0002 [#5]
PREEMPT 
Modules linked in: bonding
CPU:    0
EIP:    0060:[<c0119a76>]    Not tainted VLI
EFLAGS: 00010082   (2.6.14-rc4) 
EIP is at dequeue_task+0x16/0x50
eax: 00000000   ebx: dd3e70d0   ecx: dd3e70b0   edx: dd3e70b0
esi: 00000000   edi: dccaf000   ebp: dccafa0c   esp: dccafa04
ds: 007b   es: 007b   ss: 0068
Process dircolors (pid: 253, threadinfo=dccaf000 task=dd3e70b0)
Stack: dd3e70b0 dd3e70b0 dccafa20 c0119d80 dd3e70b0 00000000 dd3e70b0 dccafa68 
       c04b1a20 dd3e70b0 c063b9e0 00000001 dccafa50 00000046 dccafa50 dccafa64 
       00000000 0bebc200 73adbd40 000f4276 dd3e70b0 dd3e71d8 dccaf000 dd3e70b0 
Call Trace:
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c0104720>] do_invalid_op+0x0/0xd0
 [<c01047d2>] do_invalid_op+0xb2/0xd0
 [<c011a828>] add_preempt_count+0x28/0x40
 [<c0103ccf>] error_code+0x4f/0x54
 [<c03e1fd5>] netlink_sendskb+0x25/0x60
 [<c011a828>] add_preempt_count+0x28/0x40
Code: 00 29 d0 8d 04 80 eb e8 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 89 e5 83
ec 08 89 74 24 04 8b 55 08 8b 75 0c 89 
1c 24 8d 5a 20 <ff> 0e 8b 42 20 8b 4b 04 89 01 89 48 04 c7 43 04 00 02 20 00 8b 
 <1>Fixing recursive fault but reboot is needed!
Unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
c0119a76
*pde = 00000000
Oops: 0002 [#6]
PREEMPT 
Modules linked in: bonding
CPU:    0
EIP:    0060:[<c0119a76>]    Not tainted VLI
EFLAGS: 00010086   (2.6.14-rc4) 
EIP is at dequeue_task+0x16/0x50
eax: 00000000   ebx: dd3e70d0   ecx: dd3e70b0   edx: dd3e70b0
esi: 00000000   edi: dccaf000   ebp: dccaf8a8   esp: dccaf8a0
ds: 007b   es: 007b   ss: 0068
Process dircolors (pid: 253, threadinfo=dccaf000 task=dd3e70b0)
Stack: dd3e70b0 dd3e70b0 dccaf8bc c0119d80 dd3e70b0 00000000 dd3e70b0 dccaf904 
       c04b1a20 dd3e70b0 c063b9e0 00000001 dccaf8ec 00000046 dccaf8ec dccaf900 
       00000000 0bebc200 82b2f440 000f4276 dd3e70b0 dd3e71d8 dccaf000 dd3e70b0 
Call Trace:
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c0104720>] do_invalid_op+0x0/0xd0
 [<c01047d2>] do_invalid_op+0xb2/0xd0
 [<c011a828>] add_preempt_count+0x28/0x40
 [<c0103ccf>] error_code+0x4f/0x54
 [<c03e1fd5>] netlink_sendskb+0x25/0x60
 [<c011a828>] add_preempt_count+0x28/0x40
Code: 00 29 d0 8d 04 80 eb e8 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 89 e5 83
ec 08 89 74 24 04 8b 55 08 8b 75 0c 89 
1c 24 8d 5a 20 <ff> 0e 8b 42 20 8b 4b 04 89 01 89 48 04 c7 43 04 00 02 20 00 8b 
 <1>Fixing recursive fault but reboot is needed!
Unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
c0119a76
*pde = 00000000
Oops: 0002 [#7]
PREEMPT 
Modules linked in: bonding
CPU:    0
EIP:    0060:[<c0119a76>]    Not tainted VLI
EFLAGS: 00010096   (2.6.14-rc4) 
EIP is at dequeue_task+0x16/0x50
eax: 00000000   ebx: dd3e70d0   ecx: dd3e70b0   edx: dd3e70b0
esi: 00000000   edi: dccaf000   ebp: dccaf744   esp: dccaf73c
ds: 007b   es: 007b   ss: 0068
Process dircolors (pid: 253, threadinfo=dccaf000 task=dd3e70b0)
Stack: dd3e70b0 dd3e70b0 dccaf758 c0119d80 dd3e70b0 00000000 dd3e70b0 dccaf7a0 
       c04b1a20 dd3e70b0 c063b9e0 00000001 dccaf788 00000046 dccaf788 dccaf79c 
       00000000 0bebc200 93dd7c40 000f4276 dd3e70b0 dd3e71d8 dccaf000 dd3e70b0 
Call Trace:
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c04b3a7e>] do_page_fault+0x2ee/0x623
 [<c0105509>] do_IRQ+0x59/0x80
 [<c04b3790>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0119a76>] dequeue_task+0x16/0x50
 [<c0119d80>] deactivate_task+0x20/0x30
 [<c04b1a20>] schedule+0x140/0x640
 [<c0120cb9>] do_exit+0x409/0x490
 [<c010446f>] die+0x19f/0x1a0
 [<c0104720>] do_invalid_op+0x0/0xd0
 [<c01047d2>] do_invalid_op+0xb2/0xd0
 [<c011a828>] add_preempt_count+0x28/0x40
 [<c0103ccf>] error_code+0x4f/0x54
 [<c03e1fd5>] netlink_sendskb+0x25/0x60
 [<c011a828>] add_preempt_count+0x28/0x40
Code: 00 29 d0 8d 04 80 eb e8 8d b6 00 00 00 00 8d bc 27 00 00 00 00 55 89 e5 83
ec 08 89 74 24 04 8b 55 08 8b 75 0c 89 
1c 24 8d 5a 20 <ff> 0e 8b 42 20 8b 4b 04 89 01 89 48 04 c7 43 04 00 02 20 00 8b 
 <1>Fixing recursive fault but reboot is needed!
Unable to handle kernel NULL pointer dereference at virtual address 00000000
 printing eip:
c0119a76
*pde = 00000000
(...)
Steps to reproduce:
Run conntrack (conntrack-tool) with old version of libnfnetlink (Apr 18)

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

Andrew Morton <akpm@osdl.org> wrote:
 
> #1:
> ------------[ cut here ]------------
> kernel BUG at kernel/sched.c:2819!
> invalid operand: 0000 [#1]
> PREEMPT 
> Modules linked in: bonding
> CPU:    0
> EIP:    0060:[<c011a828>]    Not tainted VLI
> EFLAGS: 00010082   (2.6.14-rc4) 
> EIP is at add_preempt_count+0x28/0x40
> eax: c03e1fd5   ebx: c15c9a54   ecx: 00000001   edx: dcc92000
> esi: c15c7460   edi: 00000292   ebp: dcc92000   esp: dcc92000

Looks like stack overflow.  Please try DEBUG_STACKOVERFLOW to
see if we can narrow it down further.

Alternatively give us a sequence of commands that can reproduce
this consistently.

Cheers,

OK. Now I have:

$ zcat /proc/config.gz|grep CONFIG_DEBU |grep -v ^#
CONFIG_DEBUG_KERNEL=y
CONFIG_DEBUG_SLAB=y
CONFIG_DEBUG_PREEMPT=y
CONFIG_DEBUG_BUGVERBOSE=y
CONFIG_DEBUG_STACKOVERFLOW=y

However, BUG/Oops looks very simmilar.

------------[ cut here ]------------
kernel BUG at kernel/sched.c:2837!
invalid operand: 0000 [#1]
PREEMPT 
Modules linked in: bonding
CPU:    0
EIP:    0060:[<c011a86b>]    Not tainted VLI
EFLAGS: 00010046   (2.6.14-rc5) 
EIP is at sub_preempt_count+0x2b/0x40
eax: df6ec000   ebx: c056a8ec   ecx: 00000000   edx: 00000001
esi: 00000000   edi: 00000092   ebp: df6ecf84   esp: df6ecf84
ds: 007b   es: 007b   ss: 0068
Process cd193c40938a440be24c953 (pid: 842555960, threadinfo=df6ec000 task=c18310
ea)
Stack: c04b778c c013b7ed c483ffff 74c08510 0000c607 c04b778c 0000000e c04f5d8e 
       530cecfb c01303e8 c04b778c c04b9200 c04b778c df6ed028 c01163e6 c04b778c 
       00663738 c04b78fc df6ed028 0000000d df6ecff4 c389ffff 00030001 89db85ff 
Call Trace:
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c013b7ed>] search_module_extables+0x6d/0xc0
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c01303e8>] search_exception_tables+0x38/0x40
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c01163e6>] fixup_exception+0x16/0x40
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c04b78fc>] do_page_fault+0x20c/0x623
 =======================
Unable to handle kernel paging request at virtual address e9000030
 printing eip:
c0103f6d
*pde = 00000000
Oops: 0000 [#2]
PREEMPT 
Modules linked in: bonding
CPU:    0
EIP:    0060:[<c0103f6d>]    Not tainted VLI
EFLAGS: 00010046   (2.6.14-rc5) 
EIP is at show_trace+0x6d/0x90
eax: 0000001c   ebx: e9000000   ecx: 00000000   edx: 00000001
esi: e9000000   edi: e9000000   ebp: 00000068   esp: df6ecde4
ds: 007b   es: 007b   ss: 0068
Process cd193c40938a440be24c953 (pid: 842555960, threadinfo=df6ec000 task=c18310
ea)
Stack: c04f45ce c04b78fc df6ecfe4 00000018 00000000 c0104010 00000000 df6ecf84 
       c063f760 df6ecf50 00000000 c01041af 00000000 df6ecf84 32386238 df6ec000 
       c18310ea 00010046 c05674a2 00000001 00000000 df6ecf50 c04f46be df6ecf84 
Call Trace:
 [<c04b78fc>] do_page_fault+0x20c/0x623
 [<c0104010>] show_stack+0x80/0xa0
 [<c01041af>] show_registers+0x15f/0x1d0
 [<c01043c7>] die+0xf7/0x1a0
 [<c0104720>] do_invalid_op+0x0/0xd0
 [<c01047d2>] do_invalid_op+0xb2/0xd0
 [<c011a86b>] sub_preempt_count+0x2b/0x40
 [<c0103ccf>] error_code+0x4f/0x54
 [<c011a86b>] sub_preempt_count+0x2b/0x40
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c013b7ed>] search_module_extables+0x6d/0xc0
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c01303e8>] search_exception_tables+0x38/0x40
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c01163e6>] fixup_exception+0x16/0x40
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c04b78fc>] do_page_fault+0x20c/0x623
 =======================
Unable to handle kernel paging request at virtual address e9000030
 printing eip:
c0103f6d
*pde = 00000000
Recursive die() failure, output suppressed
 <1>Unable to handle kernel paging request at virtual address 006637c8
 printing eip:
c013d96b
*pde = 00000000
Oops: 0000 [#3]
PREEMPT 
Modules linked in: bonding
CPU:    0
EIP:    0060:[<c013d96b>]    Not tainted VLI
EFLAGS: 00010002   (2.6.14-rc5) 
EIP is at acct_update_integrals+0x2b/0x70
eax: 63326239   ebx: 3000fcd3   ecx: c18310ea   edx: c062c000
esi: 00663738   edi: 00000000   ebp: c062cf80   esp: c062cf68
ds: 007b   es: 007b   ss: 0068
Process cd193c40938a440be24c953 (pid: 842555960, threadinfo=c062c000 task=c18310
ea)
Stack: 00000000 c18310ea c011a424 c18310ea c18310ea 00000000 00000000 c012760c 
       c18310ea 00010000 00000001 df6ecbac 00000000 df6ecbac c0107fe2 00000000 
       c05692c0 c013ece0 00000000 00000000 df6ecbac 00000000 00000000 00000000 
Call Trace:
 [<c011a424>] account_system_time+0x44/0xb0
 [<c012760c>] update_process_times+0x12c/0x140
 [<c0107fe2>] timer_interrupt+0x42/0xd0
 [<c013ece0>] handle_IRQ_event+0x30/0x70
 [<c013edab>] __do_IRQ+0x8b/0x120
 [<c0105511>] do_IRQ+0x61/0xb0
 =======================
 [<c0103be2>] common_interrupt+0x1a/0x20
 [<c01043e3>] die+0x113/0x1a0
 [<c0103f6d>] show_trace+0x6d/0x90
 [<c01303e8>] search_exception_tables+0x38/0x40
 [<c04b79de>] do_page_fault+0x2ee/0x623
 [<c04b76f0>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0103f6d>] show_trace+0x6d/0x90
 [<c04b78fc>] do_page_fault+0x20c/0x623
 [<c0104010>] show_stack+0x80/0xa0
 [<c01041af>] show_registers+0x15f/0x1d0
 [<c01043c7>] die+0xf7/0x1a0
 [<c04b79de>] do_page_fault+0x2ee/0x623
 [<c04b76f0>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0103f6d>] show_trace+0x6d/0x90
 [<c04b78fc>] do_page_fault+0x20c/0x623
 [<c0104010>] show_stack+0x80/0xa0
 [<c01041af>] show_registers+0x15f/0x1d0
 [<c01043c7>] die+0xf7/0x1a0
 [<c0104720>] do_invalid_op+0x0/0xd0
 [<c01047d2>] do_invalid_op+0xb2/0xd0
 [<c011a86b>] sub_preempt_count+0x2b/0x40
 [<c0103ccf>] error_code+0x4f/0x54
 [<c011a86b>] sub_preempt_count+0x2b/0x40
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c013b7ed>] search_module_extables+0x6d/0xc0
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c01303e8>] search_exception_tables+0x38/0x40
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c01163e6>] fixup_exception+0x16/0x40
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c04b78fc>] do_page_fault+0x20c/0x623
 =======================
Unable to handle kernel paging request at virtual address e9000030
 printing eip:
c0103f6d
*pde = 00000000
Oops: 0000 [#4]
PREEMPT 
Modules linked in: bonding
CPU:    0
EIP:    0060:[<c0103f6d>]    Not tainted VLI
EFLAGS: 00010046   (2.6.14-rc5) 
EIP is at show_trace+0x6d/0x90
eax: 0000001c   ebx: e9000000   ecx: 00000000   edx: 00000001
esi: e9000000   edi: e9000000   ebp: 00000068   esp: c062ce34
ds: 007b   es: 007b   ss: 0068
Process cd193c40938a440be24c953 (pid: 842555960, threadinfo=c062c000 task=c18310
ea)
Stack: c04f45ce c04b78fc c062cfc8 00000018 00000000 c0104010 00000000 c062cf68 
       c063f760 c062cf34 00000000 c01041af 00000000 c062cf68 32386238 c062c000 
       c18310ea 00010002 c05674a2 00000001 00000000 c062cf34 c04f5df0 0000000e 
Call Trace:
 [<c04b78fc>] do_page_fault+0x20c/0x623
 [<c0104010>] show_stack+0x80/0xa0
 [<c01041af>] show_registers+0x15f/0x1d0
 [<c01043c7>] die+0xf7/0x1a0
 [<c04b79de>] do_page_fault+0x2ee/0x623
 [<c02de051>] end_that_request_last+0x71/0xa0
 [<c04b76f0>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c030007b>] skge_devinit+0x13b/0x1c0
 [<c013d96b>] acct_update_integrals+0x2b/0x70
 [<c011a424>] account_system_time+0x44/0xb0
 [<c012760c>] update_process_times+0x12c/0x140
 [<c0107fe2>] timer_interrupt+0x42/0xd0
 [<c013ece0>] handle_IRQ_event+0x30/0x70
 [<c013edab>] __do_IRQ+0x8b/0x120
 [<c0105511>] do_IRQ+0x61/0xb0
 =======================
 [<c0103be2>] common_interrupt+0x1a/0x20
 [<c01043e3>] die+0x113/0x1a0
 [<c0103f6d>] show_trace+0x6d/0x90
 [<c01303e8>] search_exception_tables+0x38/0x40
 [<c04b79de>] do_page_fault+0x2ee/0x623
 [<c04b76f0>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0103f6d>] show_trace+0x6d/0x90
 [<c04b78fc>] do_page_fault+0x20c/0x623
 [<c0104010>] show_stack+0x80/0xa0
 [<c01041af>] show_registers+0x15f/0x1d0
 [<c01043c7>] die+0xf7/0x1a0
 [<c04b79de>] do_page_fault+0x2ee/0x623
 [<c04b76f0>] do_page_fault+0x0/0x623
 [<c0103ccf>] error_code+0x4f/0x54
 [<c0103f6d>] show_trace+0x6d/0x90
 [<c04b78fc>] do_page_fault+0x20c/0x623
 [<c0104010>] show_stack+0x80/0xa0
 [<c01041af>] show_registers+0x15f/0x1d0
 [<c01043c7>] die+0xf7/0x1a0
 [<c0104720>] do_invalid_op+0x0/0xd0
 [<c01047d2>] do_invalid_op+0xb2/0xd0
 [<c011a86b>] sub_preempt_count+0x2b/0x40
 [<c0103ccf>] error_code+0x4f/0x54
 [<c011a86b>] sub_preempt_count+0x2b/0x40
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c013b7ed>] search_module_extables+0x6d/0xc0
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c01303e8>] search_exception_tables+0x38/0x40
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c01163e6>] fixup_exception+0x16/0x40
 [<c04b778c>] do_page_fault+0x9c/0x623
 [<c04b78fc>] do_page_fault+0x20c/0x623
 =======================
Unable to handle kernel paging request at virtual address e9000030
 printing eip:
c0103f6d
*pde = 00000000
Recursive die() failure, output suppressed
 <0>Kernel panic - not syncing: Fatal exception in interrupt
 
Steps to reproduce:
Run "conntrack -L" (conntrack-tool) with old version of libnfnetlink (Apr 18).
I can provide compiled libraries.

I'll investigate this

Created attachment 7035 [details]
ctnetlink: Fix refcount leak ip_conntrack/nat_proto

Created attachment 7036 [details]
Fix unbalanced read_unlock_bh in ctnetlink

This problem was fixed in 2.6.14.5. It's also fixed since 2.6.15-rc1. Please,
have a look at the patches attached.

Oh... quite old bugreport. ;) OK, tested on 2.6.15. Indeed, this problem is now
solved. Conntrack linked with wrong library hangs on recvmsg:

sendto(4, "\21\0\0\0\0\1\1\0B\230\313C\0\0\0\0\2", 17, 0, {sa_family=AF_NETLINK,
pid=0, groups=00000000}, 12) = 17
recvmsg(4,  <unfinished ...>

Not sure if this is 100% correct but kernel no longer oops.

Hi, I see that Pablo post two patches for this bug, 76dbe243 and cd85228e. But I can't find them in git. Do you know the reason? Thanks!