Bug 202013

Summary:	randomly crashes iptables connlimit module
Product:	Networking	Reporter:	Balazs Szilfai (balazs)
Component:	Netfilter/Iptables	Assignee:	networking_netfilter-iptables (networking_netfilter-iptables)
Status:	NEW ---
Severity:	normal	CC:	con.stan.to.ver.ride+kernel.bugzilla, harry, kernel.org
Priority:	P1
Hardware:	All
OS:	Linux
Kernel Version:	4.19.10	Subsystem:
Regression:	No	Bisected commit-id:

Description Balazs Szilfai 2018-12-17 19:35:33 UTC

[ 3821.280009] general protection fault: 0000 [#1] SMP PTI
[ 3821.280014] CPU: 3 PID: 0 Comm: swapper/3 Kdump: loaded Tainted: G           O      4.19.10 #1
[ 3821.280015] Hardware name: System manufacturer System Product Name/Z170-P, BIOS 0601 11/16/2015
[ 3821.280020] RIP: 0010:nf_conncount_lookup+0x47/0x299
[ 3821.280021] Code: 24 08 65 48 8b 04 25 28 00 00 00 48 89 44 24 18 31 c0 48 85 d2 c6 44 24 17 00 41 0f 95 00 4c 8b 7e 08 c7 44 24 04 00 00 00 00 <4d> 8b 2f 83 7c 24 04 08 0f 87 20 02 00 00 48 8d 45 08 49 39 c7 0f
[ 3821.280024] RSP: 0018:ffff88842bb83a88 EFLAGS: 00010282
[ 3821.280026] RAX: 0000000000000000 RBX: ffff8883aca95e20 RCX: ffff8883aca95e0a
[ 3821.280027] RDX: ffff8883aca95e20 RSI: ffff8884292ca498 RDI: ffffffff824a4c40
[ 3821.280028] RBP: ffff8884292ca498 R08: ffff88842bb83b1f R09: ffff8883aca95e00
[ 3821.280030] R10: ffff888425f82001 R11: 0000000000000101 R12: ffff8883aca95e0a
[ 3821.280031] R13: ffff88842bb83cd0 R14: ffff88842bb83b1f R15: 17072584292ca4a0
[ 3821.280033] FS:  0000000000000000(0000) GS:ffff88842bb80000(0000) knlGS:0000000000000000
[ 3821.280034] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3821.280035] CR2: 00007f25abdc68a0 CR3: 000000000240a001 CR4: 00000000003626e0
[ 3821.280037] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3821.280038] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3821.280039] Call Trace:
[ 3821.280041]  <IRQ>
[ 3821.280043]  nf_conncount_count+0x188/0x3c6
[ 3821.280046]  ? hash_ip4_kadt+0xba/0xd1
[ 3821.280048]  connlimit_mt+0x124/0x165
[ 3821.280050]  ? ip_set_test+0x95/0xff
[ 3821.280052]  ? set_match_v4+0x95/0xbe
[ 3821.280054]  ipt_do_table+0x27a/0x5de
[ 3821.280057]  nf_hook_slow+0x37/0x96
[ 3821.280059]  ip_local_deliver+0xa2/0xd0
[ 3821.280061]  ? ip_sublist_rcv_finish+0x53/0x53
[ 3821.280063]  ip_rcv+0x54/0xb7
[ 3821.280065]  ? ip_rcv_finish_core.isra.0+0x2e6/0x2e6
[ 3821.280067]  __netif_receive_skb_one_core+0x4d/0x69
[ 3821.280069]  netif_receive_skb_internal+0xb8/0xd7
[ 3821.280071]  napi_gro_receive+0x42/0x76
[ 3821.280074]  rtl8169_poll+0x335/0x4b7
[ 3821.280076]  net_rx_action+0xff/0x270
[ 3821.280079]  __do_softirq+0xc8/0x1e0
[ 3821.280081]  irq_exit+0x66/0xa5
[ 3821.280083]  do_IRQ+0xa9/0xc7
[ 3821.280085]  common_interrupt+0xf/0xf
[ 3821.280086]  </IRQ>
[ 3821.280088] RIP: 0010:cpuidle_enter_state+0x120/0x16d
[ 3821.280090] Code: 48 89 c3 e8 e3 09 8b ff 45 84 ff 74 12 9c 58 0f ba e0 09 73 03 0f 0b fa 31 ff e8 58 7c 8e ff fb 48 b9 ff ff ff ff f3 01 00 00 <4c> 29 e3 b8 ff ff ff 7f 48 39 cb 7f 0d 48 89 d8 b9 e8 03 00 00 48
[ 3821.280092] RSP: 0018:ffffc900000c7ea8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffdc
[ 3821.280094] RAX: ffff88842bb9f4c0 RBX: 00000379b60909d1 RCX: 000001f3ffffffff
[ 3821.280096] RDX: 00000379b60909d1 RSI: 0000000024879922 RDI: 0000000000000000
[ 3821.280097] RBP: 0000000000000006 R08: 0000000000000002 R09: 000000000001ed80
[ 3821.280098] R10: 0000000024ed2e80 R11: 00000c475e1f04f0 R12: 00000379b5d74137
[ 3821.280100] R13: ffffe8ffffd956a0 R14: ffffffff8245d918 R15: 0000000000000000
[ 3821.280102]  ? cpuidle_enter_state+0xfe/0x16d
[ 3821.280105]  do_idle+0x145/0x1b6
[ 3821.280107]  cpu_startup_entry+0x6a/0x6c
[ 3821.280109]  start_secondary+0x187/0x1a2
[ 3821.280111]  secondary_startup_64+0xa4/0xb0
[ 3821.280113] Modules linked in: xt_geoip(O) parport_pc ppdev lp

Comment 1 Balazs Szilfai 2018-12-23 10:19:41 UTC

Another machine with 4.19.12:

[45495.232991] general protection fault: 0000 [#1] SMP PTI
[45495.233006] CPU: 8 PID: 0 Comm: swapper/8 Kdump: loaded Not tainted 4.19.12 #1
[45495.233020] Hardware name: System manufacturer System Product Name/PRIME Z370-A, BIOS 0607 01/08/2018
[45495.233039] RIP: 0010:memcmp+0xb/0x1d
[45495.233047] Code: 3c c1 48 85 ff 74 10 4c 89 d6 e8 74 ff ff ff 84 c0 75 09 ff c1 eb df b9 ea ff ff ff 89 c8 c3 31 c9 48 39 d1 74 13 0f b6 04 0f <44> 0f b6 04 0e 48 ff c1 44 29 c0 74 ea eb 02 31 c0 c3 48 01 fa 48
[45495.233079] RSP: 0018:ffff88900c203a98 EFLAGS: 00010293
[45495.233089] RAX: 00000000000000b9 RBX: 000000000000004a RCX: 0000000000000000
[45495.233102] RDX: 0000000000000008 RSI: dead000000000238 RDI: ffff88900c203b7c
[45495.233116] RBP: ffff88900c203be8 R08: 0000000000000000 R09: ffff8888f70b3d00
[45495.233129] R10: ffff888fa0e42001 R11: 0000000000000001 R12: dead000000000200
[45495.233142] R13: ffff88900c203c90 R14: ffff888faf986000 R15: ffffffff824a3ac0
[45495.233155] FS:  0000000000000000(0000) GS:ffff88900c200000(0000) knlGS:0000000000000000
[45495.233170] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[45495.233181] CR2: 00007f3689f4a0a0 CR3: 000000104e40a006 CR4: 00000000003626e0
[45495.233194] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[45495.233207] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[45495.233220] Call Trace:
[45495.233226]  <IRQ>
[45495.233232]  nf_conncount_count+0x156/0x3c6
[45495.233243]  ? hash_ip4_kadt+0xba/0xd1
[45495.233252]  connlimit_mt+0x124/0x165
[45495.233260]  ? ip_set_test+0x95/0xff
[45495.233268]  ? set_match_v4+0x95/0xbe
[45495.233277]  ipt_do_table+0x27a/0x5de
[45495.233286]  nf_hook_slow+0x37/0x96
[45495.233294]  ip_local_deliver+0xa2/0xd0
[45495.233303]  ? ip_sublist_rcv_finish+0x53/0x53
[45495.233313]  ip_rcv+0x54/0xb7
[45495.233320]  ? ip_rcv_finish_core.isra.0+0x2e6/0x2e6
[45495.233331]  __netif_receive_skb_one_core+0x4d/0x69
[45495.233341]  netif_receive_skb_internal+0xb8/0xd7
[45495.233351]  napi_gro_receive+0x42/0x76
[45495.233360]  e1000_clean_rx_irq+0x286/0x2f4
[45495.233370]  e1000e_poll+0x79/0x223
[45495.233378]  net_rx_action+0xff/0x270
[45495.233387]  __do_softirq+0xc8/0x1e0
[45495.233395]  irq_exit+0x66/0xa5
[45495.233403]  do_IRQ+0xa9/0xc7
[45495.233410]  common_interrupt+0xf/0xf
[45495.233418]  </IRQ>
[45495.233424] RIP: 0010:cpuidle_enter_state+0x120/0x16d
[45495.233434] Code: 48 89 c3 e8 9b 80 8b ff 45 84 ff 74 12 9c 58 0f ba e0 09 73 03 0f 0b fa 31 ff e8 fa f3 8e ff fb 48 b9 ff ff ff ff f3 01 00 00 <4c> 29 e3 b8 ff ff ff 7f 48 39 cb 7f 0d 48 89 d8 b9 e8 03 00 00 48
[45495.233466] RSP: 0018:ffffc900000fbea8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffdd
[45495.233852] RAX: ffff88900c21f4c0 RBX: 00002960af336497 RCX: 000001f3ffffffff
[45495.234240] RDX: 00002960af336497 RSI: 0000000022a1cd05 RDI: 0000000000000000
[45495.234629] RBP: 0000000000000008 R08: 0000000000000000 R09: 000000000001ed80
[45495.235015] R10: 000000000350c700 R11: 0006e784d4099086 R12: 00002960ad4b8650
[45495.235397] R13: ffffe8ffffc158a0 R14: ffffffff8245ce38 R15: 0000000000000000
[45495.235773]  ? cpuidle_enter_state+0xfe/0x16d
[45495.236144]  do_idle+0x145/0x1b6
[45495.236499]  cpu_startup_entry+0x6a/0x6c
[45495.236843]  start_secondary+0x187/0x1a2
[45495.237178]  secondary_startup_64+0xa4/0xb0
[45495.237508] Modules linked in: pcspkr

Comment 2 KvUXxSMwi9EpO45 2019-01-05 19:09:45 UTC

see also: https://bugzilla.kernel.org/show_bug.cgi?id=202065#c2

those patches work for me so far on ArchLinux

Comment 3 Balazs Szilfai 2019-01-05 21:29:54 UTC

"No patches to display"

Comment 4 KvUXxSMwi9EpO45 2019-01-09 11:43:45 UTC

As yes that link didn't work because the filter wasn't including archived patches, try this:
https://patchwork.ozlabs.org/project/netfilter-devel/list/?series=83718&state=*&archive=both

and to download all series in 1 .patch file try clicking on the first patch in the series eg. the 1/8 one, then click the [series] button on the right - you'll get a nice netfilter-nf_conncount-rework-locking-and-memory-management.patch of 34.7K downloaded that has all 8.

Those patches are now part of v5.0-rc1 kernel:
 2) Many fixes to nf_conncount, from Florian Westphal.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43d86ee8c639df750529b4d8f062b328b61c423e

Comment 5 Reindl Harald 2019-01-13 11:45:02 UTC

fine that they are in a RC kernel while 4.19.15 and 4.20.2 in the changelog still don't mention "connlimit" or "conncount"

https://bugzilla.kernel.org/show_bug.cgi?id=202065

Pablo Neira Ayuso 2018-12-28 11:55:01 UTC
Patches for 4.20 has been posted:
https://patchwork.ozlabs.org/project/netfilter-devel/list/?series=83718

4.18.20-100.fc27.x86_64 #1 SMP Wed Nov 21 is the last useable Fedora kernel (yes, you need to run a F27 kernel on F28 or you have a stoneold 4.18 because F28 was rebased to 4.19 way too soon

are you guys aware that there was no single upstream release yu can use on Firewall system where connection limits are not just for fun?

195.648  LD_C_24
3.807    LD_C_16
369      LD_C_32

Comment 6 Reindl Harald 2019-01-16 23:24:50 UTC

WTF - still not fixed in any stable kernel?

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.16
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.3

Comment 7 Balazs Szilfai 2019-01-17 21:12:51 UTC

4.19: This is the latest longterm release, but this bug has existed since the beginning!

The connlimit module is completely useless!