https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=68 ------- Additional Comments From laforge@netfilter.org 2003-03-20 10:55 ------- This looks strange. The BUG in slab.c tells us that there is a GFP_ATOMIC missing. This means that we are allocating kernel memory from softirq context with only GFP_KERNEL. If I understand your backtrace correctly, what happens is: - you are reloading a ruleset via setsockopt() from userspace - the kernel then suddenly receives a packet and processes it (because the stack shows ip_conntrack code) - after resuming the sockopt, it tries to allocate the new memory and fails. but allocation of the memory happens in syscall context... why would it need GFP_ATOMIC? *sigh*. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=68 ------- Additional Comments From nolife@sigsegv.cc 2003-03-20 11:22 ------- Hi, I've never programmed in kernelspace, so i lack experience. Is this a problem on my side? I'm using newest POM and newest stable iptables release. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=68 ------- Additional Comments From laforge@netfilter.org 2003-03-20 12:23 ------- What is current/latest pom? Which particular version? If CVS, of which day? There are 113 patches in patch-o-matic. Which patches did you apply? We really need as much info as possible!!! ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=68
------- Additional Comments From nolife@sigsegv.cc 2003-03-20 13:35 -------
Hi,
Version is 1.2.7a not cvs, it's a production server.
I had it with those:
patch-o-matic-20030107
patch-o-matic-20020825
Here the applied patches on this box:
Already applied: submitted/2.4.18
submitted/ahesp-static
submitted/arptables
submitted/conntrack+nat-helper-unregister
submitted/conntrack
submitted/dscp
submitted/DSCP
submitted/ecn
submitted/ECN
submitted/helper
submitted/ip6tables-export-symbols
submitted/ip_conntrack_protocol_unregister
submitted/ip_nat_irc-srcaddr-fix
submitted/ipt_MIRROR-ttl
submitted/ipt_REJECT-checkentry
submitted/ipt_unclean-ecn
submitted/ipv6-agr-ipv6
submitted/irc-dcc-mask
submitted/length-ipv6
submitted/local-nat
submitted/macro-trailing-semicolon-fix
submitted/mangle5hooks
submitted/nat-export_symbols
submitted/nat-memoryleak-fix
submitted/netfilter-arp
submitted/ownercmd
submitted/pkttype
submitted/REJECT-dont_fragment
submitted/REJECT_mark
submitted/skb_clone_copy
submitted/TOS-oops-fix
submitted/ulog-module-unload
submitted/z-newnat16
base/iplimit
base/mport
base/NETMAP
base/nth
base/psd
base/quota
base/random
base/REJECT-ipv6
base/time
base/TTL
extra/recent
extra/string
But i had the problems with most combination of patches as i have it for months
on most boxes i install.
All have recent and string from the extras.
My loaded modules:
ipt_string 2560 16 (autoclean)
ipt_recent 13184 34 (autoclean)
ipt_psd 43648 3 (autoclean)
ipt_MASQUERADE 2240 2 (autoclean)
ipt_state 1088 3 (autoclean)
ipt_REJECT 3616 2 (autoclean)
ipt_ULOG 4608 44 (autoclean)
ipt_limit 1664 30 (autoclean)
iptable_mangle 2816 0 (autoclean) (unused)
iptable_filter 2400 1 (autoclean)
ip_nat_ftp 4096 0 (unused)
iptable_nat 20212 2 [ipt_MASQUERADE ip_nat_ftp]
ip_tables 14336 13 [ipt_string ipt_recent ipt_psd ipt_MASQUERADE
ipt_state ipt_REJECT ipt_ULOG ipt_limit iptable_mangle iptable_filter
iptable_nat]
ip_conntrack_ftp 5120 1 [ip_nat_ftp]
ip_conntrack 27628 3 [ipt_MASQUERADE ipt_state ip_nat_ftp
iptable_nat ip_conntrack_ftp]
floppy 58848 0 (autoclean)
Whatever causes my problem it is not fixed in the latest patch and seems to be
present for some long time now.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=68
laforge@netfilter.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
------- Additional Comments From laforge@netfilter.org 2003-03-29 09:50 -------
I have to dig into this. The question is why does this bug only occur at your
site. Nobody else has reported a similar bug, so there has to be something
special/particular about your configuration or setup which triggers the bug.
As of now, I don't really know where to start, since I'm unable to
reproduce
this oops :(
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=68 ------- Additional Comments From nolife@sigsegv.cc 2003-03-31 11:19 ------- Hi, ye i know it's weird!:| I am not able to "trigger" it somehow, i can only say that it usually only happens when the firewall loads from remote and that it doe snot crash anymore when it was loaded from console (but not allways:|). Maybe i should compile iptables into the kernel? I got it completely as module yet. Do you have any idea how to prevent the kernelpanic? Like a few steps i should do before reloading the firewall? (The kernelpanic dump tells you much more than me i think) ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=68 ------- Additional Comments From laforge@netfilter.org 2003-04-14 09:56 ------- the only try would be replacing all 'vmalloc(x)' calls in net/ipv4/netfilter/ip_tables.c to 'kmalloc(x,GFP_KERNEL)' (and change the 'vfree()' calls to 'kfree()'). If you think you would like to try that change, feel free to go ahead and report back to me. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.