Hi, @dmajor.
It looks like it isn't the python script that is causing the issue, but
a process named nfq-cpp. I wonder if there is another process running
there leading to this. Would you be able to share the nature of that
process?
I am asking because I can't reproduce with the python script. I have two
network namespaces communicating via veth through the root namespace
doing the routing, and I loaded the iptables rules on the "router", ran
the python script and things work just fine, no crashes when pinging the
other veth.
Are you able to reproduce with the scenario I described?
Thank you.
Cascardo.
** Changed in: linux (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1911917
Title:
Kernel general protection fault when using NFQUEUE iptables target
Status in linux package in Ubuntu:
Incomplete
Bug description:
When a packet is forwarded through an Ubuntu Focal host with kernel
version 5.4.0-62-generic and NFQUEUE target is used in mangle
PREROUTING and POSTROUTING, the kernel crashes. Current Focal linux-
generic-hwe-20.04 kernel (5.8.0.38.43) is not affected.
How to reproduce:
- Set up Focal host with a packet forwarding scenario (at least two
interface: client subnet -> server subnet).
sudo sysctl net.ipv4.ip_forward=1
sudo apt-get install build-essential python-dev libnetfilter-queue-dev
git clone https://github.com/kti/python-netfilterqueue.git
cd python-netfilterqueue
sudo python setup.py install
cd examples
sudo iptables-restore < iptables.conf.nfq # From the comment attachment
sudo ./print_and_accept.py
- Run packet through the host.
Stack trace:
[ 856.055991] general protection fault: 0000 [#1] SMP PTI
[ 856.151292] CPU: 0 PID: 722 Comm: nfq-cpp Kdump: loaded Tainted: G
W 5.4.0-62-generic #70-Ubuntu
[ 856.152503] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS
VirtualBox 12/01/2006
[ 856.153448] RIP: 0010:validate_xmit_skb_list+0x34/0x70
[ 856.154058] Code: 57 41 56 41 55 41 54 53 48 85 ff 74 45 49 89 ff 49 89 f4
49 89 d5 45 31 f6 eb 0c 48 89 03 48 8b 58 08 4d 85 ff 74 2e 4c 89 ff <4d> 8b 3f
4c 89 ea 4c 89 e6 48 c7 07 00 00 00 00 48 89 7f 08 e8 73
[ 856.156228] RSP: 0018:ffffa061404776d8 EFLAGS: 00010286
[ 856.156868] RAX: ffff8d1c2fa6d900 RBX: ffff8d1c2fa6d900 RCX:
ffffffff9f32fd20
[ 856.157715] RDX: ffffa0614047771b RSI: 000000800013ca29 RDI:
dead000000000100
[ 856.361073] RBP: ffffa06140477700 R08: ffff8d1c2fd6a8ac R09:
0000000000000001
[ 856.543925] R10: ffff8d1c30373870 R11: ffffa061404779f8 R12:
ffff8d1c29afb000
[ 856.544761] R13: ffffa0614047771b R14: ffff8d1c2fa6d900 R15:
dead000000000100
[ 856.545586] FS: 00007fd887366740(0000) GS:ffff8d1c3fc00000(0000)
knlGS:0000000000000000
[ 856.546514] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 856.547206] CR2: 00007ffcbb2be8d8 CR3: 000000006cace001 CR4:
00000000000606f0
[ 856.548029] Call Trace:
[ 856.548349] sch_direct_xmit+0x150/0x340
[ 856.548824] __dev_queue_xmit+0x57b/0x8e0
[ 856.549353] dev_queue_xmit+0x10/0x20
[ 856.549841] neigh_resolve_output+0x110/0x1c0
[ 856.550426] ip_finish_output2+0x19b/0x590
[ 856.550990] ? nf_ct_del_from_dying_or_unconfirmed_list+0x34/0x70
[nf_conntrack]
[ 856.551929] __ip_finish_output+0xbf/0x1e0
[ 856.552464] ip_finish_output+0x2d/0xb0
[ 856.552972] nf_reinject+0x12e/0x200
[ 856.553452] nfqnl_reinject+0x52/0x60 [nfnetlink_queue]
[ 856.554110] nfqnl_recv_verdict+0x289/0x4b0 [nfnetlink_queue]
[ 856.554826] ? __nla_validate_parse+0x116/0x140
[ 856.555409] nfnetlink_rcv_msg+0x172/0x2a0 [nfnetlink]
[ 856.556062] ? __switch_to_asm+0x40/0x70
[ 856.556579] ? __switch_to_asm+0x34/0x70
[ 856.681025] ? __switch_to_asm+0x40/0x70
[ 856.811662] ? __switch_to_asm+0x34/0x70
[ 856.812216] ? __switch_to_asm+0x40/0x70
[ 856.812770] ? __switch_to_asm+0x34/0x70
[ 856.813324] ? __switch_to_asm+0x40/0x70
[ 856.813879] ? __switch_to_asm+0x34/0x70
[ 856.814434] ? __switch_to_asm+0x40/0x70
[ 856.815009] ? __switch_to_asm+0x34/0x70
[ 856.815567] ? nfnetlink_net_exit_batch+0x70/0x70 [nfnetlink]
[ 856.816327] netlink_rcv_skb+0x50/0x120
[ 856.816859] nfnetlink_rcv+0x6c/0x14b [nfnetlink]
[ 856.817463] netlink_unicast+0x187/0x220
[ 856.817982] netlink_sendmsg+0x222/0x3e0
[ 856.818502] sock_sendmsg+0x65/0x70
[ 856.818973] ____sys_sendmsg+0x212/0x280
[ 856.819491] ___sys_sendmsg+0x88/0xd0
[ 856.820020] ? sock_recvmsg+0x70/0x80
[ 856.831151] ? __sys_recvfrom+0x19e/0x1d0
[ 856.831715] __sys_sendmsg+0x5c/0xa0
[ 856.832197] __x64_sys_sendmsg+0x1f/0x30
[ 856.832716] do_syscall_64+0x57/0x190
[ 856.833207] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 856.833848] RIP: 0033:0x7fd8875e7747
[ 856.834331] Code: 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00
f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00
f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10
[ 856.836582] RSP: 002b:00007ffcbb2be708 EFLAGS: 00000246 ORIG_RAX:
000000000000002e
[ 856.837563] RAX: ffffffffffffffda RBX: 00007ffcbb2be7b0 RCX:
00007fd8875e7747
[ 856.838452] RDX: 0000000000000000 RSI: 00007ffcbb2be720 RDI:
0000000000000003
[ 856.839319] RBP: 0000000000000000 R08: 0000000000000020 R09:
0000000000000301
[ 856.840276] R10: 0000000000000000 R11: 0000000000000246 R12:
0000000000000000
[ 856.841177] R13: 000055555ca98538 R14: 0000000000000000 R15:
0000000000000000
[ 856.842044] Modules linked in: xt_NFQUEUE xt_state xt_conntrack
nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp iptable_mangle bpfilter
nfnetlink_queue nfnetlink binfmt_misc nls_iso8859_1 dm_multipath scsi_dh_rdac
scsi_dh_emc scsi_dh_alua input_leds serio_raw video sch_fq_codel drm ip_tables
x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov
async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0
multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel
crypto_simd cryptd glue_helper ahci psmouse libahci virtio_net net_failover
failover
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: linux-image-5.4.0-62-generic 5.4.0-62.70
ProcVersionSignature: Ubuntu 5.4.0-62.70-generic 5.4.78
Uname: Linux 5.4.0-62-generic x86_64
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Jan 15 14:52 seq
crw-rw---- 1 root audio 116, 33 Jan 15 14:52 timer
AplayDevices: Error: [Errno 2] No such file or directory: 'aplay'
ApportVersion: 2.20.11-0ubuntu27.14
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord'
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq',
'/dev/snd/timer'] failed with exit code 1:
CRDA: N/A
CasperMD5CheckResult: skip
Date: Fri Jan 15 14:53:47 2021
IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig'
Lsusb: Error: command ['lsusb'] failed with exit code 1:
Lsusb-t:
Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1:
MachineType: innotek GmbH VirtualBox
PciMultimedia:
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB:
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-62-generic
root=PARTUUID=ea3c4873-158d-4149-ae23-45fbb3fd5869 ro console=tty1
console=ttyS0 crashkernel=512M-:192M
RelatedPackageVersions:
linux-restricted-modules-5.4.0-62-generic N/A
linux-backports-modules-5.4.0-62-generic N/A
linux-firmware N/A
RfKill: Error: [Errno 2] No such file or directory: 'rfkill'
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 12/01/2006
dmi.bios.vendor: innotek GmbH
dmi.bios.version: VirtualBox
dmi.board.name: VirtualBox
dmi.board.vendor: Oracle Corporation
dmi.board.version: 1.2
dmi.chassis.type: 1
dmi.chassis.vendor: Oracle Corporation
dmi.modalias:
dmi:bvninnotekGmbH:bvrVirtualBox:bd12/01/2006:svninnotekGmbH:pnVirtualBox:pvr1.2:rvnOracleCorporation:rnVirtualBox:rvr1.2:cvnOracleCorporation:ct1:cvr:
dmi.product.family: Virtual Machine
dmi.product.name: VirtualBox
dmi.product.version: 1.2
dmi.sys.vendor: innotek GmbH
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1911917/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
