Hi Cascardo, thank you your quick response.
- Sorry for the confusion, nfq-cpp was a dummy C++ test code which did what ./print_and_accept.py script do, listen and accept all packages. - I could not reproduce the crash neither with localhost connections (without routing) or routing through veth interfaces. sudo sysctl net.ipv4.ip_forward=1 sudo ip netns add net1 sudo ip netns add net2 sudo ip link add veth1 type veth peer name veth2 netns net1 sudo ip link add veth3 type veth peer name veth4 netns net2 sudo ip address add 192.168.100.1/24 dev veth1 sudo ip link set dev veth1 up sudo ip -netns net1 address add 192.168.100.2/24 dev veth2 sudo ip -netns net1 link set dev veth2 up sudo ip address add 192.168.200.1/24 dev veth3 sudo ip link set dev veth3 up sudo ip -netns net2 address add 192.168.200.2/24 dev veth4 sudo ip -netns net2 link set dev veth4 up sudo ip -netns net1 route add 192.168.200.0/24 via 192.168.100.1 dev veth2 sudo ip -netns net2 route add 192.168.100.0/24 via 192.168.200.1 dev veth4 sudo ip netns exec net2 nc -l 80 sudo ip netns exec net1 wget 192.168.200.2 -O - These just works fine. But suddenly when the packets should leave the box (with two "real" interfaces), there is a hiccup. To be precise, after initiating the second TCP connection. David ** Attachment added: "Crash with print_and_accept.py with "real" eth interfaces." https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1911917/+attachment/5457008/+files/linux-image-5.4.0-64-generic-202101261147.crash -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1911917 Title: Kernel general protection fault when using NFQUEUE iptables target Status in linux package in Ubuntu: Incomplete Bug description: When a packet is forwarded through an Ubuntu Focal host with kernel version 5.4.0-62-generic and NFQUEUE target is used in mangle PREROUTING and POSTROUTING, the kernel crashes. Current Focal linux- generic-hwe-20.04 kernel (5.8.0.38.43) is not affected. How to reproduce: - Set up Focal host with a packet forwarding scenario (at least two interface: client subnet -> server subnet). sudo sysctl net.ipv4.ip_forward=1 sudo apt-get install build-essential python-dev libnetfilter-queue-dev git clone https://github.com/kti/python-netfilterqueue.git cd python-netfilterqueue sudo python setup.py install cd examples sudo iptables-restore < iptables.conf.nfq # From the comment attachment sudo ./print_and_accept.py - Run packet through the host. Stack trace: [ 856.055991] general protection fault: 0000 [#1] SMP PTI [ 856.151292] CPU: 0 PID: 722 Comm: nfq-cpp Kdump: loaded Tainted: G W 5.4.0-62-generic #70-Ubuntu [ 856.152503] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 [ 856.153448] RIP: 0010:validate_xmit_skb_list+0x34/0x70 [ 856.154058] Code: 57 41 56 41 55 41 54 53 48 85 ff 74 45 49 89 ff 49 89 f4 49 89 d5 45 31 f6 eb 0c 48 89 03 48 8b 58 08 4d 85 ff 74 2e 4c 89 ff <4d> 8b 3f 4c 89 ea 4c 89 e6 48 c7 07 00 00 00 00 48 89 7f 08 e8 73 [ 856.156228] RSP: 0018:ffffa061404776d8 EFLAGS: 00010286 [ 856.156868] RAX: ffff8d1c2fa6d900 RBX: ffff8d1c2fa6d900 RCX: ffffffff9f32fd20 [ 856.157715] RDX: ffffa0614047771b RSI: 000000800013ca29 RDI: dead000000000100 [ 856.361073] RBP: ffffa06140477700 R08: ffff8d1c2fd6a8ac R09: 0000000000000001 [ 856.543925] R10: ffff8d1c30373870 R11: ffffa061404779f8 R12: ffff8d1c29afb000 [ 856.544761] R13: ffffa0614047771b R14: ffff8d1c2fa6d900 R15: dead000000000100 [ 856.545586] FS: 00007fd887366740(0000) GS:ffff8d1c3fc00000(0000) knlGS:0000000000000000 [ 856.546514] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 856.547206] CR2: 00007ffcbb2be8d8 CR3: 000000006cace001 CR4: 00000000000606f0 [ 856.548029] Call Trace: [ 856.548349] sch_direct_xmit+0x150/0x340 [ 856.548824] __dev_queue_xmit+0x57b/0x8e0 [ 856.549353] dev_queue_xmit+0x10/0x20 [ 856.549841] neigh_resolve_output+0x110/0x1c0 [ 856.550426] ip_finish_output2+0x19b/0x590 [ 856.550990] ? nf_ct_del_from_dying_or_unconfirmed_list+0x34/0x70 [nf_conntrack] [ 856.551929] __ip_finish_output+0xbf/0x1e0 [ 856.552464] ip_finish_output+0x2d/0xb0 [ 856.552972] nf_reinject+0x12e/0x200 [ 856.553452] nfqnl_reinject+0x52/0x60 [nfnetlink_queue] [ 856.554110] nfqnl_recv_verdict+0x289/0x4b0 [nfnetlink_queue] [ 856.554826] ? __nla_validate_parse+0x116/0x140 [ 856.555409] nfnetlink_rcv_msg+0x172/0x2a0 [nfnetlink] [ 856.556062] ? __switch_to_asm+0x40/0x70 [ 856.556579] ? __switch_to_asm+0x34/0x70 [ 856.681025] ? __switch_to_asm+0x40/0x70 [ 856.811662] ? __switch_to_asm+0x34/0x70 [ 856.812216] ? __switch_to_asm+0x40/0x70 [ 856.812770] ? __switch_to_asm+0x34/0x70 [ 856.813324] ? __switch_to_asm+0x40/0x70 [ 856.813879] ? __switch_to_asm+0x34/0x70 [ 856.814434] ? __switch_to_asm+0x40/0x70 [ 856.815009] ? __switch_to_asm+0x34/0x70 [ 856.815567] ? nfnetlink_net_exit_batch+0x70/0x70 [nfnetlink] [ 856.816327] netlink_rcv_skb+0x50/0x120 [ 856.816859] nfnetlink_rcv+0x6c/0x14b [nfnetlink] [ 856.817463] netlink_unicast+0x187/0x220 [ 856.817982] netlink_sendmsg+0x222/0x3e0 [ 856.818502] sock_sendmsg+0x65/0x70 [ 856.818973] ____sys_sendmsg+0x212/0x280 [ 856.819491] ___sys_sendmsg+0x88/0xd0 [ 856.820020] ? sock_recvmsg+0x70/0x80 [ 856.831151] ? __sys_recvfrom+0x19e/0x1d0 [ 856.831715] __sys_sendmsg+0x5c/0xa0 [ 856.832197] __x64_sys_sendmsg+0x1f/0x30 [ 856.832716] do_syscall_64+0x57/0x190 [ 856.833207] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 856.833848] RIP: 0033:0x7fd8875e7747 [ 856.834331] Code: 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10 [ 856.836582] RSP: 002b:00007ffcbb2be708 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 856.837563] RAX: ffffffffffffffda RBX: 00007ffcbb2be7b0 RCX: 00007fd8875e7747 [ 856.838452] RDX: 0000000000000000 RSI: 00007ffcbb2be720 RDI: 0000000000000003 [ 856.839319] RBP: 0000000000000000 R08: 0000000000000020 R09: 0000000000000301 [ 856.840276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 856.841177] R13: 000055555ca98538 R14: 0000000000000000 R15: 0000000000000000 [ 856.842044] Modules linked in: xt_NFQUEUE xt_state xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_tcpudp iptable_mangle bpfilter nfnetlink_queue nfnetlink binfmt_misc nls_iso8859_1 dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua input_leds serio_raw video sch_fq_codel drm ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel crypto_simd cryptd glue_helper ahci psmouse libahci virtio_net net_failover failover ProblemType: Bug DistroRelease: Ubuntu 20.04 Package: linux-image-5.4.0-62-generic 5.4.0-62.70 ProcVersionSignature: Ubuntu 5.4.0-62.70-generic 5.4.78 Uname: Linux 5.4.0-62-generic x86_64 AlsaDevices: total 0 crw-rw---- 1 root audio 116, 1 Jan 15 14:52 seq crw-rw---- 1 root audio 116, 33 Jan 15 14:52 timer AplayDevices: Error: [Errno 2] No such file or directory: 'aplay' ApportVersion: 2.20.11-0ubuntu27.14 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory: 'arecord' AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: N/A CasperMD5CheckResult: skip Date: Fri Jan 15 14:53:47 2021 IwConfig: Error: [Errno 2] No such file or directory: 'iwconfig' Lsusb: Error: command ['lsusb'] failed with exit code 1: Lsusb-t: Lsusb-v: Error: command ['lsusb', '-v'] failed with exit code 1: MachineType: innotek GmbH VirtualBox PciMultimedia: ProcEnviron: TERM=xterm-256color PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-5.4.0-62-generic root=PARTUUID=ea3c4873-158d-4149-ae23-45fbb3fd5869 ro console=tty1 console=ttyS0 crashkernel=512M-:192M RelatedPackageVersions: linux-restricted-modules-5.4.0-62-generic N/A linux-backports-modules-5.4.0-62-generic N/A linux-firmware N/A RfKill: Error: [Errno 2] No such file or directory: 'rfkill' SourcePackage: linux UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 12/01/2006 dmi.bios.vendor: innotek GmbH dmi.bios.version: VirtualBox dmi.board.name: VirtualBox dmi.board.vendor: Oracle Corporation dmi.board.version: 1.2 dmi.chassis.type: 1 dmi.chassis.vendor: Oracle Corporation dmi.modalias: dmi:bvninnotekGmbH:bvrVirtualBox:bd12/01/2006:svninnotekGmbH:pnVirtualBox:pvr1.2:rvnOracleCorporation:rnVirtualBox:rvr1.2:cvnOracleCorporation:ct1:cvr: dmi.product.family: Virtual Machine dmi.product.name: VirtualBox dmi.product.version: 1.2 dmi.sys.vendor: innotek GmbH To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1911917/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
