Network stops working after inserting nf_conntrack.ko to kernel

Bug #1503902 reported by Ondrej Balaz on 2015-10-07
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Tim Gardner
Wily
Undecided
Tim Gardner

Bug Description

While evaluating Wily for further use I found that after random period of time Internet connection drops (while IP stack is configured properly) and system message log gets quickly filled with following messages:

Oct 07 14:06:25 hikari kernel: nf_conntrack: table full, dropping packet
Oct 07 14:06:26 hikari kernel: nf_conntrack: table full, dropping packet

Problem occurs only if I manually load nf_conntrack or related kernel modules or start Shorewall (which loads nf_conntrack obviously). Removing nf_conntrack and nf_conntrack and dependent modules fixes problem and restores Internet connection.

With older builds of linux kernel (4.1.0-*) everything works as expected.

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: linux-image-4.2.0-14-generic 4.2.0-14.16
ProcVersionSignature: Ubuntu 4.2.0-14.16-generic 4.2.2
Uname: Linux 4.2.0-14-generic x86_64
ApportVersion: 2.19.1-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: blami 1805 F.... pulseaudio
CurrentDesktop: Unity
Date: Wed Oct 7 23:56:46 2015
MachineType: LENOVO 2325DV5
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.2.0-14-generic root=UUID=ac8f53c6-5a42-45b3-aa74-4237647b3936 ro rootflags=subvol=@ quiet splash vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-4.2.0-14-generic N/A
 linux-backports-modules-4.2.0-14-generic N/A
 linux-firmware 1.148
SourcePackage: linux
UdevLog: Error: [Errno 2] No such file or directory: '/var/log/udev'
UpgradeStatus: No upgrade log present (probably fresh install)
WifiSyslog:

dmi.bios.date: 03/05/2013
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ETA0WW (2.60 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2325DV5
dmi.board.vendor: LENOVO
dmi.board.version: Not Defined
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvrG2ETA0WW(2.60):bd03/05/2013:svnLENOVO:pn2325DV5:pvrThinkPadX230:rvnLENOVO:rn2325DV5:rvrNotDefined:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2325DV5
dmi.product.version: ThinkPad X230
dmi.sys.vendor: LENOVO

Ondrej Balaz (blami) wrote :
Ondrej Balaz (blami) wrote :

After some Internet research it seems this issue is already fixed in mainline kernel:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9cf94eab8b309e8bcc78b41dd1561c75b537dd0b

I will try to cherry-pick to latest ubuntu kernel and report back the results.

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
dino99 (9d9) wrote :

Has expirienced the same problem yesterday with the 4.2.0-15 kernel : the speed drop down to < 50 Kb/s, when it is usually around 1 Mb/s

Tim Gardner (timg-tpi) wrote :

Applied f99c8031a8d4112c55f0439c1008435d60fd2607 ('netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths')

Changed in linux (Ubuntu Wily):
assignee: nobody → Tim Gardner (timg-tpi)
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (7.8 KiB)

This bug was fixed in the package linux - 4.2.0-16.19

---------------
linux (4.2.0-16.19) wily; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1504143
  * [Config] CONFIG_X86_LEGACY_VM86=y, CONFIG_VM86=y for i386
    - LP: #1499089
  * [Config] CONFIG_MODIFY_LDT_SYSCALL=y
    - LP: #1499089
  * SAUCE: intel_pstate: Allow manually forcing the use of HWP on Skylake-S
  * [Config] CONFIG_ARM64_ERRATUM_843419=n
    - LP: #1502946
  * [Config] CONFIG_CAVIUM_ERRATUM_22375=y, CONFIG_CAVIUM_ERRATUM_23154=y

  [ Christophe Lombard ]

  * SAUCE: (noup) cxl: Fix number of allocated pages in SPA
    - LP: #1499849

  [ Matthew R. Ochs ]

  * SAUCE: (noup) cxlflash: Fix to avoid corrupting port selection mask

  [ Robert Richter ]

  * SAUCE: (noup) irqchip/gicv3-its: Add range check for number of
    allocated pages
  * SAUCE: (noup) irqchip/gicv3: Workaround for Cavium ThunderX erratum
    23154
  * SAUCE: (noup) irqchip/gicv3-its: Read typer register outside the loop
  * SAUCE: (noup) irqchip/gicv3-its: Add HW revision detection and
    configuration
  * SAUCE: (noup) irqchip/gicv3-its: Workaround for Cavium ThunderX errata
    22375, 24313

  [ Upstream Kernel Changes ]

  * x86/compat: Define ARCH_WANT_OLD_COMPAT_IPC only for 32-bit compat
    - LP: #1499089
  * x86/compat: Clean up HAVE_UID16 config
    - LP: #1499089
  * x86/compat: Separate ia32 and x32 compat ABIs
    - LP: #1499089
  * x86/entry/vm86: Clean up saved_fs/gs
    - LP: #1499089
  * x86/entry/vm86: Preserve 'orig_ax'
    - LP: #1499089
  * x86/entry/vm86: Move userspace accesses to do_sys_vm86()
    - LP: #1499089
  * x86/kconfig/32: Rename CONFIG_VM86 and default it to 'n'
    - LP: #1499089
  * x86/ldt: Make modify_ldt() optional
    - LP: #1499089
  * x86/vm86: Move vm86 fields out of 'thread_struct'
    - LP: #1499089
  * x86/vm86: Move fields from 'struct kernel_vm86_struct' to 'struct vm86'
    - LP: #1499089
  * x86/vm86: Eliminate 'struct kernel_vm86_struct'
    - LP: #1499089
  * x86/vm86: Use the normal pt_regs area for vm86
    - LP: #1499089
  * x86/vm86: Move the vm86 IRQ definitions to vm86.h
    - LP: #1499089
  * x86/vm86: Clean up vm86.h includes
    - LP: #1499089
  * x86/vm86: Rename vm86->vm86_info to user_vm86
    - LP: #1499089
  * x86/vm86: Rename vm86->v86flags and v86mask
    - LP: #1499089
  * x86/selftests, x86/vm86: Improve entry_from_vm86 selftest
    - LP: #1499089
  * selftests/x86/vm86: Fix entry_from_vm86 test on 64-bit kernels
    - LP: #1499089
  * x86/vm86: Block non-root vm86(old) if mmap_min_addr != 0
    - LP: #1499089
  * x86/vm86: Fix the misleading CONFIG_VM86 Kconfig help text
    - LP: #1499089
  * netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths
    - LP: #1503902

linux (4.2.0-15.18) wily; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1503692

  [ Andy Whitcroft ]

  * Revert "SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()"
    Was incorrectly backported.

  [ Ben Hutchings ]

  * SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
    - CVE-2015-7312

  [ Tim Gardner ]

  * [Debian] config-check and prepare using ${DEBIAN}/config/annotations
...

Read more...

Changed in linux (Ubuntu Wily):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers