Ubuntu
linux package

Network stops working after inserting nf_conntrack.ko to kernel

  1. Wily (15.10)
  2. Bug #1503902
Bug #1503902 reported by Ondrej Balaz
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Undecided
Tim Gardner
Wily
Fix Released
Undecided
Tim Gardner

Bug Description

While evaluating Wily for further use I found that after random period of time Internet connection drops (while IP stack is configured properly) and system message log gets quickly filled with following messages:

Oct 07 14:06:25 hikari kernel: nf_conntrack: table full, dropping packet
Oct 07 14:06:26 hikari kernel: nf_conntrack: table full, dropping packet

Problem occurs only if I manually load nf_conntrack or related kernel modules or start Shorewall (which loads nf_conntrack obviously). Removing nf_conntrack and nf_conntrack and dependent modules fixes problem and restores Internet connection.

With older builds of linux kernel (4.1.0-*) everything works as expected.

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: linux-image-4.2.0-14-generic 4.2.0-14.16
ProcVersionSignature: Ubuntu 4.2.0-14.16-generic 4.2.2
Uname: Linux 4.2.0-14-generic x86_64
ApportVersion: 2.19.1-0ubuntu1
Architecture: amd64
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: blami 1805 F.... pulseaudio
CurrentDesktop: Unity
Date: Wed Oct 7 23:56:46 2015
MachineType: LENOVO 2325DV5
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.2.0-14-generic root=UUID=ac8f53c6-5a42-45b3-aa74-4237647b3936 ro rootflags=subvol=@ quiet splash vt.handoff=7
RelatedPackageVersions:
 linux-restricted-modules-4.2.0-14-generic N/A
 linux-backports-modules-4.2.0-14-generic N/A
 linux-firmware 1.148
SourcePackage: linux
UdevLog: Error: [Errno 2] No such file or directory: '/var/log/udev'
UpgradeStatus: No upgrade log present (probably fresh install)
WifiSyslog:

dmi.bios.date: 03/05/2013
dmi.bios.vendor: LENOVO
dmi.bios.version: G2ETA0WW (2.60 )
dmi.board.asset.tag: Not Available
dmi.board.name: 2325DV5
dmi.board.vendor: LENOVO
dmi.board.version: Not Defined
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvrG2ETA0WW(2.60):bd03/05/2013:svnLENOVO:pn2325DV5:pvrThinkPadX230:rvnLENOVO:rn2325DV5:rvrNotDefined:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 2325DV5
dmi.product.version: ThinkPad X230
dmi.sys.vendor: LENOVO

Revision history for this message
Ondrej Balaz (blami) wrote :
Revision history for this message
Ondrej Balaz (blami) wrote :

After some Internet research it seems this issue is already fixed in mainline kernel:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9cf94eab8b309e8bcc78b41dd1561c75b537dd0b

I will try to cherry-pick to latest ubuntu kernel and report back the results.

Revision history for this message
Brad Figg (brad-figg) wrote : Status changed to Confirmed

This change was made by a bot.

Changed in linux (Ubuntu):
status: New → Confirmed
Revision history for this message
dino99 (9d9) wrote :

Has expirienced the same problem yesterday with the 4.2.0-15 kernel : the speed drop down to < 50 Kb/s, when it is usually around 1 Mb/s

Revision history for this message
Tim Gardner (timg-tpi) wrote :

Applied f99c8031a8d4112c55f0439c1008435d60fd2607 ('netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths')

Changed in linux (Ubuntu Wily):
assignee: nobody → Tim Gardner (timg-tpi)
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (7.8 KiB)

This bug was fixed in the package linux - 4.2.0-16.19

---------------
linux (4.2.0-16.19) wily; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1504143
  * [Config] CONFIG_X86_LEGACY_VM86=y, CONFIG_VM86=y for i386
    - LP: #1499089
  * [Config] CONFIG_MODIFY_LDT_SYSCALL=y
    - LP: #1499089
  * SAUCE: intel_pstate: Allow manually forcing the use of HWP on Skylake-S
  * [Config] CONFIG_ARM64_ERRATUM_843419=n
    - LP: #1502946
  * [Config] CONFIG_CAVIUM_ERRATUM_22375=y, CONFIG_CAVIUM_ERRATUM_23154=y

  [ Christophe Lombard ]

  * SAUCE: (noup) cxl: Fix number of allocated pages in SPA
    - LP: #1499849

  [ Matthew R. Ochs ]

  * SAUCE: (noup) cxlflash: Fix to avoid corrupting port selection mask

  [ Robert Richter ]

  * SAUCE: (noup) irqchip/gicv3-its: Add range check for number of
    allocated pages
  * SAUCE: (noup) irqchip/gicv3: Workaround for Cavium ThunderX erratum
    23154
  * SAUCE: (noup) irqchip/gicv3-its: Read typer register outside the loop
  * SAUCE: (noup) irqchip/gicv3-its: Add HW revision detection and
    configuration
  * SAUCE: (noup) irqchip/gicv3-its: Workaround for Cavium ThunderX errata
    22375, 24313

  [ Upstream Kernel Changes ]

  * x86/compat: Define ARCH_WANT_OLD_COMPAT_IPC only for 32-bit compat
    - LP: #1499089
  * x86/compat: Clean up HAVE_UID16 config
    - LP: #1499089
  * x86/compat: Separate ia32 and x32 compat ABIs
    - LP: #1499089
  * x86/entry/vm86: Clean up saved_fs/gs
    - LP: #1499089
  * x86/entry/vm86: Preserve 'orig_ax'
    - LP: #1499089
  * x86/entry/vm86: Move userspace accesses to do_sys_vm86()
    - LP: #1499089
  * x86/kconfig/32: Rename CONFIG_VM86 and default it to 'n'
    - LP: #1499089
  * x86/ldt: Make modify_ldt() optional
    - LP: #1499089
  * x86/vm86: Move vm86 fields out of 'thread_struct'
    - LP: #1499089
  * x86/vm86: Move fields from 'struct kernel_vm86_struct' to 'struct vm86'
    - LP: #1499089
  * x86/vm86: Eliminate 'struct kernel_vm86_struct'
    - LP: #1499089
  * x86/vm86: Use the normal pt_regs area for vm86
    - LP: #1499089
  * x86/vm86: Move the vm86 IRQ definitions to vm86.h
    - LP: #1499089
  * x86/vm86: Clean up vm86.h includes
    - LP: #1499089
  * x86/vm86: Rename vm86->vm86_info to user_vm86
    - LP: #1499089
  * x86/vm86: Rename vm86->v86flags and v86mask
    - LP: #1499089
  * x86/selftests, x86/vm86: Improve entry_from_vm86 selftest
    - LP: #1499089
  * selftests/x86/vm86: Fix entry_from_vm86 test on 64-bit kernels
    - LP: #1499089
  * x86/vm86: Block non-root vm86(old) if mmap_min_addr != 0
    - LP: #1499089
  * x86/vm86: Fix the misleading CONFIG_VM86 Kconfig help text
    - LP: #1499089
  * netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy error paths
    - LP: #1503902

linux (4.2.0-15.18) wily; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1503692

  [ Andy Whitcroft ]

  * Revert "SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()"
    Was incorrectly backported.

  [ Ben Hutchings ]

  * SAUCE: aufs3: mmap: Fix races in madvise_remove() and sys_msync()
    - CVE-2015-7312

  [ Tim Gardner ]

  * [Debian] config-check and prepare using ${DEBIAN}/config/annotations
...

Read more...

Changed in linux (Ubuntu Wily):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.