Article ID: 122271, created on Jul 7, 2014, last review on Jun 17, 2016

  • Applies to:
  • Virtuozzo containers for Linux 4.7
  • Virtuozzo hypervisor

Symptoms

A hardware node might experience unexpected reboot/crash with 'kernel BUG at net/ipv4/netfilter/nf_nat_core.c:322!'. Following can be seen in dmesg:

<4>[14829544.822481] Pid: 42605, comm: apache2 veid: 6899 Tainted: P    B   WC ---------------    2.6.32-042stab078.26 #1 042stab078_26 Dell Inc. PowerEdge R410/01V648
<4>[14829544.851487] RIP: 0010:[<ffffffff81160520>]  [<ffffffff81160520>] unmap_vmas+0xb80/0xce0
<4>[14829544.868099] RSP: 0018:ffff88087aa0bcc8  EFLAGS: 00010207
<4>[14829544.879266] RAX: 1fffdb010a14ac00 RBX: 0000000003baf000 RCX: e07fffc4042852b0
<4>[14829544.894131] RDX: ffff880850a56038 RSI: ffffea0000000000 RDI: ffff880850a56038
<4>[14829544.908996] RBP: ffff88087aa0be08 R08: ffff880f3afb4638 R09: 0000000000000000
<4>[14829544.923858] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000003c00000
<4>[14829544.938719] R13: ffff880efb7670e8 R14: 000000000009d000 R15: ffff880851d36d78
<4>[14829544.953580] FS:  0000000000000000(0000) GS:ffff880049600000(0000) knlGS:0000000000000000
<4>[14829544.970348] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[14829544.982387] CR2: 00007f85f06757a8 CR3: 0000000001a85000 CR4: 00000000000007e0
<4>[14829544.997248] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
<4>[14829545.012111] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
<4>[14829545.026972] Process apache2 (pid: 42605, veid: 6899, threadinfo ffff88087aa0a000, task ffff880c47b42fa0)
<4>[14829545.046525] Stack:
<4>[14829545.051103]  0000000000000000 00003ffffffff000 ffff88087aa0bd08 ffffffff8118586a
<4>[14829545.066129] <d> ffff880bb68eb3c0 ffff88087aa0bd08 0000000000000065 ffffea0004cbe300
<4>[14829545.082121] <d> ffff88087aa0be28 0000000000000000 0000000000000000 ffff880bb68eb3c0
<4>[14829545.098531] Call Trace:
<4>[14829545.103990]  [<ffffffff8118586a>] ? alloc_pages_current+0xaa/0x110
<4>[14829545.116902]  [<ffffffff8116a0c7>] exit_mmap+0x87/0x1a0
<4>[14829545.127726]  [<ffffffff8106e57c>] mmput+0x5c/0x1f0
<4>[14829545.137860]  [<ffffffff810751a9>] exit_mm+0x109/0x150
<4>[14829545.148512]  [<ffffffff81076f97>] do_exit+0x187/0x920
<4>[14829545.159162]  [<ffffffff81077788>] do_group_exit+0x58/0xd0
<4>[14829545.170506]  [<ffffffff81077817>] sys_exit_group+0x17/0x20
<4>[14829545.182029]  [<ffffffff8100b102>] system_call_fastpath+0x16/0x1b
<4>[14829545.194586] Code: 01 00 00 00 00 e9 7c ff ff ff 4c 89 ff e8 a9 cb ee ff e9 92 fd ff ff 48 89 c8 48 be 00 00 00 00 00 ea ff ff 48 c1 e0 06 48 01 f0 <f6> 00 01 74 1c f6 40 18 01 74 0d 83 6d 88 01 e9 33 fa ff ff 0f
<1>[14829545.233845] RIP  [<ffffffff81160520>] unmap_vmas+0xb80/0xce0
<4>[14829545.245732]  RSP <ffff88087aa0bcc8>

Cause

High network activity (due to a botnet/trojan BillGates running in a container) could lead to race condition in the connection tracking. The issue has been investigated in the scope of the internal request PCLIN-32278.

Resolution

The fix is available since the kernel 2.6.32-042stab085.20.

Search Words

PCLIN-32278

crashed node

kernel panic

net/ipv4/netfilter/nf_nat_core.c:322

unmap_vmas+0xb80/0xce0

a26b38f94253cdfbf1028d72cf3a498b 2897d76d56d2010f4e3a28f864d69223 e8e50b42231236b82df27684e7ec0beb d02f9caf3e11b191a38179103495106f 0c05f0c76fec3dd785e9feafce1099a9

Email subscription for changes to this article
Save as PDF