Ubuntu
linux package

Kernel panic caused by null pointer dereference in nf_conntrack

Asked by Junjie.Wang

    On Ubuntu 24.04, both the 6.8.0-56-generic and 6.11.0-25-generic kernels occasionally encounter a kernel panic caused by a null pointer dereference in the nf_conntrack module. The issue appears to be intermittent and not easily reproducible. The specific dmesg output is as follows:
[342859.173639] BUG: kernel NULL pointer dereference, address: 0000000000000000
[342859.174530] #PF: supervisor write access in kernel mode
[342859.175184] #PF: error_code(0x0002) - not-present page
[342859.175854] PGD 8000000103f30067 P4D 8000000103f30067 PUD 10430e067 PMD 0
[342859.176636] Oops: 0002 [#1] PREEMPT SMP PTI
[342859.177233] CPU: 0 PID: 79070 Comm: system.mark Kdump: loaded Not tainted 6.8.0-56-generic #58-Ubuntu
[342859.178207] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 449e491 04/01/2014
[342859.179070] RIP: 0010:__nf_ct_delete_from_lists+0xb8/0x150 [nf_conntrack]
[342859.179895] Code: ff 8b 1d b7 71 01 00 44 89 ea 44 89 f7 89 c0 48 0f af d8 48 c1 eb 20 89 de e8 74 fe ff ff 84 c0 75 88 49 8b 47 10 49 8b 57 18 <48> 89 02 a8 01 75 04 48 89 50 08 48 b8 22 01 00 00 00 00 ad de 49
[342859.181631] RSP: 0018:ffffb1aa44c67808 EFLAGS: 00010246
[342859.182113] RAX: 0000000000018d1f RBX: 000000000000bd04 RCX: 0000000000000000
[342859.182688] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[342859.183262] RBP: ffffb1aa44c67848 R08: 0000000000000000 R09: 0000000000000000
[342859.183833] R10: 0000000000000000 R11: 0000000000000000 R12: 000000000000fb6c
[342859.184408] R13: 0000000000000000 R14: 000000000000fb6c R15: ffff9a5497d8fc00
[342859.184992] FS: 000000c000074090(0000) GS:ffff9a55b3e00000(0000) knlGS:0000000000000000
[342859.185628] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[342859.186136] CR2: 0000000000000000 CR3: 0000000104012006 CR4: 00000000003706f0
[342859.186726] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[342859.187317] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[342859.187900] Call Trace:
[342859.188244] <TASK>
[342859.188577] ? show_regs+0x6d/0x80
[342859.188974] ? __die+0x24/0x80
[342859.189355] ? page_fault_oops+0x99/0x1b0
[342859.189780] ? do_user_addr_fault+0x2e9/0x670
[342859.190226] ? exc_page_fault+0x83/0x1b0
[342859.190654] ? asm_exc_page_fault+0x27/0x30
[342859.191097] ? __nf_ct_delete_from_lists+0xb8/0x150 [nf_conntrack]
[342859.191658] ? __nf_ct_delete_from_lists+0xac/0x150 [nf_conntrack]
[342859.192207] nf_ct_delete+0xd5/0x250 [nf_conntrack]
[342859.192696] nf_ct_gc_expired.part.0+0x66/0xa0 [nf_conntrack]
[342859.193223] early_drop+0x1bd/0x260 [nf_conntrack]
[342859.193708] __nf_conntrack_alloc+0x14e/0x1a0 [nf_conntrack]
[342859.194234] init_conntrack.isra.0+0x413/0x4e0 [nf_conntrack]
[342859.194770] resolve_normal_ct+0x1ec/0x250 [nf_conntrack]
[342859.195293] nf_conntrack_in+0xdb/0x360 [nf_conntrack]
[342859.195796] ipv4_conntrack_local+0x58/0xa0 [nf_conntrack]
[342859.196320] nf_hook_slow+0x46/0x130
[342859.196738] raw_send_hdrinc+0x415/0x5b0
[342859.197173] ? __pfx_dst_output+0x10/0x10
[342859.197614] raw_sendmsg+0x89b/0xd30
[342859.198030] inet_sendmsg+0x7d/0x80
[342859.198442] ? __pfx_raw_sendmsg+0x10/0x10
[342859.198881] ? inet_sendmsg+0x7d/0x80
[342859.199302] sock_write_iter+0x16d/0x1a0
[342859.199729] vfs_write+0x3d9/0x480
[342859.200123] ksys_write+0xc9/0x100
[342859.200518] __x64_sys_write+0x19/0x30
[342859.200925] x64_sys_call+0x7e/0x25a0
[342859.201329] do_syscall_64+0x7f/0x180
[342859.201728] ? irqentry_exit_to_user_mode+0x7b/0x260
[342859.202185] ? irqentry_exit+0x43/0x50
[342859.202582] ? common_interrupt+0x54/0xb0
[342859.202983] entry_SYSCALL_64_after_hwframe+0x78/0x80
[342859.203438] RIP: 0033:0x403e8e
[342859.203786] Code: 48 83 ec 38 e8 13 00 00 00 48 83 c4 38 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 49 89 f2 48 89 fa 48 89 ce 48 89 df 0f 05 <48> 3d 01 f0 ff ff 76 15 48 f7 d8 48 89 c1 48 c7 c0 ff ff ff ff 48
[342859.205098] RSP: 002b:000000c00021e538 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[342859.205698] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000000403e8e
[342859.206269] RDX: 0000000000000434 RSI: 000000c0000ac900 RDI: 0000000000000009
[342859.206835] RBP: 000000c00021e578 R08: 0000000000000000 R09: 0000000000000000
[342859.207402] R10: 0000000000000000 R11: 0000000000000202 R12: 000000c0000d7ec8
[342859.207971] R13: 4498492092494492 R14: 000000c0000a01a0 R15: 00000000000000f6
[342859.208540] </TASK>
[342859.208851] Modules linked in: tls qrtr cfg80211 cpuid intel_rapl_msr intel_rapl_common intel_uncore_frequency_common isst_if_common skx_edac_common nfit rapl xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 binfmt_misc nf_defrag_ipv4 nft_compat nf_tables i2c_piix4 pvpanic_mmio nls_iso8859_1 pvpanic input_leds joydev mac_hid serio_raw sch_fq_codel dm_multipath msr efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 nvme nvme_tcp nvme_rdma rdma_cm iw_cm ib_cm ib_core nvme_fc nvme_fabrics nvme_keyring nvme_core nvme_auth hid_generic usbhid hid crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3 psmouse sha1_ssse3 floppy cirrus pata_acpi aesni_intel crypto_simd cryptd
[342859.214136] CR2: 0000000000000000
[342859.214548] ---[ end trace 0000000000000000 ]---
[342859.215035] RIP: 0010:__nf_ct_delete_from_lists+0xb8/0x150 [nf_conntrack]
[342859.215655] Code: ff 8b 1d b7 71 01 00 44 89 ea 44 89 f7 89 c0 48 0f af d8 48 c1 eb 20 89 de e8 74 fe ff ff 84 c0 75 88 49 8b 47 10 49 8b 57 18 <48> 89 02 a8 01 75 04 48 89 50 08 48 b8 22 01 00 00 00 00 ad de 49
[342859.217105] RSP: 0018:ffffb1aa44c67808 EFLAGS: 00010246
[342859.217651] RAX: 0000000000018d1f RBX: 000000000000bd04 RCX: 0000000000000000
[342859.218288] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[342859.218917] RBP: ffffb1aa44c67848 R08: 0000000000000000 R09: 0000000000000000
[342859.219556] R10: 0000000000000000 R11: 0000000000000000 R12: 000000000000fb6c
[342859.220185] R13: 0000000000000000 R14: 000000000000fb6c R15: ffff9a5497d8fc00
[342859.220819] FS: 000000c000074090(0000) GS:ffff9a55b3e00000(0000) knlGS:0000000000000000
[342859.221501] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[342859.222069] CR2: 0000000000000000 CR3: 0000000104012006 CR4: 00000000003706f0
[342859.222714] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[342859.223360] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[342859.224002] Kernel panic - not syncing: Fatal exception in interrupt
[342859.226803] Kernel Offset: 0x36e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)

for kernel 6.11.0-25-generic
[1506708.144369] [T1091772] BUG: kernel NULL pointer dereference, address: 0000000000000000
[1506708.144854] [T1091772] #PF: supervisor write access in kernel mode
[1506708.145166] [T1091772] #PF: error_code(0x0002) - not-present page
[1506708.145460] [T1091772] PGD 80000001dd392067 P4D 80000001dd392067 PUD 22e88a067 PMD 0
[1506708.145851] [T1091772] Oops: Oops: 0002 [#1] PREEMPT SMP PTI
[1506708.146129] [T1091772] CPU: 2 UID: 65532 PID: 1091772 Comm: daprd Kdump: loaded Not tainted 6.11.0-25-generic #25~24.04.1-Ubuntu
[1506708.146708] [T1091772] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 0.0.0 02/06/2015
[1506708.147130] [T1091772] RIP: 0010:__nf_ct_delete_from_lists+0xb8/0x150 [nf_conntrack]
[1506708.147523] [T1091772] Code: ff 8b 1d 17 80 01 00 44 89 ea 44 89 f7 89 c0 48 0f af d8 48 c1 eb 20 89 de e8 74 fe ff ff 84 c0 75 88 49 8b 47 10 49 8b 57 18 <48> 89 02 a8 01 75 04 48 89 50 08 48 b8 22 01 00 00 00 00 ad de 49
[1506708.148533] [T1091772] RSP: 0018:ffffab2bd0f7b460 EFLAGS: 00010246
[1506708.148835] [T1091772] RAX: 000000000007cff9 RBX: 0000000000031c1b RCX: 0000000000000000
[1506708.149239] [T1091772] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[1506708.149635] [T1091772] RBP: ffffab2bd0f7b4a0 R08: 0000000000000000 R09: 0000000000000000
[1506708.150030] [T1091772] R10: 0000000000000000 R11: 0000000000000000 R12: 000000000003e7fc
[1506708.150431] [T1091772] R13: 0000000000000000 R14: 000000000003e7fc R15: ffff94cf08fcfa00
[1506708.150829] [T1091772] FS: 000000c001fc7898(0000) GS:ffff94d020b00000(0000) knlGS:0000000000000000
[1506708.151280] [T1091772] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[1506708.151606] [T1091772] CR2: 0000000000000000 CR3: 0000000236abe001 CR4: 00000000003706f0
[1506708.152006] [T1091772] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[1506708.152413] [T1091772] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[1506708.152811] [T1091772] Call Trace:
[1506708.152964] [T1091772] <TASK>
[1506708.153104] [T1091772] ? show_regs+0x6c/0x80
[1506708.153317] [T1091772] ? __die+0x24/0x80
[1506708.153504] [T1091772] ? page_fault_oops+0x96/0x1b0
[1506708.153739] [T1091772] ? do_user_addr_fault+0x4b2/0x870
[1506708.153994] [T1091772] ? exc_page_fault+0x85/0x1c0
[1506708.154231] [T1091772] ? asm_exc_page_fault+0x27/0x30
[1506708.154487] [T1091772] ? __nf_ct_delete_from_lists+0xb8/0x150 [nf_conntrack]
[1506708.154846] [T1091772] nf_ct_delete+0xe8/0x260 [nf_conntrack]
[1506708.155397] [T1091772] nf_ct_gc_expired.part.0+0x66/0xa0 [nf_conntrack]
[1506708.155969] [T1091772] __nf_conntrack_find_get+0xf0/0x360 [nf_conntrack]
[1506708.156546] [T1091772] resolve_normal_ct+0xf3/0x250 [nf_conntrack]
[1506708.157078] [T1091772] nf_conntrack_in+0xdb/0x360 [nf_conntrack]
[1506708.157602] [T1091772] ipv4_conntrack_local+0x58/0xa0 [nf_conntrack]
[1506708.158160] [T1091772] nf_hook_slow+0x46/0x130
[1506708.158590] [T1091772] __ip_local_out+0xf9/0x180
[1506708.159022] [T1091772] ? __pfx_dst_output+0x10/0x10
[1506708.159470] [T1091772] ip_send_skb+0x23/0xb0
[1506708.159878] [T1091772] udp_send_skb+0x198/0x380
[1506708.160295] [T1091772] udp_sendmsg+0xbf4/0xff0
[1506708.160695] [T1091772] ? __pfx_ip_generic_getfrag+0x10/0x10
[1506708.161159] [T1091772] inet_sendmsg+0x76/0x80
[1506708.161547] [T1091772] ? inet_sendmsg+0x76/0x80
[1506708.161936] [T1091772] ____sys_sendmsg+0x34c/0x410
[1506708.162336] [T1091772] ___sys_sendmsg+0x9a/0xf0
[1506708.162714] [T1091772] __sys_sendmsg+0x89/0xf0
[1506708.163083] [T1091772] __x64_sys_sendmsg+0x1d/0x30
[1506708.163472] [T1091772] x64_sys_call+0x912/0x25f0
[1506708.163850] [T1091772] do_syscall_64+0x7e/0x170
[1506708.164227] [T1091772] ? crng_fast_key_erasure+0xd5/0x120
[1506708.164646] [T1091772] ? _copy_to_iter+0xf3/0x5a0
[1506708.165025] [T1091772] ? get_random_bytes_user+0x14d/0x160
[1506708.165448] [T1091772] ? __x64_sys_getrandom+0x78/0xe0
[1506708.165843] [T1091772] ? syscall_exit_to_user_mode+0x4e/0x250
[1506708.166276] [T1091772] ? do_syscall_64+0x8a/0x170
[1506708.166647] [T1091772] ? __sys_setsockopt+0x76/0xe0
[1506708.167021] [T1091772] ? __sys_setsockopt+0xc3/0xe0
[1506708.167401] [T1091772] ? syscall_exit_to_user_mode+0x4e/0x250
[1506708.167822] [T1091772] ? do_syscall_64+0x8a/0x170
[1506708.168195] [T1091772] ? syscall_exit_to_user_mode+0x4e/0x250
[1506708.168620] [T1091772] ? do_syscall_64+0x8a/0x170
[1506708.168989] [T1091772] ? syscall_exit_to_user_mode+0x4e/0x250
[1506708.169420] [T1091772] ? do_syscall_64+0x8a/0x170
[1506708.169789] [T1091772] ? irqentry_exit+0x43/0x50
[1506708.170158] [T1091772] ? sysvec_apic_timer_interrupt+0x57/0xc0
[1506708.170583] [T1091772] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[1506708.171011] [T1091772] RIP: 0033:0x40708e
[1506708.171345] [T1091772] Code: 48 83 ec 38 e8 13 00 00 00 48 83 c4 38 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 49 89 f2 48 89 fa 48 89 ce 48 89 df 0f 05 <48> 3d 01 f0 ff ff 76 15 48 f7 d8 48 89 c1 48 c7 c0 ff ff ff ff 48
[1506708.172782] [T1091772] RSP: 002b:000000c00001e760 EFLAGS: 00000212 ORIG_RAX: 000000000000002e
[1506708.173372] [T1091772] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 000000000040708e
[1506708.173933] [T1091772] RDX: 0000000000000000 RSI: 000000c00001e8c0 RDI: 0000000000000011
[1506708.174501] [T1091772] RBP: 000000c00001e7a0 R08: 0000000000000000 R09: 0000000000000000
[1506708.175060] [T1091772] R10: 0000000000000000 R11: 0000000000000212 R12: 0000000000000023
[1506708.175629] [T1091772] R13: 0000000000000000 R14: 000000c00011e8c0 R15: 000000c0018f3830
[1506708.176202] [T1091772] </TASK>
[1506708.176510] [T1091772] Modules linked in: tls tcp_diag inet_diag nf_conntrack_netlink xt_nat xt_tcpudp veth xt_conntrack nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp llc xfrm_user xfrm_algo xt_addrtype nft_compat nf_tables nfsv3 nfs_acl overlay nfs lockd grace netfs cpuid sunrpc binfmt_misc nls_iso8859_1 input_leds joydev serio_raw sch_fq_codel dm_multipath msr efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 btrfs blake2b_generic raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 nvme nvme_fc nvme_fabrics nvme_keyring nvme_core nvme_auth hid_generic usbhid hid crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3 sha1_ssse3 psmouse floppy aesni_intel crypto_simd cryptd
[1506708.182072] [T1091772] CR2: 0000000000000000

Question information

Language:
English Edit question
Status:
Open
For:
Ubuntu linux Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:

Can you help with this problem?

Provide an answer of your own, or ask Junjie.Wang for more information if necessary.

To post a message you must log in.