On Mon, Oct 31, 2011 at 02:33:12PM -0700, akpm@xxxxxxxxxxxxxxxxxxxx wrote: > diff -puN net/netfilter/nf_conntrack_netlink.c~net-netfilter-nf_conntrack_netlinkc-fix-oops-on-container-destroy net/netfilter/nf_conntrack_netlink.c > --- a/net/netfilter/nf_conntrack_netlink.c~net-netfilter-nf_conntrack_netlinkc-fix-oops-on-container-destroy > +++ a/net/netfilter/nf_conntrack_netlink.c > @@ -570,6 +570,11 @@ ctnetlink_conntrack_event(unsigned int e > return 0; > > net = nf_ct_net(ct); > + > + /* container deinit, netlink may have died before death_by_timeout */ > + if (!net->nfnl) > + return 0; > + This patch is a workaround and it is incomplete (it doesn't include the expectation part). The correct fix requires to finish container support for nfnetlink, which seems incomplete. I was expecting some feedback from Alexey Dobriyan with no success. If we apply this, we'll have to apply similar workaround in other parts of the code. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
