Hi, I have a minimal test case for this bug (tested with kvm/qemu). With this network config: pptp_client <==> GW <=NAT=> pptp_server On the GW (one interface, two IPs): iptables -t raw -A PREROUTING -p tcp -m tcp --dport 1723 -j CT --helper pptp iptables -A FORWARD -m state --state RELATED -p gre -m helper --helper pptp -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sysctl -w net.ipv4.ip_forward=1 sysctl -w net.netfilter.nf_conntrack_helper=0 sysctl -w net.netfilter.nf_conntrack_acct=1 And try to connect the pptp client. Instant oops. Reproduced on: 3.12.9-1~bpo70+1 3.13.10-1~bpo70+1 3.14.4-1~bpo70+1 Working: 3.11.10-1~bpo70+1 I don't have the time to bisect this now, I will try next week, if needed. Backtrace on kvm: [ 617.843493] RIP: 0010:[<ffffffffa044ec41>] [<ffffffffa044ec41>] nf_nat_setup_info+0x471/0x890 [nf_nat] [ 617.843493] RSP: 0018:ffff88003fc03978 EFLAGS: 00010246 [ 617.843493] RAX: 0000000000000000 RBX: ffff880036f1a3c8 RCX: 0000000000000000 [ 617.843493] RDX: ffff880000072b80 RSI: 00000000fc9c9c9b RDI: ffffffffa0451430 [ 617.843493] RBP: 00000000000014a9 R08: ffffffff81886f80 R09: ffff880000072b80 [ 617.843493] R10: ffff88003fc03958 R11: ffff88003ac50000 R12: 0000000000000000 [ 617.843493] R13: ffff88003fc039d8 R14: 0000000000000000 R15: 0000000000000000 [ 617.843493] FS: 0000000000000000(0000) GS:ffff88003fc00000(0000) knlGS:0000000000000000 [ 617.843493] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 617.843493] CR2: 0000000000000010 CR3: 0000000036c00000 CR4: 00000000001406f0 [ 617.843493] Stack: [ 617.843493] 0000000000000003 ffffffffa0450280 ffffffff81886f80 ffffffffa045a060 [ 617.843493] ffffffffa045a068 ffffffffa0450290 ffffffff81476c2c 00000000017aa8c0 [ 617.843493] 0000000000000000 0142420a00025ad1 0000000000000000 0006bb0600000000 [ 617.843493] Call Trace: [ 617.843493] <IRQ> [ 617.843493] [<ffffffff81476c2c>] ? fib_table_lookup+0x2bc/0x350 [ 617.843493] [<ffffffffa045e1b2>] ? masquerade_tg+0xf2/0x130 [ipt_MASQUERADE] [ 617.843493] [<ffffffffa03f7260>] ? ipt_do_table+0x350/0x610 [ip_tables] [ 617.843493] [<ffffffffa0454368>] ? nf_nat_ipv4_local_fn+0x58/0x120 [iptable_nat] [ 617.843493] [<ffffffff81438840>] ? ip_forward_options+0x200/0x200 [ 617.843493] [<ffffffffa0454214>] ? nf_nat_ipv4_fn+0x194/0x290 [iptable_nat] [ 617.843493] [<ffffffff8143a1f0>] ? ip_fragment+0x830/0x830 [ 617.843493] [<ffffffffa0454488>] ? nf_nat_ipv4_out+0x58/0x100 [iptable_nat] [ 617.843493] [<ffffffff8142ebf6>] ? nf_iterate+0x86/0xc0 [ 617.843493] [<ffffffff81436e40>] ? ip_frag_mem+0x40/0x40 [ 617.843493] [<ffffffff8143a1f0>] ? ip_fragment+0x830/0x830 [ 617.843493] [<ffffffff8142eca7>] ? nf_hook_slow+0x77/0x150 [ 617.843493] [<ffffffff8143a1f0>] ? ip_fragment+0x830/0x830 [ 617.843493] [<ffffffff8143af2a>] ? ip_output+0x7a/0x90 [ 617.843493] [<ffffffff813fe293>] ? __netif_receive_skb_core+0x643/0x7c0 [ 617.843493] [<ffffffff813fe4aa>] ? netif_receive_skb_internal+0x1a/0x80 [ 617.843493] [<ffffffffa0105515>] ? virtnet_poll+0x4b5/0x7fc [virtio_net] [ 617.843493] [<ffffffff810c4eee>] ? ktime_get+0x4e/0xe0 [ 617.843493] [<ffffffff813ff9a9>] ? net_rx_action+0x119/0x230 [ 617.843493] [<ffffffff810b8b41>] ? handle_irq_event_percpu+0x91/0x210 [ 617.843493] [<ffffffff81069a9e>] ? __do_softirq+0xee/0x2f0 [ 617.843493] [<ffffffff81069ebe>] ? irq_exit+0x7e/0xa0 [ 617.843493] [<ffffffff81017211>] ? do_IRQ+0x61/0x110 [ 617.843493] [<ffffffff814f162d>] ? common_interrupt+0x6d/0x6d -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
