ip_conntrack_lock not readlocked

"Daniel Chojecki" <boka@xxxxxxxxx> · Sat, 22 Oct 2005 22:45:46 +0200 (CEST)

Hi !

I have a firewall on Dell 1850 (3353540k of RAM) with:

- vanilla kernel: 2.4.31 with openwall patches - version 1 and pptp.
- iptables 1.3.3
- patch-o-matic-ng-20050904

Errors in /var/log/messages occurs when users (approx. 320) use internet
and dmz connection.

Oct 21 08:24:06 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 08:24:06 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 08:24:06 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 08:24:06 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 08:24:06 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 08:24:06 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 08:24:06 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 08:24:06 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 08:24:06 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 08:24:06 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 08:24:06 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 08:24:06 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 08:24:06 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 08:24:06 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 08:24:58 router -- MARK --
Oct 21 08:44:58 router -- MARK --
Oct 21 08:59:50 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 08:59:50 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 08:59:50 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 08:59:50 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 08:59:50 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 08:59:50 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 08:59:50 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 08:59:50 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 08:59:50 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 08:59:50 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 08:59:50 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 08:59:50 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 08:59:50 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 08:59:50 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 09:04:58 router -- MARK --
Oct 21 09:24:58 router -- MARK --
Oct 21 09:44:58 router -- MARK --
Oct 21 09:52:27 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 09:52:27 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 09:52:27 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 09:52:27 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 09:52:27 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 09:52:27 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 09:52:27 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 09:52:27 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 09:52:27 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 09:52:27 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 09:52:27 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 09:52:27 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 09:52:27 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 09:52:27 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 10:04:58 router -- MARK --
Oct 21 10:09:18 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 10:09:18 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 10:09:18 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 10:09:18 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 10:09:18 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 10:09:18 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 10:09:18 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 10:09:18 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 10:09:18 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 10:09:18 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 10:09:18 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 10:09:18 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 10:09:18 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 10:09:18 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 10:21:30 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 10:21:30 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 10:21:30 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 10:21:30 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 10:21:30 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 10:21:30 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 10:21:30 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 10:21:30 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 10:21:30 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 10:21:30 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 10:21:30 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 10:21:30 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 10:21:30 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 10:21:30 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 10:24:58 router -- MARK --
Oct 21 10:44:58 router -- MARK --
Oct 21 11:04:58 router -- MARK --

Oct 21 11:24:58 router -- MARK --
Oct 21 11:44:58 router -- MARK --
Oct 21 11:50:22 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked

Oct 21 11:44:58 router -- MARK --
Oct 21 11:50:22 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 11:50:22 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 11:50:22 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 11:50:22 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 12:04:58 router -- MARK --
Oct 21 12:24:58 router -- MARK --
Oct 21 12:44:58 router -- MARK --
Oct 21 13:04:58 router -- MARK --
Oct 21 13:24:58 router -- MARK --

Oct 21 14:04:58 router -- MARK --
Oct 21 14:06:08 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 14:06:08 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 14:06:08 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 14:06:08 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 14:06:08 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 14:06:08 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 14:06:08 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 14:06:08 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 14:06:08 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 14:06:08 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 14:06:08 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 14:06:08 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 14:06:08 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 14:06:08 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 14:06:59 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 14:06:59 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 14:06:59 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked

Oct 21 14:06:59 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 14:06:59 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 14:06:59 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 14:06:59 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 14:06:59 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 14:06:59 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 14:06:59 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 14:06:59 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 14:06:59 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 14:06:59 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 14:06:59 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 14:24:58 router -- MARK --
Oct 21 14:37:24 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 14:37:24 router kernel: ASSERT ip_conntrack_core.c:94
&ip_conntrack_lock readlocked
Oct 21 14:37:24 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 14:37:24 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 14:37:24 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 14:37:24 router kernel: ASSERT ip_nat_core.c:740 &ip_conntrack_lock
not readlocked
Oct 21 14:37:24 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 14:37:24 router kernel: ASSERT ip_conntrack_core.c:81
&ip_conntrack_lock not readlocked
Oct 21 14:37:24 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 14:37:24 router kernel: ASSERT ip_conntrack_core.c:83
&ip_conntrack_lock not readlocked
Oct 21 14:37:24 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 14:37:24 router kernel: ASSERT ip_conntrack_core.c:1086
&ip_conntrack_lock not readlocked
Oct 21 14:37:24 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked
Oct 21 14:37:24 router kernel: ASSERT: ip_nat_core.c:843
&ip_conntrack_lock not readlocked

Clients can see timeouts to our lotus domino server during refresh
proccess - rest of the traffic is not slowed down,
i mean they did not said anything about, for example, about http traffic.

Any ideas what can be broken ?

I have also attached .config file

-- 
greetz
bok@

Attachment:
config

Description: Binary data