129412 – Kernel panics in ip6_nexthdr when eth0 is bought up during boot

Bug 129412 - Kernel panics in ip6_nexthdr when eth0 is bought up during boot

Summary: Kernel panics in ip6_nexthdr when eth0 is bought up during boot

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	kernel
Sub Component:
Version:	rawhide
Hardware:	i586
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Dave Jones
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-08-08 14:56 UTC by Tom Hughes
Modified:	2015-01-04 22:08 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-10-06 00:27:41 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Fix for ip6t_LOG.c OOPS (1.20 KB, patch) 2004-08-29 06:29 UTC, David Miller	no flags	Details \| Diff
View All

Description Tom Hughes 2004-08-08 14:56:32 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.00 (compatible; MSIE 5.5; Windows NT 5.0)

Description of problem:
If I have an IPv6 firewall rule setup with LOG as a target then the
kernel panics in ip6_nexthdr when eth0 is bought up during the boot
process - at a guess it only actually panics when the first IPv6
packet hits that rule but that happens fairly quickly. This doesn't
happen with the original kernel-2.6.5-1.358 package. The panic is as
follows:

*pde = 09446067
Oops: 0000 [#1]
Modules linked in: de4x5 ipt_REJECT ipt_LOG ipt_limit ipt_state
iptable_filter iptable_nat ip_conntrack ip_tables ip6t_LOG ip6t_limit
ip6t_tables ipv6 floppy sg scsi_mod dm_mod uhci_hcd ext3 jbd

CPU: 0
EIP: 0060 [<cc841040>] Not tainted
EFLAGS: 00010246 (2.6.7-1.494.2.2)
EIP is at ip6_nexthdr+0x40/0x63 [ip6t_LOG]
eax: 00000000 ebx: 0000003b ecx: c03cb084 edx: c9514838
esi: 00000000 edi: 00000000 ebp: c9514810 esp: c03cbe54
ds: 007b es: 007b ss: 0068

Process: ifup (...)
Stack: ...
Call Trace:
Stack pointer is garbage, not printing trace
Code: 0f b6 00 8a 1a 8d 04 c5 08 00 00 00 0f b6 c0 01 c2 89 11 eb
<0> Kernel panic: Fatal exception in interrupt

Version-Release number of selected component (if applicable):
kernel-2.6.7-1.494.2.2

How reproducible:
Always

Steps to Reproduce:
1. Add IPv6 firewall rull with LOG as target
2. Bring up interface
3. Allow packet to hit target?
    

Actual Results:  The kernel paniced.

Expected Results:  Packet should have been logged

Additional info:

Comment 1 Louis Lagendijk 2004-08-11 22:36:39 UTC

I have seen the same oops on the 2.6.7-1.494.2.2 kernel, for example
at shutting down the system, where some IPv6 messages are sent that
get filtered by the IPv6 packet filter. Reverting to kernel
2.6.6-1.435.2.3 solved the problem for now.

Comment 2 Tom Hughes 2004-08-21 11:03:53 UTC

This is still occurring in the 2.6.8-1.521 kernel - there seems to be
a small window at boot time and shutdown time when the oops can occur.
Once the system is up I can add an IPv6 firewall rule with a LOG
target and everything will be fine until I shutdown at which point it
will oops during the shutdown.

Comment 3 David Miller 2004-08-29 06:29:31 UTC

Created attachment 103217 [details]
Fix for ip6t_LOG.c OOPS

Fixed by Olaf Kirch in 2.6.9-preX

Comment 4 Tom Hughes 2004-11-24 18:42:10 UTC

The 2.6.9-1.6_FC2 errate kernel appears to have fixed this for me.

Comment 5 Tom Hughes 2004-11-24 18:43:43 UTC

Closed by accident (with wrong resolution), so reopening.

Note You need to log in before you can comment on or make changes to this bug.