Bug 433661 - kernel panic with voip traffic (h323)
Summary: kernel panic with voip traffic (h323)
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.1
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Thomas Graf
QA Contact: Martin Jenner
Depends On:
TreeView+ depends on / blocked
Reported: 2008-02-20 18:24 UTC by Juan Jesus Prieto Tapia
Modified: 2015-04-20 11:07 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-01-20 20:26:14 UTC
Target Upstream Version:
jjprieto: needinfo-

Attachments (Terms of Use)
latest 2.6.18 ipv4 netfilter patch (28.18 KB, patch)
2008-05-12 18:47 UTC, Linda Wang
no flags Details | Diff
proposed patch (1.33 KB, patch)
2008-06-18 21:53 UTC, Thomas Graf
no flags Details | Diff

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:0225 0 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 5.3 kernel security and bug fix update 2009-01-20 16:06:24 UTC

Description Juan Jesus Prieto Tapia 2008-02-20 18:24:03 UTC
Description of problem:

I have a firewall with latest kernel-2.6.18-53.1.13. When a h323 machine
initiate conections, kernel hangs with message:

# BUG: unable to handle kernel NULL pointer dereference at virtual address 00000020
 printing eip:
*pde = 00000000
Oops: 0000 [0000001]
last sysfs file: /devices/pci0000:00/0000:00:00.0/irq
Modules linked in: sata_promise(U) megaraid_sas(U) mptsas(U) mptspi(U)
mptscsih(U) mptbase(U) cciss(U) ipt_ipp2p(U) r8169(U) bnx2(U) b44(U) tg3(U)
e1000(U) e100(U) e1000bp(U) sk98lin(U) natsemi(U) reiserfs(U) cloop(U) isofs(U)
CPU: 0
EIP: 0060:[<c06803d9>] Not tainted VLI
EFLAGS: 00010202 (2.6.18-8.1.4.el5-lince-nohimem 28)
EIP is at __ip_ct_refresh_acct+0xa1/0x129
eax: 00000000 ebx: 00000002 ecx: 00000000 edx: 00000001
esi: f67396ec edi: 00000008 ebp: 000493e0 esp: f5bffbe8
ds: 007b es: 007b ss: 0068
Process run (pid: 20668, ti=f5bfe000 task=f7def550 task.ti=f5bfe000)
Stack: 00000001 00000000 00000003 00000001 f6739760 f67396ec 00000036 c0689731
       000493e0 00000001 00000003 f5bffcc4 f67396ec 00000004 f5bffcc4 c0690e15
       f5bffcc4 00000000 03bca440 00000000 00000000 f601383c f5bffcc4 c07a9b80
Call Trace:
 [<c0689731>] ras_help+0x416/0x809
 [<c0690e15>] ip_nat_fn+0x171/0x185
 [<c067f6f7>] ip_conntrack_help+0x27/0x34
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06c1943>] br_nf_dev_queue_xmit+0x0/0x34
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06c1943>] br_nf_dev_queue_xmit+0x0/0x34
 [<c06c1bff>] br_nf_post_routing+0x135/0x157
 [<c06c1943>] br_nf_dev_queue_xmit+0x0/0x34
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06bde49>] br_dev_queue_push_xmit+0x0/0x17e
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06bde49>] br_dev_queue_push_xmit+0x0/0x17e
 [<c06bdffa>] br_forward_finish+0x33/0x45
 [<c06bde49>] br_dev_queue_push_xmit+0x0/0x17e
 [<c06c1ac4>] br_nf_forward_finish+0xc8/0xce
 [<c06c2218>] br_nf_forward_ip+0x11e/0x12f
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06bdfc7>] br_forward_finish+0x0/0x45
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06bdfc7>] br_forward_finish+0x0/0x45
 [<c06be052>] __br_forward+0x46/0x57
 [<c06bdfc7>] br_forward_finish+0x0/0x45
 [<c06bea32>] br_handle_frame_finish+0xb2/0xcf
 [<c06c202b>] br_nf_pre_routing_finish+0x26e/0x278
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06c1dbd>] br_nf_pre_routing_finish+0x0/0x278
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06c1dbd>] br_nf_pre_routing_finish+0x0/0x278
 [<c06c2a93>] br_nf_pre_routing+0x552/0x56f
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06be980>] br_handle_frame_finish+0x0/0xcf
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06be980>] br_handle_frame_finish+0x0/0xcf
 [<c06beb82>] br_handle_frame+0x133/0x15d
 [<c06be980>] br_handle_frame_finish+0x0/0xcf
 [<c0626daf>] netif_receive_skb+0x240/0x339
 [<f8920d11>] e1000_clean_rx_irq+0xe1/0x4a0 [e1000bp]
 [<f8920c30>] e1000_clean_rx_irq+0x0/0x4a0 [e1000bp]
 [<f891fde5>] e1000_clean+0x225/0x2c0 [e1000bp]
 [<c0628710>] net_rx_action+0x92/0x17e
 [<c0421204>] __do_softirq+0x5a/0xbb
 [<c042129b>] do_softirq+0x36/0x3a
 [<c04064a5>] do_IRQ+0x48/0x53
 [<c04046ba>] common_interrupt+0x1a/0x20
Code: 53 08 89 d8 e8 3c 59 da ff bf 08 00 00 00 83 3c 24 00 74 4d 31 d2 83 7c 24
08 02 0f 97 c2 8b 5c d6 24 43 89 5c d6 24 8b 4c 24 04 <8b> 41 20 0f b7 40 02 89
c1 c1 e9 08 c1 e0 08 09 c8 0f b7 c0 03
EIP: [<c06803d9>] __ip_ct_refresh_acct+0xa1/0x129 SS:ESP 0068:f5bffbe8
 <0>Kernel panic - not syncing: Fatal exception in interrupt

I have reviewing h323 patch for this kernel (2.6.18-53-1.13) and the version is
from 20 April 2006!!

Please, see:

There is an important bug fixed in the latest patch version (nath323-2.6.18-1.5)
not included in the latest kernel!! ... please, include this bugfix in the new

Comment 1 Prarit Bhargava 2008-05-08 12:32:49 UTC
Juan, could you post the exact patch you want included?



Comment 2 Juan Jesus Prieto Tapia 2008-05-09 15:10:56 UTC
You can find latest patch for 2.6.18 from:


(project: nath323.sourceforge.net)


Comment 3 Linda Wang 2008-05-12 18:47:29 UTC
Created attachment 305158 [details]
latest 2.6.18 ipv4 netfilter patch

the latest version downloaded from the above website/url:

Comment 4 Thomas Graf 2008-06-18 21:53:37 UTC
Created attachment 309793 [details]
proposed patch

I cut it down to the following patch fixing the oops, a locking bug and a
reference leak. We can't include the complete patch for kABI reasons.

Are you ok with this?

Comment 5 RHEL Program Management 2008-06-18 22:11:48 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update

Comment 7 Don Zickus 2008-09-03 03:38:54 UTC
in kernel-2.6.18-107.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Comment 9 Pasi Karkkainen 2008-10-02 13:31:09 UTC
I've been running 2.6.18-116.el5 for a week now without problems on a firewall that used to crash maybe twice a week.. so far it seems to fix the problem!

Comment 10 Mike Gahagan 2008-10-13 18:47:42 UTC
confirmed fix is in the -119 kernel.

Comment 14 errata-xmlrpc 2009-01-20 20:26:14 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.