Bug 433661 - kernel panic with voip traffic (h323)
Summary: kernel panic with voip traffic (h323)
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel   
(Show other bugs)
Version: 5.1
Hardware: All
OS: Linux
low
high
Target Milestone: rc
: ---
Assignee: Thomas Graf
QA Contact: Martin Jenner
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-02-20 18:24 UTC by Juan Jesus Prieto Tapia
Modified: 2015-04-20 11:07 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-20 20:26:14 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
jjprieto: needinfo-


Attachments (Terms of Use)
latest 2.6.18 ipv4 netfilter patch (28.18 KB, patch)
2008-05-12 18:47 UTC, Linda Wang
no flags Details | Diff
proposed patch (1.33 KB, patch)
2008-06-18 21:53 UTC, Thomas Graf
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:0225 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 5.3 kernel security and bug fix update 2009-01-20 16:06:24 UTC

Description Juan Jesus Prieto Tapia 2008-02-20 18:24:03 UTC
Description of problem:

I have a firewall with latest kernel-2.6.18-53.1.13. When a h323 machine
initiate conections, kernel hangs with message:

# BUG: unable to handle kernel NULL pointer dereference at virtual address 00000020
 printing eip:
c06803d9
*pde = 00000000
Oops: 0000 [0000001]
SMP
last sysfs file: /devices/pci0000:00/0000:00:00.0/irq
Modules linked in: sata_promise(U) megaraid_sas(U) mptsas(U) mptspi(U)
mptscsih(U) mptbase(U) cciss(U) ipt_ipp2p(U) r8169(U) bnx2(U) b44(U) tg3(U)
e1000(U) e100(U) e1000bp(U) sk98lin(U) natsemi(U) reiserfs(U) cloop(U) isofs(U)
cramfs(U)
CPU: 0
EIP: 0060:[<c06803d9>] Not tainted VLI
EFLAGS: 00010202 (2.6.18-8.1.4.el5-lince-nohimem 28)
EIP is at __ip_ct_refresh_acct+0xa1/0x129
eax: 00000000 ebx: 00000002 ecx: 00000000 edx: 00000001
esi: f67396ec edi: 00000008 ebp: 000493e0 esp: f5bffbe8
ds: 007b es: 007b ss: 0068
Process run (pid: 20668, ti=f5bfe000 task=f7def550 task.ti=f5bfe000)
Stack: 00000001 00000000 00000003 00000001 f6739760 f67396ec 00000036 c0689731
       000493e0 00000001 00000003 f5bffcc4 f67396ec 00000004 f5bffcc4 c0690e15
       f5bffcc4 00000000 03bca440 00000000 00000000 f601383c f5bffcc4 c07a9b80
Call Trace:
 [<c0689731>] ras_help+0x416/0x809
 [<c0690e15>] ip_nat_fn+0x171/0x185
 [<c067f6f7>] ip_conntrack_help+0x27/0x34
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06c1943>] br_nf_dev_queue_xmit+0x0/0x34
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06c1943>] br_nf_dev_queue_xmit+0x0/0x34
 [<c06c1bff>] br_nf_post_routing+0x135/0x157
 [<c06c1943>] br_nf_dev_queue_xmit+0x0/0x34
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06bde49>] br_dev_queue_push_xmit+0x0/0x17e
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06bde49>] br_dev_queue_push_xmit+0x0/0x17e
 [<c06bdffa>] br_forward_finish+0x33/0x45
 [<c06bde49>] br_dev_queue_push_xmit+0x0/0x17e
 [<c06c1ac4>] br_nf_forward_finish+0xc8/0xce
 [<c06c2218>] br_nf_forward_ip+0x11e/0x12f
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06bdfc7>] br_forward_finish+0x0/0x45
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06bdfc7>] br_forward_finish+0x0/0x45
 [<c06be052>] __br_forward+0x46/0x57
 [<c06bdfc7>] br_forward_finish+0x0/0x45
 [<c06bea32>] br_handle_frame_finish+0xb2/0xcf
 [<c06c202b>] br_nf_pre_routing_finish+0x26e/0x278
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06c1dbd>] br_nf_pre_routing_finish+0x0/0x278
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06c1dbd>] br_nf_pre_routing_finish+0x0/0x278
 [<c06c2a93>] br_nf_pre_routing+0x552/0x56f
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06be980>] br_handle_frame_finish+0x0/0xcf
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06be980>] br_handle_frame_finish+0x0/0xcf
 [<c06beb82>] br_handle_frame+0x133/0x15d
 [<c06be980>] br_handle_frame_finish+0x0/0xcf
 [<c0626daf>] netif_receive_skb+0x240/0x339
 [<f8920d11>] e1000_clean_rx_irq+0xe1/0x4a0 [e1000bp]
 [<f8920c30>] e1000_clean_rx_irq+0x0/0x4a0 [e1000bp]
 [<f891fde5>] e1000_clean+0x225/0x2c0 [e1000bp]
 [<c0628710>] net_rx_action+0x92/0x17e
 [<c0421204>] __do_softirq+0x5a/0xbb
 [<c042129b>] do_softirq+0x36/0x3a
 [<c04064a5>] do_IRQ+0x48/0x53
 [<c04046ba>] common_interrupt+0x1a/0x20
 =======================
Code: 53 08 89 d8 e8 3c 59 da ff bf 08 00 00 00 83 3c 24 00 74 4d 31 d2 83 7c 24
08 02 0f 97 c2 8b 5c d6 24 43 89 5c d6 24 8b 4c 24 04 <8b> 41 20 0f b7 40 02 89
c1 c1 e9 08 c1 e0 08 09 c8 0f b7 c0 03
EIP: [<c06803d9>] __ip_ct_refresh_acct+0xa1/0x129 SS:ESP 0068:f5bffbe8
 <0>Kernel panic - not syncing: Fatal exception in interrupt

I have reviewing h323 patch for this kernel (2.6.18-53-1.13) and the version is
from 20 April 2006!!

Please, see:
http://sourceforge.net/forum/forum.php?thread_id=1502505&forum_id=535960

There is an important bug fixed in the latest patch version (nath323-2.6.18-1.5)
not included in the latest kernel!! ... please, include this bugfix in the new
kernel

Comment 1 Prarit Bhargava 2008-05-08 12:32:49 UTC
Juan, could you post the exact patch you want included?

Thanks,

P.

Comment 2 Juan Jesus Prieto Tapia 2008-05-09 15:10:56 UTC
You can find latest patch for 2.6.18 from:

http://sourceforge.net/project/showfiles.php?group_id=158936

(project: nath323.sourceforge.net)

Regards

Comment 3 Linda Wang 2008-05-12 18:47:29 UTC
Created attachment 305158 [details]
latest 2.6.18 ipv4 netfilter patch

the latest version downloaded from the above website/url:
patch-2.6.18-nath323-1.5

Comment 4 Thomas Graf 2008-06-18 21:53:37 UTC
Created attachment 309793 [details]
proposed patch

I cut it down to the following patch fixing the oops, a locking bug and a
reference leak. We can't include the complete patch for kABI reasons.

Are you ok with this?

Comment 5 RHEL Product and Program Management 2008-06-18 22:11:48 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 7 Don Zickus 2008-09-03 03:38:54 UTC
in kernel-2.6.18-107.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5

Comment 9 Pasi Karkkainen 2008-10-02 13:31:09 UTC
I've been running 2.6.18-116.el5 for a week now without problems on a firewall that used to crash maybe twice a week.. so far it seems to fix the problem!

Comment 10 Mike Gahagan 2008-10-13 18:47:42 UTC
confirmed fix is in the -119 kernel.

Comment 14 errata-xmlrpc 2009-01-20 20:26:14 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-0225.html


Note You need to log in before you can comment on or make changes to this bug.