Description of problem: I have a firewall with latest kernel-2.6.18-53.1.13. When a h323 machine initiate conections, kernel hangs with message: # BUG: unable to handle kernel NULL pointer dereference at virtual address 00000020 printing eip: c06803d9 *pde = 00000000 Oops: 0000 [0000001] SMP last sysfs file: /devices/pci0000:00/0000:00:00.0/irq Modules linked in: sata_promise(U) megaraid_sas(U) mptsas(U) mptspi(U) mptscsih(U) mptbase(U) cciss(U) ipt_ipp2p(U) r8169(U) bnx2(U) b44(U) tg3(U) e1000(U) e100(U) e1000bp(U) sk98lin(U) natsemi(U) reiserfs(U) cloop(U) isofs(U) cramfs(U) CPU: 0 EIP: 0060:[<c06803d9>] Not tainted VLI EFLAGS: 00010202 (2.6.18-8.1.4.el5-lince-nohimem 28) EIP is at __ip_ct_refresh_acct+0xa1/0x129 eax: 00000000 ebx: 00000002 ecx: 00000000 edx: 00000001 esi: f67396ec edi: 00000008 ebp: 000493e0 esp: f5bffbe8 ds: 007b es: 007b ss: 0068 Process run (pid: 20668, ti=f5bfe000 task=f7def550 task.ti=f5bfe000) Stack: 00000001 00000000 00000003 00000001 f6739760 f67396ec 00000036 c0689731 000493e0 00000001 00000003 f5bffcc4 f67396ec 00000004 f5bffcc4 c0690e15 f5bffcc4 00000000 03bca440 00000000 00000000 f601383c f5bffcc4 c07a9b80 Call Trace: [<c0689731>] ras_help+0x416/0x809 [<c0690e15>] ip_nat_fn+0x171/0x185 [<c067f6f7>] ip_conntrack_help+0x27/0x34 [<c0648580>] nf_iterate+0x30/0x61 [<c06c1943>] br_nf_dev_queue_xmit+0x0/0x34 [<c06486a6>] nf_hook_slow+0x3a/0x90 [<c06c1943>] br_nf_dev_queue_xmit+0x0/0x34 [<c06c1bff>] br_nf_post_routing+0x135/0x157 [<c06c1943>] br_nf_dev_queue_xmit+0x0/0x34 [<c0648580>] nf_iterate+0x30/0x61 [<c06bde49>] br_dev_queue_push_xmit+0x0/0x17e [<c06486a6>] nf_hook_slow+0x3a/0x90 [<c06bde49>] br_dev_queue_push_xmit+0x0/0x17e [<c06bdffa>] br_forward_finish+0x33/0x45 [<c06bde49>] br_dev_queue_push_xmit+0x0/0x17e [<c06c1ac4>] br_nf_forward_finish+0xc8/0xce [<c06c2218>] br_nf_forward_ip+0x11e/0x12f [<c0648580>] nf_iterate+0x30/0x61 [<c06bdfc7>] br_forward_finish+0x0/0x45 [<c06486a6>] nf_hook_slow+0x3a/0x90 [<c06bdfc7>] br_forward_finish+0x0/0x45 [<c06be052>] __br_forward+0x46/0x57 [<c06bdfc7>] br_forward_finish+0x0/0x45 [<c06bea32>] br_handle_frame_finish+0xb2/0xcf [<c06c202b>] br_nf_pre_routing_finish+0x26e/0x278 [<c0648580>] nf_iterate+0x30/0x61 [<c06c1dbd>] br_nf_pre_routing_finish+0x0/0x278 [<c06486a6>] nf_hook_slow+0x3a/0x90 [<c06c1dbd>] br_nf_pre_routing_finish+0x0/0x278 [<c06c2a93>] br_nf_pre_routing+0x552/0x56f [<c0648580>] nf_iterate+0x30/0x61 [<c06be980>] br_handle_frame_finish+0x0/0xcf [<c06486a6>] nf_hook_slow+0x3a/0x90 [<c06be980>] br_handle_frame_finish+0x0/0xcf [<c06beb82>] br_handle_frame+0x133/0x15d [<c06be980>] br_handle_frame_finish+0x0/0xcf [<c0626daf>] netif_receive_skb+0x240/0x339 [<f8920d11>] e1000_clean_rx_irq+0xe1/0x4a0 [e1000bp] [<f8920c30>] e1000_clean_rx_irq+0x0/0x4a0 [e1000bp] [<f891fde5>] e1000_clean+0x225/0x2c0 [e1000bp] [<c0628710>] net_rx_action+0x92/0x17e [<c0421204>] __do_softirq+0x5a/0xbb [<c042129b>] do_softirq+0x36/0x3a [<c04064a5>] do_IRQ+0x48/0x53 [<c04046ba>] common_interrupt+0x1a/0x20 ======================= Code: 53 08 89 d8 e8 3c 59 da ff bf 08 00 00 00 83 3c 24 00 74 4d 31 d2 83 7c 24 08 02 0f 97 c2 8b 5c d6 24 43 89 5c d6 24 8b 4c 24 04 <8b> 41 20 0f b7 40 02 89 c1 c1 e9 08 c1 e0 08 09 c8 0f b7 c0 03 EIP: [<c06803d9>] __ip_ct_refresh_acct+0xa1/0x129 SS:ESP 0068:f5bffbe8 <0>Kernel panic - not syncing: Fatal exception in interrupt I have reviewing h323 patch for this kernel (2.6.18-53-1.13) and the version is from 20 April 2006!! Please, see: http://sourceforge.net/forum/forum.php?thread_id=1502505&forum_id=535960 There is an important bug fixed in the latest patch version (nath323-2.6.18-1.5) not included in the latest kernel!! ... please, include this bugfix in the new kernel
Juan, could you post the exact patch you want included? Thanks, P.
You can find latest patch for 2.6.18 from: http://sourceforge.net/project/showfiles.php?group_id=158936 (project: nath323.sourceforge.net) Regards
Created attachment 305158 [details] latest 2.6.18 ipv4 netfilter patch the latest version downloaded from the above website/url: patch-2.6.18-nath323-1.5
Created attachment 309793 [details] proposed patch I cut it down to the following patch fixing the oops, a locking bug and a reference leak. We can't include the complete patch for kABI reasons. Are you ok with this?
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
in kernel-2.6.18-107.el5 You can download this test kernel from http://people.redhat.com/dzickus/el5
I've been running 2.6.18-116.el5 for a week now without problems on a firewall that used to crash maybe twice a week.. so far it seems to fix the problem!
confirmed fix is in the -119 kernel.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2009-0225.html