Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 433661

Summary: kernel panic with voip traffic (h323)
Product: Red Hat Enterprise Linux 5 Reporter: Juan Jesus Prieto Tapia <jjprieto>
Component: kernelAssignee: Thomas Graf <tgraf>
Status: CLOSED ERRATA QA Contact: Martin Jenner <mjenner>
Severity: high Docs Contact:
Priority: low    
Version: 5.1CC: davem, dzickus, mgahagan, miroslav.holubec, nhorman, pasik, prarit, rkhan, rlerch
Target Milestone: rcFlags: jjprieto: needinfo-
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-01-20 20:26:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
latest 2.6.18 ipv4 netfilter patch
none
proposed patch none

Description Juan Jesus Prieto Tapia 2008-02-20 18:24:03 UTC 
Description of problem:

I have a firewall with latest kernel-2.6.18-53.1.13. When a h323 machine
initiate conections, kernel hangs with message:

# BUG: unable to handle kernel NULL pointer dereference at virtual address 00000020
 printing eip:
c06803d9
*pde = 00000000
Oops: 0000 [0000001]
SMP
last sysfs file: /devices/pci0000:00/0000:00:00.0/irq
Modules linked in: sata_promise(U) megaraid_sas(U) mptsas(U) mptspi(U)
mptscsih(U) mptbase(U) cciss(U) ipt_ipp2p(U) r8169(U) bnx2(U) b44(U) tg3(U)
e1000(U) e100(U) e1000bp(U) sk98lin(U) natsemi(U) reiserfs(U) cloop(U) isofs(U)
cramfs(U)
CPU: 0
EIP: 0060:[<c06803d9>] Not tainted VLI
EFLAGS: 00010202 (2.6.18-8.1.4.el5-lince-nohimem 28)
EIP is at __ip_ct_refresh_acct+0xa1/0x129
eax: 00000000 ebx: 00000002 ecx: 00000000 edx: 00000001
esi: f67396ec edi: 00000008 ebp: 000493e0 esp: f5bffbe8
ds: 007b es: 007b ss: 0068
Process run (pid: 20668, ti=f5bfe000 task=f7def550 task.ti=f5bfe000)
Stack: 00000001 00000000 00000003 00000001 f6739760 f67396ec 00000036 c0689731
       000493e0 00000001 00000003 f5bffcc4 f67396ec 00000004 f5bffcc4 c0690e15
       f5bffcc4 00000000 03bca440 00000000 00000000 f601383c f5bffcc4 c07a9b80
Call Trace:
 [<c0689731>] ras_help+0x416/0x809
 [<c0690e15>] ip_nat_fn+0x171/0x185
 [<c067f6f7>] ip_conntrack_help+0x27/0x34
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06c1943>] br_nf_dev_queue_xmit+0x0/0x34
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06c1943>] br_nf_dev_queue_xmit+0x0/0x34
 [<c06c1bff>] br_nf_post_routing+0x135/0x157
 [<c06c1943>] br_nf_dev_queue_xmit+0x0/0x34
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06bde49>] br_dev_queue_push_xmit+0x0/0x17e
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06bde49>] br_dev_queue_push_xmit+0x0/0x17e
 [<c06bdffa>] br_forward_finish+0x33/0x45
 [<c06bde49>] br_dev_queue_push_xmit+0x0/0x17e
 [<c06c1ac4>] br_nf_forward_finish+0xc8/0xce
 [<c06c2218>] br_nf_forward_ip+0x11e/0x12f
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06bdfc7>] br_forward_finish+0x0/0x45
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06bdfc7>] br_forward_finish+0x0/0x45
 [<c06be052>] __br_forward+0x46/0x57
 [<c06bdfc7>] br_forward_finish+0x0/0x45
 [<c06bea32>] br_handle_frame_finish+0xb2/0xcf
 [<c06c202b>] br_nf_pre_routing_finish+0x26e/0x278
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06c1dbd>] br_nf_pre_routing_finish+0x0/0x278
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06c1dbd>] br_nf_pre_routing_finish+0x0/0x278
 [<c06c2a93>] br_nf_pre_routing+0x552/0x56f
 [<c0648580>] nf_iterate+0x30/0x61
 [<c06be980>] br_handle_frame_finish+0x0/0xcf
 [<c06486a6>] nf_hook_slow+0x3a/0x90
 [<c06be980>] br_handle_frame_finish+0x0/0xcf
 [<c06beb82>] br_handle_frame+0x133/0x15d
 [<c06be980>] br_handle_frame_finish+0x0/0xcf
 [<c0626daf>] netif_receive_skb+0x240/0x339
 [<f8920d11>] e1000_clean_rx_irq+0xe1/0x4a0 [e1000bp]
 [<f8920c30>] e1000_clean_rx_irq+0x0/0x4a0 [e1000bp]
 [<f891fde5>] e1000_clean+0x225/0x2c0 [e1000bp]
 [<c0628710>] net_rx_action+0x92/0x17e
 [<c0421204>] __do_softirq+0x5a/0xbb
 [<c042129b>] do_softirq+0x36/0x3a
 [<c04064a5>] do_IRQ+0x48/0x53
 [<c04046ba>] common_interrupt+0x1a/0x20
 =======================
Code: 53 08 89 d8 e8 3c 59 da ff bf 08 00 00 00 83 3c 24 00 74 4d 31 d2 83 7c 24
08 02 0f 97 c2 8b 5c d6 24 43 89 5c d6 24 8b 4c 24 04 <8b> 41 20 0f b7 40 02 89
c1 c1 e9 08 c1 e0 08 09 c8 0f b7 c0 03
EIP: [<c06803d9>] __ip_ct_refresh_acct+0xa1/0x129 SS:ESP 0068:f5bffbe8
 <0>Kernel panic - not syncing: Fatal exception in interrupt

I have reviewing h323 patch for this kernel (2.6.18-53-1.13) and the version is
from 20 April 2006!!

Please, see:
http://sourceforge.net/forum/forum.php?thread_id=1502505&forum_id=535960

There is an important bug fixed in the latest patch version (nath323-2.6.18-1.5)
not included in the latest kernel!! ... please, include this bugfix in the new
kernel
Comment 1 Prarit Bhargava 2008-05-08 12:32:49 UTC 
Juan, could you post the exact patch you want included?

Thanks,

P.
Comment 2 Juan Jesus Prieto Tapia 2008-05-09 15:10:56 UTC 
You can find latest patch for 2.6.18 from:

http://sourceforge.net/project/showfiles.php?group_id=158936

(project: nath323.sourceforge.net)

Regards
Comment 3 Linda Wang 2008-05-12 18:47:29 UTC 
Created attachment 305158 [details]
latest 2.6.18 ipv4 netfilter patch

the latest version downloaded from the above website/url:
patch-2.6.18-nath323-1.5
Comment 4 Thomas Graf 2008-06-18 21:53:37 UTC 
Created attachment 309793 [details]
proposed patch

I cut it down to the following patch fixing the oops, a locking bug and a
reference leak. We can't include the complete patch for kABI reasons.

Are you ok with this?
Comment 5 RHEL Program Management 2008-06-18 22:11:48 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 7 Don Zickus 2008-09-03 03:38:54 UTC 
in kernel-2.6.18-107.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5
Comment 9 Pasi Karkkainen 2008-10-02 13:31:09 UTC 
I've been running 2.6.18-116.el5 for a week now without problems on a firewall that used to crash maybe twice a week.. so far it seems to fix the problem!
Comment 10 Mike Gahagan 2008-10-13 18:47:42 UTC 
confirmed fix is in the -119 kernel.
Comment 14 errata-xmlrpc 2009-01-20 20:26:14 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-0225.html