[Bug 22] Linux kernel crashes when incoming/outgoing interfaces differ

bugzilla-daemon@netfilter.org bugzilla-daemon@netfilter.org
Fri, 07 Mar 2003 09:09:45 +0100


bowles@ambisys.com changed:

           What    |Removed                     |Added
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |

------- Additional Comments From bowles@ambisys.com  2003-03-07 09:09 -------
Hmm... I'm getting a different kernel oops when the 2.4 patch is applied.

This time my setup is simple: an ADSL PPPoE connection with MSS clamping at 1412
bytes.  The default iptables policy is REJECT.  Telnetting to the box will cause
a TCP reset to be generated, and this causes the OOPS.

I tried the same procedure using an unpatched kernel and the OOPS didn't occur.

Kernel: 2.4.21-pre5
iptables patch-o-matic 20030112 with "23_REJECT-headroom-tcprst.patch"


Unable to handle kernel paging request at virtual address 5a5a5a6a
*pde = 00000000
Oops: 0000
CPU:    0
EIP:    0010:[<d01ad12a>]    Not tainted
Using defaults from ksymoops -t elf32-i386 -a i386
EFLAGS: 00010246
eax: 5a5a5a5a   ebx: 00000000   ecx: c13c9e08   edx: 5a5a5a5a
esi: 00000000   edi: c8e7db14   ebp: c02ebd68   esp: c02ebd24
ds: 0018   es: 0018   ss: 0018
Process swapper (pid: 0, stackpage=c02eb000)
Stack: c02ebd48 0000001c d01bd9a6 c13c9e08 c13c9e08 00000001 d01d28f4 cc0ee200
       cc0ee200 c02ebd78 d01bd796 d01bdae3 d01d2914 c13c9df4 d01d3cbc d01d3c4c
       00000002 c02ebd78 d01ad918 c8e7db14 00000000 c02ebddc d0068398 c02ebe70
Call Trace:    [<d01bd9a6>] [<d01bd796>] [<d01bdae3>] [<d01ad918>] [<d0068398>]
  [<d006b138>] [<d006b138>] [<d006d638>] [<d006d07f>] [<d006d5e0>] [<c022035b>]
  [<c022d2c0>] [<c02206aa>] [<c022d2c0>] [<d006d638>] [<c022d25c>] [<c022d2c0>]
  [<c022c51d>] [<c02206eb>] [<c022c16e>] [<c022c350>] [<c021a34c>] [<c021a473>]
  [<c021a593>] [<c011c16a>] [<c010a35c>] [<c0107140>] [<c010c7f8>] [<c0107140>]
  [<c0107167>] [<c01071e2>] [<c0105000>]
Code: 8b 4a 10 74 03 8b 5a 0c 8a 40 01 89 5d d8 83 e0 1e 89 4d d4

>>EIP; d01ad12a <[ipt_REJECT]send_reset+aa/3f0>   <=====

>>ecx; c13c9e08 <_end+109c150/fcdf3a8>
>>edi; c8e7db14 <_end+8b4fe5c/fcdf3a8>
>>ebp; c02ebd68 <init_task_union+1d68/2000>
>>esp; c02ebd24 <init_task_union+1d24/2000>

Trace; d01bd9a6 <[ipt_LOG].text.end+b6/204>
Trace; d01bd796 <[ipt_LOG]ipt_log_target+d6/1b0>
Trace; d01bdae3 <[ipt_LOG].text.end+1f3/204>
Trace; d01ad918 <[ipt_REJECT]reject+68/70>
Trace; d0068398 <[ip_tables]ipt_do_table+308/430>
Trace; d006b138 <[ip_tables]__kstrtab_ipt_register_table+0/0>
Trace; d006b138 <[ip_tables]__kstrtab_ipt_register_table+0/0>
Trace; d006d638 <[iptable_filter]ipt_ops+18/48>
Trace; d006d07f <[iptable_filter]ipt_hook+1f/30>
Trace; d006d5e0 <[iptable_filter]packet_filter+0/40>
Trace; c022035b <nf_iterate+4b/a0>
Trace; c022d2c0 <ip_forward_finish+0/50>
Trace; c02206aa <nf_hook_slow+8a/1a0>
Trace; c022d2c0 <ip_forward_finish+0/50>
Trace; d006d638 <[iptable_filter]ipt_ops+18/48>
Trace; c022d25c <ip_forward+1ac/210>
Trace; c022d2c0 <ip_forward_finish+0/50>
Trace; c022c51d <ip_rcv_finish+1cd/230>
Trace; c02206eb <nf_hook_slow+cb/1a0>
Trace; c022c16e <ip_rcv+16e/1f0>
Trace; c022c350 <ip_rcv_finish+0/230>
Trace; c021a34c <netif_receive_skb+11c/1d0>
Trace; c021a473 <process_backlog+73/130>
Trace; c021a593 <net_rx_action+63/110>
Trace; c011c16a <do_softirq+aa/b0>
Trace; c010a35c <do_IRQ+bc/e0>
Trace; c0107140 <default_idle+0/40>
Trace; c010c7f8 <call_do_IRQ+5/d>
Trace; c0107140 <default_idle+0/40>
Trace; c0107167 <default_idle+27/40>
Trace; c01071e2 <cpu_idle+42/60>
Trace; c0105000 <_stext+0/0>

Code;  d01ad12a <[ipt_REJECT]send_reset+aa/3f0>
00000000 <_EIP>:
Code;  d01ad12a <[ipt_REJECT]send_reset+aa/3f0>   <=====
   0:   8b 4a 10                  mov    0x10(%edx),%ecx   <=====
Code;  d01ad12d <[ipt_REJECT]send_reset+ad/3f0>
   3:   74 03                     je     8 <_EIP+0x8> d01ad132 <[ipt_REJECT]send
Code;  d01ad12f <[ipt_REJECT]send_reset+af/3f0>
   5:   8b 5a 0c                  mov    0xc(%edx),%ebx
Code;  d01ad132 <[ipt_REJECT]send_reset+b2/3f0>
   8:   8a 40 01                  mov    0x1(%eax),%al
Code;  d01ad135 <[ipt_REJECT]send_reset+b5/3f0>
   b:   89 5d d8                  mov    %ebx,0xffffffd8(%ebp)
Code;  d01ad138 <[ipt_REJECT]send_reset+b8/3f0>
   e:   83 e0 1e                  and    $0x1e,%eax
Code;  d01ad13b <[ipt_REJECT]send_reset+bb/3f0>
  11:   89 4d d4                  mov    %ecx,0xffffffd4(%ebp)

 <0>Kernel panic: Aiee, killing interrupt handler!

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.