[Bug 831] New: oops in find_appropriate_src+219

Fri Jul 5 02:39:07 CEST 2013

https://bugzilla.netfilter.org/show_bug.cgi?id=831

           Summary: oops in find_appropriate_src+219
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: x86_64
        OS/Version: SuSE Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: NAT
        AssignedTo: netfilter-buglog at lists.netfilter.org
        ReportedBy: zhen_zhao at symantec.com
   Estimated Hours: 0.0

When doing stress testing on sles11sp1(2.6.32.43). kernel panic due to NULL
pointer.

crash> bt
PID: 0 TASK: ffff881810db0080 CPU: 8 COMMAND: "swapper" 
#0 [ffff88002c303740] machine_kexec at ffffffff81020902
#1 [ffff88002c303790] crash_kexec at ffffffff810874e0
#2 [ffff88002c303860] oops_end at ffffffff8139c350
#3 [ffff88002c303880] __bad_area_nosemaphore at ffffffff8102dd05
#4 [ffff88002c303940] page_fault at ffffffff8139b5cf [exception RIP:
find_appropriate_src+219]
RIP: ffffffffa1491a4b RSP: ffff88002c3039f0 RFLAGS: 00010286
RAX: 0000000000000000 RBX: ffff8817814beb90 RCX: 0000000024852261
RDX: 0000000000000000 RSI: 00000000327c4d71 RDI: ffffffff81cd4dc0
RBP: ffff88002c303ad0 R8: 0000000000000011 R9: 0000000000000002
R10: 0000000000004000 R11: ffffffffa14726e0 R12: ffff88002c303aa0
R13: ffff88002c303b40 R14: ffff88002c303b4c R15: ffff88002c303b4e
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#5 [ffff88002c303a28] get_unique_tuple at ffffffffa1491beb [nf_nat]
#6 [ffff88002c303a58] nf_nat_setup_info at ffffffffa1491de9 [nf_nat]
#7 [ffff88002c303b38] alloc_null_binding at ffffffffa149e162 [iptable_nat]
#8 [ffff88002c303b78] nf_nat_fn at ffffffffa149e519 [iptable_nat]
#9 [ffff88002c303bb8] nf_iterate at ffffffff81318d18 #10 [ffff88002c303bf8]
nf_hook_slow at ffffffff81318db2
#11 [ffff88002c303c58] ip_local_deliver at ffffffff813214a1
#12 [ffff88002c303c78] ip_rcv_finish at ffffffff81320a59
#13 [ffff88002c303cb8] netif_receive_skb at ffffffff812f5f89
#14 [ffff88002c303d28] ixgbe_clean_rx_irq at ffffffffa0ea4837 [ixgbe]
#15 [ffff88002c303e28] ixgbe_clean_rxtx_many at ffffffffa0ea53e4 [ixgbe] <<
Intel Network Card
#16 [ffff88002c303e98] net_rx_action at ffffffff812f6863
#17 [ffff88002c303ee8] __do_softirq at ffffffff810533ef
#18 [ffff88002c303f38] call_softirq at ffffffff810040bc
#19 [ffff88002c303f50] do_softirq at ffffffff81005cfd #20 [ffff88002c303f80]
do_IRQ at ffffffff8100525e
--- <IRQ stack> ---
#21 [ffff881810db3e88] ret_from_intr at ffffffff81003913 [exception RIP:
mwait_idle+98]
RIP: ffffffff8100ae42 RSP: ffff881810db3f30 RFLAGS: 00000246
RAX: 0000000000000000 RBX: ffffffff81927700 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffff881810db3fd8 RDI: ffffffff81a2e308
RBP: ffffffff8100390e R8: 0000000000000000 R9: 00000000ffffffff
R10: ffff88002c30fe18 R11: ffffffff8101a5d0 R12: 0025829d470ffa00
R13: 0000000000000082 R14: ffffffff81927b00 R15: 0000000100000008
ORIG_RAX: ffffffffffffff69 CS: 0010 SS: 0018
#22 [ffff881810db3f30] cpu_idle at ffffffff8100204a 
crash> 

>From the dump looked like ct was NULL during the call of
find_appropriate_src->same_src, which led to the panic.

same_src(const struct nf_conn *ct,const struct nf_conntrack_tuple *tuple) {
        t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;  <<<<ct was NULL }

0xffffffffa1491a44 <find_appropriate_src+212>:  mov    0x20(%rbx),%rdx
0xffffffffa1491a48 <find_appropriate_src+216>:  mov    (%rbx),%rax
0xffffffffa1491a4b <find_appropriate_src+219>:  cmp    %r8b,0x3e(%rdx) 
<<<panic because rdx was 0

Still need to understand how nat->ct was freed. Did not find any known issues
which can be related. Will raise a request to Novell while we continue with the
investigation.

-- 
Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.