Re: [Xen-devel] Re: Panic in ipt_do_table with

From: Keir Fraser
Date: Tue May 23 2006 - 17:31:28 EST

On 23 May 2006, at 22:23, Matt Ayres wrote:

Having looked at disassembly, the fault happens when accessing e->ip.invflags in ip_packet_match() inlined inside ipt_do_table().
e = private->entries[smp_processor_id()] + private->hook_entry[NF_IP_FORWARD]
smp_processor_id() should be 0 (since the oops appears to occur on cpu0) and presumably all the ipt_entry structures are static once set up. Since this crash happens on a common path in ipt_do_table(), and since it happens only after the system has been up a while (I believe?), it rather looks as though something has either corrupted a pointer or unmapped memory from under iptables' feet.

As the concerned user, what does this mean to me? It will only affect SMP systems? It is a bug in Xen or netfilter?

Probably a Xen bug, but if so then it's basically a memory corruption. It's weird it would hit the iptables rules every time though, and not be a more random crash. This might well need reproducing in a developer test-machine environment to stand a chance of tracking down.

-- Keir

I'd just like to understand what is going on.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at