Re: [regression] nf_iterate(), BUG: unable to handle kernel NULLpointer dereference

[Patrick McHardy]

Ingo Molnar wrote:
> Then i tried both suggested fix patches Patrick sent me (a suggested 
> revert and an netfilter/RCU use-after-free fix), but none of them solved 
> the crash.

Just to make sure - the "netfilter/RCU use-after-free fix" was the
patch from Pekka?

> Thus i finally arrived to:
>
>  # good: [ae6134bd] hdlcdrv: Fix CRC calculation.
>  # bad:  [5547cd0d] netfilter: nf_conntrack_sctp: fix sparse warnings
>  # bad:  [280763c6] netfilter: xt_time: fix time's time_mt()'s use of
>  # good: [07a7c10b] netlink: add NLA_PUT_BE64 macro
>  # bad:  [58401573] netfilter: accounting rework: ct_extend + 64bit co
>
> | 584015727a3b88b46602b20077b46cd04f8b4ab3 is first bad commit
> | commit 584015727a3b88b46602b20077b46cd04f8b4ab3
> | Author: Krzysztof Piotr Oledzki <ole@xxxxxx>
> | AuthorDate: Mon Jul 21 10:01:34 2008 -0700
> | Commit:     David S. Miller <davem@xxxxxxxxxxxxx>
> | CommitDate: Mon Jul 21 10:10:58 2008 -0700
> |
> |    netfilter: accounting rework: ct_extend + 64bit counters (v4)
> [...]
> |     Signed-off-by: Krzysztof Piotr Oledzki <ole@xxxxxx>
> |     Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
> |     Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
>
> Which i double-checked by reverting that commit from -git as well and 
> that solved the crash. Find the tested reverter patch below.

Thats odd. I don't think anything is wrong with that patch
itself, its more likely that its triggering a bug in
ct_extend. You config has a few helper enabled (FTP, H.323,
TFTP) and the crash is when trying to call the helper functions.
Did you actually have traffic of one of these protocols?

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/