Re: [regression] nf_iterate(), BUG: unable to handle kernel NULLpointer dereference

From: Krzysztof Oledzki
Date: Thu Jul 24 2008 - 14:09:54 EST

Next message: Grant Coady: "Re: how much stuff is no longer "EXPERIMENTAL"?"
Previous message: Suresh Siddha: "[patch] x64, fpu: fix possible FPU leakage in error conditions"
In reply to: Patrick McHardy: "Re: [regression] nf_iterate(), BUG: unable to handle kernel NULLpointer dereference"
Next in thread: Willy Tarreau: "Re: [TCP bug, regression] stuck distcc connections in latest -git"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 24 Jul 2008, Ingo Molnar wrote:

* Patrick McHardy <kaber@xxxxxxxxx> wrote:

Ingo Molnar wrote:
Then i tried both suggested fix patches Patrick sent me (a suggested
revert and an netfilter/RCU use-after-free fix), but none of them
solved the crash.

Just to make sure - the "netfilter/RCU use-after-free fix" was the
patch from Pekka?

yes. You can see it in tip/out-of-tree:

http://people.redhat.com/mingo/tip.git/README

Thus i finally arrived to:

# good: [ae6134bd] hdlcdrv: Fix CRC calculation.
# bad: [5547cd0d] netfilter: nf_conntrack_sctp: fix sparse warnings
# bad: [280763c6] netfilter: xt_time: fix time's time_mt()'s use of
# good: [07a7c10b] netlink: add NLA_PUT_BE64 macro
# bad: [58401573] netfilter: accounting rework: ct_extend + 64bit co

| 584015727a3b88b46602b20077b46cd04f8b4ab3 is first bad commit
| commit 584015727a3b88b46602b20077b46cd04f8b4ab3
| Author: Krzysztof Piotr Oledzki <ole@xxxxxx>
| AuthorDate: Mon Jul 21 10:01:34 2008 -0700
| Commit: David S. Miller <davem@xxxxxxxxxxxxx>
| CommitDate: Mon Jul 21 10:10:58 2008 -0700
|
| netfilter: accounting rework: ct_extend + 64bit counters (v4)
[...]
| Signed-off-by: Krzysztof Piotr Oledzki <ole@xxxxxx>
| Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
| Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>

Which i double-checked by reverting that commit from -git as well and
that solved the crash. Find the tested reverter patch below.

Thats odd. I don't think anything is wrong with that patch itself, its
more likely that its triggering a bug in ct_extend. You config has a
few helper enabled (FTP, H.323, TFTP) and the crash is when trying to
call the helper functions. Did you actually have traffic of one of
these protocols?

no, that's not likely - it's a default distro bootup.

The commit makes ct_extend area to be used *very* frequently. Could you try to boot your kernel with nf_conntrack.acct=0 to disable accounting?
Does it help?

Best regards,

Krzysztof Olędzki

Next message: Grant Coady: "Re: how much stuff is no longer "EXPERIMENTAL"?"
Previous message: Suresh Siddha: "[patch] x64, fpu: fix possible FPU leakage in error conditions"
In reply to: Patrick McHardy: "Re: [regression] nf_iterate(), BUG: unable to handle kernel NULLpointer dereference"
Next in thread: Willy Tarreau: "Re: [TCP bug, regression] stuck distcc connections in latest -git"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]