IPfirewall bug?

Marnix (mx@Cal036011.student.utwente.nl)
Thu, 27 Nov 1997 12:52:49 +0100


Hello,

I had a GPF with a clean linux-2.0.32 after 8 days of uptime.
The bad guy appears to be IP firewalling, as is clear from
the log.
My hardware consists of:
Cyrix 6x86L-P200, no kernel support,
AsusT2P4-HX board with Triton support
Quantum Fireball HD w/ native ext2fs
3c900 NIC (eth0) as a module, driver 0.46c
NE2000 NIC (eth1) as a module
IP firewalling, autoforwarding, routing,
masquerading, always defrag, icmp masqing
all in the kernel.

At the crash moment the load was 1.00 (quake ;)
The firewalling was in use because my second machine
(behind eth1) 's files can be reached from the local
network via SMB fs (hence that nmbd has to use firewalling)

Any ideas ?

Marnix Garvels

Unable to handle kernel NULL pointer dereference at virtual address c00000d5
current->tss.cr3 = 01919000, |r3 = 01919000
*pde = 00102067
*pte = 00000000
Oops: 0000
CPU: 0
EIP: 0010:[ip_fw_chk+1181/1240]
EFLAGS: 00010246
eax: 00000001 ebx: 018d6e00 ecx: 01caf038 edx: 00000000
esi: 01caf04c edi: 00000089 ebp: 00000089 esp: 011a1ebc
ds: 0018 es: 0018 fs: 002b gs: 002b ss: 0018
Process nmbd (pid: 10761, process nr: 38, stackpage=011a1000)
Stack: 0019b378 00000002 011a1f7e 01caf038 bffff720 bfff0000 0175ea01 00000200
0000e000 00000002 01d400ff ffff5982 86dd5982 01caf04c 0014f8eb 01caf038
01d41018 011a1f7e 018d6d18 00000004 00000000 00136019 0019b378 00000002
Call Trace: [ipfw_input_check+31/36] [call_in_firewall+41/68] [ip_rcv+351/1316] [<0283fea4>] [<02846dec>] [net_bh+244/276] [do_bottom_half+59/96]
[handle_bottom_half+11/32]
Code: 03 4c 25 4c f6 c5 02 00 04 08 00 00 00 00 5b 04 47 44 81 c4
Aiee, killing interrupt handler

Code: 00000000 <_EIP>:
Code: 0 <_EIP+0>: 03 4c 25 4c addl 0x4c(%ebp,1),%ecx
Code: 4 <_EIP+4>: f6 c5 02 testb $0x2,%ch
Code: 7 <_EIP+7>: 00 04 08 addb %al,(%eax,%ecx,1)
Code: 10 <_EIP+10>: 00 00 addb %al,(%eax)
Code: 12 <_EIP+12>: 00 00 addb %al,(%eax)
Code: 14 <_EIP+14>: 5b popl %ebx
Code: 15 <_EIP+15>: 04 47 addb $0x47,%al
Code: 17 <_EIP+17>: 44 incl %esp
Code: 18 <_EIP+18>: 81 c4 00 90 90 addl $0x90909000,%esp
Code: 23 <_EIP+23>: 90