netfilter buglog - Oct 2009 - [Bug 617] New: NULL pointer dereference in br_nf_pre_routing_finish

http://bugzilla.netfilter.org/show_bug.cgi?id=617

           Summary: NULL pointer dereference in br_nf_pre_routing_finish
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: All
               URL: https://bugs.launchpad.net/bugs/439893
        OS/Version: Ubuntu
            Status: NEW
          Severity: major
          Priority: P1
         Component: unknown
        AssignedTo: laforge at netfilter.org
        ReportedBy: miipekk at ihme.org


Hello,

This is possible a netfilter bug, causing two almost identical servers to crash
at the exactly same moment. We are using KVM with bridged network and that
issue happens around once a week. I really hope a solution will be found soon,
now we are testing with firewalling disabled if this problem still occurs. The
OOPS message is below. Please ask for any more details if necessary.

Problem affects also vanilla custom compiled 2.6.31.1 kernel.

[13491.692455] BUG: unable to handle kernel NULL pointer dereference at
0000000000000018
[13491.700966] IP: [<ffffffffa0172d16>]
br_nf_pre_routing_finish+0x36/0x320
[bridge]                           
[13491.702399] PGD 2ac892067 PUD 2ac891067 PMD 0                                
[13491.702399] Oops: 0000 [#1] SMP                                              
[13491.702399] last sysfs file:
/sys/devices/virtual/net/virbr0/bridge/stp_state                               
[13491.702399] Dumping ftrace buffer:                                           
[13491.702399]    (ftrace buffer empty)                                         
[13491.702399] CPU 2                                                            
[13491.702399] Modules linked in: tun kvm_intel kvm ip6table_filter ip6_tables
iptable_raw xt_comment xt_recent xt_policy ipt_ULOG ipt_TTL ipt_ttl ipt_REJECT
ipt_REDIRECT ipt_NETMAP ipt_MASQUERADE ipt_LOG ipt_ECN ipt_ecn ipt_CLUSTERIP
ipt_ah ipt_addrtype nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_pptp
nf_nat_proto_gre nf_nat_irc nf_nat_h323 nf_nat_ftp nf_nat_amanda ts_kmp
nf_conntrack_amanda nf_conntrack_tftp nf_conntrack_sip nf_conntrack_proto_sctp
nf_conntrack_pptp nf_conntrack_proto_gre nf_conntrack_netlink
nf_conntrack_netbios_ns nf_conntrack_irc nf_conntrack_h323 nf_conntrack_ftp
xt_tcpmss xt_pkttype xt_physdev xt_owner xt_NFQUEUE xt_NFLOG xt_multiport
xt_MARK xt_mark xt_mac xt_limit xt_length xt_iprange xt_helper xt_hashlimit
xt_DSCP xt_dscp xt_dccp xt_conntrack xt_CONNMARK xt_connmark xt_CLASSIFY
xt_tcpudp xt_state iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4
nf_conntrack iptable_mangle nfnetlink iptable_filter ip_tables x_tables bridge
stp ipmi_devintf lp parport iTCO_wdt iTCO_vendor_support ipmi_si i5000_edac
ipmi_msghandler edac_core hpilo psmouse shpchp pcspkr serio_raw usbhid mptsas
mptscsih bnx2 mptbase scsi_transport_sas cciss fbcon tileblit font bitblit
softcursor                                                                      
[13491.702399] Pid: 0, comm: swapper Not tainted 2.6.28-15-server #52-Ubuntu    
[13491.702399] RIP: 0010:[<ffffffffa0172d16>]  [<ffffffffa0172d16>]
br_nf_pre_routing_finish+0x36/0x320 [bridge]       
[13491.702399] RSP: 0018:ffff8802aefffb10  EFLAGS: 00010283                     
[13491.702399] RAX: 0000000000000000 RBX: 0000000000000000 RCX:
ffff8802add00801                                       
[13491.702399] RDX: 0000000000000002 RSI: 0000000000000030 RDI:
ffff8802ad5ac000                                       
[13491.702399] RBP: ffff8802aefffb90 R08: 00000000bf02692f R09:
ffffffff809b0da0                                       
[13491.702399] R10: 0000000000004000 R11: 0000000000000011 R12:
ffff8802add00800                                       
[13491.702399] R13: 0000000000000000 R14: ffff8802ad598000 R15:
ffff8802ac1ec000                                       
[13491.702399] FS:  0000000000000000(0000) GS:ffff8802af802f80(0000)
knlGS:0000000000000000                            
[13491.702399] CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b                
[13491.702399] CR2: 0000000000000018 CR3: 00000002ad572000 CR4:
00000000000026a0                                       
[13491.702399] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000                                       
[13491.702399] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7:
0000000000000400                                       
[13491.702399] Process swapper (pid: 0, threadinfo ffff8802aeffa000, task
ffff8802aeff2cc0)                            
[13491.702399] Stack:                                                           
[13491.702399]  0000000000000000 ffff8802ad598000 ffff8802aefffb90
ffffffff805d3a7b                                    
[13491.702399]  ffffffffa0172ce0 0000000080000000 ffff8802aefffb70
00000002802e20a5                                    
[13491.702399]  ffffffff809b0da0 ffffffff802e2486 ffffffff809b0da0
0000000000000000                                    
[13491.702399] Call Trace:
[13491.702399]  <IRQ> <0> [<ffffffff805d3a7b>] ?
nf_hook_slow+0xab/0x100
[13491.702399]  [<ffffffffa0172ce0>] ? br_nf_pre_routing_finish+0x0/0x320
[bridge]
[13491.702399]  [<ffffffff802e2486>] ? kmem_cache_alloc+0x86/0xc0
[13491.702399]  [<ffffffffa016dee0>] ? br_handle_frame_finish+0x0/0x190
[bridge]
[13491.702399]  [<ffffffffa0173c85>] br_nf_pre_routing+0x425/0x488
[bridge]
[13491.702399]  [<ffffffff805d3997>] nf_iterate+0x67/0xa0
[13491.702399]  [<ffffffffa016dee0>] ? br_handle_frame_finish+0x0/0x190
[bridge]
[13491.702399]  [<ffffffff805d3a7b>] nf_hook_slow+0xab/0x100
[13491.702399]  [<ffffffffa016dee0>] ? br_handle_frame_finish+0x0/0x190
[bridge]
[13491.702399]  [<ffffffffa0076c90>] ? bnx2_rx_skb+0x5f0/0x7e0 [bnx2]
[13491.702399]  [<ffffffffa016e1cd>] br_handle_frame+0x15d/0x220 [bridge]
[13491.702399]  [<ffffffff805b3d17>] netif_receive_skb+0x1c7/0x590
[13491.702399]  [<ffffffffa0079ad8>] bnx2_rx_int+0x5d8/0x7b0 [bnx2]
[13491.702399]  [<ffffffff8024a7bd>] ? load_balance+0x8d/0x420
[13491.702399]  [<ffffffffa0079d20>] bnx2_poll_work+0x70/0x90 [bnx2]
[13491.702399]  [<ffffffffa0079db5>] bnx2_poll+0x75/0x1a0 [bnx2]
[13491.702399]  [<ffffffff80270b09>] ? getnstimeofday+0x59/0xe0
[13491.702399]  [<ffffffff805b3894>] net_rx_action+0x104/0x240
[13491.702399]  [<ffffffff80256bdc>] __do_softirq+0x9c/0x170
[13491.702399]  [<ffffffff80213d8c>] call_softirq+0x1c/0x30
[13491.702399]  [<ffffffff80214ffd>] do_softirq+0x5d/0xa0
[13491.702399]  [<ffffffff8025695d>] irq_exit+0x8d/0xa0
[13491.702399]  [<ffffffff802152c5>] do_IRQ+0xc5/0x110
[13491.702399]  [<ffffffff80212bf3>] ret_from_intr+0x0/0x29
[13491.702399]  <EOI> <0> [<ffffffff8021a95a>] ?
mwait_idle+0x4a/0x50
[13491.702399]  [<ffffffff80210dd2>] ? enter_idle+0x22/0x30
[13491.702399]  [<ffffffff80210e85>] ? cpu_idle+0x65/0xc0
[13491.702399]  [<ffffffff80695b93>] ? start_secondary+0x9e/0xcb
[13491.702399] Code: e8 49 89 fc 4c 89 6d f0 4d 8b ac 24 98 00 00 00 48 89 5d
e0 4c 89 75 f8 41 8b b4 24 c0 00 00 00 4c 8b 77 20 48 8b bf d0 00 00 00
<41> 8b
45 18 a8 01 74 1c 41 0f b6 44 24 7d 83 e0 f8 83 c8 03 41
[13491.702399] RIP  [<ffffffffa0172d16>]
br_nf_pre_routing_finish+0x36/0x320
[bridge]
[13491.702399]  RSP <ffff8802aefffb10>
[13491.702399] CR2: 0000000000000018
[13491.921012] Kernel panic - not syncing: Fatal exception in interrupt


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.netfilter.org/show_bug.cgi?id=617


jengelh at medozas.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|laforge at netfilter.org       |bdschuym at pandora.be




-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the assignee for the bug, or are watching the assignee.