Bug 21512
Summary: | Kernel BUG: NULL pointer dereference at nf_nat_setup_info [nf_nat] | ||
---|---|---|---|
Product: | Networking | Reporter: | Marian Ivasiuk (ivasiuk) |
Component: | Netfilter/Iptables | Assignee: | networking_netfilter-iptables (networking_netfilter-iptables) |
Status: | RESOLVED CODE_FIX | ||
Severity: | normal | CC: | alan, sysoleg |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | Subsystem: | ||
Regression: | No | Bisected commit-id: | |
Attachments: | nf_nat.ko module from crash report |
Description
Marian Ivasiuk
2010-10-31 01:15:56 UTC
On 31.10.2010 02:15, bugzilla-daemon@bugzilla.kernel.org wrote: > https://bugzilla.kernel.org/show_bug.cgi?id=21512 > > Summary: Kernel BUG: NULL pointer dereference at > nf_nat_setup_info [nf_nat] > Product: Networking > Version: 2.5 > Platform: All > OS/Version: Linux > Tree: Mainline > Status: NEW > Severity: normal > Priority: P1 > Component: Netfilter/Iptables > AssignedTo: networking_netfilter-iptables@kernel-bugs.osdl.org > ReportedBy: ivasiuk@gmail.com > Regression: No > > > After upgrade from CentOS 5 (2.6.18) to newer systems (from fc11 to rhel6b2) > with TX multiqueue support my Internet gateway (forwarding, REDIRECT, SNAT, > ACCOUNT, filtering and shaping of 2+ Gbit/s traffic) always crashed under > load > over 1 Gbit/s. > > > Hardware: > > Supermicro X8DTU-F with two Xeon X5650 and dual-port Intel 82598EB 10-Gigabit > AT CX4 Network Connection (ixgbe driver from e1000.sf.net). > > > System tuned for more aggresive conntrack timeouts: > > net.netfilter.nf_conntrack_generic_timeout = 60 > net.netfilter.nf_conntrack_icmp_timeout = 60 > net.netfilter.nf_conntrack_tcp_be_liberal = 0 > net.netfilter.nf_conntrack_tcp_loose = 0 > net.netfilter.nf_conntrack_tcp_timeout_close = 10 > net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 > net.netfilter.nf_conntrack_tcp_timeout_established = 1800 > net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 60 > net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30 > net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60 > net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 30 > net.netfilter.nf_conntrack_tcp_timeout_time_wait = 20 > net.netfilter.nf_conntrack_udp_timeout = 10 > net.netfilter.nf_conntrack_udp_timeout_stream = 10 > > > Netconsole logs from last crashes on rhel6b2 kernel (2.6.32-44.2.el6) with > two > patches (ipset and ipt_ACCOUNT): > > Oct 29 13:56:52 prime BUG: unable to handle kernel > Oct 29 13:56:52 prime NULL pointer dereference > Oct 29 13:56:52 prime at 00000036 > Oct 29 13:56:52 prime IP: > Oct 29 13:56:52 prime [<f86c3e3b>] nf_nat_setup_info+0x5fb/0x7a0 [nf_nat] Doesn't ring a bell. Please send your nf_nat object file and (in case those are used on RHEL) the corresponding debuginfo file. Created attachment 35992 [details]
nf_nat.ko module from crash report
In archive attached original nf_nat.ko module from crash report and the same module debuginfo rebuilded with corresponding nf_nat.ko.debug file.
Kernel crashed with the similar crash report even without any rule in NAT table but loaded nf_nat and iptable_nat modules. Patrick, is more information needed on this case? Marian, could you please try the following patch proposed by Changli? I see that in your case bug is triggered more often than in mine. So then if patch is fine we will know it quickly. http://www.spinics.net/lists/netfilter-devel/msg17406.html Thank you. > Marian, could you please try the following patch proposed by Changli?
Proposed patch installed (kernel-2.6.32-71.18.1.el6) and now being tested on two identical systems with previous hardware configuration.
Any update? > Any update?
Problem was fixed. Two earlier mentioned systems working without crashes for 22 days under load up to 4 Gbit/s.
Thank you for testing! |