Bug#931330: BUG: unable to handle kernel NULL pointer dereference at 0000000000000337
Package: src:linux
Version: 4.19.37-5
Severity: normal
Dear Maintainer,
This is a copy of https://bugzilla.kernel.org/show_bug.cgi?id=203681.
Steps to reproduce:
1. iptables is a symlink to iptables-nft (with iptables-legacy all works fine)
2. I'm not able to reproduce this manually, calling iptables or ferm. Only at boot time.
3. just a minimal debian with only ferm installed
$ cat /etc/ferm/ferm.conf
table filter {
chain BadTcp proto tcp !syn mod conntrack ctstate NEW {
mod limit limit 3/minute limit-burst 3
NFLOG nflog-group 0 nflog-prefix "NEW not SYN: ";
}
chain AllowedTcp mod conntrack ctstate (ESTABLISHED RELATED) ACCEPT;
}
that produces the following rules:
# ferm --remote /etc/ferm/ferm.conf
# Generated by ferm 2.4 on Thu May 23 04:56:59 2019
*filter
:AllowedTcp - [0:0]
:BadTcp - [0:0]
-A AllowedTcp --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
-A BadTcp --protocol tcp ! --syn --match conntrack --ctstate NEW --match limit --limit 3/minute --limit-burst 3 --jump NFLOG --nflog-group 0 --nflog"
COMMIT
trying to run it at boot time gives:
[ 2.810581] BUG: unable to handle kernel NULL pointer dereference at 0000000000000337
[ 2.811972] #PF error: [normal kernel read fault]
[ 2.812727] PGD 0 P4D 0
[ 2.813149] Oops: 0000 [#1] SMP PTI
[ 2.813713] CPU: 0 PID: 227 Comm: iptables-restor Not tainted 5.0.0-trunk-amd64 #1 Debian 5.0.2-1~exp1
[ 2.815195] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2.816509] RIP: 0010:module_put+0xe/0x80
[ 2.817224] Code: 8e 00 48 8b 4d 00 48 85 c9 75 e4 eb 98 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 48 85 ff 74 71 41 54 55 53 <5
[ 2.820387] RSP: 0018:ffffb82d402df990 EFLAGS: 00010286
[ 2.821242] RAX: ffff9b0ffc9fa400 RBX: 0000000000000003 RCX: 0000000000000005
[ 2.822375] RDX: 0000000000000002 RSI: ffffffffc04612d0 RDI: ffffffffffffffff
[ 2.823542] RBP: ffff9b0ffbc301b0 R08: 0000000000000000 R09: 0000000000000074
[ 2.824675] R10: ffffb82d402df8f8 R11: ffffe7cfc0f5d508 R12: 0000000000000004
[ 2.825585] R13: 00000000000000ec R14: 00000000fffffff5 R15: 0000000000000007
[ 2.826456] FS: 00007f06a8bfd740(0000) GS:ffff9b0ffea00000(0000) knlGS:0000000000000000
[ 2.827378] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2.828036] CR2: 0000000000000337 CR3: 0000000036256000 CR4: 00000000000006f0
[ 2.828873] Call Trace:
[ 2.829244] nf_tables_newrule+0x585/0x8c0 [nf_tables]
[ 2.829968] nfnetlink_rcv_batch+0x4a1/0x660 [nfnetlink]
[ 2.830714] ? nfnetlink_rcv_msg+0x13c/0x260 [nfnetlink]
[ 2.831460] ? copyout+0x25/0x30
[ 2.831919] ? _copy_to_iter+0x9d/0x3f0
[ 2.832482] ? __skb_try_recv_datagram+0xcb/0x170
[ 2.833170] ? refcount_inc_checked+0x5/0x30
[ 2.833741] ? __nla_parse+0x34/0x120
[ 2.834265] nfnetlink_rcv+0x106/0x13b [nfnetlink]
[ 2.834941] netlink_unicast+0x1ba/0x250
[ 2.835498] netlink_sendmsg+0x204/0x3d0
[ 2.836009] sock_sendmsg+0x36/0x40
[ 2.836423] ___sys_sendmsg+0x295/0x2f0
[ 2.836877] ? page_add_file_rmap+0x13/0x210
[ 2.837372] ? filemap_map_pages+0x1b9/0x390
[ 2.838011] ? refcount_inc_checked+0x5/0x30
[ 2.838599] ? apparmor_capable+0x72/0xa0
[ 2.839151] ? security_capable+0x35/0x50
[ 2.839702] ? release_sock+0x19/0x90
[ 2.840207] __sys_sendmsg+0x57/0xa0
[ 2.840702] do_syscall_64+0x53/0x100
[ 2.841239] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 2.841947] RIP: 0033:0x7f06a8cff914
[ 2.842440] Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 80 00 00 00 00 48 8d 05 e9 5d 0c 00 8b 00 85 c0 75 13 b8 2e 00 00 00 0f 05 <3
[ 2.845050] RSP: 002b:00007ffe92365cf8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2.845890] RAX: ffffffffffffffda RBX: 00007ffe92365d10 RCX: 00007f06a8cff914
[ 2.846814] RDX: 0000000000000000 RSI: 00007ffe92366d90 RDI: 0000000000000003
[ 2.847647] RBP: 00007ffe92367410 R08: 0000000000000004 R09: 00007f06a8b99410
[ 2.848478] R10: 00007ffe92366d7c R11: 0000000000000246 R12: 00005652c9eee8f0
[ 2.849402] R13: 00007ffe92369ce0 R14: 00007ffe92365d00 R15: 00007ffe92369d18
[ 2.850403] Modules linked in: nft_limit nft_counter xt_NFLOG xt_limit xt_tcpudp xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32y
[ 2.856394] CR2: 0000000000000337
[ 2.856835] ---[ end trace 0bda5f9a9cded6f1 ]---
[ 2.857542] RIP: 0010:module_put+0xe/0x80
[ 2.858140] Code: 8e 00 48 8b 4d 00 48 85 c9 75 e4 eb 98 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 48 85 ff 74 71 41 54 55 53 <5
[ 2.860755] RSP: 0018:ffffb82d402df990 EFLAGS: 00010286
[ 2.861508] RAX: ffff9b0ffc9fa400 RBX: 0000000000000003 RCX: 0000000000000005
[ 2.862548] RDX: 0000000000000002 RSI: ffffffffc04612d0 RDI: ffffffffffffffff
[ 2.863559] RBP: ffff9b0ffbc301b0 R08: 0000000000000000 R09: 0000000000000074
[ 2.864563] R10: ffffb82d402df8f8 R11: ffffe7cfc0f5d508 R12: 0000000000000004
[ 2.865568] R13: 00000000000000ec R14: 00000000fffffff5 R15: 0000000000000007
[ 2.866571] FS: 00007f06a8bfd740(0000) GS:ffff9b0ffea00000(0000) knlGS:0000000000000000
[ 2.867801] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2.868465] CR2: 0000000000000337 CR3: 0000000036256000 CR4: 00000000000006f0
I can provide 2Gb qemu image.
The workaround is to switch to legacy tools with
update-alternatives --config iptables.
Reply to: