search

Chion82 / netfilter-full-cone-nat

A kernel module to turn MASQUERADE into full cone SNAT
GNU General Public License v2.0
427 stars 121 forks source link

Kernel Crash (NULL pointer) #20

Open F-TD5X opened 5 years ago

F-TD5X commented 5 years ago

System: CentOS 7 4.19.1-1.el7.elrepo.x86_64 iptables: 1.8.2 complied as README

crash after run iptables -t nat -A POSTROUTING -o eth0 -j FULLCONENAT

Crash dmesg ``` [ 54.288781] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004 [ 54.289554] PGD 0 P4D 0 [ 54.289811] Oops: 0002 [#1] SMP PTI [ 54.290132] CPU: 0 PID: 9300 Comm: sshd Kdump: loaded Tainted: G O 4.19.1-1.el7.elrepo.x86_64 #1 [ 54.291072] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014 [ 54.292194] RIP: 0010:fullconenat_tg+0x132/0x7f0 [xt_FULLCONENAT] [ 54.292767] Code: 51 e1 41 80 fe 11 4c 8b 45 90 4c 8b 4d 88 0f 84 9e 03 00 00 31 c0 c7 85 78 ff ff ff 00 00 00 00 45 31 f6 66 89 45 88 8b 45 98 <89> 04 25 04 00 00 00 49 8b 45 10 48 85 c0 0f 84 e0 02 00 00 48 8b [ 54.294461] RSP: 0018:ffffc90002caf788 EFLAGS: 00010246 [ 54.294951] RAX: 0000000000000002 RBX: ffff88003ca3a000 RCX: 0000000000000006 [ 54.295603] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffffa0367ce4 [ 54.296252] RBP: ffffc90002caf840 R08: ffffffff823f6580 R09: ffffc90002caf920 [ 54.296976] R10: ffff88003b892b20 R11: ffff880035c80000 R12: ffff88003ca3a00a [ 54.297624] R13: ffff88003c654ce8 R14: 0000000000000000 R15: ffff88003b892b40 [ 54.298284] FS: 00007f84377c98c0(0000) GS:ffff88003ea00000(0000) knlGS:0000000000000000 [ 54.299060] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.299582] CR2: 0000000000000004 CR3: 0000000035e5c002 CR4: 00000000003606f0 [ 54.300241] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.300885] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.301546] Call Trace: [ 54.301787] ? hash_conntrack_raw+0x132/0x170 [nf_conntrack] [ 54.302320] ipt_do_table+0x2e7/0x630 [ip_tables] [ 54.302755] ? nf_nat_setup_info+0x93/0x290 [nf_nat] [ 54.303249] ? ipt_do_table+0x32a/0x630 [ip_tables] [ 54.303703] ? __nf_nat_alloc_null_binding+0x30/0xb0 [nf_nat] [ 54.304221] iptable_nat_do_chain+0x1f/0x30 [iptable_nat] [ 54.304729] nf_nat_inet_fn+0x126/0x240 [nf_nat] [ 54.305151] nf_nat_ipv4_fn+0x41/0x70 [nf_nat_ipv4] [ 54.305619] nf_nat_ipv4_out+0x19/0xc0 [nf_nat_ipv4] [ 54.306072] nf_hook_slow+0x42/0xc0 [ 54.306400] ip_output+0xd0/0xe0 [ 54.306721] ? ip_fragment.constprop.49+0x80/0x80 [ 54.307149] ip_local_out+0x3b/0x50 [ 54.307477] __ip_queue_xmit+0x155/0x3e0 [ 54.307852] ip_queue_xmit+0x10/0x20 [ 54.308183] __tcp_transmit_skb+0x5b4/0xae0 [ 54.308588] tcp_write_xmit+0x257/0xfc0 [ 54.308952] __tcp_push_pending_frames+0x31/0xd0 [ 54.310481] tcp_push+0xdf/0x110 [ 54.311853] tcp_sendmsg_locked+0x9c1/0xe40 [ 54.313308] ? __list_del_entry+0x30/0x30 [ 54.314732] tcp_sendmsg+0x2c/0x50 [ 54.316066] inet_sendmsg+0x37/0xb0 [ 54.317410] sock_sendmsg+0x3e/0x50 [ 54.318706] sock_write_iter+0x85/0xf0 [ 54.320065] __vfs_write+0x10d/0x190 [ 54.321343] vfs_write+0xb2/0x1b0 [ 54.322581] ksys_write+0x55/0xc0 [ 54.323849] __x64_sys_write+0x1a/0x20 [ 54.325100] do_syscall_64+0x60/0x190 [ 54.326335] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 54.327658] RIP: 0033:0x7f8434c08cd0 [ 54.328809] Code: 73 01 c3 48 8b 0d c0 61 2d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 83 3d cd c2 2d 00 00 75 10 b8 01 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ee cb 01 00 48 89 04 24 [ 54.332143] RSP: 002b:00007ffc09d88a78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 54.333693] RAX: ffffffffffffffda RBX: 000055c4c85b9490 RCX: 00007f8434c08cd0 [ 54.335202] RDX: 0000000000000030 RSI: 000055c4c8623420 RDI: 0000000000000003 [ 54.336646] RBP: 0000000000000030 R08: 0000000000000000 R09: 0000000000000000 [ 54.338078] R10: 0000000000000008 R11: 0000000000000246 R12: 00007ffc09d88aff [ 54.339499] R13: 000055c4c82e77a0 R14: 0000000000000003 R15: 0000000000000000 [ 54.340913] Modules linked in: iptable_nat nf_nat_ipv4 xt_FULLCONENAT(O) nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_filter wireguard(O) ip6_udp_tunnel udp_tunnel sb_edac crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc aesni_intel crypto_simd cryptd glue_helper joydev input_leds pcspkr virtio_balloon i2c_piix4 sch_fq ip_tables ext4 mbcache jbd2 virtio_net net_failover failover virtio_console virtio_blk ata_generic pata_acpi cirrus crc32c_intel drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops serio_raw ttm ata_piix virtio_pci virtio_ring virtio drm libata floppy tcp_bbr [ 54.349912] CR2: 0000000000000004 ```
Chion82 commented 5 years ago

4.19 内核太新尚未做兼容,还请坐和放宽。

F-TD5X commented 5 years ago

System: CentOS, Debian

kernel status
4.18.0 OK
4.18.1 OK
4.19.0 OK
4.19.1 FAILED
love4taylor commented 5 years ago

4.19.0-2-amd64 #1 SMP Debian 4.19.16-1 (2019-01-17), 正常

edward-p commented 5 years ago

4.20.13-arch1-1-ARCH #1 SMP PREEMPT Wed Feb 27 19:10:28 UTC 2019 x86_64 GNU/Linux No such issue (maybe fixed).