Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#2316 - Kernel's iptables crash unexpectedly #7343

Open
openwrt-bot opened this issue Jun 11, 2019 · 1 comment
Open

FS#2316 - Kernel's iptables crash unexpectedly #7343

openwrt-bot opened this issue Jun 11, 2019 · 1 comment
Labels
flyspray kernel

Comments

@openwrt-bot
Copy link

@openwrt-bot openwrt-bot commented Jun 11, 2019

Soberia:

<Xiaomi Mi Router 3G / OpenWrt SNAPSHOT, r10173-6b762dd>
My router sometimes restart unexpectedly with no reason. Here's the kernel's crash log (/sys/kernel/debug/crashlog)

<0>[12930.571103] usercopy: kernel memory overwrite attempt detected to c2651000 (kmalloc-2048) (5408 bytes)
<4>[12930.580437] Kernel bug detected[#1]:
<4>[12930.584007] CPU: 2 PID: 28709 Comm: iptables Not tainted 4.14.123 #0
<4>[12930.590333] task: 8186ddc0 task.stack: 81fe4000
<4>[12930.594840] $ 0 : 00000000 00000001 0000005a 00000000
<4>[12930.600054] $ 4 : 8122d33c 8122d33c 81231e78 00007388
<4>[12930.605266] $ 8 : 00000000 00000194 00000008 00000000
<4>[12930.610476] $12 : 00000000 805c0000 0008b6df 00000000
<4>[12930.615697] $16 : c2651000 00001520 00000000 c2652520
<4>[12930.620906] $20 : 006678e0 00001548 00000000 77fca000
<4>[12930.626115] $24 : 00000001 802ab558
<4>[12930.631326] $28 : 81fe4000 81fe5dc0 00000000 80116360
<4>[12930.636539] Hi : 00000124
<4>[12930.639403] Lo : 74e58000
<4>[12930.642286] epc : 80116360 __check_object_size+0x1b0/0x1e0
<4>[12930.647921] ra : 80116360 __check_object_size+0x1b0/0x1e0
<4>[12930.653549] Status: 11007c03 KERNEL EXL IE
<4>[12930.657721] Cause : 50800024 (ExcCode 09)
<4>[12930.661707] PrId : 0001992f (MIPS 1004Kc)
<4>[12930.665796] Modules linked in: pppoe ppp_async pptp pppox ppp_mppe ppp_generic nf_nat_pptp nf_conntrack_pptp nf_conntrack_ipv6 mt76x2e mt76x2_common mt76x02_lib mt7603e mt76 mac80211 iptable_nat ipt_REJECT ipt_MASQUERADE cfg80211 xt_time xt_tcpudp xt_tcpmss xt_statistic xt_state xt_recent xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_TCPMSS xt_REDIRECT xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY ts_fsm ts_bm slhc nf_reject_ipv4 nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_redirect nf_nat_proto_gre nf_nat_masquerade_ipv4 nf_nat_irc nf_conntrack_ipv4 nf_nat_ipv4 nf_nat_h323 nf_nat_amanda nf_nat nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_tftp
<4>[12930.736837] nf_conntrack_snmp nf_conntrack_sip nf_conntrack_rtcache nf_conntrack_proto_gre nf_conntrack_netlink nf_conntrack_irc nf_conntrack_h323 nf_conntrack_broadcast ts_kmp nf_conntrack_amanda iptable_raw iptable_mangle iptable_filter ipt_ECN ip_tables crc_ccitt compat fuse sch_cake nf_conntrack sch_tbf sch_ingress sch_htb sch_hfsc em_u32 cls_u32 cls_tcindex cls_route cls_matchall cls_fw cls_flow cls_basic act_skbedit act_mirred ledtrig_usbport xt_set ip_set_list_set ip_set_hash_netportnet ip_set_hash_netport ip_set_hash_netnet ip_set_hash_netiface ip_set_hash_net ip_set_hash_mac ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_hash_ipport ip_set_hash_ipmark ip_set_hash_ip ip_set_bitmap_port ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set nfnetlink nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter
<4>[12930.808159] ip6_tables ip6t_REJECT x_tables nf_reject_ipv6 ip_gre gre ifb ip_tunnel tun vfat fat nls_utf8 nls_iso8859_1 nls_cp437 sha1_generic ecb usb_storage sd_mod scsi_mod ext4 mbcache jbd2 crc32c_generic leds_gpio xhci_plat_hcd xhci_pci xhci_mtk xhci_hcd gpio_button_hotplug usbcore nls_base usb_common
<4>[12930.835248] Process iptables (pid: 28709, threadinfo=81fe4000, task=8186ddc0, tls=77fd8eb8)
<4>[12930.843554] Stack : 818c0040 8055090c 8055e4c8 c2651000 8054f124 00001520 00000000 00001520
<4>[12930.851887] c2651000 00667908 805d9980 8ead1c3c 818c0000 818c0040 c264e000 805b0000
<4>[12930.860223] 805b0000 805e0000 00000041 8f1b9c98 805d9980 c264e000 0066a000 81fe5e34
<4>[12930.868560] 8adcd004 006663b0 81840040 805d9980 00000000 00000000 746c6966 00007265
<4>[12930.876894] 00000000 00000000 00000000 00000000 00000000 00000000 00000152 00000000
<4>[12930.885244] ...
<4>[12930.887733] Call Trace:
<4>[12930.890172] [<80116360>] __check_object_size+0x1b0/0x1e0
<4>[12930.895540] [<8ead1c3c>] xt_copy_counters_from_user+0xac/0x158 [x_tables]
<4>[12930.902322] [<8f1b9c98>] ipt_register_table+0x508/0xdf8 [ip_tables]
<4>[12930.908568] Code: 02003825 0c01d530 24840924 <000c000d> 8fb30028 8fb20024 8fb10020 8fb0001c 03e00008
<4>[12930.918296]
<4>[12930.920137] ---[ end trace 0d59c51a87e12512 ]---

@openwrt-bot
Copy link
Author

@openwrt-bot openwrt-bot commented Jun 11, 2019

moeller0:

Same issue, applying https://patchwork.ozlabs.org/patch/1112640/ might have solved the issue. I performed two hard dsl line disconnects, in the recent past upon resyncing and establishing a new ppp connection the router pretty reliably rebooted with a:
usercopy: kernel memory exposure attempt detected from
type error messages in the crashlog, now after patching it surbvived two dsl-unplug/re-plug cycles. I will monitor it further but this looks at least like it is going in the right direction ;)

@aparcar aparcar added the kernel label Feb 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
flyspray kernel
Projects
None yet
Development

No branches or pull requests

2 participants