ulogd2 / segfault in ulogd_raw2packet_BASE.c with kernel 4.8.1

ulogd2 / segfault in ulogd_raw2packet_BASE.c with kernel 4.8.1

[Frank Reppin]

Hellos,

at first - sorry if this is the complete wrong place to
come up with this issue...

OS details:
=============
Debian Jessie 8.6 x64
   ulogd2            -> 2.0.4-2+deb8u1
   iptables          -> 1.4.21-2+b1
   libnetfilter-log1 -> 1.0.1-1.1
   libnfnetlink0      -> 1.0.1-3

Problem:
==========
It segfaults... really soon after I connect via WLAN/hostapd
and some iptables log rule kicks in.

backtrace:
===========
Program received signal SIGSEGV, Segmentation fault.
_interp_iphdr (pi=0x555555768b50, len=0) at ulogd_raw2packet_BASE.c:718
718     ulogd_raw2packet_BASE.c: No such file or directory.
(gdb) bt
#0  _interp_iphdr (pi=0x555555768b50, len=0) at ulogd_raw2packet_BASE.c:718
#1  0x0000555555558dcb in ulogd_propagate_results 
(pi=pi@entry=0x555555766090) at ulogd.c:518
#2  0x00007ffff740d1fb in interp_packet (ldata=0x7fffffffe290, 
pf_family=2 '\002', upi=0x555555766090) at ulogd_inppkt_NFLOG.c:400
#3  msg_cb (gh=<optimized out>, nfmsg=0x7ffff7fc67d8, 
nfa=0x7fffffffe290, data=0x555555766090) at ulogd_inppkt_NFLOG.c:483
#4  0x00007ffff7208307 in ?? () from 
/usr/lib/x86_64-linux-gnu/libnetfilter_log.so.1
#5  0x00007ffff7003627 in nfnl_handle_packet () from 
/usr/lib/x86_64-linux-gnu/libnfnetlink.so.0
#6  0x00007ffff740cafe in nful_read_cb (fd=<optimized out>, 
what=<optimized out>, param=0x555555766090) at ulogd_inppkt_NFLOG.c:463
#7  0x00005555555594a8 in ulogd_select_main (tv=<optimized out>) at 
select.c:105
#8  0x0000555555556ed7 in ulogd_main_loop () at ulogd.c:934
#9  main (argc=<optimized out>, argv=<optimized out>) at ulogd.c:1477

Additional details:
====================
ulogd2 used to behave fine here (no segfaults/no issues at all) with 
previous kernel releases (for example 4.7.7 is OK)


Thankyou for any insights!
Frank Reppin

-- 
43rd Law of Computing:
         Anything that can go wr
fortune: Segmentation violation -- Core dumped

Re: ulogd2 / segfault in ulogd_raw2packet_BASE.c with kernel 4.8.1

[Eric Leblond]

Hello,

On Sun, 2016-10-09 at 23:31 +0200, Frank Reppin wrote:
> Hellos,
> 
> at first - sorry if this is the complete wrong place to
> come up with this issue...
> 
> OS details:
> =============
> Debian Jessie 8.6 x64
>    ulogd2            -> 2.0.4-2+deb8u1
>    iptables          -> 1.4.21-2+b1
>    libnetfilter-log1 -> 1.0.1-1.1
>    libnfnetlink0      -> 1.0.1-3
> 
> Problem:
> ==========
> It segfaults... really soon after I connect via WLAN/hostapd
> and some iptables log rule kicks in.
> 
> backtrace:
> ===========
> Program received signal SIGSEGV, Segmentation fault.
> _interp_iphdr (pi=0x555555768b50, len=0) at
> ulogd_raw2packet_BASE.c:718
> 718     ulogd_raw2packet_BASE.c: No such file or directory.
> (gdb) bt
> #0  _interp_iphdr (pi=0x555555768b50, len=0) at
> ulogd_raw2packet_BASE.c:718
> #1  0x0000555555558dcb in ulogd_propagate_results 
> (pi=pi@entry=0x555555766090) at ulogd.c:518
> #2  0x00007ffff740d1fb in interp_packet (ldata=0x7fffffffe290, 
> pf_family=2 '\002', upi=0x555555766090) at ulogd_inppkt_NFLOG.c:400
> #3  msg_cb (gh=<optimized out>, nfmsg=0x7ffff7fc67d8, 
> nfa=0x7fffffffe290, data=0x555555766090) at ulogd_inppkt_NFLOG.c:483
> #4  0x00007ffff7208307 in ?? () from 
> /usr/lib/x86_64-linux-gnu/libnetfilter_log.so.1
> #5  0x00007ffff7003627 in nfnl_handle_packet () from 
> /usr/lib/x86_64-linux-gnu/libnfnetlink.so.0
> #6  0x00007ffff740cafe in nful_read_cb (fd=<optimized out>, 
> what=<optimized out>, param=0x555555766090) at
> ulogd_inppkt_NFLOG.c:463
> #7  0x00005555555594a8 in ulogd_select_main (tv=<optimized out>) at 
> select.c:105
> #8  0x0000555555556ed7 in ulogd_main_loop () at ulogd.c:934
> #9  main (argc=<optimized out>, argv=<optimized out>) at ulogd.c:1477
> 
> Additional details:
> ====================
> ulogd2 used to behave fine here (no segfaults/no issues at all) with 
> previous kernel releases (for example 4.7.7 is OK)

From what I can see, it looks possible there is a problem introduced by
copy range handling change introduce in this kernel.

Is it possible for you to test latest iptables ? It should handle the
range correctly and this should fix the problem.

In the mean time, I'll continue to investigate.

BR,
-- 
Eric Leblond <eric@regit.org>
Blog: https://home.regit.org/

Re: ulogd2 / segfault in ulogd_raw2packet_BASE.c with kernel 4.8.1

[Frank Reppin]

Hi Eric,
dear list,

On 10.10.2016 01:26, Eric Leblond wrote:
[...]
> From what I can see, it looks possible there is a problem introduced by
> copy range handling change introduce in this kernel.
>
> Is it possible for you to test latest iptables ? It should handle the
> range correctly and this should fix the problem.
Hm - weird - but no success.
I've just tested both - iptables 1.6.0 release and the most current git 
master of iptables - a couple of minutes ago.
Both let ulogd2 (default debian jessie package) segfault - the backtrace
is the same in each case (... and same compared to the one in my initial 
post).

cheers,
frank\

-- 
43rd Law of Computing:
         Anything that can go wr
fortune: Segmentation violation -- Core dumped

Re: ulogd2 / segfault in ulogd_raw2packet_BASE.c with kernel 4.8.1

[frank]

Hi Eric,
dear list,

just a short update on this issue...

There's someone over at LKML with the same issue and there
seems to be fix for this on the way.
Your earlier assumption about the kernel changes were true:

http://www.gossamer-threads.com/lists/linux/kernel/2538445?do=post_view_threaded

cheers,
frank\


-- 
43rd Law of Computing:
         Anything that can go wr
fortune: Segmentation violation -- Core dumped

Re: ulogd2 / segfault in ulogd_raw2packet_BASE.c with kernel 4.8.1

[Frank Reppin]

Hellos,

I had some hope to see a fix in 4.8.2 - just because
of

http://www.gossamer-threads.com/lists/linux/kernel/2541078?do=post_view_threaded#2541078

... and Lipings later reply stating that he would send
an official patch later.

But the changelog (diff) for 4.8.2 doesn't suggest that
this is fixed know.

Any objections to see this in 4.8.3?

cheers,
frank\

-- 
43rd Law of Computing:
         Anything that can go wr
fortune: Segmentation violation -- Core dumped

Re: ulogd2 / segfault in ulogd_raw2packet_BASE.c with kernel 4.8.1

[Pablo Neira Ayuso]

On Tue, Oct 11, 2016 at 09:16:22AM +0200, frank wrote:
> Hi Eric,
> dear list,
> 
> just a short update on this issue...
> 
> There's someone over at LKML with the same issue and there
> seems to be fix for this on the way.
> Your earlier assumption about the kernel changes were true:
> 
> http://www.gossamer-threads.com/lists/linux/kernel/2538445?do=post_view_threaded

I have just applied the fix for 4.8, will take a little while to
propagate this to -stable.

Meanwhile, oneliner patch to fix it is here:

http://patchwork.ozlabs.org/patch/680773/