Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 26 replies
  • Subscribers 0 subscribers
  • Views 7991 views
  • Users 0 members are here
Options
Suggested

[9.265-8][BUG] Firewall still reboots when browsing FTP

twister5800
Just installed 9.265-8 and the firewall reboots when I am browsing FTP, did not have this issue with 9.260. 

System was restarted

Reason: (unknown)



-- 

System Uptime      : 0 days 0 hours 0 minutes

System Load        : 0.77

System Version     : Sophos UTM 9.265-8



Please refer to the manual for detailed instructions
Parents
  • 0
    Hi Martin.

    My name is Sebastian and I am part of Sophos NSG.

    Could you please provide us with full /var/log/kernel.log

    Additionally log of serial will also be helpful - you know how to configure that?
  • 0 in reply to Sebastian Poehn
    Hello Sebastian,

    I have the same problem.

    two ASG 425 (active / passive HA)
    transparent FTP Proxy
    IPS enabled

    Tried to browse ftp://download.astaro.de/ with Firefix 32 and both (!) machines rebooted.

    During the test i got a the kernel message: 

    2014:10:16-14:12:31 93beta-1 kernel: [13439.727003] BUG: unable to handle kernel NULL pointer dereference at 0000000000000010

    2014:10:16-14:12:31 93beta-1 kernel: [13439.727221] IP: [] nf_nat_setup_info+0x5f7/0x68d [nf_nat]

    2014:10:16-14:12:31 93beta-1 kernel: [13439.727352] PGD cafab067 PUD c9d9e067 PMD 0

    2014:10:16-14:12:31 93beta-1 kernel: [13439.727441] Oops: 0002 [#1] SMP

    2014:10:16-14:12:31 93beta-1 kernel: [13439.727507] Modules linked in: nf_nat_ftp nf_conntrack_ftp sr_mod cdrom xt_hashlimit xt_connlabel xt_TPROXY xt_socket xt_NFQUEUE xt_connmark xt_REDIRECT xt_limit xt_mark xt_asgcluster xt_tcpudp xt_set xt_multiport xt_psd(O) xt_addrtype nf_nat_pptp nf_nat_proto_gre nf_nat_irc nf_conntrack_pptp nf_conntrack_proto_gre nf_conntrack_irc ip_set_hash_ip ebt_arp bridge stp llc ebtable_filter ebtables redv2_netlink(O) nfnetlink_queue ip6table_ips ip6table_mangle ip6table_nat nf_nat_ipv6 iptable_ips iptable_mangle iptable_nat nf_nat_ipv4 nf_nat xt_NFLOG xt_condition(O) xt_logmark xt_owner ip6t_REJECT ipt_REJECT xt_state ip_set cfg80211(O) rfkill compat(O) red2(O) red nfnetlink_log warp4 asg_cluster_ipv6 asg_cluster_ipv4 asg_cluster ip_scheduler af_packet xt_confirmed microcode nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6table_raw nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack iptable_filter iptable_raw xt_CT nf_conntrack_netlink nfnetlink nf_conntrack ip6_tables ip_tables x_tables ipv6 loop ppdev e1000e(O) ptp pps_core parport_pc ehci_pci rtc_cmos parport evdev button i2c_i801 rng_core pcspkr sg sd_mod uhci_hcd ehci_hcd processor thermal_sys hwmon pata_acpi ata_generic edd ata_piix ahci libahci libata scsi_mod hid_generic usbhid [last unloaded: nf_conntrack_ftp]

    2014:10:16-14:12:31 93beta-1 kernel: [13439.729913] CPU: 1 PID: 4830 Comm: snort Tainted: G           O 3.12.20-117.g95ca72f.rb1-smp64 #1

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730067] Hardware name:    /LakePort, BIOS 6.00 PG 05/14/2007

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730173] task: ffff8800c9ec8000 ti: ffff8800ca994000 task.ti: ffff8800ca994000

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730303] RIP: 0010:[]  [] nf_nat_setup_info+0x5f7/0x68d [nf_nat]

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730473] RSP: 0018:ffff8800ca995888  EFLAGS: 00010246

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730567] RAX: 000000007f91dd8e RBX: 000000000002ac00 RCX: 0000000000000000

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730691] RDX: 000000000002ac00 RSI: 000000007f91dd8e RDI: ffffffffa02c73b8

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730816] RBP: 000000007f91dd8e R08: 000000006b0ebfac R09: 0000000000000002

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903] R10: dead000000100100 R11: ffffffffa01a7e34 R12: ffff880025f027e0

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903] R13: 0000000000000001 R14: 0000000000000002 R15: 0000000000000000

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903] FS:  0000000000000000(0000) GS:ffff8800cf280000(0063) knlGS:00000000f74886c0

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903] CR2: 0000000000000010 CR3: 00000000ca891000 CR4: 00000000000007e0

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903] Stack:

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  00000001ca068000 ffff88000001a900 ffff880025f027e4 00008800ca7b774e

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  ffffffffa02c6230 ffffffffa02d0050 ffffffffa018a498 ffffc90010c2b000

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  ffff880025c0b100 ffff8800cf29a718 0000000000000001 ffff880025c0bb80

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903] Call Trace:

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? nf_nat_ipv4_fn+0x168/0x1d5 [iptable_nat]

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? poll_freewait+0x3d/0x8a

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? nf_iterate+0x42/0x7d

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? nf_reinject+0x9c/0x131

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? xfrm4_policy_check+0x73/0x73

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? nfqnl_recv_verdict_batch+0x185/0x1a4 [nfnetlink_queue]

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? nfnetlink_rcv_msg+0x17c/0x208 [nfnetlink]

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? nfnetlink_rcv_msg+0x29/0x208 [nfnetlink]

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? nfnl_lock+0x14/0x14 [nfnetlink]

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? netlink_rcv_skb+0x34/0x7c

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? netlink_unicast+0xaf/0x12a

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? netlink_sendmsg+0x5b7/0x5e5

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? sock_sendmsg+0x7c/0x94

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? compat_core_sys_select+0x1f0/0x21f

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? move_addr_to_kernel+0x26/0x37

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? SyS_sendto+0x10f/0x143

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? __sys_recvmmsg+0x1c5/0x1ff

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? __getnstimeofday+0x2f/0x79

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? compat_sys_socketcall+0xf3/0x204

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  [] ? sysenter_dispatch+0x7/0x25

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903] Code: e1 49 8b 94 24 d0 00 00 00 31 c0 48 85 d2 74 09 31 c0 80 7a 11 00 0f 95 c0 31 c9 85 c0 74 08 0f b6 42 11 48 8d 0c 02 89 da 89 e8  89 61 10 48 0f af c2 48 c1 e8 20 48 c1 e0 03 48 03 05 e8 54

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903] RIP  [] nf_nat_setup_info+0x5f7/0x68d [nf_nat]

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903]  RSP 

    2014:10:16-14:12:31 93beta-1 kernel: [13439.730903] CR2: 0000000000000010

    2014:10:16-14:12:31 93beta-1 kernel: [13439.822431] ---[ end trace 336f963b256cfa1a ]---


    Regards,
    Marco
  • 0 in reply to asg_user
    Hello Sebastian,
    IPS enabled



    Marco, can you try to disable IPS also, as I did, just to see if you can reproduce my issue?

    I have also tested against ftp.astaro.com, when the system crashed...

    But when IPS is disabled, it's stable...

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v19 Architect

Reply Children
No Data
Unfiltered HTML