It looks like this may be an issue with missing initialization in xt_init(). I was able to force the same panic after applying this patch and then running the same application that was running at the time of the firts panic. Unfortunately I was not able to isolate exactly which sequence of commands causes the panic, but 'sudo ebtables -t broute -F BROUTING' seems to be involved. You may have a better insight in this. In any case it looks like it may be worth it to do in xt_init() the same initalization done in xt_compat_flush_offsets(), ie set number and cur to 0. I will send a separate patch for that. Index: linux-4.19.x86_64/net/netfilter/x_tables.c =================================================================== --- linux-4.19.x86_64.orig/net/netfilter/x_tables.c +++ linux-4.19.x86_64/net/netfilter/x_tables.c @@ -1908,6 +1908,7 @@ static int __init xt_init(void) #ifdef CONFIG_COMPAT mutex_init(&xt[i].compat_mutex); xt[i].compat_tab = NULL; + xt[i].cur = 0x258024a; #endif INIT_LIST_HEAD(&xt[i].target); INIT_LIST_HEAD(&xt[i].match); [ 613.216033] BUG: unable to handle kernel paging request at 0000000009600920 [ 613.223057] PGD 1fd1852067 P4D 1fd1852067 PUD 2037236067 PMD 0 [ 613.229033] Oops: 0000 [#1] SMP [ 613.232241] CPU: 27 PID: 5015 Comm: ebtables Kdump: loaded Not tainted 4.19.17-11302235.AroraKernelnext.fc18.x86_64 #1 [ 613.242986] Hardware name: Supermicro X9DRT/X9DRT, BIOS 3.0 06/28/2013 [ 613.249584] RIP: 0010:xt_compat_calc_jump+0x2f/0x63 [x_tables] [ 613.255466] Code: 40 0f b6 ff 55 31 c0 48 6b ff 70 48 03 3d dc 45 00 00 48 89 e5 8b 4f 6c 4c 8b 47 60 ff c9 39 c8 7f 2f 8d 14 08 d1 fa 48 63 fa <41> 39 34 f8 4c 8d 0c fd 00 00 00 00 73 05 8d 42 01 eb e1 76 05 8d [ 613.274288] RSP: 0018:ffffc90008b6bc58 EFLAGS: 00010207 [ 613.279561] RAX: 0000000000000000 RBX: ffffc90006495000 RCX: 0000000002580249 [ 613.286749] RDX: 00000000012c0124 RSI: fffffffff722a7e9 RDI: 00000000012c0124 [ 613.293942] RBP: ffffc90008b6bc58 R08: 0000000000000000 R09: ffffffff8117cf8f [ 613.301128] R10: ffffc900064a7000 R11: 0000000000000000 R12: 0000000000000001 [ 613.308322] R13: 0000000000000000 R14: ffffc90008b6bcb8 R15: ffffc90008b6bcb8 [ 613.315514] FS: 0000000000000000(0000) GS:ffff88a03fac0000(0063) knlGS:00000000f7aba700 [ 613.323655] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 613.329450] CR2: 0000000009600920 CR3: 000000203a19e002 CR4: 00000000000606e0 [ 613.336874] Call Trace: [ 613.339610] compat_do_replace+0x1fb/0x2a3 [ebtables] [ 613.344947] compat_do_ebt_set_ctl+0x69/0xe6 [ebtables] [ 613.350457] ? try_module_get+0x37/0x42 [ 613.354570] compat_nf_setsockopt+0x4f/0x6d [ 613.359031] compat_ip_setsockopt+0x7e/0x8c [ 613.363505] compat_raw_setsockopt+0x16/0x3a [ 613.368046] compat_sock_common_setsockopt+0x1d/0x24 [ 613.373275] __compat_sys_setsockopt+0x17e/0x1b1 [ 613.378157] ? __check_object_size+0x76/0x19a [ 613.382776] __ia32_compat_sys_socketcall+0x1cb/0x25b [ 613.388093] do_fast_syscall_32+0xaf/0xf6 [ 613.392370] entry_SYSENTER_compat+0x6b/0x7a
