Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kernel Crash: BUG: kernel NULL pointer dereference, address: 0000000000000030 #401

Closed
hunbalazs opened this issue Apr 26, 2023 · 2 comments
Closed

Kernel Crash: BUG: kernel NULL pointer dereference, address: 0000000000000030 #401

hunbalazs opened this issue Apr 26, 2023 · 2 comments
Labels
Bug
Milestone
4.1.10

Comments

@hunbalazs
Copy link

Hello,

While implementing a python module to communicate with jool using netlink interface I tested if sending JNLOP_EAMT_FOREACH to XT_TYPE_NAT64 would trigger the expected Command unsupported by NAT64 translators. message but I received a crash:

[   41.376638] Jool: Core Jool v4.1.9.0 module inserted.
[   41.377608] NAT64 Jool v4.1.9.0 module inserted.
[   53.657704] Jool error: Command unsupported by NAT64 translators.
[   53.657708] BUG: kernel NULL pointer dereference, address: 0000000000000030
[   53.657711] #PF: supervisor read access in kernel mode
[   53.657712] #PF: error_code(0x0000) - not-present page
[   53.657713] PGD 0 P4D 0 
[   53.657715] Oops: 0000 [#1] PREEMPT SMP NOPTI
[   53.657717] CPU: 7 PID: 9140 Comm: python Tainted: G     U     O    T 5.15.26-gentoo #5
[   53.657719] Hardware name: Dell Inc. Latitude 5511/0C33CM, BIOS 1.4.3 12/23/2020
[   53.657720] RIP: 0010:rtrie_foreach+0x12/0xd0 [jool_common]
[   53.657728] Code: d2 31 ff c3 e8 3f 2d d9 d9 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 57 41 56 4c 8d 77 08 41 55 41 54 55 53 48 83 ec 08 <48> 8b 47 08 48 89 14 24 49 39 c6 0f 84 8a 00 00 00 48 8b 47 08 49
[   53.657729] RSP: 0018:ffff8ff2c09af9b8 EFLAGS: 00010296
[   53.657731] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   53.657732] RDX: ffff8ff2c09af9f8 RSI: ffffffffc0473e70 RDI: 0000000000000028
[   53.657733] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   53.657734] R10: 0000000000000000 R11: 0000000000000000 R12: ffff891242eeb600
[   53.657735] R13: ffffffffc0491920 R14: 0000000000000030 R15: ffff8ff2c09afc50
[   53.657736] FS:  00007f3255fa0740(0000) GS:ffff89199d5c0000(0000) knlGS:0000000000000000
[   53.657738] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   53.657739] CR2: 0000000000000030 CR3: 000000010c128003 CR4: 00000000007706e0
[   53.657740] PKRU: 55555554
[   53.657741] Call Trace:
[   53.657742]  <TASK>
[   53.657744]  eamt_foreach+0x70/0xb0 [jool_common]
[   53.657750]  ? handle_denylist4_flush+0xe0/0xe0 [jool_common]
[   53.657756]  handle_eamt_foreach+0x11f/0x210 [jool_common]
[   53.657763]  genl_family_rcv_msg_doit+0x133/0x1a0
[   53.657767]  genl_rcv_msg+0x110/0x210
[   53.657768]  ? serialize_eam_entry+0x20/0x20 [jool_common]
[   53.657773]  ? genl_get_cmd+0x100/0x100
[   53.657775]  netlink_rcv_skb+0x76/0x160
[   53.657777]  genl_rcv+0x1f/0x30
[   53.657778]  netlink_unicast+0x239/0x350
[   53.657780]  netlink_sendmsg+0x23f/0x4a0
[   53.657781]  sock_sendmsg+0x5c/0x70
[   53.657784]  __sys_sendto+0x235/0x2b0
[   53.657788]  __x64_sys_sendto+0x1b/0x30
[   53.657790]  ? do_syscall_64+0x38/0x90
[   53.657792]  ? entry_SYSCALL_64_after_hwframe+0x44/0xae
[   53.657795]  </TASK>
[   53.657795] Modules linked in: jool(O) jool_common(O) fuse nfs lockd grace sunrpc snd_usb_audio snd_hwdep r8152 snd_usbmidi_lib snd_rawmidi mii
[   53.657804] CR2: 0000000000000030
[   53.657805] ---[ end trace 24b6f593a505c92d ]---
[   53.679240] RIP: 0010:rtrie_foreach+0x12/0xd0 [jool_common]
[   53.679254] Code: d2 31 ff c3 e8 3f 2d d9 d9 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 57 41 56 4c 8d 77 08 41 55 41 54 55 53 48 83 ec 08 <48> 8b 47 08 48 89 14 24 49 39 c6 0f 84 8a 00 00 00 48 8b 47 08 49
[   53.679255] RSP: 0018:ffff8ff2c09af9b8 EFLAGS: 00010296
[   53.679257] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[   53.679259] RDX: ffff8ff2c09af9f8 RSI: ffffffffc0473e70 RDI: 0000000000000028
[   53.679260] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[   53.679261] R10: 0000000000000000 R11: 0000000000000000 R12: ffff891242eeb600
[   53.679262] R13: ffffffffc0491920 R14: 0000000000000030 R15: ffff8ff2c09afc50
[   53.679263] FS:  00007f3255fa0740(0000) GS:ffff89199d5c0000(0000) knlGS:0000000000000000
[   53.679264] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   53.679265] CR2: 0000000000000030 CR3: 000000010c128003 CR4: 00000000007706e0
[   53.679267] PKRU: 55555554

The strange thing is that the precheck fails but the execution still reaches eamt_foreach.

WIP code for testing: https://gist.github.com/hunbalazs/b1c8d38654c84fa87c4a64b2155720c5
@ydahhrk
Copy link
Member

ydahhrk commented Apr 26, 2023

Should be working properly in the new commit. Feel free to reopen if you still have problems.

# jool attribute t(arget?) address

These are "transport" address attributes.

@hunbalazs
Copy link
Author

Thank you very much!

These are "transport" address attributes.

Updated comment, thanks

@ydahhrk ydahhrk added this to the 4.1.10 milestone Jun 11, 2023
@ydahhrk ydahhrk added the Bug label Jun 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
4.1.10
Development

No branches or pull requests
2 participants
@hunbalazs @ydahhrk