Kernel Crash: BUG: kernel NULL pointer dereference, address: 0000000000000004

[hunbalazs]

Hello,

I observed another module crash with JNLOP_BIB_RM

[  271.865316] BUG: kernel NULL pointer dereference, address: 0000000000000004
[  271.865319] #PF: supervisor read access in kernel mode
[  271.865320] #PF: error_code(0x0000) - not-present page
[  271.865322] PGD 0 P4D 0 
[  271.865323] Oops: 0000 [#1] PREEMPT SMP NOPTI
[  271.865325] CPU: 7 PID: 10260 Comm: python Tainted: G     U     O    T 5.15.26-gentoo #5
[  271.865327] Hardware name: Dell Inc. Latitude 5511/0C33CM, BIOS 1.4.3 12/23/2020
[  271.865328] RIP: 0010:jnla_get_taddr4+0x5f/0xb0 [jool_common]
[  271.865337] Code: 74 60 48 89 d3 48 c7 c1 20 46 4e c0 48 89 fa be 02 00 00 00 48 89 e7 e8 0f fb ff ff 85 c0 75 21 48 8b 44 24 10 48 8b 7c 24 08 <0f> b7 40 04 48 89 da 66 89 43 04 48 c7 c6 fb 90 4d c0 e8 9a ed ff
[  271.865338] RSP: 0018:ffff9fc3d707b9f0 EFLAGS: 00010246
[  271.865340] RAX: 0000000000000000 RBX: ffff9fc3d707ba34 RCX: 0000000000000000
[  271.865341] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  271.865342] RBP: ffff9c4484154d00 R08: 0000000000000000 R09: 0000000000000000
[  271.865343] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9c44c668ef00
[  271.865344] R13: ffffffffc04e4920 R14: 0000000000000000 R15: ffff9fc3d707bc50
[  271.865345] FS:  00007f4c382f1740(0000) GS:ffff9c4bdd5c0000(0000) knlGS:0000000000000000
[  271.865347] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  271.865348] CR2: 0000000000000004 CR3: 0000000103b0e006 CR4: 00000000007706e0
[  271.865349] PKRU: 55555554
[  271.865350] Call Trace:
[  271.865352]  <TASK>
[  271.865353]  handle_bib_rm+0x234/0x2e0 [jool_common]
[  271.865360]  ? handling_hairpinning_siit+0x170/0x170 [jool_common]
[  271.865364]  ? is_hairpin_nat64+0x40/0x40 [jool_common]
[  271.865368]  genl_family_rcv_msg_doit+0x133/0x1a0
[  271.865371]  genl_rcv_msg+0x110/0x210
[  271.865373]  ? _copy_to_iter+0xff/0x650
[  271.865375]  ? handle_bib_add+0x170/0x170 [jool_common]
[  271.865381]  ? genl_get_cmd+0x100/0x100
[  271.865383]  netlink_rcv_skb+0x76/0x160
[  271.865384]  genl_rcv+0x1f/0x30
[  271.865386]  netlink_unicast+0x239/0x350
[  271.865388]  netlink_sendmsg+0x23f/0x4a0
[  271.865389]  sock_sendmsg+0x5c/0x70
[  271.865392]  __sys_sendto+0x235/0x2b0
[  271.865396]  __x64_sys_sendto+0x1b/0x30
[  271.865398]  ? do_syscall_64+0x38/0x90
[  271.865400]  ? entry_SYSCALL_64_after_hwframe+0x44/0xae
[  271.865402]  </TASK>
[  271.865403] Modules linked in: jool(O) jool_common(O) veth fuse nfs lockd grace sunrpc snd_usb_audio snd_hwdep snd_usbmidi_lib r8152 snd_rawmidi mii
[  271.865412] CR2: 0000000000000004
[  271.865413] ---[ end trace 259b31fdd4c9a6f8 ]---
[  271.886288] RIP: 0010:jnla_get_taddr4+0x5f/0xb0 [jool_common]
[  271.886302] Code: 74 60 48 89 d3 48 c7 c1 20 46 4e c0 48 89 fa be 02 00 00 00 48 89 e7 e8 0f fb ff ff 85 c0 75 21 48 8b 44 24 10 48 8b 7c 24 08 <0f> b7 40 04 48 89 da 66 89 43 04 48 c7 c6 fb 90 4d c0 e8 9a ed ff
[  271.886304] RSP: 0018:ffff9fc3d707b9f0 EFLAGS: 00010246
[  271.886306] RAX: 0000000000000000 RBX: ffff9fc3d707ba34 RCX: 0000000000000000
[  271.886307] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  271.886308] RBP: ffff9c4484154d00 R08: 0000000000000000 R09: 0000000000000000
[  271.886309] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9c44c668ef00
[  271.886310] R13: ffffffffc04e4920 R14: 0000000000000000 R15: ffff9fc3d707bc50
[  271.886311] FS:  00007f4c382f1740(0000) GS:ffff9c4bdd5c0000(0000) knlGS:0000000000000000
[  271.886313] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  271.886314] CR2: 0000000000000004 CR3: 0000000103b0e006 CR4: 00000000007706e0
[  271.886315] PKRU: 55555554

The crash is triggered because JNLAB_SRC4 is present but empty (encoder not written yet in python module). Here is the reproducer: https://gist.github.com/hunbalazs/44ba4bacebf79898be10d0a3137dd5a6

P.S.: I really should start testing in a VM :smile:

[ydahhrk]

P.S.: I really should start testing in a VM

Sorry about that :/

[hunbalazs]

P.S.: I really should start testing in a VM

Sorry about that :/

That's OK, thank you for the fix!