Modify

Opened 2 years ago

Last modified 2 years ago

#21779 new defect

kmod-ipt-lua kernel panic

Reported by: anonymous Owned by: developers
Priority: response-needed Milestone:
Component: kernel Version: Trunk
Keywords: packetscript Cc:

Description

Packetscript crashes kernel on many parser calls.
For example

function process_packet(p)
 local eth = p:data(packet_eth)
 local ip = eth:data(packet_ip)
 return XT_CONTINUE
end

packet_eth OK, packet_ip causes panic

...
  smac = eth:smac()
  if smac:get() == "01:23:45:67:89:AB" then
   return XT_CONTINUE
  end

smac:get() causes panic

Tried calling in OUTPUT/filter and POSTROUTING/mangle chains - same result.
Problem exists in latest x86_64 trunk and in AR71XX

Attachments (0)

Change History (6)

comment:1 Changed 2 years ago by jow

What about posting the actual crash?

comment:2 Changed 2 years ago by jow

  • Priority changed from normal to response-needed

comment:3 Changed 2 years ago by anonymous

I have openwrt in vmware. How do I catch the crash ? Screen scrolls and I cant copy-paste

comment:4 Changed 2 years ago by jow

You could run it in qemu with plain stdio mode instead, you could try to enable serial logging in vmware, you could attach a usb serial adapter to your ar71xx device.

Also please attach test cases.

comment:5 Changed 2 years ago by anonymous

Test case :

1) Create /root/test.lua :

function process_packet(p)
 local eth = p:data(packet_eth)
 if eth then
  local ip = eth:data(packet_ip)
 end
 return XT_CONTINUE
end

2)
iptables -I OUTPUT 1 -p tcp --dport 80 -j LUA --script /root/test.lua
3)
wget www.ru

comment:6 Changed 2 years ago by anonymous

Kernel log :

[   31.695601] BUG: unable to handle kernel paging request at 000000000001000c
[   31.696857] IP: [<ffffffffa011582b>] luaopen_controller+0xab/0xd0 [xt_LUA]
[   31.698039] PGD 7c954067 PUD 7c5ed067 PMD 0 
[   31.698884] Oops: 0000 [#1] SMP 
[   31.699539] Modules linked in: pppoe ppp_async iptable_nat pppox ppp_generic nf_nat_ipv4 nf_conntrack_ipv6 nf_conntrack_ipv4 ipt_REJECT ipt_MASQUERADE xt_u32 xt_time xt_tcpudp xt_string xt_state xt_recent xt_quota xt_pkttype xt_physdev xt_owner xt_nat xt_multiport xt_mark xt_mac xt_limit xt_id xt_helper xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_addrtype xt_TCPMSS xt_REDIRECT xt_LUA xt_LOG xt_IPMARK xt_CT ts_kmp ts_fsm ts_bm slhc r8169 pcnet32 nf_reject_ipv4 nf_nat_masquerade_ipv4 nf_nat nf_log_ipv4 nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_rtcache nf_conntrack iptable_raw iptable_mangle iptable_filter ip_tables e1000e crc_ccitt compat_xtables ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_raw ip6table_mangle ip6table_filter ip6_tables x_tables e1000 button_hotplug ptp pps_core mii
[   31.714047] CPU: 0 PID: 1768 Comm: wget Not tainted 3.18.23 #1
[   31.715033] task: ffff88007c109b40 ti: ffff88007c438000 task.ti: ffff88007c438000
[   31.716307] RIP: 0010:[<ffffffffa011582b>]  [<ffffffffa011582b>] luaopen_controller+0xab/0xd0 [xt_LUA]
[   31.717919] RSP: 0018:ffff88007c43b870  EFLAGS: 00010046
[   31.718811] RAX: 000000000001000b RBX: ffff88007cbbb400 RCX: 0000000000000002
[   31.720023] RDX: 000000000000ffff RSI: ffffffffa012b5a0 RDI: ffff88007cbbb400
[   31.721196] RBP: ffffffffa012b5a0 R08: 0000000000000000 R09: ffffc90000292000
[   31.722374] R10: ffff88007d186000 R11: 0000000000000000 R12: 0000000000000003
[   31.723566] R13: ffff88007c0da028 R14: ffff88007c0da868 R15: 0000000000000002
[   31.724749] FS:  00007f0a050a5ee8(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
[   31.726141] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   31.727154] CR2: 000000000001000c CR3: 000000007c51f000 CR4: 00000000001407f0
[   31.728383] Stack:
[   31.728767]  ffffffffa0115509 0000002000000000 0000000000000060 0000000000000000
[   31.730172]  ffff88007cbbb400 0000000000000002 ffff88007cbbb880 ffff88007c7d739c
[   31.731571]  ffff88007c7d73a0 ffff88007cbbb850 ffffffffa011d0cb 0000000000000020
[   31.732978] Call Trace:
[   31.733445]  [<ffffffffa0115509>] ? get_metatable_from_protocol_type+0x329/0x420 [xt_LUA]
[   31.734850]  [<ffffffffa011d0cb>] ? luaD_precall+0x20b/0x520 [xt_LUA]
[   31.735918]  [<ffffffffa0128800>] ? luaV_gettable+0x70/0x130 [xt_LUA]
[   31.736991]  [<ffffffffa01299ca>] ? luaV_execute+0xb8a/0x1440 [xt_LUA]
[   31.738079]  [<ffffffffa011d455>] ? luaD_call+0x75/0xa0 [xt_LUA]
[   31.739096]  [<ffffffffa011c7f3>] ? luaD_rawrunprotected+0x53/0x80 [xt_LUA]
[   31.740264]  [<ffffffffa011c817>] ? luaD_rawrunprotected+0x77/0x80 [xt_LUA]
[   31.741415]  [<ffffffffa011d5c2>] ? luaD_pcall+0x42/0xc0 [xt_LUA]
[   31.742450]  [<ffffffffa011806a>] ? lua_pcall+0x4a/0xa0 [xt_LUA]
[   31.743462]  [<ffffffffa01142f1>] ? 0xffffffffa01142f1
[   31.744356]  [<ffffffffa008a35d>] ? ipt_do_table+0x1ed/0x5c0 [ip_tables]
[   31.745484]  [<ffffffff81383a30>] ? ip_forward_options+0x1d0/0x1d0
[   31.746528]  [<ffffffff8137adaa>] ? nf_iterate+0x8a/0xa0
[   31.747422]  [<ffffffff81383a30>] ? ip_forward_options+0x1d0/0x1d0
[   31.748467]  [<ffffffff8137ae2e>] ? nf_hook_slow+0x6e/0x120
[   31.749410]  [<ffffffff81383a30>] ? ip_forward_options+0x1d0/0x1d0
[   31.750443]  [<ffffffff81385f4a>] ? __ip_local_out+0x6a/0x70
[   31.751402]  [<ffffffff81385f64>] ? ip_local_out_sk+0x14/0x40
[   31.752362]  [<ffffffff813862df>] ? ip_queue_xmit+0x12f/0x350
[   31.753341]  [<ffffffff8139b7ad>] ? tcp_transmit_skb+0x42d/0x950
[   31.754345]  [<ffffffff81344907>] ? __alloc_skb+0x87/0x1c0
[   31.755277]  [<ffffffff8139d306>] ? tcp_connect+0x676/0x6e0
[   31.756221]  [<ffffffff8134b907>] ? secure_tcp_sequence_number+0x37/0x90
[   31.757334]  [<ffffffff8139fd9b>] ? tcp_v4_connect+0x2ab/0x470
[   31.758322]  [<ffffffff813b5653>] ? __inet_stream_connect+0x93/0x2e0
[   31.759393]  [<ffffffff810d802e>] ? kmem_cache_alloc+0x7e/0xb0
[   31.760376]  [<ffffffff813a41fc>] ? tcp_assign_congestion_control+0x2c/0x90
[   31.761532]  [<ffffffff814339c8>] ? __schedule+0x268/0x6c0
[   31.762465]  [<ffffffff813b58d2>] ? inet_stream_connect+0x32/0x50
[   31.763494]  [<ffffffff8133c704>] ? SyS_connect+0x64/0xe0
[   31.764412]  [<ffffffff810dd761>] ? alloc_file+0x11/0xb0
[   31.765307]  [<ffffffff8133a5be>] ? sock_alloc_file+0x9e/0x120
[   31.766460]  [<ffffffff810f5c95>] ? __fd_install+0x15/0x50
[   31.767399]  [<ffffffff8133c129>] ? SyS_socket+0x89/0xd0
[   31.768296]  [<ffffffff81437089>] ? system_call_fastpath+0x12/0x17
[   31.769320] Code: 00 00 48 89 df e8 c6 15 00 00 48 89 df e8 6e ec ff ff 48 89 df 5b e9 85 f6 ff ff 0f 1f 44 00 00 8b 02 48 8b 52 10 48 8d 44 02 0c <0f> b6 50 01 0f b6 00 c1 e2 08 c1 e0 08 09 c2 31 c0 83 f9 02 0f 
[   31.774891] RIP  [<ffffffffa011582b>] luaopen_controller+0xab/0xd0 [xt_LUA]
[   31.776092]  RSP <ffff88007c43b870>
[   31.776714] CR2: 000000000001000c
[   31.777319] ---[ end trace 123985d2e3af8115 ]---
[   31.778113] Kernel panic - not syncing: Fatal exception in interrupt
[   31.779279] Kernel Offset: 0x0 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffff9fffffff)
[   31.780993] Rebooting in 30 seconds..

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.