Skip to content

Instantly share code, notes, and snippets.

@DasSkelett

DasSkelett/Crashdump ICMP

Last active January 31, 2026 16:42
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save DasSkelett/6bc490b5210698189a585b9a7f78392e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save DasSkelett/6bc490b5210698189a585b9a7f78392e to your computer and use it in GitHub Desktop.
Download ZIP
eBPF kernel panics in on PowerPC (and possibly more Big Endian systems)
Raw
README.md

eBPF kernel panics in on PowerPC

(and possibly more architectures -> Big Endian issue?)

BPF code: https://github.com/freifunkMUC/community-packages/blob/a7bc5832579dd4143d32576ec533acbe2f60742c/ffmuc-ebpf-clat/src/clat.bpf.c

  • Compiler: clang20
  • libbpf: v1.5.1 and v1.6.2
  • Kernel: 5.15.183 (OpenWRT/Gluon)

Two different kernel panics:

on ICMP packets

Kernel NULL pointer dereference on read at 0x00000054 in bpf_skb_load_bytes

Likely this call: https://github.com/freifunkMUC/community-packages/blob/a7bc5832579dd4143d32576ec533acbe2f60742c/ffmuc-ebpf-clat/src/clat.bpf.c#L362

on TCP packets (probably also UDP, not tested)

Kernel NULL pointer dereference on read at 0x00000054 in skb_ensure_writable

This call: https://github.com/freifunkMUC/community-packages/blob/a7bc5832579dd4143d32576ec533acbe2f60742c/ffmuc-ebpf-clat/src/clat.bpf.c#L334-L335

Raw
Crashdump ICMP
root@ds-wsap3710i:/# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
[ 462.560974] BUG: Kernel NULL pointer dereference on read at 0x00000054
[ 462.567521] Faulting instruction address: 0xc052a46c
[ 462.572480] Oops: Kernel access of bad area, sig: 11 [#1]
[ 462.732180] CPU: 0 PID: 251 Comm: kworker/0:2 Not tainted 5.15.183 #0
[ 462.738623] Workqueue: wg-crypt-wg_c1 wg_packet_decrypt_worker [wireguard]
[ 462.745521] NIP: c052a46c LR: d4332550 CTR: c052a450
[ 462.750567] REGS: cfef7ad0 TRAP: 0300 Not tainted (5.15.183)
[ 462.756482] MSR: 00029000 <CE,EE,ME> CR: 48002222 XER: 20000000
[ 462.762677] DEAR: 00000054 ESR: 00000000
[ 462.762677] GPR00: c052a450 cfef7bb0 c0fd3de0 00000000 00000000 00000000 00000028 00000000
[ 462.762677] GPR08: cfef7bf8 00000000 00000008 00000000 00000002 00000000 00000070 000086dd
[ 462.762677] GPR16: 00000100 00000000 cfef7c00 c0950554 00008100 24004424 c2eec900 00000000
[ 462.762677] GPR24: 00000000 ffffffff c300cf40 00000000 c32980a0 cfef7d38 cfef7bf8 00000008
[ 462.800157] NIP [c052a46c] bpf_skb_load_bytes+0x1c/0xf4
[ 462.805387] LR [d4332550] bpf_prog_c15f4a4c5e0e1c69_update_l4_6to4+0x398/0xe48
[ 462.812608] Call Trace:
[ 462.815047] [cfef7bb0] [c00618cc] ttwu_do_wakeup.constprop.0+0x20/0x12c (unreliable)
[ 462.822809] [cfef7bd0] [c0061cf8] try_to_wake_up+0x23c/0x668
[ 462.828471] [cfef7c40] [d432c518] bpf_prog_095430e72dc1c61c_clat_ingress_6to4+0x39c/0xe84
[ 462.836650] [cfef7cb0] [d3373480] 0xd3373480
[ 462.840939] [cfef7cf0] [c0571450] tcf_classify+0x90/0x194
[ 462.846357] [cfef7d20] [c05029cc] __netif_receive_skb_core.constprop.0+0xa64/0xf3c
[ 462.853938] [cfef7da0] [c0502fac] __netif_receive_skb_list_core+0x108/0x258
[ 462.860902] [cfef7df0] [c05032e0] netif_receive_skb_list_internal+0x1e4/0x308
[ 462.868039] [cfef7e40] [c05037a4] napi_complete_done+0x78/0x1e0
[ 462.873963] [cfef7e60] [d3787a40] wg_packet_rx_poll+0x484/0x7fc [wireguard]
Raw
Crashdump TCP
[ 1650.811017] BUG: Kernel NULL pointer dereference on read at 0x00000054
[ 1650.817565] Faulting instruction address: 0xc04e27e8
[ 1650.822523] Oops: Kernel access of bad area, sig: 11 [#1]
[ 1650.827917] BE PAGE_SIZE=4K SMP NR_CPUS=2 P1020 RDB
...
[ 1650.982226] CPU: 0 PID: 7797 Comm: kworker/0:1 Not tainted 5.15.183 #0
[ 1650.988757] Workqueue: wg-crypt-wg_c1 wg_packet_decrypt_worker [wireguard]
[ 1650.995656] NIP: c04e27e8 LR: c052c5d8 CTR: c052c560
[ 1651.000702] REGS: cfef7aa0 TRAP: 0300 Not tainted (5.15.183)
[ 1651.006617] MSR: 00029000 <CE,EE,ME> CR: 28002282 XER: 00000000
[ 1651.012812] DEAR: 00000054 ESR: 00000000
[ 1651.012812] GPR00: d3c80600 cfef7b80 c0ec5280 00000000 0000003a 00000000 00000038 00000000
[ 1651.012812] GPR08: 00000000 00000000 d0c9f2a5 00000000 28002282 00000000 00000050 000086dd
[ 1651.012812] GPR16: 00000100 00000000 cfef7c00 c0950554 00008100 00000000 00000010 00000000
[ 1651.012812] GPR24: 00000000 00000010 00000000 00000000 d0c9f2a5 cfef7d38 0000003a 00000000
[ 1651.050292] NIP [c04e27e8] skb_ensure_writable+0x14/0xe4
[ 1651.055622] LR [c052c5d8] bpf_l4_csum_replace+0x78/0x1fc
[ 1651.060936] Call Trace:
[ 1651.063376] [cfef7ba0] [00000000] 0x0
[ 1651.067039] [cfef7bd0] [d3c80600] bpf_prog_c15f4a4c5e0e1c69_update_l4_6to4+0x1a0/0xba0
[ 1651.074957] [cfef7c40] [d3c7a610] bpf_prog_095430e72dc1c61c_clat_ingress_6to4+0x39c/0xd8c
[ 1651.083136] [cfef7cb0] [d33db480] 0xd33db480
[ 1651.087427] [cfef7cf0] [c0571450] tcf_classify+0x90/0x194
[ 1651.092845] [cfef7d20] [c05029cc] __netif_receive_skb_core.constprop.0+0xa64/0xf3c
[ 1651.100426] [cfef7da0] [c0502fac] __netif_receive_skb_list_core+0x108/0x258
[ 1651.107391] [cfef7df0] [c05032e0] netif_receive_skb_list_internal+0x1e4/0x308
[ 1651.114533] [cfef7e40] [c05037a4] napi_complete_done+0x78/0x1e0
[ 1651.120457] [cfef7e60] [d3666a40] wg_packet_rx_poll+0x484/0x7fc [wireguard]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment