[343582.339988] BUG: unable to handle kernel NULL pointer dereference at 00000000000000a4 [343582.340013] IP: [<ffffffffa0ab8031>] lxp_port_bind_tcp_match+0x11/0xa0 [mymod] [343582.340024] PGD 0 [343582.340026] Oops: 0000 [#1] SMP [343582.340028] Modules linked in: mymod(OEN) fuse nls_utf8 isofs iptable_filter ip_tables x_tables af_packet vmw_vsock_vmci_transport vsock iscsi_ibft iscsi_boot_sysfs bnep xfs libcrc32c coretemp crct10dif_pclmul crc32_pclmul btusb btrtl btbcm btintel ghash_clmulni_intel bluetooth rfkill crc16 drbg ansi_cprng aesni_intel aes_x86_64 joydev snd_ens1371 lrw gf128mul glue_helper ablk_helper pcspkr vmw_balloon cryptd snd_ac97_codec snd_rawmidi snd_seq_device snd_pcm fjes snd_timer snd soundcore ac97_bus e1000 button mptctl ac processor shpchp vmw_vmci i2c_piix4 btrfs hid_generic usbhid ata_generic xor raid6_pq sd_mod sr_mod cdrom ata_piix crc32c_intel vmwgfx drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ahci libahci ttm serio_raw drm uhci_hcd mptspi scsi_transport_spi mptscsih mptbase ehci_pci [343582.340064] ehci_hcd usbcore libata usb_common sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua scsi_mod autofs4 [last unloaded: mymod] [343582.340069] Supported: No, Unsupported modules are loaded [343582.340091] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G OE N 4.4.156-94.64-default #1 [343582.340093] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015 [343582.340094] task: ffffffff81e15500 ti: ffffffff81e00000 task.ti: ffffffff81e00000 [343582.340096] RIP: 0010:[<ffffffffa0ab8031>] [<ffffffffa0ab8031>] lxp_port_bind_tcp_match+0x11/0xa0 [mymod] [343582.340103] RSP: 0018:ffff88005b003a60 EFLAGS: 00010246 [343582.340104] RAX: 0000000000000000 RBX: ffff88005b003b38 RCX: 0000000046ba0c48 [343582.340105] RDX: 0000000000000001 RSI: ffff88005b003a70 RDI: ffff880058583900 [343582.340106] RBP: 0000000002000000 R08: 0000000002000000 R09: ffff88005b003b38 [343582.340107] R10: ffff880058583900 R11: ffff8800046ecae2 R12: 0000000000000000 [343582.340108] R13: ffff880058583900 R14: 0000000002000000 R15: 0000000000000000 [343582.340110] FS: 0000000000000000(0000) GS:ffff88005b000000(0000) knlGS:0000000000000000 [343582.340111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [343582.340112] CR2: 00000000000000a4 CR3: 0000000002136000 CR4: 0000000000360670 [343582.340160] Stack: [343582.340161] 00000000000002ab ffffffffa0ab74b4 0000000600000246 0188a8c0160077f7 [343582.340163] ffffffff9888a8c0 ffff88005b003b38 0000000002000000 ffff88005b003b38 [343582.340165] ffffffffa0ab772c ffff8800370240a0 9888a8c00188a8c0 00000006160077f7 [343582.340167] Call Trace: [343582.340221] [<ffffffffa0ab74b4>] lxp_get_net_logic_dir+0x54/0x80 [mymod] [343582.340227] [<ffffffffa0ab772c>] lxp_net_handle+0x1fc/0x3a0 [mymod] [343582.340234] [<ffffffffa0ab79e1>] lxp_net_iter_logic+0x71/0x80 [mymod] [343582.340240] [<ffffffffa0ab7a67>] lxp_nf_logic+0x77/0xb0 [mymod] [343582.340247] [<ffffffffa0ab2904>] hook_filter_pre_routing+0x74/0xa0 [mymod] [343582.340253] [<ffffffff815565ca>] nf_iterate+0x5a/0x70 [343582.340346] [<ffffffff8155663d>] nf_hook_slow+0x5d/0xb0 [343582.340349] [<ffffffff8155d8db>] ip_rcv+0x2eb/0x3c0 [343582.340390] [<ffffffff8152125c>] __netif_receive_skb_core+0x36c/0x9d0 [343582.340428] [<ffffffff8152192f>] netif_receive_skb_internal+0x1f/0x80 [343582.340431] [<ffffffff81522655>] napi_gro_receive+0xc5/0xf0 [343582.340439] [<ffffffffa0490d10>] e1000_clean_rx_irq+0x2b0/0x4d0 [e1000] [343582.340481] [<ffffffffa048e746>] e1000_clean+0x266/0x8c0 [e1000] [343582.340485] [<ffffffff81521fec>] net_rx_action+0x15c/0x370 [343582.340489] [<ffffffff8108637c>] __do_softirq+0xec/0x300 [343582.340576] [<ffffffff8108684a>] irq_exit+0xfa/0x110 [343582.340582] [<ffffffff816201a1>] do_IRQ+0x51/0xe0 [343582.340621] [<ffffffff8161d782>] common_interrupt+0xc2/0xc2 [343582.347629] DWARF2 unwinder stuck at ret_from_intr+0x0/0x1b [343582.347631] [343582.347632] Leftover inexact backtrace: [343582.347634] <IRQ> [343582.347672] <EOI> [343582.347676] [<ffffffff81020e80>] ? idle_notifier_unregister+0x20/0x20 [343582.347679] [<ffffffff81061272>] ? native_safe_halt+0x2/0x10 [343582.347681] [<ffffffff81020e98>] ? default_idle+0x18/0xd0 [343582.347683] [<ffffffff810c5e01>] ? cpu_startup_entry+0x2f1/0x390 [343582.347686] [<ffffffff81f8b0c7>] ? start_kernel+0x4c8/0x4d3 [343582.347688] [<ffffffff81f8aa03>] ? set_init_arg+0x50/0x50 [343582.347691] [<ffffffff81f8a120>] ? early_idt_handler_array+0x120/0x120 [343582.347692] [<ffffffff81f8a719>] ? x86_64_start_kernel+0x147/0x156 [343582.347693] Code: 7e 04 06 74 05 e9 d0 fe ff ff e9 1b fe ff ff 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 83 ec 08 48 8b 47 58 48 83 e0 fe <8b> 90 a4 00 00 00 85 d2 75 55 44 0f b7 4e 0a 44 8b 97 a0 00 00 [343582.347714] RIP [<ffffffffa0ab8031>] lxp_port_bind_tcp_match+0x11/0xa0 [mymod] [343582.347723] RSP <ffff88005b003a60> [343582.347724] CR2: 00000000000000a4
问题发生背景:每次通过putty连接到服务器就导致发生crash。
问题分析:
1.crash的RIP定位在 inet_iif接口处发生奔溃,inet_iif在__inet_lookup_listener函数传最后一个参数。
2.分析内核源码:
inet_iif实现在include/net/route.h
static inline int inet_iif(const struct sk_buff *skb) { int iif = skb_rtable(skb)->rt_iif;
if (iif) return iif; return skb->skb_iif; }
3.pre_routing时候skb中还没包含路由相关的信息, skb_rtable(skb)获取的路由表为空,导致kenrel crash。
注:内核版本4.4.73-5-default
