BUG: unable to handle kernel NULL pointer dereference
Brought to you by:
m_singer
Menu
▾
▴
#7 BUG: unable to handle kernel NULL pointer dereference
I tried to use the usb-vhci with simavr, using the virtual machine - (QEMU with Knoppix 7.0.4 image).
Unfortunately, when I tried to compile current simavr, obtained via:
$git clone git://gitorious.org/simavr/simavr.git
$cd simavr
$make
$cd examples/vhci
$make
$cd ../extra_board_usb
$make
it compiled successfully, but then when I issued (in the examples/vhci/
vhci-hcd-1.14 directory)
#insmod usb-vhci-hcd.ko
#insmod usb-vhci-iocifc.ko
and further (in the examples/extra_board_usb)
#./simusb.elf
I got the following error:
BUG: unable to handle kernel NULL pointer dereference at (null)
[ 2118.390655] IP: [< (null)>] (null)
[ 2118.390662] *pde = 00000000
[ 2118.390669] Oops: 0000 [#1] PREEMPT SMP
[ 2118.390683] Modules linked in: usb_vhci_iocifc(O) usb_vhci_hcd(O) ppdev lp 8250_pnp parport_pc 8250 serial_core parport floppy ipv6 e1000 i2c_piix4
[ 2118.390711]
[ 2118.390723] Pid: 14661, comm: simusb.elf Tainted: G O 3.4.9 #34 Bochs Bochs
[ 2118.390734] EIP: 0060:[<00000000>] EFLAGS: 00210282 CPU: 0
[ 2118.390741] EIP is at 0x0
[ 2118.390746] EAX: f59f4200 EBX: f59f4200 ECX: f4ee7d20 EDX: dee36400
[ 2118.390753] ESI: f80185d4 EDI: dee36400 EBP: def05b78 ESP: def05b4c
[ 2118.390759] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 2118.390765] CR0: 8005003b CR2: 00000000 CR3: 2ebd3000 CR4: 00000690
[ 2118.390789] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 2118.390801] DR6: ffff0ff0 DR7: 00000400
[ 2118.390808] Process simusb.elf (pid: 14661, ti=def04000 task=eeab00e0 task.ti=def04000)
[ 2118.390813] Stack:
[ 2118.390817] c1435ba1 f59f4600 c136a666 00000001 f4ee7f68 00000000 00000000 00000000
[ 2118.390832] dee36400 f59f4200 00000001 def05bd8 c1437e0f 00000000 def05ba8 c1115235
[ 2118.390846] 00000000 f4d48148 def05bd4 00000000 f5afec08 f68b9e48 00000000 def05be8
[ 2118.390861] Call Trace:
[ 2118.390909] [<c1435ba1>] ? usb_hcd_alloc_bandwidth+0x16e/0x281
[ 2118.390934] [<c136a666>] ? __pm_runtime_resume+0x43/0x4b
[ 2118.390944] [<c1437e0f>] usb_set_configuration+0x1f8/0x50e
[ 2118.390981] [<c1115235>] ? sysfs_addrm_finish+0x15/0x7a
[ 2118.390989] [<c1115ab8>] ? sysfs_do_create_link+0x129/0x160
[ 2118.391003] [<c143e666>] generic_probe+0x47/0x79
[ 2118.391010] [<c1115b01>] ? sysfs_create_link+0x12/0x14
[ 2118.391019] [<c143931f>] usb_probe_device+0x16/0x27
[ 2118.391039] [<c1363eef>] driver_probe_device+0x92/0x190
[ 2118.391049] [<c136406c>] __device_attach+0x1c/0x2c
[ 2118.391058] [<c1362aae>] bus_for_each_drv+0x38/0x69
[ 2118.391066] [<c1363e27>] device_attach+0x63/0x80
[ 2118.391075] [<c1364050>] ? __driver_attach+0x63/0x63
[ 2118.391084] [<c136362a>] bus_probe_device+0x22/0x75
[ 2118.391092] [<c136239a>] device_add+0x370/0x4e2
[ 2118.391110] [<c1342100>] ? add_device_randomness+0x56/0x61
[ 2118.391127] [<c14328eb>] usb_new_device+0x1b8/0x241
[ 2118.391135] [<c1434f75>] usb_add_hcd+0x3d7/0x57d
[ 2118.391143] [<c1434490>] ? usb_create_shared_hcd+0x10b/0x168
[ 2118.391155] [<f8017464>] vhci_hcd_probe+0x70/0x8e [usb_vhci_hcd]
[ 2118.391163] [<c1364cf9>] platform_drv_probe+0xc/0xe
[ 2118.391172] [<c1363eef>] driver_probe_device+0x92/0x190
[ 2118.391180] [<c1365295>] ? platform_match+0x52/0x66
[ 2118.391189] [<c136406c>] __device_attach+0x1c/0x2c
[ 2118.391197] [<c1362aae>] bus_for_each_drv+0x38/0x69
[ 2118.391206] [<c1363e27>] device_attach+0x63/0x80
[ 2118.391215] [<c1364050>] ? __driver_attach+0x63/0x63
[ 2118.391223] [<c136362a>] bus_probe_device+0x22/0x75
[ 2118.391231] [<c136239a>] device_add+0x370/0x4e2
[ 2118.391265] [<c12aa3ef>] ? kobject_set_name_vargs+0x3d/0x4a
[ 2118.391273] [<c1365112>] platform_device_add+0xed/0x133
[ 2118.391283] [<f8018102>] usb_vhci_hcd_register+0x129/0x19b [usb_vhci_hcd]
[ 2118.391292] [<f8017066>] ? vhci_hcd_resume+0x1d/0x1d [usb_vhci_hcd]
[ 2118.391310] [<c10d8001>] ? do_last+0x472/0x521
[ 2118.391318] [<f8053ea1>] device_ioctl+0xe5/0xb09 [usb_vhci_iocifc]
[ 2118.391326] [<c10d83ee>] ? path_openat+0x270/0x285
[ 2118.391334] [<c10d84c8>] ? do_filp_open+0x26/0x67
[ 2118.391342] [<f8053dbc>] ? ioc_fetch_work+0x556/0x556 [usb_vhci_iocifc]
[ 2118.391350] [<c10d9923>] vfs_ioctl+0x1b/0x25
[ 2118.391357] [<c10da31f>] do_vfs_ioctl+0x3dd/0x41b
[ 2118.391388] [<c15ebbd4>] ? _raw_spin_unlock+0x15/0x20
[ 2118.391402] [<c10c9201>] ? kmem_cache_free+0x26/0x5e
[ 2118.391412] [<c10d5cb2>] ? putname+0x24/0x27
[ 2118.391421] [<c10cd693>] ? do_sys_open+0xdd/0xe7
[ 2118.391428] [<c10cf34c>] ? fget_light+0x76/0x7d
[ 2118.391435] [<c10da39a>] sys_ioctl+0x3d/0x5f
[ 2118.391444] [<c15ebf65>] syscall_call+0x7/0xb
[ 2118.391449] Code: Bad EIP value.
[ 2118.391459] EIP: [<00000000>] 0x0 SS:ESP 0068:def05b4c
[ 2118.391468] CR2: 0000000000000000
[ 2118.391475] ---[ end trace 944ff6553b478760 ]---
[ 2118.391483] note: simusb.elf[14661] exited with preempt_count 1
The problem is not specific to the QEMU/Knoppix, because the similar error occured, when I tried to run the same software on the real 64-bit machine with 3.6 kernel (however in this case system got frozen, so I couldn't dump the error message).
I attach the dmesg output from my virtuall machine.
Related
Gzipped dmesg output from the affected system
I have tested the problem in the virtual 64-bit machine. Similar bug occurs:
[ 2361.933509] usb_vhci_hcd: USB Virtual Host Controller Interface -- Version 1.14 (2012-12-30)
[ 2367.516795] usb_vhci_iocifc: User-mode IOCTL-interface for USB VHCI -- Version 1.14 (2012-12-30)
[ 2367.516805] usb_vhci_iocifc: register platform_driver usb_vhci_iocifc
[ 2367.517536] usb_vhci_iocifc: Successfully registered the character device.
[ 2367.517544] usb_vhci_iocifc: The major device number is 248.
[ 2367.519198] usb_vhci_iocifc: USB_VHCI_HCD_IOCREGISTER = c0208a00
[ 2367.519204] usb_vhci_iocifc: USB_VHCI_HCD_IOCPORTSTAT = 40088a01
[ 2367.519209] usb_vhci_iocifc: USB_VHCI_HCD_IOCFETCHWORK_RO = 80288a02
[ 2367.519214] usb_vhci_iocifc: USB_VHCI_HCD_IOCFETCHWORK = c0288a02
[ 2367.519219] usb_vhci_iocifc: USB_VHCI_HCD_IOCGIVEBACK = 40288a03
[ 2367.519223] usb_vhci_iocifc: USB_VHCI_HCD_IOCFETCHDATA = 40208a04
[ 2397.321002] usb_vhci_hcd usb_vhci_hcd.0: USB Virtual Host Controller Interface -- Version 1.14 (2012-12-30)
[ 2397.321012] usb_vhci_hcd usb_vhci_hcd.0: --> Backend: USB VHCI user-mode IOCTL-interface
[ 2397.321052] usb_vhci_hcd usb_vhci_hcd.0: VHCI Host Controller
[ 2397.321109] usb_vhci_hcd usb_vhci_hcd.0: new USB bus registered, assigned bus number 2
[ 2397.321212] usb usb2: New USB device found, idVendor=1d6b, idProduct=0002
[ 2397.321219] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[ 2397.321231] usb usb2: Product: VHCI Host Controller
[ 2397.321243] usb usb2: Manufacturer: Linux 3.4.9-64 usb_vhci_hcd
[ 2397.321248] usb usb2: SerialNumber: usb_vhci_hcd.0
[ 2397.321469] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 2397.321480] IP: [< (null)>] (null)
[ 2397.321488] PGD 11f036067 PUD 11ae15067 PMD 0
[ 2397.321498] Oops: 0010 [#1] PREEMPT SMP
[ 2397.321513] CPU 0
[ 2397.321516] Modules linked in: usb_vhci_iocifc(O) usb_vhci_hcd(O) ppdev lp 8250_pnp 8250 serial_core parport_pc floppy parport ipv6 i2c_piix4 e1000
[ 2397.321545]
[ 2397.321551] Pid: 9044, comm: simusb.elf Tainted: G O 3.4.9-64 #32 Bochs Bochs
[ 2397.321561] RIP: 0010:[<0000000000000000>] [< (null)>] (null)
[ 2397.321569] RSP: 0000:ffff88011457f8d0 EFLAGS: 00010282
[ 2397.321575] RAX: ffffffffa0017970 RBX: ffff880107095800 RCX: 0000000000000000
[ 2397.321580] RDX: ffff8800db973e40 RSI: ffff880107095800 RDI: ffff880119ed3600
[ 2397.321586] RBP: ffff88011457f938 R08: ffff8800db8bde48 R09: 0000000000000000
[ 2397.321592] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 2397.321597] R13: ffff880107e0f400 R14: 0000000000000000 R15: ffff880119ed3600
[ 2397.321605] FS: 0000000000000000(0000) GS:ffff88011fc00000(0063) knlGS:00000000f750db70
[ 2397.321611] CS: 0010 DS: 002b ES: 002b CR0: 000000008005003b
[ 2397.321617] CR2: 0000000000000000 CR3: 000000011f3c8000 CR4: 00000000000006b0
[ 2397.321639] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2397.321653] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 2397.321660] Process simusb.elf (pid: 9044, threadinfo ffff88011457e000, task ffff88011f394c10)
[ 2397.321665] Stack:
[ 2397.321669] ffffffff814c154f ffff88011457f918 ffff8800db8bde48 ffff880000000000
[ 2397.321679] ffff880107095878 0000000107095800 0000000000000000 0000000000000001
[ 2397.321689] ffff880107095800 ffff880107e0f400 0000000000000001 0000000000000001
[ 2397.321698] Call Trace:
[ 2397.321754] [<ffffffff814c154f>] ? usb_hcd_alloc_bandwidth+0x19c/0x2c6
[ 2397.321773] [<ffffffff814c3cd3>] usb_set_configuration+0x222/0x589
[ 2397.321811] [<ffffffff811547c4>] ? sysfs_do_create_link+0x149/0x191
[ 2397.321839] [<ffffffff813d7103>] ? __driver_attach+0x7e/0x7e
[ 2397.321850] [<ffffffff814cb3e5>] generic_probe+0x4a/0x79
[ 2397.321857] [<ffffffff814c54d7>] usb_probe_device+0x25/0x38
[ 2397.321865] [<ffffffff813d6f62>] driver_probe_device+0xab/0x1ce
[ 2397.321872] [<ffffffff813d7128>] __device_attach+0x25/0x38
[ 2397.321888] [<ffffffff813d565c>] bus_for_each_drv+0x4c/0x88
[ 2397.321896] [<ffffffff813d6e78>] device_attach+0x7c/0x9f
[ 2397.321903] [<ffffffff813d64c3>] bus_probe_device+0x2c/0x96
[ 2397.321912] [<ffffffff813d4de2>] device_add+0x3cf/0x56e
[ 2397.321921] [<ffffffff814bdc01>] usb_new_device+0x1f0/0x288
[ 2397.321930] [<ffffffff814c0810>] usb_add_hcd+0x3ef/0x5c7
[ 2397.321937] [<ffffffff813d7103>] ? __driver_attach+0x7e/0x7e
[ 2397.321949] [<ffffffffa00164e7>] vhci_hcd_probe+0x86/0xaa [usb_vhci_hcd]
[ 2397.321958] [<ffffffff8115481a>] ? sysfs_create_link+0xe/0x10
[ 2397.321967] [<ffffffff813d7fdb>] platform_drv_probe+0x12/0x14
[ 2397.321974] [<ffffffff813d6f62>] driver_probe_device+0xab/0x1ce
[ 2397.321981] [<ffffffff813d7128>] __device_attach+0x25/0x38
[ 2397.321990] [<ffffffff813d565c>] bus_for_each_drv+0x4c/0x88
[ 2397.321998] [<ffffffff813d6e78>] device_attach+0x7c/0x9f
[ 2397.322004] [<ffffffff813d64c3>] bus_probe_device+0x2c/0x96
[ 2397.322013] [<ffffffff813d4de2>] device_add+0x3cf/0x56e
[ 2397.322022] [<ffffffff813d39f4>] ? dev_set_name+0x3c/0x3e
[ 2397.322030] [<ffffffff813d85b4>] ? platform_device_add_data+0x1f/0x4e
[ 2397.322038] [<ffffffff813d8543>] platform_device_add+0x106/0x158
[ 2397.322048] [<ffffffffa0017365>] usb_vhci_hcd_register+0x158/0x1cf [usb_vhci_hcd]
[ 2397.322059] [<ffffffffa0078673>] device_do_ioctl+0xff/0x405 [usb_vhci_iocifc]
[ 2397.322068] [<ffffffffa0078984>] device_ioctl32+0xb/0xd [usb_vhci_iocifc]
[ 2397.322083] [<ffffffff8113a038>] compat_sys_ioctl+0x1ac/0xf20
[ 2397.322102] [<ffffffff811073ab>] ? putname+0x2f/0x31
[ 2397.322124] [<ffffffff810fe1f1>] ? do_sys_open+0xe4/0xf6
[ 2397.322160] [<ffffffff816a7b79>] ia32_do_call+0x13/0x13
[ 2397.322165] Code: Bad RIP value.
[ 2397.322188] RIP [< (null)>] (null)
[ 2397.322194] RSP <ffff88011457f8d0>
[ 2397.322197] CR2: 0000000000000000
[ 2397.322204] ---[ end trace f2140fb8bc7af016 ]---
[ 2397.322213] note: simusb.elf[9044] exited with preempt_count 1
The problem is associated with the call to usb_hcd_alloc_bandwidth
Gzipped dmesg output from the affected 64-bit system
When after:
$cd examples/vhci
$make
I have removed all .o and .ko files,
and executed "make" once again, the driver compiled with the correct header
and worked correctly.
The problem seems to be related to the fact, that during the compilation of usb_vhci_iocifc driver, incorrect hcd.h is included (not the one corresponding to the curent kernel, but another - in my case the one from 2.6.32 kernel).
Therefore, when kernel accesses the hc_driver structure provided by the driver, it sees structure with non-zero check_bandwidth field, but zero fields drop_endpoint and/or add_endpoint.
This leads to the reported error in usb_hcd_alloc_bandwidth function.