Scull -unable to handle kernel paging request

anish kumar anish198519851985 at gmail.com
Sat Nov 19 07:34:31 EST 2011


Hello,

Testing the scullwuid produced attached crash logs.

Combination of read and write using "dd" and "cat"
caused this problem.

I don't exactly remember exactly what caused the problem
but combination of read and write did it.

Reproduction would not be possible but just want to know
why this happened as anyone looking into the code would
come to the conclusion that proper locking is in place.

Below is small part of the crash logs:

[21028.412827] BUG: unable to handle kernel paging request at 00300d04
[21028.412832] IP: [<c035aef7>] _copy_from_user+0x97/0x130
[21028.412839] *pde = 6fa0b067 
[21028.412842] Oops: 0003 [#1] SMP 

[21028.412933] Call Trace:
[21028.412940]  [<f9f24d84>] ? scull_write+0x193/0x204 [scull]
[21028.412946]  [<c0218fc2>] ? vfs_write+0xa2/0x190
[21028.412949]  [<f9f24bf1>] ? scull_write+0x0/0x204 [scull]
[21028.412953]  [<c0219882>] ? sys_write+0x42/0x70
[21028.412958]  [<c05cadd4>] ? syscall_call+0x7/0xb
[21028.412963]  [<c05c0000>] ? calibrate_delay_direct+0x5a/0xfb

Some of the below code is removed for fitting it into this mail:
ssize_t scull_write(struct file *filp, const char __user *buf, size_t count,
                loff_t *f_pos)
{
        if (down_interruptible(&dev->sem))
                return -ERESTARTSYS;
        dptr = scull_follow(dev, item);
        if (dptr == NULL)
                goto out;
        if (!dptr->data) {
                dptr->data = kmalloc(qset * sizeof(char *), GFP_KERNEL);
                if (!dptr->data)
                        goto out;
                memset(dptr->data, 0, qset * sizeof(char *));
        }
        if (!dptr->data[s_pos]) {
                dptr->data[s_pos] = kmalloc(quantum, GFP_KERNEL);
                if (!dptr->data[s_pos])
                        goto out;
        /* write only up to the end of this quantum */
        if (count > quantum - q_pos) 
                count = quantum - q_pos;

        if (copy_from_user(dptr->data[s_pos]+q_pos, buf, count)) {
                retval = -EFAULT;
                goto out;
        }


Used: https://github.com/martinezjavier/ldd3 
box:Ubuntu 10.10 |2.6.35-27-generic #48-Ubuntu SMP i686 GNU/Linux

--thanks


-------------- next part --------------
[21028.412827] BUG: unable to handle kernel paging request at 00300d04
[21028.412832] IP: [<c035aef7>] _copy_from_user+0x97/0x130
[21028.412839] *pde = 6fa0b067 
[21028.412842] Oops: 0003 [#1] SMP 
[21028.412845] last sysfs file: /sys/devices/pci0000:00/0000:00:1c.3/0000:09:00.0/local_cpus
[21028.412849] Modules linked in: scull rfcomm binfmt_misc sco bnep l2cap parport_pc ppdev dm_crypt snd_hda_codec_hdmi snd_hda_codec_idt snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_seq_midi snd_rawmidi snd_seq_midi_event snd_seq lib80211_crypt_tkip btusb snd_timer snd_seq_device uvcvideo bluetooth videodev dell_wmi wl(P) v4l1_compat psmouse serio_raw dell_wmi_aio sparse_keymap dell_laptop dcdbas snd lib80211 soundcore snd_page_alloc lp parport dm_raid45 xor i915 drm_kms_helper drm usb_storage intel_agp ahci agpgart i2c_algo_bit video output libahci r8169 mii
[21028.412890] 
[21028.412894] Pid: 8241, comm: dd Tainted: P            2.6.35-27-generic #48-Ubuntu 01HXXJ/Inspiron N5050
[21028.412897] EIP: 0060:[<c035aef7>] EFLAGS: 00010216 CPU: 2
[21028.412900] EIP is at _copy_from_user+0x97/0x130
[21028.412902] EAX: 9f034959 EBX: 00000200 ECX: 00000200 EDX: 477efb2f
[21028.412905] ESI: 08e01000 EDI: 00300d04 EBP: c8b6bf1c ESP: c8b6bf10
[21028.412907]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[21028.412910] Process dd (pid: 8241, ti=c8b6a000 task=f71d2610 task.ti=c8b6a000)
[21028.412912] Stack:
[21028.412913]  f9f26d00 00000cc0 f9f26d14 c8b6bf64 f9f24d84 f9f2636f 0000022d 000002e0
[21028.412920] <0> 00000200 08b74600 00000024 000002e0 000008b4 f247c2d8 08e01000 00000200
[21028.412926] <0> 003d0900 00000200 e677cc80 00000200 08e01000 c8b6bf8c c0218fc2 c8b6bf98
[21028.412933] Call Trace:
[21028.412940]  [<f9f24d84>] ? scull_write+0x193/0x204 [scull]
[21028.412946]  [<c0218fc2>] ? vfs_write+0xa2/0x190
[21028.412949]  [<f9f24bf1>] ? scull_write+0x0/0x204 [scull]
[21028.412953]  [<c0219882>] ? sys_write+0x42/0x70
[21028.412958]  [<c05cadd4>] ? syscall_call+0x7/0xb
[21028.412963]  [<c05c0000>] ? calibrate_delay_direct+0x5a/0xfb
[21028.412965] Code: 8b 1c 24 8b 7c 24 08 89 ec 5d c3 90 89 f0 31 f8 85 05 80 8e 81 c0 74 be 89 d9 8b 46 20 83 f9 43 76 04 8b 46 40 90 8b 06 8b 56 04 <89> 07 89 57 04 8b 46 08 8b 56 0c 89 47 08 89 57 0c 8b 46 10 8b 
[21028.413001] EIP: [<c035aef7>] _copy_from_user+0x97/0x130 SS:ESP 0068:c8b6bf10
[21028.413005] CR2: 0000000000300d04
[21028.413009] ---[ end trace 3bd8365f04ad063d ]---



More information about the Kernelnewbies mailing list