BUG: unable to handle kernel NULL pointer dereference at 0000000000000008

Shane <software.research.development@xxxxxxxxx> · Tue, 8 Feb 2011 00:33:16 -0600

I've tried to cut this down to minimal. When I make a socket() call
from user space code, I get the dump below in /var/log/messages. Any
have help me find what I'm doing wrong here.

---

#include <linux/init.h>
#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/kernel.h>
#include <linux/stat.h>
#include <linux/types.h>
#include <linux/net.h>
#include <linux/spinlock.h>
#include <linux/socket.h>
#include <linux/skbuff.h>
#include <net/sock.h>

static int my_create(struct net *net, struct socket *sock,
        int protocol, int kern)
{
    printk(KERN_INFO "my_create()\n");

    return 0;
}

static const struct net_proto_family my_family_ops = {
    .family     = AF_MY_PROTO,
    .create     = my_create,
    .owner      = THIS_MODULE,
};

static int __init my_init(void) {
    int err = 0;

    printk(KERN_INFO "installed.\n");

    sock_register(&my_family_ops);

    return err;
}

static void __exit my_exit(void)
{
    printk(KERN_INFO "uninstalled.\n");
}

module_init(my_init);
module_exit(my_exit);

MODULE_LICENSE("GPL");
MODULE_AUTHOR("test@xxxxxxxxx");
MODULE_DESCRIPTION("Test");

---

User space code:

    saddr = (struct sockaddr_in *) malloc(sizeof(struct sockaddr_in));
    memset(saddr, 0, sizeof(struct sockaddr_in));

    saddr->sin_family = AF_MY_PROTO;
    saddr->sin_port = htons(port);
    inet_aton(node, &saddr->sin_addr);

    sockfd = socket(AF_MY_PROTO, SOCK_STREAM, MY_TRANS);

And I did add the new AF to socket.h and compile it into my running kernel.

---

strace of userspace code:

execve("./tst", ["./tst"], [/* 22 vars */]) = 0
brk(0)                                  = 0x1d3c000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7f09b9098000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=17440, ...}) = 0
mmap(NULL, 17440, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f09b9093000
close(3)                                = 0
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\354\1\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1399984, ...}) = 0
mmap(NULL, 3508264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x7f09b8b23000
mprotect(0x7f09b8c73000, 2093056, PROT_NONE) = 0
mmap(0x7f09b8e72000, 20480, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14f000) = 0x7f09b8e72000
mmap(0x7f09b8e77000, 18472, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f09b8e77000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7f09b9092000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7f09b9091000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7f09b9090000
arch_prctl(ARCH_SET_FS, 0x7f09b9091700) = 0
mprotect(0x7f09b8e72000, 16384, PROT_READ) = 0
mprotect(0x601000, 4096, PROT_READ)     = 0
mprotect(0x7f09b9099000, 4096, PROT_READ) = 0
munmap(0x7f09b9093000, 17440)           = 0
brk(0)                                  = 0x1d3c000
brk(0x1d5d000)                          = 0x1d5d000
fstat(1, {st_mode=S_IFREG|0644, st_size=1705, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7f09b9097000
socket(0x26 /* PF_??? */, SOCK_STREAM, 1 <unfinished ...>
+++ killed by SIGKILL +++

---

/var/log/messages

Feb  8 06:20:30 bahim kernel: [ 2142.009885] my_create()
Feb  8 06:20:30 bahim kernel: [ 2142.009907] BUG: unable to handle
kernel NULL pointer dereference at 0000000000000008
Feb  8 06:20:30 bahim kernel: [ 2142.010019] IP: [<ffffffff8142b0d8>]
__sock_create+0x12a/0x1a3
Feb  8 06:20:30 bahim kernel: [ 2142.010019] PGD 1ee03067 PUD 1e9be067 PMD 0
Feb  8 06:20:30 bahim kernel: [ 2142.010019] Oops: 0000 [#1] SMP
Feb  8 06:20:30 bahim kernel: [ 2142.010019] last sysfs file:
/sys/devices/virtio-pci/virtio0/net/eth0/broadcast
Feb  8 06:20:30 bahim kernel: [ 2142.010019] CPU 0
Feb  8 06:20:30 bahim kernel: [ 2142.010019] Modules linked in: test1
Feb  8 06:20:30 bahim kernel: [ 2142.010019]
Feb  8 06:20:30 bahim kernel: [ 2142.010019] Pid: 3431, comm: tst Not
tainted 2.6.36-gentoo-r5 #3 /Bochs
Feb  8 06:20:30 bahim kernel: [ 2142.010019] RIP:
0010:[<ffffffff8142b0d8>]  [<ffffffff8142b0d8>]
__sock_create+0x12a/0x1a3
Feb  8 06:20:30 bahim kernel: [ 2142.010019] RSP:
0018:ffff88001f197ed8  EFLAGS: 00010246
Feb  8 06:20:30 bahim kernel: [ 2142.010019] RAX: 0000000000000000
RBX: 0000000000000026 RCX: 00000000000063d5
Feb  8 06:20:30 bahim kernel: [ 2142.010019] RDX: ffff880001e00000
RSI: 0000000000000046 RDI: 0000000000000246
Feb  8 06:20:30 bahim kernel: [ 2142.010019] RBP: ffff88001f197f28
R08: 0000000000000002 R09: 000000000000000a
Feb  8 06:20:30 bahim kernel: [ 2142.010019] R10: 0000000000000003
R11: 0000000000000000 R12: ffff88000ffd2000
Feb  8 06:20:30 bahim kernel: [ 2142.010019] R13: 0000000000000001
R14: ffffffffa0000050 R15: 0000000000000000
Feb  8 06:20:30 bahim kernel: [ 2142.010019] FS:
00007f81c7c1c700(0000) GS:ffff880001e00000(0000)
knlGS:0000000000000000
Feb  8 06:20:30 bahim kernel: [ 2142.010019] CS:  0010 DS: 0000 ES:
0000 CR0: 0000000080050033
Feb  8 06:20:30 bahim kernel: [ 2142.010019] CR2: 0000000000000008
CR3: 000000001ed95000 CR4: 00000000000006f0
Feb  8 06:20:30 bahim kernel: [ 2142.010019] DR0: 0000000000000000
DR1: 0000000000000000 DR2: 0000000000000000
Feb  8 06:20:30 bahim kernel: [ 2142.010019] DR3: 0000000000000000
DR6: 00000000ffff0ff0 DR7: 0000000000000400
Feb  8 06:20:30 bahim kernel: [ 2142.010019] Process tst (pid: 3431,
threadinfo ffff88001f196000, task ffff88001f28aca0)
Feb  8 06:20:30 bahim kernel: [ 2142.010019] Stack:
Feb  8 06:20:30 bahim kernel: [ 2142.010019]  00007f81c7780280
ffff88001f197f60 ffffffff81c519d0 000000011efdc060
Feb  8 06:20:30 bahim kernel: [ 2142.010019] <0> ffff88001f197f48
0000000000000001 00000000004009f0 00007ffff6d9e560
Feb  8 06:20:30 bahim kernel: [ 2142.010019] <0> 0000000000000000
0000000000000000 ffff88001f197f38 ffffffff8142b19d
Feb  8 06:20:30 bahim kernel: [ 2142.010019] Call Trace:
Feb  8 06:20:30 bahim kernel: [ 2142.010019]  [<ffffffff8142b19d>]
sock_create+0x2b/0x2d
Feb  8 06:20:30 bahim kernel: [ 2142.010019]  [<ffffffff8142b358>]
sys_socket+0x26/0x57
Feb  8 06:20:30 bahim kernel: [ 2142.010019]  [<ffffffff81568ea5>] ?
page_fault+0x25/0x30
Feb  8 06:20:30 bahim kernel: [ 2142.010019]  [<ffffffff8102ba42>]
system_call_fastpath+0x16/0x1b
Feb  8 06:20:30 bahim kernel: [ 2142.010019] Code: 85 f6 74 7e 49 8b
7e 10 e8 3f e8 ff ff 85 c0 74 71 44 89 f9 8b 55 cc 4c 89 e6 48 8b 7d
c0 41 ff 56 08 85 c0 78 42 49 8b 44 24 28 <48> 8b 78 08 e8 18 e8 ff ff
89 c2 b8 9f ff ff ff 85 d2 74 29 49
Feb  8 06:20:30 bahim kernel: [ 2142.010019] RIP  [<ffffffff8142b0d8>]
__sock_create+0x12a/0x1a3
Feb  8 06:20:30 bahim kernel: [ 2142.010019]  RSP <ffff88001f197ed8>
Feb  8 06:20:30 bahim kernel: [ 2142.010019] CR2: 0000000000000008
Feb  8 06:20:30 bahim kernel: [ 2142.068278] ---[ end trace
20c9350f45aba949 ]---
--
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]