[linux-next] tracing/rb: NULL pointer dereference at trace_rb_cpu_prepare()

From: Tetsuo Handa
Date: Wed Dec 07 2016 - 06:17:04 EST


Hello.

----------
[ 1.909018] NMI watchdog: disabled (cpu0): hardware events not enabled
[ 1.911813] smp: Bringing up secondary CPUs ...
[ 1.913965] NMI watchdog: Shutting down hard lockup detector on all cpus
[ 1.917208] x86: Booting SMP configuration:
[ 1.919148] .... node #0, CPUs: #1[ 1.921275] Disabled fast string operations
[ 1.922792] mce: CPU supports 0 MCE banks
[ 1.925033] BUG: unable to handle kernel NULL pointer dereference at 0000000000000068
[ 1.928636] IP: trace_rb_cpu_prepare+0xc5/0x170
[ 1.930601] PGD 0 [ 1.931313]
[ 1.932289] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[ 1.934234] Modules linked in:
[ 1.935721] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.9.0-rc8-next-20161207 #5
[ 1.939107] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/31/2013
[ 1.943443] task: ffff88022cff8040 task.stack: ffffc9000000c000
[ 1.945860] RIP: 0010:trace_rb_cpu_prepare+0xc5/0x170
[ 1.947991] RSP: 0000:ffffc9000000fd20 EFLAGS: 00010202
[ 1.950246] RAX: 0000000000000001 RBX: 0000000000000002 RCX: ffff88022e019738
[ 1.953094] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88022e077dd8
[ 1.955911] RBP: ffffc9000000fd50 R08: 0000000000000040 R09: 0000000000000000
[ 1.958711] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000002
[ 1.961586] R13: ffff88022e01ead0 R14: 0000000000000002 R15: 0000000000000001
[ 1.964426] FS: 0000000000000000(0000) GS:ffff88022e600000(0000) knlGS:0000000000000000
[ 1.967988] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1.970350] CR2: 0000000000000068 CR3: 0000000001c0c000 CR4: 00000000001406f0
[ 1.973206] Call Trace:
[ 1.974461] cpuhp_invoke_callback+0x45f/0x9e0
[ 1.976422] ? ring_buffer_record_is_on+0x20/0x20
[ 1.978424] cpuhp_up_callbacks+0x37/0xb0
[ 1.980239] _cpu_up+0x89/0xf0
[ 1.981705] do_cpu_up+0x85/0xb0
[ 1.983230] cpu_up+0x13/0x20
[ 1.984645] smp_init+0x6b/0xcc
[ 1.986157] kernel_init_freeable+0x17d/0x2b1
[ 1.988065] ? kernel_init+0xe/0x110
[ 1.989687] ? _raw_spin_unlock_irq+0x2c/0x40
[ 1.991578] ? rest_init+0x140/0x140
[ 1.993215] kernel_init+0xe/0x110
[ 1.994815] ret_from_fork+0x2a/0x40
[ 1.996482] Code: b9 80 3d 20 7d b2 00 00 75 b0 48 89 7d d0 e8 ec 7e 04 00 44 8b 05 30 76 c1 00 48 8b 7d d0 eb 9a 49 8b 4d f8 48 63 f0 48 8b 34 f1 <4c> 39 76 68 74 bf be 02 00 00 00 4e 8d 3c e1 49 8d bd 38 ff ff
[ 2.006837] RIP: trace_rb_cpu_prepare+0xc5/0x170 RSP: ffffc9000000fd20
[ 2.009441] CR2: 0000000000000068
[ 2.011025] ---[ end trace 7da8119e80594e4e ]---
[ 2.013058] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[ 2.013058]
[ 2.027641] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[ 2.027641]
----------

----------
4db8: eb 9a jmp 4d54 <trace_rb_cpu_prepare+0x54>
/* fill in the size from first enabled cpu */
if (nr_pages == 0)
nr_pages = buffer->buffers[cpu_i]->nr_pages;
if (nr_pages != buffer->buffers[cpu_i]->nr_pages) {
4dba: 49 8b 4d f8 mov -0x8(%r13),%rcx
4dbe: 48 63 f0 movslq %eax,%rsi
4dc1: 48 8b 34 f1 mov (%rcx,%rsi,8),%rsi
4dc5: 4c 39 76 68 cmp %r14,0x68(%rsi) // trace_rb_cpu_prepare+0xc5 is here.
4dc9: 74 bf je 4d8a <trace_rb_cpu_prepare+0x8a>
4dcb: be 02 00 00 00 mov $0x2,%esi
}
}
/* allocate minimum pages, user can later expand it */
----------

Kernel config is at http://I-love.SAKURA.ne.jp/tmp/config-4.9-rc8-next-20161207
and console log is at http://I-love.SAKURA.ne.jp/tmp/serial-20161207.txt.xz .

Regards.