Project

General

Profile

Actions

Bug #622

closed

lttng-modules 2.3-rc triggers kernel OOPS (null pointer)

Added by Mathieu Desnoyers over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Target version:
Start date:
08/25/2013
Due date:
% Done:

100%

Estimated time:

Description

The following OOPS has been reported by David Goulet on lttng-modules 2.3-rc:

[44586.258771] BUG: unable to handle kernel NULL pointer dereference at 0000000000000060
[44586.258819] IP: [<ffffffffa079983a>] lttng_metadata_output_channel+0x54/0xe5 [lttng_tracer]
[44586.258854] PGD 3e9231067 PUD 3a05da067 PMD 0 
[44586.258874] Oops: 0000 [#1] SMP 
[44586.258890] Modules linked in: lttng_probe_workqueue(O) lttng_probe_vmscan(O) lttng_probe_udp(O) lttng_probe_timer(O) lttng_probe_sunrpc(O) lttng_probe_statedump(O) lttng_probe_sock(O) lttng_probe_skb(O) lttng_probe_signal(O) lttng_probe_scsi(O) lttng_probe_sched(O) lttng_probe_rpm(O) lttng_probe_regulator(O) lttng_probe_regmap(O) lttng_probe_rcu(O) lttng_probe_random(O) lttng_probe_printk(O) lttng_probe_power(O) lttng_probe_net(O) lttng_probe_napi(O) lttng_probe_module(O) lttng_probe_kvm(O) lttng_probe_kmem(O) lttng_probe_jbd2(O) lttng_probe_jbd(O) lttng_probe_irq(O) lttng_probe_gpio(O) lttng_probe_compaction(O) lttng_probe_block(O) lttng_types(O) lttng_ring_buffer_metadata_mmap_client(O) lttng_ring_buffer_client_mmap_overwrite(O) lttng_ring_buffer_client_mmap_discard(O) lttng_ring_buffer_metadata_client(O) lttng_ring_buffer_client_overwrite(O) lttng_ring_buffer_client_discard(O) lttng_tracer(O) lttng_statedump(O) lttng_kprobes(O) lttng_lib_ring_buffer(O) lttng_kretprobes(O) cpuid twofish_generic twofish_avx_x86_64 twofish_x86_64_3way twofish_x86_64 twofish_common xts ip6table_filter ip6_tables iptable_filter ip_tables ebtable_nat ebtables x_tables parport_pc ppdev lp parport bnep rfcomm binfmt_misc uinput nfsd auth_rpcgss oid_registry nfs_acl nfs lockd dns_resolver fscache sunrpc loop fuse dm_crypt snd_hda_codec_hdmi snd_hda_codec_realtek joydev iTCO_wdt iTCO_vendor_support arc4 uvcvideo videobuf2_vmalloc videobuf2_memops coretemp videobuf2_core videodev media btusb kvm_intel snd_hda_intel bluetooth kvm snd_hda_codec iwldvm snd_hwdep snd_pcm microcode snd_page_alloc thinkpad_acpi nvram snd_seq mac80211 snd_seq_device snd_timer psmouse serio_raw pcspkr evdev iwlwifi i915 lpc_ich mfd_core cfg80211 snd i2c_i801 drm_kms_helper rfkill battery drm tpm_tis tpm i2c_algo_bit tpm_bios ac i2c_core soundcore mei_me mei video wmi mperf processor button ext4 crc16 jbd2 mbcache dm_mod sg sd_mod crc_t10dif crc32c_intel ghash_clmulni_intel aesni_intel aes_x86_64 ablk_helper cryptd lrw gf128mul glue_helper thermal thermal_sys ahci xhci_hcd libahci ehci_pci ehci_hcd libata e1000e ptp pps_core sdhci_pci sdhci mmc_core scsi_mod usbcore usb_common [last unloaded: lttng_statedump]
[44586.259693] CPU: 0 PID: 25230 Comm: lttng-consumerd Tainted: G           O 3.10-2-amd64 #1 Debian 3.10.5-1
[44586.259731] Hardware name: LENOVO 2306CTO/2306CTO, BIOS G2ET86WW (2.06 ) 11/13/2012
[44586.259757] task: ffff880408ad4780 ti: ffff880384a96000 task.ti: ffff880384a96000
[44586.259782] RIP: 0010:[<ffffffffa079983a>]  [<ffffffffa079983a>] lttng_metadata_output_channel+0x54/0xe5 [lttng_tracer]
[44586.259821] RSP: 0018:ffff880384a97e20  EFLAGS: 00010202
[44586.259839] RAX: 0000000000000010 RBX: ffff8803cda3cf40 RCX: 000000000062eba0
[44586.259863] RDX: ffff8803c338fa00 RSI: ffff8803cda3cf40 RDI: ffff88040b811788
[44586.259886] RBP: ffff88040b811780 R08: 0000000000000001 R09: 0000000000000000
[44586.259910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000c3d
[44586.259933] R13: 0000000000000000 R14: 0000000000000001 R15: 00007fedd7fff700
[44586.259958] FS:  00007fedd7fff700(0000) GS:ffff88041e200000(0000) knlGS:0000000000000000
[44586.259984] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[44586.260003] CR2: 0000000000000060 CR3: 000000038934a000 CR4: 00000000001407f0
[44586.260027] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[44586.260050] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[44586.260073] Stack:
[44586.260081]  00000000000007f8 ffff880384a97f58 0000000000000007 00007fedd7ffd788
[44586.260109]  ffff880408ad4780 0000000000000029 ffff88040b3b1140 ffffffff8138b2f3
[44586.260137]  0000000000000282 ffff88040b3b11a8 ffff8803c30a1c00 ffff88040d3b22c0
[44586.260165] Call Trace:
[44586.260178]  [<ffffffff8138b2f3>] ? __do_page_fault+0x32d/0x3cb
[44586.260210]  [<ffffffffa079ab08>] ? lttng_metadata_ring_buffer_ioctl_get_next_subbuf.isra.5+0x14/0x26 [lttng_tracer]
[44586.260256]  [<ffffffffa079abbe>] ? lttng_metadata_ring_buffer_ioctl+0x36/0x6c [lttng_tracer]
[44586.260286]  [<ffffffff81115eff>] ? vfs_ioctl+0x1b/0x25
[44586.260304]  [<ffffffff81116720>] ? do_vfs_ioctl+0x3e8/0x42a
[44586.260325]  [<ffffffff8110a8a0>] ? __fput+0x18e/0x1b1
[44586.260344]  [<ffffffff8111f1f1>] ? mntput_no_expire+0x2d/0x137
[44586.260366]  [<ffffffff8105f64a>] ? should_resched+0x5/0x23
[44586.260387]  [<ffffffff81387589>] ? _cond_resched+0x5/0x18
[44586.260408]  [<ffffffff810550ad>] ? task_work_run+0x80/0x8f
[44586.260427]  [<ffffffff811167b0>] ? SyS_ioctl+0x4e/0x79
[44586.261613]  [<ffffffff8138d4a9>] ? system_call_fastpath+0x16/0x1b
[44586.262812] Code: 8b 43 10 45 31 ed 3b 43 14 0f 85 9f 00 00 00 48 8b 53 08 44 8b 62 0c 41 29 c4 4d 85 e4 0f 84 8b 00 00 00 48 8b 45 48 48 8b 7d 08 <ff> 50 50 4c 39 e0 48 c7 44 24 08 00 00 00 00 c7 44 24 18 01 00 
[44586.265351] RIP  [<ffffffffa079983a>] lttng_metadata_output_channel+0x54/0xe5 [lttng_tracer]
[44586.266592]  RSP <ffff880384a97e20>
[44586.267802] CR2: 0000000000000060
[44586.273502] ---[ end trace 693f6e404320bee1 ]---

Files

fix-metadata-refcount.patch (1.2 KB) fix-metadata-refcount.patch Fix: metadata lttng channel refcount Mathieu Desnoyers, 08/25/2013 06:48 PM
Actions

Also available in: Atom PDF