Re: Fwd: [REGRESSION 6.0.x / 6.1.x] NULL dereferencing at tracing

From: postix
Date: Wed Nov 02 2022 - 11:58:06 EST

Next message: Sasha Finkelstein: "Re: [PATCH v2 2/4] pwm: Add Apple PWM controller"
Previous message: Biju Das: "RE: [v3 2/3] pwm: Add Aspeed ast2600 PWM support"
In reply to: Takashi Iwai: "Re: [REGRESSION 6.0.x / 6.1.x] NULL dereferencing at tracing"
Next in thread: Steven Rostedt: "Re: [REGRESSION 6.0.x / 6.1.x] NULL dereferencing at tracing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello everyone,

I have added lot's of debug printk's to see what's happening and I found that the "cpu" counter, which is used to access the buffer's array elements (cpu_buffer = buffer->buffers[cpu]) in the ring_buffer_wake_waiters
function, exceeds the maximum number of total of total cores, namely in my case 24, which means, it should only run from 0..23. However, upon debugging, it runs up to 31, and thus causing a NULL pointer dereference (&cpu_buffer->irq_work).

After adding a return statement in case cpu > 24, the bug is no longer reproducible.

You can find the diff between v6.1-rc2 and the patched version with added debug log in [1].
The corresponding dmesg output can be found in [2].

I hope this gives you a good hint to find the root cause!

[1] https://paste.opensuse.org/e60601aa
[2] https://paste.opensuse.org/bf1398ce

Next message: Sasha Finkelstein: "Re: [PATCH v2 2/4] pwm: Add Apple PWM controller"
Previous message: Biju Das: "RE: [v3 2/3] pwm: Add Aspeed ast2600 PWM support"
In reply to: Takashi Iwai: "Re: [REGRESSION 6.0.x / 6.1.x] NULL dereferencing at tracing"
Next in thread: Steven Rostedt: "Re: [REGRESSION 6.0.x / 6.1.x] NULL dereferencing at tracing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]