From: Eric Sesterhenn <snakebyte@gmx.de>
To: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Cc: Kamalesh Babulal <kamalesh@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org, josh@freedesktop.org,
dipankar@in.ibm.com
Subject: Re: [BUG] NULL pointer deref with rcutorture
Date: Mon, 5 Jan 2009 19:56:55 +0100 [thread overview]
Message-ID: <20090105185655.GA11244@alice> (raw)
In-Reply-To: <20090105180037.GH6959@linux.vnet.ibm.com>
* Paul E. McKenney (paulmck@linux.vnet.ibm.com) wrote:
> On Mon, Jan 05, 2009 at 01:14:09PM +0100, Eric Sesterhenn wrote:
> > * Paul E. McKenney (paulmck@linux.vnet.ibm.com) wrote:
> >
> > Could the popular rcu function be registered by rcutorture, but when
> > we remove the module the callback is no longer valid? I can compile
> > a kernel just fine and with other stress tests i did not see any oops so
> > far.
>
> One approach would be to print out the address of rcutorture's RCU
> callbacks at rcutorture module initialization time (in rcu_torture_init()
> in kernel/rcutorture.c). The two callbacks are rcu_torture_cb() and
> rcu_bh_torture_wakeme_after_cb(). Unless you are specifying the
> "torture_type" parameter to rcutorture, only the first one should be in
> use.
with a printk(KERN_ERR "rcu_torture_cb: %p rcu_bh_torture_wakeme_after_cb:
%p\n", rcu_torture_cb, rcu_bh_torture_wakeme_after_cb);
[ 65.135468] rcu_torture_cb: d0af7d1b rcu_bh_torture_wakeme_after_cb:
d0af7bec
[ 65.135672] rcu-torture:--- Start of test: nreaders=2 nfakewriters=4
stat_interval=0 verbose=0 test_no_idle_hz=0 shuffle_interval=3 stutter=5
irqreader=1
[ 71.171603] BUG: unable to handle kernel NULL pointer dereference at
(null)
[ 71.171954] IP: [<d0af7a0f>] 0xd0af7a0f
[ 71.192822] *pde = 00000000
[ 71.196513] Oops: 0002 [#1] PREEMPT DEBUG_PAGEALLOC
[ 71.196826] last sysfs file: /sys/block/ram9/range
[ 71.197010] Modules linked in: [last unloaded: rcutorture]
[ 71.197010]
[ 71.197010] Pid: 4861, comm: rcu_torture_wri Tainted: G W
(2.6.28-05716-gfe0bdec-dirty #171) System Name
[ 71.197010] EIP: 0060:[<d0af7a0f>] EFLAGS: 00010282 CPU: 0
[ 71.197010] EIP is at 0xd0af7a0f
[ 71.197010] EAX: 00000000 EBX: d0afbc20 ECX: c04f5cef EDX: c98abf7c
[ 71.197010] ESI: d0af7df0 EDI: 00000000 EBP: c98abfc4 ESP: c98abfc4
[ 71.197010] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068
[ 71.197010] Process rcu_torture_wri (pid: 4861, ti=c98ab000
task=c9890d00 task.ti=c98ab000)
[ 71.197010] Stack:
[ 71.197010] c98abfd0 d0af7eeb 00000000 c98abfe0 c0137364 c0137326
00000000 00000000
[ 71.197010] c0103643 c981fea4 00000000 00000000 00000000 00000000
00000000
[ 71.197010] Call Trace:
[ 71.197010] [<c0137364>] ? kthread+0x3e/0x66
[ 71.197010] [<c0137326>] ? kthread+0x0/0x66
[ 71.197010] [<c0103643>] ? kernel_thread_helper+0x7/0x10
[ 71.197010] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 <00> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 71.197010] EIP: [<d0af7a0f>] 0xd0af7a0f SS:ESP 0068:c98abfc4
[ 71.301103] ---[ end trace 4eaa2a86a8e2da22 ]---
If i interpret this correctly, this corresponds to
000009e8 <rcu_stutter_wait>:
9e8: 55 push %ebp
9e9: 89 e5 mov %esp,%ebp
9eb: e8 fc ff ff ff call 9ec <rcu_stutter_wait+0x4>
9f0: eb 1d jmp a0f <rcu_stutter_wait+0x27>
9f2: 83 3d 00 00 00 00 00 cmpl $0x0,0x0
9f9: b8 01 00 00 00 mov $0x1,%eax
9fe: 75 0a jne a0a <rcu_stutter_wait+0x22>
a00: b8 e8 03 00 00 mov $0x3e8,%eax
a05: e8 fc ff ff ff call a06 <rcu_stutter_wait+0x1e>
a0a: e8 fc ff ff ff call a0b <rcu_stutter_wait+0x23>
a0f: 83 3d 6c 00 00 00 00 cmpl $0x0,0x6c
^---------- this line
a16: 75 09 jne a21 <rcu_stutter_wait+0x39>
a18: 83 3d 00 00 00 00 00 cmpl $0x0,0x0
a1f: 75 09 jne a2a <rcu_stutter_wait+0x42>
a21: 83 3d 50 1a 00 00 00 cmpl $0x0,0x1a50
a28: 74 c8 je 9f2 <rcu_stutter_wait+0xa>
a2a: 5d pop %ebp
a2b: c3 ret
Greetings, Eric
next prev parent reply other threads:[~2009-01-05 18:57 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-02 11:18 [BUG] NULL pointer deref with rcutorture Eric Sesterhenn
2009-01-02 17:58 ` Paul E. McKenney
2009-01-02 18:53 ` Kamalesh Babulal
2009-01-02 19:53 ` Paul E. McKenney
2009-01-02 23:12 ` Eric Sesterhenn
2009-01-03 1:57 ` Paul E. McKenney
[not found] ` <20090103094003.GA6149@alice>
[not found] ` <20090104013254.GG6958@linux.vnet.ibm.com>
2009-01-04 14:57 ` Eric Sesterhenn
2009-01-04 21:13 ` Paul E. McKenney
2009-01-04 23:38 ` Eric Sesterhenn
2009-01-05 2:28 ` Paul E. McKenney
2009-01-05 12:14 ` Eric Sesterhenn
2009-01-05 18:00 ` Paul E. McKenney
2009-01-05 18:56 ` Eric Sesterhenn [this message]
2009-01-05 19:36 ` Paul E. McKenney
2009-01-05 20:01 ` Eric Sesterhenn
2009-01-05 20:16 ` Paul E. McKenney
2009-01-05 20:31 ` Eric Sesterhenn
2009-01-05 22:18 ` Paul E. McKenney
2009-01-06 0:29 ` Paul E. McKenney
2009-01-06 2:15 ` Paul E. McKenney
2009-01-06 7:47 ` Eric Sesterhenn
2009-01-06 12:48 ` Paul E. McKenney
2009-01-07 19:46 ` Paul E. McKenney
2009-01-07 20:19 ` Eric Sesterhenn
2009-01-07 22:06 ` Paul E. McKenney
2009-01-07 22:34 ` Eric Sesterhenn
2009-01-07 22:48 ` Paul E. McKenney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090105185655.GA11244@alice \
--to=snakebyte@gmx.de \
--cc=dipankar@in.ibm.com \
--cc=josh@freedesktop.org \
--cc=kamalesh@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=paulmck@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox