Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933886Ab2EXXxk (ORCPT ); Thu, 24 May 2012 19:53:40 -0400 Received: from mga14.intel.com ([143.182.124.37]:22032 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932387Ab2EXXxM (ORCPT ); Thu, 24 May 2012 19:53:12 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.71,315,1320652800"; d="scan'208";a="147555203" Message-ID: <4FBEC9E6.8040301@linux.intel.com> Date: Thu, 24 May 2012 16:53:10 -0700 From: "H. Peter Anvin" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120430 Thunderbird/12.0.1 MIME-Version: 1.0 To: Steven Rostedt CC: Dave Jones , Linux Kernel , Frederic Weisbecker , Ingo Molnar , Andi Kleen Subject: Re: tracing ring_buffer_resize oops. References: <20120524160146.GA6226@redhat.com> <1337876398.13348.178.camel@gandalf.stny.rr.com> <20120524172223.GA10689@redhat.com> <1337902816.13348.224.camel@gandalf.stny.rr.com> In-Reply-To: <1337902816.13348.224.camel@gandalf.stny.rr.com> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2335 Lines: 48 On 05/24/2012 04:40 PM, Steven Rostedt wrote: > On Thu, 2012-05-24 at 13:22 -0400, Dave Jones wrote: > > I found a clue! > > >> [ 1013.243754] BUG: unable to handle kernel NULL pointer dereference at 0000000000000002 >> [ 1013.272665] IP: [] 0xffff880145cbffff >> [ 1013.285186] PGD 1401b2067 PUD 14324c067 PMD 0 >> [ 1013.298832] Oops: 0010 [#1] PREEMPT SMP >> [ 1013.310600] CPU 2 >> [ 1013.317904] Modules linked in: ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables crc32c_intel ghash_clmulni_intel microcode usb_debug serio_raw pcspkr iTCO_wdt i2c_i801 iTCO_vendor_support e1000e nfsd nfs_acl auth_rpcgss lockd sunrpc i915 video i2c_algo_bit drm_kms_helper drm i2c_core [last unloaded: scsi_wait_scan] >> [ 1013.401848] >> [ 1013.407399] Pid: 112, comm: kworker/2:1 Not tainted 3.4.0+ #30 >> [ 1013.437943] RIP: 8eb8:[] [] 0xffff880146309fff > > RIP is always near the GS segment. As GS points to the per_cpu area, we > may somehow be getting our GS screwed up. I'm not sure why that would > affect the RIP. Maybe stacks are not being processed properly somewhere? > > It's strange because I can either trigger it on the first try, or it > never triggers at all?? > Much more fundamentally, RIP should never leave the range [-2G, 0). What is happening here is almost certainly that we jump through something which isn't a function pointer. The other thing worth noting is that the code segment is not the standard Linux code segment, not even close; it *also* doesn't look like the typical Xen code segment. This makes be believe that we did an IRET with the stack pointer set to something other than a valid interrupt stack frame. Specifically, note that the value of R12 is the same value; R12 is a preserved register and may have been pushed onto the stack by something that wants to save it. Waitaminute... this isn't related to your using R12 to save a pointer to something, is it? > [ 1013.459871] RSP: ffffffff8165e919:ffff88014780f408 EFLAGS: 00010046 -hpa -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/