Re: [REGRESSION 6.0.x / 6.1.x] NULL dereferencing at tracing
From: Takashi Iwai
Date: Tue Nov 01 2022 - 04:21:50 EST
On Mon, 31 Oct 2022 19:48:50 +0100,
Steven Rostedt wrote:
>
> On Mon, 31 Oct 2022 08:11:28 +0100
> Takashi Iwai <tiwai@xxxxxxx> wrote:
>
> > Hi Steven,
> >
> > we've got a bug report indicating the NULL dereference at the recent
> > tracing changes, showing at the start of KDE. The details including
> > the dmesg are found at:
> > https://bugzilla.opensuse.org/show_bug.cgi?id=1204705
> >
> > It was reported at first for 6.0.3, and confirmed that the problem
> > persists with 6.1-rc, too.
> >
> > The culprit seems to be the commit
> > f3ddb74ad0790030c9592229fb14d8c451f4e9a8
> > tracing: Wake up ring buffer waiters on closing of the file
> > and reverting it seems fixing the problem.
> >
> > Could you take a look?
> >
> >
>
> Can you apply this to see if it fixes it?
>
> I'm guessing there's a path to the release of the file descriptor where
> the ring buffer isn't allocated (and this expected it to be).
>
> I'll investigate further to see if I can find that path.
For avoiding confusion: the follow up post in this thread
https://lore.kernel.org/71829e56-a13f-0462-37a7-a4d64c16f561@xxxxxxxxx
is from Alex, who is the original bug reporter on openSUSE Bugzilla.
The test result looks negative, unfortunately.
Takashi
>
> -- Steve
>
> diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
> index 199759c73519..c1c7ce4c6ddb 100644
> --- a/kernel/trace/ring_buffer.c
> +++ b/kernel/trace/ring_buffer.c
> @@ -937,6 +937,9 @@ void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu)
> struct ring_buffer_per_cpu *cpu_buffer;
> struct rb_irq_work *rbwork;
>
> + if (!buffer)
> + return;
> +
> if (cpu == RING_BUFFER_ALL_CPUS) {
>
> /* Wake up individual ones too. One level recursion */
>