Core dump analysis

Core dump analysis

This coredump was analyzed several days ago. https://blog.csdn.net/mounter625/article/details/112101583， in this link.
Today I confronted this problem again in another kernel version.
So I analyzed this coredump again.
From the following errors, it is a "BUG: kernel NULL pointer dereference, address: 0000000000000060" problem.

"
[  405.827128] CPU: 0 PID: 5383 Comm: kworker/0:2 Kdump: loaded Tainted: G S         OE     5.10.7 #30
[  405.827130] Hardware name: Intel Corporation S2600GZ/S2600GZ, BIOS SE5C600.86B.02.02.0002.122320131210 12/23/2013
[  405.827135] Workqueue: events work_for_cpu_fn
[  405.827140] RIP: 0010:bus_add_device+0x60/0x140
[  405.827142] Code: 49 8b 74 24 20 48 89 df e8 2d a3 ff ff 89 c5 85 c0 75 7c 48 8b 53 50 48 85 d2 75 03 48 8b 13 49 8b 84 24 a0 00 00 00 48 89 de <48> 8b 78 60 48 83 c7 18 e8 e3 56 da ff 89 c5 85 c0 75 45 48 8b 43
[  405.827144] RSP: 0018:ffffaa7e0625bd90 EFLAGS: 00010246
[  405.827146] RAX: 0000000000000000 RBX: ffff9ec648670c20 RCX: 0000000000000000
[  405.827148] RDX: ffff9ec67b36a1c0 RSI: ffff9ec648670c20 RDI: ffff9ec648670c20
[  405.827150] RBP: 0000000000000000 R08: 0000000000000044 R09: 0000000000000228
[  405.827151] R10: ffff9ec6217e1c10 R11: ffff9ec60018d9d0 R12: ffffffffc04ba120
[  405.827153] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  405.827155] FS:  0000000000000000(0000) GS:ffff9ec92ea00000(0000) knlGS:0000000000000000
[  405.827156] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  405.827158] CR2: 0000000000000060 CR3: 0000000466d6e003 CR4: 00000000000606f0
[  405.827159] Call Trace:
[  405.827164]  device_add+0x3ba/0x7a0
[  405.827184]  ice_probe+0xa8c/0x10f0 [ice]
[  405.827189]  local_pci_probe+0x42/0x80
[  405.827192]  work_for_cpu_fn+0x16/0x20
[  405.827195]  process_one_work+0x1a4/0x340
[  405.827198]  ? process_one_work+0x340/0x340
[  405.827200]  worker_thread+0x1c9/0x370
[  405.827202]  ? process_one_work+0x340/0x340
[  405.827205]  kthread+0x116/0x130
[  405.827207]  ? kthread_park+0x80/0x80
[  405.827211]  ret_from_fork+0x22/0x30
"

The error line is "RIP: 0010:bus_add_device+0x60/0x140".

After configuring crash tools,
"
crash> dis -lr bus_add_device+0x60
/images/yzhu/stable-linux/drivers/base/bus.c: 446
0xffffffffa1e28560 <bus_add_device>:    data32 data32 data32 xchg %ax,%ax [FTRACE NOP]
/images/yzhu/stable-linux/drivers/base/bus.c: 447
0xffffffffa1e28565 <bus_add_device+5>:  push   %r12
0xffffffffa1e28567 <bus_add_device+7>:  push   %rbp
0xffffffffa1e28568 <bus_add_device+8>:  xor    %ebp,%ebp
0xffffffffa1e2856a <bus_add_device+10>: push   %rbx
0xffffffffa1e2856b <bus_add_device+11>: mov    0x60(%rdi),%r12
/images/yzhu/stable-linux/drivers/base/bus.c: 44
0xffffffffa1e2856f <bus_add_device+15>: test   %r12,%r12
0xffffffffa1e28572 <bus_add_device+18>: je     0xffffffffa1e2863e <bus_add_device+222>
0xffffffffa1e28578 <bus_add_device+24>: mov    %rdi,%rbx
/images/yzhu/stable-linux/drivers/base/bus.c: 45
0xffffffffa1e2857b <bus_add_device+27>: mov    0xa0(%r12),%rdi
/images/yzhu/stable-linux/./include/linux/kobject.h: 213
0xffffffffa1e28583 <bus_add_device+35>: test   %rdi,%rdi
0xffffffffa1e28586 <bus_add_device+38>: je     0xffffffffa1e28591 <bus_add_device+49>
0xffffffffa1e28588 <bus_add_device+40>: add    $0x18,%rdi
0xffffffffa1e2858c <bus_add_device+44>: callq  0xffffffffa1cdcd90 <kobject_get>
/images/yzhu/stable-linux/./arch/x86/include/asm/jump_label.h: 25
0xffffffffa1e28591 <bus_add_device+49>: data32 data32 data32 xchg %ax,%ax
/images/yzhu/stable-linux/drivers/base/bus.c: 452
0xffffffffa1e28596 <bus_add_device+54>: mov    0x20(%r12),%rsi
0xffffffffa1e2859b <bus_add_device+59>: mov    %rbx,%rdi
0xffffffffa1e2859e <bus_add_device+62>: callq  0xffffffffa1e228d0 <device_add_groups>
0xffffffffa1e285a3 <bus_add_device+67>: mov    %eax,%ebp
/images/yzhu/stable-linux/drivers/base/bus.c: 453
0xffffffffa1e285a5 <bus_add_device+69>: test   %eax,%eax
0xffffffffa1e285a7 <bus_add_device+71>: jne    0xffffffffa1e28625 <bus_add_device+197>
/images/yzhu/stable-linux/./include/linux/device.h: 612
0xffffffffa1e285a9 <bus_add_device+73>: mov    0x50(%rbx),%rdx
0xffffffffa1e285ad <bus_add_device+77>: test   %rdx,%rdx
0xffffffffa1e285b0 <bus_add_device+80>: jne    0xffffffffa1e285b5 <bus_add_device+85>
/images/yzhu/stable-linux/./include/linux/device.h: 615
0xffffffffa1e285b2 <bus_add_device+82>: mov    (%rbx),%rdx
/images/yzhu/stable-linux/./include/linux/kobject.h: 90
0xffffffffa1e285b5 <bus_add_device+85>: mov    0xa0(%r12),%rax
0xffffffffa1e285bd <bus_add_device+93>: mov    %rbx,%rsi
0xffffffffa1e285c0 <bus_add_device+96>: mov    0x60(%rax),%rdi
"
This line:
"
0xffffffffa1e285c0 <bus_add_device+96>: mov    0x60(%rax),%rdi
"

From the above, "RAX: 0000000000000000", so "mov 0x60(%rax),%rdi" causes kernel crash.

The content is rax is NULL.

rax is set in this line "mov    0xa0(%r12),%rax".

From 
"
drivers/base/bus.c: 452
0xffffffffa1e28596 <bus_add_device+54>: mov    0x20(%r12),%rsi
"

crash> dis -s bus_add_device
FILE: drivers/base/bus.c
LINE: 446

  441    * - Add device's bus attributes.
  442    * - Create links to device's bus.
  443    * - Add the device to its bus's list of devices.
  444    */
  445   int bus_add_device(struct device *dev)
* 446   {
  447           struct bus_type *bus = bus_get(dev->bus);
  448           int error = 0;
  449   
  450           if (bus) {
  451                   pr_debug("bus: '%s': add device %s\n", bus->name, dev_name(dev));
  452                   error = device_add_groups(dev, bus->dev_groups);
  453                   if (error)
  454                           goto out_put;
  455                   error = sysfs_create_link(&bus->p->devices_kset->kobj,
  456                                                   &dev->kobj, dev_name(dev));
  457                   if (error)
  458                           goto out_groups;
  459                   error = sysfs_create_link(&dev->kobj,
  460                                   &dev->bus->p->subsys.kobj, "subsystem");
  461                   if (error)
  462                           goto out_subsys;
  463                   klist_add_tail(&dev->p->knode_bus, &bus->p->klist_devices);
  464           }
  465           return 0;
  466   
  467   out_subsys:
  468           sysfs_remove_link(&bus->p->devices_kset->kobj, dev_name(dev));
  469   out_groups:
  470           device_remove_groups(dev, bus->dev_groups);
  471   out_put:
  472           bus_put(dev->bus);
  473           return error;
  474   }

452                   error = device_add_groups(dev, bus->dev_groups);

From this "bus->dev_groups" and the following "[32] const struct attribute_group **dev_groups;"
r12 contained struct bus_type.

crash> struct bus_type -o
struct bus_type {
    [0] const char *name;
    [8] const char *dev_name;
   [16] struct device *dev_root;
   [24] const struct attribute_group **bus_groups;
   [32] const struct attribute_group **dev_groups;
   [40] const struct attribute_group **drv_groups;
   [48] int (*match)(struct device *, struct device_driver *);
   [56] int (*uevent)(struct device *, struct kobj_uevent_env *);
   [64] int (*probe)(struct device *);
   [72] void (*sync_state)(struct device *);
   [80] int (*remove)(struct device *);
   [88] void (*shutdown)(struct device *);
   [96] int (*online)(struct device *);
  [104] int (*offline)(struct device *);
  [112] int (*suspend)(struct device *, pm_message_t);
  [120] int (*resume)(struct device *);
  [128] int (*num_vf)(struct device *);
  [136] int (*dma_configure)(struct device *);
  [144] const struct dev_pm_ops *pm;
  [152] const struct iommu_ops *iommu_ops;
  [160] struct subsys_private *p;
  [168] struct lock_class_key lock_key;
  [168] bool need_parent_lock;
}

And "[160] struct subsys_private *p;" is NULL. So this crash occrred.