lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Thu, 26 Jun 2014 10:03:29 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Tejun Heo <tj@...nel.org>
Cc:	Dave Hansen <dave.hansen@...el.com>,
	LKML <linux-kernel@...r.kernel.org>, lkp@...org,
	Jet Chen <jet.chen@...el.com>
Subject: [block] BUG: unable to handle kernel NULL pointer dereference at
 0000000000000028

Tejun,

In commit 09571194a9846177bea3afd18458312546112702 ("block, blk-mq:
draining can't be skipped even if bypass_depth was non-zero")

+------------------------------------------------------+------------+------------+
|                                                      | f5372ab3d2 | 09571194a9 |
+------------------------------------------------------+------------+------------+
| boot_successes                                       | 25         | 19         |
| early-boot-hang                                      | 1          |            |
| boot_failures                                        | 0          | 6          |
| BUG:kernel_test_crashed                              | 0          | 1          |
| BUG:unable_to_handle_kernel_NULL_pointer_dereference | 0          | 5          |
| Oops                                                 | 0          | 5          |
| RIP:blk_throtl_drain                                 | 0          | 5          |
| kernel_BUG_at_arch/x86/mm/pageattr.c                 | 0          | 5          |
| invalid_opcode                                       | 0          | 5          |
| RIP:change_page_attr_set_clr                         | 0          | 5          |
| Kernel_panic-not_syncing:Fatal_exception             | 0          | 5          |
| backtrace:scsi_debug_exit                            | 0          | 5          |
| backtrace:SyS_delete_module                          | 0          | 5          |
+------------------------------------------------------+------------+------------+


[ 5703.793032]  sda: unknown partition table
[ 5703.798102] sd 2:0:0:0: [sda] Attached SCSI disk
[ 5706.076059] sd 2:0:0:0: [sda] Synchronizing SCSI cache
[ 5706.078586] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
[ 5706.079351] IP: [<ffffffff813cdbb0>] blk_throtl_drain+0x30/0x150
[ 5706.079351] PGD 0 
[ 5706.079351] Oops: 0000 [#1] SMP 
[ 5706.079351] Modules linked in: sd_mod scsi_debug(-) crct10dif_generic crc_t10dif crct10dif_common loop dm_mod fuse sg sr_mod cdrom ata_generic pata_acpi parport_pc parport snd_pcm floppy cirrus syscopyarea sysfillrect sysimgblt ttm drm_kms_helper snd_timer snd soundcore drm pcspkr ata_piix libata i2c_piix4
[ 5706.079351] CPU: 3 PID: 22026 Comm: rmmod Not tainted 3.16.0-rc1-wl-00737-g114249b #1
[ 5706.079351] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 5706.079351] task: ffff8801155f1d80 ti: ffff880100e9c000 task.ti: ffff880100e9c000
[ 5706.079351] RIP: 0010:[<ffffffff813cdbb0>]  [<ffffffff813cdbb0>] blk_throtl_drain+0x30/0x150
[ 5706.079351] RSP: 0018:ffff880100e9fb60  EFLAGS: 00010046
[ 5706.079351] RAX: 0000000000000000 RBX: ffff88007f8b2eb0 RCX: ffff8800974c77a0
[ 5706.079351] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 5706.079351] RBP: ffff880100e9fb78 R08: 0000000000000000 R09: 0000000000000046
[ 5706.079351] R10: ffff880100e9fb78 R11: 0000000000000000 R12: ffff88007f8b2eb0
[ 5706.079351] R13: ffff8800863ef300 R14: ffff88007f8b3508 R15: ffff88008a3c2120
[ 5706.079351] FS:  00007fac6a962700(0000) GS:ffff88011fd80000(0000) knlGS:0000000000000000
[ 5706.079351] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 5706.079351] CR2: 0000000000000028 CR3: 0000000110261000 CR4: 00000000000006e0
[ 5706.079351] Stack:
[ 5706.079351]  ffff88007f8b2eb0 0000000000000000 ffff88007f8b3518 ffff880100e9fb88
[ 5706.079351]  ffffffff813cabee ffff880100e9fbb8 ffffffff813afcec ffff88007f8b2eb0
[ 5706.079351]  ffffffff81cf8760 ffff88007f8b2eb0 ffff88008a3c2000 ffff880100e9fbd0
[ 5706.079351] Call Trace:
[ 5706.079351]  [<ffffffff813cabee>] blkcg_drain_queue+0xe/0x10
[ 5706.079351]  [<ffffffff813afcec>] __blk_drain_queue+0x7c/0x180
[ 5706.079351]  [<ffffffff813afe7e>] blk_queue_bypass_start+0x8e/0xd0
[ 5706.079351]  [<ffffffff813c9d98>] blkcg_deactivate_policy+0x38/0x140
[ 5706.079351]  [<ffffffff813cde04>] blk_throtl_exit+0x34/0x50
[ 5706.079351]  [<ffffffff813cac38>] blkcg_exit_queue+0x48/0x70
[ 5706.079351]  [<ffffffff813b3546>] blk_release_queue+0x26/0x100
[ 5706.079351]  [<ffffffff813dbd17>] kobject_cleanup+0x77/0x1b0
[ 5706.079351]  [<ffffffff813dbbc8>] kobject_put+0x28/0x60
[ 5706.079351]  [<ffffffff813acb85>] blk_put_queue+0x15/0x20
[ 5706.079351]  [<ffffffff8151ed0b>] scsi_device_dev_release_usercontext+0xbb/0x120
[ 5706.079351]  [<ffffffff810876c7>] execute_in_process_context+0x67/0x70
[ 5706.079351]  [<ffffffff8151ec4c>] scsi_device_dev_release+0x1c/0x20
[ 5706.079351]  [<ffffffff814ddc02>] device_release+0x32/0xa0
[ 5706.079351]  [<ffffffff813dbd17>] kobject_cleanup+0x77/0x1b0
[ 5706.079351]  [<ffffffff813dbbc8>] kobject_put+0x28/0x60
[ 5706.079351]  [<ffffffff814ddef7>] put_device+0x17/0x20
[ 5706.079351]  [<ffffffff8151f759>] __scsi_remove_device+0xa9/0xe0
[ 5706.079351]  [<ffffffff8151dd04>] scsi_forget_host+0x64/0x70
[ 5706.079351]  [<ffffffff81512207>] scsi_remove_host+0x77/0x120
[ 5706.079351]  [<ffffffffa01c75a9>] sdebug_driver_remove+0x29/0x90 [scsi_debug]
[ 5706.079351]  [<ffffffff814e218f>] __device_release_driver+0x7f/0xf0
[ 5706.079351]  [<ffffffff814e2223>] device_release_driver+0x23/0x30
[ 5706.079351]  [<ffffffff814e1b28>] bus_remove_device+0x108/0x180
[ 5706.079351]  [<ffffffff814de429>] device_del+0x129/0x1c0
[ 5706.079351]  [<ffffffff814de4de>] device_unregister+0x1e/0x60
[ 5706.079351]  [<ffffffffa01c6efc>] sdebug_remove_adapter+0x4c/0x70 [scsi_debug]
[ 5706.079351]  [<ffffffffa01cb52d>] scsi_debug_exit+0x19/0xaec [scsi_debug]
[ 5706.079351]  [<ffffffff810ea4fe>] SyS_delete_module+0x12e/0x1c0
[ 5706.079351]  [<ffffffff818363a2>] ? int_signal+0x12/0x17
[ 5706.079351]  [<ffffffff818360e9>] system_call_fastpath+0x16/0x1b
[ 5706.079351] Code: 55 65 ff 04 25 a0 c7 00 00 48 89 e5 41 55 41 54 49 89 fc 53 4c 8b af 40 07 00 00 49 8b 85 a0 00 00 00 31 ff 48 8b 80 c8 05 00 00 <48> 8b 70 28 e8 f7 9b d2 ff 48 85 c0 48 89 c3 74 61 0f 1f 80 00 
[ 5706.079351] RIP  [<ffffffff813cdbb0>] blk_throtl_drain+0x30/0x150
[ 5706.079351]  RSP <ffff880100e9fb60>
[ 5706.079351] CR2: 0000000000000028
[ 5706.079351] ------------[ cut here ]------------

Thanks,
Fengguang

View attachment "reproduce" of type "text/plain" (1760 bytes)

View attachment ".dmesg" of type "text/plain" (39493 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ