lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20111218055359.GA17182@localhost>
Date:	Sun, 18 Dec 2011 13:54:00 +0800
From:	Wu Fengguang <fengguang.wu@...el.com>
To:	"linux-ext4@...r.kernel.org" <linux-ext4@...r.kernel.org>
Cc:	linux-fsdevel@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
Subject: 3.2.0-rc5 NULL dereference BUG

This is very reproducible. It occurs in two of my test cases, with
different panic messages.

It also shows up in 3.2.0-rc3. Kernel config is attached.

In the test case

        snb/JBOD-4HDD-thresh=100M/ext4-100dd-1-3.2.0-rc5

panic dmesg is:

[  541.548310] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
[  541.558118] IP: [<ffffffff811ff00b>] perf_trace_ext4_mb_release_group_pa+0x81/0xd6
[  541.567553] PGD 0
[  541.570360] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[  541.576136] CPU 19
[  541.578358] Modules linked in:
[  541.583036]
[  541.585153] Pid: 4244, comm: flush-8:64 Tainted: G        W    3.2.0-rc5 #990 Intel Corporation SandyBridge Platform/To be filled by O.E.M.
[  541.600259] RIP: 0010:[<ffffffff811ff00b>]  [<ffffffff811ff00b>] perf_trace_ext4_mb_release_group_pa+0x81/0xd6
[  541.612406] RSP: 0018:ffff88041e901540  EFLAGS: 00010286
[  541.618812] RAX: ffffe8fbfe407250 RBX: ffff8807ff28a348 RCX: ffff880419de2200
[  541.627255] RDX: 0000000000000000 RSI: 0000000000000286 RDI: ffffe8fbfe407250
[  541.635698] RBP: ffff88041e901620 R08: ffff88041e901560 R09: 0000000000000000
[  541.644126] R10: ffffe8fffce07220 R11: ffffffff812162cf R12: ffffffff81ee4108
[  541.652554] R13: ffff88041e9016d0 R14: ffff8804153120d0 R15: ffff8804144767e0
[  541.661012] FS:  0000000000000000(0000) GS:ffff88042d400000(0000) knlGS:0000000000000000
[  541.670970] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  541.677858] CR2: 0000000000000028 CR3: 0000000001e91000 CR4: 00000000000406e0
[  541.686284] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  541.694740] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  541.703160] Process flush-8:64 (pid: 4244, threadinfo ffff88041e900000, task ffff880419de2290)
[  541.713657] Stack:
[  541.716373]  0000000000000000 0000000000000004 ffff88041e9015d0 ffff88041e901560
[  541.725845]  0000000000000000 0000000000000000 0000000000000000 0000000000000000
[  541.735225]  ffff88041e901670 0000000000000000 0000000000000000 0000000000000000
[  541.744730] Call Trace:
[  541.747939]  [<ffffffff8121383c>] ? ext4_mb_release_group_pa+0x40/0xfe
[  541.755708]  [<ffffffff8121383c>] ext4_mb_release_group_pa+0x40/0xfe
[  541.763270]  [<ffffffff8121630f>] ext4_mb_discard_group_preallocations+0x355/0x3eb
[  541.772598]  [<ffffffff8121925e>] ext4_mb_new_blocks+0x2fd/0x422
[  541.779788]  [<ffffffff81210bb8>] ext4_ext_map_blocks+0x14ba/0x19bd
[  541.787213]  [<ffffffff81099c65>] ? local_clock+0x41/0x5a
[  541.793723]  [<ffffffff810a554f>] ? __lock_acquire+0x564/0x932
[  541.800708]  [<ffffffff810a554f>] ? __lock_acquire+0x564/0x932
[  541.807694]  [<ffffffff811ec728>] ? ext4_map_blocks+0x103/0x221
[  541.814773]  [<ffffffff811ec759>] ext4_map_blocks+0x134/0x221
[  541.821647]  [<ffffffff811effad>] mpage_da_map_and_submit+0xef/0x404
[  541.829212]  [<ffffffff811f0a22>] ext4_da_writepages+0x350/0x505
[  541.836409]  [<ffffffff810a4a9c>] ? lock_release_holdtime+0xa3/0xac
[  541.843904]  [<ffffffff8110a08f>] do_writepages+0x24/0x2d
[  541.850406]  [<ffffffff8116eda2>] writeback_single_inode+0x126/0x2b4
[  541.857943]  [<ffffffff8116f600>] writeback_sb_inodes+0x17f/0x229
[  541.865229]  [<ffffffff8116fbe5>] __writeback_inodes_wb+0x78/0xb9
[  541.872501]  [<ffffffff8116fd63>] wb_writeback+0x13d/0x23a
[  541.879086]  [<ffffffff8117018e>] wb_do_writeback+0x19c/0x1b7
[  541.885979]  [<ffffffff81170235>] bdi_writeback_thread+0x8c/0x215
[  541.893254]  [<ffffffff811701a9>] ? wb_do_writeback+0x1b7/0x1b7
[  541.900339]  [<ffffffff8109445c>] kthread+0x8e/0x96
[  541.906233]  [<ffffffff819a7084>] kernel_thread_helper+0x4/0x10
[  541.913305]  [<ffffffff8199e474>] ? retint_restore_args+0x13/0x13
[  541.920596]  [<ffffffff810943ce>] ? __init_kthread_worker+0x5b/0x5b
[  541.928083]  [<ffffffff819a7080>] ? gs_change+0x13/0x13
[  541.934349] Code: 89 c2 4c 89 85 38 ff ff ff 48 8d 4d ec 41 0f b7 74 24 48 e8 15 4b 7a 00 4c 8b 85 38 ff ff ff 48 85 c0 74 50 48 8b 93 a0 00 00 00
[  541.953075]  8b 52 28 8b 52 10 89 50 0c 48 8b 93 80 00 00 00 48 89 50 10
[  541.963605] RIP  [<ffffffff811ff00b>] perf_trace_ext4_mb_release_group_pa+0x81/0xd6
[  541.973102]  RSP <ffff88041e901540>
[  541.977465] CR2: 0000000000000028
[  541.981703] ---[ end trace 606734373157fadb ]---

In another case fat/thresh=1M/ext4:wb-10dd-1-3.2.0-rc5-ioless-full+:

[  404.171336] BUG: unable to handle kernel NULL pointer dereference at 0000000000000178
[  404.171946] IP: [<ffffffff810a5092>] __lock_acquire+0x8b/0x932
[  404.172340] PGD a3dbb067 PUD a3dba067 PMD 0
[  404.172747] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[  404.173150] CPU 2
[  404.173249] Modules linked in:
[  404.173690]
[  404.173896] Pid: 4435, comm: dd Not tainted 3.2.0-rc5-ioless-full+ #989                  /DX58SO
[  404.174563] RIP: 0010:[<ffffffff810a5092>]  [<ffffffff810a5092>] __lock_acquire+0x8b/0x932
[  404.175143] RSP: 0018:ffff8800b37238d8  EFLAGS: 00010097
[  404.175481] RAX: 0000000000000000 RBX: 0000000000000170 RCX: 0000000000000000
[  404.175877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000170
[  404.176279] RBP: ffff8800b3723948 R08: 0000000000000000 R09: 0000000000000000
[  404.176686] R10: 0000000000000170 R11: ffffffff81175d30 R12: 0000000000000000
[  404.177085] R13: 0000000000000000 R14: ffff8800b18ac540 R15: 0000000000000000
[  404.177488] FS:  00007f27ad959700(0000) GS:ffff8800b8000000(0000) knlGS:0000000000000000
[  404.178038] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  404.178390] CR2: 0000000000000178 CR3: 00000000a3db8000 CR4: 00000000000006e0
[  404.178788] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  404.179187] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  404.179585] Process dd (pid: 4435, threadinfo ffff8800b3722000, task ffff8800b18ac540)
[  404.180116] Stack:
[  404.180370]  ffff8800b37238e8 ffffffff8103c1fb ffff8800b37238f8 0000000000000002
[  404.181051]  0000000000000000 0000000000008010 ffff8800be806c00 ffff8800a549db60
[  404.181707]  ffff8800b3723978 0000000000000000 0000000000000170 0000000000000000
[  404.182370] Call Trace:
[  404.182604]  [<ffffffff8103c1fb>] ? native_sched_clock+0x29/0x70
[  404.182962]  [<ffffffff810a5a16>] lock_acquire+0xdd/0x10a
[  404.183298]  [<ffffffff81175d30>] ? create_empty_buffers+0x4a/0xc1
[  404.183667]  [<ffffffff8199f563>] _raw_spin_lock+0x36/0x69
[  404.184013]  [<ffffffff81175d30>] ? create_empty_buffers+0x4a/0xc1
[  404.184384]  [<ffffffff81175d30>] create_empty_buffers+0x4a/0xc1
[  404.184752]  [<ffffffff811efc7b>] ext4_discard_partial_page_buffers_no_lock+0x9f/0x406
[  404.185302]  [<ffffffff8199ff2b>] ? _raw_spin_unlock+0x2b/0x2f
[  404.185659]  [<ffffffff81170b72>] ? __mark_inode_dirty+0x1ac/0x1cc
[  404.186027]  [<ffffffff8117673f>] ? generic_write_end+0x6d/0x7f
[  404.186388]  [<ffffffff811f1531>] ext4_da_write_end+0x244/0x2ed
[  404.186749]  [<ffffffff810ffeec>] generic_file_buffered_write+0x183/0x22d
[  404.187142]  [<ffffffff8107946a>] ? current_fs_time+0x27/0x2e
[  404.187495]  [<ffffffff8110198c>] __generic_file_aio_write+0x334/0x364
[  404.187875]  [<ffffffff8199e49c>] ? mutex_lock_nested+0x2e2/0x2f1
[  404.188240]  [<ffffffff81101a06>] ? generic_file_aio_write+0x4a/0xc1
[  404.188623]  [<ffffffff81101a22>] generic_file_aio_write+0x66/0xc1
[  404.188999]  [<ffffffff8106787f>] ? finish_task_switch+0x8a/0xf7
[  404.189374]  [<ffffffff811e9f6c>] ext4_file_write+0x1f9/0x251
[  404.189736]  [<ffffffff8118175a>] ? fsnotify+0x216/0x26f
[  404.190084]  [<ffffffff8114d3aa>] do_sync_write+0xce/0x10b
[  404.190436]  [<ffffffff8118175a>] ? fsnotify+0x216/0x26f
[  404.190777]  [<ffffffff811815ba>] ? fsnotify+0x76/0x26f
[  404.191110]  [<ffffffff8114db67>] vfs_write+0xb8/0x157
[  404.191451]  [<ffffffff8114de1e>] sys_write+0x4d/0x77
[  404.191790]  [<ffffffff819a6b42>] system_call_fastpath+0x16/0x1b
[  404.192162] Code: bd 08 00 00 be d5 0b 00 00 48 c7 c7 76 41 d3 81 83 3d 82 d2 9f 01 00 0f 85 a4 08 00 00 e9 bb 03 00 00 41 83 fc 01 77 13 44 89 e0 <4c> 8b 6c c3 08 4d 85 ed 0f 85 5b 03 00 00 eb 34 41 83 fc 07 76
[  404.195454] RIP  [<ffffffff810a5092>] __lock_acquire+0x8b/0x932
[  404.195857]  RSP <ffff8800b37238d8>
[  404.196135] CR2: 0000000000000178
[  404.196407] ---[ end trace 1a4a260a8830abb5 ]---

Thanks,
Fengguang

View attachment "config" of type "text/plain" (81139 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ