lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130419133250.GR4816@kernel.dk>
Date:	Fri, 19 Apr 2013 06:32:50 -0700
From:	Jens Axboe <axboe@...nel.dk>
To:	Tejun Heo <tj@...nel.org>
Cc:	Wanlong Gao <gaowanlong@...fujitsu.com>,
	Steven Rostedt <rostedt@...dmis.org>, namhyung@...il.com,
	agk@...hat.com, dm-devel@...hat.com, neilb@...e.de,
	LKML <linux-kernel@...r.kernel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Chris Mason <chris.mason@...ionio.com>,
	linux-btrfs@...r.kernel.org
Subject: Re: [BUG REPORT] Kernel panic on 3.9.0-rc7-4-gbb33db7

On Thu, Apr 18 2013, Tejun Heo wrote:
> (cc'ing btrfs people)
> 
> On Fri, Apr 19, 2013 at 11:33:20AM +0800, Wanlong Gao wrote:
> > RIP: 0010:[<ffffffff812484d3>]  [<ffffffff812484d3>] ftrace_raw_event_block_bio_complete+0x73/0xf0
> ...
> >  [<ffffffff811b6c10>] bio_endio+0x80/0x90
> >  [<ffffffffa0790d26>] btrfs_end_bio+0xf6/0x190 [btrfs]
> >  [<ffffffff811b6bcd>] bio_endio+0x3d/0x90
> >  [<ffffffff81249873>] req_bio_endio+0xa3/0xe0
> 
> Ugh....
> 
> In fs/btrfs/volumes.c
> 
>   static void bbio_error(struct btrfs_bio *bbio, struct bio *bio, u64 logical)
>   {
> 	...
> 		bio->bi_bdev = (struct block_device *)
> 			       	       (unsigned long)bbio->mirror_num;
> 	...
>   }
> 
>   static void btrfs_end_bio(struct bio *bio, int err)
>   {
> 	...
> 		bio->bi_bdev = (struct block_device *)
> 					(unsigned long)bbio->mirror_num;
> 									
> 	...
>   }
> 
> In fs/btrfs/extent_io.c
> 
>   static void end_bio_extent_readpage(struct bio *bio, int err)
>   {
> 	int mirror;
> 	...
> 		mirror = (int)(unsigned long)bio->bi_bdev;
> 	...
>   }
> 
> Ewweeeeeeeeeeeeeeeeeehh........
> 
> No wonder this thing crashes.  Chris, can't the original bio carry
> bbio in bi_private and let end_bio_extent_readpage() free the bbio
> instead of abusing bi_bdev like this?

Ugh, wtf.

Chris, time for a swim in the bay :-)

-- 
Jens Axboe

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ