lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130613014742.GA8079@localhost>
Date:	Thu, 13 Jun 2013 09:47:44 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Nicholas Bellinger <nab@...ux-iscsi.org>
Cc:	linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [__blk_mq_run_hw_queue] BUG: unable to handle kernel NULL pointer
 dereference at 0000000000000008

On Thu, Jun 13, 2013 at 09:30:32AM +0800, Fengguang Wu wrote:
> Greetings,
> 
> I got the below dmesg and the first bad commit is
> 
> commit a256ba092ec57213f96059d41ac5473ff92f5e7c
> Author: Nicholas Bellinger <nab@...ux-iscsi.org>
> Date:   Sat May 18 02:40:43 2013 -0700
> 
>     scsi: Split scsi_dispatch_cmd into __scsi_dispatch_cmd setup
>     
>     Signed-off-by: Nicholas Bellinger <nab@...ux-iscsi.org>
> 
> 
> [   29.326637]  vda: unknown partition table
> [   29.386474] ------------[ cut here ]------------
> [   29.388453] WARNING: at /c/kernel-tests/src/stable/fs/sysfs/dir.c:530 sysfs_add_one+0x96/0xaa()
> [   29.391061] sysfs: cannot create duplicate filename '/devices/pci0000:00/0000:00:05.0/virtio1/block/vda/mq/0/cpu0'
> [   29.403737] Modules linked in:
> [   29.406289] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.10.0-rc4-13319-g10adcdf #541
> [   29.407936] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
> [   29.410433]  ffffffff81d9d860 ffff88001df65958 ffffffff81994579 ffff88001df65998
> [   29.416742]  ffffffff81068740 ffff88001bf6f000 ffff88001df659a8 ffff88001bf6f000
> [   29.418708]  ffff88001b8fee60 00000000ffffffef ffff88001df65a48 ffff88001df659f8
> [   29.431422] Call Trace:
> [   29.433133]  [<ffffffff81994579>] dump_stack+0x19/0x1b
> [   29.434352]  [<ffffffff81068740>] warn_slowpath_common+0x67/0x80
> [   29.435606]  [<ffffffff810687fc>] warn_slowpath_fmt+0x46/0x48
> [   29.437753]  [<ffffffff811c0130>] sysfs_add_one+0x96/0xaa
> [   29.439068]  [<ffffffff811c02b5>] create_dir+0x70/0xb2
> [   29.451011]  [<ffffffff811c05b6>] sysfs_create_dir+0x9d/0xbb
> [   29.453076]  [<ffffffff81461f19>] kobject_add_internal+0x11e/0x222
> [   29.454405]  [<ffffffff81462220>] kobject_add+0x8b/0xa4
> [   29.455543]  [<ffffffff8144b70d>] ? blk_mq_register_disk+0x72/0x18d
> [   29.457534]  [<ffffffff8144b7bc>] blk_mq_register_disk+0x121/0x18d
> [   29.458956]  [<ffffffff81444464>] blk_register_queue+0xb1/0x121
> [   29.470939]  [<ffffffff8144d0b1>] ? disk_part_iter_next+0x27/0x126
> [   29.473011]  [<ffffffff8144df8f>] add_disk+0x33b/0x45b
> [   29.474129]  [<ffffffff815518fc>] virtblk_probe+0x4d6/0x5da
> [   29.475266]  [<ffffffff8153e7e5>] ? driver_probe_device+0x2f7/0x2f7
> [   29.477436]  [<ffffffff814e915b>] virtio_dev_probe+0xba/0xf9
> [   29.478740]  [<ffffffff8153e60a>] driver_probe_device+0x11c/0x2f7
> [   29.490567]  [<ffffffff8153e848>] __driver_attach+0x63/0x86
> [   29.491880]  [<ffffffff8153c868>] bus_for_each_dev+0x5f/0x91
> [   29.493903]  [<ffffffff8153df8d>] driver_attach+0x1e/0x20
> [   29.495102]  [<ffffffff8153dbbe>] bus_add_driver+0x11d/0x241
> [   29.497041]  [<ffffffff8153ee52>] driver_register+0x96/0x11c
> [   29.498262]  [<ffffffff82358d87>] ? loop_init+0x147/0x147
> [   29.499433]  [<ffffffff814e9303>] register_virtio_driver+0x2b/0x30
> [   29.511350]  [<ffffffff82358ddb>] init+0x54/0x8b
> [   29.513134]  [<ffffffff8100028d>] do_one_initcall+0xa0/0x137
> [   29.514312]  [<ffffffff82314e1a>] kernel_init_freeable+0x13c/0x1cb
> [   29.515532]  [<ffffffff823146ee>] ? do_early_param+0x8d/0x8d
> [   29.517357]  [<ffffffff8197dee9>] ? rest_init+0xdd/0xdd
> [   29.518558]  [<ffffffff8197def7>] kernel_init+0xe/0xdb
> [   29.527871]  [<ffffffff819a641c>] ret_from_fork+0x7c/0xb0
> [   29.529838]  [<ffffffff8197dee9>] ? rest_init+0xdd/0xdd
> [   29.531584] ---[ end trace dfaab53c7b1f7bcc ]---

Note that its parent commit 5754ab54c1b28888e9700550585c5729fccbd15f
(which is not necessarily the first bad commit) has another BUG.
Attached are 3 dmesg files which show the same stack trace.

[  147.913606] brd: module loaded
[  149.169462] loop: module loaded
[  149.297799] blk-mq: CPU -> queue map
[  149.298999]   CPU 0 -> Queue 0
[  149.624693] INFO: trying to register non-static key.
[  149.624988] the code is fine but needs lockdep annotation.
[  149.624988] turning off the locking correctness validator.
[  149.624988] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.10.0-rc3-00011-g5754ab5 #131
[  149.624988] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
[  149.624988]  ffff88001ed18000 ffff88001ed134c8 ffffffff8190e5c9 ffff88001ed13538
[  149.624988]  ffffffff810854bc 0000000000000000 0000000000000000 0000000000000000
[  149.624988]  ffffffff81086394 ffff88001ed13518 0000000200000000 ffff88001f1d44c0
[  149.624988] Call Trace:
[  149.624988]  [<ffffffff8190e5c9>] dump_stack+0x19/0x1b
[  149.624988]  [<ffffffff810854bc>] __lock_acquire+0x842/0x951
[  149.624988]  [<ffffffff81086394>] ? trace_hardirqs_on_caller+0x14e/0x1aa
[  149.624988]  [<ffffffff81085b25>] lock_acquire+0xdb/0x127
[  149.624988]  [<ffffffff813f2042>] ? __blk_mq_run_hw_queue+0x8d/0x385
[  149.624988]  [<ffffffff810816b8>] ? lock_release_holdtime.part.6+0xa1/0xa6
[  149.624988]  [<ffffffff8191854d>] _raw_spin_lock+0x45/0x78
[  149.624988]  [<ffffffff813f2042>] ? __blk_mq_run_hw_queue+0x8d/0x385
[  149.624988]  [<ffffffff81918eef>] ? _raw_spin_unlock+0x29/0x3d
[  149.624988]  [<ffffffff813f2042>] __blk_mq_run_hw_queue+0x8d/0x385
[  149.624988]  [<ffffffff813f2ae7>] ? blk_mq_make_request+0x389/0x458
[  149.624988]  [<ffffffff813f2745>] blk_mq_run_hw_queue+0x1e/0x37
[  149.624988]  [<ffffffff813f2b02>] blk_mq_make_request+0x3a4/0x458
[  149.624988]  [<ffffffff813e96ae>] generic_make_request+0x9f/0xe0
[  149.624988]  [<ffffffff813e97e4>] submit_bio+0xf5/0x113
[  149.624988]  [<ffffffff811409b2>] _submit_bh+0x1b0/0x1d1
[  149.624988]  [<ffffffff811409e3>] submit_bh+0x10/0x12
[  149.624988]  [<ffffffff811434ba>] block_read_full_page+0x255/0x271
[  149.624988]  [<ffffffff811461b9>] ? I_BDEV+0xd/0xd
[  149.624988]  [<ffffffff810d7e7b>] ? add_to_page_cache_locked+0xb5/0x13e
[  149.624988]  [<ffffffff81146745>] ? blkdev_write_begin+0x25/0x25
[  149.624988]  [<ffffffff8114675d>] blkdev_readpage+0x18/0x1a
[  149.624988]  [<ffffffff810d7fd2>] do_read_cache_page+0x90/0x15d
[  149.624988]  [<ffffffff813fb33d>] ? efi_partition+0xce/0x53d
[  149.624988]  [<ffffffff810d80e3>] read_cache_page_async+0x1c/0x1e
[  149.624988]  [<ffffffff810d80f3>] read_cache_page+0xe/0x18
[  149.624988]  [<ffffffff813f8210>] read_dev_sector+0x30/0x8a
[  149.624988]  [<ffffffff813fadd4>] read_lba+0x9e/0x106
[  149.624988]  [<ffffffff813fb35e>] efi_partition+0xef/0x53d
[  149.624988]  [<ffffffff8140bdbc>] ? snprintf+0x34/0x36
[  149.624988]  [<ffffffff813f923f>] check_partition+0x114/0x1c1
[  149.624988]  [<ffffffff813f8e7f>] rescan_partitions+0xa6/0x2a7
[  149.624988]  [<ffffffff81918eef>] ? _raw_spin_unlock+0x29/0x3d
[  149.624988]  [<ffffffff811475c1>] __blkdev_get+0x17d/0x3b9
[  149.624988]  [<ffffffff8112de6c>] ? unlock_new_inode+0x61/0x66
[  149.624988]  [<ffffffff8114798c>] blkdev_get+0x18f/0x30a
[  149.624988]  [<ffffffff8112de6c>] ? unlock_new_inode+0x61/0x66
[  149.624988]  [<ffffffff8114663d>] ? bdget+0x121/0x131
[  149.624988]  [<ffffffff814e3f8e>] ? put_device+0x17/0x19
[  149.624988]  [<ffffffff813f6b28>] add_disk+0x2de/0x452
[  149.624988]  [<ffffffff81496b0e>] ? vp_get+0x4b/0x5f
[  149.624988]  [<ffffffff814f89ea>] virtblk_probe+0x4d5/0x5d9
[  149.624988]  [<ffffffff814e7cfb>] ? driver_probe_device+0x1bd/0x1bd
[  149.624988]  [<ffffffff81494dff>] virtio_dev_probe+0xba/0xf9
[  149.624988]  [<ffffffff814e7bdd>] driver_probe_device+0x9f/0x1bd
[  149.624988]  [<ffffffff814e7d5d>] __driver_attach+0x62/0x85
[  149.624988]  [<ffffffff810645dd>] ? local_clock+0xf/0x3c
[  149.624988]  [<ffffffff814e6198>] bus_for_each_dev+0x5c/0x8e
[  149.624988]  [<ffffffff814e774b>] driver_attach+0x1e/0x20
[  149.624988]  [<ffffffff814e7316>] bus_add_driver+0xf0/0x214
[  149.624988]  [<ffffffff810645dd>] ? local_clock+0xf/0x3c
[  149.624988]  [<ffffffff814e831c>] driver_register+0x93/0x119
[  149.624988]  [<ffffffff820d022c>] ? loop_init+0x147/0x147
[  149.624988]  [<ffffffff81494fa7>] register_virtio_driver+0x2b/0x30
[  149.624988]  [<ffffffff820d0280>] init+0x54/0x8b
[  149.624988]  [<ffffffff8100026d>] do_one_initcall+0x80/0x117
[  149.624988]  [<ffffffff8208fdbb>] kernel_init_freeable+0x13c/0x1cb
[  149.624988]  [<ffffffff8208f6bb>] ? do_early_param+0x8d/0x8d
[  149.624988]  [<ffffffff818f7354>] ? rest_init+0xd8/0xd8
[  149.624988]  [<ffffffff818f7362>] kernel_init+0xe/0xd1
[  149.624988]  [<ffffffff819203dc>] ret_from_fork+0x7c/0xb0
[  149.624988]  [<ffffffff818f7354>] ? rest_init+0xd8/0xd8
[  149.757670] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
[  149.760321] IP: [<ffffffff813f2057>] __blk_mq_run_hw_queue+0xa2/0x385
[  149.760687] PGD 0 
[  149.760687] Oops: 0002 [#1] SMP DEBUG_PAGEALLOC
[  149.760687] Modules linked in:
[  149.760687] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.10.0-rc3-00011-g5754ab5 #131
[  149.760687] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
[  149.760687] task: ffff88001ed18000 ti: ffff88001ed12000 task.ti: ffff88001ed12000
[  149.760687] RIP: 0010:[<ffffffff813f2057>]  [<ffffffff813f2057>] __blk_mq_run_hw_queue+0xa2/0x385
[  149.760687] RSP: 0018:ffff88001ed135f8  EFLAGS: 00000217
[  149.760687] RAX: ffff88001f3db148 RBX: ffff88001f3db100 RCX: 0000000081030100
[  149.760687] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88001a6db200
[  149.760687] RBP: ffff88001ed13678 R08: 0000000000000002 R09: 0000000000000000
[  149.760687] R10: 0000000000000000 R11: ffff88001ec18000 R12: 0000000000000001
[  149.760687] R13: ffff88001ed13638 R14: ffff88001a63ca90 R15: ffff88001a63ca90
[  149.760687] FS:  0000000000000000(0000) GS:ffff88001f000000(0000) knlGS:0000000000000000
[  149.760687] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[  149.760687] CR2: 0000000000000008 CR3: 0000000001dbf000 CR4: 00000000000006f0
[  149.760687] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  149.760687] DR3: 0000000000000000 DR6: 0000000000000000 DR7: 0000000000000000
[  149.760687] Stack:
[  149.760687]  ffff88001ed18000 ffff88001ed18758 ffff88001ed13628 ffff88001a622928
[  149.760687]  ffff88001ed18000 ffffffff813f2ae7 ffff88001ed13668 0000000000000246
[  149.760687]  ffff88001a6db200 ffff88001a6db200 ffff88001a622928 ffff88001a6db200
[  149.760687] Call Trace:
[  149.760687]  [<ffffffff813f2ae7>] ? blk_mq_make_request+0x389/0x458
[  149.760687]  [<ffffffff813f2745>] blk_mq_run_hw_queue+0x1e/0x37
[  149.760687]  [<ffffffff813f2b02>] blk_mq_make_request+0x3a4/0x458
[  149.760687]  [<ffffffff813e96ae>] generic_make_request+0x9f/0xe0
[  149.760687]  [<ffffffff813e97e4>] submit_bio+0xf5/0x113
[  149.760687]  [<ffffffff811409b2>] _submit_bh+0x1b0/0x1d1
[  149.760687]  [<ffffffff811409e3>] submit_bh+0x10/0x12
[  149.760687]  [<ffffffff811434ba>] block_read_full_page+0x255/0x271
[  149.760687]  [<ffffffff811461b9>] ? I_BDEV+0xd/0xd
[  149.760687]  [<ffffffff810d7e7b>] ? add_to_page_cache_locked+0xb5/0x13e
[  149.760687]  [<ffffffff81146745>] ? blkdev_write_begin+0x25/0x25
[  149.760687]  [<ffffffff8114675d>] blkdev_readpage+0x18/0x1a
[  149.760687]  [<ffffffff810d7fd2>] do_read_cache_page+0x90/0x15d
[  149.760687]  [<ffffffff813fb33d>] ? efi_partition+0xce/0x53d
[  149.760687]  [<ffffffff810d80e3>] read_cache_page_async+0x1c/0x1e
[  149.760687]  [<ffffffff810d80f3>] read_cache_page+0xe/0x18
[  149.760687]  [<ffffffff813f8210>] read_dev_sector+0x30/0x8a
[  149.760687]  [<ffffffff813fadd4>] read_lba+0x9e/0x106
[  149.760687]  [<ffffffff813fb35e>] efi_partition+0xef/0x53d
[  149.760687]  [<ffffffff8140bdbc>] ? snprintf+0x34/0x36
[  149.760687]  [<ffffffff813f923f>] check_partition+0x114/0x1c1
[  149.760687]  [<ffffffff813f8e7f>] rescan_partitions+0xa6/0x2a7
[  149.760687]  [<ffffffff81918eef>] ? _raw_spin_unlock+0x29/0x3d
[  149.760687]  [<ffffffff811475c1>] __blkdev_get+0x17d/0x3b9
[  149.760687]  [<ffffffff8112de6c>] ? unlock_new_inode+0x61/0x66
[  149.760687]  [<ffffffff8114798c>] blkdev_get+0x18f/0x30a
[  149.760687]  [<ffffffff8112de6c>] ? unlock_new_inode+0x61/0x66
[  149.760687]  [<ffffffff8114663d>] ? bdget+0x121/0x131
[  149.760687]  [<ffffffff814e3f8e>] ? put_device+0x17/0x19
[  149.760687]  [<ffffffff813f6b28>] add_disk+0x2de/0x452
[  149.760687]  [<ffffffff81496b0e>] ? vp_get+0x4b/0x5f
[  149.760687]  [<ffffffff814f89ea>] virtblk_probe+0x4d5/0x5d9
[  149.760687]  [<ffffffff814e7cfb>] ? driver_probe_device+0x1bd/0x1bd
[  149.760687]  [<ffffffff81494dff>] virtio_dev_probe+0xba/0xf9
[  149.760687]  [<ffffffff814e7bdd>] driver_probe_device+0x9f/0x1bd
[  149.760687]  [<ffffffff814e7d5d>] __driver_attach+0x62/0x85
[  149.760687]  [<ffffffff810645dd>] ? local_clock+0xf/0x3c
[  149.760687]  [<ffffffff814e6198>] bus_for_each_dev+0x5c/0x8e
[  149.760687]  [<ffffffff814e774b>] driver_attach+0x1e/0x20
[  149.760687]  [<ffffffff814e7316>] bus_add_driver+0xf0/0x214
[  149.760687]  [<ffffffff810645dd>] ? local_clock+0xf/0x3c
[  149.760687]  [<ffffffff814e831c>] driver_register+0x93/0x119
[  149.760687]  [<ffffffff820d022c>] ? loop_init+0x147/0x147
[  149.760687]  [<ffffffff81494fa7>] register_virtio_driver+0x2b/0x30
[  149.760687]  [<ffffffff820d0280>] init+0x54/0x8b
[  149.760687]  [<ffffffff8100026d>] do_one_initcall+0x80/0x117
[  149.760687]  [<ffffffff8208fdbb>] kernel_init_freeable+0x13c/0x1cb
[  149.760687]  [<ffffffff8208f6bb>] ? do_early_param+0x8d/0x8d
[  149.760687]  [<ffffffff818f7354>] ? rest_init+0xd8/0xd8
[  149.760687]  [<ffffffff818f7362>] kernel_init+0xe/0xd1
[  149.760687]  [<ffffffff819203dc>] ret_from_fork+0x7c/0xb0
[  149.760687]  [<ffffffff818f7354>] ? rest_init+0xd8/0xd8
[  149.760687] Code: 8b 1c d0 44 3b a3 84 00 00 00 74 02 0f 0b 48 89 df e8 c6 64 52 00 48 8b 53 48 48 8d 43 48 48 39 c2 74 1e 48 8b 73 50 48 8b 7d c8 <48> 89 7a 08 48 89 17 4c 89 2e 48 89 75 c8 48 89 43 48 48 89 43 
[  149.760687] RIP  [<ffffffff813f2057>] __blk_mq_run_hw_queue+0xa2/0x385
[  149.760687]  RSP <ffff88001ed135f8>
[  149.760687] CR2: 0000000000000008
[  149.926999] ---[ end trace f8fe103d2042a563 ]---
[  149.929737] note: swapper/0[1] exited with preempt_count 1
[  149.931874] swapper/0 (1) used greatest stack depth: 3008 bytes left
[  149.935558] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[  149.935558] 
[  149.938531] Rebooting in 10 seconds..
BUG: kernel boot crashed
Elapsed time: 190

View attachment "dmesg-kvm-ant-25454-20130613012427-3.10.0-rc3-00011-g5754ab5-131" of type "text/plain" (42531 bytes)

View attachment "dmesg-kvm-ant-25454-20130613013001-3.10.0-rc3-00011-g5754ab5-131" of type "text/plain" (42776 bytes)

View attachment "dmesg-kvm-ant-25539-20130613013003-3.10.0-rc3-00011-g5754ab5-131" of type "text/plain" (42703 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ