lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150402004836.GB12979@wfg-t540p.sh.intel.com>
Date:	Thu, 2 Apr 2015 08:48:36 +0800
From:	Fengguang Wu <fengguang.wu@...el.com>
To:	Tejun Heo <tj@...nel.org>
Cc:	fengguang.wu@...el.com, LKP <lkp@...org>,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: [writeback, blkcg] BUG: unable to handle kernel NULL pointer
 dereference at 0000000000000030

Hi Tejun,

0day kernel testing robot got the below dmesg and the first bad commit is

git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git review-cgroup-writeback-switch-20150331

commit 0f911cac330baced0d2ad971315605599a896c66
Author:     Tejun Heo <tj@...nel.org>
AuthorDate: Tue Mar 31 11:17:41 2015 -0400
Commit:     Tejun Heo <tj@...nel.org>
CommitDate: Tue Mar 31 11:17:41 2015 -0400

    writeback, blkcg: restructure blk_{set|clear}_queue_congested()
    
    blk_{set|clear}_queue_congested() take @q and set or clear,
    respectively, the congestion state of its bdi's root wb.  Because bdi
    used to be able to handle congestion state only on the root wb, the
    callers of those functions tested whether the congestion is on the
    root blkcg and skipped if not.
    
    This is cumbersome and makes implementation of per cgroup
    bdi_writeback congestion state propagation difficult.  This patch
    renames blk_{set|clear}_queue_congested() to
    blk_{set|clear}_congested(), and makes them take request_list instead
    of request_queue and test whether the specified request_list is the
    root one before updating bdi_writeback congestion state.  This makes
    the tests in the callers unnecessary and simplifies them.
    
    As there are no external users of these functions, the definitions are
    moved from include/linux/blkdev.h to block/blk-core.c.
    
    This patch doesn't introduce any noticeable behavior difference.
    
    Signed-off-by: Tejun Heo <tj@...nel.org>
    Cc: Jens Axboe <axboe@...nel.dk>
    Cc: Jan Kara <jack@...e.cz>
    Cc: Vivek Goyal <vgoyal@...hat.com>

[    8.872697] ide_generic: please use "probe_mask=0x3f" module parameter for probing all legacy ISA IDE ports
[    8.873577] ide-gd driver 1.18
[    8.873883] ide-cd driver 5.00
[    8.874369] BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
[    8.875106] IP: [<ffffffff878166a1>] blk_clear_congested+0x14/0x1f
[    8.875677] PGD 0 
[    8.875882] Oops: 0000 [#1] 
[    8.876160] CPU: 0 PID: 1 Comm: swapper Not tainted 4.0.0-rc3-00183-g0f911ca #4
[    8.876814] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[    8.876904] task: ffff88000f846010 ti: ffff88000f860000 task.ti: ffff88000f860000
[    8.876904] RIP: 0010:[<ffffffff878166a1>]  [<ffffffff878166a1>] blk_clear_congested+0x14/0x1f
[    8.876904] RSP: 0018:ffff88000f863a58  EFLAGS: 00010046
[    8.876904] RAX: 0000000000000000 RBX: ffff88000e0c0038 RCX: 0000000000000000
[    8.876904] RDX: ffff88000e0c0008 RSI: 0000000000000001 RDI: ffff88000e0c0038
[    8.876904] RBP: ffff88000f863a58 R08: ffff88000e0ece70 R09: ffff88000e0c0648
[    8.876904] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
[    8.876904] R13: 0000000000000001 R14: ffff88000e0c0008 R15: ffff88000e0c003c
[    8.876904] FS:  0000000000000000(0000) GS:ffffffff88885000(0000) knlGS:0000000000000000
[    8.876904] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    8.876904] CR2: 0000000000000030 CR3: 000000000e5e6000 CR4: 00000000001406b0
[    8.876904] Stack:
[    8.876904]  ffff88000f863a98 ffffffff878166df ffff88000e0c0008 000000000e0ecd00
[    8.876904]  ffff88000e0c0038 000000002c0a0000 ffff88000e0e1800 ffff88000f863b60
[    8.876904]  ffff88000f863ab8 ffffffff87816775 ffff88000e0ecd00 ffff88000e0c0038
[    8.876904] Call Trace:
[    8.876904]  [<ffffffff878166df>] __freed_request+0x33/0x88
[    8.876904]  [<ffffffff87816775>] freed_request+0x41/0x60
[    8.876904]  [<ffffffff8781801b>] __blk_put_request+0xf4/0x158
[    8.876904]  [<ffffffff878180ad>] ? blk_put_request+0x2e/0x53
[    8.876904]  [<ffffffff878180bb>] blk_put_request+0x3c/0x53
[    8.876904]  [<ffffffff87bde64d>] ide_cd_queue_pc+0x14b/0x1cf
[    8.876904]  [<ffffffff87bdfc1d>] ide_cdrom_packet+0x75/0x8a
[    8.876904]  [<ffffffff87d8edc2>] cdrom_mode_sense+0x3f/0x41
[    8.876904]  [<ffffffff87bded2d>] ide_cdrom_get_capabilities+0x60/0x85
[    8.876904]  [<ffffffff87bdf085>] ide_cd_probe+0x2e5/0x644
[    8.876904]  [<ffffffff87bcc150>] generic_ide_probe+0x25/0x27
[    8.876904]  [<ffffffff87b565f7>] driver_probe_device+0xa5/0x1dc
[    8.876904]  [<ffffffff87b567c3>] __driver_attach+0x5d/0x80
[    8.876904]  [<ffffffff87b56766>] ? __device_attach+0x38/0x38
[    8.876904]  [<ffffffff87b54ef0>] bus_for_each_dev+0x6a/0x84
[    8.876904]  [<ffffffff87b56894>] driver_attach+0x19/0x1b
[    8.876904]  [<ffffffff87b556fd>] bus_add_driver+0xfa/0x1b9
[    8.876904]  [<ffffffff87b56e85>] driver_register+0x8a/0xc7
[    8.876904]  [<ffffffff8749de40>] ? up+0x34/0x39
[    8.876904]  [<ffffffff88a640d7>] ? ide_gd_init+0x20/0x20
[    8.876904]  [<ffffffff88a640f5>] ide_cdrom_init+0x1e/0x20
[    8.876904]  [<ffffffff88a32fe2>] do_one_initcall+0x187/0x19c
[    8.876904]  [<ffffffff88a331af>] kernel_init_freeable+0x1b8/0x240
[    8.876904]  [<ffffffff881c0575>] ? rest_init+0xbd/0xbd
[    8.876904]  [<ffffffff881c057e>] kernel_init+0x9/0xd0
[    8.876904]  [<ffffffff881dc057>] ret_from_fork+0x57/0x90
[    8.876904]  [<ffffffff881c0575>] ? rest_init+0xbd/0xbd
[    8.876904] Code: 39 c7 75 12 55 48 8b 47 08 48 89 e5 48 8b 78 30 e8 85 89 cd ff 5d c3 48 8b 07 48 83 c0 30 48 39 c7 75 12 55 48 8b 47 08 48 89 e5 <48> 8b 78 30 e8 13 89 cd ff 5d c3 55 48 89 e5 41 57 41 56 41 55 
[    8.876904] RIP  [<ffffffff878166a1>] blk_clear_congested+0x14/0x1f
[    8.876904]  RSP <ffff88000f863a58>
[    8.876904] CR2: 0000000000000030
[    8.876904] ---[ end trace d876994dcac9f20d ]---
[    8.876904] Kernel panic - not syncing: Fatal exception

git bisect start 25619ce57ce32056f04dc94d2ca9616086ea556a bfd343aa1718457d34b99ce6573085ac340da288 --
git bisect good 1e97d54bc15719c83a4efdc3a7cf64799a4b5c61  # 02:14     20+      0  writeback: attribute stats to the matching per-cgroup bdi_writeback
git bisect  bad 1cdaff3d28513fb6560a4cd9e6ad595c81121b3f  # 02:21      0-     11  writeback: remove bdi_start_writeback()
git bisect  bad a600b61c3a1ad718ca61a61aa97e9063a6568732  # 02:29      0-      1  writeback: implement WB_has_dirty_io wb_state flag
git bisect  bad 0f911cac330baced0d2ad971315605599a896c66  # 02:35      0-      1  writeback, blkcg: restructure blk_{set|clear}_queue_congested()
git bisect good 28686ed7fe7bdcf252f33ccae4bac216ab3464f9  # 02:44     20+      0  writeback: let balance_dirty_pages() work on the matching cgroup bdi_writeback
git bisect good 5c8b6a37e1f13f6368b5a959090fd461d7c12621  # 02:54     20+      0  writeback: make congestion functions per bdi_writeback
# first bad commit: [0f911cac330baced0d2ad971315605599a896c66] writeback, blkcg: restructure blk_{set|clear}_queue_congested()
git bisect good 5c8b6a37e1f13f6368b5a959090fd461d7c12621  # 03:33     60+      0  writeback: make congestion functions per bdi_writeback
# extra tests with DEBUG_INFO
git bisect good 0f911cac330baced0d2ad971315605599a896c66  # 03:52     60+      0  writeback, blkcg: restructure blk_{set|clear}_queue_congested()
# extra tests on HEAD of cgroup/review-cgroup-writeback-20150331
git bisect  bad 25619ce57ce32056f04dc94d2ca9616086ea556a  # 03:52      0-     12  ext2: enable cgroup writeback support
# extra tests on tree/branch cgroup/review-cgroup-writeback-switch-20150331
git bisect  bad 321229b3c2e4c76e8059f3c4061b9357c21bc2f1  # 04:04      0-      2  writeback: disassociate inodes from dying bdi_writebacks
# extra tests on tree/branch linus/master
git bisect good 6c310bc1acdd02110182a2ec6efa3e7571a3b80c  # 06:01     60+      0  Merge tag 'locks-v4.0-5' of git://git.samba.org/jlayton/linux
# extra tests on tree/branch next/master
git bisect good b448f49ac6731dc0dcda6848b696c49785a6b65f  # 08:56     60+      0  Add linux-next specific files for 20150331


This script may reproduce the error.

----------------------------------------------------------------------------
#!/bin/bash

kernel=$1
initrd=yocto-minimal-x86_64.cgz

wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd

kvm=(
	qemu-system-x86_64
	-enable-kvm
	-cpu Haswell,+smep,+smap
	-kernel $kernel
	-initrd $initrd
	-m 256
	-smp 1
	-device e1000,netdev=net0
	-netdev user,id=net0
	-boot order=nc
	-no-reboot
	-watchdog i6300esb
	-rtc base=localtime
	-serial stdio
	-display none
	-monitor null 
)

append=(
	hung_task_panic=1
	earlyprintk=ttyS0,115200
	rd.udev.log-priority=err
	systemd.log_target=journal
	systemd.log_level=warning
	debug
	apic=debug
	sysrq_always_enabled
	rcupdate.rcu_cpu_stall_timeout=100
	panic=-1
	softlockup_panic=1
	nmi_watchdog=panic
	oops=panic
	load_ramdisk=2
	prompt_ramdisk=0
	console=ttyS0,115200
	console=tty0
	vga=normal
	root=/dev/ram0
	rw
	drbd.minor_count=8
)

"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------

Thanks,
Fengguang

View attachment "dmesg-yocto-ivb41-2:20150401023338:x86_64-randconfig-c2-0331:4.0.0-rc3-00183-g0f911ca:4" of type "text/plain" (37131 bytes)

View attachment "config-4.0.0-rc3-00183-g0f911ca" of type "text/plain" (103196 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ