lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 4 Sep 2015 19:17:01 +0100
From:	"Richard W.M. Jones" <rjones@...hat.com>
To:	Tejun Heo <tj@...nel.org>
Cc:	Josh Boyer <jwboyer@...oraproject.org>,
	Jeff Moyer <jmoyer@...hat.com>, msnitzer@...hat.com,
	Li Zefan <lizefan@...wei.com>,
	Johannes Weiner <hannes@...xchg.org>, cgroups@...r.kernel.org,
	"Linux-Kernel@...r. Kernel. Org" <linux-kernel@...r.kernel.org>
Subject: Re: __blkg_lookup oops with 4.2-rcX

On Fri, Sep 04, 2015 at 01:13:02PM -0400, Tejun Heo wrote:
> > [    6.784689] BUG: unable to handle kernel NULL pointer dereference at 0000000000000bb8
> > [    6.787605] IP: [<ffffffff814107a0>] blk_throtl_drain+0x80/0x220
> 
> The only struct which is large enough for 0xbb8 offset is
> request_queue.  Hmm.... can you please try the brute force debug patch
> below and report the kernel log after the crash?

I'll test your patch very soon, after I've recompiled the kernel with it.

I just wanted to say that I was working on a better reproducer using a
newer kernel, and now I have got one.  It is this:

  guestfish -v -x <<EOF
    disk-create test1.img raw 500M
    add-drive test1.img format:raw cachemode:unsafe
    run
    part-disk /dev/sda mbr
    pvcreate /dev/sda1
    vgcreate VG /dev/sda1
    lvcreate LV1 VG 50
    lvcreate LV2 VG 50
    lvremove /dev/VG/LV1
  EOF

The output of this command (when it fails, which is not 100% reliably,
but is probably > 50%) is attached.

To explain what the command above does:

(1) It creates a 500 MB sparse file called 'test1.img'.

(2) It creates a small, short-lived VM, using qemu, adding 'test1.img'
to the qemu command line.  Setting 'cachemode:unsafe' seems to be
either important, or makes the bug reproduce much more often.  This
corresponds to the qemu option '-drive file=test1.img,cache=unsafe'
and should be below the level that the kernel sees, so should make no
difference.

(3) It boots the VM.

(4) It runs some parted and LVM commands -- see the attached log file
for precisely what commands are run.

(5) The final command (lvremove) fails, with the stacktrace seen in
the attachment.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/

View attachment "log" of type "text/plain" (63995 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ