lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 24 Jul 2019 10:43:13 +0300
From:   Nikolay Borisov <nborisov@...e.com>
To:     Christoph Hellwig <hch@....de>
Cc:     LKML <linux-kernel@...r.kernel.org>
Subject: 5.3-rc1 BUGS in dma_addressing_limited

Hello Christoph, 

5.3-rc1 crashes for me when run in qemu with scsi disks. 
Quick investigation shows that the following triggers a BUG_ON: 

diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h
index e11b115dd0e4..4465e352b8dd 100644
--- a/include/linux/dma-mapping.h
+++ b/include/linux/dma-mapping.h
@@ -689,6 +689,7 @@ static inline int dma_coerce_mask_and_coherent(struct device *dev, u64 mask)
  */
 static inline bool dma_addressing_limited(struct device *dev)
 {
+       BUG_ON(!(dev->dma_mask));
        return min_not_zero(*dev->dma_mask, dev->bus_dma_mask) <
                dma_get_required_mask(dev);


Otherwise here is what the real backtrace looks like: 

[    5.387839] scsi host0: Virtio SCSI HBA
[    5.389860] BUG: kernel NULL pointer dereference, address: 0000000000000000
[    5.390217] #PF: supervisor read access in kernel mode
[    5.390520] #PF: error_code(0x0000) - not-present page
[    5.390813] PGD 0 P4D 0 
[    5.391007] Oops: 0000 [#1] SMP
[    5.391007] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 5.3.0-rc1-default #578
[    5.391007] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[    5.391007] RIP: 0010:dma_direct_max_mapping_size+0x21/0x80
[    5.391007] Code: 0f b6 c0 c3 0f 1f 44 00 00 0f 1f 44 00 00 55 53 48 89 fb e8 f1 0e 00 00 84 c0 74 42 48 8b 83 e8 01 00 00 48 8b ab f8 01 00 00 <48> 8b 00 48 85 c0 74 0c 48 85 ed 74 31 48 39 c5 48 0f 47 e8 48 89
[    5.391007] RSP: 0000:ffffb0edc0013ac0 EFLAGS: 00010202
[    5.391007] RAX: 0000000000000000 RBX: ffff9216f9d8b838 RCX: 0000000000000000
[    5.391007] RDX: 0000000000000000 RSI: 000000000000007e RDI: ffff9216f9d8b838
[    5.391007] RBP: 0000000000000000 R08: 0000000249ffd97b R09: 0000000000000001
[    5.391007] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9216f9d8b838
[    5.391007] R13: 000000000000ffff R14: ffff9216f7348580 R15: 0000000000000000
[    5.391007] FS:  0000000000000000(0000) GS:ffff9216fba00000(0000) knlGS:0000000000000000
[    5.391007] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    5.391007] CR2: 0000000000000000 CR3: 000000007a211000 CR4: 00000000000006e0
[    5.391007] Call Trace:
[    5.391007]  __scsi_init_queue+0x75/0x130
[    5.391007]  scsi_mq_alloc_queue+0x34/0x50
[    5.391007]  scsi_alloc_sdev+0x232/0x300
[    5.391007]  scsi_probe_and_add_lun+0x482/0xda0
[    5.391007]  ? scsi_alloc_target+0x282/0x340
[    5.391007]  __scsi_scan_target+0xe6/0x610
[    5.391007]  ? sched_clock_local+0x12/0x80
[    5.391007]  ? sched_clock_cpu+0x94/0xc0
[    5.391007]  scsi_scan_channel.part.15+0x55/0x70
[    5.391007]  scsi_scan_host_selected+0xd7/0x180
[    5.391007]  virtscsi_probe+0x6f6/0x710
[    5.391007]  ? msi_get_domain_info+0x10/0x10
[    5.391007]  virtio_dev_probe+0x147/0x1d0
[    5.391007]  really_probe+0xd6/0x3b0
[    5.391007]  ? set_debug_rodata+0x11/0x11
[    5.391007]  device_driver_attach+0x4f/0x60
[    5.391007]  __driver_attach+0x99/0x130
[    5.391007]  ? device_driver_attach+0x60/0x60
[    5.391007]  bus_for_each_dev+0x76/0xc0
[    5.391007]  bus_add_driver+0x144/0x220
[    5.391007]  ? sym2_init+0xf6/0xf6
[    5.391007]  driver_register+0x5b/0xe0
[    5.391007]  ? sym2_init+0xf6/0xf6
[    5.391007]  init+0x86/0xcc
[    5.391007]  do_one_initcall+0x5a/0x2d4
[    5.391007]  ? set_debug_rodata+0x11/0x11
[    5.391007]  ? rcu_read_lock_sched_held+0x74/0x80
[    5.391007]  kernel_init_freeable+0x139/0x1c9
[    5.391007]  ? rest_init+0x260/0x260
[    5.391007]  kernel_init+0xa/0x100
[    5.391007]  ret_from_fork+0x24/0x30
[    5.391007] Modules linked in:
[    5.391007] CR2: 0000000000000000
[    5.391007] ---[ end trace 03e50b8909d2f2e5 ]---
[    5.391007] RIP: 0010:dma_direct_max_mapping_size+0x21/0x80
[    5.391007] Code: 0f b6 c0 c3 0f 1f 44 00 00 0f 1f 44 00 00 55 53 48 89 fb e8 f1 0e 00 00 84 c0 74 42 48 8b 83 e8 01 00 00 48 8b ab f8 01 00 00 <48> 8b 00 48 85 c0 74 0c 48 85 ed 74 31 48 39 c5 48 0f 47 e8 48 89
[    5.391007] RSP: 0000:ffffb0edc0013ac0 EFLAGS: 00010202
[    5.391007] RAX: 0000000000000000 RBX: ffff9216f9d8b838 RCX: 0000000000000000
[    5.391007] RDX: 0000000000000000 RSI: 000000000000007e RDI: ffff9216f9d8b838
[    5.391007] RBP: 0000000000000000 R08: 0000000249ffd97b R09: 0000000000000001
[    5.391007] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9216f9d8b838
[    5.391007] R13: 000000000000ffff R14: ffff9216f7348580 R15: 0000000000000000
[    5.391007] FS:  0000000000000000(0000) GS:ffff9216fba00000(0000) knlGS:0000000000000000
[    5.391007] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    5.391007] CR2: 0000000000000000 CR3: 000000007a211000 CR4: 00000000000006e0
[    5.391007] BUG: sleeping function called from invalid context at ./include/linux/percpu-rwsem.h:38
[    5.391007] in_atomic(): 0, irqs_disabled(): 1, pid: 1, name: swapper/0
[    5.391007] INFO: lockdep is turned off.
[    5.391007] irq event stamp: 13427044
[    5.391007] hardirqs last  enabled at (13427043): [<ffffffff92215b9b>] __slab_alloc+0x4b/0x80
[    5.391007] hardirqs last disabled at (13427044): [<ffffffff92001a4a>] trace_hardirqs_off_thunk+0x1a/0x20
[    5.391007] softirqs last  enabled at (13425414): [<ffffffff92c0032c>] __do_softirq+0x32c/0x430
[    5.391007] softirqs last disabled at (13425375): [<ffffffff9206fc03>] irq_exit+0xb3/0xc0
[    5.391007] CPU: 3 PID: 1 Comm: swapper/0 Tainted: G      D           5.3.0-rc1-default #578
[    5.391007] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
[    5.391007] Call Trace:
[    5.391007]  dump_stack+0x67/0x9b
[    5.391007]  ___might_sleep+0x152/0x240
[    5.391007]  exit_signals+0x30/0x320
[    5.391007]  do_exit+0xb8/0xca0
[    5.391007]  rewind_stack_do_exit+0x17/0x20
[    5.419466] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009
[    5.420114] Kernel Offset: 0x11000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[    5.420667] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000009 ]---

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ