Re: NULL deref around xfs in v4.0-rc1ârc7

From: Jan Engelhardt
Date: Wed Apr 08 2015 - 11:20:29 EST

Next message: Dan Carpenter: "Re: [alsa-devel] Audio Jack Out does not work"
Previous message: tip-bot for Jiri Olsa: "[tip:perf/core] perf tools: Add 'I' event modifier for exclude_idle bit"
In reply to: Jan Engelhardt: "NULL deref around xfs in v4.0-rc1ârc7"
Next in thread: Linus Torvalds: "Re: NULL deref around xfs in v4.0-rc1ârc7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday 2015-04-08 15:41, Jan Engelhardt wrote:

>Starting somewhere around v4.0-rc1 and persisting through commit
>v4.0-rc7, there is a new NULL deference apparently happening in
>conjunction with xfs. This inhibits this machine's booting,
>as xfs is used for the root filesystem.
>
>First bisection points at first-bad commit v4.0-rc1~8, and since that is
>a merge commit, I'll be investigating some more hand-chosen commits (and
>then people to Cc) as we speak.

I reran bisect just to be sure.
It now shows v4.0-rc1~9 is bad, v4.0-rc1~9^1 is ok, and v4.0-rc~9^2 is
ok too. So this means that the combination of the both ~9 childs work
badly together.

# good: [2bfedd1d9f470506d98cb5662ced381c38225968] Merge branch 'for-linus' of git://git.kernel.dk/linux-block
git bisect good 2bfedd1d9f470506d98cb5662ced381c38225968
# bad: [cd50b70ccd5c87794ec28bfb87b7fba9961eb0ae] Merge tag 'pm+acpi-3.20-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
git bisect bad cd50b70ccd5c87794ec28bfb87b7fba9961eb0ae
# good: [9d0de5a63a4a22abfd2bd70694a610d18350cf87] Merge branches 'acpi-ec', 'acpi-soc', 'acpi-video' and 'acpi-resources'
git bisect good 9d0de5a63a4a22abfd2bd70694a610d18350cf87
# good: [67fadaa2768716209ee19a8b8bf05bc3ac399445] cpufreq: s3c: remove last use of resume_clocks callback
git bisect good 67fadaa2768716209ee19a8b8bf05bc3ac399445
# good: [70734a786acfd1998e47d40df19cba5c29469bdf] cpuidle: powernv: Avoid endianness conversions while parsing DT
git bisect good 70734a786acfd1998e47d40df19cba5c29469bdf
# good: [3466b547e37b988723dc93465b7cb06b4b1f731f] Merge branches 'pnp', 'pm-cpuidle' and 'pm-cpufreq'
git bisect good 3466b547e37b988723dc93465b7cb06b4b1f731f
# first bad commit: [cd50b70ccd5c87794ec28bfb87b7fba9961eb0ae] Merge tag 'pm+acpi-3.20-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
# good: [2bfedd1d9f470506d98cb5662ced381c38225968] Merge branch 'for-linus' of git://git.kernel.dk/linux-block
git bisect good 2bfedd1d9f470506d98cb5662ced381c38225968
# bad: [cd50b70ccd5c87794ec28bfb87b7fba9961eb0ae] Merge tag 'pm+acpi-3.20-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
git bisect bad cd50b70ccd5c87794ec28bfb87b7fba9961eb0ae
# good: [9d0de5a63a4a22abfd2bd70694a610d18350cf87] Merge branches 'acpi-ec', 'acpi-soc', 'acpi-video' and 'acpi-resources'
git bisect good 9d0de5a63a4a22abfd2bd70694a610d18350cf87
# good: [67fadaa2768716209ee19a8b8bf05bc3ac399445] cpufreq: s3c: remove last use of resume_clocks callback
git bisect good 67fadaa2768716209ee19a8b8bf05bc3ac399445
# good: [70734a786acfd1998e47d40df19cba5c29469bdf] cpuidle: powernv: Avoid endianness conversions while parsing DT
git bisect good 70734a786acfd1998e47d40df19cba5c29469bdf
# good: [3466b547e37b988723dc93465b7cb06b4b1f731f] Merge branches 'pnp', 'pm-cpuidle' and 'pm-cpufreq'
git bisect good 3466b547e37b988723dc93465b7cb06b4b1f731f
# first bad commit: [cd50b70ccd5c87794ec28bfb87b7fba9961eb0ae] Merge tag 'pm+acpi-3.20-rc1-3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

BUG: unable to handle kernel paging request at 0000000000001000
IP: [<ffffffff81269d9e>] scsi_init_cmd_errh+0x26/0x5d
PGD 0
Oops: 0002 [#1] SMP
Modules linked in: xfs crc32c_generic libcrc32c dm_crypt xts gf128mul algif_skcipher af_alg sd_mod mptsas scsi_transport_sas mptscsih mptbase dm_mod sg ipv6
CPU: 0 PID: 406 Comm: kworker/u2:0 Not tainted 3.19.0+ #53
Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
task: ffff88007bf73c60 ti: ffff88007cb20000 task.ti: ffff88007cb20000
RIP: 0010:[<ffffffff81269d9e>] [<ffffffff81269d9e>] scsi_init_cmd_errh+0x26/0x5d
RSP: 0018:ffff88007cb23870 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88007bfa6800 RCX: 0000000000000018
RDX: ffff88007bfec970 RSI: 0000000000000000 RDI: 0000000000001000
RBP: ffff88007bfec970 R08: ffff88007be345c0 R09: 00000000000000fa
R10: 0000000000000001 R11: ffffea0001ec8c40 R12: 0000000000000000
R13: ffff88007bfa6800 R14: ffff88007bc04000 R15: ffff88007bfec800
FS: 0000000000000000(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000001000 CR3: 000000007bc9b000 CR4: 00000000000007f0
Stack:
ffffffff8126b67a ffff88007bf73c60 ffff88007bc04000 ffff88007bf13400
ffff88007bfa6968 ffff88007bfec978 ffff88007fc18e48 ffff88007bfb4f20
ffff88007cb23900 ffff88007bf13408 0000000000000000 0000000000000000
Call Trace:
[<ffffffff8126b67a>] ? scsi_queue_rq+0x2e5/0x3d3
[<ffffffff8118d840>] ? __blk_mq_run_hw_queue+0x19a/0x29f
[<ffffffff8118da01>] ? blk_mq_alloc_request+0xbc/0x102
[<ffffffffa00f974b>] ? __xfs_get_blocks+0x321/0x321 [xfs]
[<ffffffff8118df89>] ? blk_mq_run_hw_queue+0x4a/0x93
[<ffffffff8118ec07>] ? blk_sq_make_request+0x166/0x171
[<ffffffff8118639b>] ? generic_make_request+0x8f/0xcc
[<ffffffff811864db>] ? submit_bio+0x103/0x121
[<ffffffff810cc0ae>] ? get_page+0x9/0x25
[<ffffffff810cc49f>] ? __lru_cache_add+0x1a/0x3a
[<ffffffff81136312>] ? mpage_bio_submit+0x1f/0x25
[<ffffffff81136f7f>] ? mpage_readpages+0xe2/0xf6
[<ffffffffa00f974b>] ? __xfs_get_blocks+0x321/0x321 [xfs]
[<ffffffff810f85f9>] ? alloc_pages_current+0xad/0xca
[<ffffffff810cb5f9>] ? __do_page_cache_readahead+0x116/0x1af
[<ffffffff811a8a21>] ? radix_tree_lookup_slot+0x10/0x23
[<ffffffff810cb88b>] ? ondemand_readahead+0x1f9/0x20a
[<ffffffff810c3231>] ? pagecache_get_page+0x22/0x138
[<ffffffff810c3dab>] ? generic_file_read_iter+0x17a/0x4d4
[<ffffffffa00d430e>] ? xfs_attr_get+0x52/0x113 [xfs]
[<ffffffffa01013d8>] ? xfs_file_read_iter+0x1bb/0x20d [xfs]
[<ffffffff8110e8c9>] ? new_sync_read+0x67/0x8b
[<ffffffff8110f539>] ? vfs_read+0x6d/0xb7
[<ffffffff81112ff7>] ? kernel_read+0x39/0x47
[<ffffffff811146f3>] ? do_execveat_common.isra.31+0x3b7/0x5dd
[<ffffffff8111493c>] ? do_execve+0x23/0x28
[<ffffffff8104d4f7>] ? ____call_usermodehelper+0x100/0x128
[<ffffffff8104d3f7>] ? call_usermodehelper+0x47/0x47
[<ffffffff813188fc>] ? ret_from_fork+0x7c/0xb0
[<ffffffff8104d3f7>] ? call_usermodehelper+0x47/0x47
Code: c2 89 d0 5b c3 48 c7 87 b0 00 00 00 00 00 00 00 c7 87 f4 00 00 00 00 00 00 00 48 89 fa 48 8b bf 10 01 00 00 31 c0 b9 18 00 00 00 <f3> ab 66 83 ba cc 00 00 00 00 75 2a 48 8b 8a d8 00 00 00 8a 01
RIP [<ffffffff81269d9e>] scsi_init_cmd_errh+0x26/0x5d
RSP <ffff88007cb23870>
CR2: 0000000000001000
---[ end trace 54414923d584f14b ]---
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dan Carpenter: "Re: [alsa-devel] Audio Jack Out does not work"
Previous message: tip-bot for Jiri Olsa: "[tip:perf/core] perf tools: Add 'I' event modifier for exclude_idle bit"
In reply to: Jan Engelhardt: "NULL deref around xfs in v4.0-rc1ârc7"
Next in thread: Linus Torvalds: "Re: NULL deref around xfs in v4.0-rc1ârc7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]