Regression of next-20211019

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Chanho Park" <chanho61.park@samsung.com>
To: <axboe@kernel.dk>
Cc: <sfr@canb.auug.org.au>, <linux-block@vger.kernel.org>,
	<linux-next@vger.kernel.org>
Subject: Regression of next-20211019
Date: Wed, 20 Oct 2021 16:39:00 +0900	[thread overview]
Message-ID: <00be01d7c585$8c5d3580$a517a080$@samsung.com> (raw)
In-Reply-To: CGME20211020073900epcas2p402043934d4ca8f04113bc5ce50d2f596@epcas2p4.samsung.com

Hi,

I found a NULL pointer dereference on next-20211019. It might be a
regression since next-20211015.
So, I did "git bisect" and found below commit. Are you already aware of
this?

$ git bisect bad
2ff0682da6e09c1e0db63a2d2abcd4efb531c8db is the first bad commit
commit 2ff0682da6e09c1e0db63a2d2abcd4efb531c8db
Author: Jens Axboe <axboe@kernel.dk>
Date:   Fri Oct 15 09:44:38 2021 -0600

    block: store elevator state in request
    
    Add an rq private RQF_ELV flag, which tells the block layer that this
    request was initialized on a queue that has an IO scheduler attached.
    This allows for faster checking in the fast path, rather than having to
    deference rq->q later on.
    
    Elevator switching does full quiesce of the queue before detaching an
    IO scheduler, so it's safe to cache this in the request itself.
    
    Signed-off-by: Jens Axboe <axboe@kernel.dk>

 block/blk-mq-sched.h   | 27 ++++++++++++++++-----------
 block/blk-mq.c         | 20 +++++++++++---------
 include/linux/blk-mq.h |  2 ++
 3 files changed, 29 insertions(+), 20 deletions(-)


[    1.908677] BUG: kernel NULL pointer dereference, address:
000000000000000f
[    1.911614] #PF: supervisor read access in kernel mode
[    1.913748] #PF: error_code(0x0000) - not-present page
[    1.916034] PGD 0 P4D 0 
[    1.917125] Oops: 0000 [#1] SMP PTI
[    1.918638] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 5.15.0-rc6+ #14
[    1.921381] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS
rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014
[    1.925974] RIP: 0010:blk_mq_free_request+0x3f/0x140
[    1.928272] Code: 47 1c 00 10 40 00 74 36 49 8b 44 24 08 48 8b 00 48 8b
40 68 48 85 c0 74 05 e8 2d 14 a3 00 48 8b 85 b8 00 00 00 48 85 c0 74 14 <48>
8b 78 08 e8 28 9f ff ff 48 c7 85 b8 00 00 00 00 00 00 00 8b 55
[    1.936950] RSP: 0000:ffffb5f5c010ce70 EFLAGS: 00010002
[    1.939287] RAX: 0000000000000007 RBX: ffff981afbdaed80 RCX:
000000000002eec8
[    1.941312] RDX: ffff981ac0314c00 RSI: 00000000fffb72c8 RDI:
ffff981ac02e6300
[    1.943345] RBP: ffff981ac02e6300 R08: 000000000000006d R09:
ffff981ac02e6300
[    1.944984] R10: 0000000000000008 R11: 000000006cdbb244 R12:
ffff981ac1148000
[    1.946545] R13: ffff981ac10c6400 R14: ffff981ac03c6528 R15:
ffff981ac03c64e0
[    1.948372] FS:  0000000000000000(0000) GS:ffff981afbd80000(0000)
knlGS:0000000000000000
[    1.949867] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.950892] CR2: 000000000000000f CR3: 000000005060c000 CR4:
00000000000006e0
[    1.952145] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[    1.953406] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[    1.954713] Call Trace:
[    1.955093]  <IRQ>
[    1.955406]  blk_flush_complete_seq+0x223/0x2b0
[    1.956096]  flush_end_io+0x18f/0x250
[    1.956643]  scsi_end_request+0x7d/0xf0
[    1.957238]  scsi_io_completion+0x12b/0x570
[    1.957868]  blk_complete_reqs+0x3b/0x50
[    1.958472]  __do_softirq+0xd4/0x27f
[    1.958999]  irq_exit_rcu+0x69/0x90
[    1.959460]  sysvec_call_function_single+0x6a/0x90
[    1.960085]  </IRQ>
[    1.960367]  asm_sysvec_call_function_single+0x12/0x20
[    1.961036] RIP: 0010:default_idle+0xb/0x10
[    1.961581] Code: 85 c9 fe ff ff c6 43 08 00 fb eb 88 48 89 df e8 eb 44
92 ff eb ca e8 04 8c ff ff cc cc cc cc eb 07 0f 00 2d ff ad 46 00 fb f4 <c3>
0f 1f 40 00 65 48 8b 04 25 00 6d 01 00 f0 80 48 02 20 48 8b 10
[    1.963958] RSP: 0000:ffffb5f5c007fee8 EFLAGS: 00000206
[    1.964749] RAX: ffffffff8d99b6c0 RBX: 0000000000000003 RCX:
0000000000000001
[    1.965553] RDX: ffff981afbda64a0 RSI: 0000000000000083 RDI:
0000000000000fd8
[    1.966397] RBP: ffff981ac0203600 R08: 0000000000000fd7 R09:
0000000000000001
[    1.967208] R10: ffff981afbda5740 R11: 0000000000000800 R12:
ffff981ac0203600
[    1.968012] R13: ffff981ac0203600 R14: 0000000000000000 R15:
0000000000000000
[    1.968818]  ? __sched_text_end+0x4/0x4
[    1.969211]  ? __sched_text_end+0x4/0x4
[    1.969608]  default_idle_call+0x2c/0xa0
[    1.970009]  do_idle+0x1d9/0x230
[    1.970352]  cpu_startup_entry+0x14/0x20
[    1.970764]  secondary_startup_64_no_verify+0xc2/0xcb
[    1.971287] Modules linked in:
[    1.971605] CR2: 000000000000000f
[    1.971951] ---[ end trace 1d285559d26682a4 ]---
[    1.972422] RIP: 0010:blk_mq_free_request+0x3f/0x140
[    1.972917] Code: 47 1c 00 10 40 00 74 36 49 8b 44 24 08 48 8b 00 48 8b
40 68 48 85 c0 74 05 e8 2d 14 a3 00 48 8b 85 b8 00 00 00 48 85 c0 74 14 <48>
8b 78 08 e8 28 9f ff ff 48 c7 85 b8 00 00 00 00 00 00 00 8b 55
[    1.975093] RSP: 0000:ffffb5f5c010ce70 EFLAGS: 00010002
[    1.975650] RAX: 0000000000000007 RBX: ffff981afbdaed80 RCX:
000000000002eec8
[    1.976411] RDX: ffff981ac0314c00 RSI: 00000000fffb72c8 RDI:
ffff981ac02e6300
[    1.977184] RBP: ffff981ac02e6300 R08: 000000000000006d R09:
ffff981ac02e6300
[    1.977931] R10: 0000000000000008 R11: 000000006cdbb244 R12:
ffff981ac1148000
[    1.978790] R13: ffff981ac10c6400 R14: ffff981ac03c6528 R15:
ffff981ac03c64e0
[    1.979577] FS:  0000000000000000(0000) GS:ffff981afbd80000(0000)
knlGS:0000000000000000
[    1.980391] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.981011] CR2: 000000000000000f CR3: 000000005060c000 CR4:
00000000000006e0
[    1.981916] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[    1.982643] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[    1.983365] Kernel panic - not syncing: Fatal exception in interrupt
[    1.984122] Kernel Offset: 0xbe00000 from 0xffffffff81000000 (relocation
range: 0xffffffff80000000-0xffffffffbfffffff)
[    1.985243] ---[ end Kernel panic - not syncing: Fatal exception in
interrupt ]---

next      parent reply	other threads:[~2021-10-20  7:39 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CGME20211020073900epcas2p402043934d4ca8f04113bc5ce50d2f596@epcas2p4.samsung.com>
2021-10-20  7:39 ` Chanho Park [this message]
2021-10-20  8:07   ` Regression of next-20211019 Marek Szyprowski
2021-10-20  8:18     ` Chanho Park

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='00be01d7c585$8c5d3580$a517a080$@samsung.com' \
    --to=chanho61.park@samsung.com \
    --cc=axboe@kernel.dk \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-next@vger.kernel.org \
    --cc=sfr@canb.auug.org.au \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.