From: Tejun Heo <tj@kernel.org>
To: Arnd Bergmann <arnd@arndb.de>
Cc: Fengguang Wu <fengguang.wu@intel.com>,
IDE-ML <linux-ide@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
LKP <lkp@01.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: Re: [ata_port_probe] BUG: unable to handle kernel NULL pointer dereference at 0000000000000350
Date: Tue, 21 Nov 2017 06:57:36 -0800 [thread overview]
Message-ID: <20171121145719.GD983427@devbig577.frc2.facebook.com> (raw)
In-Reply-To: <CAK8P3a1c+u-r6+AD8=eKfRaoTgx0ByV_mVJWoJu7BzfDLk1JBA@mail.gmail.com>
Hello,
On Tue, Nov 21, 2017 at 01:54:25PM +0100, Arnd Bergmann wrote:
> > [ 56.376960] ata2.00: ATAPI: QEMU DVD-ROM, 2.5+, max UDMA/100
> > [ 56.379169] ata2.00: configured for MWDMA2
> > [ 56.381518] ata2.00: disabled
> > [ 56.385696] sd 1:0:0:0: [sda] Attached SCSI disk
> > [ 56.395326] sd 1:0:0:0: [sda] Synchronizing SCSI cache
>
> I guess both can be explained by the same race as the previous one, with
> async probe racing against removal. The first one might be a use-after-free
> problem, the second one could be the probing thread running after the
> device got removed.
This is not a bug in libata. This is caused by
CONFIG_DEBUG_TEST_DRIVER_REMOVE incorrectly detaching the driver
before probing is complete, which can't happen in normal operations
(we have async flush at the end of boot and around module operations).
Greg, this issue was identified way back. It's a debug code which
causes failures which aren't possible. Can we please either fix or
remove it?
Thanks.
--
tejun
WARNING: multiple messages have this Message-ID (diff)
From: Tejun Heo <tj@kernel.org>
To: lkp@lists.01.org
Subject: Re: [ata_port_probe] BUG: unable to handle kernel NULL pointer dereference at 0000000000000350
Date: Tue, 21 Nov 2017 06:57:36 -0800 [thread overview]
Message-ID: <20171121145719.GD983427@devbig577.frc2.facebook.com> (raw)
In-Reply-To: <CAK8P3a1c+u-r6+AD8=eKfRaoTgx0ByV_mVJWoJu7BzfDLk1JBA@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1041 bytes --]
Hello,
On Tue, Nov 21, 2017 at 01:54:25PM +0100, Arnd Bergmann wrote:
> > [ 56.376960] ata2.00: ATAPI: QEMU DVD-ROM, 2.5+, max UDMA/100
> > [ 56.379169] ata2.00: configured for MWDMA2
> > [ 56.381518] ata2.00: disabled
> > [ 56.385696] sd 1:0:0:0: [sda] Attached SCSI disk
> > [ 56.395326] sd 1:0:0:0: [sda] Synchronizing SCSI cache
>
> I guess both can be explained by the same race as the previous one, with
> async probe racing against removal. The first one might be a use-after-free
> problem, the second one could be the probing thread running after the
> device got removed.
This is not a bug in libata. This is caused by
CONFIG_DEBUG_TEST_DRIVER_REMOVE incorrectly detaching the driver
before probing is complete, which can't happen in normal operations
(we have async flush at the end of boot and around module operations).
Greg, this issue was identified way back. It's a debug code which
causes failures which aren't possible. Can we please either fix or
remove it?
Thanks.
--
tejun
next prev parent reply other threads:[~2017-11-21 14:57 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-21 9:05 active bugs in the first week of 4.15 merge window Fengguang Wu
2017-11-21 10:04 ` [test_abba] WARNING: possible circular locking dependency detected Fengguang Wu
2017-11-21 10:04 ` Fengguang Wu
2017-11-21 10:54 ` [ata_port_detach] WARNING: CPU: 0 PID: 1 at drivers/ata/libata-core.c:6613 ata_port_detach+0x9b/0x180 Fengguang Wu
2017-11-21 10:54 ` Fengguang Wu
2017-11-21 11:30 ` Arnd Bergmann
2017-11-21 11:30 ` Arnd Bergmann
2017-11-21 11:07 ` [tracer_init_tracefs] watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [swapper/0:1] Fengguang Wu
2017-11-21 11:07 ` Fengguang Wu
2017-11-21 12:27 ` Fengguang Wu
2017-11-21 12:27 ` Fengguang Wu
2017-11-21 13:55 ` Thomas Gleixner
2017-11-21 13:55 ` Thomas Gleixner
2017-11-21 11:10 ` [rbtree_test_init] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [swapper:1] Fengguang Wu
2017-11-21 11:10 ` Fengguang Wu
2017-11-21 21:59 ` Andrew Morton
2017-11-21 21:59 ` Andrew Morton
2017-11-22 2:15 ` Fengguang Wu
2017-11-22 2:15 ` Fengguang Wu
2017-11-21 11:19 ` [rht_deferred_worker] BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=0 stuck for 62s! Fengguang Wu
2017-11-21 11:19 ` Fengguang Wu
2017-11-21 11:52 ` [test_rht_init] INFO: task swapper/0:1 blocked for more than 120 seconds Fengguang Wu
2017-11-21 11:52 ` Fengguang Wu
2017-11-27 21:34 ` Linus Torvalds
2017-11-27 21:34 ` Linus Torvalds
2017-11-27 21:32 ` [rht_deferred_worker] BUG: workqueue lockup - pool cpus=0 node=0 flags=0x0 nice=0 stuck for 62s! Linus Torvalds
2017-11-27 21:32 ` Linus Torvalds
2017-11-21 11:53 ` [vga_arb_device_init] WARNING: possible circular locking dependency detected Fengguang Wu
2017-11-21 11:53 ` Fengguang Wu
2017-11-21 16:52 ` Lukas Wunner
2017-11-21 16:52 ` Lukas Wunner
2017-11-21 16:52 ` Lukas Wunner
2017-11-22 9:07 ` Daniel Vetter
2017-11-22 9:07 ` Daniel Vetter
2017-11-22 9:07 ` Daniel Vetter
2017-11-21 17:08 ` [char-misc] " Daniel Vetter
2017-11-21 17:08 ` Daniel Vetter
2017-11-21 12:04 ` [migration_cpu_stop] WARNING: CPU: 0 PID: 11 at kernel/sched/core.c:1187 set_task_cpu+0x257/0x6b6 Fengguang Wu
2017-11-21 12:04 ` Fengguang Wu
2017-11-21 13:34 ` Peter Zijlstra
2017-11-21 13:34 ` Peter Zijlstra
2017-11-21 13:51 ` Fengguang Wu
2017-11-21 13:51 ` Fengguang Wu
2017-11-21 16:13 ` Paul E. McKenney
2017-11-21 16:13 ` Paul E. McKenney
2017-11-22 12:18 ` Fengguang Wu
2017-11-22 12:18 ` Fengguang Wu
2017-11-21 14:01 ` Rafael J. Wysocki
2017-11-21 14:01 ` Rafael J. Wysocki
2017-11-21 12:09 ` [ata_port_probe] BUG: unable to handle kernel NULL pointer dereference at 0000000000000350 Fengguang Wu
2017-11-21 12:09 ` Fengguang Wu
2017-11-21 12:19 ` Fengguang Wu
2017-11-21 12:19 ` Fengguang Wu
2017-11-21 12:54 ` Arnd Bergmann
2017-11-21 12:54 ` Arnd Bergmann
2017-11-21 14:57 ` Tejun Heo [this message]
2017-11-21 14:57 ` Tejun Heo
2017-11-21 15:30 ` Arnd Bergmann
2017-11-21 15:30 ` Arnd Bergmann
2017-11-21 12:12 ` [RING_BUFFER_BENCHMARK] INFO: task rb_producer:73 blocked for more than 120 seconds Fengguang Wu
2017-11-21 13:28 ` Fengguang Wu
2017-11-21 13:28 ` Fengguang Wu
2017-11-21 12:33 ` [serial8250_interrupt] RIP: 0010:arch_local_irq_restore+0x2/0x8 Fengguang Wu
2017-11-21 12:33 ` Fengguang Wu
2017-11-21 12:33 ` Fengguang Wu
2017-11-21 13:31 ` Fengguang Wu
2017-11-21 13:31 ` Fengguang Wu
2017-11-21 14:39 ` Andy Shevchenko
2017-11-21 14:39 ` Andy Shevchenko
2017-11-21 21:14 ` Andy Shevchenko
2017-11-21 21:14 ` Andy Shevchenko
2017-11-22 23:36 ` Fengguang Wu
2017-11-22 23:36 ` Fengguang Wu
2017-11-22 23:43 ` Fengguang Wu
2017-11-22 23:43 ` Fengguang Wu
2017-11-21 12:41 ` [Intel-wired-lan] [e1000_shutdown] e1000 0000:00:03.0: disabling already-disabled device Fengguang Wu
2017-11-21 12:41 ` Fengguang Wu
2017-11-21 12:41 ` Fengguang Wu
2017-11-21 22:10 ` [Intel-wired-lan] " Tushar Dave
2017-11-21 22:10 ` Tushar Dave
2017-11-21 22:10 ` Tushar Dave
2017-11-22 23:13 ` [Intel-wired-lan] " Fengguang Wu
2017-11-22 23:13 ` Fengguang Wu
2017-11-22 23:13 ` Fengguang Wu
2017-11-27 19:31 ` [Intel-wired-lan] " Tushar Dave
2017-11-27 19:31 ` Tushar Dave
2017-11-27 19:31 ` Tushar Dave
2017-12-04 11:33 ` [Intel-wired-lan] " Fengguang Wu
2017-12-04 11:33 ` Fengguang Wu
2017-12-04 11:33 ` Fengguang Wu
2017-12-05 19:19 ` [Intel-wired-lan] " Tushar Dave
2017-12-05 19:19 ` Tushar Dave
2017-12-05 19:19 ` Tushar Dave
2017-11-21 12:50 ` [test_cycle_work] WARNING: possible circular locking dependency detected Fengguang Wu
2017-11-21 12:50 ` Fengguang Wu
2017-11-21 13:01 ` [hrtimer_active] INFO: trying to register non-static key Fengguang Wu
2017-11-21 13:01 ` Fengguang Wu
2017-11-22 14:37 ` [hrtimer_active ^W ata_port_wait_eh] " Thomas Gleixner
2017-11-22 14:37 ` Thomas Gleixner
2017-11-24 12:49 ` Tejun Heo
2017-11-24 12:49 ` Tejun Heo
2017-11-24 13:41 ` Fengguang Wu
2017-11-24 13:41 ` Fengguang Wu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171121145719.GD983427@devbig577.frc2.facebook.com \
--to=tj@kernel.org \
--cc=arnd@arndb.de \
--cc=fengguang.wu@intel.com \
--cc=geert@linux-m68k.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-ide@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@01.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.