Re: [bug report] kernel null pointer observed with blktests srp/006 on 5.14.15

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Greg KH <gregkh@linuxfoundation.org>
To: Ming Lei <ming.lei@redhat.com>
Cc: Yi Zhang <yi.zhang@redhat.com>,
	linux-block <linux-block@vger.kernel.org>,
	linux-scsi@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [bug report] kernel null pointer observed with blktests srp/006 on 5.14.15
Date: Wed, 3 Nov 2021 09:13:57 +0100	[thread overview]
Message-ID: <YYJExddmf7FQiM/h@kroah.com> (raw)
In-Reply-To: <YYH80vbE8DnCG94r@T590>

On Wed, Nov 03, 2021 at 11:06:58AM +0800, Ming Lei wrote:
> On Tue, Nov 02, 2021 at 03:31:43PM +0800, Yi Zhang wrote:
> > Hello
> > 
> > Below null pointer was triggered with blktests srp/006 on aarch64, pls
> > help check it, thanks.
> 
> ...
> 
> > [  491.786766] Unable to handle kernel paging request at virtual
> > address ffff8000096f9438
> > [  491.794676] Mem abort info:
> > [  491.797480]   ESR = 0x96000007
> > [  491.800527]   EC = 0x25: DABT (current EL), IL = 32 bits
> > [  491.805833]   SET = 0, FnV = 0
> > [  491.808896]   EA = 0, S1PTW = 0
> > [  491.812028]   FSC = 0x07: level 3 translation fault
> > [  491.816901] Data abort info:
> > [  491.819769]   ISV = 0, ISS = 0x00000007
> > [  491.823593]   CM = 0, WnR = 0
> > [  491.826553] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000f82320000
> > [  491.833243] [ffff8000096f9438] pgd=1000000fff0ff003,
> > p4d=1000000fff0ff003, pud=1000000fff0fe003, pmd=100000010c48a003,
> > pte=0000000000000000
> > [  491.845768] Internal error: Oops: 96000007 [#1] SMP
> > [  491.850636] Modules linked in: target_core_user uio
> > target_core_pscsi target_core_file ib_srpt target_core_iblock
> > target_core_mod rdma_cm iw_cm ib_cm scsi_debug rdma_rxe ib_uverbs
> > ip6_udp_tunnel udp_tunnel null_blk dm_service_time ib_umad
> > crc32_generic scsi_dh_rdac scsi_dh_emc scsi_dh_alua dm_multipath
> > ib_core rfkill sunrpc vfat fat joydev be2net nicvf cavium_ptp
> > mdio_thunder cavium_rng_vf nicpf thunderx_edac mdio_cavium thunder_bgx
> > thunder_xcv cavium_rng ipmi_ssif ipmi_devintf ipmi_msghandler fuse
> > zram ip_tables xfs ast i2c_algo_bit drm_vram_helper drm_kms_helper
> > syscopyarea sysfillrect sysimgblt fb_sys_fops crct10dif_ce cec
> > ghash_ce drm_ttm_helper ttm drm i2c_thunderx thunderx_mmc aes_neon_bs
> > [last unloaded: scsi_transport_srp]
> > [  491.915381] CPU: 6 PID: 11622 Comm: multipathd Not tainted 5.14.15 #1
> > [  491.921812] Hardware name: GIGABYTE R120-T34-00/MT30-GS2-00, BIOS
> > F02 08/06/2019
> > [  491.929196] pstate: 20400005 (nzCv daif +PAN -UAO -TCO BTYPE=--)
> > [  491.935192] pc : scsi_mq_exit_request+0x28/0x60
> > [  491.939721] lr : blk_mq_free_rqs+0x7c/0x1ec
> > [  491.943897] sp : ffff800016a536c0
> > [  491.947200] x29: ffff800016a536c0 x28: ffff0001375b8000 x27: 0000000000000131
> > [  491.954330] x26: ffff000102bb5c28 x25: ffff0001333d1000 x24: ffff0001333d1200
> > [  491.961460] x23: 0000000000000000 x22: ffff0001386870a8 x21: 0000000000000000
> > [  491.968589] x20: 0000000000000001 x19: ffff00010d878128 x18: ffffffffffffffff
> > [  491.975719] x17: 5342555300355f66 x16: 6d745f697363732f x15: 0000000000000000
> > [  491.982848] x14: 0000000000000000 x13: 0000000000000030 x12: 0101010101010101
> > [  491.989977] x11: ffff8000114a1298 x10: 0000000000001c90 x9 : ffff800010764030
> > [  491.997109] x8 : ffff0001375b9cf0 x7 : 0000000000000004 x6 : 00000002a7f08498
> > [  492.004242] x5 : 0000000000000001 x4 : ffff000130092128 x3 : ffff800010b1e7e0
> > [  492.011371] x2 : 0000000000000000 x1 : ffff8000096f93f0 x0 : ffff000138687000
> > [  492.018501] Call trace:
> > [  492.020937]  scsi_mq_exit_request+0x28/0x60
> > [  492.025112]  blk_mq_free_rqs+0x7c/0x1ec
> > [  492.028939]  blk_mq_free_tag_set+0x58/0x100
> > [  492.033113]  scsi_mq_destroy_tags+0x20/0x30
> > [  492.037286]  scsi_host_dev_release+0x9c/0x100
> > [  492.041633]  device_release+0x40/0xa0
> > [  492.045286]  kobject_cleanup+0x4c/0x180
> > [  492.049115]  kobject_put+0x50/0xd0
> > [  492.052510]  put_device+0x20/0x30
> > [  492.055819]  scsi_target_dev_release+0x34/0x44
> > [  492.060253]  device_release+0x40/0xa0
> > [  492.063905]  kobject_cleanup+0x4c/0x180
> > [  492.067732]  kobject_put+0x50/0xd0
> > [  492.071124]  put_device+0x20/0x30
> > [  492.074428]  scsi_device_dev_release_usercontext+0x228/0x244
> > [  492.080079]  execute_in_process_context+0x50/0xa0
> > [  492.084775]  scsi_device_dev_release+0x28/0x3c
> > [  492.089208]  device_release+0x40/0xa0
> > [  492.092860]  kobject_cleanup+0x4c/0x180
> > [  492.096686]  kobject_put+0x50/0xd0
> > [  492.100081]  put_device+0x20/0x30
> > [  492.103396]  scsi_device_put+0x38/0x50
> > [  492.107140]  sd_release151]  free_multipath+0x80/0xc0 [dm_multipath]
> > [  492.132109]  multipath_dtr+0x38/0x50 [dm_multipath]
> > [  492.136980]  dm_table_destroy+0x68/0x150
> > [  492.140892]  __dm_destroy+0x138/0x204
> > [  492.144548]  dm_destroy+0x20/0x30
> > [  492.147859]  dev_remove+0x144/0x1e0
> > [  492.151339]  ctl_ioctl+0x278/0x4d0
> > [  492.154731]  dm_ctl_ioctl+0x1c/0x30
> > [  492.158210]  __arm64_sys_ioctl+0xb4/0x100
> > [  492.162212]  invoke_syscall+0x50/0x120
> > [  492.165955]  el0_svc_common+0x48/0x100
> > [  492.169694]  do_el0_svc+0x34/0xa0
> > [  492.173000]  el0_svc+0x2c/0x54
> > [  492.176048]  el0t_64_sync_handler+0xa4/0x130
> > [  492.180307]  el0t_64_sync+0x19c/0x1a0
> > [  492.183962] Code: f9000bf3 9104a033 f9403000 f9404c01 (f9402422)
> > [  492.190068] ---[ end trace dbfeac019a702ce7 ]---
> > [  492.194678] Kernel panic - not syncing: Oops: Fatal exception
> > [  492.200431] SMP: stopping secondary CPUs
> > [  492.204354] Kernel Offset: 0x80000 from 0xffff800010000000
> > [  492.209828] PHYS_OFFSET: 0x0
> > [  492.212697] CPU features: 0x00180051,20800a40
> > [  492.217043] Memory Limit: none
> > [  492.220102] ---[ end Kernel panic - not syncing: Oops: Fatal exception ]---
> 
> Hi Yi,
> 
> It was fixed by f2b85040acec ("scsi: core: Put LLD module refcnt after SCSI device
> is released"), look not ported to 5.14.y yet.

Did anyone ask for it to be backported to stable kernels yet?  I don't
see a request, nor was stable@vger cc:ed on the signed-off-by: line, so
how were we to know to pick this up?

Anyway, I've now done so...

thanks,

greg k-h

     prev parent reply	other threads:[~2021-11-03  8:14 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-02  7:31 [bug report] kernel null pointer observed with blktests srp/006 on 5.14.15 Yi Zhang
2021-11-03  3:06 ` Ming Lei
2021-11-03  3:51   ` Yi Zhang
2021-11-03  8:13   ` Greg KH [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YYJExddmf7FQiM/h@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=linux-block@vger.kernel.org \
    --cc=linux-scsi@vger.kernel.org \
    --cc=ming.lei@redhat.com \
    --cc=stable@vger.kernel.org \
    --cc=yi.zhang@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.