Re: [2.6.23 PATCH 07/18] dm io: fix panic on large request

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Chuck Ebbert <cebbert@redhat.com>
To: Patrick McHardy <kaber@trash.net>
Cc: Alasdair G Kergon <agk@redhat.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	dm-devel@redhat.com, linux-kernel@vger.kernel.org,
	"Jun'ichi Nomura" <j-nomura@ce.jp.nec.com>
Subject: Re: [2.6.23 PATCH 07/18] dm io: fix panic on large request
Date: Wed, 18 Jul 2007 11:23:09 -0400	[thread overview]
Message-ID: <469E305D.8060003@redhat.com> (raw)
In-Reply-To: <469CC11B.2020103@trash.net>

On 07/17/2007 09:16 AM, Patrick McHardy wrote:
> Alasdair G Kergon wrote:
>> From: "Jun'ichi Nomura" <j-nomura@ce.jp.nec.com>
>>
>> bio_alloc_bioset() will return NULL if 'num_vecs' is too large.
>> Use bio_get_nr_vecs() to get estimation of maximum number.
>>
>> Signed-off-by: "Jun'ichi Nomura" <j-nomura@ce.jp.nec.com>
>> Signed-off-by: Alasdair G Kergon <agk@redhat.com>
>>
>> ---
>>  drivers/md/dm-io.c |    5 ++++-
>>  1 files changed, 4 insertions(+), 1 deletion(-)
> 
> 
> This patch reproducibly oopses my box:
> 
> [  126.754204] BUG: unable to handle kernel NULL pointer dereference at
> virtual address 00000000
> [  126.754326]  printing eip:
> [  126.754369] c0141a67
> [  126.754420] *pde = 00000000
> [  126.754465] Oops: 0000 [#1]
> [  126.754507] PREEMPT
> [  126.754585] Modules linked in: [...]
> 
> 
> [  126.758372] CPU:    0
> [  126.758373] EIP:    0060:[<c0141a67>]    Not tainted VLI
> [  126.758374] EFLAGS: 00010282   (2.6.22 #1)
> [  126.758511] EIP is at mempool_free+0xe/0xc0
> [  126.758558] eax: d39e65d0   ebx: 00000000   ecx: df2b9898   edx: 00000000
> [  126.758605] esi: 00000000   edi: d39e65d0   ebp: d487d6d0   esp: df79fec0
> [  126.758652] ds: 007b   es: 007b   fs: 0000  gs: 0000  ss: 0068
> [  126.758699] Process kcryptd/0 (pid: 3218, ti=df79f000 task=df2b9640
> task.ti=df79f000)
> [  126.758747] Stack: 00000000 00000000 d3835f80 00000000 e08b0923
> e08a5f69 00000200 e0ad1080
> [  126.759093]        dfb5ab40 d3835f80 e08b08c0 00000000 e08a5fb7
> c01804d8 00000000 00000200
> [  126.759439]        c520bc00 00000c00 d0b77438 d5754b00 df79ff5c
> e08a515e d0b77444 d5754b00
> [  126.759858] Call Trace:
> [  126.759965]  [<e08b0923>] clone_endio+0x63/0xc0 [dm_mod]
> [  126.760066]  [<e08a5f69>] crypt_convert+0x131/0x17f [dm_crypt]
> [  126.760168]  [<e08b08c0>] clone_endio+0x0/0xc0 [dm_mod]
> [  126.760264]  [<e08a5fb7>] kcryptd_do_work+0x0/0x30f [dm_crypt]
> [  126.760349]  [<c01804d8>] bio_endio+0x33/0x5d
> [  126.760462]  [<e08a515e>] dec_pending+0x28/0x39 [dm_crypt]
> [  126.760558]  [<e08a61e6>] kcryptd_do_work+0x22f/0x30f [dm_crypt]
> [  126.760669]  [<c0112182>] update_stats_wait_end+0x7f/0xb2
> [  126.760801]  [<e08a5fb7>] kcryptd_do_work+0x0/0x30f [dm_crypt]
> [  126.760888]  [<c012700e>] run_workqueue+0x84/0x179
> [  126.760990]  [<c0127292>] worker_thread+0x0/0xf0
> [  126.761074]  [<c012732f>] worker_thread+0x9d/0xf0
> [  126.761160]  [<c012a360>] autoremove_wake_function+0x0/0x37
> [  126.761256]  [<c0127292>] worker_thread+0x0/0xf0
> [  126.761334]  [<c012a15c>] kthread+0x52/0x58
> [  126.761411]  [<c012a10a>] kthread+0x0/0x58
> [  126.761496]  [<c0104983>] kernel_thread_helper+0x7/0x14
> [  126.761598]  =======================
> [  126.761717] Code: 1c 00 89 f6 eb a9 b8 88 13 00 00 e8 b4 56 1c 00 8d
> 74 26 00 eb d5 31 db e9 11 ff ff ff 57 56 53 83 ec 04 89 c7 89 d6 85 c0
> 74 55 <8b> 02 39 42 04 7d 46 9c 58 90 8d b4 26 00 00 00 00 89 c3 fa 90

mempool_free() was called with a NULL pool. That can't be good.

next prev parent reply	other threads:[~2007-07-18 15:24 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-07-11 20:58 [2.6.23 PATCH 07/18] dm io: fix panic on large request Alasdair G Kergon
2007-07-17 13:16 ` Patrick McHardy
2007-07-17 16:39   ` Jun'ichi Nomura
2007-07-17 17:50     ` Patrick McHardy
2007-07-17 22:20       ` Jun'ichi Nomura
2007-07-18 10:08         ` Patrick McHardy
2007-07-18 15:23   ` Chuck Ebbert [this message]
2007-07-20 15:07     ` Milan Broz

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=469E305D.8060003@redhat.com \
    --to=cebbert@redhat.com \
    --cc=agk@redhat.com \
    --cc=akpm@linux-foundation.org \
    --cc=dm-devel@redhat.com \
    --cc=j-nomura@ce.jp.nec.com \
    --cc=kaber@trash.net \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox