Re: [ceph-client:wip-stable-writes] [mm] 55da5c1be4: BUG:kernel_NULL_pointer_dereference,address

Ilya Dryomov <idryomov@xxxxxxxxx> · Fri, 5 May 2023 15:18:24 +0200

On Fri, May 5, 2023 at 7:19 AM kernel test robot <oliver.sang@xxxxxxxxx> wrote:
>
>
>
> Hello,
>
> kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
>
> commit: 55da5c1be4b284c641193220f1c5c928aac9e4df ("mm: always respect QUEUE_FLAG_STABLE_WRITES flag on the block device")
> https://github.com/ceph/ceph-client.git wip-stable-writes
>
> in testcase: boot
>
> compiler: clang-14
> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
>
> (please refer to attached dmesg/kmsg for entire log/backtrace)
>
>
> +---------------------------------------------+------------+------------+
> |                                             | ec7ed44b26 | 55da5c1be4 |
> +---------------------------------------------+------------+------------+
> | boot_successes                              | 20         | 0          |
> | boot_failures                               | 0          | 18         |
> | BUG:kernel_NULL_pointer_dereference,address | 0          | 18         |
> | Oops:#[##]                                  | 0          | 18         |
> | RIP:folio_wait_stable                       | 0          | 18         |
> | Kernel_panic-not_syncing:Fatal_exception    | 0          | 18         |
> +---------------------------------------------+------------+------------+
>
>
> If you fix the issue, kindly add following tag
> | Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
> | Link: https://lore.kernel.org/oe-lkp/202305051243.f5027ab3-oliver.sang@xxxxxxxxx
>
>
> [    8.445981][    T5] BUG: kernel NULL pointer dereference, address: 0000000000000500
> [    8.447048][    T5] #PF: supervisor read access in kernel mode
> [    8.447834][    T5] #PF: error_code(0x0000) - not-present page
> [    8.448588][    T5] PGD 0 P4D 0
> [    8.448588][    T5] Oops: 0000 [#1]
> [    8.448588][    T5] CPU: 0 PID: 5 Comm: kworker/u2:0 Not tainted 6.3.0-00002-g55da5c1be4b2 #32
> [    8.448588][    T5] Workqueue: events_unbound async_run_entry_fn
> [ 8.448588][ T5] RIP: 0010:folio_wait_stable (kbuild/src/rand-3/include/linux/blkdev.h:881 kbuild/src/rand-3/include/linux/blkdev.h:1265 kbuild/src/rand-3/mm/page-writeback.c:3179)
> [ 8.448588][ T5] Code: 84 00 00 00 00 00 90 55 48 89 e5 41 57 41 56 53 49 89 ff e8 ef 48 ee ff 49 8b 47 18 48 8b 00 48 8b 40 28 48 8b 88 30 01 00 00 <48> 8b 89 00 05 00 00 48 f7 81 a8 00 00 00 00 80 00 00 75 10 f6 40
> All code
> ========
>    0:   84 00                   test   %al,(%rax)
>    2:   00 00                   add    %al,(%rax)
>    4:   00 00                   add    %al,(%rax)
>    6:   90                      nop
>    7:   55                      push   %rbp
>    8:   48 89 e5                mov    %rsp,%rbp
>    b:   41 57                   push   %r15
>    d:   41 56                   push   %r14
>    f:   53                      push   %rbx
>   10:   49 89 ff                mov    %rdi,%r15
>   13:   e8 ef 48 ee ff          callq  0xffffffffffee4907
>   18:   49 8b 47 18             mov    0x18(%r15),%rax
>   1c:   48 8b 00                mov    (%rax),%rax
>   1f:   48 8b 40 28             mov    0x28(%rax),%rax
>   23:   48 8b 88 30 01 00 00    mov    0x130(%rax),%rcx
>   2a:*  48 8b 89 00 05 00 00    mov    0x500(%rcx),%rcx         <-- trapping instruction

Looks like a NULL s_bdev on top of a !CONFIG_BLOCK build.   This patch
would be reworked to avoid referencing s_bdev (or even anything request
queue related) in folio_wait_stable().

Thanks,

                Ilya