Hi Chanho, On 20.10.2021 09:39, Chanho Park wrote: > Hi, > > I found a NULL pointer dereference on next-20211019. It might be a > regression since next-20211015. > So, I did "git bisect" and found below commit. Are you already aware of > this? I also found this issue in yesterday's linux-next. Then I found that is has been already fixed by this patch: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git/commit/?h=for-next&id=3039417eec780c6bbb119ae5598fdca2d4a957ec so I decided that there is no point in reporting it. In today's linux-next it has been fixed by the commit https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git/commit/?h=for-next&id=e70feb8b3e6886c525c88943b5f1508d02f5a683 > $ git bisect bad > 2ff0682da6e09c1e0db63a2d2abcd4efb531c8db is the first bad commit > commit 2ff0682da6e09c1e0db63a2d2abcd4efb531c8db > Author: Jens Axboe <axboe@xxxxxxxxx> > Date: Fri Oct 15 09:44:38 2021 -0600 > > block: store elevator state in request > > Add an rq private RQF_ELV flag, which tells the block layer that this > request was initialized on a queue that has an IO scheduler attached. > This allows for faster checking in the fast path, rather than having to > deference rq->q later on. > > Elevator switching does full quiesce of the queue before detaching an > IO scheduler, so it's safe to cache this in the request itself. > > Signed-off-by: Jens Axboe <axboe@xxxxxxxxx> > > block/blk-mq-sched.h | 27 ++++++++++++++++----------- > block/blk-mq.c | 20 +++++++++++--------- > include/linux/blk-mq.h | 2 ++ > 3 files changed, 29 insertions(+), 20 deletions(-) > > > [ 1.908677] BUG: kernel NULL pointer dereference, address: > 000000000000000f > [ 1.911614] #PF: supervisor read access in kernel mode > [ 1.913748] #PF: error_code(0x0000) - not-present page > [ 1.916034] PGD 0 P4D 0 > [ 1.917125] Oops: 0000 [#1] SMP PTI > [ 1.918638] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 5.15.0-rc6+ #14 > [ 1.921381] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014 > [ 1.925974] RIP: 0010:blk_mq_free_request+0x3f/0x140 > [ 1.928272] Code: 47 1c 00 10 40 00 74 36 49 8b 44 24 08 48 8b 00 48 8b > 40 68 48 85 c0 74 05 e8 2d 14 a3 00 48 8b 85 b8 00 00 00 48 85 c0 74 14 <48> > 8b 78 08 e8 28 9f ff ff 48 c7 85 b8 00 00 00 00 00 00 00 8b 55 > [ 1.936950] RSP: 0000:ffffb5f5c010ce70 EFLAGS: 00010002 > [ 1.939287] RAX: 0000000000000007 RBX: ffff981afbdaed80 RCX: > 000000000002eec8 > [ 1.941312] RDX: ffff981ac0314c00 RSI: 00000000fffb72c8 RDI: > ffff981ac02e6300 > [ 1.943345] RBP: ffff981ac02e6300 R08: 000000000000006d R09: > ffff981ac02e6300 > [ 1.944984] R10: 0000000000000008 R11: 000000006cdbb244 R12: > ffff981ac1148000 > [ 1.946545] R13: ffff981ac10c6400 R14: ffff981ac03c6528 R15: > ffff981ac03c64e0 > [ 1.948372] FS: 0000000000000000(0000) GS:ffff981afbd80000(0000) > knlGS:0000000000000000 > [ 1.949867] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 1.950892] CR2: 000000000000000f CR3: 000000005060c000 CR4: > 00000000000006e0 > [ 1.952145] DR0: 0000000000000000 DR1: 0000000000000000 DR2: > 0000000000000000 > [ 1.953406] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: > 0000000000000400 > [ 1.954713] Call Trace: > [ 1.955093] <IRQ> > [ 1.955406] blk_flush_complete_seq+0x223/0x2b0 > [ 1.956096] flush_end_io+0x18f/0x250 > [ 1.956643] scsi_end_request+0x7d/0xf0 > [ 1.957238] scsi_io_completion+0x12b/0x570 > [ 1.957868] blk_complete_reqs+0x3b/0x50 > [ 1.958472] __do_softirq+0xd4/0x27f > [ 1.958999] irq_exit_rcu+0x69/0x90 > [ 1.959460] sysvec_call_function_single+0x6a/0x90 > [ 1.960085] </IRQ> > [ 1.960367] asm_sysvec_call_function_single+0x12/0x20 > [ 1.961036] RIP: 0010:default_idle+0xb/0x10 > [ 1.961581] Code: 85 c9 fe ff ff c6 43 08 00 fb eb 88 48 89 df e8 eb 44 > 92 ff eb ca e8 04 8c ff ff cc cc cc cc eb 07 0f 00 2d ff ad 46 00 fb f4 <c3> > 0f 1f 40 00 65 48 8b 04 25 00 6d 01 00 f0 80 48 02 20 48 8b 10 > [ 1.963958] RSP: 0000:ffffb5f5c007fee8 EFLAGS: 00000206 > [ 1.964749] RAX: ffffffff8d99b6c0 RBX: 0000000000000003 RCX: > 0000000000000001 > [ 1.965553] RDX: ffff981afbda64a0 RSI: 0000000000000083 RDI: > 0000000000000fd8 > [ 1.966397] RBP: ffff981ac0203600 R08: 0000000000000fd7 R09: > 0000000000000001 > [ 1.967208] R10: ffff981afbda5740 R11: 0000000000000800 R12: > ffff981ac0203600 > [ 1.968012] R13: ffff981ac0203600 R14: 0000000000000000 R15: > 0000000000000000 > [ 1.968818] ? __sched_text_end+0x4/0x4 > [ 1.969211] ? __sched_text_end+0x4/0x4 > [ 1.969608] default_idle_call+0x2c/0xa0 > [ 1.970009] do_idle+0x1d9/0x230 > [ 1.970352] cpu_startup_entry+0x14/0x20 > [ 1.970764] secondary_startup_64_no_verify+0xc2/0xcb > [ 1.971287] Modules linked in: > [ 1.971605] CR2: 000000000000000f > [ 1.971951] ---[ end trace 1d285559d26682a4 ]--- > [ 1.972422] RIP: 0010:blk_mq_free_request+0x3f/0x140 > [ 1.972917] Code: 47 1c 00 10 40 00 74 36 49 8b 44 24 08 48 8b 00 48 8b > 40 68 48 85 c0 74 05 e8 2d 14 a3 00 48 8b 85 b8 00 00 00 48 85 c0 74 14 <48> > 8b 78 08 e8 28 9f ff ff 48 c7 85 b8 00 00 00 00 00 00 00 8b 55 > [ 1.975093] RSP: 0000:ffffb5f5c010ce70 EFLAGS: 00010002 > [ 1.975650] RAX: 0000000000000007 RBX: ffff981afbdaed80 RCX: > 000000000002eec8 > [ 1.976411] RDX: ffff981ac0314c00 RSI: 00000000fffb72c8 RDI: > ffff981ac02e6300 > [ 1.977184] RBP: ffff981ac02e6300 R08: 000000000000006d R09: > ffff981ac02e6300 > [ 1.977931] R10: 0000000000000008 R11: 000000006cdbb244 R12: > ffff981ac1148000 > [ 1.978790] R13: ffff981ac10c6400 R14: ffff981ac03c6528 R15: > ffff981ac03c64e0 > [ 1.979577] FS: 0000000000000000(0000) GS:ffff981afbd80000(0000) > knlGS:0000000000000000 > [ 1.980391] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 1.981011] CR2: 000000000000000f CR3: 000000005060c000 CR4: > 00000000000006e0 > [ 1.981916] DR0: 0000000000000000 DR1: 0000000000000000 DR2: > 0000000000000000 > [ 1.982643] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: > 0000000000000400 > [ 1.983365] Kernel panic - not syncing: Fatal exception in interrupt > [ 1.984122] Kernel Offset: 0xbe00000 from 0xffffffff81000000 (relocation > range: 0xffffffff80000000-0xffffffffbfffffff) > [ 1.985243] ---[ end Kernel panic - not syncing: Fatal exception in > interrupt ]--- > > Best regards -- Marek Szyprowski, PhD Samsung R&D Institute Poland