On Tue, Jul 23, 2019 at 6:31 AM Yi Zhang <yi.zhang@xxxxxxxxxx> wrote: > > Hello > > With step[1], this kernel NULL pointer[2] can be triggered every time from v5.3-rc1, let me know if you need more info, thanks. > > [1] from blktests block/001 > #modprobe scsi-debug add_host=4 num_tgts=1 ptype=0 > > [2] > [14628.973272] run blktests block/001 at 2019-07-22 12:45:10 > [14629.017215] BUG: kernel NULL pointer dereference, address: 0000000000000000 > [14629.018326] scsi host13: scsi_debug: version 0188 [20190125] > [14629.018326] dev_size_mb=8, opts=0x0, submit_queues=1, statistics=0 > [14629.024988] #PF: supervisor read access in kernel mode > [14629.024990] #PF: error_code(0x0000) - not-present page > [14629.024991] PGD 0 P4D 0 > [14629.024994] Oops: 0000 [#1] SMP PTI > [14629.024999] CPU: 6 PID: 699 Comm: kworker/u25:9 Not tainted 5.3.0-rc1 #1 > [14629.038771] scsi host14: scsi_debug: version 0188 [20190125] > [14629.038771] dev_size_mb=8, opts=0x0, submit_queues=1, statistics=0 > [14629.044118] Hardware name: Dell Inc. PowerEdge R730xd/ɲ�Pow, BIOS 2.9.1 12/04/2018 > [14629.044124] Workqueue: events_unbound async_run_entry_fn > [14629.044131] RIP: 0010:dma_direct_max_mapping_size+0x2b/0x64 > [14629.044134] Code: 1f 44 00 00 55 53 48 89 fb e8 51 13 00 00 84 c0 75 0a 48 c7 c0 ff ff ff ff 5b 5d c3 48 8b 83 28 02 00 00 48 8b ab 38 02 00 00 <48> 8b 00 48 85 c0 74 0c 48 85 ed 74 27 48 39 c5 48 0f 47 e8 48 89 > [14629.119071] RSP: 0018:ffffa98482453c40 EFLAGS: 00010202 > [14629.124899] RAX: 0000000000000000 RBX: ffff8cc96d9d1018 RCX: 0000000000000000 > [14629.132860] RDX: ffff8cc96d594080 RSI: 0000000000000800 RDI: ffff8cc96d9d1018 > [14629.140821] RBP: 0000000000000000 R08: ffff8cc977aef0e0 R09: ffff8cc805c072c0 > [14629.148782] R10: 0000000000030400 R11: ffff8cc973398a00 R12: ffff8cc96d9d1018 > [14629.156743] R13: 00000000ffffffff R14: ffff8ccb74b42428 R15: 0000000000000000 > [14629.164705] FS: 0000000000000000(0000) GS:ffff8cc977ac0000(0000) knlGS:0000000000000000 > [14629.173734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [14629.180142] CR2: 0000000000000000 CR3: 000000010740a006 CR4: 00000000001606e0 > [14629.188103] Call Trace: > [14629.190836] __scsi_init_queue+0x75/0x140 > [14629.195309] scsi_mq_alloc_queue+0x3a/0x50 > [14629.199877] scsi_alloc_sdev+0x1d1/0x290 > [14629.204253] scsi_probe_and_add_lun+0x487/0xe20 > [14629.209311] ? mutex_lock+0xe/0x30 > [14629.213115] ? ata_tdev_release+0x10/0x10 [libata] > [14629.218462] ? attribute_container_add_device+0x55/0x120 > [14629.224389] __scsi_scan_target+0xec/0x5b0 > [14629.228960] ? __switch_to_asm+0x40/0x70 > [14629.233335] ? __switch_to_asm+0x34/0x70 > [14629.237710] ? __switch_to_asm+0x40/0x70 > [14629.242085] ? __switch_to_asm+0x40/0x70 > [14629.246460] ? __switch_to_asm+0x34/0x70 > [14629.250836] scsi_scan_channel+0x5a/0x80 > [14629.255212] scsi_scan_host_selected+0xdb/0x110 > [14629.260267] do_scan_async+0x17/0x150 > [14629.264352] async_run_entry_fn+0x39/0x160 > [14629.268923] process_one_work+0x1a1/0x360 > [14629.273394] worker_thread+0x30/0x380 > [14629.277477] ? process_one_work+0x360/0x360 > [14629.282143] kthread+0x10c/0x130 > [14629.285741] ? kthread_create_on_node+0x60/0x60 > [14629.290795] ret_from_fork+0x35/0x40 > [14629.294783] Modules linked in: scsi_debug sunrpc intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel mgag200 drm_vram_helper i2c_algo_bit kvm ttm irqbypass drm_kms_helper crct10dif_pclmul syscopyarea sysfillrect sysimgblt fb_sys_fops iTCO_wdt crc32_pclmul iTCO_vendor_support drm ghash_clmulni_intel dcdbas intel_cstate mxm_wmi intel_uncore pcspkr intel_rapl_perf lpc_ich ipmi_ssif mei_me sg mei ipmi_si ipmi_devintf ipmi_msghandler acpi_power_meter vfat fat xfs libcrc32c sd_mod ahci nvme libahci crc32c_intel nvme_core libata tg3 megaraid_sas wmi dm_mirror dm_region_hash dm_log dm_mod > [14629.356675] CR2: 0000000000000000 > [14629.360381] ---[ end trace 96df6c036b903d89 ]--- It is one SCSI regression, and Christoph has posted one fix: https://marc.info/?t=156378727800002&r=1&w=2 Thanks, Ming Lei
