Re: [bug report] kernel null pointer observed with blktests srp/006 on 5.14.15

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 02, 2021 at 03:31:43PM +0800, Yi Zhang wrote:
> Hello
> 
> Below null pointer was triggered with blktests srp/006 on aarch64, pls
> help check it, thanks.

...

> [  491.786766] Unable to handle kernel paging request at virtual
> address ffff8000096f9438
> [  491.794676] Mem abort info:
> [  491.797480]   ESR = 0x96000007
> [  491.800527]   EC = 0x25: DABT (current EL), IL = 32 bits
> [  491.805833]   SET = 0, FnV = 0
> [  491.808896]   EA = 0, S1PTW = 0
> [  491.812028]   FSC = 0x07: level 3 translation fault
> [  491.816901] Data abort info:
> [  491.819769]   ISV = 0, ISS = 0x00000007
> [  491.823593]   CM = 0, WnR = 0
> [  491.826553] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000f82320000
> [  491.833243] [ffff8000096f9438] pgd=1000000fff0ff003,
> p4d=1000000fff0ff003, pud=1000000fff0fe003, pmd=100000010c48a003,
> pte=0000000000000000
> [  491.845768] Internal error: Oops: 96000007 [#1] SMP
> [  491.850636] Modules linked in: target_core_user uio
> target_core_pscsi target_core_file ib_srpt target_core_iblock
> target_core_mod rdma_cm iw_cm ib_cm scsi_debug rdma_rxe ib_uverbs
> ip6_udp_tunnel udp_tunnel null_blk dm_service_time ib_umad
> crc32_generic scsi_dh_rdac scsi_dh_emc scsi_dh_alua dm_multipath
> ib_core rfkill sunrpc vfat fat joydev be2net nicvf cavium_ptp
> mdio_thunder cavium_rng_vf nicpf thunderx_edac mdio_cavium thunder_bgx
> thunder_xcv cavium_rng ipmi_ssif ipmi_devintf ipmi_msghandler fuse
> zram ip_tables xfs ast i2c_algo_bit drm_vram_helper drm_kms_helper
> syscopyarea sysfillrect sysimgblt fb_sys_fops crct10dif_ce cec
> ghash_ce drm_ttm_helper ttm drm i2c_thunderx thunderx_mmc aes_neon_bs
> [last unloaded: scsi_transport_srp]
> [  491.915381] CPU: 6 PID: 11622 Comm: multipathd Not tainted 5.14.15 #1
> [  491.921812] Hardware name: GIGABYTE R120-T34-00/MT30-GS2-00, BIOS
> F02 08/06/2019
> [  491.929196] pstate: 20400005 (nzCv daif +PAN -UAO -TCO BTYPE=--)
> [  491.935192] pc : scsi_mq_exit_request+0x28/0x60
> [  491.939721] lr : blk_mq_free_rqs+0x7c/0x1ec
> [  491.943897] sp : ffff800016a536c0
> [  491.947200] x29: ffff800016a536c0 x28: ffff0001375b8000 x27: 0000000000000131
> [  491.954330] x26: ffff000102bb5c28 x25: ffff0001333d1000 x24: ffff0001333d1200
> [  491.961460] x23: 0000000000000000 x22: ffff0001386870a8 x21: 0000000000000000
> [  491.968589] x20: 0000000000000001 x19: ffff00010d878128 x18: ffffffffffffffff
> [  491.975719] x17: 5342555300355f66 x16: 6d745f697363732f x15: 0000000000000000
> [  491.982848] x14: 0000000000000000 x13: 0000000000000030 x12: 0101010101010101
> [  491.989977] x11: ffff8000114a1298 x10: 0000000000001c90 x9 : ffff800010764030
> [  491.997109] x8 : ffff0001375b9cf0 x7 : 0000000000000004 x6 : 00000002a7f08498
> [  492.004242] x5 : 0000000000000001 x4 : ffff000130092128 x3 : ffff800010b1e7e0
> [  492.011371] x2 : 0000000000000000 x1 : ffff8000096f93f0 x0 : ffff000138687000
> [  492.018501] Call trace:
> [  492.020937]  scsi_mq_exit_request+0x28/0x60
> [  492.025112]  blk_mq_free_rqs+0x7c/0x1ec
> [  492.028939]  blk_mq_free_tag_set+0x58/0x100
> [  492.033113]  scsi_mq_destroy_tags+0x20/0x30
> [  492.037286]  scsi_host_dev_release+0x9c/0x100
> [  492.041633]  device_release+0x40/0xa0
> [  492.045286]  kobject_cleanup+0x4c/0x180
> [  492.049115]  kobject_put+0x50/0xd0
> [  492.052510]  put_device+0x20/0x30
> [  492.055819]  scsi_target_dev_release+0x34/0x44
> [  492.060253]  device_release+0x40/0xa0
> [  492.063905]  kobject_cleanup+0x4c/0x180
> [  492.067732]  kobject_put+0x50/0xd0
> [  492.071124]  put_device+0x20/0x30
> [  492.074428]  scsi_device_dev_release_usercontext+0x228/0x244
> [  492.080079]  execute_in_process_context+0x50/0xa0
> [  492.084775]  scsi_device_dev_release+0x28/0x3c
> [  492.089208]  device_release+0x40/0xa0
> [  492.092860]  kobject_cleanup+0x4c/0x180
> [  492.096686]  kobject_put+0x50/0xd0
> [  492.100081]  put_device+0x20/0x30
> [  492.103396]  scsi_device_put+0x38/0x50
> [  492.107140]  sd_release151]  free_multipath+0x80/0xc0 [dm_multipath]
> [  492.132109]  multipath_dtr+0x38/0x50 [dm_multipath]
> [  492.136980]  dm_table_destroy+0x68/0x150
> [  492.140892]  __dm_destroy+0x138/0x204
> [  492.144548]  dm_destroy+0x20/0x30
> [  492.147859]  dev_remove+0x144/0x1e0
> [  492.151339]  ctl_ioctl+0x278/0x4d0
> [  492.154731]  dm_ctl_ioctl+0x1c/0x30
> [  492.158210]  __arm64_sys_ioctl+0xb4/0x100
> [  492.162212]  invoke_syscall+0x50/0x120
> [  492.165955]  el0_svc_common+0x48/0x100
> [  492.169694]  do_el0_svc+0x34/0xa0
> [  492.173000]  el0_svc+0x2c/0x54
> [  492.176048]  el0t_64_sync_handler+0xa4/0x130
> [  492.180307]  el0t_64_sync+0x19c/0x1a0
> [  492.183962] Code: f9000bf3 9104a033 f9403000 f9404c01 (f9402422)
> [  492.190068] ---[ end trace dbfeac019a702ce7 ]---
> [  492.194678] Kernel panic - not syncing: Oops: Fatal exception
> [  492.200431] SMP: stopping secondary CPUs
> [  492.204354] Kernel Offset: 0x80000 from 0xffff800010000000
> [  492.209828] PHYS_OFFSET: 0x0
> [  492.212697] CPU features: 0x00180051,20800a40
> [  492.217043] Memory Limit: none
> [  492.220102] ---[ end Kernel panic - not syncing: Oops: Fatal exception ]---

Hi Yi,

It was fixed by f2b85040acec ("scsi: core: Put LLD module refcnt after SCSI device
is released"), look not ported to 5.14.y yet.


Thanks,
Ming




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux