On 3/3/22 02:54, Christoph Hellwig wrote:
Maybe you can try to figure out what derefernce causes the null-ptr-deref, and what kind of command causes this? Also I suspect this is the first patch in the series, so it would be great to verify the problem with just that.
Hi Christoph,I can reproduce the crash by cherry-picking patch "blk-mq: do not include passthrough requests in I/O accounting" on top of Jens' for-next branch.
From the struct request that triggers the crash (the flag names have been looked up manually and hence may be wrong):
* cmd_flags 0x44202 = REQ_PREFLUSH | REQ_NOMERGE | REQ_FAILFAST_TRANSPORT |
REQ_OP_FLUSH.
* rq_flags 0x2000 = RQF_IO_STAT.
The disassembly of the start of the function that triggers the crash is as follows:
Dump of assembler code for function __blk_account_io_start:
block/blk-mq.c:
889 {
0xffffffff81797710 <+0>: call 0xffffffff810940a0 <__fentry__>
890 rq->part = rq->bio->bi_bdev;
0xffffffff81797715 <+5>: push %rbp
0xffffffff81797716 <+6>: mov %rsp,%rbp
0xffffffff81797719 <+9>: push %r13
0xffffffff8179771b <+11>: push %r12
0xffffffff8179771d <+13>: push %rbx
889 {
0xffffffff8179771e <+14>: mov %rdi,%rbx
890 rq->part = rq->bio->bi_bdev;
0xffffffff81797721 <+17>: add $0x38,%rdi
0xffffffff81797725 <+21>: call 0xffffffff81488d10 <__asan_load8>
0xffffffff8179772a <+26>: mov 0x38(%rbx),%r12
0xffffffff8179772e <+30>: lea 0x8(%r12),%rdi
0xffffffff81797733 <+35>: call 0xffffffff81488d10 <__asan_load8>
0xffffffff81797738 <+40>: mov 0x8(%r12),%r13
0xffffffff8179773d <+45>: lea 0x58(%rbx),%r12
0xffffffff81797741 <+49>: mov %r12,%rdi
0xffffffff81797744 <+52>: call 0xffffffff81488da0 <__asan_store8>
The crash occurs at address __blk_account_io_start+0x28. I assume this means
that the "mov 0x8(%r12),%r13" instruction triggers the crash and also that it
crashes because the rq->bio pointer is NULL?
I have attached the kernel configuration I use for running blktests to this e-mail. Please let me know if you need more information. Bart.
Attachment:
kernel-config.txt.gz
Description: application/gzip
