NULL deref around xfs in v4.0-rc1ârc7
From: Jan Engelhardt
Date: Wed Apr 08 2015 - 09:46:54 EST
Starting somewhere around v4.0-rc1 and persisting through commit
v4.0-rc7, there is a new NULL deference apparently happening in
conjunction with xfs. This inhibits this machine's booting,
as xfs is used for the root filesystem.
First bisection points at first-bad commit v4.0-rc1~8, and since that is
a merge commit, I'll be investigating some more hand-chosen commits (and
then people to Cc) as we speak.
Boot log of v4.0-rc1~8:
Fusion MPT base driver 3.04.20
Copyright (c) 1999-2008 LSI Corporation
Fusion MPT SAS Host driver 3.04.20
mptbase: ioc0: Initiating bringup
ioc0: LSISAS1068 A0: Capabilities={Initiator}
scsi host0: ioc0: LSISAS1068 A0, FwRev=00000000h, Ports=8, MaxQ=256, IRQ=22
mptsas: ioc0: attaching ssp device: fw_channel 0, fw_id 1, phy 1, sas_addr 0x1060504030201a0
scsi 0:0:0:0: Direct-Access VBOX HARDDISK 1.0 PQ: 0 ANSI: 5
scsi 0:0:0:0: Attached scsi generic sg0 type 0
mptbase: ioc1: Initiating bringup
ioc1: LSISAS1068 A0: Capabilities={Initiator}
scsi host1: ioc1: LSISAS1068 A0, FwRev=00000000h, Ports=8, MaxQ=256, IRQ=17
mptsas: ioc1: attaching ssp device: fw_channel 0, fw_id 0, phy 0, sas_addr 0x60504030201a0
scsi 1:0:0:0: Direct-Access VBOX HARDDISK 1.0 PQ: 0 ANSI: 5
scsi 1:0:0:0: Attached scsi generic sg1 type 0
sd 0:0:0:0: [sda] 12582912 512-byte logical blocks: (6.44 GB/6.00 GiB)
sd 1:0:0:0: [sdb] 16777216 512-byte logical blocks: (8.58 GB/8.00 GiB)
sd 0:0:0:0: [sda] Write Protect is off
sd 0:0:0:0: [sda] Incomplete mode parameter data
sd 0:0:0:0: [sda] Assuming drive cache: write through
sd 1:0:0:0: [sdb] Write Protect is off
sd 1:0:0:0: [sdb] Incomplete mode parameter data
sd 1:0:0:0: [sdb] Assuming drive cache: write through
sda: sda1 sda2
sd 0:0:0:0: [sda] Attached SCSI disk
sdb: sdb1 sdb2
sd 1:0:0:0: [sdb] Attached SCSI disk
audit: type=1130 audit(1428456646.877:11): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-vconsole-setup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
�[1;39mPlease enter passphrase for disk HARDDISK (sfroot)! �[0m
NET: Registered protocol family 38
audit_printk_skb: 3 callbacks suppressed
audit: type=1130 audit(1428456653.677:13): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-cryptsetup@sfroot comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
audit: type=1130 audit(1428456653.941:14): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=dracut-initqueue comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
audit: type=1130 audit(1428456654.369:15): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-fsck@dev-mapper-sfroot comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
SGI XFS with ACLs, security attributes, realtime, no debug enabled
XFS (dm-0): Mounting V5 Filesystem
XFS (dm-0): Ending clean mount
audit: type=1130 audit(1428456654.705:16): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=initrd-parse-etc comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
audit: type=1131 audit(1428456654.761:17): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=initrd-parse-etc comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
audit: type=1130 audit(1428456655.077:18): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=dracut-pre-pivot comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
audit: type=1130 audit(1428456655.157:19): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-ask-password-console comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
audit: type=1131 audit(1428456655.417:20): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-ask-password-console comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
audit: type=1130 audit(1428456655.437:21): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=initrd-cleanup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
audit: type=1131 audit(1428456655.453:22): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=initrd-cleanup comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
systemd-journald[155]: Received SIGTERM from PID 1 (systemd).
BUG: unable to handle kernel paging request at 0000000000001000
IP: [<ffffffff812718d0>] scsi_init_cmd_errh+0x26/0x5d
PGD 0
Oops: 0002 [#1] SMP
Modules linked in: xfs crc32c_generic libcrc32c dm_crypt xts gf128mul algif_skcipher af_alg sd_mod mptsas scsi_transport_sas mptscsih mptbase dm_mod sg ipv6
CPU: 0 PID: 447 Comm: systemd-cgroups Not tainted 4.0.0-rc1 #21
Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
task: ffff88007acceeb0 ti: ffff88007bcc0000 task.ti: ffff88007bcc0000
RIP: 0010:[<ffffffff812718d0>] [<ffffffff812718d0>] scsi_init_cmd_errh+0x26/0x5d
RSP: 0018:ffff88007bcc3730 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff88007b078800 RCX: 0000000000000018
RDX: ffff88007b02d370 RSI: 0000000000000000 RDI: 0000000000001000
RBP: ffff88007b02d370 R08: ffff88007bf1a440 R09: 00000000000000fa
R10: 0000000000000000 R11: ffffea0001eef880 R12: 0000000000000000
R13: ffff88007b078800 R14: ffff88007bc35000 R15: ffff88007b02d200
FS: 0000000000000000(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 0000000000001000 CR3: 000000007cb79000 CR4: 00000000000007f0
Stack:
ffffffff812731ac ffff88007acceeb0 ffff88007bc35000 ffff88007b075400
ffff88007b078968 ffff88007b02d378 ffff88007fc18e88 ffff88007b070f20
ffff88007bcc37c0 ffff88007b075408 0000000000000000 0000000000000000
Call Trace:
[<ffffffff812731ac>] ? scsi_queue_rq+0x2e5/0x3d3
[<ffffffff8118d833>] ? __blk_mq_run_hw_queue+0x19a/0x29f
[<ffffffff8118da01>] ? blk_mq_alloc_request+0xc9/0x102
[<ffffffffa00f774b>] ? __xfs_get_blocks+0x321/0x321 [xfs]
[<ffffffff8118df7c>] ? blk_mq_run_hw_queue+0x4a/0x93
[<ffffffff8118ebfa>] ? blk_sq_make_request+0x166/0x171
[<ffffffff8118638e>] ? generic_make_request+0x8f/0xcc
[<ffffffff811864ce>] ? submit_bio+0x103/0x121
[<ffffffff810cc0ae>] ? get_page+0x9/0x25
[<ffffffff810cc49f>] ? __lru_cache_add+0x1a/0x3a
[<ffffffff8113629a>] ? mpage_bio_submit+0x1f/0x25
[<ffffffff81136f07>] ? mpage_readpages+0xe2/0xf6
[<ffffffffa00f774b>] ? __xfs_get_blocks+0x321/0x321 [xfs]
[<ffffffff810c8d19>] ? get_page_from_freelist+0x3b3/0x785
[<ffffffff810f860a>] ? alloc_pages_current+0xad/0xca
[<ffffffff810cb5f9>] ? __do_page_cache_readahead+0x116/0x1af
[<ffffffff810c4731>] ? filemap_fault+0x18e/0x393
[<ffffffff810df31c>] ? __do_fault+0x3b/0x8f
[<ffffffff810e2033>] ? handle_mm_fault+0x50e/0xfc9
[<ffffffff810daf1c>] ? vma_interval_tree_insert+0x1f/0x82
[<ffffffff810e5909>] ? vma_set_page_prot+0x33/0x52
[<ffffffff81034345>] ? __do_page_fault+0x212/0x3ba
[<ffffffff81337de8>] ? page_fault+0x28/0x30
[<ffffffff811adf85>] ? __clear_user+0x1c/0x3d
[<ffffffff811455f9>] ? padzero+0x1b/0x28
[<ffffffff81147144>] ? load_elf_binary+0x7d5/0x1009
[<ffffffff811135dc>] ? search_binary_handler+0x6b/0x170
[<ffffffff81114780>] ? do_execveat_common.isra.31+0x45a/0x5dd
[<ffffffff81114926>] ? do_execve+0x23/0x28
[<ffffffff8104d4f7>] ? ____call_usermodehelper+0x100/0x128
[<ffffffff8104d3f7>] ? call_usermodehelper+0x47/0x47
[<ffffffff8133637c>] ? ret_from_fork+0x7c/0xb0
[<ffffffff8104d3f7>] ? call_usermodehelper+0x47/0x47
Code: c2 89 d0 5b c3 48 c7 87 b0 00 00 00 00 00 00 00 c7 87 f4 00 00 00 00 00 00 00 48 89 fa 48 8b bf 10 01 00 00 31 c0 b9 18 00 00 00 <f3> ab 66 83 ba cc 00 00 00 00 75 2a 48 8b 8a d8 00 00 00 8a 01
RIP [<ffffffff812718d0>] scsi_init_cmd_errh+0x26/0x5d
RSP <ffff88007bcc3730>
CR2: 0000000000001000
---[ end trace ef687cac676b43b0 ]---
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/