Project

General

Profile

Bug #51759

NULL pointer dereference in rbd_open() in 5.14-rc

Added by Ilya Dryomov over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Immediate
Assignee:
Category:
rbd
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):

Description

[  529.351374] BUG: kernel NULL pointer dereference, address: 0000000000000060
[  529.358388] #PF: supervisor read access in kernel mode
[  529.363574] #PF: error_code(0x0000) - not-present page
[  529.368758] PGD 0 P4D 0 
[  529.371343] Oops: 0000 [#1] SMP PTI
[  529.374880] CPU: 6 PID: 21264 Comm: mapper Not tainted 5.14.0-rc2-ceph-gfcf5e5da0003 #1
[  529.382934] Hardware name: Supermicro SYS-5018R-WR/X10SRW-F, BIOS 2.0 12/17/2015
[  529.390374] RIP: 0010:__lock_acquire+0x5be/0x2240
[  529.395128] Code: 68 09 00 00 83 f8 2f 0f 87 62 05 00 00 3b 05 dd 84 fe 01 41 bf 01 00 00 00 0f 86 11 01 00 00 89 05 cb 84 fe 01 e9 06 01 00 00 <48> 81 3f 60 16 ef 96 41 bd 00 00 00 00 45 0f 45 e8 83 fe 01 0f 87
[  529.413952] RSP: 0018:ffffc0cc80e37ba8 EFLAGS: 00010002
[  529.419221] RAX: 0000000000000001 RBX: ffff9a6f030d5180 RCX: 0000000000000000
[  529.426401] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000060
[  529.433577] RBP: 0000000000000060 R08: 0000000000000001 R09: 0000000000000001
[  529.440756] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
[  529.447938] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
[  529.455116] FS:  00007f76137fe700(0000) GS:ffff9a761fd80000(0000) knlGS:0000000000000000
[  529.463274] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  529.469085] CR2: 0000000000000060 CR3: 0000000151558005 CR4: 00000000003706e0
[  529.476280] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  529.483483] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  529.490688] Call Trace:
[  529.493200]  ? lock_acquire+0xc8/0x2d0
[  529.497012]  ? blkdev_get_by_dev+0x117/0x350
[  529.501349]  lock_acquire+0xc8/0x2d0
[  529.504987]  ? rbd_open+0x21/0x60 [rbd]
[  529.508888]  ? lock_is_held_type+0xa5/0x120
[  529.513133]  ? lock_is_held_type+0xa5/0x120
[  529.517383]  _raw_spin_lock_irq+0x42/0x60
[  529.521454]  ? rbd_open+0x21/0x60 [rbd]
[  529.525354]  rbd_open+0x21/0x60 [rbd]
[  529.529080]  blkdev_get_whole+0x25/0xe0
[  529.532982]  blkdev_get_by_dev+0xca/0x350
[  529.537057]  __device_add_disk+0x1e8/0x310
[  529.541218]  do_rbd_add.isra.0+0xdd8/0xe70 [rbd]
[  529.545906]  kernfs_fop_write_iter+0x13d/0x1d0
[  529.550413]  new_sync_write+0x11c/0x1b0
[  529.554321]  vfs_write+0x238/0x390
[  529.557786]  ksys_write+0x68/0xe0
[  529.561181]  do_syscall_64+0x35/0xb0
[  529.564824]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  529.569940] RIP: 0033:0x7f76340d42cf
[  529.573585] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 2d 44 89 c7 48 89 44 24 08 e8 5c fd ff ff 48
[  529.592464] RSP: 002b:00007f76137f9360 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  529.600116] RAX: ffffffffffffffda RBX: 0000000000000047 RCX: 00007f76340d42cf
[  529.607315] RDX: 0000000000000047 RSI: 00005628d5a24c20 RDI: 0000000000000015
[  529.614517] RBP: 00005628d5a24c20 R08: 0000000000000000 R09: 0000000000000010
[  529.621719] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000015
[  529.628920] R13: 00007f76137f93d0 R14: 00007f76137f93c0 R15: 00007f76137f9540

History

#1 Updated by Ilya Dryomov over 2 years ago

Looks like gendisk::private_data simply isn't getting set. This was introduced in 195b1956b85b ("rbd: use blk_mq_alloc_disk and blk_cleanup_disk").

#2 Updated by Ilya Dryomov over 2 years ago

  • Status changed from In Progress to Fix Under Review

[PATCH] rbd: resurrect setting of disk->private_data in rbd_init_disk()

Also available in: Atom PDF