Actions
Bug #51759
closedNULL pointer dereference in rbd_open() in 5.14-rc
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Crash signature (v1):
Crash signature (v2):
Description
[ 529.351374] BUG: kernel NULL pointer dereference, address: 0000000000000060 [ 529.358388] #PF: supervisor read access in kernel mode [ 529.363574] #PF: error_code(0x0000) - not-present page [ 529.368758] PGD 0 P4D 0 [ 529.371343] Oops: 0000 [#1] SMP PTI [ 529.374880] CPU: 6 PID: 21264 Comm: mapper Not tainted 5.14.0-rc2-ceph-gfcf5e5da0003 #1 [ 529.382934] Hardware name: Supermicro SYS-5018R-WR/X10SRW-F, BIOS 2.0 12/17/2015 [ 529.390374] RIP: 0010:__lock_acquire+0x5be/0x2240 [ 529.395128] Code: 68 09 00 00 83 f8 2f 0f 87 62 05 00 00 3b 05 dd 84 fe 01 41 bf 01 00 00 00 0f 86 11 01 00 00 89 05 cb 84 fe 01 e9 06 01 00 00 <48> 81 3f 60 16 ef 96 41 bd 00 00 00 00 45 0f 45 e8 83 fe 01 0f 87 [ 529.413952] RSP: 0018:ffffc0cc80e37ba8 EFLAGS: 00010002 [ 529.419221] RAX: 0000000000000001 RBX: ffff9a6f030d5180 RCX: 0000000000000000 [ 529.426401] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000060 [ 529.433577] RBP: 0000000000000060 R08: 0000000000000001 R09: 0000000000000001 [ 529.440756] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 529.447938] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000 [ 529.455116] FS: 00007f76137fe700(0000) GS:ffff9a761fd80000(0000) knlGS:0000000000000000 [ 529.463274] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 529.469085] CR2: 0000000000000060 CR3: 0000000151558005 CR4: 00000000003706e0 [ 529.476280] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 529.483483] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 529.490688] Call Trace: [ 529.493200] ? lock_acquire+0xc8/0x2d0 [ 529.497012] ? blkdev_get_by_dev+0x117/0x350 [ 529.501349] lock_acquire+0xc8/0x2d0 [ 529.504987] ? rbd_open+0x21/0x60 [rbd] [ 529.508888] ? lock_is_held_type+0xa5/0x120 [ 529.513133] ? lock_is_held_type+0xa5/0x120 [ 529.517383] _raw_spin_lock_irq+0x42/0x60 [ 529.521454] ? rbd_open+0x21/0x60 [rbd] [ 529.525354] rbd_open+0x21/0x60 [rbd] [ 529.529080] blkdev_get_whole+0x25/0xe0 [ 529.532982] blkdev_get_by_dev+0xca/0x350 [ 529.537057] __device_add_disk+0x1e8/0x310 [ 529.541218] do_rbd_add.isra.0+0xdd8/0xe70 [rbd] [ 529.545906] kernfs_fop_write_iter+0x13d/0x1d0 [ 529.550413] new_sync_write+0x11c/0x1b0 [ 529.554321] vfs_write+0x238/0x390 [ 529.557786] ksys_write+0x68/0xe0 [ 529.561181] do_syscall_64+0x35/0xb0 [ 529.564824] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 529.569940] RIP: 0033:0x7f76340d42cf [ 529.573585] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 2d 44 89 c7 48 89 44 24 08 e8 5c fd ff ff 48 [ 529.592464] RSP: 002b:00007f76137f9360 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 529.600116] RAX: ffffffffffffffda RBX: 0000000000000047 RCX: 00007f76340d42cf [ 529.607315] RDX: 0000000000000047 RSI: 00005628d5a24c20 RDI: 0000000000000015 [ 529.614517] RBP: 00005628d5a24c20 R08: 0000000000000000 R09: 0000000000000010 [ 529.621719] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000015 [ 529.628920] R13: 00007f76137f93d0 R14: 00007f76137f93c0 R15: 00007f76137f9540
Updated by Ilya Dryomov almost 3 years ago
Looks like gendisk::private_data simply isn't getting set. This was introduced in 195b1956b85b ("rbd: use blk_mq_alloc_disk and blk_cleanup_disk").
Updated by Ilya Dryomov almost 3 years ago
- Status changed from In Progress to Fix Under Review
[PATCH] rbd: resurrect setting of disk->private_data in rbd_init_disk()
Updated by Ilya Dryomov almost 3 years ago
- Status changed from Fix Under Review to Resolved
Actions