Actions
Bug #52401
closedclient: BUG: kernel NULL pointer dereference, address: 0000000000000000
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
kcephfs
Crash signature (v1):
Crash signature (v2):
Description
<4>[ 863.929529] ceph: kfree capsnap 00000000f66c39c0 <4>[ 863.936873] remove_session_caps_cb: 5 callbacks suppressed <4>[ 863.936879] ceph: dropping dirty Fw state for 0000000028d70000 1099511628845 <4>[ 863.936886] ceph: removing capsnaps, ci is 0000000001918c4e, inode is 0000000028d70000 <4>[ 863.936890] ceph: removing capsnap 00000000769664b7, inode 0000000028d70000 ci 0000000001918c4e before <4>[ 863.936895] ceph: removing capsnap 00000000769664b7, inode 0000000028d70000 ci 0000000001918c4e after <4>[ 863.936898] ceph: __ceph_remove_capsnap: 3699 lxb--------------- <4>[ 863.936901] ceph: __detach_cap_flush_from_ci: 1792 lxb--------------- <3>[ 863.936941] ================================================================== <3>[ 863.936969] BUG: KASAN: null-ptr-deref in __list_del_entry_valid+0x45/0xd0 <3>[ 863.937111] Read of size 8 at addr 0000000000000000 by task umount/31528 <3>[ 863.937116] <3>[ 863.937128] CPU: 2 PID: 31528 Comm: umount Tainted: G W E 5.14.0-rc4+ #73 <3>[ 863.937158] Hardware name: Red Hat RHEV Hypervisor, BIOS 1.11.0-2.el7 04/01/2014 <3>[ 863.937179] Call Trace: <3>[ 863.937244] dump_stack_lvl+0x33/0x42 <3>[ 863.937394] ? __list_del_entry_valid+0x45/0xd0 <3>[ 863.937400] kasan_report.cold.14+0x116/0x11b <3>[ 863.937499] ? __list_del_entry_valid+0x45/0xd0 <3>[ 863.937504] __list_del_entry_valid+0x45/0xd0 <3>[ 863.937511] __list_del_entry+0xa/0x50 [ceph] <3>[ 863.937651] __detach_cap_flush_from_ci+0x75/0xb1 [ceph] <3>[ 863.937740] __ceph_remove_capsnap+0xcb/0x178 [ceph] <3>[ 863.937808] remove_session_caps_cb.cold.69+0x79/0x15d [ceph] <3>[ 863.937884] ? parse_reply_info_in+0x790/0x790 [ceph] <3>[ 863.937950] ? _raw_write_lock_bh+0xe0/0xe0 <3>[ 863.937982] ? _raw_write_lock_bh+0xe0/0xe0 <3>[ 863.937988] ceph_iterate_session_caps+0xc2/0x310 [ceph] <3>[ 863.938056] ? parse_reply_info_in+0x790/0x790 [ceph] <3>[ 863.938123] remove_session_caps+0xca/0x320 [ceph] <3>[ 863.938190] ? renewed_caps.isra.51+0x1e0/0x1e0 [ceph] <3>[ 863.938257] ? queue_delayed_work_on+0x56/0x60 <3>[ 863.938325] ? rb_first+0x9/0x30 <3>[ 863.938368] ? cleanup_session_requests+0xfc/0x1a0 [ceph] <3>[ 863.938434] ceph_mdsc_force_umount+0x163/0x1b0 [ceph] <3>[ 863.938501] ceph_umount_begin+0x63/0x90 [ceph] <3>[ 863.938560] path_umount+0x258/0x740 <3>[ 863.938624] ? strncpy_from_user+0x1a7/0x210 <3>[ 863.938648] ? __detach_mounts+0x130/0x130 <3>[ 863.938656] ? getname_flags+0x10d/0x2a0 <3>[ 863.938688] ksys_umount+0x91/0xd0 <3>[ 863.938695] ? path_umount+0x740/0x740 <3>[ 863.938702] __x64_sys_umount+0x2b/0x30 <3>[ 863.938709] do_syscall_64+0x3a/0x80 <3>[ 863.938759] entry_SYSCALL_64_after_hwframe+0x44/0xae <3>[ 863.938787] RIP: 0033:0x14b893e6716b <3>[ 863.938797] Code: 0d 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 90 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed 0c 2c 00 f7 d8 64 89 01 48 <3>[ 863.938804] RSP: 002b:00007ffd6677d8c8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6 <3>[ 863.938841] RAX: ffffffffffffffda RBX: 000055e978de35d0 RCX: 000014b893e6716b <3>[ 863.938846] RDX: 0000000000000003 RSI: 0000000000000003 RDI: 000055e978de8e30 <3>[ 863.938857] RBP: 0000000000000003 R08: 000014b89412d710 R09: 000055e978dde010 <3>[ 863.938862] R10: 0000000000000000 R11: 0000000000000206 R12: 000055e978de8e30 <3>[ 863.938866] R13: 000014b894c14184 R14: 000055e978df2d10 R15: 00000000ffffffff <3>[ 863.938872] ================================================================== <4>[ 863.938891] Disabling lock debugging due to kernel taint <1>[ 863.939002] BUG: kernel NULL pointer dereference, address: 0000000000000000 <1>[ 863.939015] #PF: supervisor read access in kernel mode <1>[ 863.939022] #PF: error_code(0x0000) - not-present page <6>[ 863.939029] PGD 0 P4D 0 <4>[ 863.939041] Oops: 0000 [#1] SMP KASAN PTI <4>[ 863.939051] CPU: 2 PID: 31528 Comm: umount Tainted: G B W E 5.14.0-rc4+ #73 <4>[ 863.939063] Hardware name: Red Hat RHEV Hypervisor, BIOS 1.11.0-2.el7 04/01/2014 <4>[ 863.939070] RIP: 0010:__list_del_entry_valid+0x45/0xd0 <4>[ 863.939081] Code: ff 4c 8b 23 48 b8 00 01 00 00 00 00 ad de 49 39 c4 74 3e 48 b8 22 01 00 00 00 00 ad de 48 39 c5 74 47 48 89 ef e8 0b 10 d1 ff <48> 8b 6d 00 48 39 dd 75 4e 49 8d 7c 24 08 e8 f8 0f d1 ff 49 8b 54 <4>[ 863.939092] RSP: 0018:ffff8881d2697a90 EFLAGS: 00010286 <4>[ 863.939103] RAX: 0000000000000001 RBX: ffff8881b1c40638 RCX: ffffffff889115f6 <4>[ 863.939111] RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffffffff8b980da0 <4>[ 863.939119] RBP: 0000000000000000 R08: fffffbfff16e434d R09: fffffbfff16e434d <4>[ 863.939127] R10: ffffffff8b721a67 R11: fffffbfff16e434c R12: 0000000000000000 <4>[ 863.939136] R13: ffff8882bfa424f0 R14: ffff8881b1c40640 R15: 0000000000000000 <4>[ 863.939145] FS: 000014b894e23080(0000) GS:ffff8887d0480000(0000) knlGS:0000000000000000 <4>[ 863.939159] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 <4>[ 863.939167] CR2: 0000000000000000 CR3: 00000001926d0006 CR4: 00000000007706e0 <4>[ 863.939174] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 <4>[ 863.939181] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 <4>[ 863.939188] PKRU: 55555554 <4>[ 863.939192] Call Trace: <4>[ 863.939199] __list_del_entry+0xa/0x50 [ceph] <4>[ 863.939320] __detach_cap_flush_from_ci+0x75/0xb1 [ceph] <4>[ 863.939449] __ceph_remove_capsnap+0xcb/0x178 [ceph] <4>[ 863.939580] remove_session_caps_cb.cold.69+0x79/0x15d [ceph] <4>[ 863.939713] ? parse_reply_info_in+0x790/0x790 [ceph] <4>[ 863.939841] ? _raw_write_lock_bh+0xe0/0xe0 <4>[ 863.939861] ? _raw_write_lock_bh+0xe0/0xe0 <4>[ 863.939875] ceph_iterate_session_caps+0xc2/0x310 [ceph] <4>[ 863.939993] ? parse_reply_info_in+0x790/0x790 [ceph] <4>[ 863.940121] remove_session_caps+0xca/0x320 [ceph] client_loop: send disconnect: Broken pipe
Updated by Xiubo Li over 2 years ago
- Status changed from In Progress to Won't Fix
This should be introduce by my changes when coding some patches. Will close it.
Actions