Project

General

Profile

Actions
Copy link

Bug #52401

closed

client: BUG: kernel NULL pointer dereference, address: 0000000000000000

Added by Xiubo Li over 2 years ago. Updated over 2 years ago.

Status:
Won't Fix
Priority:
High
Assignee:
Xiubo Li
Category:
-
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
kcephfs
Crash signature (v1):
Crash signature (v2):

Description

<4>[  863.929529] ceph: kfree capsnap 00000000f66c39c0
<4>[  863.936873] remove_session_caps_cb: 5 callbacks suppressed
<4>[  863.936879] ceph:  dropping dirty Fw state for 0000000028d70000 1099511628845
<4>[  863.936886] ceph: removing capsnaps, ci is 0000000001918c4e, inode is 0000000028d70000
<4>[  863.936890] ceph: removing capsnap 00000000769664b7, inode 0000000028d70000 ci 0000000001918c4e before
<4>[  863.936895] ceph: removing capsnap 00000000769664b7, inode 0000000028d70000 ci 0000000001918c4e after
<4>[  863.936898] ceph: __ceph_remove_capsnap: 3699 lxb---------------
<4>[  863.936901] ceph: __detach_cap_flush_from_ci: 1792 lxb---------------
<3>[  863.936941] ==================================================================
<3>[  863.936969] BUG: KASAN: null-ptr-deref in __list_del_entry_valid+0x45/0xd0
<3>[  863.937111] Read of size 8 at addr 0000000000000000 by task umount/31528
<3>[  863.937116] 
<3>[  863.937128] CPU: 2 PID: 31528 Comm: umount Tainted: G        W   E     5.14.0-rc4+ #73
<3>[  863.937158] Hardware name: Red Hat RHEV Hypervisor, BIOS 1.11.0-2.el7 04/01/2014
<3>[  863.937179] Call Trace:
<3>[  863.937244]  dump_stack_lvl+0x33/0x42
<3>[  863.937394]  ? __list_del_entry_valid+0x45/0xd0
<3>[  863.937400]  kasan_report.cold.14+0x116/0x11b
<3>[  863.937499]  ? __list_del_entry_valid+0x45/0xd0
<3>[  863.937504]  __list_del_entry_valid+0x45/0xd0
<3>[  863.937511]  __list_del_entry+0xa/0x50 [ceph]
<3>[  863.937651]  __detach_cap_flush_from_ci+0x75/0xb1 [ceph]
<3>[  863.937740]  __ceph_remove_capsnap+0xcb/0x178 [ceph]
<3>[  863.937808]  remove_session_caps_cb.cold.69+0x79/0x15d [ceph]
<3>[  863.937884]  ? parse_reply_info_in+0x790/0x790 [ceph]
<3>[  863.937950]  ? _raw_write_lock_bh+0xe0/0xe0
<3>[  863.937982]  ? _raw_write_lock_bh+0xe0/0xe0
<3>[  863.937988]  ceph_iterate_session_caps+0xc2/0x310 [ceph]
<3>[  863.938056]  ? parse_reply_info_in+0x790/0x790 [ceph]
<3>[  863.938123]  remove_session_caps+0xca/0x320 [ceph]
<3>[  863.938190]  ? renewed_caps.isra.51+0x1e0/0x1e0 [ceph]
<3>[  863.938257]  ? queue_delayed_work_on+0x56/0x60
<3>[  863.938325]  ? rb_first+0x9/0x30
<3>[  863.938368]  ? cleanup_session_requests+0xfc/0x1a0 [ceph]
<3>[  863.938434]  ceph_mdsc_force_umount+0x163/0x1b0 [ceph]
<3>[  863.938501]  ceph_umount_begin+0x63/0x90 [ceph]
<3>[  863.938560]  path_umount+0x258/0x740
<3>[  863.938624]  ? strncpy_from_user+0x1a7/0x210
<3>[  863.938648]  ? __detach_mounts+0x130/0x130
<3>[  863.938656]  ? getname_flags+0x10d/0x2a0
<3>[  863.938688]  ksys_umount+0x91/0xd0
<3>[  863.938695]  ? path_umount+0x740/0x740
<3>[  863.938702]  __x64_sys_umount+0x2b/0x30
<3>[  863.938709]  do_syscall_64+0x3a/0x80
<3>[  863.938759]  entry_SYSCALL_64_after_hwframe+0x44/0xae
<3>[  863.938787] RIP: 0033:0x14b893e6716b
<3>[  863.938797] Code: 0d 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 90 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ed 0c 2c 00 f7 d8 64 89 01 48
<3>[  863.938804] RSP: 002b:00007ffd6677d8c8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
<3>[  863.938841] RAX: ffffffffffffffda RBX: 000055e978de35d0 RCX: 000014b893e6716b
<3>[  863.938846] RDX: 0000000000000003 RSI: 0000000000000003 RDI: 000055e978de8e30
<3>[  863.938857] RBP: 0000000000000003 R08: 000014b89412d710 R09: 000055e978dde010
<3>[  863.938862] R10: 0000000000000000 R11: 0000000000000206 R12: 000055e978de8e30
<3>[  863.938866] R13: 000014b894c14184 R14: 000055e978df2d10 R15: 00000000ffffffff
<3>[  863.938872] ==================================================================
<4>[  863.938891] Disabling lock debugging due to kernel taint
<1>[  863.939002] BUG: kernel NULL pointer dereference, address: 0000000000000000
<1>[  863.939015] #PF: supervisor read access in kernel mode
<1>[  863.939022] #PF: error_code(0x0000) - not-present page
<6>[  863.939029] PGD 0 P4D 0 
<4>[  863.939041] Oops: 0000 [#1] SMP KASAN PTI
<4>[  863.939051] CPU: 2 PID: 31528 Comm: umount Tainted: G    B   W   E     5.14.0-rc4+ #73
<4>[  863.939063] Hardware name: Red Hat RHEV Hypervisor, BIOS 1.11.0-2.el7 04/01/2014
<4>[  863.939070] RIP: 0010:__list_del_entry_valid+0x45/0xd0
<4>[  863.939081] Code: ff 4c 8b 23 48 b8 00 01 00 00 00 00 ad de 49 39 c4 74 3e 48 b8 22 01 00 00 00 00 ad de 48 39 c5 74 47 48 89 ef e8 0b 10 d1 ff <48> 8b 6d 00 48 39 dd 75 4e 49 8d 7c 24 08 e8 f8 0f d1 ff 49 8b 54
<4>[  863.939092] RSP: 0018:ffff8881d2697a90 EFLAGS: 00010286
<4>[  863.939103] RAX: 0000000000000001 RBX: ffff8881b1c40638 RCX: ffffffff889115f6
<4>[  863.939111] RDX: 0000000000000001 RSI: 0000000000000246 RDI: ffffffff8b980da0
<4>[  863.939119] RBP: 0000000000000000 R08: fffffbfff16e434d R09: fffffbfff16e434d
<4>[  863.939127] R10: ffffffff8b721a67 R11: fffffbfff16e434c R12: 0000000000000000
<4>[  863.939136] R13: ffff8882bfa424f0 R14: ffff8881b1c40640 R15: 0000000000000000
<4>[  863.939145] FS:  000014b894e23080(0000) GS:ffff8887d0480000(0000) knlGS:0000000000000000
<4>[  863.939159] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[  863.939167] CR2: 0000000000000000 CR3: 00000001926d0006 CR4: 00000000007706e0
<4>[  863.939174] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
<4>[  863.939181] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
<4>[  863.939188] PKRU: 55555554
<4>[  863.939192] Call Trace:
<4>[  863.939199]  __list_del_entry+0xa/0x50 [ceph]
<4>[  863.939320]  __detach_cap_flush_from_ci+0x75/0xb1 [ceph]
<4>[  863.939449]  __ceph_remove_capsnap+0xcb/0x178 [ceph]
<4>[  863.939580]  remove_session_caps_cb.cold.69+0x79/0x15d [ceph]
<4>[  863.939713]  ? parse_reply_info_in+0x790/0x790 [ceph]
<4>[  863.939841]  ? _raw_write_lock_bh+0xe0/0xe0
<4>[  863.939861]  ? _raw_write_lock_bh+0xe0/0xe0
<4>[  863.939875]  ceph_iterate_session_caps+0xc2/0x310 [ceph]
<4>[  863.939993]  ? parse_reply_info_in+0x790/0x790 [ceph]
<4>[  863.940121]  remove_session_caps+0xca/0x320 [ceph]
client_loop: send disconnect: Broken pipe
Actions
Copy link
 #1

Updated by Xiubo Li over 2 years ago

  • Priority changed from Normal to High
Actions
Copy link
 #2

Updated by Xiubo Li over 2 years ago

  • Status changed from In Progress to Won't Fix

This should be introduce by my changes when coding some patches. Will close it.

Actions
Copy link

Also available in: Atom PDF