* [bug report] regression bisected to "block: Make most scsi_req_init() calls implicit"
@ 2017-10-20 22:54 dann frazier
2017-10-20 23:30 ` Bart Van Assche
0 siblings, 1 reply; 5+ messages in thread
From: dann frazier @ 2017-10-20 22:54 UTC (permalink / raw)
To: linux-block, Bart Van Assche; +Cc: linux-arm-kernel, linux-kernel
hey,
I'm seeing a regression when executing 'dmraid -r -c' in an arm64
QEMU guest, which I've bisected to the following commit:
ca18d6f7 "block: Make most scsi_req_init() calls implicit"
I haven't yet had time to try and debug it yet, but wanted to get
the report out there before the weekend. Here's the crash:
[ 138.519885] usercopy: kernel memory overwrite attempt detected to (null) (<null>) (6 bytes)
[ 138.521562] kernel BUG at mm/usercopy.c:72!
[ 138.522294] Internal error: Oops - BUG: 0 [#1] SMP
[ 138.523105] Modules linked in: nls_utf8 isofs nls_iso8859_1 qemu_fw_cfg ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_decompress zstd_compress xxhash raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear aes_ce_blk aes_ce_cipher crc32_ce crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_net virtio_blk aes_neon_bs aes_neon_blk crypto_simd cryptd aes_arm64
[ 138.531307] CPU: 62 PID: 2271 Comm: dmraid Not tainted 4.14.0-rc5+ #20
[ 138.532512] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
[ 138.533796] task: ffff8003cba2e900 task.stack: ffff0000110e8000
[ 138.534887] PC is at __check_object_size+0x114/0x200
[ 138.535800] LR is at __check_object_size+0x114/0x200
[ 138.536711] pc : [<ffff0000082c0e5c>] lr : [<ffff0000082c0e5c>] pstate: 00400145
[ 138.538073] sp : ffff0000110ebb00
[ 138.538682] x29: ffff0000110ebb00 x28: 0000000000000000
[ 138.539658] x27: 0000ffffd88e1110 x26: ffff8003e8d3d800
[ 138.540633] x25: 000000000802001d x24: ffff8003e1131920
[ 138.541621] x23: 0000000000000006 x22: 0000000000000006
[ 138.542596] x21: 0000000000000000 x20: 0000000000000006
[ 138.543571] x19: 0000000000000000 x18: ffffffffffffffff
[ 138.544548] x17: 0000ffff83380ce0 x16: ffff0000082dd3b0
[ 138.545525] x15: ffff0000093c8c08 x14: 6c756e2820202020
[ 138.546511] x13: 202020202020206f x12: 7420646574636574
[ 138.547489] x11: ffff0000093c9658 x10: ffff0000086ae800
[ 138.548466] x9 : 7265766f2079726f x8 : 0000000000000017
[ 138.549445] x7 : 6c756e3c2820296c x6 : ffff8003eeb51c28
[ 138.550434] x5 : ffff8003eeb51c28 x4 : 0000000000000000
[ 138.551411] x3 : ffff8003eeb59ec8 x2 : d4a0cd0f45236000
[ 138.552388] x1 : 0000000000000000 x0 : 0000000000000059
[ 138.553364] Process dmraid (pid: 2271, stack limit = 0xffff0000110e8000)
[ 138.554593] Call trace:
[ 138.555043] Exception stack(0xffff0000110eb9c0 to 0xffff0000110ebb00)
[ 138.556214] b9c0: 0000000000000059 0000000000000000 d4a0cd0f45236000 ffff8003eeb59ec8
[ 138.557653] b9e0: 0000000000000000 ffff8003eeb51c28 ffff8003eeb51c28 6c756e3c2820296c
[ 138.559082] ba00: 0000000000000017 7265766f2079726f ffff0000086ae800 ffff0000093c9658
[ 138.560510] ba20: 7420646574636574 202020202020206f 6c756e2820202020 ffff0000093c8c08
[ 138.561950] ba40: ffff0000082dd3b0 0000ffff83380ce0 ffffffffffffffff 0000000000000000
[ 138.563379] ba60: 0000000000000006 0000000000000000 0000000000000006 0000000000000006
[ 138.564805] ba80: ffff8003e1131920 000000000802001d ffff8003e8d3d800 0000ffffd88e1110
[ 138.566238] baa0: 0000000000000000 ffff0000110ebb00 ffff0000082c0e5c ffff0000110ebb00
[ 138.567666] bac0: ffff0000082c0e5c 0000000000400145 ffff000008e25a80 0000000000000000
[ 138.569090] bae0: 0001000000000000 0000000000000006 ffff0000110ebb00 ffff0000082c0e5c
[ 138.570523] [<ffff0000082c0e5c>] __check_object_size+0x114/0x200
[ 138.571628] [<ffff0000084e71a8>] sg_io+0x120/0x438
[ 138.572507] [<ffff0000084e7c0c>] scsi_cmd_ioctl+0x594/0x728
[ 138.573531] [<ffff0000084e7df0>] scsi_cmd_blk_ioctl+0x50/0x60
[ 138.574594] [<ffff000000b7e798>] virtblk_ioctl+0x60/0x80 [virtio_blk]
[ 138.575769] [<ffff0000084d9144>] blkdev_ioctl+0x5e4/0xb50
[ 138.576756] [<ffff00000830d810>] block_ioctl+0x50/0x68
[ 138.577698] [<ffff0000082dcb34>] do_vfs_ioctl+0xc4/0x940
[ 138.578671] [<ffff0000082dd43c>] SyS_ioctl+0x8c/0xa8
[ 138.579581] Exception stack(0xffff0000110ebec0 to 0xffff0000110ec000)
[ 138.580752] bec0: 0000000000000005 0000000000002285 0000ffffd88e10b8 0000000000000006
[ 138.582199] bee0: 0000000000000000 0000000000000004 0000ffff83416648 0000000000000050
[ 138.583623] bf00: 000000000000001d 0003ffffffffffff 0000000000000012 0000000000000011
[ 138.585050] bf20: 0000ffff83409000 00000000000000ff 0000ffff8309dc70 0000000000000531
[ 138.586490] bf40: 0000ffff8344a360 0000ffff83380ce0 00000000000000dc 0000ffff83478948
[ 138.587918] bf60: 0000000000000004 0000000017ee7f90 0000000000000005 0000000017ede920
[ 138.589346] bf80: 0000000017ee7f60 0000000000000003 0000ffff83416648 0000000017ee7f60
[ 138.590785] bfa0: 0000ffffd88e1218 0000ffffd88e1090 0000ffff834166dc 0000ffffd88e1090
[ 138.592215] bfc0: 0000ffff83380cec 0000000080000000 0000000000000005 000000000000001d
[ 138.593649] bfe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
[ 138.595091] [<ffff000008083a30>] el0_svc_naked+0x24/0x28
[ 138.596071] Code: aa1403e5 aa1303e3 9119a0c0 97f9d96d (d4210000)
[ 138.597193] ---[ end trace b7eecd0b21001177 ]---
Here's the ioctl as reported by strace:
2277 openat(AT_FDCWD, "/dev/vdb", O_RDONLY) = 5
2277 ioctl(5, BLKSSZGET, [512]) = 0
2277 ioctl(5, SG_IO, {'S', SG_DXFER_FROM_DEV, cmd[6]=[12, 01, 80, 00, 04, 00], mx_sb_len=0, iovec_count=0, dxfer_len=4, timeout=6000, flags=0 <unfinished ...>) = ?
$ qemu-system-aarch64 -enable-kvm -m 16384 \
-cpu host -smp 4 -M virt,gic_version=host -nographic \
-pflash flash0.img -pflash flash1.img \
-drive if=none,file=artful-server-cloudimg-arm64.img,id=hd0 \
-device virtio-blk-device,drive=hd0 -drive \
-if=none,file=my-seed.img,id=hd1 \
-device virtio-blk-device,drive=hd1 \
-netdev type=tap,id=net0 -device virtio-net-device,netdev=net0,mac=<omitted>
-dann
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [bug report] regression bisected to "block: Make most scsi_req_init() calls implicit"
2017-10-20 22:54 [bug report] regression bisected to "block: Make most scsi_req_init() calls implicit" dann frazier
@ 2017-10-20 23:30 ` Bart Van Assche
2017-10-23 15:41 ` dann frazier
0 siblings, 1 reply; 5+ messages in thread
From: Bart Van Assche @ 2017-10-20 23:30 UTC (permalink / raw)
To: linux-block, dann.frazier; +Cc: linux-arm-kernel, linux-kernel
On Fri, 2017-10-20 at 16:54 -0600, dann frazier wrote:
> hey,
> I'm seeing a regression when executing 'dmraid -r -c' in an arm64
> QEMU guest, which I've bisected to the following commit:
>
> ca18d6f7 "block: Make most scsi_req_init() calls implicit"
>
> I haven't yet had time to try and debug it yet, but wanted to get
> the report out there before the weekend. Here's the crash:
>
> [ 138.519885] usercopy: kernel memory overwrite attempt detected to (null) (<null>) (6 bytes)
> [ 138.521562] kernel BUG at mm/usercopy.c:72!
> [ 138.522294] Internal error: Oops - BUG: 0 [#1] SMP
> [ 138.523105] Modules linked in: nls_utf8 isofs nls_iso8859_1 qemu_fw_cfg ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables
> x_tables autofs4 btrfs zstd_decompress zstd_compress xxhash raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0
> multipath linear aes_ce_blk aes_ce_cipher crc32_ce crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_net virtio_blk aes_neon_bs aes_neon_blk crypto_simd cryptd
> aes_arm64
> [ 138.531307] CPU: 62 PID: 2271 Comm: dmraid Not tainted 4.14.0-rc5+ #20
> [ 138.532512] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
> [ 138.533796] task: ffff8003cba2e900 task.stack: ffff0000110e8000
> [ 138.534887] PC is at __check_object_size+0x114/0x200
> [ 138.535800] LR is at __check_object_size+0x114/0x200
> [ 138.536711] pc : [<ffff0000082c0e5c>] lr : [<ffff0000082c0e5c>] pstate: 00400145
> [ 138.538073] sp : ffff0000110ebb00
> [ 138.538682] x29: ffff0000110ebb00 x28: 0000000000000000
> [ 138.539658] x27: 0000ffffd88e1110 x26: ffff8003e8d3d800
> [ 138.540633] x25: 000000000802001d x24: ffff8003e1131920
> [ 138.541621] x23: 0000000000000006 x22: 0000000000000006
> [ 138.542596] x21: 0000000000000000 x20: 0000000000000006
> [ 138.543571] x19: 0000000000000000 x18: ffffffffffffffff
> [ 138.544548] x17: 0000ffff83380ce0 x16: ffff0000082dd3b0
> [ 138.545525] x15: ffff0000093c8c08 x14: 6c756e2820202020
> [ 138.546511] x13: 202020202020206f x12: 7420646574636574
> [ 138.547489] x11: ffff0000093c9658 x10: ffff0000086ae800
> [ 138.548466] x9 : 7265766f2079726f x8 : 0000000000000017
> [ 138.549445] x7 : 6c756e3c2820296c x6 : ffff8003eeb51c28
> [ 138.550434] x5 : ffff8003eeb51c28 x4 : 0000000000000000
> [ 138.551411] x3 : ffff8003eeb59ec8 x2 : d4a0cd0f45236000
> [ 138.552388] x1 : 0000000000000000 x0 : 0000000000000059
> [ 138.553364] Process dmraid (pid: 2271, stack limit = 0xffff0000110e8000)
> [ 138.554593] Call trace:
> [ 138.555043] Exception stack(0xffff0000110eb9c0 to 0xffff0000110ebb00)
> [ 138.556214] b9c0: 0000000000000059 0000000000000000 d4a0cd0f45236000 ffff8003eeb59ec8
> [ 138.557653] b9e0: 0000000000000000 ffff8003eeb51c28 ffff8003eeb51c28 6c756e3c2820296c
> [ 138.559082] ba00: 0000000000000017 7265766f2079726f ffff0000086ae800 ffff0000093c9658
> [ 138.560510] ba20: 7420646574636574 202020202020206f 6c756e2820202020 ffff0000093c8c08
> [ 138.561950] ba40: ffff0000082dd3b0 0000ffff83380ce0 ffffffffffffffff 0000000000000000
> [ 138.563379] ba60: 0000000000000006 0000000000000000 0000000000000006 0000000000000006
> [ 138.564805] ba80: ffff8003e1131920 000000000802001d ffff8003e8d3d800 0000ffffd88e1110
> [ 138.566238] baa0: 0000000000000000 ffff0000110ebb00 ffff0000082c0e5c ffff0000110ebb00
> [ 138.567666] bac0: ffff0000082c0e5c 0000000000400145 ffff000008e25a80 0000000000000000
> [ 138.569090] bae0: 0001000000000000 0000000000000006 ffff0000110ebb00 ffff0000082c0e5c
> [ 138.570523] [<ffff0000082c0e5c>] __check_object_size+0x114/0x200
> [ 138.571628] [<ffff0000084e71a8>] sg_io+0x120/0x438
> [ 138.572507] [<ffff0000084e7c0c>] scsi_cmd_ioctl+0x594/0x728
> [ 138.573531] [<ffff0000084e7df0>] scsi_cmd_blk_ioctl+0x50/0x60
> [ 138.574594] [<ffff000000b7e798>] virtblk_ioctl+0x60/0x80 [virtio_blk]
> [ 138.575769] [<ffff0000084d9144>] blkdev_ioctl+0x5e4/0xb50
> [ 138.576756] [<ffff00000830d810>] block_ioctl+0x50/0x68
> [ 138.577698] [<ffff0000082dcb34>] do_vfs_ioctl+0xc4/0x940
> [ 138.578671] [<ffff0000082dd43c>] SyS_ioctl+0x8c/0xa8
> [ 138.579581] Exception stack(0xffff0000110ebec0 to 0xffff0000110ec000)
> [ 138.580752] bec0: 0000000000000005 0000000000002285 0000ffffd88e10b8 0000000000000006
> [ 138.582199] bee0: 0000000000000000 0000000000000004 0000ffff83416648 0000000000000050
> [ 138.583623] bf00: 000000000000001d 0003ffffffffffff 0000000000000012 0000000000000011
> [ 138.585050] bf20: 0000ffff83409000 00000000000000ff 0000ffff8309dc70 0000000000000531
> [ 138.586490] bf40: 0000ffff8344a360 0000ffff83380ce0 00000000000000dc 0000ffff83478948
> [ 138.587918] bf60: 0000000000000004 0000000017ee7f90 0000000000000005 0000000017ede920
> [ 138.589346] bf80: 0000000017ee7f60 0000000000000003 0000ffff83416648 0000000017ee7f60
> [ 138.590785] bfa0: 0000ffffd88e1218 0000ffffd88e1090 0000ffff834166dc 0000ffffd88e1090
> [ 138.592215] bfc0: 0000ffff83380cec 0000000080000000 0000000000000005 000000000000001d
> [ 138.593649] bfe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> [ 138.595091] [<ffff000008083a30>] el0_svc_naked+0x24/0x28
> [ 138.596071] Code: aa1403e5 aa1303e3 9119a0c0 97f9d96d (d4210000)
> [ 138.597193] ---[ end trace b7eecd0b21001177 ]---
>
> Here's the ioctl as reported by strace:
>
> 2277 openat(AT_FDCWD, "/dev/vdb", O_RDONLY) = 5
> 2277 ioctl(5, BLKSSZGET, [512]) = 0
> 2277 ioctl(5, SG_IO, {'S', SG_DXFER_FROM_DEV, cmd[6]=[12, 01, 80, 00, 04, 00], mx_sb_len=0, iovec_count=0, dxfer_len=4, timeout=6000, flags=0 <unfinished ...>) = ?
>
> $ qemu-system-aarch64 -enable-kvm -m 16384 \
> -cpu host -smp 4 -M virt,gic_version=host -nographic \
> -pflash flash0.img -pflash flash1.img \
> -drive if=none,file=artful-server-cloudimg-arm64.img,id=hd0 \
> -device virtio-blk-device,drive=hd0 -drive \
> -if=none,file=my-seed.img,id=hd1 \
> -device virtio-blk-device,drive=hd1 \
> -netdev type=tap,id=net0 -device virtio-net-device,netdev=net0,mac=<omitted>
Hello Dann,
Since I do not have access to artful-server-cloudimg-arm64.img, can you
convert the crash address into a file name and line number for me (gdb list
*(${crash_address})? Can you do this for both __check_object_size+0x114 and
sg_io+0x120?
Thanks,
Bart.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [bug report] regression bisected to "block: Make most scsi_req_init() calls implicit"
2017-10-20 23:30 ` Bart Van Assche
@ 2017-10-23 15:41 ` dann frazier
2017-10-23 21:08 ` Bart Van Assche
0 siblings, 1 reply; 5+ messages in thread
From: dann frazier @ 2017-10-23 15:41 UTC (permalink / raw)
To: Bart Van Assche; +Cc: linux-block, linux-arm-kernel, linux-kernel
On Fri, Oct 20, 2017 at 11:30:55PM +0000, Bart Van Assche wrote:
> On Fri, 2017-10-20 at 16:54 -0600, dann frazier wrote:
> > hey,
> > I'm seeing a regression when executing 'dmraid -r -c' in an arm64
> > QEMU guest, which I've bisected to the following commit:
> >
> > ca18d6f7 "block: Make most scsi_req_init() calls implicit"
> >
> > I haven't yet had time to try and debug it yet, but wanted to get
> > the report out there before the weekend. Here's the crash:
> >
> > [ 138.519885] usercopy: kernel memory overwrite attempt detected to (null) (<null>) (6 bytes)
> > [ 138.521562] kernel BUG at mm/usercopy.c:72!
> > [ 138.522294] Internal error: Oops - BUG: 0 [#1] SMP
> > [ 138.523105] Modules linked in: nls_utf8 isofs nls_iso8859_1 qemu_fw_cfg ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables
> > x_tables autofs4 btrfs zstd_decompress zstd_compress xxhash raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0
> > multipath linear aes_ce_blk aes_ce_cipher crc32_ce crct10dif_ce ghash_ce sha2_ce sha256_arm64 sha1_ce virtio_net virtio_blk aes_neon_bs aes_neon_blk crypto_simd cryptd
> > aes_arm64
> > [ 138.531307] CPU: 62 PID: 2271 Comm: dmraid Not tainted 4.14.0-rc5+ #20
> > [ 138.532512] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
> > [ 138.533796] task: ffff8003cba2e900 task.stack: ffff0000110e8000
> > [ 138.534887] PC is at __check_object_size+0x114/0x200
> > [ 138.535800] LR is at __check_object_size+0x114/0x200
> > [ 138.536711] pc : [<ffff0000082c0e5c>] lr : [<ffff0000082c0e5c>] pstate: 00400145
> > [ 138.538073] sp : ffff0000110ebb00
> > [ 138.538682] x29: ffff0000110ebb00 x28: 0000000000000000
> > [ 138.539658] x27: 0000ffffd88e1110 x26: ffff8003e8d3d800
> > [ 138.540633] x25: 000000000802001d x24: ffff8003e1131920
> > [ 138.541621] x23: 0000000000000006 x22: 0000000000000006
> > [ 138.542596] x21: 0000000000000000 x20: 0000000000000006
> > [ 138.543571] x19: 0000000000000000 x18: ffffffffffffffff
> > [ 138.544548] x17: 0000ffff83380ce0 x16: ffff0000082dd3b0
> > [ 138.545525] x15: ffff0000093c8c08 x14: 6c756e2820202020
> > [ 138.546511] x13: 202020202020206f x12: 7420646574636574
> > [ 138.547489] x11: ffff0000093c9658 x10: ffff0000086ae800
> > [ 138.548466] x9 : 7265766f2079726f x8 : 0000000000000017
> > [ 138.549445] x7 : 6c756e3c2820296c x6 : ffff8003eeb51c28
> > [ 138.550434] x5 : ffff8003eeb51c28 x4 : 0000000000000000
> > [ 138.551411] x3 : ffff8003eeb59ec8 x2 : d4a0cd0f45236000
> > [ 138.552388] x1 : 0000000000000000 x0 : 0000000000000059
> > [ 138.553364] Process dmraid (pid: 2271, stack limit = 0xffff0000110e8000)
> > [ 138.554593] Call trace:
> > [ 138.555043] Exception stack(0xffff0000110eb9c0 to 0xffff0000110ebb00)
> > [ 138.556214] b9c0: 0000000000000059 0000000000000000 d4a0cd0f45236000 ffff8003eeb59ec8
> > [ 138.557653] b9e0: 0000000000000000 ffff8003eeb51c28 ffff8003eeb51c28 6c756e3c2820296c
> > [ 138.559082] ba00: 0000000000000017 7265766f2079726f ffff0000086ae800 ffff0000093c9658
> > [ 138.560510] ba20: 7420646574636574 202020202020206f 6c756e2820202020 ffff0000093c8c08
> > [ 138.561950] ba40: ffff0000082dd3b0 0000ffff83380ce0 ffffffffffffffff 0000000000000000
> > [ 138.563379] ba60: 0000000000000006 0000000000000000 0000000000000006 0000000000000006
> > [ 138.564805] ba80: ffff8003e1131920 000000000802001d ffff8003e8d3d800 0000ffffd88e1110
> > [ 138.566238] baa0: 0000000000000000 ffff0000110ebb00 ffff0000082c0e5c ffff0000110ebb00
> > [ 138.567666] bac0: ffff0000082c0e5c 0000000000400145 ffff000008e25a80 0000000000000000
> > [ 138.569090] bae0: 0001000000000000 0000000000000006 ffff0000110ebb00 ffff0000082c0e5c
> > [ 138.570523] [<ffff0000082c0e5c>] __check_object_size+0x114/0x200
> > [ 138.571628] [<ffff0000084e71a8>] sg_io+0x120/0x438
> > [ 138.572507] [<ffff0000084e7c0c>] scsi_cmd_ioctl+0x594/0x728
> > [ 138.573531] [<ffff0000084e7df0>] scsi_cmd_blk_ioctl+0x50/0x60
> > [ 138.574594] [<ffff000000b7e798>] virtblk_ioctl+0x60/0x80 [virtio_blk]
> > [ 138.575769] [<ffff0000084d9144>] blkdev_ioctl+0x5e4/0xb50
> > [ 138.576756] [<ffff00000830d810>] block_ioctl+0x50/0x68
> > [ 138.577698] [<ffff0000082dcb34>] do_vfs_ioctl+0xc4/0x940
> > [ 138.578671] [<ffff0000082dd43c>] SyS_ioctl+0x8c/0xa8
> > [ 138.579581] Exception stack(0xffff0000110ebec0 to 0xffff0000110ec000)
> > [ 138.580752] bec0: 0000000000000005 0000000000002285 0000ffffd88e10b8 0000000000000006
> > [ 138.582199] bee0: 0000000000000000 0000000000000004 0000ffff83416648 0000000000000050
> > [ 138.583623] bf00: 000000000000001d 0003ffffffffffff 0000000000000012 0000000000000011
> > [ 138.585050] bf20: 0000ffff83409000 00000000000000ff 0000ffff8309dc70 0000000000000531
> > [ 138.586490] bf40: 0000ffff8344a360 0000ffff83380ce0 00000000000000dc 0000ffff83478948
> > [ 138.587918] bf60: 0000000000000004 0000000017ee7f90 0000000000000005 0000000017ede920
> > [ 138.589346] bf80: 0000000017ee7f60 0000000000000003 0000ffff83416648 0000000017ee7f60
> > [ 138.590785] bfa0: 0000ffffd88e1218 0000ffffd88e1090 0000ffff834166dc 0000ffffd88e1090
> > [ 138.592215] bfc0: 0000ffff83380cec 0000000080000000 0000000000000005 000000000000001d
> > [ 138.593649] bfe0: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
> > [ 138.595091] [<ffff000008083a30>] el0_svc_naked+0x24/0x28
> > [ 138.596071] Code: aa1403e5 aa1303e3 9119a0c0 97f9d96d (d4210000)
> > [ 138.597193] ---[ end trace b7eecd0b21001177 ]---
> >
> > Here's the ioctl as reported by strace:
> >
> > 2277 openat(AT_FDCWD, "/dev/vdb", O_RDONLY) = 5
> > 2277 ioctl(5, BLKSSZGET, [512]) = 0
> > 2277 ioctl(5, SG_IO, {'S', SG_DXFER_FROM_DEV, cmd[6]=[12, 01, 80, 00, 04, 00], mx_sb_len=0, iovec_count=0, dxfer_len=4, timeout=6000, flags=0 <unfinished ...>) = ?
> >
> > $ qemu-system-aarch64 -enable-kvm -m 16384 \
> > -cpu host -smp 4 -M virt,gic_version=host -nographic \
> > -pflash flash0.img -pflash flash1.img \
> > -drive if=none,file=artful-server-cloudimg-arm64.img,id=hd0 \
> > -device virtio-blk-device,drive=hd0 -drive \
> > -if=none,file=my-seed.img,id=hd1 \
> > -device virtio-blk-device,drive=hd1 \
> > -netdev type=tap,id=net0 -device virtio-net-device,netdev=net0,mac=<omitted>
>
> Hello Dann,
>
> Since I do not have access to artful-server-cloudimg-arm64.img, can you
> convert the crash address into a file name and line number for me (gdb list
> *(${crash_address})? Can you do this for both __check_object_size+0x114 and
> sg_io+0x120?
Hi Bart - sure:
(gdb) list *(__check_object_size+0x114)
0xffff0000082c0e5c is in __check_object_size (mm/usercopy.c:72).
67 /*
68 * For greater effect, it would be nice to do do_group_exit(),
69 * but BUG() actually hooks all the lock-breaking and per-arch
70 * Oops code, so that is used here instead.
71 */
72 BUG();
73 }
74
75 /* Returns true if any portion of [ptr,ptr+n) over laps with [low,high). */
76 static bool overlaps(const void *ptr, unsigned long n, unsigned long low,
(gdb) list *(sg_io+0x120)
0xffff0000084e71a8 is in sg_io (./include/linux/uaccess.h:113).
108 static inline unsigned long
109 _copy_from_user(void *to, const void __user *from, unsigned long n)
110 {
111 unsigned long res = n;
112 might_fault();
113 if (likely(access_ok(VERIFY_READ, from, n))) {
114 kasan_check_write(to, n);
115 res = raw_copy_from_user(to, from, n);
116 }
117 if (unlikely(res))
-dann
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [bug report] regression bisected to "block: Make most scsi_req_init() calls implicit"
2017-10-23 15:41 ` dann frazier
@ 2017-10-23 21:08 ` Bart Van Assche
2017-10-24 1:47 ` dann frazier
0 siblings, 1 reply; 5+ messages in thread
From: Bart Van Assche @ 2017-10-23 21:08 UTC (permalink / raw)
To: dann.frazier; +Cc: linux-arm-kernel, linux-kernel, linux-block
On Mon, 2017-10-23 at 09:41 -0600, dann frazier wrote:
> (gdb) list *(sg_io+0x120)
> 0xffff0000084e71a8 is in sg_io (./include/linux/uaccess.h:113).
> 108 static inline unsigned long
> 109 _copy_from_user(void *to, const void __user *from, unsigned long n)
> 110 {
> 111 unsigned long res = n;
> 112 might_fault();
> 113 if (likely(access_ok(VERIFY_READ, from, n))) {
> 114 kasan_check_write(to, n);
> 115 res = raw_copy_from_user(to, from, n);
> 116 }
> 117 if (unlikely(res))
Hello Dann,
Would it be possible to check whether the patch below is sufficient to fix this?
Thanks,
Bart.
diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c
index 34e17ee799be..15e11a519801 100644
--- a/drivers/block/virtio_blk.c
+++ b/drivers/block/virtio_blk.c
@@ -597,6 +597,7 @@ static const struct blk_mq_ops virtio_mq_ops = {
.queue_rq = virtio_queue_rq,
.complete = virtblk_request_done,
.init_request = virtblk_init_request,
+ .initialize_rq_fn = scsi_initialize_rq,
.map_queues = virtblk_map_queues,
};
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index 0419c2298eab..14096f67eebb 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -1722,6 +1722,8 @@ sg_start_req(Sg_request *srp, unsigned char *cmd)
}
req = scsi_req(rq);
+ WARN_ON_ONCE(!req->cmd);
+
if (hp->cmd_len > BLK_MAX_CDB)
req->cmd = long_cmdp;
memcpy(req->cmd, cmd, hp->cmd_len);
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [bug report] regression bisected to "block: Make most scsi_req_init() calls implicit"
2017-10-23 21:08 ` Bart Van Assche
@ 2017-10-24 1:47 ` dann frazier
0 siblings, 0 replies; 5+ messages in thread
From: dann frazier @ 2017-10-24 1:47 UTC (permalink / raw)
To: Bart Van Assche; +Cc: linux-arm-kernel, linux-kernel, linux-block
On Mon, Oct 23, 2017 at 3:08 PM, Bart Van Assche <Bart.VanAssche@wdc.com> wrote:
> On Mon, 2017-10-23 at 09:41 -0600, dann frazier wrote:
>> (gdb) list *(sg_io+0x120)
>> 0xffff0000084e71a8 is in sg_io (./include/linux/uaccess.h:113).
>> 108 static inline unsigned long
>> 109 _copy_from_user(void *to, const void __user *from, unsigned long n)
>> 110 {
>> 111 unsigned long res = n;
>> 112 might_fault();
>> 113 if (likely(access_ok(VERIFY_READ, from, n))) {
>> 114 kasan_check_write(to, n);
>> 115 res = raw_copy_from_user(to, from, n);
>> 116 }
>> 117 if (unlikely(res))
>
> Hello Dann,
>
> Would it be possible to check whether the patch below is sufficient to fix this?
hey Bart,
Yes, it does appear to be sufficient:
ubuntu@ubuntu:~$ sudo dmesg -c > /dev/null
ubuntu@ubuntu:~$ sudo dmraid -r -c
ERROR: isw: seeking device "/dev/vda" to 18446744073708843520
ERROR: sil: seeking device "/dev/vda" to 18446744073709401600
no raid disks
ubuntu@ubuntu:~$ dmesg
ubuntu@ubuntu:~$
-dann
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-10-24 1:48 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-10-20 22:54 [bug report] regression bisected to "block: Make most scsi_req_init() calls implicit" dann frazier
2017-10-20 23:30 ` Bart Van Assche
2017-10-23 15:41 ` dann frazier
2017-10-23 21:08 ` Bart Van Assche
2017-10-24 1:47 ` dann frazier
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).