Bug 219975
| Summary: | opening /dev/snapshot twice on 6.14 causes oops | ||
|---|---|---|---|
| Product: | IO/Storage | Reporter: | Colin Ian King (colin.i.king) |
| Component: | MD | Assignee: | io_md |
| Status: | NEW --- | ||
| Severity: | high | ||
| Priority: | P3 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Kernel Version: | Subsystem: | ||
| Regression: | Yes | Bisected commit-id: | |
This was originally found using stress-ng [1] sudo ./stress-ng --dev 1 --dev-file /dev/snapshot [1] https://github.com/ColinIanKing/stress-ng |
Regression, does not occur on 6.13, on 6.14 with a dm encryped file system: $ cat x.c #include <stdlib.h> #include <unistd.h> #include <fcntl.h> int main(void) { int fd; fd = open("/dev/snapshot", O_RDONLY | O_NONBLOCK); if (!fd) return EXIT_FAILURE; fd = open("/dev/snapshot", O_RDONLY | O_NONBLOCK); if (!fd) return EXIT_FAILURE; return EXIT_SUCCESS; } $ gcc x.c sudo ./a.out [ 16.745939] BUG: kernel NULL pointer dereference, address: 0000000000000028 [ 16.745954] #PF: supervisor read access in kernel mode [ 16.745960] #PF: error_code(0x0000) - not-present page [ 16.745966] PGD 0 P4D 0 [ 16.745971] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI [ 16.745977] CPU: 8 UID: 0 PID: 1286 Comm: a.out Not tainted 6.14.0+ #2 [ 16.745985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 2025.02-5 03/28/2025 [ 16.745992] RIP: 0010:alloc_fs_context+0xf7/0x4e0 [ 16.746002] Code: c7 80 a8 00 00 00 00 00 00 00 f0 48 83 00 01 48 83 05 5c 52 2a 03 01 48 89 43 58 48 8b 82 08 0c 00 00 48 83 05 f9 55 2a 03 01 <4c> 8b 70 28 48 83 05 ad 51 2a 03 01 b8 01 00 00 00 49 8d be 8c 00 [ 16.746018] RSP: 0018:ffffac1942de3aa8 EFLAGS: 00010206 [ 16.746025] RAX: 0000000000000000 RBX: ffff88b5410cc540 RCX: 00000000000000c0 [ 16.746032] RDX: ffff88b5417c0000 RSI: ffff88b5410cc540 RDI: ffffffffc1c564c0 [ 16.746039] RBP: 0000000000000000 R08: 0000000000400dc0 R09: 00000000ffffffff [ 16.746046] R10: ffffffffa319fb28 R11: 0000000000000674 R12: ffffffffc1c55ec0 [ 16.746052] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 16.746060] FS: 0000000000000000(0000) GS:ffff88b5fcc00000(0000) knlGS:0000000000000000 [ 16.746068] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 16.746076] CR2: 0000000000000028 CR3: 000000003744c005 CR4: 0000000000772ef0 [ 16.746088] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 16.746095] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400 [ 16.746104] PKRU: 55555554 [ 16.746108] Call Trace: [ 16.746129] <TASK> [ 16.746136] ? show_regs.cold+0x21/0x2f [ 16.746144] ? __die_body+0x22/0xa0 [ 16.746150] ? __die+0x33/0x43 [ 16.746155] ? page_fault_oops+0x10a/0x380 [ 16.746163] ? prb_first_seq+0x78/0xb0 [ 16.746171] ? do_user_addr_fault+0x622/0x9f0 [ 16.746178] ? console_flush_all+0x1e8/0x520 [ 16.746184] ? exc_page_fault+0xd4/0x390 [ 16.746192] ? asm_exc_page_fault+0x22/0x30 [ 16.746202] ? alloc_fs_context+0xf7/0x4e0 [ 16.746208] ? alloc_fs_context+0xa1/0x4e0 [ 16.746213] ? _printk+0x6f/0xa0 [ 16.746410] fs_context_for_mount+0x1b/0x30 [ 16.746569] vfs_kern_mount+0x25/0x100 [ 16.746725] efivarfs_pm_notify.cold+0x40/0x1f9 [efivarfs] [ 16.746885] ? __pfx_efivarfs_actor+0x10/0x10 [efivarfs] [ 16.747046] notifier_call_chain+0x8f/0x1a0 [ 16.747202] blocking_notifier_call_chain+0x47/0x90 [ 16.747354] pm_notifier_call_chain+0x1e/0x30 [ 16.747503] snapshot_release+0x73/0xf0 [ 16.747651] __fput+0x16d/0x430 [ 16.747797] ____fput+0x19/0x30 [ 16.747940] task_work_run+0x81/0xf0 [ 16.748083] do_exit+0x54b/0x1320 [ 16.748223] ? xas_next_entry+0xbc/0x120 [ 16.748364] ? next_uptodate_folio+0x24/0x2b0 [ 16.748502] do_group_exit+0x34/0xc0 [ 16.748638] __do_sys_exit_group.isra.0+0x13/0x20 [ 16.748776] __x64_sys_exit_group+0x15/0x20 [ 16.748918] x64_sys_call+0x4135/0x4150 [ 16.749056] do_syscall_64+0xc9/0x270 [ 16.749192] ? do_pte_missing+0xadc/0x1830 [ 16.749324] ? ___pte_offset_map+0x1f/0x310 [ 16.749453] ? __handle_mm_fault+0xbac/0x18f0 [ 16.749575] ? arch_exit_to_user_mode_prepare.isra.0+0x2a/0xf0 [ 16.749692] ? __count_memcg_events+0x16e/0x280 [ 16.749808] ? count_memcg_events.constprop.0+0x32/0x60 [ 16.749922] ? handle_mm_fault+0x305/0x560 [ 16.750037] ? do_user_addr_fault+0x59f/0x9f0 [ 16.750150] ? arch_exit_to_user_mode_prepare.isra.0+0x2a/0xf0 [ 16.750264] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 16.750379] RIP: 0033:0x7f44aad60295 [ 16.750503] Code: Unable to access opcode bytes at 0x7f44aad6026b. [ 16.750616] RSP: 002b:00007fff05486478 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7 [ 16.750731] RAX: ffffffffffffffda RBX: 00007f44aae6bfe8 RCX: 00007f44aad60295 [ 16.750846] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000 [ 16.750963] RBP: 0000000000000000 R08: 00007fff05486410 R09: 0000000000000000 [ 16.751079] R10: 00007fff05486320 R11: 0000000000000206 R12: 00007f44aae6a680 [ 16.751196] R13: 00007f44aae93c20 R14: 0000000000000001 R15: 00007f44aae6c000 [ 16.751315] </TASK> [ 16.751432] Modules linked in: binfmt_misc nls_ascii nls_cp437 vfat fat ext2 mbcache intel_rapl_msr intel_rapl_common intel_uncore_frequency_common intel_pmc_core intel_vsec pmt_telemetry pmt_class kvm_intel kvm rapl snd_hda_codec_generic snd_hda_intel ppdev snd_intel_dspcfg pktcdvd snd_intel_sdw_acpi snd_hda_codec snd_intel8x0 snd_ac97_codec joydev snd_hda_core snd_hwdep ac97_bus virtio_gpu snd_pcm virtio_dma_buf vmw_vsock_virtio_transport snd_timer drm_client_lib pcspkr snd virtio_balloon virtio_console drm_shmem_helper soundcore parport_pc drm_kms_helper parport button evdev sg drm fuse efi_pstore nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock vmw_vmci efivarfs qemu_fw_cfg virtio_rng ip_tables x_tables autofs4 xfs btrfs blake2b_generic xor raid6_pq dm_crypt dm_mod uas usb_storage hid_generic usbhid sr_mod hid ahci cdrom sd_mod xhci_pci libahci xhci_hcd libata virtio_scsi virtio_net iTCO_wdt scsi_mod usbcore net_failover intel_pmc_bxt virtio_blk failover psmouse [ 16.751483] iTCO_vendor_support watchdog polyval_clmulni virtio_pci polyval_generic ghash_clmulni_intel sha512_ssse3 sha256_ssse3 virtio_pci_legacy_dev i2c_i801 sha1_ssse3 virtio_pci_modern_dev serio_raw virtio lpc_ich i2c_smbus scsi_common virtio_ring floppy usb_common aesni_intel crypto_simd cryptd [ 16.752908] CR2: 0000000000000028 [ 16.753095] ---[ end trace 0000000000000000 ]--- [ 17.251348] RIP: 0010:alloc_fs_context+0xf7/0x4e0 [ 17.251630] Code: c7 80 a8 00 00 00 00 00 00 00 f0 48 83 00 01 48 83 05 5c 52 2a 03 01 48 89 43 58 48 8b 82 08 0c 00 00 48 83 05 f9 55 2a 03 01 <4c> 8b 70 28 48 83 05 ad 51 2a 03 01 b8 01 00 00 00 49 8d be 8c 00 [ 17.252070] RSP: 0018:ffffac1942de3aa8 EFLAGS: 00010206 [ 17.252288] RAX: 0000000000000000 RBX: ffff88b5410cc540 RCX: 00000000000000c0 [ 17.252505] RDX: ffff88b5417c0000 RSI: ffff88b5410cc540 RDI: ffffffffc1c564c0 [ 17.252721] RBP: 0000000000000000 R08: 0000000000400dc0 R09: 00000000ffffffff [ 17.252951] R10: ffffffffa319fb28 R11: 0000000000000674 R12: ffffffffc1c55ec0 [ 17.253171] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 17.253393] FS: 0000000000000000(0000) GS:ffff88b5fcc00000(0000) knlGS:0000000000000000 [ 17.253616] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 17.253848] CR2: 0000000000000028 CR3: 0000000201588004 CR4: 0000000000772ef0 [ 17.254077] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 17.254304] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400 [ 17.254531] PKRU: 55555554 [ 17.254756] note: a.out[1286] exited with irqs disabled [ 17.255023] Fixing recursive fault but reboot is needed! [ 17.255260] BUG: scheduling while atomic: a.out/1286/0x00000000 [ 17.255497] Modules linked in: binfmt_misc nls_ascii nls_cp437 vfat fat ext2 mbcache intel_rapl_msr intel_rapl_common intel_uncore_frequency_common intel_pmc_core intel_vsec pmt_telemetry pmt_class kvm_intel kvm rapl snd_hda_codec_generic snd_hda_intel ppdev snd_intel_dspcfg pktcdvd snd_intel_sdw_acpi snd_hda_codec snd_intel8x0 snd_ac97_codec joydev snd_hda_core snd_hwdep ac97_bus virtio_gpu snd_pcm virtio_dma_buf vmw_vsock_virtio_transport snd_timer drm_client_lib pcspkr snd virtio_balloon virtio_console drm_shmem_helper soundcore parport_pc drm_kms_helper parport button evdev sg drm fuse efi_pstore nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock vmw_vmci efivarfs qemu_fw_cfg virtio_rng ip_tables x_tables autofs4 xfs btrfs blake2b_generic xor raid6_pq dm_crypt dm_mod uas usb_storage hid_generic usbhid sr_mod hid ahci cdrom sd_mod xhci_pci libahci xhci_hcd libata virtio_scsi virtio_net iTCO_wdt scsi_mod usbcore net_failover intel_pmc_bxt virtio_blk failover psmouse [ 17.255581] iTCO_vendor_support watchdog polyval_clmulni virtio_pci polyval_generic ghash_clmulni_intel sha512_ssse3 sha256_ssse3 virtio_pci_legacy_dev i2c_i801 sha1_ssse3 virtio_pci_modern_dev serio_raw virtio lpc_ich i2c_smbus scsi_common virtio_ring floppy usb_common aesni_intel crypto_simd cryptd [ 17.258258] CPU: 8 UID: 0 PID: 1286 Comm: a.out Tainted: G D 6.14.0+ #2 [ 17.258260] Tainted: [D]=DIE [ 17.258260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 2025.02-5 03/28/2025 [ 17.258262] Call Trace: [ 17.258269] <TASK> [ 17.258272] dump_stack_lvl+0xad/0x100 [ 17.258276] dump_stack+0x13/0x1f [ 17.258277] __schedule_bug.cold+0x6a/0x8b [ 17.258279] __schedule+0xf0e/0x14a0 [ 17.258282] ? vprintk+0x12/0x20 [ 17.258283] ? _printk+0x6f/0xa0 [ 17.258285] do_task_dead+0x56/0x60 [ 17.258287] make_task_dead.cold+0x92/0x19b [ 17.258288] rewind_stack_and_make_dead+0x16/0x20 [ 17.258290] RIP: 0033:0x7f44aad60295 [ 17.258308] Code: Unable to access opcode bytes at 0x7f44aad6026b. [ 17.258309] RSP: 002b:00007fff05486478 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7 [ 17.258311] RAX: ffffffffffffffda RBX: 00007f44aae6bfe8 RCX: 00007f44aad60295 [ 17.258311] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000 [ 17.258312] RBP: 0000000000000000 R08: 00007fff05486410 R09: 0000000000000000 [ 17.258312] R10: 00007fff05486320 R11: 0000000000000206 R12: 00007f44aae6a680 [ 17.258313] R13: 00007f44aae93c20 R14: 0000000000000001 R15: 00007f44aae6c000 [ 17.258315] </TASK>