← Back to team overview

kernel-packages team mailing list archive

[Bug 1037115] Re: BUG: unable to handle kernel NULL pointer dereference at 00000000000000e0; RIP: 0010:[<ffffffffa032b270>] [<ffffffffa032b270>] srp_process_rsp+0x50/0x170 [ib_srp]

 

I think you are looking for this patch (kernel 3.7;
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=220329916c72ee3d54ae7262b215a050f04a18fc):

commit 220329916c72ee3d54ae7262b215a050f04a18fc
Author: Bart Van Assche <bvanassche@xxxxxxx>
Date:   Tue Aug 14 13:18:53 2012 +0000

    IB/srp: Fix a race condition
    
    Avoid a crash caused by the scmnd->scsi_done(scmnd) call in
    srp_process_rsp() being invoked with scsi_done == NULL.  This can
    happen if a reply is received during or after a command abort.
    
    Reported-by: Joseph Glanville <joseph.glanville@xxxxxxxxxxxxxx>
    Reference: http://marc.info/?l=linux-rdma&m=134314367801595
    Cc: <stable@xxxxxxxxxxxxxxx>
    Acked-by: David Dillow <dillowda@xxxxxxxx>
    Signed-off-by: Bart Van Assche <bvanassche@xxxxxxx>
    Signed-off-by: Roland Dreier <roland@xxxxxxxxxxxxxxx>


** Tags removed: needs-upstream-testing
** Tags added: kernel-fixed-upstream-v3.7

** Tags added: kernel-fixed-upstream

** Changed in: linux (Ubuntu)
       Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1037115

Title:
  BUG: unable to handle kernel NULL pointer dereference at
  00000000000000e0; RIP: 0010:[<ffffffffa032b270>] [<ffffffffa032b270>]
  srp_process_rsp+0x50/0x170 [ib_srp]

Status in “linux” package in Ubuntu:
  Confirmed

Bug description:
  How to reproduce:
  1. Install ib_srpt r4468 from the SCST trunk on a target system.
  2. On an initiator system connected via InfiniBand to the target system, install Ubuntu 12.04.
  3. Run the following commands on the initiator system (where the login string must be modified according to the target login details):

  modprobe ib_srp
  for ((i=0;i<100;i++)); do echo -n "$i "; echo 'id_ext=0002c9030005f34e,ioc_guid=0002c9030005f34e,dgid=fe800000000000000002c9030005f350,pkey=ffff,service_id=0002c9030005f34e' >/sys/class/infiniband_srp/srp-mlx4_0-1/add_target; done

  Initiator details:
  # lsb_release -rd
  Description:    Ubuntu 12.04.1 LTS
  Release:        12.04
  # cat /proc/version_signature
  Ubuntu 3.2.0-29.46-generic 3.2.24

  Resulting kernel messages:

  [ 2428.880007] scsi host51: ib_srp: connection closed
  [ 2428.880015] scsi host64: ib_srp: connection closed
  [ 2428.881570] scsi host107: Null scmnd for RSP w/tag 0000000000000019
  [ 2428.882380] BUG: unable to handle kernel NULL pointer dereference at 00000000000000e0
  [ 2428.883210] IP: [<ffffffffa032b270>] srp_process_rsp+0x50/0x170 [ib_srp]
  [ 2428.884001] PGD 1b116d067 PUD 1b45a3067 PMD 0 
  [ 2428.884001] Oops: 0002 [#1] SMP 
  [ 2428.884001] CPU 1 
  [ 2428.884001] Modules linked in: netconsole configfs ib_srp scsi_transport_srp scsi_tgt ib_uverbs ib_umad ib_ipoib ib_cm ib_sa mlx4_ib ib_mad ib_core snd_hda_codec_hdmi radeon snd_hda_codec_analog ttm snd_hda_intel snd_hda_codec lp drm_kms_helper psmouse drm snd_hwdep snd_pcm i2c_algo_bit serio_raw snd_timer snd mac_hid asus_atk0110 parport soundcore snd_page_alloc firewire_ohci usbhid sky2 floppy hid firewire_core crc_itu_t skge pata_marvell mlx4_core
  [ 2428.884001] 
  [ 2428.884001] Pid: 3488, comm: kworker/1:6 Not tainted 3.2.0-29-generic #46-Ubuntu System manufacturer P5Q DELUXE/P5Q DELUXE
  [ 2428.884001] RIP: 0010:[<ffffffffa032b270>]  [<ffffffffa032b270>] srp_process_rsp+0x50/0x170 [ib_srp]
  [ 2428.884001] RSP: 0018:ffff8801bfc83d28  EFLAGS: 00010096
  [ 2428.884001] RAX: 0000000000000002 RBX: ffff88017cf48000 RCX: ffffffff81e1fbb6
  [ 2428.884001] RDX: 0000000000000000 RSI: 0000000000000086 RDI: 0000000000000046
  [ 2428.884001] RBP: ffff8801bfc83d48 R08: 0000000000000000 R09: 0000000000000000
  [ 2428.884001] R10: ffff8801b1d29000 R11: 0000000000000000 R12: 0000000000000000
  [ 2428.884001] R13: ffff88017ce52690 R14: ffff88017ce532f0 R15: 0000000000000000
  [ 2428.884001] FS:  0000000000000000(0000) GS:ffff8801bfc80000(0000) knlGS:0000000000000000
  [ 2428.884001] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  [ 2428.884001] CR2: 00000000000000e0 CR3: 00000001b26db000 CR4: 00000000000406e0
  [ 2428.884001] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
  [ 2428.884001] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
  [ 2428.904005] scsi host55: ib_srp: connection closed
  [ 2428.884001] Process kworker/1:6 (pid: 3488, threadinfo ffff88017defe000, task ffff88017de39700)
  [ 2428.884001] Stack:
  [ 2428.884001]  ffff88017ce52690 ffff88017d1db480 ffff8801b1a9e000 ffff8801b0d4f600
  [ 2428.884001]  ffff8801bfc83dc8 ffffffffa032cd2a 0000000000000082 0000000000000001
  [ 2428.884001]  ffff8801bfc83dc8 ffffffffa01f07c1 ffff880100000000 0000000000000082
  [ 2428.912006] scsi host74: ib_srp: connection closed
  [ 2428.884001] Call Trace:
  [ 2428.884001]  <IRQ> 
  [ 2428.884001]  [<ffffffffa032cd2a>] srp_handle_recv.isra.22+0x17a/0x2c0 [ib_srp]
  [ 2428.884001]  [<ffffffffa01f07c1>] ? mlx4_ib_poll_cq+0x81/0xd0 [mlx4_ib]
  [ 2428.884001]  [<ffffffff810829b5>] ? __queue_work+0xe5/0x320
  [ 2428.884001]  [<ffffffffa032ceb3>] srp_recv_completion+0x43/0xb0 [ib_srp]
  [ 2428.884001]  [<ffffffffa01ef517>] mlx4_ib_cq_comp+0x17/0x20 [mlx4_ib]
  [ 2428.884001]  [<ffffffffa0002461>] mlx4_cq_completion+0x41/0x80 [mlx4_core]
  [ 2428.884001]  [<ffffffffa0002d34>] mlx4_eq_int+0x224/0x280 [mlx4_core]
  [ 2428.884001]  [<ffffffffa0002da4>] mlx4_msi_x_interrupt+0x14/0x20 [mlx4_core]
  [ 2428.884001]  [<ffffffff810d88f5>] handle_irq_event_percpu+0x55/0x220
  [ 2428.884001]  [<ffffffff8106e4fd>] ? __do_softirq+0xfd/0x210
  [ 2428.884001]  [<ffffffff810d8b11>] handle_irq_event+0x51/0x80
  [ 2428.884001]  [<ffffffff810dbc67>] handle_edge_irq+0x87/0x140
  [ 2428.884001]  [<ffffffff81015282>] handle_irq+0x22/0x40
  [ 2428.884001]  [<ffffffff816649da>] do_IRQ+0x5a/0xe0
  [ 2428.884001]  [<ffffffff81659d6e>] common_interrupt+0x6e/0x6e
  [ 2428.884001]  <EOI> 
  [ 2428.884001]  [<ffffffff8106780f>] ? vprintk+0x1ef/0x4a0
  [ 2428.884001]  [<ffffffffa02d8c10>] ? cm_rej_handler+0x210/0x210 [ib_cm]
  [ 2428.884001]  [<ffffffff8164102c>] printk+0x51/0x53
  [ 2428.884001]  [<ffffffff813f1b7f>] __dev_printk+0x4f/0x90
  [ 2428.884001]  [<ffffffff813f1f15>] dev_printk+0x45/0x50
  [ 2428.884001]  [<ffffffffa032d9b3>] srp_cm_handler+0x183/0x1a0 [ib_srp]
  [ 2428.884001]  [<ffffffffa02d6ae7>] cm_process_work+0x27/0x140 [ib_cm]
  [ 2428.884001]  [<ffffffffa02d27f4>] ? cm_get_id+0x24/0x50 [ib_cm]
  [ 2428.884001]  [<ffffffffa02d8c10>] ? cm_rej_handler+0x210/0x210 [ib_cm]
  [ 2428.884001]  [<ffffffffa02d7ef3>] cm_timewait_handler+0x153/0x1b0 [ib_cm]
  [ 2428.884001]  [<ffffffffa02d8d45>] cm_work_handler+0x135/0x1dc [ib_cm]
  [ 2428.884001]  [<ffffffff810849ea>] process_one_work+0x11a/0x480
  [ 2428.884001]  [<ffffffff81085794>] worker_thread+0x164/0x370
  [ 2428.884001]  [<ffffffff81085630>] ? manage_workers.isra.29+0x130/0x130
  [ 2428.884001]  [<ffffffff81089fbc>] kthread+0x8c/0xa0
  [ 2428.884001]  [<ffffffff81664034>] kernel_thread_helper+0x4/0x10
  [ 2428.884001]  [<ffffffff81089f30>] ? flush_kthread_worker+0xa0/0xa0
  [ 2428.884001]  [<ffffffff81664030>] ? gs_change+0x13/0x13
  [ 2428.884001] Code: 89 f3 f7 c1 00 00 00 80 0f 85 e5 00 00 00 48 8d 04 c9 4c 8d b4 c7 58 05 00 00 4d 8b 66 10 4d 85 e4 0f 84 a4 00 00 00 0f b6 43 13 <41> 89 84 24 e0 00 00 00 0f b6 43 12 a8 02 74 30 8b 43 1c 8b 4b 
  [ 2428.884001] RIP  [<ffffffffa032b270>] srp_process_rsp+0x50/0x170 [ib_srp]
  [ 2428.884001]  RSP <ffff8801bfc83d28>
  [ 2428.884001] CR2: 00000000000000e0
  --- 
  AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.24.
  AplayDevices: Error: [Errno 2] No such file or directory
  ApportVersion: 2.0.1-0ubuntu12
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', '/dev/snd/controlC1', '/dev/snd/hwC1D0', '/dev/snd/pcmC1D3p', '/dev/snd/controlC0', '/dev/snd/hwC0D0', '/dev/snd/pcmC0D0c', '/dev/snd/pcmC0D0p', '/dev/snd/pcmC0D1c', '/dev/snd/pcmC0D1p', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
  CRDA: Error: [Errno 2] No such file or directory
  Card0.Amixer.info: Error: [Errno 2] No such file or directory
  Card0.Amixer.values: Error: [Errno 2] No such file or directory
  Card1.Amixer.info: Error: [Errno 2] No such file or directory
  Card1.Amixer.values: Error: [Errno 2] No such file or directory
  CurrentDmesg: [   24.240005] eth0: no IPv6 routers present
  DistroRelease: Ubuntu 12.04
  HibernationDevice: RESUME=UUID=ed6b25d1-0e71-46ec-aae4-502e9ce1cc58
  InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1)
  IwConfig:
   lo        no wireless extensions.
   
   eth1      no wireless extensions.
   
   eth0      no wireless extensions.
  MachineType: System manufacturer P5Q DELUXE
  Package: linux (not installed)
  ProcEnviron:
   LANGUAGE=en_US:en
   TERM=xterm
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 radeondrmfb
  ProcKernelCmdLine: root=UUID=45d4f579-9322-4eb0-beda-52b28e754ef3 ro quiet
  ProcVersionSignature: Ubuntu 3.2.0-29.46-generic 3.2.24
  RelatedPackageVersions:
   linux-restricted-modules-3.2.0-29-generic N/A
   linux-backports-modules-3.2.0-29-generic  N/A
   linux-firmware                            1.79
  RfKill: Error: [Errno 2] No such file or directory
  Tags:  precise
  Uname: Linux 3.2.0-29-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups:
   
  dmi.bios.date: 07/10/2009
  dmi.bios.vendor: American Megatrends Inc.
  dmi.bios.version: 2301
  dmi.board.asset.tag: To Be Filled By O.E.M.
  dmi.board.name: P5Q DELUXE
  dmi.board.vendor: ASUSTeK Computer INC.
  dmi.board.version: Rev 1.xx
  dmi.chassis.asset.tag: Asset-1234567890
  dmi.chassis.type: 3
  dmi.chassis.vendor: Chassis Manufacture
  dmi.chassis.version: Chassis Version
  dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr2301:bd07/10/2009:svnSystemmanufacturer:pnP5QDELUXE:pvrSystemVersion:rvnASUSTeKComputerINC.:rnP5QDELUXE:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion:
  dmi.product.name: P5Q DELUXE
  dmi.product.version: System Version
  dmi.sys.vendor: System manufacturer

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1037115/+subscriptions