[Kernel-packages] [Bug 1037115] Re: BUG: unable to handle kernel NULL pointer dereference at 00000000000000e0; RIP: 0010:[ffffffffa032b270] [ffffffffa032b270] srp_process_rsp+0x50/0x170 [ib_srp]
Marking fix released since the patch in #18 has been applied to Precise and Quantal. ** Changed in: linux (Ubuntu) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1037115 Title: BUG: unable to handle kernel NULL pointer dereference at 00e0; RIP: 0010:[a032b270] [a032b270] srp_process_rsp+0x50/0x170 [ib_srp] Status in “linux” package in Ubuntu: Fix Released Bug description: How to reproduce: 1. Install ib_srpt r4468 from the SCST trunk on a target system. 2. On an initiator system connected via InfiniBand to the target system, install Ubuntu 12.04. 3. Run the following commands on the initiator system (where the login string must be modified according to the target login details): modprobe ib_srp for ((i=0;i100;i++)); do echo -n $i ; echo 'id_ext=0002c9030005f34e,ioc_guid=0002c9030005f34e,dgid=fe82c9030005f350,pkey=,service_id=0002c9030005f34e' /sys/class/infiniband_srp/srp-mlx4_0-1/add_target; done Initiator details: # lsb_release -rd Description:Ubuntu 12.04.1 LTS Release:12.04 # cat /proc/version_signature Ubuntu 3.2.0-29.46-generic 3.2.24 Resulting kernel messages: [ 2428.880007] scsi host51: ib_srp: connection closed [ 2428.880015] scsi host64: ib_srp: connection closed [ 2428.881570] scsi host107: Null scmnd for RSP w/tag 0019 [ 2428.882380] BUG: unable to handle kernel NULL pointer dereference at 00e0 [ 2428.883210] IP: [a032b270] srp_process_rsp+0x50/0x170 [ib_srp] [ 2428.884001] PGD 1b116d067 PUD 1b45a3067 PMD 0 [ 2428.884001] Oops: 0002 [#1] SMP [ 2428.884001] CPU 1 [ 2428.884001] Modules linked in: netconsole configfs ib_srp scsi_transport_srp scsi_tgt ib_uverbs ib_umad ib_ipoib ib_cm ib_sa mlx4_ib ib_mad ib_core snd_hda_codec_hdmi radeon snd_hda_codec_analog ttm snd_hda_intel snd_hda_codec lp drm_kms_helper psmouse drm snd_hwdep snd_pcm i2c_algo_bit serio_raw snd_timer snd mac_hid asus_atk0110 parport soundcore snd_page_alloc firewire_ohci usbhid sky2 floppy hid firewire_core crc_itu_t skge pata_marvell mlx4_core [ 2428.884001] [ 2428.884001] Pid: 3488, comm: kworker/1:6 Not tainted 3.2.0-29-generic #46-Ubuntu System manufacturer P5Q DELUXE/P5Q DELUXE [ 2428.884001] RIP: 0010:[a032b270] [a032b270] srp_process_rsp+0x50/0x170 [ib_srp] [ 2428.884001] RSP: 0018:8801bfc83d28 EFLAGS: 00010096 [ 2428.884001] RAX: 0002 RBX: 88017cf48000 RCX: 81e1fbb6 [ 2428.884001] RDX: RSI: 0086 RDI: 0046 [ 2428.884001] RBP: 8801bfc83d48 R08: R09: [ 2428.884001] R10: 8801b1d29000 R11: R12: [ 2428.884001] R13: 88017ce52690 R14: 88017ce532f0 R15: [ 2428.884001] FS: () GS:8801bfc8() knlGS: [ 2428.884001] CS: 0010 DS: ES: CR0: 8005003b [ 2428.884001] CR2: 00e0 CR3: 0001b26db000 CR4: 000406e0 [ 2428.884001] DR0: DR1: DR2: [ 2428.884001] DR3: DR6: 0ff0 DR7: 0400 [ 2428.904005] scsi host55: ib_srp: connection closed [ 2428.884001] Process kworker/1:6 (pid: 3488, threadinfo 88017defe000, task 88017de39700) [ 2428.884001] Stack: [ 2428.884001] 88017ce52690 88017d1db480 8801b1a9e000 8801b0d4f600 [ 2428.884001] 8801bfc83dc8 a032cd2a 0082 0001 [ 2428.884001] 8801bfc83dc8 a01f07c1 8801 0082 [ 2428.912006] scsi host74: ib_srp: connection closed [ 2428.884001] Call Trace: [ 2428.884001] IRQ [ 2428.884001] [a032cd2a] srp_handle_recv.isra.22+0x17a/0x2c0 [ib_srp] [ 2428.884001] [a01f07c1] ? mlx4_ib_poll_cq+0x81/0xd0 [mlx4_ib] [ 2428.884001] [810829b5] ? __queue_work+0xe5/0x320 [ 2428.884001] [a032ceb3] srp_recv_completion+0x43/0xb0 [ib_srp] [ 2428.884001] [a01ef517] mlx4_ib_cq_comp+0x17/0x20 [mlx4_ib] [ 2428.884001] [a0002461] mlx4_cq_completion+0x41/0x80 [mlx4_core] [ 2428.884001] [a0002d34] mlx4_eq_int+0x224/0x280 [mlx4_core] [ 2428.884001] [a0002da4] mlx4_msi_x_interrupt+0x14/0x20 [mlx4_core] [ 2428.884001] [810d88f5] handle_irq_event_percpu+0x55/0x220 [ 2428.884001] [8106e4fd] ? __do_softirq+0xfd/0x210 [ 2428.884001] [810d8b11] handle_irq_event+0x51/0x80 [ 2428.884001] [810dbc67] handle_edge_irq+0x87/0x140 [ 2428.884001] [81015282] handle_irq+0x22/0x40 [ 2428.884001] [816649da] do_IRQ+0x5a/0xe0 [ 2428.884001] [81659d6e]
[Kernel-packages] [Bug 1037115] Re: BUG: unable to handle kernel NULL pointer dereference at 00000000000000e0; RIP: 0010:[ffffffffa032b270] [ffffffffa032b270] srp_process_rsp+0x50/0x170 [ib_srp]
Bart Van Assche, this bug was reported a while ago and there hasn't been any activity in it recently. We were wondering if this is still an issue? If so, could you please test the latest upstream kernel available following https://wiki.ubuntu.com/KernelMainlineBuilds ? It will allow additional upstream developers to examine the issue. Please do not test the daily folder, but the one all the way at the bottom. Once you've tested the upstream kernel, please comment on which kernel version specifically you tested. If this bug is fixed in the mainline kernel, please add the following tags: kernel-fixed-upstream kernel-fixed-upstream-VERSION-NUMBER where VERSION-NUMBER is the version number of the kernel you tested. For example: kernel-fixed-upstream-v3.11-rc7 This can be done by clicking on the yellow circle with a black pencil icon next to the word Tags located at the bottom of the bug description. As well, please remove the tag: needs-upstream-testing If the mainline kernel does not fix this bug, please add the following tags: kernel-bug-exists-upstream kernel-bug-exists-upstream-VERSION-NUMBER As well, please remove the tag: needs-upstream-testing Once testing of the upstream kernel is complete, please mark this bug's Status as Confirmed. Please let us know your results. Thank you for your understanding. ** Changed in: linux (Ubuntu) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1037115 Title: BUG: unable to handle kernel NULL pointer dereference at 00e0; RIP: 0010:[a032b270] [a032b270] srp_process_rsp+0x50/0x170 [ib_srp] Status in “linux” package in Ubuntu: Incomplete Bug description: How to reproduce: 1. Install ib_srpt r4468 from the SCST trunk on a target system. 2. On an initiator system connected via InfiniBand to the target system, install Ubuntu 12.04. 3. Run the following commands on the initiator system (where the login string must be modified according to the target login details): modprobe ib_srp for ((i=0;i100;i++)); do echo -n $i ; echo 'id_ext=0002c9030005f34e,ioc_guid=0002c9030005f34e,dgid=fe82c9030005f350,pkey=,service_id=0002c9030005f34e' /sys/class/infiniband_srp/srp-mlx4_0-1/add_target; done Initiator details: # lsb_release -rd Description:Ubuntu 12.04.1 LTS Release:12.04 # cat /proc/version_signature Ubuntu 3.2.0-29.46-generic 3.2.24 Resulting kernel messages: [ 2428.880007] scsi host51: ib_srp: connection closed [ 2428.880015] scsi host64: ib_srp: connection closed [ 2428.881570] scsi host107: Null scmnd for RSP w/tag 0019 [ 2428.882380] BUG: unable to handle kernel NULL pointer dereference at 00e0 [ 2428.883210] IP: [a032b270] srp_process_rsp+0x50/0x170 [ib_srp] [ 2428.884001] PGD 1b116d067 PUD 1b45a3067 PMD 0 [ 2428.884001] Oops: 0002 [#1] SMP [ 2428.884001] CPU 1 [ 2428.884001] Modules linked in: netconsole configfs ib_srp scsi_transport_srp scsi_tgt ib_uverbs ib_umad ib_ipoib ib_cm ib_sa mlx4_ib ib_mad ib_core snd_hda_codec_hdmi radeon snd_hda_codec_analog ttm snd_hda_intel snd_hda_codec lp drm_kms_helper psmouse drm snd_hwdep snd_pcm i2c_algo_bit serio_raw snd_timer snd mac_hid asus_atk0110 parport soundcore snd_page_alloc firewire_ohci usbhid sky2 floppy hid firewire_core crc_itu_t skge pata_marvell mlx4_core [ 2428.884001] [ 2428.884001] Pid: 3488, comm: kworker/1:6 Not tainted 3.2.0-29-generic #46-Ubuntu System manufacturer P5Q DELUXE/P5Q DELUXE [ 2428.884001] RIP: 0010:[a032b270] [a032b270] srp_process_rsp+0x50/0x170 [ib_srp] [ 2428.884001] RSP: 0018:8801bfc83d28 EFLAGS: 00010096 [ 2428.884001] RAX: 0002 RBX: 88017cf48000 RCX: 81e1fbb6 [ 2428.884001] RDX: RSI: 0086 RDI: 0046 [ 2428.884001] RBP: 8801bfc83d48 R08: R09: [ 2428.884001] R10: 8801b1d29000 R11: R12: [ 2428.884001] R13: 88017ce52690 R14: 88017ce532f0 R15: [ 2428.884001] FS: () GS:8801bfc8() knlGS: [ 2428.884001] CS: 0010 DS: ES: CR0: 8005003b [ 2428.884001] CR2: 00e0 CR3: 0001b26db000 CR4: 000406e0 [ 2428.884001] DR0: DR1: DR2: [ 2428.884001] DR3: DR6: 0ff0 DR7: 0400 [ 2428.904005] scsi host55: ib_srp: connection closed [ 2428.884001] Process kworker/1:6 (pid: 3488, threadinfo 88017defe000, task 88017de39700) [ 2428.884001] Stack: [ 2428.884001] 88017ce52690 88017d1db480 8801b1a9e000 8801b0d4f600 [ 2428.884001] 8801bfc83dc8 a032cd2a
[Kernel-packages] [Bug 1037115] Re: BUG: unable to handle kernel NULL pointer dereference at 00000000000000e0; RIP: 0010:[ffffffffa032b270] [ffffffffa032b270] srp_process_rsp+0x50/0x170 [ib_srp]
I think you are looking for this patch (kernel 3.7; https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=220329916c72ee3d54ae7262b215a050f04a18fc): commit 220329916c72ee3d54ae7262b215a050f04a18fc Author: Bart Van Assche bvanass...@acm.org Date: Tue Aug 14 13:18:53 2012 + IB/srp: Fix a race condition Avoid a crash caused by the scmnd-scsi_done(scmnd) call in srp_process_rsp() being invoked with scsi_done == NULL. This can happen if a reply is received during or after a command abort. Reported-by: Joseph Glanville joseph.glanvi...@orionvm.com.au Reference: http://marc.info/?l=linux-rdmam=134314367801595 Cc: sta...@vger.kernel.org Acked-by: David Dillow dillo...@ornl.gov Signed-off-by: Bart Van Assche bvanass...@acm.org Signed-off-by: Roland Dreier rol...@purestorage.com ** Tags removed: needs-upstream-testing ** Tags added: kernel-fixed-upstream-v3.7 ** Tags added: kernel-fixed-upstream ** Changed in: linux (Ubuntu) Status: Incomplete = Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1037115 Title: BUG: unable to handle kernel NULL pointer dereference at 00e0; RIP: 0010:[a032b270] [a032b270] srp_process_rsp+0x50/0x170 [ib_srp] Status in “linux” package in Ubuntu: Confirmed Bug description: How to reproduce: 1. Install ib_srpt r4468 from the SCST trunk on a target system. 2. On an initiator system connected via InfiniBand to the target system, install Ubuntu 12.04. 3. Run the following commands on the initiator system (where the login string must be modified according to the target login details): modprobe ib_srp for ((i=0;i100;i++)); do echo -n $i ; echo 'id_ext=0002c9030005f34e,ioc_guid=0002c9030005f34e,dgid=fe82c9030005f350,pkey=,service_id=0002c9030005f34e' /sys/class/infiniband_srp/srp-mlx4_0-1/add_target; done Initiator details: # lsb_release -rd Description:Ubuntu 12.04.1 LTS Release:12.04 # cat /proc/version_signature Ubuntu 3.2.0-29.46-generic 3.2.24 Resulting kernel messages: [ 2428.880007] scsi host51: ib_srp: connection closed [ 2428.880015] scsi host64: ib_srp: connection closed [ 2428.881570] scsi host107: Null scmnd for RSP w/tag 0019 [ 2428.882380] BUG: unable to handle kernel NULL pointer dereference at 00e0 [ 2428.883210] IP: [a032b270] srp_process_rsp+0x50/0x170 [ib_srp] [ 2428.884001] PGD 1b116d067 PUD 1b45a3067 PMD 0 [ 2428.884001] Oops: 0002 [#1] SMP [ 2428.884001] CPU 1 [ 2428.884001] Modules linked in: netconsole configfs ib_srp scsi_transport_srp scsi_tgt ib_uverbs ib_umad ib_ipoib ib_cm ib_sa mlx4_ib ib_mad ib_core snd_hda_codec_hdmi radeon snd_hda_codec_analog ttm snd_hda_intel snd_hda_codec lp drm_kms_helper psmouse drm snd_hwdep snd_pcm i2c_algo_bit serio_raw snd_timer snd mac_hid asus_atk0110 parport soundcore snd_page_alloc firewire_ohci usbhid sky2 floppy hid firewire_core crc_itu_t skge pata_marvell mlx4_core [ 2428.884001] [ 2428.884001] Pid: 3488, comm: kworker/1:6 Not tainted 3.2.0-29-generic #46-Ubuntu System manufacturer P5Q DELUXE/P5Q DELUXE [ 2428.884001] RIP: 0010:[a032b270] [a032b270] srp_process_rsp+0x50/0x170 [ib_srp] [ 2428.884001] RSP: 0018:8801bfc83d28 EFLAGS: 00010096 [ 2428.884001] RAX: 0002 RBX: 88017cf48000 RCX: 81e1fbb6 [ 2428.884001] RDX: RSI: 0086 RDI: 0046 [ 2428.884001] RBP: 8801bfc83d48 R08: R09: [ 2428.884001] R10: 8801b1d29000 R11: R12: [ 2428.884001] R13: 88017ce52690 R14: 88017ce532f0 R15: [ 2428.884001] FS: () GS:8801bfc8() knlGS: [ 2428.884001] CS: 0010 DS: ES: CR0: 8005003b [ 2428.884001] CR2: 00e0 CR3: 0001b26db000 CR4: 000406e0 [ 2428.884001] DR0: DR1: DR2: [ 2428.884001] DR3: DR6: 0ff0 DR7: 0400 [ 2428.904005] scsi host55: ib_srp: connection closed [ 2428.884001] Process kworker/1:6 (pid: 3488, threadinfo 88017defe000, task 88017de39700) [ 2428.884001] Stack: [ 2428.884001] 88017ce52690 88017d1db480 8801b1a9e000 8801b0d4f600 [ 2428.884001] 8801bfc83dc8 a032cd2a 0082 0001 [ 2428.884001] 8801bfc83dc8 a01f07c1 8801 0082 [ 2428.912006] scsi host74: ib_srp: connection closed [ 2428.884001] Call Trace: [ 2428.884001] IRQ [ 2428.884001] [a032cd2a] srp_handle_recv.isra.22+0x17a/0x2c0 [ib_srp] [ 2428.884001] [a01f07c1] ?
[Kernel-packages] [Bug 1037115] Re: BUG: unable to handle kernel NULL pointer dereference at 00000000000000e0; RIP: 0010:[ffffffffa032b270] [ffffffffa032b270] srp_process_rsp+0x50/0x170 [ib_srp]
** Tags removed: kernel-bug-exists-upstream-v3.6-rc1 ** Tags added: cherry-pick -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1037115 Title: BUG: unable to handle kernel NULL pointer dereference at 00e0; RIP: 0010:[a032b270] [a032b270] srp_process_rsp+0x50/0x170 [ib_srp] Status in “linux” package in Ubuntu: Confirmed Bug description: How to reproduce: 1. Install ib_srpt r4468 from the SCST trunk on a target system. 2. On an initiator system connected via InfiniBand to the target system, install Ubuntu 12.04. 3. Run the following commands on the initiator system (where the login string must be modified according to the target login details): modprobe ib_srp for ((i=0;i100;i++)); do echo -n $i ; echo 'id_ext=0002c9030005f34e,ioc_guid=0002c9030005f34e,dgid=fe82c9030005f350,pkey=,service_id=0002c9030005f34e' /sys/class/infiniband_srp/srp-mlx4_0-1/add_target; done Initiator details: # lsb_release -rd Description:Ubuntu 12.04.1 LTS Release:12.04 # cat /proc/version_signature Ubuntu 3.2.0-29.46-generic 3.2.24 Resulting kernel messages: [ 2428.880007] scsi host51: ib_srp: connection closed [ 2428.880015] scsi host64: ib_srp: connection closed [ 2428.881570] scsi host107: Null scmnd for RSP w/tag 0019 [ 2428.882380] BUG: unable to handle kernel NULL pointer dereference at 00e0 [ 2428.883210] IP: [a032b270] srp_process_rsp+0x50/0x170 [ib_srp] [ 2428.884001] PGD 1b116d067 PUD 1b45a3067 PMD 0 [ 2428.884001] Oops: 0002 [#1] SMP [ 2428.884001] CPU 1 [ 2428.884001] Modules linked in: netconsole configfs ib_srp scsi_transport_srp scsi_tgt ib_uverbs ib_umad ib_ipoib ib_cm ib_sa mlx4_ib ib_mad ib_core snd_hda_codec_hdmi radeon snd_hda_codec_analog ttm snd_hda_intel snd_hda_codec lp drm_kms_helper psmouse drm snd_hwdep snd_pcm i2c_algo_bit serio_raw snd_timer snd mac_hid asus_atk0110 parport soundcore snd_page_alloc firewire_ohci usbhid sky2 floppy hid firewire_core crc_itu_t skge pata_marvell mlx4_core [ 2428.884001] [ 2428.884001] Pid: 3488, comm: kworker/1:6 Not tainted 3.2.0-29-generic #46-Ubuntu System manufacturer P5Q DELUXE/P5Q DELUXE [ 2428.884001] RIP: 0010:[a032b270] [a032b270] srp_process_rsp+0x50/0x170 [ib_srp] [ 2428.884001] RSP: 0018:8801bfc83d28 EFLAGS: 00010096 [ 2428.884001] RAX: 0002 RBX: 88017cf48000 RCX: 81e1fbb6 [ 2428.884001] RDX: RSI: 0086 RDI: 0046 [ 2428.884001] RBP: 8801bfc83d48 R08: R09: [ 2428.884001] R10: 8801b1d29000 R11: R12: [ 2428.884001] R13: 88017ce52690 R14: 88017ce532f0 R15: [ 2428.884001] FS: () GS:8801bfc8() knlGS: [ 2428.884001] CS: 0010 DS: ES: CR0: 8005003b [ 2428.884001] CR2: 00e0 CR3: 0001b26db000 CR4: 000406e0 [ 2428.884001] DR0: DR1: DR2: [ 2428.884001] DR3: DR6: 0ff0 DR7: 0400 [ 2428.904005] scsi host55: ib_srp: connection closed [ 2428.884001] Process kworker/1:6 (pid: 3488, threadinfo 88017defe000, task 88017de39700) [ 2428.884001] Stack: [ 2428.884001] 88017ce52690 88017d1db480 8801b1a9e000 8801b0d4f600 [ 2428.884001] 8801bfc83dc8 a032cd2a 0082 0001 [ 2428.884001] 8801bfc83dc8 a01f07c1 8801 0082 [ 2428.912006] scsi host74: ib_srp: connection closed [ 2428.884001] Call Trace: [ 2428.884001] IRQ [ 2428.884001] [a032cd2a] srp_handle_recv.isra.22+0x17a/0x2c0 [ib_srp] [ 2428.884001] [a01f07c1] ? mlx4_ib_poll_cq+0x81/0xd0 [mlx4_ib] [ 2428.884001] [810829b5] ? __queue_work+0xe5/0x320 [ 2428.884001] [a032ceb3] srp_recv_completion+0x43/0xb0 [ib_srp] [ 2428.884001] [a01ef517] mlx4_ib_cq_comp+0x17/0x20 [mlx4_ib] [ 2428.884001] [a0002461] mlx4_cq_completion+0x41/0x80 [mlx4_core] [ 2428.884001] [a0002d34] mlx4_eq_int+0x224/0x280 [mlx4_core] [ 2428.884001] [a0002da4] mlx4_msi_x_interrupt+0x14/0x20 [mlx4_core] [ 2428.884001] [810d88f5] handle_irq_event_percpu+0x55/0x220 [ 2428.884001] [8106e4fd] ? __do_softirq+0xfd/0x210 [ 2428.884001] [810d8b11] handle_irq_event+0x51/0x80 [ 2428.884001] [810dbc67] handle_edge_irq+0x87/0x140 [ 2428.884001] [81015282] handle_irq+0x22/0x40 [ 2428.884001] [816649da] do_IRQ+0x5a/0xe0 [ 2428.884001] [81659d6e] common_interrupt+0x6e/0x6e [ 2428.884001] EOI [ 2428.884001] [8106780f] ?
