nvme-tcp: kernel NULL pointer dereference, address: 0000000000000034

Daniel Wagner dwagner at suse.de
Tue Mar 21 01:23:08 PDT 2023 

On Sun, Mar 19, 2023 at 03:10:40PM +0200, Sagi Grimberg wrote:
> Thoughts?

It still crashes in the same way with both patches from this
disucssion applied.

 nvme nvme1: mapped 8/0/2 default/read/poll queues.
 general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI
 KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]
 CPU: 5 PID: 16617 Comm: nvme Kdump: loaded Tainted: G        W          6.3.0-rc1+ #9 d97c09c311a99b3c39b25760658850e8f66ae67b
 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
 RIP: 0010:blk_poll+0x31/0x350
 Code: 57 41 56 41 55 41 54 53 48 83 ec 18 41 89 cd 49 89 f6 48 89 fd 48 b9 00 00 00 00 00 fc ff df 48 8d 5a 34 48 89 d8 48 c1 e8 03 <8a> 04 08 84 c0 0f 85 ea 02 00 00 44 8b 23 45 31 ff 4

 RSP: 0018:ffff888114dbf670 EFLAGS: 00010207
 RAX: 0000000000000006 RBX: 0000000000000034 RCX: dffffc0000000000
 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881182f56e0
 RBP: ffff8881182f56e0 R08: dffffc0000000000 R09: fffffbfff3803f46
 R10: fffffbfff3803f46 R11: 1ffffffff3803f45 R12: ffff888132860018
 R13: 0000000000000000 R14: 0000000000000000 R15: ffff888114dbf700
 FS:  00007efde0867780(0000) GS:ffff8881f1400000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000556f0b5af810 CR3: 0000000105c9a005 CR4: 0000000000170ee0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 Call Trace:
  <TASK>
  ? __init_swait_queue_head+0xab/0x140
  blk_execute_rq+0x388/0x590
  ? blk_rq_is_poll+0xb0/0xb0
  ? complete+0x2c/0x1e0
  ? blk_rq_map_kern+0x5e0/0x790
  __nvme_submit_sync_cmd+0x31c/0x6a0 [nvme_core 355464cf83c3fcaf7cde9c80e64f0ce3bbc1f5e0]
  nvmf_connect_io_queue+0x30d/0x5e0 [nvme_fabrics a56b21f9a9f011a785bd0916f38d0deca6de166d]
  ? nvmf_log_connect_error+0x470/0x470 [nvme_fabrics a56b21f9a9f011a785bd0916f38d0deca6de166d]
  ? blk_set_default_limits+0x195/0x4d0
  ? blk_alloc_queue+0x3a4/0x460
  nvme_tcp_start_queue+0x30/0x360 [nvme_tcp 8413e4e242b091568613e66c1cbb42a8845a3aa7]
  nvme_tcp_setup_ctrl+0xc03/0x1690 [nvme_tcp 8413e4e242b091568613e66c1cbb42a8845a3aa7]
  ? nvme_reset_ctrl_work+0xf0/0xf0 [nvme_tcp 8413e4e242b091568613e66c1cbb42a8845a3aa7]
  ? _raw_spin_unlock_irqrestore+0x32/0x50
  ? nvme_change_ctrl_state+0xec/0x2d0 [nvme_core 355464cf83c3fcaf7cde9c80e64f0ce3bbc1f5e0]
  nvme_tcp_create_ctrl+0x71e/0xa80 [nvme_tcp 8413e4e242b091568613e66c1cbb42a8845a3aa7]
  nvmf_dev_write+0x498/0x790 [nvme_fabrics a56b21f9a9f011a785bd0916f38d0deca6de166d]
  vfs_write+0x1fc/0xaa0
  ? n_tty_read+0x1250/0x1250
  ? file_end_write+0x1a0/0x1a0
  ? vfs_write+0x57f/0xaa0
  ? file_end_write+0x1a0/0x1a0
  ? __fdget_pos+0x51/0x250
  ksys_write+0x128/0x210
  ? __ia32_sys_read+0x80/0x80
  ? syscall_enter_from_user_mode+0x2e/0x1c0
  do_syscall_64+0x60/0x90
  ? do_syscall_64+0x6e/0x90
  ? do_user_addr_fault+0x747/0x8e0
  entry_SYSCALL_64_after_hwframe+0x63/0xcd
 RIP: 0033:0x7efddf706af3

More information about the Linux-nvme mailing list