IRQ/nvme_pci_complete_rq: NULL pointer dereference yet again
Scott Bauer
scott.bauer at intel.com
Thu Apr 5 14:22:06 PDT 2018
On Thu, Apr 05, 2018 at 03:38:47PM -0600, Keith Busch wrote:
> On Thu, Apr 05, 2018 at 03:51:38PM -0500, Alex G. wrote:
> > Hi Keith,
> >
> > The NULL pointer dereference strikes yet again, but in a different
> > place. I think you'll love this one, as we can get it with native AER.
> > I'm not sure what to make of it, or why we get an invalid opcode with
> > the package, but the error is consistently tied to nvme.
>
> Interesting indeed.
>
> Invaild opcode is a BUG_ON triggering a kernel panic when it evaluates
> to true:
>
> [ 938.971059] kernel BUG at mm/slub.c:296!
>
> Which is this:
>
> static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp)
> {
> unsigned long freeptr_addr = (unsigned long)object + s->offset;
>
> #ifdef CONFIG_SLAB_FREELIST_HARDENED
> BUG_ON(object == fp); /* naive detection of double free or corruption */
> #endif
>
> *(void **)freeptr_addr = freelist_ptr(s, fp, freeptr_addr);
> }
>
> So the code thinks it's found memory corruption. Maybe it has.
Alex, are you able to build with KASAN? Assuming it is memory corruption KASAN can provide
us the location of the first free which may assist in debugging.
More information about the Linux-nvme
mailing list