The merge 49b3f10e2cf5c1c25d2ce33ab255cff8a8096ce6 seems to have only one
commit: 254c4407cb84a6dec90336054615b0f0e996bb7c, so I added you guys in.
Please take a look if this is a real problem, thanks.
FYI, we noticed the below changes on
git://git.kernel.dk/linux-block.git for-next
commit 49b3f10e2cf5c1c25d2ce33ab255cff8a8096ce6 ("Merge branch 'for-3.17/core' into for-next")
+------------------------------------------------------+------------+------------+
| | 45c1010407 | 49b3f10e2c |
+------------------------------------------------------+------------+------------+
| boot_successes | 40 | 10 |
| boot_failures | 21 | 15 |
| BUG:kernel_early_hang_without_any_printk_output | 21 | 1 |
| kernel_BUG_at_fs/direct-io.c | 0 | 10 |
| invalid_opcode | 0 | 14 |
| RIP:dio_send_cur_page | 0 | 10 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 14 |
| backtrace:vfs_write | 0 | 10 |
| backtrace:SyS_pwrite64 | 0 | 10 |
| BUG:unable_to_handle_kernel_NULL_pointer_dereference | 0 | 4 |
| Oops | 0 | 4 |
| RIP:blk_throtl_drain | 0 | 4 |
| kernel_BUG_at_arch/x86/mm/pageattr.c | 0 | 4 |
| RIP:change_page_attr_set_clr | 0 | 4 |
| backtrace:scsi_debug_exit | 0 | 4 |
| backtrace:SyS_delete_module | 0 | 4 |
+------------------------------------------------------+------------+------------+
[ 1010.593031] sda: unknown partition table
[ 1010.598052] sd 2:0:0:0: [sda] Attached SCSI disk
[ 1012.893125] sd 2:0:0:0: [sda] Synchronizing SCSI cache
[ 1012.895934] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
[ 1012.896336] IP: [<ffffffff813cf880>] blk_throtl_drain+0x30/0x150
[ 1012.896336] PGD 0
[ 1012.896336] Oops: 0000 [#1] SMP
[ 1012.896336] Modules linked in: sd_mod scsi_debug(-) crct10dif_generic crc_t10dif crct10dif_common loop ipmi_watchdog ipmi_msghandler dm_mod fuse sg sr_mod cdrom ata_generic pata_acpi parport_pc parport floppy snd_pcm snd_timer snd cirrus ata_piix soundcore syscopyarea pcspkr sysfillrect sysimgblt ttm drm_kms_helper libata drm i2c_piix4
[ 1012.896336] CPU: 1 PID: 8020 Comm: rmmod Not tainted 3.16.0-rc3-01927-ge376abf #1
[ 1012.896336] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1012.896336] task: ffff8801151a0000 ti: ffff880079668000 task.ti: ffff880079668000
[ 1012.896336] RIP: 0010:[<ffffffff813cf880>] [<ffffffff813cf880>] blk_throtl_drain+0x30/0x150
[ 1012.896336] RSP: 0018:ffff88007966bb60 EFLAGS: 00010046
[ 1012.896336] RAX: 0000000000000000 RBX: ffff8800bdbba6e8 RCX: ffff88007dea1a20
[ 1012.896336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1012.896336] RBP: ffff88007966bb78 R08: 0000000000000000 R09: 0000000000000046
[ 1012.896336] R10: ffff88007966bb78 R11: 0000000000000246 R12: ffff8800bdbba6e8
[ 1012.896336] R13: ffff880091ba3800 R14: ffff8800bdbbad40 R15: ffff880030a13120
[ 1012.896336] FS: 00007fa159320700(0000) GS:ffff88011fc80000(0000) knlGS:0000000000000000
[ 1012.896336] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 1012.896336] CR2: 0000000000000028 CR3: 000000007f42e000 CR4: 00000000000006e0
[ 1012.896336] Stack:
[ 1012.896336] ffff8800bdbba6e8 0000000000000000 ffff8800bdbbad50 ffff88007966bb88
[ 1012.896336] ffffffff813cc8ce ffff88007966bbb8 ffffffff813b1aac ffff8800bdbba6e8
[ 1012.896336] ffffffff81cf9200 ffff8800bdbba6e8 ffff880030a13000 ffff88007966bbd0
[ 1012.896336] Call Trace:
[ 1012.896336] [<ffffffff813cc8ce>] blkcg_drain_queue+0xe/0x10
[ 1012.896336] [<ffffffff813b1aac>] __blk_drain_queue+0x7c/0x180
[ 1012.896336] [<ffffffff813b1c3e>] blk_queue_bypass_start+0x8e/0xd0
[ 1012.896336] [<ffffffff813cba88>] blkcg_deactivate_policy+0x38/0x140
[ 1012.896336] [<ffffffff813cfad4>] blk_throtl_exit+0x34/0x50
[ 1012.896336] [<ffffffff813cc918>] blkcg_exit_queue+0x48/0x70
[ 1012.896336] [<ffffffff813b5306>] blk_release_queue+0x26/0x100
[ 1012.896336] [<ffffffff813dd9e7>] kobject_cleanup+0x77/0x1b0
[ 1012.896336] [<ffffffff813dd898>] kobject_put+0x28/0x60
[ 1012.896336] [<ffffffff813ae945>] blk_put_queue+0x15/0x20
[ 1012.896336] [<ffffffff8151e6bb>] scsi_device_dev_release_usercontext+0xbb/0x120
[ 1012.896336] [<ffffffff81087647>] execute_in_process_context+0x67/0x70
[ 1012.896336] [<ffffffff8151e5fc>] scsi_device_dev_release+0x1c/0x20
[ 1012.896336] [<ffffffff814dfab2>] device_release+0x32/0xa0
[ 1012.896336] [<ffffffff813dd9e7>] kobject_cleanup+0x77/0x1b0
[ 1012.896336] [<ffffffff813dd898>] kobject_put+0x28/0x60
[ 1012.896336] [<ffffffff814dfda7>] put_device+0x17/0x20
[ 1012.896336] [<ffffffff8151f109>] __scsi_remove_device+0xa9/0xe0
[ 1012.896336] [<ffffffff8151d6b4>] scsi_forget_host+0x64/0x70
[ 1012.896336] [<ffffffff81511bb7>] scsi_remove_host+0x77/0x120
[ 1012.896336] [<ffffffffa01e15a9>] sdebug_driver_remove+0x29/0x90 [scsi_debug]
[ 1012.896336] [<ffffffff814e403f>] __device_release_driver+0x7f/0xf0
[ 1012.896336] [<ffffffff814e40d3>] device_release_driver+0x23/0x30
[ 1012.896336] [<ffffffff814e39d8>] bus_remove_device+0x108/0x180
[ 1012.896336] [<ffffffff814e02d9>] device_del+0x129/0x1c0
[ 1012.896336] [<ffffffff814e038e>] device_unregister+0x1e/0x60
[ 1012.896336] [<ffffffffa01e0efc>] sdebug_remove_adapter+0x4c/0x70 [scsi_debug]
[ 1012.896336] [<ffffffffa01e552d>] scsi_debug_exit+0x19/0xaec [scsi_debug]
[ 1012.896336] [<ffffffff810ea51e>] SyS_delete_module+0x12e/0x1c0
[ 1012.896336] [<ffffffff810536b9>] ? do_async_page_fault+0x29/0xe0
[ 1012.896336] [<ffffffff81836b88>] ? async_page_fault+0x28/0x30
[ 1012.896336] [<ffffffff81834ba9>] system_call_fastpath+0x16/0x1b
[ 1012.896336] Code: 55 65 ff 04 25 a0 c7 00 00 48 89 e5 41 55 41 54 49 89 fc 53 4c 8b af 40 07 00 00 49 8b 85 a0 00 00 00 31 ff 48 8b 80 c8 05 00 00 <48> 8b 70 28 e8 37 7f d2 ff 48 85 c0 48 89 c3 74 61 0f 1f 80 00
[ 1012.896336] RIP [<ffffffff813cf880>] blk_throtl_drain+0x30/0x150
[ 1012.896336] RSP <ffff88007966bb60>
[ 1012.896336] CR2: 0000000000000028
[ 1012.896336] ------------[ cut here ]------------
[ 1012.896336] kernel BUG at arch/x86/mm/pageattr.c:216!
[ 1012.896336] invalid opcode: 0000 [#2] SMP
[ 1012.896336] Modules linked in: sd_mod scsi_debug(-) crct10dif_generic crc_t10dif crct10dif_common loop ipmi_watchdog ipmi_msghandler dm_mod fuse sg sr_mod cdrom ata_generic pata_acpi parport_pc parport floppy snd_pcm snd_timer snd cirrus ata_piix soundcore syscopyarea pcspkr sysfillrect sysimgblt ttm drm_kms_helper libata drm i2c_piix4
[ 1012.896336] CPU: 1 PID: 8020 Comm: rmmod Not tainted 3.16.0-rc3-01927-ge376abf #1
[ 1012.896336] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 1012.896336] task: ffff8801151a0000 ti: ffff880079668000 task.ti: ffff880079668000
[ 1012.896336] RIP: 0010:[<ffffffff8105bbd3>] [<ffffffff8105bbd3>] change_page_attr_set_clr+0x433/0x440
[ 1012.896336] RSP: 0018:ffff88007966aec8 EFLAGS: 00010046
[ 1012.896336] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000010
[ 1012.896336] RDX: 0000000000002200 RSI: 0000000000000000 RDI: 0000000080000000
[ 1012.896336] RBP: ffff88007966af58 R08: 800000007c3c2163 R09: 000000000007c3c2
[ 1012.896336] R10: ffffea0001f58000 R11: ffffffff813db659 R12: 0000000000000000
[ 1012.896336] R13: 0000000000000010 R14: 0000000000000004 R15: 0000000000000005
[ 1012.896336] FS: 00007fa159320700(0000) GS:ffff88011fc80000(0000) knlGS:0000000000000000
[ 1012.896336] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[ 1012.896336] CR2: 0000000000000028 CR3: 000000007f42e000 CR4: 00000000000006e0
[ 1012.896336] Stack:
[ 1012.896336] 0000000200000000 0000000000000000 0000000000000000 ffff880100000200
[ 1012.896336] ffff8801151a0000 0000000000000000 0000000000000000 0000000000000010
[ 1012.896336] 0000000000000000 0000000500000001 000000000007c3c2 0000020000000000
[ 1012.896336] Call Trace:
[ 1012.896336] [<ffffffff8105bf26>] _set_pages_array+0xe6/0x130
[ 1012.896336] [<ffffffff8105bfa3>] set_pages_array_wc+0x13/0x20
[ 1012.896336] [<ffffffffa00ca02f>] ttm_set_pages_caching+0x2f/0x70 [ttm]
[ 1012.896336] [<ffffffffa00ca174>] ttm_alloc_new_pages.isra.6+0xb4/0x180 [ttm]
[ 1012.896336] [<ffffffffa00caa63>] ttm_pool_populate+0x3c3/0x4d0 [ttm]
[ 1012.896336] [<ffffffffa00e920e>] cirrus_ttm_tt_populate+0xe/0x10 [cirrus]
[ 1012.896336] [<ffffffffa00c7571>] ttm_bo_move_memcpy+0x5d1/0x680 [ttm]
[ 1012.896336] [<ffffffff8118dffe>] ? map_vm_area+0x2e/0x40
[ 1012.896336] [<ffffffffa00c3289>] ? ttm_tt_init+0x69/0xb0 [ttm]
[ 1012.896336] [<ffffffffa00e91b8>] cirrus_bo_move+0x18/0x20 [cirrus]
[ 1012.896336] [<ffffffffa00c4d45>] ttm_bo_handle_move_mem+0x265/0x5b0 [ttm]
[ 1012.896336] [<ffffffffa00c56a6>] ? ttm_bo_mem_space+0x116/0x340 [ttm]
[ 1012.896336] [<ffffffffa00c5d6f>] ttm_bo_validate+0x21f/0x230 [ttm]
[ 1012.896336] [<ffffffffa00e99a2>] cirrus_bo_push_sysram+0x82/0xe0 [cirrus]
[ 1012.896336] [<ffffffffa00e7bf5>] cirrus_crtc_do_set_base.isra.8.constprop.10+0x75/0x400 [cirrus]
[ 1012.896336] [<ffffffffa00e83c9>] cirrus_crtc_mode_set+0x449/0x4d0 [cirrus]
[ 1012.896336] [<ffffffffa00588e9>] drm_crtc_helper_set_mode+0x2b9/0x4f0 [drm_kms_helper]
[ 1012.896336] [<ffffffffa005966f>] drm_crtc_helper_set_config+0x87f/0xaa0 [drm_kms_helper]
[ 1012.896336] [<ffffffff818325fe>] ? __ww_mutex_lock+0x2e/0xaa
[ 1012.896336] [<ffffffffa001a124>] drm_mode_set_config_internal+0x64/0xf0 [drm]
[ 1012.896336] [<ffffffffa005c324>] drm_fb_helper_pan_display+0x94/0xf0 [drm_kms_helper]
[ 1012.896336] [<ffffffff8143f959>] fb_pan_display+0xc9/0x190
[ 1012.896336] [<ffffffff81439b10>] bit_update_start+0x20/0x50
[ 1012.896336] [<ffffffff814395c2>] fbcon_switch+0x3a2/0x550
[ 1012.896336] [<ffffffff814b10d9>] redraw_screen+0x189/0x240
[ 1012.896336] [<ffffffff8143fcce>] ? fb_blank+0x9e/0xc0
[ 1012.896336] [<ffffffff81436b5a>] fbcon_blank+0x20a/0x2d0
[ 1012.896336] [<ffffffff810c91cc>] ? wake_up_klogd+0x3c/0x50
[ 1012.896336] [<ffffffff810c93d8>] ? console_unlock+0x1f8/0x440
[ 1012.896336] [<ffffffff81079133>] ? __internal_add_timer+0x113/0x130
[ 1012.896336] [<ffffffff8107917f>] ? internal_add_timer+0x2f/0x70
[ 1012.896336] [<ffffffff8107b1b2>] ? mod_timer+0x142/0x1f0
[ 1012.896336] [<ffffffff814b1bf8>] do_unblank_screen+0xb8/0x200
[ 1012.896336] [<ffffffff814b1d50>] unblank_screen+0x10/0x20
[ 1012.896336] [<ffffffff813ea3c9>] bust_spinlocks+0x19/0x40
[ 1012.896336] [<ffffffff81017718>] oops_end+0x38/0x150
[ 1012.896336] [<ffffffff81823e09>] no_context+0x2b3/0x2c0
[ 1012.896336] [<ffffffff81823e89>] __bad_area_nosemaphore+0x73/0x1ca
[ 1012.896336] [<ffffffff81823ff3>] bad_area_nosemaphore+0x13/0x15
[ 1012.896336] [<ffffffff81058c90>] __do_page_fault+0x90/0x550
[ 1012.896336] [<ffffffff810a6148>] ? __enqueue_entity+0x78/0x80
[ 1012.896336] [<ffffffff810acca1>] ? enqueue_entity+0x291/0xba0
[ 1012.896336] [<ffffffff81053d47>] ? kvm_clock_read+0x27/0x40
[ 1012.896336] [<ffffffff810abc32>] ? check_preempt_wakeup+0x162/0x230
[ 1012.896336] [<ffffffff8109e715>] ? check_preempt_curr+0x85/0xa0
[ 1012.896336] [<ffffffff8109e749>] ? ttwu_do_wakeup+0x19/0xe0
[ 1012.896336] [<ffffffff81059201>] trace_do_page_fault+0x41/0x130
[ 1012.896336] [<ffffffff810536b9>] do_async_page_fault+0x29/0xe0
[ 1012.896336] [<ffffffff81836b88>] async_page_fault+0x28/0x30
[ 1012.896336] [<ffffffff813cf880>] ? blk_throtl_drain+0x30/0x150
[ 1012.896336] [<ffffffff813cc8ce>] blkcg_drain_queue+0xe/0x10
[ 1012.896336] [<ffffffff813b1aac>] __blk_drain_queue+0x7c/0x180
[ 1012.896336] [<ffffffff813b1c3e>] blk_queue_bypass_start+0x8e/0xd0
[ 1012.896336] [<ffffffff813cba88>] blkcg_deactivate_policy+0x38/0x140
[ 1012.896336] [<ffffffff813cfad4>] blk_throtl_exit+0x34/0x50
[ 1012.896336] [<ffffffff813cc918>] blkcg_exit_queue+0x48/0x70
[ 1012.896336] [<ffffffff813b5306>] blk_release_queue+0x26/0x100
[ 1012.896336] [<ffffffff813dd9e7>] kobject_cleanup+0x77/0x1b0
[ 1012.896336] [<ffffffff813dd898>] kobject_put+0x28/0x60
[ 1012.896336] [<ffffffff813ae945>] blk_put_queue+0x15/0x20
[ 1012.896336] [<ffffffff8151e6bb>] scsi_device_dev_release_usercontext+0xbb/0x120
[ 1012.896336] [<ffffffff81087647>] execute_in_process_context+0x67/0x70
[ 1012.896336] [<ffffffff8151e5fc>] scsi_device_dev_release+0x1c/0x20
[ 1012.896336] [<ffffffff814dfab2>] device_release+0x32/0xa0
[ 1012.896336] [<ffffffff813dd9e7>] kobject_cleanup+0x77/0x1b0
[ 1012.896336] [<ffffffff813dd898>] kobject_put+0x28/0x60
[ 1012.896336] [<ffffffff814dfda7>] put_device+0x17/0x20
[ 1012.896336] [<ffffffff8151f109>] __scsi_remove_device+0xa9/0xe0
[ 1012.896336] [<ffffffff8151d6b4>] scsi_forget_host+0x64/0x70
[ 1012.896336] [<ffffffff81511bb7>] scsi_remove_host+0x77/0x120
[ 1012.896336] [<ffffffffa01e15a9>] sdebug_driver_remove+0x29/0x90 [scsi_debug]
[ 1012.896336] [<ffffffff814e403f>] __device_release_driver+0x7f/0xf0
[ 1012.896336] [<ffffffff814e40d3>] device_release_driver+0x23/0x30
[ 1012.896336] [<ffffffff814e39d8>] bus_remove_device+0x108/0x180
[ 1012.896336] [<ffffffff814e02d9>] device_del+0x129/0x1c0
[ 1012.896336] [<ffffffff814e038e>] device_unregister+0x1e/0x60
[ 1012.896336] [<ffffffffa01e0efc>] sdebug_remove_adapter+0x4c/0x70 [scsi_debug]
[ 1012.896336] [<ffffffffa01e552d>] scsi_debug_exit+0x19/0xaec [scsi_debug]
[ 1012.896336] [<ffffffff810ea51e>] SyS_delete_module+0x12e/0x1c0
[ 1012.896336] [<ffffffff810536b9>] ? do_async_page_fault+0x29/0xe0
[ 1012.896336] [<ffffffff81836b88>] ? async_page_fault+0x28/0x30
[ 1012.896336] [<ffffffff81834ba9>] system_call_fastpath+0x16/0x1b
[ 1012.896336] Code: ff ff 48 8b 4d 80 e9 9f fc ff ff 0f 0b 0f 0b be ba 00 00 00 48 c7 c7 e8 cb ae 81 89 4d 80 e8 d5 15 01 00 8b 4d 80 e9 04 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89
[ 1012.896336] RIP [<ffffffff8105bbd3>] change_page_attr_set_clr+0x433/0x440
[ 1012.896336] RSP <ffff88007966aec8>
[ 1012.896336] ---[ end trace 86a5a05a2d9e9cde ]---
[ 1012.896336] Kernel panic - not syncing: Fatal exception
Disclaimer:
Results have been estimated based on internal Intel analysis and are provided
for informational purposes only. Any difference in system hardware or software
design or configuration may affect actual performance.
Thanks,
Aaron
Hi,
On 07/08/2014 10:59 AM, Aaron Lu wrote:
>
> [ 1010.593031] sda: unknown partition table
> [ 1010.598052] sd 2:0:0:0: [sda] Attached SCSI disk
> [ 1012.893125] sd 2:0:0:0: [sda] Synchronizing SCSI cache
> [ 1012.895934] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
> [ 1012.896336] IP: [<ffffffff813cf880>] blk_throtl_drain+0x30/0x150
Looks like it is crashing here:
void blk_throtl_drain(struct request_queue *q)
__releases(q->queue_lock) __acquires(q->queue_lock)
{
struct throtl_data *td = q->td;
struct blkcg_gq *blkg;
struct cgroup_subsys_state *pos_css;
struct bio *bio;
int rw;
queue_lockdep_assert_held(q);
rcu_read_lock();
/*
* Drain each tg while doing post-order walk on the blkg tree, so
* that all bios are propagated to td->service_queue. It'd be
* better to walk service_queue tree directly but blkg walk is
* easier.
*/
blkg_for_each_descendant_post(blkg, pos_css, td->queue->root_blkg) <--------------
tg_drain_bios(&blkg_to_tg(blkg)->service_queue);
#define blkg_for_each_descendant_post(d_blkg, pos_css, p_blkg) \
css_for_each_descendant_post((pos_css), &(p_blkg)->blkcg->css) \ <--------------
if (((d_blkg) = __blkg_lookup(css_to_blkcg(pos_css), \
(p_blkg)->q, false)))
The code tries to access to the blkcg pointer (offset 0x0028 of the blkcg_gq structure);
so the root_blkg pointer is NULL, hence the kernel panic.
So, IMO, what happens is that the root_blkg pointer is set to NULL by the blkg_destroy_all() function well before
we reach the blk_throtl_drain() function.
void blkcg_exit_queue(struct request_queue *q)
{
spin_lock_irq(q->queue_lock);
blkg_destroy_all(q); <---- This is the point where the root_blkg pointer is destroyed (if I understand the code correctly)
spin_unlock_irq(q->queue_lock);
blk_throtl_exit(q); <---- This is the function which will execute blk_throtl_drain()
}
Jens, Ming, do you have any idea?
Regards,
Maurizio Lombardi
> [ 1012.896336] PGD 0
> [ 1012.896336] Oops: 0000 [#1] SMP
> [ 1012.896336] Modules linked in: sd_mod scsi_debug(-) crct10dif_generic crc_t10dif crct10dif_common loop ipmi_watchdog ipmi_msghandler dm_mod fuse sg sr_mod cdrom ata_generic pata_acpi parport_pc parport floppy snd_pcm snd_timer snd cirrus ata_piix soundcore syscopyarea pcspkr sysfillrect sysimgblt ttm drm_kms_helper libata drm i2c_piix4
> [ 1012.896336] CPU: 1 PID: 8020 Comm: rmmod Not tainted 3.16.0-rc3-01927-ge376abf #1
> [ 1012.896336] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
> [ 1012.896336] task: ffff8801151a0000 ti: ffff880079668000 task.ti: ffff880079668000
> [ 1012.896336] RIP: 0010:[<ffffffff813cf880>] [<ffffffff813cf880>] blk_throtl_drain+0x30/0x150
> [ 1012.896336] RSP: 0018:ffff88007966bb60 EFLAGS: 00010046
> [ 1012.896336] RAX: 0000000000000000 RBX: ffff8800bdbba6e8 RCX: ffff88007dea1a20
> [ 1012.896336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
> [ 1012.896336] RBP: ffff88007966bb78 R08: 0000000000000000 R09: 0000000000000046
> [ 1012.896336] R10: ffff88007966bb78 R11: 0000000000000246 R12: ffff8800bdbba6e8
> [ 1012.896336] R13: ffff880091ba3800 R14: ffff8800bdbbad40 R15: ffff880030a13120
> [ 1012.896336] FS: 00007fa159320700(0000) GS:ffff88011fc80000(0000) knlGS:0000000000000000
> [ 1012.896336] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [ 1012.896336] CR2: 0000000000000028 CR3: 000000007f42e000 CR4: 00000000000006e0
> [ 1012.896336] Stack:
> [ 1012.896336] ffff8800bdbba6e8 0000000000000000 ffff8800bdbbad50 ffff88007966bb88
> [ 1012.896336] ffffffff813cc8ce ffff88007966bbb8 ffffffff813b1aac ffff8800bdbba6e8
> [ 1012.896336] ffffffff81cf9200 ffff8800bdbba6e8 ffff880030a13000 ffff88007966bbd0
> [ 1012.896336] Call Trace:
> [ 1012.896336] [<ffffffff813cc8ce>] blkcg_drain_queue+0xe/0x10
> [ 1012.896336] [<ffffffff813b1aac>] __blk_drain_queue+0x7c/0x180
> [ 1012.896336] [<ffffffff813b1c3e>] blk_queue_bypass_start+0x8e/0xd0
> [ 1012.896336] [<ffffffff813cba88>] blkcg_deactivate_policy+0x38/0x140
> [ 1012.896336] [<ffffffff813cfad4>] blk_throtl_exit+0x34/0x50
> [ 1012.896336] [<ffffffff813cc918>] blkcg_exit_queue+0x48/0x70
> [ 1012.896336] [<ffffffff813b5306>] blk_release_queue+0x26/0x100
> [ 1012.896336] [<ffffffff813dd9e7>] kobject_cleanup+0x77/0x1b0
> [ 1012.896336] [<ffffffff813dd898>] kobject_put+0x28/0x60
> [ 1012.896336] [<ffffffff813ae945>] blk_put_queue+0x15/0x20
> [ 1012.896336] [<ffffffff8151e6bb>] scsi_device_dev_release_usercontext+0xbb/0x120
> [ 1012.896336] [<ffffffff81087647>] execute_in_process_context+0x67/0x70
> [ 1012.896336] [<ffffffff8151e5fc>] scsi_device_dev_release+0x1c/0x20
> [ 1012.896336] [<ffffffff814dfab2>] device_release+0x32/0xa0
> [ 1012.896336] [<ffffffff813dd9e7>] kobject_cleanup+0x77/0x1b0
> [ 1012.896336] [<ffffffff813dd898>] kobject_put+0x28/0x60
> [ 1012.896336] [<ffffffff814dfda7>] put_device+0x17/0x20
> [ 1012.896336] [<ffffffff8151f109>] __scsi_remove_device+0xa9/0xe0
> [ 1012.896336] [<ffffffff8151d6b4>] scsi_forget_host+0x64/0x70
> [ 1012.896336] [<ffffffff81511bb7>] scsi_remove_host+0x77/0x120
> [ 1012.896336] [<ffffffffa01e15a9>] sdebug_driver_remove+0x29/0x90 [scsi_debug]
> [ 1012.896336] [<ffffffff814e403f>] __device_release_driver+0x7f/0xf0
> [ 1012.896336] [<ffffffff814e40d3>] device_release_driver+0x23/0x30
> [ 1012.896336] [<ffffffff814e39d8>] bus_remove_device+0x108/0x180
> [ 1012.896336] [<ffffffff814e02d9>] device_del+0x129/0x1c0
> [ 1012.896336] [<ffffffff814e038e>] device_unregister+0x1e/0x60
> [ 1012.896336] [<ffffffffa01e0efc>] sdebug_remove_adapter+0x4c/0x70 [scsi_debug]
> [ 1012.896336] [<ffffffffa01e552d>] scsi_debug_exit+0x19/0xaec [scsi_debug]
> [ 1012.896336] [<ffffffff810ea51e>] SyS_delete_module+0x12e/0x1c0
> [ 1012.896336] [<ffffffff810536b9>] ? do_async_page_fault+0x29/0xe0
> [ 1012.896336] [<ffffffff81836b88>] ? async_page_fault+0x28/0x30
> [ 1012.896336] [<ffffffff81834ba9>] system_call_fastpath+0x16/0x1b
> [ 1012.896336] Code: 55 65 ff 04 25 a0 c7 00 00 48 89 e5 41 55 41 54 49 89 fc 53 4c 8b af 40 07 00 00 49 8b 85 a0 00 00 00 31 ff 48 8b 80 c8 05 00 00 <48> 8b 70 28 e8 37 7f d2 ff 48 85 c0 48 89 c3 74 61 0f 1f 80 00
> [ 1012.896336] RIP [<ffffffff813cf880>] blk_throtl_drain+0x30/0x150
> [ 1012.896336] RSP <ffff88007966bb60>
> [ 1012.896336] CR2: 0000000000000028
> [ 1012.896336] ------------[ cut here ]------------
> [ 1012.896336] kernel BUG at arch/x86/mm/pageattr.c:216!
> [ 1012.896336] invalid opcode: 0000 [#2] SMP
> [ 1012.896336] Modules linked in: sd_mod scsi_debug(-) crct10dif_generic crc_t10dif crct10dif_common loop ipmi_watchdog ipmi_msghandler dm_mod fuse sg sr_mod cdrom ata_generic pata_acpi parport_pc parport floppy snd_pcm snd_timer snd cirrus ata_piix soundcore syscopyarea pcspkr sysfillrect sysimgblt ttm drm_kms_helper libata drm i2c_piix4
> [ 1012.896336] CPU: 1 PID: 8020 Comm: rmmod Not tainted 3.16.0-rc3-01927-ge376abf #1
> [ 1012.896336] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
> [ 1012.896336] task: ffff8801151a0000 ti: ffff880079668000 task.ti: ffff880079668000
> [ 1012.896336] RIP: 0010:[<ffffffff8105bbd3>] [<ffffffff8105bbd3>] change_page_attr_set_clr+0x433/0x440
> [ 1012.896336] RSP: 0018:ffff88007966aec8 EFLAGS: 00010046
> [ 1012.896336] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000010
> [ 1012.896336] RDX: 0000000000002200 RSI: 0000000000000000 RDI: 0000000080000000
> [ 1012.896336] RBP: ffff88007966af58 R08: 800000007c3c2163 R09: 000000000007c3c2
> [ 1012.896336] R10: ffffea0001f58000 R11: ffffffff813db659 R12: 0000000000000000
> [ 1012.896336] R13: 0000000000000010 R14: 0000000000000004 R15: 0000000000000005
> [ 1012.896336] FS: 00007fa159320700(0000) GS:ffff88011fc80000(0000) knlGS:0000000000000000
> [ 1012.896336] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
> [ 1012.896336] CR2: 0000000000000028 CR3: 000000007f42e000 CR4: 00000000000006e0
> [ 1012.896336] Stack:
> [ 1012.896336] 0000000200000000 0000000000000000 0000000000000000 ffff880100000200
> [ 1012.896336] ffff8801151a0000 0000000000000000 0000000000000000 0000000000000010
> [ 1012.896336] 0000000000000000 0000000500000001 000000000007c3c2 0000020000000000
> [ 1012.896336] Call Trace:
> [ 1012.896336] [<ffffffff8105bf26>] _set_pages_array+0xe6/0x130
> [ 1012.896336] [<ffffffff8105bfa3>] set_pages_array_wc+0x13/0x20
> [ 1012.896336] [<ffffffffa00ca02f>] ttm_set_pages_caching+0x2f/0x70 [ttm]
> [ 1012.896336] [<ffffffffa00ca174>] ttm_alloc_new_pages.isra.6+0xb4/0x180 [ttm]
> [ 1012.896336] [<ffffffffa00caa63>] ttm_pool_populate+0x3c3/0x4d0 [ttm]
> [ 1012.896336] [<ffffffffa00e920e>] cirrus_ttm_tt_populate+0xe/0x10 [cirrus]
> [ 1012.896336] [<ffffffffa00c7571>] ttm_bo_move_memcpy+0x5d1/0x680 [ttm]
> [ 1012.896336] [<ffffffff8118dffe>] ? map_vm_area+0x2e/0x40
> [ 1012.896336] [<ffffffffa00c3289>] ? ttm_tt_init+0x69/0xb0 [ttm]
> [ 1012.896336] [<ffffffffa00e91b8>] cirrus_bo_move+0x18/0x20 [cirrus]
> [ 1012.896336] [<ffffffffa00c4d45>] ttm_bo_handle_move_mem+0x265/0x5b0 [ttm]
> [ 1012.896336] [<ffffffffa00c56a6>] ? ttm_bo_mem_space+0x116/0x340 [ttm]
> [ 1012.896336] [<ffffffffa00c5d6f>] ttm_bo_validate+0x21f/0x230 [ttm]
> [ 1012.896336] [<ffffffffa00e99a2>] cirrus_bo_push_sysram+0x82/0xe0 [cirrus]
> [ 1012.896336] [<ffffffffa00e7bf5>] cirrus_crtc_do_set_base.isra.8.constprop.10+0x75/0x400 [cirrus]
> [ 1012.896336] [<ffffffffa00e83c9>] cirrus_crtc_mode_set+0x449/0x4d0 [cirrus]
> [ 1012.896336] [<ffffffffa00588e9>] drm_crtc_helper_set_mode+0x2b9/0x4f0 [drm_kms_helper]
> [ 1012.896336] [<ffffffffa005966f>] drm_crtc_helper_set_config+0x87f/0xaa0 [drm_kms_helper]
> [ 1012.896336] [<ffffffff818325fe>] ? __ww_mutex_lock+0x2e/0xaa
> [ 1012.896336] [<ffffffffa001a124>] drm_mode_set_config_internal+0x64/0xf0 [drm]
> [ 1012.896336] [<ffffffffa005c324>] drm_fb_helper_pan_display+0x94/0xf0 [drm_kms_helper]
> [ 1012.896336] [<ffffffff8143f959>] fb_pan_display+0xc9/0x190
> [ 1012.896336] [<ffffffff81439b10>] bit_update_start+0x20/0x50
> [ 1012.896336] [<ffffffff814395c2>] fbcon_switch+0x3a2/0x550
> [ 1012.896336] [<ffffffff814b10d9>] redraw_screen+0x189/0x240
> [ 1012.896336] [<ffffffff8143fcce>] ? fb_blank+0x9e/0xc0
> [ 1012.896336] [<ffffffff81436b5a>] fbcon_blank+0x20a/0x2d0
> [ 1012.896336] [<ffffffff810c91cc>] ? wake_up_klogd+0x3c/0x50
> [ 1012.896336] [<ffffffff810c93d8>] ? console_unlock+0x1f8/0x440
> [ 1012.896336] [<ffffffff81079133>] ? __internal_add_timer+0x113/0x130
> [ 1012.896336] [<ffffffff8107917f>] ? internal_add_timer+0x2f/0x70
> [ 1012.896336] [<ffffffff8107b1b2>] ? mod_timer+0x142/0x1f0
> [ 1012.896336] [<ffffffff814b1bf8>] do_unblank_screen+0xb8/0x200
> [ 1012.896336] [<ffffffff814b1d50>] unblank_screen+0x10/0x20
> [ 1012.896336] [<ffffffff813ea3c9>] bust_spinlocks+0x19/0x40
> [ 1012.896336] [<ffffffff81017718>] oops_end+0x38/0x150
> [ 1012.896336] [<ffffffff81823e09>] no_context+0x2b3/0x2c0
> [ 1012.896336] [<ffffffff81823e89>] __bad_area_nosemaphore+0x73/0x1ca
> [ 1012.896336] [<ffffffff81823ff3>] bad_area_nosemaphore+0x13/0x15
> [ 1012.896336] [<ffffffff81058c90>] __do_page_fault+0x90/0x550
> [ 1012.896336] [<ffffffff810a6148>] ? __enqueue_entity+0x78/0x80
> [ 1012.896336] [<ffffffff810acca1>] ? enqueue_entity+0x291/0xba0
> [ 1012.896336] [<ffffffff81053d47>] ? kvm_clock_read+0x27/0x40
> [ 1012.896336] [<ffffffff810abc32>] ? check_preempt_wakeup+0x162/0x230
> [ 1012.896336] [<ffffffff8109e715>] ? check_preempt_curr+0x85/0xa0
> [ 1012.896336] [<ffffffff8109e749>] ? ttwu_do_wakeup+0x19/0xe0
> [ 1012.896336] [<ffffffff81059201>] trace_do_page_fault+0x41/0x130
> [ 1012.896336] [<ffffffff810536b9>] do_async_page_fault+0x29/0xe0
> [ 1012.896336] [<ffffffff81836b88>] async_page_fault+0x28/0x30
> [ 1012.896336] [<ffffffff813cf880>] ? blk_throtl_drain+0x30/0x150
> [ 1012.896336] [<ffffffff813cc8ce>] blkcg_drain_queue+0xe/0x10
> [ 1012.896336] [<ffffffff813b1aac>] __blk_drain_queue+0x7c/0x180
> [ 1012.896336] [<ffffffff813b1c3e>] blk_queue_bypass_start+0x8e/0xd0
> [ 1012.896336] [<ffffffff813cba88>] blkcg_deactivate_policy+0x38/0x140
> [ 1012.896336] [<ffffffff813cfad4>] blk_throtl_exit+0x34/0x50
> [ 1012.896336] [<ffffffff813cc918>] blkcg_exit_queue+0x48/0x70
> [ 1012.896336] [<ffffffff813b5306>] blk_release_queue+0x26/0x100
> [ 1012.896336] [<ffffffff813dd9e7>] kobject_cleanup+0x77/0x1b0
> [ 1012.896336] [<ffffffff813dd898>] kobject_put+0x28/0x60
> [ 1012.896336] [<ffffffff813ae945>] blk_put_queue+0x15/0x20
> [ 1012.896336] [<ffffffff8151e6bb>] scsi_device_dev_release_usercontext+0xbb/0x120
> [ 1012.896336] [<ffffffff81087647>] execute_in_process_context+0x67/0x70
> [ 1012.896336] [<ffffffff8151e5fc>] scsi_device_dev_release+0x1c/0x20
> [ 1012.896336] [<ffffffff814dfab2>] device_release+0x32/0xa0
> [ 1012.896336] [<ffffffff813dd9e7>] kobject_cleanup+0x77/0x1b0
> [ 1012.896336] [<ffffffff813dd898>] kobject_put+0x28/0x60
> [ 1012.896336] [<ffffffff814dfda7>] put_device+0x17/0x20
> [ 1012.896336] [<ffffffff8151f109>] __scsi_remove_device+0xa9/0xe0
> [ 1012.896336] [<ffffffff8151d6b4>] scsi_forget_host+0x64/0x70
> [ 1012.896336] [<ffffffff81511bb7>] scsi_remove_host+0x77/0x120
> [ 1012.896336] [<ffffffffa01e15a9>] sdebug_driver_remove+0x29/0x90 [scsi_debug]
> [ 1012.896336] [<ffffffff814e403f>] __device_release_driver+0x7f/0xf0
> [ 1012.896336] [<ffffffff814e40d3>] device_release_driver+0x23/0x30
> [ 1012.896336] [<ffffffff814e39d8>] bus_remove_device+0x108/0x180
> [ 1012.896336] [<ffffffff814e02d9>] device_del+0x129/0x1c0
> [ 1012.896336] [<ffffffff814e038e>] device_unregister+0x1e/0x60
> [ 1012.896336] [<ffffffffa01e0efc>] sdebug_remove_adapter+0x4c/0x70 [scsi_debug]
> [ 1012.896336] [<ffffffffa01e552d>] scsi_debug_exit+0x19/0xaec [scsi_debug]
> [ 1012.896336] [<ffffffff810ea51e>] SyS_delete_module+0x12e/0x1c0
> [ 1012.896336] [<ffffffff810536b9>] ? do_async_page_fault+0x29/0xe0
> [ 1012.896336] [<ffffffff81836b88>] ? async_page_fault+0x28/0x30
> [ 1012.896336] [<ffffffff81834ba9>] system_call_fastpath+0x16/0x1b
> [ 1012.896336] Code: ff ff 48 8b 4d 80 e9 9f fc ff ff 0f 0b 0f 0b be ba 00 00 00 48 c7 c7 e8 cb ae 81 89 4d 80 e8 d5 15 01 00 8b 4d 80 e9 04 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 55 48 89
> [ 1012.896336] RIP [<ffffffff8105bbd3>] change_page_attr_set_clr+0x433/0x440
> [ 1012.896336] RSP <ffff88007966aec8>
> [ 1012.896336] ---[ end trace 86a5a05a2d9e9cde ]---
> [ 1012.896336] Kernel panic - not syncing: Fatal exception
>
>
>
> Disclaimer:
> Results have been estimated based on internal Intel analysis and are provided
> for informational purposes only. Any difference in system hardware or software
> design or configuration may affect actual performance.
>
> Thanks,
> Aaron
>
Hi,
On 07/08/2014 10:59 AM, Aaron Lu wrote:
> The merge 49b3f10e2cf5c1c25d2ce33ab255cff8a8096ce6 seems to have only one
> commit: 254c4407cb84a6dec90336054615b0f0e996bb7c, so I added you guys in.
> Please take a look if this is a real problem, thanks.
>
>
> [ 1010.593031] sda: unknown partition table
> [ 1010.598052] sd 2:0:0:0: [sda] Attached SCSI disk
> [ 1012.893125] sd 2:0:0:0: [sda] Synchronizing SCSI cache
> [ 1012.895934] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
> [ 1012.896336] IP: [<ffffffff813cf880>] blk_throtl_drain+0x30/0x150
I tried to revert my patch (commit 254c4407cb84a6dec90336054615b0f0e996bb7c)
but I'm still able to hit the very same kernel panic in linux-next, so I think
my patch is not the one to blame.
I was able to reproduce the error in a more easier way:
just execute the "reboot" command after the system boot is finished.
Regards,
Maurizio Lombardi