[lkp-robot] [x86] f2a6a70501: BUG:KASAN:null-ptr-deref_on_address
by kernel test robot
FYI, we noticed the following commit:
commit: f2a6a7050109e0a5c7a84c70aa6010f682b2f1ee ("x86: Convert the rest of the code to support p4d_t")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -smp 2 -m 512M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-------------------------------------------------------------------------------------------------+------------+------------+
| | 907cd43902 | f2a6a70501 |
+-------------------------------------------------------------------------------------------------+------------+------------+
| boot_successes | 0 | 0 |
| boot_failures | 8 | 6 |
| invoked_oom-killer:gfp_mask=0x | 2 | 2 |
| Mem-Info | 8 | 6 |
| Kernel_panic-not_syncing:Out_of_memory_and_no_killable_processes | 2 | 2 |
| page_allocation_failure:order:#,mode:#(__GFP_COMP|__GFP_NOTRACK),nodemask=(null) | 6 | 4 |
| page_allocation_failure:order:#,mode:#(__GFP_COMP|__GFP_HARDWALL|__GFP_NOTRACK),nodemask=(null) | 6 | |
| Kernel_panic-not_syncing:can't_set_nsfs_up | 6 | |
| BUG:KASAN:null-ptr-deref_on_address | 0 | 4 |
| BUG:unable_to_handle_kernel | 0 | 4 |
| Oops:#[##] | 0 | 4 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 4 |
+-------------------------------------------------------------------------------------------------+------------+------------+
[ 0.225718] BUG: KASAN: null-ptr-deref on address 0000000000000020
[ 0.225718] BUG: KASAN: null-ptr-deref on address 0000000000000020
[ 0.226666] Write of size 8 by task swapper/0/0
[ 0.226666] Write of size 8 by task swapper/0/0
[ 0.226666] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.11.0-rc2-00278-gf2a6a70 #2
[ 0.226666] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.11.0-rc2-00278-gf2a6a70 #2
[ 0.226666] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 0.226666] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 0.226666] Call Trace:
[ 0.226666] Call Trace:
[ 0.226666] dump_stack+0x149/0x1eb
[ 0.226666] dump_stack+0x149/0x1eb
[ 0.226666] kasan_report+0x61d/0x670
[ 0.226666] kasan_report+0x61d/0x670
[ 0.226666] ? proc_sys_init+0x30/0x87
[ 0.226666] ? proc_sys_init+0x30/0x87
[ 0.226666] ? __asan_loadN+0xf/0x20
[ 0.226666] ? __asan_loadN+0xf/0x20
[ 0.226666] ? proc_mkdir_data+0xb6/0x170
[ 0.226666] ? proc_mkdir_data+0xb6/0x170
[ 0.226666] __asan_store8+0x61/0x70
[ 0.226666] __asan_store8+0x61/0x70
[ 0.226666] proc_sys_init+0x30/0x87
[ 0.226666] proc_sys_init+0x30/0x87
[ 0.226666] proc_root_init+0xf4/0x11e
[ 0.226666] proc_root_init+0xf4/0x11e
[ 0.226666] start_kernel+0x8b5/0x990
[ 0.226666] start_kernel+0x8b5/0x990
[ 0.226666] ? thread_stack_cache_init+0x35/0x35
[ 0.226666] ? thread_stack_cache_init+0x35/0x35
[ 0.226666] ? __asan_loadN+0xf/0x20
[ 0.226666] ? __asan_loadN+0xf/0x20
[ 0.226666] ? early_idt_handler_array+0x120/0x120
[ 0.226666] ? early_idt_handler_array+0x120/0x120
[ 0.226666] x86_64_start_reservations+0x6b/0x8c
[ 0.226666] x86_64_start_reservations+0x6b/0x8c
[ 0.226666] x86_64_start_kernel+0x199/0x1bd
[ 0.226666] x86_64_start_kernel+0x199/0x1bd
[ 0.226666] start_cpu+0x14/0x14
[ 0.226666] start_cpu+0x14/0x14
[ 0.226666] ==================================================================
[ 0.226666] ==================================================================
[ 0.226666] Disabling lock debugging due to kernel taint
[ 0.226666] Disabling lock debugging due to kernel taint
[ 0.226704] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[ 0.226704] BUG: unable to handle kernel NULL pointer dereference at 0000000000000020
[ 0.228866] IP: proc_sys_init+0x35/0x87
[ 0.228866] IP: proc_sys_init+0x35/0x87
[ 0.229726] PGD 0
[ 0.229726] PGD 0
[ 0.229732] P4D 0
[ 0.229732] P4D 0
[ 0.229999]
[ 0.229999]
[ 0.229999] Oops: 0002 [#1] SMP KASAN
[ 0.229999] Oops: 0002 [#1] SMP KASAN
[ 0.229999] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.11.0-rc2-00278-gf2a6a70 #2
[ 0.229999] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G B 4.11.0-rc2-00278-gf2a6a70 #2
[ 0.229999] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 0.229999] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 0.229999] task: ffffffff8762a380 task.stack: ffffffff87600000
[ 0.229999] task: ffffffff8762a380 task.stack: ffffffff87600000
[ 0.229999] RIP: 0010:proc_sys_init+0x35/0x87
[ 0.229999] RIP: 0010:proc_sys_init+0x35/0x87
[ 0.229999] RSP: 0000:ffffffff87607e00 EFLAGS: 00010286
[ 0.229999] RSP: 0000:ffffffff87607e00 EFLAGS: 00010286
[ 0.229999] RAX: ffffffff8762a380 RBX: 332459ea0398d339 RCX: ffffffff8128f6d6
[ 0.229999] RAX: ffffffff8762a380 RBX: 332459ea0398d339 RCX: ffffffff8128f6d6
[ 0.229999] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000028
[ 0.229999] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000028
[ 0.229999] RBP: ffffffff87607e10 R08: fffffbfff11abe65 R09: fffffbfff11abe64
[ 0.229999] RBP: ffffffff87607e10 R08: fffffbfff11abe65 R09: fffffbfff11abe64
[ 0.229999] R10: ffffffff88d5f327 R11: fffffbfff11abe65 R12: 0000000000000000
[ 0.229999] R10: ffffffff88d5f327 R11: fffffbfff11abe65 R12: 0000000000000000
[ 0.229999] R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000002
[ 0.229999] R13: 0000000000000000 R14: 0000000000000002 R15: 0000000000000002
[ 0.229999] FS: 0000000000000000(0000) GS:ffff880000200000(0000) knlGS:0000000000000000
[ 0.229999] FS: 0000000000000000(0000) GS:ffff880000200000(0000) knlGS:0000000000000000
[ 0.229999] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.229999] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.229999] CR2: 0000000000000020 CR3: 000000000761e000 CR4: 00000000000006b0
[ 0.229999] CR2: 0000000000000020 CR3: 000000000761e000 CR4: 00000000000006b0
[ 0.229999] Call Trace:
[ 0.229999] Call Trace:
[ 0.229999] proc_root_init+0xf4/0x11e
[ 0.229999] proc_root_init+0xf4/0x11e
[ 0.229999] start_kernel+0x8b5/0x990
[ 0.229999] start_kernel+0x8b5/0x990
[ 0.229999] ? thread_stack_cache_init+0x35/0x35
[ 0.229999] ? thread_stack_cache_init+0x35/0x35
[ 0.229999] ? __asan_loadN+0xf/0x20
[ 0.229999] ? __asan_loadN+0xf/0x20
[ 0.229999] ? early_idt_handler_array+0x120/0x120
[ 0.229999] ? early_idt_handler_array+0x120/0x120
[ 0.229999] x86_64_start_reservations+0x6b/0x8c
[ 0.229999] x86_64_start_reservations+0x6b/0x8c
[ 0.229999] x86_64_start_kernel+0x199/0x1bd
[ 0.229999] x86_64_start_kernel+0x199/0x1bd
[ 0.229999] start_cpu+0x14/0x14
[ 0.229999] start_cpu+0x14/0x14
[ 0.229999] Code: 1d 51 9f fd e8 08 7a 5b f7 31 f6 48 c7 c7 80 af a0 85 e8 fa fa 96 f7 48 8d 78 20 49 89 c4 48 31 eb e8 3b db 7b f7 49 8d 7c 24 28 <49> c7 44 24 20 40 c0 a0 85 e8 28 db 7b f7 49 8d 7c 24 08 49 c7
[ 0.229999] Code: 1d 51 9f fd e8 08 7a 5b f7 31 f6 48 c7 c7 80 af a0 85 e8 fa fa 96 f7 48 8d 78 20 49 89 c4 48 31 eb e8 3b db 7b f7 49 8d 7c 24 28 <49> c7 44 24 20 40 c0 a0 85 e8 28 db 7b f7 49 8d 7c 24 08 49 c7
[ 0.229999] RIP: proc_sys_init+0x35/0x87 RSP: ffffffff87607e00
[ 0.229999] RIP: proc_sys_init+0x35/0x87 RSP: ffffffff87607e00
[ 0.229999] CR2: 0000000000000020
[ 0.229999] CR2: 0000000000000020
[ 0.229999] ---[ end trace d7042a2b0fc5a1e6 ]---
To reproduce:
git clone https://github.com/01org/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Xiaolong
3 years, 8 months
Re: [LKP] [PATCH v4] Introduce v3 namespaced file capabilities
by Eric W. Biederman
"Serge E. Hallyn" <serge(a)hallyn.com> writes:
> Quoting Eric W. Biederman (ebiederm(a)xmission.com):
>> "Serge E. Hallyn" <serge(a)hallyn.com> writes:
>> > Changelog:
>> [snip]
>> > May 8, 2017:
>> > . fix leaking dentry refcount in cap_inode_getsecurity
>> >
>> [snip]
>> > +/*
>> > + * getsecurity: We are called for security.* before any attempt to read the
>> > + * xattr from the inode itself.
>> > + *
>> > + * This gives us a chance to read the on-disk value and convert it. If we
>> > + * return -EOPNOTSUPP, then vfs_getxattr() will call the i_op handler.
>> > + *
>> > + * Note we are not called by vfs_getxattr_alloc(), but that is only called
>> > + * by the integrity subsystem, which really wants the unconverted values -
>> > + * so that's good.
>> > + */
>> > +int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
>> > + bool alloc)
>> > +{
>> > + int size, ret;
>> > + kuid_t kroot;
>> > + uid_t root, mappedroot;
>> > + char *tmpbuf = NULL;
>> > + struct vfs_cap_data *cap;
>> > + struct vfs_ns_cap_data *nscap;
>> > + struct dentry *dentry;
>> > + struct user_namespace *fs_ns;
>> > +
>> > + if (strcmp(name, "capability") != 0)
>> > + return -EOPNOTSUPP;
>> > +
>> > + dentry = d_find_alias(inode);
>> > + if (!dentry)
>> > + return -EINVAL;
>> > +
>> > + size = sizeof(struct vfs_ns_cap_data);
>> > + ret = (int) vfs_getxattr_alloc(dentry, XATTR_NAME_CAPS,
>> > + &tmpbuf, size, GFP_NOFS);
>> > + dput(dentry);
>>
>> This looks like a good fix but ouch! That interface is wrong.
>>
>> The dentry is needed because vfs_getxattr_alloc does:
>> error = handler->get(handler, dentry, inode, name, NULL, 0);
>>
>> Which is has no business taking a dentry as xattrs are inode concepts.
>>
>> I have no issue with your patch but it looks like that handler issue
>> is going to need to be fixed with xattrs.
>
> True, it's a bit clunky.
>
> Any reason not to just have the current vfs_getxattr_alloc() become a
> lightweight wrapper calling inode_getxattr_alloc(dentry->d_inode)?
My deep issue is that handler is functions like posix_acl_xattr_get.
And all of those functions that vfs_getxattr_alloc calls should not
take a dentry.
So I feel like I have just spotted the tip of an iceberg that needs
sorting out.
Eric
3 years, 8 months
Re: [LKP] [PATCH v4] Introduce v3 namespaced file capabilities
by Eric W. Biederman
"Serge E. Hallyn" <serge(a)hallyn.com> writes:
> Changelog:
[snip]
> May 8, 2017:
> . fix leaking dentry refcount in cap_inode_getsecurity
>
[snip]
> +/*
> + * getsecurity: We are called for security.* before any attempt to read the
> + * xattr from the inode itself.
> + *
> + * This gives us a chance to read the on-disk value and convert it. If we
> + * return -EOPNOTSUPP, then vfs_getxattr() will call the i_op handler.
> + *
> + * Note we are not called by vfs_getxattr_alloc(), but that is only called
> + * by the integrity subsystem, which really wants the unconverted values -
> + * so that's good.
> + */
> +int cap_inode_getsecurity(struct inode *inode, const char *name, void **buffer,
> + bool alloc)
> +{
> + int size, ret;
> + kuid_t kroot;
> + uid_t root, mappedroot;
> + char *tmpbuf = NULL;
> + struct vfs_cap_data *cap;
> + struct vfs_ns_cap_data *nscap;
> + struct dentry *dentry;
> + struct user_namespace *fs_ns;
> +
> + if (strcmp(name, "capability") != 0)
> + return -EOPNOTSUPP;
> +
> + dentry = d_find_alias(inode);
> + if (!dentry)
> + return -EINVAL;
> +
> + size = sizeof(struct vfs_ns_cap_data);
> + ret = (int) vfs_getxattr_alloc(dentry, XATTR_NAME_CAPS,
> + &tmpbuf, size, GFP_NOFS);
> + dput(dentry);
This looks like a good fix but ouch! That interface is wrong.
The dentry is needed because vfs_getxattr_alloc does:
error = handler->get(handler, dentry, inode, name, NULL, 0);
Which is has no business taking a dentry as xattrs are inode concepts.
I have no issue with your patch but it looks like that handler issue
is going to need to be fixed with xattrs.
Eric
3 years, 8 months
[lkp-robot] [usb] cf3113d893: es#_lib.c:#ess_reset_at#:failed
by kernel test robot
FYI, we noticed the following commit:
commit: cf3113d893d4427b166ec8695460efa7aa660923 ("usb: dwc3: gadget: properly increment dequeue pointer on ep_dequeue")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-i386 -enable-kvm -m 256M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-----------------------------------------------------------------------------+------------+------------+
| | 2bfa0719ac | cf3113d893 |
+-----------------------------------------------------------------------------+------------+------------+
| boot_successes | 0 | 0 |
| boot_failures | 22 | 22 |
| kobject(#):tried_to_init_an_initialized_object,something_is_seriously_wrong | 19 | 18 |
| WARNING:at_lib/kobject.c:#kobject_get | 18 | 16 |
| WARNING:at_lib/refcount.c:#refcount_inc | 18 | 16 |
| BUG:unable_to_handle_kernel | 19 | 16 |
| Oops:#[##] | 19 | 16 |
| EIP:kernfs_link_sibling | 18 | 15 |
| Kernel_panic-not_syncing:Fatal_exception | 19 | 16 |
| invoked_oom-killer:gfp_mask=0x | 3 | 4 |
| Mem-Info | 3 | 4 |
| Kernel_panic-not_syncing:Out_of_memory_and_no_killable_processes | 3 | 4 |
| es#_lib.c:#ess_reset_at#:failed | 0 | 2 |
| EIP:__lock_acquire | 0 | 1 |
+-----------------------------------------------------------------------------+------------+------------+
[ 22.173820] isa azt1605.0: please specify port
[ 22.185877] isa azt2316.0: please specify port
[ 22.185877] isa azt2316.0: please specify port
[ 22.208486] ALSA gusmax.c:91 [0x220] check 1 failed - 0xff
[ 22.208486] ALSA gusmax.c:91 [0x220] check 1 failed - 0xff
[ 22.333210] ALSA es1688_lib.c:113 ess_reset at 0x220: failed!!!
[ 22.333210] ALSA es1688_lib.c:113 ess_reset at 0x220: failed!!!
[ 22.333210] ALSA es1688_lib.c:145 ESS: [0x220] reset failed... 0xff
[ 22.333210] ALSA es1688_lib.c:145 ESS: [0x220] reset failed... 0xff
[ 22.368868] snd_es1688_dsp_command: timeout (0xc0)
[ 22.368868] snd_es1688_dsp_command: timeout (0xc0)
[ 22.368868] snd_es1688_dsp_command: timeout (0xc0)
To reproduce:
git clone https://github.com/01org/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Xiaolong
3 years, 8 months
[lkp-robot] [smp] e31736072f: [No primary change] pxz.time.system_time -18%
by kernel test robot
Greeting,
There is no primary kpi change in this test, below is the data collected through multiple monitors running background just for your information.
commit: e31736072f699b0fc44ef6a26414626385c6caeb ("smp: do not send IPI if call_single_queue not empty")
git://bee.sh.intel.com/git/aaron/linux.git master
in testcase: pxz
on test machine: 88 threads Intel(R) Xeon(R) CPU E5-2699 v4 @ 2.20GHz with 64G memory
with following parameters:
nr_threads: 100%
cpufreq_governor: performance
Details are as below:
-------------------------------------------------------------------------------------------------->
To reproduce:
git clone https://github.com/01org/lkp-tests.git
cd lkp-tests
bin/lkp install job.yaml # job file is attached in this email
bin/lkp run job.yaml
testcase/path_params/tbox_group/run: pxz/100%-performance/lkp-bdw-ep3
8b5d11e4b095450e e31736072f699b0fc44ef6a264
---------------- --------------------------
%stddev change %stddev
\ | \
233 -18% 192 pxz.time.system_time
56759471 -22% 44457821 interrupts.CAL:Function_call_interrupts
247877 -13% 215203 vmstat.system.in
78731 ± 4% 10% 86495 ± 9% perf-stat.cpu-migrations
0.07 5% 0.08 perf-stat.dTLB-store-miss-rate%
68374 -4% 65671 perf-stat.instructions-per-iTLB-miss
pxz.time.system_time
270 ++--------------------------------------------------------------------+
| * * * |
260 ++: +: : |
250 *+: * : * : * |
| : *. * : : .* + : .*. : + |
240 ++ :.* *.* :+ .**.**.* .**.* :* *.* :* **.* .* : * |
230 ++ * *.* * *.* * * * * *.**.*
| |
220 ++ |
210 ++ |
| |
200 ++ |
190 O+OO OO O OO OO OO O O |
| O OO O |
180 ++--------O-----------------------------------------------------------+
[*] bisect-good sample
[O] bisect-bad sample
Disclaimer:
Results have been estimated based on internal Intel analysis and are provided
for informational purposes only. Any difference in system hardware or software
design or configuration may affect actual performance.
Thanks,
Xiaolong
3 years, 8 months
[mm/usercopy] 517e1fbeb6: kernel BUG at arch/x86/mm/physaddr.c:78!
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 517e1fbeb65f5eade8d14f46ac365db6c75aea9b
Author: Laura Abbott <labbott(a)redhat.com>
AuthorDate: Tue Apr 4 14:09:00 2017 -0700
Commit: Kees Cook <keescook(a)chromium.org>
CommitDate: Wed Apr 5 12:30:18 2017 -0700
mm/usercopy: Drop extra is_vmalloc_or_module() check
Previously virt_addr_valid() was insufficient to validate if virt_to_page()
could be called on an address on arm64. This has since been fixed up so
there is no need for the extra check. Drop it.
Signed-off-by: Laura Abbott <labbott(a)redhat.com>
Acked-by: Mark Rutland <mark.rutland(a)arm.com>
Signed-off-by: Kees Cook <keescook(a)chromium.org>
96dc4f9fb6 usercopy: Move enum for arch_within_stack_frames()
517e1fbeb6 mm/usercopy: Drop extra is_vmalloc_or_module() check
13e0988140 docs: complete bumping minimal GNU Make version to 3.81
9e597e815f Add linux-next specific files for 20170505
+------------------------------------------------------+------------+------------+------------+---------------+
| | 96dc4f9fb6 | 517e1fbeb6 | 13e0988140 | next-20170505 |
+------------------------------------------------------+------------+------------+------------+---------------+
| boot_successes | 35 | 3 | 6 | 0 |
| boot_failures | 0 | 12 | 13 | 18 |
| kernel_BUG_at_arch/x86/mm/physaddr.c | 0 | 12 | 13 | 13 |
| invalid_opcode:#[##] | 0 | 12 | 13 | 13 |
| EIP:__phys_addr | 0 | 12 | 13 | 13 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 12 | 13 | 13 |
| WARNING:at_kernel/cpu.c:#lockdep_assert_hotplug_held | 0 | 0 | 0 | 18 |
| EIP:lockdep_assert_hotplug_held | 0 | 0 | 0 | 18 |
+------------------------------------------------------+------------+------------+------------+---------------+
[main] Setsockopt(1 22 80d3000 4) on fd 47 [1:5:1]
[ 18.665929] sock: process `trinity-main' is using obsolete setsockopt SO_BSDCOMPAT
[main] Setsockopt(1 e 80d3000 90) on fd 49 [1:2:1]
[main] Setsockopt(10e 5 80d3000 4) on fd 52 [16:3:16]
[ 18.668412] ------------[ cut here ]------------
[ 18.668824] kernel BUG at arch/x86/mm/physaddr.c:78!
[ 18.669424] invalid opcode: 0000 [#1] SMP
[ 18.669776] CPU: 0 PID: 754 Comm: trinity-main Not tainted 4.11.0-rc2-00002-g517e1fb #1
[ 18.670469] task: 4ca52e80 task.stack: 4c572000
[ 18.670860] EIP: __phys_addr+0x120/0x130
[ 18.671189] EFLAGS: 00010202 CPU: 0
[ 18.671482] EAX: 0000ff01 EBX: 50851020 ECX: 00000000 EDX: 00000001
[ 18.672025] ESI: 0000ff01 EDI: 10851020 EBP: 4c573e70 ESP: 4c573e60
[ 18.672557] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 18.673025] CR0: 80050033 CR2: 084da000 CR3: 0c65c4a0 CR4: 001406f0
[ 18.673560] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 18.674100] DR6: fffe0ff0 DR7: 00000400
[ 18.674420] Call Trace:
[ 18.674632] __check_object_size+0xff/0x42f
[ 18.674988] ? __might_sleep+0x8e/0x130
[ 18.675310] __get_filter+0xaa/0x130
[ 18.675612] sk_attach_filter+0x15/0x90
[ 18.675937] sock_setsockopt+0x6b3/0x960
[ 18.676263] SyS_socketcall+0x773/0x810
[ 18.676585] ? __do_page_fault+0x36c/0x730
[ 18.676932] do_int80_syscall_32+0x8a/0x230
[ 18.677307] ? prepare_exit_to_usermode+0x38/0x60
[ 18.677712] entry_INT80_32+0x2f/0x2f
[ 18.678034] EIP: 0x37688a42
[ 18.678278] EFLAGS: 00000202 CPU: 0
[ 18.678580] EAX: ffffffda EBX: 0000000e ECX: 3fc2da40 EDX: 3fc2dac0
[ 18.679099] ESI: 00000004 EDI: 00000035 EBP: 3753f1ac ESP: 3fc2da3c
[ 18.679618] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b
[ 18.680069] Code: 00 00 e0 ff 2d 00 20 00 00 39 c3 0f 83 47 ff ff ff c7 04 24 00 00 00 00 31 c9 ba 01 00 00 00 b8 98 e7 1a 42 e8 22 3e 0d 00 0f 0b <0f> 0b 8d b4 26 00 00 00 00 8d bc 27 00 00 00 00 55 89 e5 53 3e
[ 18.681652] EIP: __phys_addr+0x120/0x130 SS:ESP: 0068:4c573e60
[ 18.682174] ---[ end trace bbf34582d6d63d7a ]---
[ 18.682636] Kernel panic - not syncing: Fatal exception
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 773f7f5cf2d18eb40343d1e4e9a49062739e0425 a351e9b9fc24e982ec2f0e76379a49826036da12 --
git bisect bad 39af3d3d90897d17d79bc655068cf09a717a0e68 # 12:26 B 0 4 15 0 Merge 'mellanox/queue-next' into devel-spot-201705070851
git bisect bad 32f465722603afc8d3d90ad9fb999095afe11205 # 12:42 B 0 11 22 0 Merge 'linux-review/David-Ahern/net-reducing-memory-footprint-of-network-devices/20170507-031536' into devel-spot-201705070851
git bisect bad 1cbccce1b4565d60c4d9a5bc3aaf8d63b5b9224f # 12:53 B 0 11 22 0 Merge 'linux-review/Geliang-Tang/yam-use-memdup_user/20170507-045454' into devel-spot-201705070851
git bisect bad 408133c058c5492c03ff9f3827ccdb65b42cb842 # 13:06 B 0 11 22 0 Merge 'linux-review/Christophe-JAILLET/firmware-Google-VPD-Fix-memory-allocation-error-handling/20170507-064549' into devel-spot-201705070851
git bisect bad d5f6ce59cba315fc39f8bdd594d9a6ec7633be45 # 13:14 B 0 1 12 0 Merge 'linux-review/Geert-Uytterhoeven/signal-Export-signal_wake_up_state-to-modules/20170507-082935' into devel-spot-201705070851
git bisect good 163f34fcdf2791ac0e609d59440a9ef90d2bf3d2 # 13:34 G 11 0 0 0 0day base guard for 'devel-spot-201705070851'
git bisect good ddd92361062a7eb9708eb6c633346c35d0d67d2f # 13:45 G 11 0 0 0 Merge 'linux-review/Geliang-Tang/platform-x86-toshiba_acpi-use-memdup_user_nul/20170507-083752' into devel-spot-201705070851
git bisect bad a3719f34fdb664ffcfaec2160ef20fca7becf2ee # 13:57 B 0 11 22 0 Merge branch 'generic' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
git bisect good 5d15af6778b8e4ed1fd41b040283af278e7a9a72 # 14:11 G 11 0 0 0 Merge branch 'tipc-refactor-socket-receive-functions'
git bisect good 7c8c03bfc7b9f5211d8a69eab7fee99c9fb4f449 # 14:21 G 11 0 0 0 Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect bad 8d65b08debc7e62b2c6032d7fe7389d895b92cbc # 14:30 B 0 11 22 0 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
git bisect good b68e7e952f24527de62f4768b1cead91f92f5f6e # 14:40 G 11 0 0 0 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
git bisect bad 5b13475a5e12c49c24422ba1bd9998521dec1d4e # 14:51 B 0 11 22 0 Merge branch 'work.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
git bisect good 0cb300623e3bb460fd9853bbde2fd1973e3bbcd8 # 15:01 G 11 0 0 0 usb: gadget.h: be consistent at kernel doc macros
git bisect good 3a7d2fd16c57a1ef47dc2891171514231c9c7c6e # 15:21 G 11 0 0 0 pstore: Solve lockdep warning by moving inode locks
git bisect good c58d4055c054fc6dc72f1be8bc71bd6fff209e48 # 15:35 G 11 0 0 0 Merge tag 'docs-4.12' of git://git.lwn.net/linux
git bisect bad 6fd4e7f7744bd7859ca3cae19c4613252ebb6bff # 15:43 B 0 11 22 0 Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6
git bisect bad 5958cc49ed2961a059d92ae55afeeaba64a783a0 # 15:51 B 0 1 12 0 Merge tag 'usercopy-v4.12-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect bad 517e1fbeb65f5eade8d14f46ac365db6c75aea9b # 16:05 B 0 11 22 0 mm/usercopy: Drop extra is_vmalloc_or_module() check
git bisect good 96dc4f9fb64690fc34410415fd1fc609cf803f61 # 16:14 G 11 0 0 0 usercopy: Move enum for arch_within_stack_frames()
# first bad commit: [517e1fbeb65f5eade8d14f46ac365db6c75aea9b] mm/usercopy: Drop extra is_vmalloc_or_module() check
git bisect good 96dc4f9fb64690fc34410415fd1fc609cf803f61 # 16:17 G 31 0 0 0 usercopy: Move enum for arch_within_stack_frames()
# extra tests with CONFIG_DEBUG_INFO_REDUCED
git bisect bad 517e1fbeb65f5eade8d14f46ac365db6c75aea9b # 16:31 B 0 11 22 0 mm/usercopy: Drop extra is_vmalloc_or_module() check
# extra tests on HEAD of linux-devel/devel-spot-201705070851
git bisect bad 773f7f5cf2d18eb40343d1e4e9a49062739e0425 # 16:32 B 0 22 37 0 0day head guard for 'devel-spot-201705070851'
# extra tests on tree/branch linus/master
git bisect bad 13e0988140374123bead1dd27c287354cb95108e # 16:43 B 0 11 22 0 docs: complete bumping minimal GNU Make version to 3.81
# extra tests with first bad commit reverted
git bisect good 688e95d3e3571e6b1c08da62fc402f1c1c3d5542 # 16:53 G 10 0 0 0 Revert "mm/usercopy: Drop extra is_vmalloc_or_module() check"
# extra tests on tree/branch linux-next/master
git bisect bad 9e597e815f68867c70d1b70cb2b037b92a8ec12b # 17:06 B 0 9 27 7 Add linux-next specific files for 20170505
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
3 years, 8 months
[lkp-robot] [KEYS] 98f7748967: BUG:unable_to_handle_kernel
by kernel test robot
FYI, we noticed the following commit:
commit: 98f77489678c1531207c74aec3089a8647b662db ("KEYS: sanitize add_key() and keyctl() key payloads")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu IvyBridge -m 420M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------+------------+------------+
| | 8979b02aaf | 98f7748967 |
+------------------------------------------+------------+------------+
| boot_successes | 47 | 16 |
| boot_failures | 0 | 28 |
| BUG:unable_to_handle_kernel | 0 | 28 |
| Oops:#[##] | 0 | 28 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 28 |
+------------------------------------------+------------+------------+
[ 16.476188] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 16.478886] IP: memset_erms+0x9/0x10
[ 16.480180] PGD a9a067
[ 16.480181] PUD a9b067
[ 16.481283] PMD 0
[ 16.482389]
[ 16.484358] Oops: 0002 [#1] SMP
[ 16.485573] Modules linked in: pptp gre l2tp_ppp l2tp_netlink l2tp_core ip6_udp_tunnel udp_tunnel pppoe pppox ppp_generic slhc nfnetlink scsi_transport_iscsi dccp_ipv6 atm sctp dccp_ipv4 dccp
[ 16.490424] CPU: 0 PID: 311 Comm: trinity-c2 Not tainted 4.11.0-rc4-00106-g98f7748 #1
[ 16.493066] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 16.496072] task: ffff8800195425c0 task.stack: ffffc90000338000
[ 16.499768] RIP: 0010:memset_erms+0x9/0x10
[ 16.501145] RSP: 0018:ffffc9000033bea8 EFLAGS: 00010246
[ 16.502717] RAX: ffffffffffffff00 RBX: 0000000000000000 RCX: 0000000000000001
[ 16.504650] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[ 16.506550] RBP: ffffc9000033beb8 R08: 0000000000000020 R09: 0000000000000000
[ 16.508420] R10: 8080808080808080 R11: fefefefefefefeff R12: ffffffffffffff82
[ 16.510312] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffffffffff82
[ 16.512193] FS: 0000000000000000(0000) GS:ffff88000be00000(0063) knlGS:0000000009cf1840
[ 16.514822] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 16.516468] CR2: 0000000000000000 CR3: 0000000000a99000 CR4: 00000000001406f0
[ 16.518369] Call Trace:
[ 16.519468] ? memzero_explicit+0x12/0x20
[ 16.520838] SyS_add_key+0x14c/0x1f0
[ 16.522133] do_fast_syscall_32+0xab/0x250
[ 16.523508] entry_SYSENTER_compat+0x4c/0x5b
[ 16.524913] RIP: 0023:0xf77d5c99
[ 16.526137] RSP: 002b:00000000ffccaf0c EFLAGS: 00000292 ORIG_RAX: 000000000000011e
[ 16.544091] RAX: ffffffffffffffda RBX: 00000000080ecb3d RCX: 0000000000000000
[ 16.545969] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000102100a5
[ 16.547857] RBP: 0000000040000000 R08: 0000000000000000 R09: 0000000000000000
[ 16.549732] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 16.551615] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 16.553491] Code: 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 f3 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 <f3> aa 4c 89 c8 c3 90 49 89 fa 40 0f b6 ce 48 b8 01 01 01 01 01
[ 16.558559] RIP: memset_erms+0x9/0x10 RSP: ffffc9000033bea8
[ 16.560177] CR2: 0000000000000000
[ 16.561464] ---[ end trace 9432180228dd30ad ]---
To reproduce:
git clone https://github.com/01org/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Xiaolong
3 years, 8 months
[[media] rc] e662671619: BUG: kernel hang in test stage
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit e66267161971155a8b4756b4e17f2f2f82b9f842
Author: Sean Young <sean(a)mess.org>
AuthorDate: Tue Mar 7 17:07:59 2017 -0300
Commit: Mauro Carvalho Chehab <mchehab(a)s-opensource.com>
CommitDate: Wed Apr 5 14:50:57 2017 -0300
[media] rc: promote lirc_sir out of staging
Rename lirc_sir to sir_ir in the process.
Signed-off-by: Sean Young <sean(a)mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab(a)s-opensource.com>
8c7c6cad6a [media] staging: sir: make sure we are ready to receive interrupts
e662671619 [media] rc: promote lirc_sir out of staging
13e0988140 docs: complete bumping minimal GNU Make version to 3.81
f12e216777 Add linux-next specific files for 20170508
+------------------------------------------------------------------+------------+------------+------------+---------------+
| | 8c7c6cad6a | e662671619 | 13e0988140 | next-20170508 |
+------------------------------------------------------------------+------------+------------+------------+---------------+
| boot_successes | 55 | 0 | 0 | 0 |
| boot_failures | 0 | 37 | 37 | 40 |
| BUG:soft_lockup-CPU##stuck_for#s | 0 | 8 | 6 | 10 |
| Kernel_panic-not_syncing:softlockup:hung_tasks | 0 | 8 | 6 | 10 |
| BUG:kernel_hang_in_test_stage | 0 | 29 | 31 | 28 |
| INFO:rcu_sched_detected_stalls_on_CPUs/tasks | 0 | 0 | 2 | 3 |
| invoked_oom-killer:gfp_mask=0x | 0 | 0 | 0 | 2 |
| Mem-Info | 0 | 0 | 0 | 2 |
| Kernel_panic-not_syncing:Out_of_memory_and_no_killable_processes | 0 | 0 | 0 | 2 |
+------------------------------------------------------------------+------------+------------+------------+---------------+
[ 41.324393] ALSA device list:
[ 41.325049] No soundcards found.
[ 41.325049] No soundcards found.
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 9e597e815f68867c70d1b70cb2b037b92a8ec12b v4.11 --
git bisect good 8cb3085b3ac7fc4039a8c34af788dc4c08199dd8 # 08:30 G 11 0 0 0 Merge remote-tracking branch 'rockchip/for-next'
git bisect bad 348458a565902ee6a8a3c2efc178e969cd21c523 # 09:20 B 0 6 43 14 Merge remote-tracking branch 'gfs2/for-next'
git bisect good 55bb08aaf30223ed6306aee7a14bf8ddb38735e9 # 09:42 G 11 0 0 1 Merge remote-tracking branch 'ext4/dev'
git bisect good 9db7ad18806d57dde025d6c9e9360a6e9b7b1819 # 09:54 G 11 0 0 1 Merge branch 'dmi/master'
git bisect bad b7405c4fe570e3a2e07e930fff60a28617f3d84b # 10:31 B 0 11 52 16 Merge remote-tracking branch 'idle/next'
git bisect bad 365c61a843786374a541341b81059dcaea2a0f4d # 11:06 B 0 11 23 1 Merge remote-tracking branch 'v4l-dvb-next/master'
git bisect good d73d8a90a247a5ab8951c5520da96cc7915e5d58 # 11:15 G 10 0 0 0 Merge remote-tracking branch 'hwmon-staging/hwmon-next'
git bisect bad b61d4f520565450263784bdb22883115be5ad8ef # 11:45 B 0 4 31 16 Merge remote-tracking branch 'v4l-dvb/master'
git bisect bad eacb975b48272f54532b62f515a3cf7eefa35123 # 12:57 B 0 5 16 0 [media] usbvision: fix NULL-deref at probe
git bisect good 855749a75609122b57b2d4ebd872944836388a14 # 13:06 G 11 0 0 0 [media] sh_mobile_ceu_camera: use module_platform_driver
git bisect bad 91f6d55d70708ac3c5b8ede4b8943d701a19889e # 13:52 B 0 11 28 6 [media] staging: s5p-cec: Use cec_get_drvdata()
git bisect good cf9ed9aa5b0c196b796d2728218e3c06b0f42d90 # 14:04 G 11 0 0 1 [media] staging: sir: fill in missing fields and fix probe
git bisect bad 6ea87867e552500b242cd5be3590d6c1ff91f508 # 14:36 B 0 11 48 19 [media] atmel-isc: fix off-by-one comparison and out of bounds read issue
git bisect good 4d7cf7ec84a84b4950d8fb36c627771d38058300 # 14:52 G 11 0 0 0 [media] staging: sir: remove unnecessary messages
git bisect bad e66267161971155a8b4756b4e17f2f2f82b9f842 # 15:25 B 0 5 65 24 [media] rc: promote lirc_sir out of staging
git bisect good 8c7c6cad6aee5013694120a2b2907c530c08a245 # 15:39 G 11 0 0 1 [media] staging: sir: make sure we are ready to receive interrupts
# first bad commit: [e66267161971155a8b4756b4e17f2f2f82b9f842] [media] rc: promote lirc_sir out of staging
git bisect good 8c7c6cad6aee5013694120a2b2907c530c08a245 # 15:42 G 31 0 0 1 [media] staging: sir: make sure we are ready to receive interrupts
# extra tests with CONFIG_DEBUG_INFO_REDUCED
git bisect bad e66267161971155a8b4756b4e17f2f2f82b9f842 # 20:05 B 0 11 23 1 [media] rc: promote lirc_sir out of staging
# extra tests on HEAD of linux-review/SF-Markus-Elfring/x86-intel_rdt-Use-seq_putc-in-show_doms/20170508-060003
git bisect bad 6b84ef06519036e44450fde94d2a4d4763186e32 # 20:05 B 0 21 35 0 x86/intel_rdt: Use seq_putc() in show_doms()
# extra tests on tree/branch linus/master
git bisect bad 13e0988140374123bead1dd27c287354cb95108e # 20:06 B 0 31 86 6 docs: complete bumping minimal GNU Make version to 3.81
# extra tests on tree/branch linux-next/master
git bisect bad f12e216777935a05c1dff943e41ecee62e80fe35 # 20:07 B 0 28 67 12 Add linux-next specific files for 20170508
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
3 years, 8 months
[lkp-robot] [mm, zone_device] 7138970383: BUG:kernel_hang_in_boot_stage
by kernel test robot
FYI, we noticed the following commit:
commit: 71389703839ebe9cb426c72d5f0bd549592e583c ("mm, zone_device: Replace {get, put}_zone_device_page() with a single reference to fix pmem crash")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -m 420M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------------------------------------------------------------------------+------------+------------+
| | dbd68d8e84 | 7138970383 |
+------------------------------------------------------------------------------------------------------------+------------+------------+
| boot_successes | 0 | 0 |
| boot_failures | 10 | 10 |
| Kernel_panic-not_syncing:memblock_virt_alloc_try_nid:Failed_to_allocate#bytes_align=#nid=-#from=#max_addr= | 4 | |
| BUG:unable_to_handle_kernel | 6 | |
| Oops:#[##] | 6 | |
| Kernel_panic-not_syncing:Fatal_exception | 6 | |
| BUG:kernel_hang_in_boot_stage | 0 | 10 |
+------------------------------------------------------------------------------------------------------------+------------+------------+
[ 0.000000] BRK [0x0d8cf000, 0x0d8cffff] PGTABLE
[ 0.000000] BRK [0x0d8d0000, 0x0d8d0fff] PGTABLE
[ 0.000000] BRK [0x0d8d1000, 0x0d8d1fff] PGTABLE
Elapsed time: 440
BUG: kernel hang in boot stage
initrds=(
/osimage/yocto/yocto-tiny-i386-2016-04-22.cgz
/lkp/scheduled/vm-lkp-st01-yocto-ia32-9/trinity-300s-yocto-tiny-i386-2016-04-22.cgz-71389703839ebe9cb426c72d5f0bd549592e583c-20170505-92051-1nqet0z-0.cgz
/lkp/lkp/lkp-i386.cgz
To reproduce:
git clone https://github.com/01org/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Xiaolong
3 years, 8 months
[lkp-robot] [generic_file_read_iter()] 5ecda13711: BUG:KASAN:stack-out-of-bounds
by kernel test robot
FYI, we noticed the following commit:
commit: 5ecda13711b3bd4a750b5740897bf13d1720de7c ("generic_file_read_iter(): make use of iov_iter_revert()")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
in testcase: ocfs2test
with following parameters:
disk: 1HDD
test: test-backup_super
on test machine: qemu-system-x86_64 -enable-kvm -cpu host -smp 2 -m 4G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------------------------------+------------+------------+
| | 639a93a521 | 5ecda13711 |
+------------------------------------------------------------------+------------+------------+
| boot_successes | 4 | 0 |
| boot_failures | 4 | 8 |
| invoked_oom-killer:gfp_mask=0x | 4 | 4 |
| Mem-Info | 4 | 4 |
| Kernel_panic-not_syncing:Out_of_memory_and_no_killable_processes | 4 | 4 |
| BUG:KASAN:stack-out-of-bounds | 0 | 4 |
+------------------------------------------------------------------+------------+------------+
[ 175.170846] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x329/0x38b at addr ffff880078647c78
[ 175.170846] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x329/0x38b at addr ffff880078647c78
[ 175.174119] Read of size 8 by task mkfs.ocfs2/9842
[ 175.174119] Read of size 8 by task mkfs.ocfs2/9842
[ 175.175859] page:ffffea0001e191c0 count:0 mapcount:0 mapping: (null) index:0x1
[ 175.175859] page:ffffea0001e191c0 count:0 mapcount:0 mapping: (null) index:0x1
[ 175.179119] flags: 0x4000000000000000()
[ 175.179119] flags: 0x4000000000000000()
[ 175.180524] raw: 4000000000000000 0000000000000000 0000000000000001 00000000ffffffff
[ 175.180524] raw: 4000000000000000 0000000000000000 0000000000000001 00000000ffffffff
[ 175.183572] raw: 0000000000000000 dead000000000200 0000000000000000 0000000000000000
[ 175.183572] raw: 0000000000000000 dead000000000200 0000000000000000 0000000000000000
[ 175.186246] page dumped because: kasan: bad access detected
[ 175.186246] page dumped because: kasan: bad access detected
[ 175.188352] CPU: 0 PID: 9842 Comm: mkfs.ocfs2 Not tainted 4.11.0-rc7-00010-g5ecda13 #2
[ 175.188352] CPU: 0 PID: 9842 Comm: mkfs.ocfs2 Not tainted 4.11.0-rc7-00010-g5ecda13 #2
[ 175.191815] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 175.191815] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 175.195549] Call Trace:
[ 175.195549] Call Trace:
[ 175.196508] show_stack+0x6b/0x6e
[ 175.196508] show_stack+0x6b/0x6e
[ 175.198026] dump_stack+0x19/0x1b
[ 175.198026] dump_stack+0x19/0x1b
[ 175.199362] kasan_report+0x49b/0x5ba
[ 175.199362] kasan_report+0x49b/0x5ba
[ 175.200687] ? iov_iter_revert+0x329/0x38b
[ 175.200687] ? iov_iter_revert+0x329/0x38b
[ 175.202208] ? ftrace_likely_update+0x245/0x267
[ 175.202208] ? ftrace_likely_update+0x245/0x267
[ 175.203797] __asan_load8+0x64/0x66
[ 175.203797] __asan_load8+0x64/0x66
[ 175.205257] iov_iter_revert+0x329/0x38b
[ 175.205257] iov_iter_revert+0x329/0x38b
[ 175.206703] generic_file_read_iter+0xe8b/0xeab
[ 175.206703] generic_file_read_iter+0xe8b/0xeab
[ 175.208287] ? iov_iter_init+0xc0/0xd5
[ 175.208287] ? iov_iter_init+0xc0/0xd5
[ 175.209620] ? import_single_range+0x23e/0x272
[ 175.209620] ? import_single_range+0x23e/0x272
[ 175.211225] blkdev_read_iter+0xd8/0xe3
[ 175.211225] blkdev_read_iter+0xd8/0xe3
[ 175.212754] aio_read+0x251/0x2b2
[ 175.212754] aio_read+0x251/0x2b2
[ 175.214095] ? inc_slabs_node+0x38/0x56
[ 175.214095] ? inc_slabs_node+0x38/0x56
[ 175.215420] ? aio_ret+0x40/0x40
[ 175.215420] ? aio_ret+0x40/0x40
[ 175.216629] ? ftrace_likely_update+0x245/0x267
[ 175.216629] ? ftrace_likely_update+0x245/0x267
[ 175.218348] ? ftrace_likely_update+0x245/0x267
[ 175.218348] ? ftrace_likely_update+0x245/0x267
[ 175.219937] ? __asan_loadN+0xf/0x11
[ 175.219937] ? __asan_loadN+0xf/0x11
[ 175.221193] ? ___might_sleep+0x9a/0x233
[ 175.221193] ? ___might_sleep+0x9a/0x233
[ 175.222755] ? __might_sleep+0x16a/0x179
[ 175.222755] ? __might_sleep+0x16a/0x179
[ 175.224220] ? ftrace_likely_update+0x245/0x267
[ 175.224220] ? ftrace_likely_update+0x245/0x267
[ 175.225714] do_io_submit+0xb79/0xcec
[ 175.225714] do_io_submit+0xb79/0xcec
[ 175.227109] ? do_io_submit+0xb79/0xcec
[ 175.227109] ? do_io_submit+0xb79/0xcec
[ 175.228580] ? aio_write+0x383/0x383
[ 175.228580] ? aio_write+0x383/0x383
[ 175.229952] ? __asan_loadN+0xf/0x11
[ 175.229952] ? __asan_loadN+0xf/0x11
[ 175.231291] ? SyS_io_destroy+0x159/0x159
[ 175.231291] ? SyS_io_destroy+0x159/0x159
[ 175.232632] SyS_io_submit+0x10/0x12
[ 175.232632] SyS_io_submit+0x10/0x12
[ 175.233999] ? SyS_io_submit+0x10/0x12
[ 175.233999] ? SyS_io_submit+0x10/0x12
[ 175.235354] do_syscall_64+0x15c/0x181
[ 175.235354] do_syscall_64+0x15c/0x181
[ 175.236711] entry_SYSCALL64_slow_path+0x25/0x25
[ 175.236711] entry_SYSCALL64_slow_path+0x25/0x25
[ 175.238567] RIP: 0033:0x7f38a230b717
[ 175.238567] RIP: 0033:0x7f38a230b717
[ 175.239860] RSP: 002b:00007ffd4ee48758 EFLAGS: 00000202 ORIG_RAX: 00000000000000d1
[ 175.239860] RSP: 002b:00007ffd4ee48758 EFLAGS: 00000202 ORIG_RAX: 00000000000000d1
[ 175.242402] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 00007f38a230b717
[ 175.242402] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 00007f38a230b717
[ 175.245068] RDX: 0000562743398ee0 RSI: 0000000000000013 RDI: 00007f38a2f3e000
[ 175.245068] RDX: 0000562743398ee0 RSI: 0000000000000013 RDI: 00007f38a2f3e000
[ 175.247490] RBP: 0000562743398ee0 R08: 000000000fc00000 R09: 0000000000000200
[ 175.247490] RBP: 0000562743398ee0 R08: 000000000fc00000 R09: 0000000000000200
[ 175.249921] R10: 000000000000000f R11: 0000000000000202 R12: 0000562743382c10
[ 175.249921] R10: 000000000000000f R11: 0000000000000202 R12: 0000562743382c10
[ 175.252356] R13: 0000562743382380 R14: 0000000000000000 R15: 0000562743d185e8
[ 175.252356] R13: 0000562743382380 R14: 0000000000000000 R15: 0000562743d185e8
[ 175.254872] Memory state around the buggy address:
[ 175.254872] Memory state around the buggy address:
[ 175.256518] ffff880078647b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 175.256518] ffff880078647b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 175.258928] ffff880078647b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4
[ 175.258928] ffff880078647b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4
[ 175.261370] >ffff880078647c00: f2 f2 f2 f2 00 00 00 00 00 f4 f4 f4 f2 f2 f2 f2
[ 175.261370] >ffff880078647c00: f2 f2 f2 f2 00 00 00 00 00 f4 f4 f4 f2 f2 f2 f2
[ 175.263840] ^
[ 175.263840] ^
To reproduce:
git clone https://github.com/01org/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Xiaolong
3 years, 8 months