5609bf81b4 ("vfs: Simplify security mount option processing"): BUG: unable to handle kernel NULL pointer dereference at 00000010
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git mount-cleanups-testing
commit 5609bf81b4a4d2ddf98728fc5c81ef5f394830e3
Author: Eric W. Biederman <ebiederm(a)xmission.com>
AuthorDate: Thu Dec 20 15:55:56 2018 -0600
Commit: Eric W. Biederman <ebiederm(a)xmission.com>
CommitDate: Thu Dec 20 16:07:18 2018 -0600
vfs: Simplify security mount option processing
Reduce the security hooks for processing mount options from
sb_copy_data, sb_parse_opts_str, and sb_set_mnt_opts to just
sb_mnt_opts.
Use split_options that iterates through all of the mount options and
pulls out the security mount options.
Use join_options that iterates through split out options and forms
a single mount option string again.
Add a hard coded copy of the security mount options and always parse
them out, so that there is no a chance of a filesystem implementing one
of these options by accident.
Using split_options strikes a happy medium between the logic that
selinux used to parse mount options and the logic most it not all
filesystems have used to parse mount options. Ordinary filesystems
separate mount options on a comma. The code in selinux will ignore
commas if they are enclosed in quotation marks. The code in selinux
would process quotation marks anywhere. The code in split_options
only looks for quotaion marks after an equal sign. This difference in
implementation will not result in a difference in accepted options
because selinux would look for options before removing the quotation
marks. Which resulted in selinux never accepting any options with
embedded quotation marks. Embedded quotation marks were only accepted
and stripped from option values.
Signed-off-by: "Eric W. Biederman" <ebiederm(a)xmission.com>
a11b1ee543 vfs: Implement empty_optv
5609bf81b4 vfs: Simplify security mount option processing
e66804b3e4 fs/sockfs: Don't register the sockfs filesystem
+------------------------------------------------+------------+------------+------------+
| | a11b1ee543 | 5609bf81b4 | e66804b3e4 |
+------------------------------------------------+------------+------------+------------+
| boot_successes | 37 | 0 | 0 |
| boot_failures | 3 | 19 | 60 |
| EIP:find_get_entry | 1 | | |
| EIP:lock_acquire | 2 | | |
| INFO:rcu_preempt_detected_stalls_on_CPUs/tasks | 2 | | |
| EIP:_raw_spin_unlock_irq | 2 | | |
| EIP:__radix_tree_lookup | 1 | | |
| BUG:unable_to_handle_kernel | 0 | 19 | 60 |
| Oops:#[##] | 0 | 19 | 60 |
| EIP:join_options | 0 | 19 | 60 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 19 | 60 |
+------------------------------------------------+------------+------------+------------+
[ 3.902574] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x20974986637, max_idle_ns: 440795286310 ns
[ 3.923641] Calibrating delay loop (skipped) preset value.. 4521.99 BogoMIPS (lpj=9043992)
[ 3.927472] pid_max: default: 32768 minimum: 301
[ 3.933024] Mount-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 3.935509] Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes)
[ 3.940082] BUG: unable to handle kernel NULL pointer dereference at 00000010
[ 3.943408] *pdpt = 0000000000000000 *pde = f000ff53f000ff53
[ 3.943408] Oops: 0002 [#1] PREEMPT SMP PTI
[ 3.943408] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc1-00051-g5609bf8 #1
[ 3.943408] EIP: join_options+0x8b/0xb0
[ 3.943408] Code: 2b 9f 4f 00 3b 5d f0 89 c7 74 34 c6 03 2c 83 c3 01 8b 16 89 d8 83 c6 04 89 f9 01 fb e8 0e 9b 4f 00 8b 06 85 c0 75 d8 8b 45 f0 <c6> 03 00 83 c4 04 5b 5e 5f 5d c3 8d 76 00 8d bc 27 00 00 00 00 8b
[ 3.943408] EAX: 00000010 EBX: 00000010 ECX: 00000000 EDX: 006000c0
[ 3.943408] ESI: c0099be0 EDI: 00000000 EBP: c19b5f04 ESP: c19b5ef4
[ 3.943408] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00210246
[ 3.943408] CR0: 80050033 CR2: 00000010 CR3: 01c60000 CR4: 000006b0
[ 3.943408] Call Trace:
[ 3.943408] security_parse_options+0x50/0xa0
[ 3.943408] mount_fs+0x28/0xb0
[ 3.943408] vfs_kern_mount+0x44/0x160
[ 3.943408] mnt_init+0x10e/0x187
[ 3.943408] vfs_caches_init+0x62/0x69
[ 3.943408] start_kernel+0x3a2/0x3e0
[ 3.943408] i386_start_kernel+0x8f/0x93
[ 3.943408] startup_32_smp+0x164/0x170
[ 3.943408] Modules linked in:
[ 3.943408] CR2: 0000000000000010
[ 3.943408] random: get_random_bytes called from init_oops_id+0x3a/0x40 with crng_init=0
[ 3.943408] ---[ end trace 1981dea1383c4094 ]---
[ 3.943408] EIP: join_options+0x8b/0xb0
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 4a4a372506a40edd871795085bd35e87f516a215 7566ec393f4161572ba6f11ad5171fd5d59b0fbd --
git bisect bad 336ada7dce7660c29c875b47ad05f1fce31b0d02 # 01:01 B 0 19 34 0 Merge 'linux-review/egranata-google-com/mfd-cros_ec-Add-support-for-MKBP-more-event-flags/20181222-150855' into devel-catchup-201812221628
git bisect good 11027bf664b12387ebebcf84f48fef6aaf0a9b16 # 01:01 G 30 0 0 6 Merge 'linux-review/Gregory-CLEMENT/Few-fix-for-pins-configuration-on-Armada-37xx/20181222-154840' into devel-catchup-201812221628
git bisect bad c31e00a400b7e2c2884a34133be95a1fe0804a89 # 01:01 B 0 17 32 0 Merge 'trace/ftrace/core' into devel-catchup-201812221628
git bisect bad ce8e4824e1f19606d83531c77818d559b7356708 # 01:01 B 0 19 56 0 Merge 'userns/mount-cleanups-testing' into devel-catchup-201812221628
git bisect bad 7cfe8740f3f3d6f7cad608a0fc01f9d769622384 # 01:01 B 0 13 28 0 fs/nfs: Add square brackets around the hostname if necessary in try_location
git bisect good 94e6195c59669fb881f9c61dc4db23d643c78b97 # 01:30 G 10 0 0 0 fs/btrfs: Remove the unnecessary fs_devices paramter from btrfs_fill_super
git bisect bad 5609bf81b4a4d2ddf98728fc5c81ef5f394830e3 # 01:50 B 0 8 23 0 vfs: Simplify security mount option processing
git bisect good 675a0700720a2805b2985a7d15e297a2c5131ccc # 02:21 G 11 0 3 3 vfs: Don't pass ms_flags to do_remount
git bisect good 6df987267d145ba973473ea767bacc922b0f3d35 # 02:34 G 10 0 0 0 selinux: Move quote stripping into match_dequote_strdup
git bisect good fc1367fde016d24db0ff7ce6da2ce42d4407faa2 # 02:45 G 11 0 1 1 smack: Ensure smack_set_mnt_opts includes all error checking
git bisect good a11b1ee5431b788103867fa956f993d8c02e5832 # 03:06 G 10 0 3 3 vfs: Implement empty_optv
# first bad commit: [5609bf81b4a4d2ddf98728fc5c81ef5f394830e3] vfs: Simplify security mount option processing
git bisect good a11b1ee5431b788103867fa956f993d8c02e5832 # 03:11 G 33 0 0 3 vfs: Implement empty_optv
# extra tests on HEAD of linux-devel/devel-catchup-201812221628
git bisect bad 4a4a372506a40edd871795085bd35e87f516a215 # 03:11 B 0 48 97 0 0day head guard for 'devel-catchup-201812221628'
# extra tests on tree/branch userns/mount-cleanups-testing
git bisect bad e66804b3e43438cfda061f36bbb5d895f9c5bb28 # 03:12 B 0 60 133 0 fs/sockfs: Don't register the sockfs filesystem
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
2 years
c774ef18d3 ("new helpers: vfs_create_mount(), fc_mount()"): BUG: unable to handle kernel NULL pointer dereference at 00000000000000c0
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git Q33
commit c774ef18d367b033d99817a994552d2d63873395
Author: Al Viro <viro(a)zeniv.linux.org.uk>
AuthorDate: Sun Nov 4 06:48:34 2018 -0500
Commit: Al Viro <viro(a)zeniv.linux.org.uk>
CommitDate: Thu Dec 20 13:17:59 2018 -0500
new helpers: vfs_create_mount(), fc_mount()
Create a new helper, vfs_create_mount(), that creates a detached vfsmount
object from an fs_context that has a superblock attached to it.
Almost all uses will be paired with immediately preceding vfs_get_tree();
add a helper for such combination.
Switch vfs_kern_mount() to use this.
NOTE: mild behaviour change; passing NULL as 'device name' to
something like procfs will change /proc/*/mountstats - "device none"
instead on "no device". That is consistent with /proc/mounts et.al.
[do'h - EXPORT_SYMBOL_GPL slipped in by mistake; removed]
[AV -- remove confused comment from vfs_create_mount()]
[AV -- removed the second argument]
Signed-off-by: Al Viro <viro(a)zeniv.linux.org.uk>
Reviewed-by: David Howells <dhowells(a)redhat.com>
bc931e9585 vfs: Introduce fs_context, switch vfs_kern_mount() to it.
c774ef18d3 new helpers: vfs_create_mount(), fc_mount()
7137da19ff btrfs: Convert to using fs_context
+-------------------------------------------------+------------+------------+------------+
| | bc931e9585 | c774ef18d3 | 7137da19ff |
+-------------------------------------------------+------------+------------+------------+
| boot_successes | 29 | 0 | 0 |
| boot_failures | 3 | 11 | 11 |
| BUG:kernel_reboot-without-warning_in_test_stage | 3 | | |
| BUG:unable_to_handle_kernel | 0 | 11 | 11 |
| Oops:#[##] | 0 | 11 | 11 |
| RIP:create_mnt_ns | 0 | 11 | 11 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 11 | 11 |
+-------------------------------------------------+------------+------------+------------+
[ 0.674712] pid_max: default: 32768 minimum: 301
[ 0.676270] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
[ 0.678081] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes)
[ 0.680166] Mount-cache hash table entries: 1024 (order: 1, 8192 bytes)
[ 0.681877] Mountpoint-cache hash table entries: 1024 (order: 1, 8192 bytes)
[ 0.683691] BUG: unable to handle kernel NULL pointer dereference at 00000000000000c0
[ 0.684151] PGD 0 P4D 0
[ 0.684151] Oops: 0002 [#1] SMP PTI
[ 0.684151] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.20.0-rc1-00029-gc774ef1 #1
[ 0.684151] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 0.684151] RIP: 0010:create_mnt_ns+0x22/0x61
[ 0.684151] Code: 00 00 e9 4e fe ff ff c3 0f 1f 44 00 00 53 51 48 89 fb 48 c7 c7 c0 a3 24 82 e8 22 f5 ff ff 48 3d 00 f0 ff ff 77 30 48 8d 53 e0 <48> 89 83 c0 00 00 00 48 8b 48 28 ff 40 70 48 89 50 20 48 8d 53 68
[ 0.684151] RSP: 0000:ffffffff82203ec8 EFLAGS: 00010283
[ 0.684151] RAX: ffff88001206e080 RBX: 0000000000000000 RCX: 0000000000000000
[ 0.684151] RDX: ffffffffffffffe0 RSI: ffffffff82074fb0 RDI: ffff88001206e0d0
[ 0.684151] RBP: ffffffff82219700 R08: 0000000000000003 R09: 0000000000000000
[ 0.684151] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82708920
[ 0.684151] R13: ffffffff8270f2e0 R14: 0000000000000000 R15: 0000000000000000
[ 0.684151] FS: 0000000000000000(0000) GS:ffff880012600000(0000) knlGS:0000000000000000
[ 0.684151] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.684151] CR2: 00000000000000c0 CR3: 0000000002212001 CR4: 00000000000606b0
[ 0.684151] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 0.684151] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 0.684151] Call Trace:
[ 0.684151] mnt_init+0x178/0x1eb
[ 0.684151] vfs_caches_init+0xca/0xd4
[ 0.684151] start_kernel+0x43a/0x4ab
[ 0.684151] secondary_startup_64+0xa4/0xb0
[ 0.684151] Modules linked in:
[ 0.684151] CR2: 00000000000000c0
[ 0.684151] ---[ end trace debc6a384b02c03f ]---
[ 0.684151] RIP: 0010:create_mnt_ns+0x22/0x61
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 187a5d92c189bb47c927fe186d3fd6334e8f38f6 7566ec393f4161572ba6f11ad5171fd5d59b0fbd --
git bisect bad a451148b4ddcce0e3e741117a52435711c43b02e # 13:45 B 0 10 25 0 Merge 'linux-review/Song-Liu/reveal-invisible-bpf-programs/20181221-173747' into devel-catchup-201812220017
git bisect good a928489be34e7799b4cc3103004f094a1f12c007 # 14:09 G 11 0 1 1 Merge 'gpio/gpio-descriptors-wdt' into devel-catchup-201812220017
git bisect good d39ce7009b92630e76be6922934333d3b0ecf279 # 15:09 G 10 0 3 3 Merge 'linux-review/Brad-Love/Add-Hauppauge-HVR1955-1975-devices/20181221-122142' into devel-catchup-201812220017
git bisect bad fc70328d8e28c9222662d6b04f9348d09c436f8c # 15:32 B 0 10 25 0 Merge 'linux-nvdimm/libnvdimm-for-next' into devel-catchup-201812220017
git bisect bad 1149204a1c880c1064607b61c9cd0174407d9e03 # 15:42 B 0 11 26 0 Merge 'vfs/Q33' into devel-catchup-201812220017
git bisect good f14cb59d4ccd6a2233ef3acdc29807083b3d3ddc # 15:58 G 10 0 2 2 Merge 'vhost/linux-next' into devel-catchup-201812220017
git bisect bad 096a4266d960fef1d8b03bf318333ffc1fd8cd48 # 16:09 B 0 11 26 0 ipc: Convert mqueue fs to fs_context
git bisect good 8a2bfb0f835ad140bd4cd4e3fd901c072d58e69a # 16:19 G 11 0 4 4 selinux: rewrite selinux_sb_eat_lsm_opts()
git bisect bad e83c2df716dcad81263eab64fcaa261465c243eb # 16:29 B 0 11 26 0 vfs: Introduce additional defs for a new mount API
git bisect good 84b9446c0cb2ae47e837303d5401430645b5153d # 16:38 G 10 0 2 2 mount_fs: suppress MAC on MS_SUBMOUNT as well as MS_KERNMOUNT
git bisect bad 4808e1d0e8e6c3606b04ada64b23b0af69ed6692 # 16:50 B 0 11 26 0 teach vfs_get_tree() to handle subtype, switch do_new_mount() to it
git bisect bad c774ef18d367b033d99817a994552d2d63873395 # 17:00 B 0 11 26 0 new helpers: vfs_create_mount(), fc_mount()
git bisect good bc931e958505004c23f1377bfb1b08ec3baae8b6 # 17:10 G 11 0 2 2 vfs: Introduce fs_context, switch vfs_kern_mount() to it.
# first bad commit: [c774ef18d367b033d99817a994552d2d63873395] new helpers: vfs_create_mount(), fc_mount()
git bisect good bc931e958505004c23f1377bfb1b08ec3baae8b6 # 17:13 G 30 0 3 5 vfs: Introduce fs_context, switch vfs_kern_mount() to it.
# extra tests on HEAD of linux-devel/devel-catchup-201812220017
git bisect bad 187a5d92c189bb47c927fe186d3fd6334e8f38f6 # 17:13 B 0 37 79 0 0day head guard for 'devel-catchup-201812220017'
# extra tests on tree/branch vfs/Q33
git bisect bad 7137da19ff622a80c07afb57e5a79794f0d7d54d # 17:24 B 0 11 26 0 btrfs: Convert to using fs_context
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
2 years
461e557b97 ("rtc: nvmem: use devm_nvmem_register()"): general protection fault: 0000 [#1] PREEMPT SMP PTI
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
commit 461e557b97277b693cd8008c32a9d01c7f8f453b
Author: Alexandre Belloni <alexandre.belloni(a)bootlin.com>
AuthorDate: Sat Nov 10 21:29:02 2018 +0100
Commit: Alexandre Belloni <alexandre.belloni(a)bootlin.com>
CommitDate: Thu Nov 22 18:10:04 2018 +0100
rtc: nvmem: use devm_nvmem_register()
Use the resource managed variant of nvmem_register().
Signed-off-by: Alexandre Belloni <alexandre.belloni(a)bootlin.com>
b28cc6cec3 rtc: max77686: Fix the returned value in case of error in 'max77686_rtc_read_time()'
461e557b97 rtc: nvmem: use devm_nvmem_register()
340ae71f9d Add linux-next specific files for 20181221
+------------------------------------------+------------+------------+---------------+
| | b28cc6cec3 | 461e557b97 | next-20181221 |
+------------------------------------------+------------+------------+---------------+
| boot_successes | 38 | 6 | 0 |
| boot_failures | 0 | 11 | 10 |
| general_protection_fault:#[##] | 0 | 10 | 10 |
| RIP:kernfs_name_hash | 0 | 11 | 10 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 11 | 10 |
| BUG:unable_to_handle_kernel | 0 | 1 | |
| Oops:#[##] | 0 | 1 | |
+------------------------------------------+------------+------------+---------------+
[ 70.519017] serio: i8042 KBD port at 0x60,0x64 irq 1
[ 70.526383] serio: i8042 AUX port at 0x60,0x64 irq 12
[ 70.537997] rtc_cmos 00:00: RTC can wake from S4
[ 70.553207] rtc_cmos 00:00: registered as rtc0
[ 70.560410] rtc_cmos 00:00: alarms up to one day, y3k, 114 bytes nvram, hpet irqs
[ 70.572295] general protection fault: 0000 [#1] PREEMPT SMP PTI
[ 70.579279] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G T 4.20.0-rc1-00009-g461e557 #1
[ 70.579447] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 70.579447] RIP: 0010:kernfs_name_hash+0x13/0x77
[ 70.579447] Code: 36 c2 81 74 04 48 8b 77 40 48 89 df e8 ea 9f 37 00 5a 5b 41 5c 5d c3 55 31 c0 48 89 e5 53 51 48 89 75 f0 48 83 c9 ff 48 89 fb <f2> ae 48 f7 d1 8d 79 ff 31 c9 48 39 cf 74 1f 48 0f be 04 0b 48 ff
[ 70.579447] RSP: 0000:ffff88000002fbd0 EFLAGS: 00010286
[ 70.579447] RAX: 0000000000000000 RBX: 00306d6172766e5f RCX: ffffffffffffffff
[ 70.579447] RDX: ffffffff81e48650 RSI: 0000000000000000 RDI: 00306d6172766e5f
[ 70.579447] RBP: ffff88000002fbe0 R08: 0000000000000002 R09: 0000000000000000
[ 70.579447] R10: ffff88000002fc10 R11: 0000000000000000 R12: 00306d6172760000
[ 70.579447] R13: 00306d6172766e5f R14: 0000000000000000 R15: ffff88001e8a90f8
[ 70.579447] FS: 0000000000000000(0000) GS:ffff88001ec00000(0000) knlGS:0000000000000000
[ 70.579447] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 70.579447] CR2: 0000000000000000 CR3: 0000000001e12001 CR4: 00000000000206b0
[ 70.579447] Call Trace:
[ 70.579447] kernfs_find_ns+0x8d/0xd7
[ 70.579447] kernfs_remove_by_name_ns+0x48/0x74
[ 70.579447] sysfs_remove_bin_file+0x15/0x1a
[ 70.579447] rtc_nvmem_unregister+0x1d/0x20
[ 70.579447] devm_rtc_release_device+0x10/0x2b
[ 70.579447] release_nodes+0x143/0x166
[ 70.579447] devres_release_all+0x3f/0x42
[ 70.579447] really_probe+0x184/0x43b
[ 70.579447] driver_probe_device+0xd3/0x109
[ 70.579447] __driver_attach+0xbb/0xed
[ 70.579447] ? driver_probe_device+0x109/0x109
[ 70.579447] bus_for_each_dev+0x64/0x84
[ 70.579447] driver_attach+0x1d/0x20
[ 70.579447] bus_add_driver+0x12e/0x215
[ 70.579447] ? abb5zes3_driver_init+0x3e/0x3e
[ 70.579447] driver_register+0x9e/0xd5
[ 70.579447] ? abb5zes3_driver_init+0x3e/0x3e
[ 70.579447] pnp_register_driver+0x1d/0x20
[ 70.579447] cmos_init+0x29/0x124
[ 70.579447] do_one_initcall+0x64/0x13a
[ 70.579447] kernel_init_freeable+0x1f5/0x312
[ 70.579447] ? rest_init+0xf1/0xf1
[ 70.579447] kernel_init+0x9/0xf5
[ 70.579447] ret_from_fork+0x1f/0x30
[ 70.579447] Modules linked in:
[ 70.808717] _warn_unseeded_randomness: 532 callbacks suppressed
[ 70.808746] random: get_random_bytes called from init_oops_id+0x21/0x32 with crng_init=0
[ 70.825276] ---[ end trace c9047975d5c3ca19 ]---
[ 70.831051] RIP: 0010:kernfs_name_hash+0x13/0x77
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 0e80ee05ee35680188bcaf636d0bff92c030336c 7566ec393f4161572ba6f11ad5171fd5d59b0fbd --
git bisect bad e5a4119ef9ca0b27e24f0bb15f56495d0236e0f3 # 00:18 B 0 8 23 0 Merge 'linux-review/Rajan-Vaja/tty-xilinx_uartps-Correct-return-value-in-probe/20181207-073642' into devel-hourly-2018122012
git bisect bad 96d2ce9e98d280a41345e2af9bb74ed976e40f90 # 03:14 B 0 6 21 0 Merge 'linux-review/xiangxia-m-yue-gmail-com/net-sched-simplify-the-qdisc_leaf-code/20181213-183949' into devel-hourly-2018122012
git bisect bad 054a77f827aedac3cb7959c4f497d25325bfff0f # 05:10 B 0 4 19 0 Merge 'linux-review/Nicholas-Mc-Guire/livepatch-fix-non-static-warnings/20181217-073730' into devel-hourly-2018122012
git bisect good d6d81a30352845d697be1a52ccc5f641f07a79d4 # 07:04 G 13 0 1 1 Merge 'peterz-queue/x86/pti' into devel-hourly-2018122012
git bisect bad 90e55db61c917ce156bbc5f8c89c2c9d9748626b # 08:41 B 0 8 23 0 Merge 'tip/ras/core' into devel-hourly-2018122012
git bisect good d31c669e7a058869c0635e417a22e577edd93847 # 10:15 G 12 0 0 0 Merge 'zanussi-trace/ftrace/hist-var-ref-cleanup-v1' into devel-hourly-2018122012
git bisect good 8d7e2175e4c9ec5bda12e90f9c97bf948507b3a4 # 11:46 G 13 0 0 0 Merge 'jcmvbkbc-xtensa/xtensa-tracehook' into devel-hourly-2018122012
git bisect bad e6bb24a19a527193694bb3ddd6da11e395b27034 # 13:27 B 0 5 20 0 Merge 'linux-review/Vijay-Khemka/ARM-dts-aspeed-Add-sensors-devices-for-Facebook/20181218-053805' into devel-hourly-2018122012
git bisect good f8e5df4e821a444616911a86f386dbb42b314740 # 15:18 G 12 0 1 1 Merge 'robh/dt/linus' into devel-hourly-2018122012
git bisect bad ba68252cd578072758762daf7555388f04856d38 # 16:49 B 1 12 1 1 Merge 'linux-review/Alexandre-Belloni/rtc-pcf2123-Add-Microcrystal-rv2123/20181220-032729' into devel-hourly-2018122012
git bisect bad 5548cbf7f148b9a039b19fa4697f1b9beaba2c78 # 18:20 B 0 6 21 0 rtc: Switch to use %ptR
git bisect bad facc23b8ff21e9fb328938baf15ae68a91af0cb9 # 20:22 B 0 12 27 0 rtc: isl1208: Use i2c block read/write routines
git bisect good f1bd154d8838f9bddbe0f07292dd1c70a47c8b83 # 21:48 G 12 0 0 0 rtc: m41t80: Complete error propagation from SMBus calls
git bisect bad 461e557b97277b693cd8008c32a9d01c7f8f453b # 23:35 B 0 1 16 0 rtc: nvmem: use devm_nvmem_register()
git bisect good b28cc6cec3d814f5184cbebb2d1f987e769f534a # 00:51 G 13 0 0 0 rtc: max77686: Fix the returned value in case of error in 'max77686_rtc_read_time()'
# first bad commit: [461e557b97277b693cd8008c32a9d01c7f8f453b] rtc: nvmem: use devm_nvmem_register()
git bisect good b28cc6cec3d814f5184cbebb2d1f987e769f534a # 00:54 G 37 0 0 0 rtc: max77686: Fix the returned value in case of error in 'max77686_rtc_read_time()'
# extra tests with debug options
git bisect bad 461e557b97277b693cd8008c32a9d01c7f8f453b # 03:52 B 0 6 21 0 rtc: nvmem: use devm_nvmem_register()
# extra tests on HEAD of linux-devel/devel-hourly-2018122012
git bisect bad 0e80ee05ee35680188bcaf636d0bff92c030336c # 03:52 B 4 10 0 0 0day head guard for 'devel-hourly-2018122012'
# extra tests on tree/branch linux-next/master
git bisect bad 340ae71f9dd421227a58c14a909b63033745dca4 # 05:15 B 0 10 25 0 Add linux-next specific files for 20181221
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
2 years
[iommu/of] 641fb0efbf: BUG:KASAN:null-ptr-deref_in_i
by kernel test robot
FYI, we noticed the following commit (built with gcc-7):
commit: 641fb0efbff063ed57f108c2eb4a4d26dbd5badd ("iommu/of: Don't call iommu_ops->add_device directly")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 768M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+----------------------------------------------------+------------+------------+
| | cc5aed44a3 | 641fb0efbf |
+----------------------------------------------------+------------+------------+
| boot_successes | 42 | 0 |
| boot_failures | 3 | 25 |
| BUG:kernel_hang_in_boot-around-mounting-root_stage | 3 | |
| BUG:KASAN:null-ptr-deref_in_i | 0 | 25 |
| BUG:unable_to_handle_kernel | 0 | 25 |
| Oops:#[##] | 0 | 25 |
| RIP:iommu_probe_device | 0 | 25 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 25 |
+----------------------------------------------------+------------+------------+
[ 23.649624] BUG: KASAN: null-ptr-deref in iommu_probe_device+0x5b/0x70
[ 23.650408] Read of size 8 at addr 0000000000000058 by task swapper/1
[ 23.651175]
[ 23.651380] CPU: 0 PID: 1 Comm: swapper Not tainted 4.20.0-rc1-00031-g641fb0e #2
[ 23.652267] Call Trace:
[ 23.652588] kasan_report+0x200/0x350
[ 23.653055] iommu_probe_device+0x5b/0x70
[ 23.653564] of_iommu_configure+0x1f0/0x290
[ 23.654097] ? of_get_dma_window+0x3e0/0x3e0
[ 23.654636] ? of_get_next_parent+0x51/0x70
[ 23.655158] ? lock_downgrade+0x290/0x290
[ 23.655665] ? of_get_next_parent+0x22/0x70
[ 23.656191] ? do_raw_spin_unlock+0xda/0xf0
[ 23.656722] ? of_get_next_parent+0x5a/0x70
[ 23.657252] of_dma_configure+0x2fe/0x3b0
[ 23.657764] ? of_device_get_match_data+0x90/0x90
[ 23.658358] ? devres_remove+0x37/0x1b0
[ 23.658853] ? __kasan_slab_free+0x200/0x210
[ 23.659563] ? kfree+0x15a/0x1f0
[ 23.659980] ? __driver_attach+0x170/0x170
[ 23.660494] ? devres_free+0x3d/0x50
[ 23.660950] ? __platform_register_drivers+0x150/0x150
[ 23.661586] platform_dma_configure+0x3d/0xd0
[ 23.662138] really_probe+0x1a3/0x5d0
[ 23.662619] ? __driver_attach+0x170/0x170
[ 23.663141] driver_probe_device+0x10a/0x170
[ 23.663712] __device_attach_driver+0x139/0x170
[ 23.664276] bus_for_each_drv+0xda/0x160
[ 23.664811] ? bus_for_each_dev+0x170/0x170
[ 23.665360] ? do_raw_spin_unlock+0xda/0xf0
[ 23.665913] __device_attach+0x141/0x210
[ 23.666431] ? device_bind_driver+0x80/0x80
[ 23.666961] ? kobject_uevent_env+0x9a0/0x9c0
[ 23.667538] bus_probe_device+0x6b/0x140
[ 23.668058] device_add+0x809/0xbd0
[ 23.668531] ? _dev_warn+0x110/0x110
[ 23.669003] ? of_get_property+0x50/0x50
[ 23.669519] ? do_raw_spin_unlock+0xda/0xf0
[ 23.670083] of_platform_device_create_pdata+0xf0/0x120
[ 23.670770] of_platform_bus_create+0x287/0x370
[ 23.671375] ? lock_downgrade+0x290/0x290
[ 23.671880] ? of_platform_device_create_pdata+0x120/0x120
[ 23.672561] ? of_get_next_child+0x1b/0x50
[ 23.673088] ? do_raw_spin_unlock+0xda/0xf0
[ 23.673636] of_platform_populate+0x87/0xf0
[ 23.674171] ? of_find_node_opts_by_path+0x1c7/0x1e0
[ 23.674801] of_unittest+0x2294/0x3659
[ 23.675285] ? dt_alloc_memory+0x22/0x22
[ 23.675788] ? initcall_blacklisted+0x101/0x160
[ 23.676364] ? try_to_run_init_process+0x40/0x40
[ 23.676954] ? kobject_add+0x149/0x180
[ 23.678220] ? ibft_init+0x66d/0x66d
[ 23.678678] ? do_early_param+0xe1/0xe1
[ 23.679157] ? dt_alloc_memory+0x22/0x22
[ 23.679650] ? do_early_param+0xe1/0xe1
[ 23.680125] do_one_initcall+0xd2/0x200
[ 23.680618] ? initcall_blacklisted+0x160/0x160
[ 23.681174] ? kernel_init_freeable+0x12c/0x284
[ 23.681736] ? lock_downgrade+0x290/0x290
[ 23.682263] kernel_init_freeable+0x1ac/0x284
[ 23.682813] ? rest_init+0x140/0x140
[ 23.683287] kernel_init+0xf/0x160
[ 23.683725] ? _raw_spin_unlock_irq+0x1f/0x30
[ 23.684274] ? rest_init+0x140/0x140
[ 23.684737] ret_from_fork+0x35/0x40
[ 23.685200] ==================================================================
[ 23.686068] Disabling lock debugging due to kernel taint
[ 23.686757] BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
[ 23.687715] PGD 0 P4D 0
[ 23.688042] Oops: 0000 [#1] KASAN
[ 23.688472] CPU: 0 PID: 1 Comm: swapper Tainted: G B 4.20.0-rc1-00031-g641fb0e #2
[ 23.689508] RIP: 0010:iommu_probe_device+0x5b/0x70
[ 23.690092] Code: 8b ad 90 00 00 00 e8 b4 f4 8a ff 48 83 bb 20 04 00 00 00 74 07 e8 25 67 7a ff 0f 0b e8 1e 67 7a ff 48 8d 7d 58 e8 95 f4 8a ff <48> 8b 45 58 48 89 df 5b 5d e9 37 5c a4 00 0f 1f 80 00 00 00 00 55
[ 23.692301] RSP: 0018:ffff88000006f5d0 EFLAGS: 00010296
[ 23.692926] RAX: ffff880000060000 RBX: ffff8800164d4410 RCX: ffffffffb90fdaaa
[ 23.693774] RDX: 0000000000000003 RSI: dffffc0000000000 RDI: ffffffffbaefa140
[ 23.694633] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 23.695511] R10: 0000000000000001 R11: 6775626564206b63 R12: 0000000000000000
[ 23.696372] R13: 0000000000000001 R14: ffffffffbb0b8180 R15: ffff88002e345ef8
[ 23.697245] FS: 0000000000000000(0000) GS:ffffffffbae48000(0000) knlGS:0000000000000000
[ 23.698231] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 23.698902] CR2: 0000000000000058 CR3: 0000000023022000 CR4: 00000000000406b0
[ 23.699764] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 23.700592] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 23.701429] Call Trace:
[ 23.701747] of_iommu_configure+0x1f0/0x290
[ 23.702265] ? of_get_dma_window+0x3e0/0x3e0
[ 23.702787] ? of_get_next_parent+0x51/0x70
[ 23.703288] ? lock_downgrade+0x290/0x290
[ 23.703791] ? of_get_next_parent+0x22/0x70
[ 23.704298] ? do_raw_spin_unlock+0xda/0xf0
[ 23.704809] ? of_get_next_parent+0x5a/0x70
[ 23.705322] of_dma_configure+0x2fe/0x3b0
[ 23.705813] ? of_device_get_match_data+0x90/0x90
[ 23.706384] ? devres_remove+0x37/0x1b0
[ 23.706852] ? __kasan_slab_free+0x200/0x210
[ 23.707399] ? kfree+0x15a/0x1f0
[ 23.707799] ? __driver_attach+0x170/0x170
[ 23.708305] ? devres_free+0x3d/0x50
[ 23.708743] ? __platform_register_drivers+0x150/0x150
[ 23.709368] platform_dma_configure+0x3d/0xd0
[ 23.709913] really_probe+0x1a3/0x5d0
[ 23.710380] ? __driver_attach+0x170/0x170
[ 23.710891] driver_probe_device+0x10a/0x170
[ 23.711425] __device_attach_driver+0x139/0x170
[ 23.711989] bus_for_each_drv+0xda/0x160
[ 23.712487] ? bus_for_each_dev+0x170/0x170
[ 23.713014] ? do_raw_spin_unlock+0xda/0xf0
[ 23.713542] __device_attach+0x141/0x210
[ 23.714037] ? device_bind_driver+0x80/0x80
[ 23.714570] ? kobject_uevent_env+0x9a0/0x9c0
[ 23.715121] bus_probe_device+0x6b/0x140
[ 23.715622] device_add+0x809/0xbd0
[ 23.716062] ? _dev_warn+0x110/0x110
[ 23.716525] ? of_get_property+0x50/0x50
[ 23.717021] ? do_raw_spin_unlock+0xda/0xf0
[ 23.717549] of_platform_device_create_pdata+0xf0/0x120
[ 23.718190] of_platform_bus_create+0x287/0x370
[ 23.718765] ? lock_downgrade+0x290/0x290
[ 23.719261] ? of_platform_device_create_pdata+0x120/0x120
[ 23.719940] ? of_get_next_child+0x1b/0x50
[ 23.720474] ? do_raw_spin_unlock+0xda/0xf0
[ 23.720988] of_platform_populate+0x87/0xf0
[ 23.721505] ? of_find_node_opts_by_path+0x1c7/0x1e0
[ 23.722106] of_unittest+0x2294/0x3659
[ 23.722572] ? dt_alloc_memory+0x22/0x22
[ 23.723069] ? initcall_blacklisted+0x101/0x160
[ 23.723623] ? try_to_run_init_process+0x40/0x40
[ 23.724195] ? kobject_add+0x149/0x180
[ 23.724664] ? ibft_init+0x66d/0x66d
[ 23.725103] ? do_early_param+0xe1/0xe1
[ 23.725580] ? dt_alloc_memory+0x22/0x22
[ 23.726082] ? do_early_param+0xe1/0xe1
[ 23.726550] do_one_initcall+0xd2/0x200
[ 23.727007] ? initcall_blacklisted+0x160/0x160
[ 23.727557] ? kernel_init_freeable+0x12c/0x284
[ 23.728099] ? lock_downgrade+0x290/0x290
[ 23.728595] kernel_init_freeable+0x1ac/0x284
[ 23.729122] ? rest_init+0x140/0x140
[ 23.729572] kernel_init+0xf/0x160
[ 23.729999] ? _raw_spin_unlock_irq+0x1f/0x30
[ 23.730550] ? rest_init+0x140/0x140
[ 23.731003] ret_from_fork+0x35/0x40
[ 23.731457] Modules linked in:
[ 23.731844] CR2: 0000000000000058
[ 23.732260] ---[ end trace fd2f5c8ecc7d9e2a ]---
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
lkp
2 years
[iommu/of] 641fb0efbf: BUG:KASAN:null-ptr-deref_in_i
by kernel test robot
FYI, we noticed the following commit (built with gcc-7):
commit: 641fb0efbff063ed57f108c2eb4a4d26dbd5badd ("iommu/of: Don't call iommu_ops->add_device directly")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 768M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+----------------------------------------------------+------------+------------+
| | cc5aed44a3 | 641fb0efbf |
+----------------------------------------------------+------------+------------+
| boot_successes | 42 | 0 |
| boot_failures | 3 | 25 |
| BUG:kernel_hang_in_boot-around-mounting-root_stage | 3 | |
| BUG:KASAN:null-ptr-deref_in_i | 0 | 25 |
| BUG:unable_to_handle_kernel | 0 | 25 |
| Oops:#[##] | 0 | 25 |
| RIP:iommu_probe_device | 0 | 25 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 25 |
+----------------------------------------------------+------------+------------+
[ 23.649624] BUG: KASAN: null-ptr-deref in iommu_probe_device+0x5b/0x70
[ 23.650408] Read of size 8 at addr 0000000000000058 by task swapper/1
[ 23.651175]
[ 23.651380] CPU: 0 PID: 1 Comm: swapper Not tainted 4.20.0-rc1-00031-g641fb0e #2
[ 23.652267] Call Trace:
[ 23.652588] kasan_report+0x200/0x350
[ 23.653055] iommu_probe_device+0x5b/0x70
[ 23.653564] of_iommu_configure+0x1f0/0x290
[ 23.654097] ? of_get_dma_window+0x3e0/0x3e0
[ 23.654636] ? of_get_next_parent+0x51/0x70
[ 23.655158] ? lock_downgrade+0x290/0x290
[ 23.655665] ? of_get_next_parent+0x22/0x70
[ 23.656191] ? do_raw_spin_unlock+0xda/0xf0
[ 23.656722] ? of_get_next_parent+0x5a/0x70
[ 23.657252] of_dma_configure+0x2fe/0x3b0
[ 23.657764] ? of_device_get_match_data+0x90/0x90
[ 23.658358] ? devres_remove+0x37/0x1b0
[ 23.658853] ? __kasan_slab_free+0x200/0x210
[ 23.659563] ? kfree+0x15a/0x1f0
[ 23.659980] ? __driver_attach+0x170/0x170
[ 23.660494] ? devres_free+0x3d/0x50
[ 23.660950] ? __platform_register_drivers+0x150/0x150
[ 23.661586] platform_dma_configure+0x3d/0xd0
[ 23.662138] really_probe+0x1a3/0x5d0
[ 23.662619] ? __driver_attach+0x170/0x170
[ 23.663141] driver_probe_device+0x10a/0x170
[ 23.663712] __device_attach_driver+0x139/0x170
[ 23.664276] bus_for_each_drv+0xda/0x160
[ 23.664811] ? bus_for_each_dev+0x170/0x170
[ 23.665360] ? do_raw_spin_unlock+0xda/0xf0
[ 23.665913] __device_attach+0x141/0x210
[ 23.666431] ? device_bind_driver+0x80/0x80
[ 23.666961] ? kobject_uevent_env+0x9a0/0x9c0
[ 23.667538] bus_probe_device+0x6b/0x140
[ 23.668058] device_add+0x809/0xbd0
[ 23.668531] ? _dev_warn+0x110/0x110
[ 23.669003] ? of_get_property+0x50/0x50
[ 23.669519] ? do_raw_spin_unlock+0xda/0xf0
[ 23.670083] of_platform_device_create_pdata+0xf0/0x120
[ 23.670770] of_platform_bus_create+0x287/0x370
[ 23.671375] ? lock_downgrade+0x290/0x290
[ 23.671880] ? of_platform_device_create_pdata+0x120/0x120
[ 23.672561] ? of_get_next_child+0x1b/0x50
[ 23.673088] ? do_raw_spin_unlock+0xda/0xf0
[ 23.673636] of_platform_populate+0x87/0xf0
[ 23.674171] ? of_find_node_opts_by_path+0x1c7/0x1e0
[ 23.674801] of_unittest+0x2294/0x3659
[ 23.675285] ? dt_alloc_memory+0x22/0x22
[ 23.675788] ? initcall_blacklisted+0x101/0x160
[ 23.676364] ? try_to_run_init_process+0x40/0x40
[ 23.676954] ? kobject_add+0x149/0x180
[ 23.678220] ? ibft_init+0x66d/0x66d
[ 23.678678] ? do_early_param+0xe1/0xe1
[ 23.679157] ? dt_alloc_memory+0x22/0x22
[ 23.679650] ? do_early_param+0xe1/0xe1
[ 23.680125] do_one_initcall+0xd2/0x200
[ 23.680618] ? initcall_blacklisted+0x160/0x160
[ 23.681174] ? kernel_init_freeable+0x12c/0x284
[ 23.681736] ? lock_downgrade+0x290/0x290
[ 23.682263] kernel_init_freeable+0x1ac/0x284
[ 23.682813] ? rest_init+0x140/0x140
[ 23.683287] kernel_init+0xf/0x160
[ 23.683725] ? _raw_spin_unlock_irq+0x1f/0x30
[ 23.684274] ? rest_init+0x140/0x140
[ 23.684737] ret_from_fork+0x35/0x40
[ 23.685200] ==================================================================
[ 23.686068] Disabling lock debugging due to kernel taint
[ 23.686757] BUG: unable to handle kernel NULL pointer dereference at 0000000000000058
[ 23.687715] PGD 0 P4D 0
[ 23.688042] Oops: 0000 [#1] KASAN
[ 23.688472] CPU: 0 PID: 1 Comm: swapper Tainted: G B 4.20.0-rc1-00031-g641fb0e #2
[ 23.689508] RIP: 0010:iommu_probe_device+0x5b/0x70
[ 23.690092] Code: 8b ad 90 00 00 00 e8 b4 f4 8a ff 48 83 bb 20 04 00 00 00 74 07 e8 25 67 7a ff 0f 0b e8 1e 67 7a ff 48 8d 7d 58 e8 95 f4 8a ff <48> 8b 45 58 48 89 df 5b 5d e9 37 5c a4 00 0f 1f 80 00 00 00 00 55
[ 23.692301] RSP: 0018:ffff88000006f5d0 EFLAGS: 00010296
[ 23.692926] RAX: ffff880000060000 RBX: ffff8800164d4410 RCX: ffffffffb90fdaaa
[ 23.693774] RDX: 0000000000000003 RSI: dffffc0000000000 RDI: ffffffffbaefa140
[ 23.694633] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 23.695511] R10: 0000000000000001 R11: 6775626564206b63 R12: 0000000000000000
[ 23.696372] R13: 0000000000000001 R14: ffffffffbb0b8180 R15: ffff88002e345ef8
[ 23.697245] FS: 0000000000000000(0000) GS:ffffffffbae48000(0000) knlGS:0000000000000000
[ 23.698231] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 23.698902] CR2: 0000000000000058 CR3: 0000000023022000 CR4: 00000000000406b0
[ 23.699764] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 23.700592] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 23.701429] Call Trace:
[ 23.701747] of_iommu_configure+0x1f0/0x290
[ 23.702265] ? of_get_dma_window+0x3e0/0x3e0
[ 23.702787] ? of_get_next_parent+0x51/0x70
[ 23.703288] ? lock_downgrade+0x290/0x290
[ 23.703791] ? of_get_next_parent+0x22/0x70
[ 23.704298] ? do_raw_spin_unlock+0xda/0xf0
[ 23.704809] ? of_get_next_parent+0x5a/0x70
[ 23.705322] of_dma_configure+0x2fe/0x3b0
[ 23.705813] ? of_device_get_match_data+0x90/0x90
[ 23.706384] ? devres_remove+0x37/0x1b0
[ 23.706852] ? __kasan_slab_free+0x200/0x210
[ 23.707399] ? kfree+0x15a/0x1f0
[ 23.707799] ? __driver_attach+0x170/0x170
[ 23.708305] ? devres_free+0x3d/0x50
[ 23.708743] ? __platform_register_drivers+0x150/0x150
[ 23.709368] platform_dma_configure+0x3d/0xd0
[ 23.709913] really_probe+0x1a3/0x5d0
[ 23.710380] ? __driver_attach+0x170/0x170
[ 23.710891] driver_probe_device+0x10a/0x170
[ 23.711425] __device_attach_driver+0x139/0x170
[ 23.711989] bus_for_each_drv+0xda/0x160
[ 23.712487] ? bus_for_each_dev+0x170/0x170
[ 23.713014] ? do_raw_spin_unlock+0xda/0xf0
[ 23.713542] __device_attach+0x141/0x210
[ 23.714037] ? device_bind_driver+0x80/0x80
[ 23.714570] ? kobject_uevent_env+0x9a0/0x9c0
[ 23.715121] bus_probe_device+0x6b/0x140
[ 23.715622] device_add+0x809/0xbd0
[ 23.716062] ? _dev_warn+0x110/0x110
[ 23.716525] ? of_get_property+0x50/0x50
[ 23.717021] ? do_raw_spin_unlock+0xda/0xf0
[ 23.717549] of_platform_device_create_pdata+0xf0/0x120
[ 23.718190] of_platform_bus_create+0x287/0x370
[ 23.718765] ? lock_downgrade+0x290/0x290
[ 23.719261] ? of_platform_device_create_pdata+0x120/0x120
[ 23.719940] ? of_get_next_child+0x1b/0x50
[ 23.720474] ? do_raw_spin_unlock+0xda/0xf0
[ 23.720988] of_platform_populate+0x87/0xf0
[ 23.721505] ? of_find_node_opts_by_path+0x1c7/0x1e0
[ 23.722106] of_unittest+0x2294/0x3659
[ 23.722572] ? dt_alloc_memory+0x22/0x22
[ 23.723069] ? initcall_blacklisted+0x101/0x160
[ 23.723623] ? try_to_run_init_process+0x40/0x40
[ 23.724195] ? kobject_add+0x149/0x180
[ 23.724664] ? ibft_init+0x66d/0x66d
[ 23.725103] ? do_early_param+0xe1/0xe1
[ 23.725580] ? dt_alloc_memory+0x22/0x22
[ 23.726082] ? do_early_param+0xe1/0xe1
[ 23.726550] do_one_initcall+0xd2/0x200
[ 23.727007] ? initcall_blacklisted+0x160/0x160
[ 23.727557] ? kernel_init_freeable+0x12c/0x284
[ 23.728099] ? lock_downgrade+0x290/0x290
[ 23.728595] kernel_init_freeable+0x1ac/0x284
[ 23.729122] ? rest_init+0x140/0x140
[ 23.729572] kernel_init+0xf/0x160
[ 23.729999] ? _raw_spin_unlock_irq+0x1f/0x30
[ 23.730550] ? rest_init+0x140/0x140
[ 23.731003] ret_from_fork+0x35/0x40
[ 23.731457] Modules linked in:
[ 23.731844] CR2: 0000000000000058
[ 23.732260] ---[ end trace fd2f5c8ecc7d9e2a ]---
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
lkp
2 years
cb1bdf30ea ("sunrpc: convert to DEFINE_SHOW_ATTRIBUTE"): BUG: unable to handle kernel NULL pointer dereference at 000000000000000c
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://github.com/0day-ci/linux/commits/Yangtao-Li/sunrpc-convert-to-DEF...
commit cb1bdf30ea1b31de87e717cae728351f49d0967d
Author: Yangtao Li <tiny.windzz(a)gmail.com>
AuthorDate: Sat Dec 15 02:14:51 2018 -0500
Commit: 0day robot <lkp(a)intel.com>
CommitDate: Sun Dec 16 02:12:25 2018 +0800
sunrpc: convert to DEFINE_SHOW_ATTRIBUTE
Use DEFINE_SHOW_ATTRIBUTE macro to simplify the code.
Signed-off-by: Yangtao Li <tiny.windzz(a)gmail.com>
19f25957be nfsd: keep a tally of RECLAIM_COMPLETE operations when using nfsdcld
cb1bdf30ea sunrpc: convert to DEFINE_SHOW_ATTRIBUTE
+------------------------------------------+------------+------------+
| | 19f25957be | cb1bdf30ea |
+------------------------------------------+------------+------------+
| boot_successes | 181 | 57 |
| boot_failures | 5 | 11 |
| Mem-Info | 5 | 1 |
| invoked_oom-killer:gfp_mask=0x | 1 | |
| BUG:unable_to_handle_kernel | 0 | 10 |
| Oops:#[##] | 0 | 10 |
| RIP:rpc_proc_show | 0 | 10 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 10 |
+------------------------------------------+------------+------------+
[ 18.736169] trinity-c2 (933) used greatest stack depth: 13144 bytes left
[ 19.583419] raw_sendmsg: trinity-c3 forgot to set AF_INET. Fix it!
[ 19.756749] trinity-main (702) used greatest stack depth: 12184 bytes left
[ 45.090512] futex_wake_op: trinity-c3 tries to shift op by -1; fix this program
[ 51.462529] trinity-c2 (1159): attempted to duplicate a private mapping with mremap. This is not supported.
[ 54.274626] BUG: unable to handle kernel NULL pointer dereference at 000000000000000c
[ 54.291967] PGD 8000000003e43067 P4D 8000000003e43067 PUD 3c42067 PMD 0
[ 54.293965] Oops: 0000 [#1] DEBUG_PAGEALLOC PTI
[ 54.295523] CPU: 0 PID: 1224 Comm: trinity-c3 Not tainted 4.20.0-rc4-00017-gcb1bdf3 #1
[ 54.298372] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 54.301330] RIP: 0010:rpc_proc_show+0x1e/0xd0
[ 54.302857] Code: 41 5f 5d c3 0f 1f 84 00 00 00 00 00 55 48 c7 c6 82 ac 61 8d 48 89 e5 41 57 41 56 41 55 41 54 49 89 fc 53 48 8b 9f d0 00 00 00 <8b> 4b 0c 8b 53 08 44 8b 4b 14 44 8b 43 10 4c 8b 3b e8 2c c0 6c ff
[ 54.308527] RSP: 0018:ffffc900006b3c58 EFLAGS: 00010203
[ 54.310205] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffff88801038a8e0
[ 54.312198] RDX: 0000000000000000 RSI: ffffffff8d61ac82 RDI: ffff888010353698
[ 54.314252] RBP: ffffc900006b3c80 R08: ffff888000000000 R09: ffff888004bd2000
[ 54.316277] R10: ffff888004bd2000 R11: 0000000004bd2f9f R12: ffff888010353698
[ 54.318310] R13: 0000000000000000 R14: ffff8880103536c0 R15: 0000000000000001
[ 54.320309] FS: 00000000023b9880(0000) GS:ffffffff8d83d000(0000) knlGS:0000000000000000
[ 54.323138] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 54.327509] CR2: 000000000000000c CR3: 00000000046a6005 CR4: 00000000003606f0
[ 54.329634] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 54.331759] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
[ 54.333844] Call Trace:
[ 54.335100] traverse+0x86/0x1c0
[ 54.336479] seq_read+0x1c4/0x3a0
[ 54.337906] proc_reg_read+0x38/0x70
[ 54.339366] do_iter_read+0x14d/0x190
[ 54.340846] vfs_readv+0x6c/0xa0
[ 54.342248] ? __lock_acquire+0x29c/0x8d0
[ 54.343931] ? trace_hardirqs_on+0x36/0xe0
[ 54.345503] ? __task_pid_nr_ns+0x6d/0x100
[ 54.347047] do_preadv+0x84/0xa0
[ 54.348444] ? do_preadv+0x84/0xa0
[ 54.349871] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 54.351633] __x64_sys_preadv2+0x26/0x40
[ 54.353140] do_syscall_64+0x66/0x310
[ 54.354627] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 54.356282] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 54.358006] RIP: 0033:0x457389
[ 54.359365] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 2b 84 00 00 c3 66 2e 0f 1f 84 00 00 00 00
[ 54.364953] RSP: 002b:00007ffe7d463fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000147
[ 54.367823] RAX: ffffffffffffffda RBX: 0000000000000147 RCX: 0000000000457389
[ 54.369933] RDX: 00000000000000f6 RSI: 00000000026690d0 RDI: 00000000000000c2
[ 54.372026] RBP: 00007ffe7d464050 R08: fffffffffffffffe R09: 0000000000000000
[ 54.374141] R10: 000000000000ffff R11: 0000000000000246 R12: 0000000000000002
[ 54.376228] R13: 00007f15d0263058 R14: 00000000023b9830 R15: 00007f15d0263000
[ 54.378337] Modules linked in:
[ 54.379698] CR2: 000000000000000c
[ 54.381093] ---[ end trace 678e3d178ff337b7 ]---
[ 54.382766] RIP: 0010:rpc_proc_show+0x1e/0xd0
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 4bb06f0ede0035aaa048e68533b3f4440f613f98 7566ec393f4161572ba6f11ad5171fd5d59b0fbd --
git bisect bad cb6bfa89a65253882ae019023cab35b40621f358 # 18:42 B 5 2 3 3 Merge 'linux-review/Paul-Cercueil/Documentation-dt-Add-binding-info-for-jz4740-musb-driver/20181214-074956' into devel-hourly-2018122006
git bisect bad c030435467fa6e941a5bf4b500a43a70c86c4777 # 19:54 B 18 3 8 8 Merge 'linux-review/Tetsuo-Handa/kernel-hung_task-c-Break-RCU-locks-based-on-jiffies/20181215-082350' into devel-hourly-2018122006
git bisect good 5f534c77d85d67b1629cc15eecb8cdd76cae73a6 # 00:09 G 82 0 16 16 Merge 'linux-review/Sergio-Paracuellos/net-dsa-ksz9477-add-I2C-managed-mode-support/20181218-073554' into devel-hourly-2018122006
git bisect good 7932976f49497cdfe75fcd0fc6982e7969012b49 # 03:05 G 82 0 18 18 Merge 'linux-review/Heiner-Kallweit/net-phy-make-PHY_HALTED-a-transition-state-to-PHY_READY/20181219-191512' into devel-hourly-2018122006
git bisect bad 29b7c0299576cf2fe481414ab603a13a1b7a3799 # 05:02 B 17 4 11 11 Merge 'linux-review/Yangtao-Li/cxgb4-remove-DEFINE_SIMPLE_DEBUGFS_FILE/20181215-202637' into devel-hourly-2018122006
git bisect bad 91be98b958ed2b1a3cb604740e1ee33b835f909b # 06:59 B 6 5 4 4 Merge 'linux-review/Fabrizio-Castro/dt-bindings-irqchip-renesas-irqc-Document-r8a774c0-support/20181216-022524' into devel-hourly-2018122006
git bisect bad 2852d01e3077d658b479f874d1f2ace397ae3b69 # 08:43 B 8 1 5 5 Merge 'linux-review/Taeung-Song/libbpf-Show-possible-section-type-names-on-when-failed-to-guess-a-type/20181219-181421' into devel-hourly-2018122006
git bisect good 86283035a6cb4240874561daaeb796f5d6b53f3f # 10:20 G 77 0 25 25 Merge 'linux-review/Pascal-PAILLET-LME/Introduce-STPMIC1-PMIC-Driver/20181216-113728' into devel-hourly-2018122006
git bisect bad 11276da7468d3e40c92cd9164297d0112214d083 # 11:54 B 18 3 9 9 Merge 'linux-review/Yangtao-Li/sunrpc-convert-to-DEFINE_SHOW_ATTRIBUTE/20181216-021223' into devel-hourly-2018122006
git bisect good a840242572239020904c841926ce1a66af3a5071 # 13:33 G 82 0 21 21 Merge 'linux-review/Anson-Huang/dt-bindings-iio-magnetometer-add-dt-bindings-for-freescale-mag3110/20181217-210623' into devel-hourly-2018122006
git bisect bad cb1bdf30ea1b31de87e717cae728351f49d0967d # 15:19 B 19 7 12 12 sunrpc: convert to DEFINE_SHOW_ATTRIBUTE
# first bad commit: [cb1bdf30ea1b31de87e717cae728351f49d0967d] sunrpc: convert to DEFINE_SHOW_ATTRIBUTE
git bisect good 19f25957be177c49c95c2dee87ca692731e84cf7 # 16:58 G 232 0 54 55 nfsd: keep a tally of RECLAIM_COMPLETE operations when using nfsdcld
# extra tests with debug options
git bisect bad cb1bdf30ea1b31de87e717cae728351f49d0967d # 19:06 B 16 6 12 12 sunrpc: convert to DEFINE_SHOW_ATTRIBUTE
# extra tests on HEAD of linux-devel/devel-hourly-2018122006
git bisect bad 4bb06f0ede0035aaa048e68533b3f4440f613f98 # 19:06 B 40 4 0 12 0day head guard for 'devel-hourly-2018122006'
# extra tests on tree/branch linux-review/Yangtao-Li/sunrpc-convert-to-DEFINE_SHOW_ATTRIBUTE/20181216-021223
git bisect bad cb1bdf30ea1b31de87e717cae728351f49d0967d # 19:15 B 53 10 0 19 sunrpc: convert to DEFINE_SHOW_ATTRIBUTE
# extra tests with first bad commit reverted
git bisect good 86d200da2ab996c35ccaca02b597a5f5d7edb576 # 21:26 G 77 0 24 24 Revert "sunrpc: convert to DEFINE_SHOW_ATTRIBUTE"
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
2 years
[drm/ttm] 27eb1fa913: BUG:unable_to_handle_kernel
by kernel test robot
FYI, we noticed the following commit (built with gcc-7):
commit: 27eb1fa9130a98edd2b321d4dbce5c8b244ee7af ("drm/ttm: use a static ttm_mem_global instance")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: rcutorture
with following parameters:
runtime: 300s
test: cpuhotplug
test-description: rcutorture is rcutorture kernel module load/unload test.
test-url: https://www.kernel.org/doc/Documentation/RCU/torture.txt
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 768M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+--------------------------------------------------------------------------------------------+------------+------------+
| | 7e07834c12 | 27eb1fa913 |
+--------------------------------------------------------------------------------------------+------------+------------+
| boot_successes | 0 | 4 |
| boot_failures | 20 | 20 |
| WARNING:at_fs/proc/generic.c:#remove_proc_entry | 20 | 5 |
| RIP:remove_proc_entry | 20 | 5 |
| BUG:unable_to_handle_kernel | 0 | 17 |
| Oops:#[##] | 0 | 17 |
| RIP:kfree | 0 | 14 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 20 |
| general_protection_fault:#[##] | 0 | 3 |
| RIP:___cache_free | 0 | 2 |
| kobject((____ptrval____)):tried_to_init_an_initialized_object,something_is_seriously_wrong | 0 | 1 |
| RIP:__lock_acquire | 0 | 4 |
+--------------------------------------------------------------------------------------------+------------+------------+
[ 142.467206] BUG: unable to handle kernel paging request at fffff1fac0c94448
[ 142.479361] PGD 2ffd1067 P4D 2ffd1067 PUD 2ffd0067 PMD 0
[ 142.488785] Oops: 0000 [#1] PREEMPT PTI
[ 142.495534] CPU: 0 PID: 211 Comm: udevd Tainted: G W 4.20.0-rc1-00065-g27eb1fa #5
[ 142.510627] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 142.525018] RIP: 0010:kfree+0xf7/0x2a0
[ 142.531602] Code: c7 c0 00 00 00 80 48 2b 05 7e f4 be 01 48 01 c3 31 c9 31 d2 48 c1 eb 0c 48 c7 c7 48 79 e3 a9 48 c1 e3 06 48 03 1d 51 f4 be 01 <4c> 8b 6b 08 4d 89 ee 49 83 ed 01 41 83 e6 01 44 89 f6 e8 12 22 f0
[ 142.563814] RSP: 0018:ffff9981af05bab0 EFLAGS: 00010082
[ 142.572984] RAX: fffffffff2200000 RBX: fffff1fac0c94440 RCX: 0000000000000000
[ 142.585524] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffa9e37948
[ 142.597841] RBP: ffffffffc0311580 R08: 0000000000000000 R09: 0000000000000001
[ 142.610210] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000282
[ 142.622525] R13: ffff9981af2b9400 R14: ffff9981af2b9400 R15: 0000000000000000
[ 142.634838] FS: 00007f51ff7e5780(0000) GS:ffffffffa9a31000(0000) knlGS:0000000000000000
[ 142.648809] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 142.658819] CR2: fffff1fac0c94448 CR3: 000000002f05e000 CR4: 00000000000006b0
[ 142.671167] Call Trace:
[ 142.675645] kobject_put+0x16f/0x3b0
[ 142.682672] drm_global_item_unref+0xca/0xf0 [drm]
[ 142.691195] bochs_mm_fini+0x5e/0x80 [bochs_drm]
[ 142.699390] bochs_unload+0x26/0x50 [bochs_drm]
[ 142.707401] bochs_pci_remove+0x1d/0x30 [bochs_drm]
[ 142.716112] pci_device_remove+0x52/0xa0
[ 142.723246] really_probe+0x28c/0x780
[ 142.729887] driver_probe_device+0x1bc/0x1e0
[ 142.737575] __driver_attach+0x1af/0x220
[ 142.744702] ? driver_probe_device+0x1e0/0x1e0
[ 142.752609] ? driver_probe_device+0x1e0/0x1e0
[ 142.760608] bus_for_each_dev+0x97/0xd0
[ 142.767574] ? preempt_count_sub+0x19b/0x280
[ 142.775257] bus_add_driver+0x228/0x3c0
[ 142.782100] ? 0xffffffffc01e9000
[ 142.788191] driver_register+0xb6/0x150
[ 142.795183] ? 0xffffffffc01e9000
[ 142.801217] do_one_initcall+0xba/0x480
[ 142.808054] ? do_init_module+0x26/0x5dc
[ 142.815021] ? rcu_read_lock_sched_held+0xb3/0xc0
[ 142.823394] ? kmem_cache_alloc_trace+0x27c/0x4a0
[ 142.831842] do_init_module+0xa7/0x5dc
[ 142.838750] load_module+0x1e53/0x1fa0
[ 142.845491] ? kernel_read+0x2a/0x40
[ 142.852358] ? __se_sys_finit_module+0x157/0x170
[ 142.860625] ? load_module+0x5/0x1fa0
[ 142.867266] __se_sys_finit_module+0x157/0x170
[ 142.875400] do_syscall_64+0x108/0x630
[ 142.882238] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 142.891217] RIP: 0033:0x7f51feeba4a9
[ 142.897697] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d bf 79 2b 00 f7 d8 64 89 01 48
[ 142.930489] RSP: 002b:00007fff1afe6ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 142.943844] RAX: ffffffffffffffda RBX: 000000000071b660 RCX: 00007f51feeba4a9
[ 142.956386] RDX: 0000000000000000 RSI: 00007f51ff1860aa RDI: 000000000000000f
[ 142.968925] RBP: 00007f51ff1860aa R08: 0000000000000000 R09: 000000000071b660
[ 142.981496] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000000
[ 142.994101] R13: 0000000000020000 R14: 0000000000000000 R15: 000000000071b660
[ 143.006836] Modules linked in: bochs_drm(+) ttm drm_kms_helper crc32c_intel uio_pdrv_genirq drm uio evdev psmouse drm_panel_orientation_quirks pcspkr virtio_pci(+) intel_agp virtio_ring fb intel_gtt virtio fbdev agpgart piix(+) qemu_fw_cfg processor button
[ 143.046274] CR2: fffff1fac0c94448
[ 143.052393] ---[ end trace e494f2dec903eeb6 ]---
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Rong Chen
2 years
[ide] ec7d9c9ce8: WARNING:at_fs/proc/generic.c:#remove_proc_entry
by kernel test robot
FYI, we noticed the following commit (built with gcc-7):
commit: ec7d9c9ce897174243af4fcd201dbfc34df0f3a3 ("ide: replace ->proc_fops with ->proc_show")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
in testcase: rcutorture
with following parameters:
runtime: 300s
test: default
test-description: rcutorture is rcutorture kernel module load/unload test.
test-url: https://www.kernel.org/doc/Documentation/RCU/torture.txt
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 768M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-------------------------------------------------+------------+------------+
| | 61fb5c043f | ec7d9c9ce8 |
+-------------------------------------------------+------------+------------+
| boot_successes | 4 | 0 |
| boot_failures | 0 | 4 |
| WARNING:at_fs/proc/generic.c:#remove_proc_entry | 0 | 4 |
| RIP:remove_proc_entry | 0 | 4 |
+-------------------------------------------------+------------+------------+
[ 44.180514] WARNING: CPU: 1 PID: 165 at fs/proc/generic.c:662 remove_proc_entry+0xb9/0x155
[ 44.196842] Modules linked in: bochs_drm(+) ttm drm_kms_helper drm input_leds piix(+) serio_raw drm_panel_orientation_quirks ide_core evbug evdev
[ 44.217807] CPU: 1 PID: 165 Comm: udevd Not tainted 4.17.0-rc5-00040-gec7d9c9 #1
[ 44.229700] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 44.243024] RIP: 0010:remove_proc_entry+0xb9/0x155
[ 44.250863] RSP: 0018:ffffc9000020bab0 EFLAGS: 00010296
[ 44.259380] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc9000020b93c
[ 44.270823] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000000000000246
[ 44.282325] RBP: ffffffffa001e188 R08: 0000000000000008 R09: 0000000000000000
[ 44.293739] R10: ffff8800283ab2d9 R11: ffffffff82d20e07 R12: ffff88001ebec200
[ 44.305176] R13: ffffffffa0022180 R14: 0000000000000001 R15: 000000000000001b
[ 44.316678] FS: 00007f9d22f99780(0000) GS:ffff88002cb00000(0000) knlGS:0000000000000000
[ 44.329702] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 44.338938] CR2: 00007f9d2263e670 CR3: 000000001dc60000 CR4: 00000000000006e0
[ 44.350383] Call Trace:
[ 44.354594] ide_proc_unregister_device+0x19/0x53 [ide_core]
[ 44.364085] drive_release_dev+0x10/0x39 [ide_core]
[ 44.371964] device_release+0x53/0x7b
[ 44.377989] kobject_put+0x76/0x8d
[ 44.384015] __ide_port_unregister_devices+0x1d/0x43 [ide_core]
[ 44.393931] ide_host_remove+0x51/0x101 [ide_core]
[ 44.413087] ide_pci_remove+0x4f/0x81 [ide_core]
[ 44.420374] pci_device_remove+0x23/0x4d
[ 44.426440] driver_probe_device+0x18a/0x30f
[ 44.433112] __driver_attach+0x6b/0x8b
[ 44.439045] ? driver_probe_device+0x30f/0x30f
[ 44.445917] bus_for_each_dev+0x5f/0xa0
[ 44.452003] bus_add_driver+0xe4/0x1c9
[ 44.457812] driver_register+0x7d/0xaf
[ 44.463765] piix_ide_init+0xb1/0x1000 [piix]
[ 44.470604] ? fs_reclaim_release+0x9/0x22
[ 44.476925] ? 0xffffffffa004b000
[ 44.482171] do_one_initcall+0x6e/0x144
[ 44.488137] do_init_module+0x72/0x3b6
[ 44.493715] load_module+0x1c8b/0x1ec1
[ 44.499611] ? vfs_read+0xfe/0x10a
[ 44.504987] ? __se_sys_finit_module+0x90/0xb6
[ 44.511865] __se_sys_finit_module+0x90/0xb6
[ 44.518537] do_syscall_64+0xe7/0x16c
[ 44.524270] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 44.532115] RIP: 0033:0x7f9d2266e4a9
[ 44.537724] RSP: 002b:00007ffc4a1959c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 44.549316] RAX: ffffffffffffffda RBX: 0000000000647160 RCX: 00007f9d2266e4a9
[ 44.560147] RDX: 0000000000000000 RSI: 00007f9d2293a0aa RDI: 0000000000000008
[ 44.571101] RBP: 00007f9d2293a0aa R08: 0000000000000000 R09: 0000000000647160
[ 44.581960] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000000
[ 44.592881] R13: 0000000000020000 R14: 0000000000000000 R15: 0000000000647160
[ 44.603836] Code: 8d b8 a8 00 00 00 e8 53 32 54 00 48 c7 c7 60 e3 03 82 e8 e2 45 55 00 48 85 db 75 13 48 89 ee 48 c7 c7 8f 1b ec 81 e8 55 45 eb ff <0f> 0b eb 7a 48 89 df e8 d0 b4 ff ff 8b 83 c8 00 00 00 66 25 00
[ 44.633074] ---[ end trace d0fa34ec8e604638 ]---
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Rong Chen
2 years
[xarray] 93eb07f72c: RIP:__sanitizer_cov_trace_pc
by kernel test robot
FYI, we noticed the following commit (built with gcc-7):
commit: 93eb07f72c8d86f8fe5e90907df1cc037f6ffbb7 ("xarray: Move multiorder_shrink to kernel tests")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 768M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+---------------------------------------------------------+------------+------------+
| | d6427f8179 | 93eb07f72c |
+---------------------------------------------------------+------------+------------+
| boot_successes | 0 | 0 |
| boot_failures | 80 | 94 |
| WARNING:at_mm/slab_common.c:#kmalloc_slab | 80 | 94 |
| RIP:kmalloc_slab | 80 | 94 |
| Mem-Info | 80 | 94 |
| invoked_oom-killer:gfp_mask=0x | 65 | 52 |
| Out_of_memory_and_no_killable_processes | 63 | 52 |
| Kernel_panic-not_syncing:System_is_deadlocked_on_memory | 63 | 52 |
| BUG:soft_lockup-CPU##stuck_for#s | 2 | 34 |
| RIP:native_flush_tlb_global | 1 | |
| Kernel_panic-not_syncing:softlockup:hung_tasks | 2 | 34 |
| RIP:lock_acquire | 1 | 4 |
| RIP:poison_obj | 0 | 1 |
| RIP:__sanitizer_cov_trace_pc | 0 | 21 |
| RIP:lock_release | 0 | 2 |
| RIP:ftrace_likely_update | 0 | 2 |
| RIP:check_xa_mark_1 | 0 | 1 |
| RIP:kmem_cache_alloc | 0 | 1 |
| RIP:xas_find | 0 | 2 |
| INFO:task_blocked_for_more_than#seconds | 0 | 2 |
+---------------------------------------------------------+------------+------------+
[ 105.288689] watchdog: BUG: soft lockup - CPU#0 stuck for 23s! [swapper/0:1]
[ 105.288689] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W 4.19.0-rc5-00319-g93eb07f #1
[ 105.288689] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 105.288689] RIP: 0010:__sanitizer_cov_trace_pc+0x54/0x86
[ 105.288689] Code: 7e 81 e2 00 01 1f 00 75 1a 48 ff 05 32 07 e9 03 8b 81 a0 23 00 00 83 f8 02 0f 94 c0 48 ff 05 27 07 e9 03 48 ff 05 40 07 e9 03 <84> c0 74 2d 48 8b 91 a8 23 00 00 8b 89 a4 23 00 00 48 8b 02 48 ff
[ 105.288689] RSP: 0000:ffff88002cb07d90 EFLAGS: 00000207 ORIG_RAX: ffffffffffffff13
[ 105.288689] RAX: 0000000000000000 RBX: ffff88002cb07e08 RCX: ffff88002cb00040
[ 105.288689] RDX: 0000000000000000 RSI: ffffffff824eccbe RDI: ffff88002cb07e08
[ 105.288689] RBP: 000000000000003f R08: 0000000000000000 R09: 0000000000000000
[ 105.317811] R10: ffff88002cb07b38 R11: 0000000000000020 R12: ffffffffffffffff
[ 105.317811] R13: ffffffff83cd2358 R14: 0000000000000000 R15: ffff880000ce1db0
[ 105.321794] FS: 0000000000000000(0000) GS:ffff88002ce00000(0000) knlGS:0000000000000000
[ 105.321794] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 105.321794] CR2: 0000000000000000 CR3: 000000000346a000 CR4: 00000000000406b0
[ 105.325769] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 105.325769] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 105.325769] Call Trace:
[ 105.325769] xas_move_index+0xd/0x36
[ 105.329763] xas_advance+0x28/0x31
[ 105.329763] xas_find+0x282/0x2d9
[ 105.329763] check_xa_mark_1+0x9ad/0xf6a
[ 105.329763] ? check_xa_alloc+0x55d/0x55d
[ 105.333763] check_xa_mark+0x1b/0x45
[ 105.333763] xarray_checks+0x36/0x154
[ 105.333763] do_one_initcall+0x282/0x619
[ 105.333763] ? ftrace_likely_update+0x27a/0x2aa
[ 105.333763] kernel_init_freeable+0x646/0x783
[ 105.337780] ? rest_init+0x1d4/0x1d4
[ 105.337780] kernel_init+0x12/0x21f
[ 105.337780] ? rest_init+0x1d4/0x1d4
[ 105.337780] ret_from_fork+0x24/0x30
[ 105.337780] Kernel panic - not syncing: softlockup: hung tasks
[ 105.341753] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W L 4.19.0-rc5-00319-g93eb07f #1
[ 105.353765] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 105.353765] Call Trace:
[ 105.357769] <IRQ>
[ 105.357769] dump_stack+0x12d/0x1b9
[ 105.357769] panic+0x165/0x430
[ 105.357769] ? watchdog_timer_fn+0x3b1/0x403
[ 105.357769] watchdog_timer_fn+0x3c4/0x403
[ 105.361763] ? softlockup_fn+0x4d/0x4d
[ 105.361763] __hrtimer_run_queues+0x5e7/0x948
[ 105.361763] hrtimer_interrupt+0x173/0x341
[ 105.361763] smp_apic_timer_interrupt+0x275/0x472
[ 105.365834] apic_timer_interrupt+0xf/0x20
[ 105.365834] </IRQ>
[ 105.365834] RIP: 0010:__sanitizer_cov_trace_pc+0x54/0x86
[ 105.365834] Code: 7e 81 e2 00 01 1f 00 75 1a 48 ff 05 32 07 e9 03 8b 81 a0 23 00 00 83 f8 02 0f 94 c0 48 ff 05 27 07 e9 03 48 ff 05 40 07 e9 03 <84> c0 74 2d 48 8b 91 a8 23 00 00 8b 89 a4 23 00 00 48 8b 02 48 ff
[ 105.369756] RSP: 0000:ffff88002cb07d90 EFLAGS: 00000207 ORIG_RAX: ffffffffffffff13
[ 105.369756] RAX: 0000000000000000 RBX: ffff88002cb07e08 RCX: ffff88002cb00040
[ 105.373756] RDX: 0000000000000000 RSI: ffffffff824eccbe RDI: ffff88002cb07e08
[ 105.373756] RBP: 000000000000003f R08: 0000000000000000 R09: 0000000000000000
[ 105.373756] R10: ffff88002cb07b38 R11: 0000000000000020 R12: ffffffffffffffff
[ 105.377758] R13: ffffffff83cd2358 R14: 0000000000000000 R15: ffff880000ce1db0
[ 105.377758] ? xas_move_index+0xd/0x36
[ 105.377758] xas_move_index+0xd/0x36
[ 105.381757] xas_advance+0x28/0x31
[ 105.381757] xas_find+0x282/0x2d9
[ 105.381757] check_xa_mark_1+0x9ad/0xf6a
[ 105.381757] ? check_xa_alloc+0x55d/0x55d
[ 105.381757] check_xa_mark+0x1b/0x45
[ 105.385751] xarray_checks+0x36/0x154
[ 105.385751] do_one_initcall+0x282/0x619
[ 105.385751] ? ftrace_likely_update+0x27a/0x2aa
[ 105.385751] kernel_init_freeable+0x646/0x783
[ 105.385751] ? rest_init+0x1d4/0x1d4
[ 105.389739] kernel_init+0x12/0x21f
[ 105.389739] ? rest_init+0x1d4/0x1d4
[ 105.389739] ret_from_fork+0x24/0x30
[ 105.389739] Kernel Offset: disabled
Elapsed time: 110
#!/bin/bash
# To reproduce,
# 1) save job-script and this script (both are attached in 0day report email)
# 2) run this script with your compiled kernel and optional env $INSTALL_MOD_PATH
kernel=$1
initrds=(
/osimage/quantal/quantal-core-x86_64-2018-11-09.cgz
/lkp/lkp/lkp-x86_64.cgz
/osimage/pkg/debian-x86_64-2016-08-31.cgz/trinity-static-x86_64-x86_64-6ddabfd2_2017-11-10.cgz
)
HTTP_PREFIX=https://download.01.org/0day-ci/lkp-qemu
wget --timestamping "${initrds[@]/#/$HTTP_PREFIX}"
{
cat "${initrds[@]//*\//}"
[[ $INSTALL_MOD_PATH ]] && (
cd "$INSTALL_MOD_PATH"
find lib | cpio -o -H newc --quiet | gzip
)
echo job-script | cpio -o -H newc --quiet | gzip
} > initrd.img
qemu-img create -f qcow2 disk-vm-snb-quantal-x86_64-11-0 256G
qemu-img create -f qcow2 disk-vm-snb-quantal-x86_64-11-1 256G
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Rong Chen
2 years
10e9ae9fab ("gcc-plugins: Add STACKLEAK plugin for tracking .."): WARNING: can't dereference registers at (null) for ip entry_SYSCALL_64_after_hwframe
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 10e9ae9fabaf96c8e5227c1cd4827d58b3aa406d
Author: Alexander Popov <alex.popov(a)linux.com>
AuthorDate: Fri Aug 17 01:16:59 2018 +0300
Commit: Kees Cook <keescook(a)chromium.org>
CommitDate: Tue Sep 4 10:35:47 2018 -0700
gcc-plugins: Add STACKLEAK plugin for tracking the kernel stack
The STACKLEAK feature erases the kernel stack before returning from
syscalls. That reduces the information which kernel stack leak bugs can
reveal and blocks some uninitialized stack variable attacks.
This commit introduces the STACKLEAK gcc plugin. It is needed for
tracking the lowest border of the kernel stack, which is important
for the code erasing the used part of the kernel stack at the end
of syscalls (comes in a separate commit).
The STACKLEAK feature is ported from grsecurity/PaX. More information at:
https://grsecurity.net/
https://pax.grsecurity.net/
This code is modified from Brad Spengler/PaX Team's code in the last
public patch of grsecurity/PaX based on our understanding of the code.
Changes or omissions from the original code are ours and don't reflect
the original grsecurity/PaX code.
Signed-off-by: Alexander Popov <alex.popov(a)linux.com>
Tested-by: Laura Abbott <labbott(a)redhat.com>
Signed-off-by: Kees Cook <keescook(a)chromium.org>
afaef01c00 x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls
10e9ae9fab gcc-plugins: Add STACKLEAK plugin for tracking the kernel stack
1a9430db28 ima: cleanup the match_token policy code
6648e120dd Add linux-next specific files for 20181217
+---------------------------------------------------------------+------------+------------+------------+---------------+
| | afaef01c00 | 10e9ae9fab | 1a9430db28 | next-20181217 |
+---------------------------------------------------------------+------------+------------+------------+---------------+
| boot_successes | 386 | 141 | 134 | 135 |
| boot_failures | 68 | 9 | 16 | 8 |
| RIP:trace | 37 | | | |
| WARNING:stack_recursion | 36 | | | |
| WARNING:at(____ptrval____)for_ip_syscall_return_via_sysret/0x | 37 | | | |
| Kernel_panic-not_syncing:Machine_halted | 37 | | | |
| PANIC:double_fault | 27 | | | |
| Mem-Info | 2 | 0 | 1 | |
| invoked_oom-killer:gfp_mask=0x | 1 | 0 | 1 | |
| RIP:__put_user_4 | 1 | | | |
| BUG:KASAN:stack-out-of-bounds_in_u | 25 | 8 | 12 | 7 |
| RIP:__x86_indirect_thunk_rdx | 26 | 9 | 12 | 7 |
| INFO:rcu_preempt_detected_stalls_on_CPUs/tasks | 3 | 0 | 3 | |
| RIP:arch_local_irq_enable | 1 | | | |
| RIP:mntput_no_expire | 1 | | | |
| RIP:arch_local_irq_restore | 1 | | | |
| RIP:compound_head | 1 | | | |
| RIP:rcu_read_lock | 1 | | | |
| RIP:check_kill_permission | 1 | | | |
| RIP:radix_tree_load_root | 1 | | | |
| WARNING:at(null)for_ip_entry_SYSCALL_64_after_hwframe/0x | 0 | 7 | 11 | 7 |
| WARNING:at(null)for_ip_async_page_fault/0x | 0 | 1 | 1 | |
| WARNING:at_kernel/locking/lockdep.c:#lock_downgrade | 0 | 0 | 2 | |
| RIP:lock_downgrade | 0 | 0 | 2 | |
| RIP:xa_is_node | 0 | 0 | 1 | |
| BUG:kernel_reboot-without-warning_in_test_stage | 0 | 0 | 0 | 1 |
+---------------------------------------------------------------+------------+------------+------------+---------------+
[ 90.421639] process 196 (init) attempted a POSIX timer syscall while CONFIG_POSIX_TIMERS is not set
/etc/rcS.d/S00fbsetup: line 3: /sbin/modprobe: not found
Please wait: booting...
Starting udev
[ 96.410769] WARNING: can't dereference registers at (null) for ip entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 96.410801] ==================================================================
[ 96.447940] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0xa47/0x10df
[ 96.462780] Read of size 8 at addr ffff88001518f748 by task udevadm/217
[ 96.476720]
[ 96.480186] CPU: 1 PID: 217 Comm: udevadm Not tainted 4.19.0-rc2-00002-g10e9ae9 #1
[ 96.495352] Call Trace:
[ 96.500542] <IRQ>
[ 96.505206] dump_stack+0x96/0xdd
[ 96.512787] print_address_description+0x6e/0x241
[ 96.522060] ? unwind_next_frame+0xa47/0x10df
[ 96.531230] kasan_report+0x237/0x25d
[ 96.539225] unwind_next_frame+0xa47/0x10df
[ 96.547786] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 96.558545] ? unwind_get_return_address_ptr+0x9a/0x9a
[ 96.569466] ? check_chain_key+0x192/0x25a
[ 96.579245] ? kernel_text_address+0x15/0x35
[ 96.588120] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 96.599178] __save_stack_trace+0x8c/0xc9
[ 96.607498] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 96.617973] save_stack+0x37/0xa8
[ 96.625100] ? __kasan_slab_free+0x102/0x124
[ 96.634236] ? slab_free_freelist_hook+0x95/0xe6
[ 96.643315] ? kmem_cache_free+0x6a/0x1a0
[ 96.651931] ? __rcu_reclaim+0x302/0x32b
[ 96.660325] ? rcu_process_callbacks+0xd51/0x1402
[ 96.668878] ? __do_softirq+0x339/0x6a4
[ 96.675722] ? irq_exit+0xac/0x1a0
[ 96.682067] ? smp_apic_timer_interrupt+0x2eb/0x2fa
[ 96.691109] ? apic_timer_interrupt+0xf/0x20
[ 96.698752] ? __x86_indirect_thunk_rcx+0x20/0x20
[ 96.707314] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 96.717095] ? lock_downgrade+0x48e/0x48e
[ 96.725170] ? check_chain_key+0x192/0x25a
[ 96.734536] ? __accumulate_pelt_segments+0x29/0x3a
[ 96.742929] ? __lock_is_held+0x55/0xcd
[ 96.749445] ? check_chain_key+0x192/0x25a
[ 96.757026] ? lock_release+0x577/0x5a1
[ 96.763961] ? __lock_is_held+0x55/0xcd
[ 96.770864] ? check_chain_key+0x192/0x25a
[ 96.778698] ? arch_local_irq_save+0x5/0x13
[ 96.786382] ? debug_check_no_locks_freed+0x60/0x21d
[ 96.795527] __kasan_slab_free+0x102/0x124
[ 96.804366] slab_free_freelist_hook+0x95/0xe6
[ 96.814157] ? atomic_long_dec_and_test+0x1a/0x1a
[ 96.824134] kmem_cache_free+0x6a/0x1a0
[ 96.831755] ? __rcu_reclaim+0x302/0x32b
[ 96.840394] ? atomic_long_dec_and_test+0x1a/0x1a
[ 96.850362] __rcu_reclaim+0x302/0x32b
[ 96.857776] rcu_process_callbacks+0xd51/0x1402
[ 96.867516] ? rcu_nocb_kthread+0x1001/0x1001
[ 96.876974] ? sched_clock_cpu+0x1c/0x162
[ 96.885599] __do_softirq+0x339/0x6a4
[ 96.893531] irq_exit+0xac/0x1a0
[ 96.900501] smp_apic_timer_interrupt+0x2eb/0x2fa
[ 96.909774] apic_timer_interrupt+0xf/0x20
[ 96.917711] </IRQ>
[ 96.922152] RIP: 0010:__x86_indirect_thunk_rdx+0x0/0x20
[ 96.934528] Code: 66 2e 0f 1f 84 00 00 00 00 00 e8 07 00 00 00 f3 90 0f ae e8 eb f9 48 89 0c 24 c3 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 <e8> 07 00 00 00 f3 90 0f ae e8 eb f9 48 89 14 24 c3 0f 1f 44 00 00
[ 96.971567] RSP: 0018:ffff88001518f6c0 EFLAGS: 00000297 ORIG_RAX: ffffffffffffff13
[ 96.986580] RAX: dffffc0000000000 RBX: ffff88001518f788 RCX: ffffffff82c00001
[ 97.001912] RDX: ffffffff8108269e RSI: 0000000000000005 RDI: 0000000000000002
[ 97.016167] RBP: ffffffff8467c338 R08: 0000000000074727 R09: ffff88001518f788
[ 97.030553] R10: 0000000000000001 R11: ffff88001518f7df R12: ffff88001518f7bd
[ 97.044840] R13: ffff88001518f7d8 R14: ffffffff8467c33c R15: 000000000001c000
[ 97.059105] ? native_usergs_sysret64+0x1/0x10
[ 97.067495] ? unwind_next_frame+0x455/0x10df
[ 97.076633] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 97.085929] RIP: 1518f818:entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 97.096817] Code: 53 31 db 55 31 ed 41 54 45 31 e4 41 55 45 31 ed 41 56 45 31 f6 41 57 45 31 ff e8 1a 24 40 fe 48 89 c7 48 89 e6 e8 b8 3a 40 fe <0f> ba a4 24 90 00 00 00 09 73 05 e8 e3 23 40 fe 48 8b 4c 24 58 4c
[ 97.130460] RSP: 6000c0:0000000000000000 EFLAGS: ffff88001518f808 ORIG_RAX: ffffffff8117ca53
[ 97.146211] RAX: ffffffff8123052c RBX: 0000000041b58ab3 RCX: ffffffff8117ca5e
[ 97.159529] RDX: 00007f16086539a0 RSI: ffffffff8117c99a RDI: 0000000000000001
[ 97.171743] RBP: ffff88001a722a03 R08: ffff88001518ff58 R09: 0000000000000000
[ 97.183904] R10: ffffffff81082249 R11: ffffffff83770b1f R12: ffff88001518ff58
[ 97.197515] R13: ffff88001518ff58 R14: 1ffff10002a31ede R15: 0000000102a31ef8
[ 97.211866] ? unwind_get_return_address_ptr+0x9a/0x9a
[ 97.221358] ? rcu_is_watching+0xc/0x1e
[ 97.228071] ? kernel_text_address+0x20/0x35
[ 97.235584] ? init_kernel_text+0x5/0x20
[ 97.242325] ? kernel_text_address+0x15/0x35
[ 97.249850] ? __save_stack_trace+0x8c/0xc9
[ 97.257886] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 97.267925] ? save_stack+0x37/0xa8
[ 97.274836] ? kasan_kmalloc+0x8a/0x98
[ 97.282153] ? slab_post_alloc_hook+0x2e/0x3c
[ 97.290809] ? kmem_cache_alloc_trace+0xec/0x12f
[ 97.299944] ? kernfs_fop_open+0x769/0x8c7
[ 97.308920] ? do_dentry_open+0x40c/0x7c1
[ 97.316473] ? path_openat+0xc93/0xfe6
[ 97.323663] ? do_filp_open+0xdb/0x148
[ 97.330989] ? do_sys_open+0xc2/0x1c5
[ 97.338314] ? do_syscall_64+0xad/0xe0
[ 97.345866] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 97.355395] ? __lock_acquire+0xb3e/0xc45
[ 97.363947] ? kernfs_fop_open+0x5de/0x8c7
[ 97.371371] ? lock_acquire+0x1ec/0x250
[ 97.379954] ? __mutex_trylock_or_owner+0x10f/0x133
[ 97.391399] ? tracer_preempt_on+0x20/0x56
[ 97.398791] ? trace_preempt_on+0x1aa/0x1bc
[ 97.408930] ? check_chain_key+0x192/0x25a
[ 97.420307] ? check_chain_key+0x192/0x25a
[ 97.431132] ? check_chain_key+0x192/0x25a
[ 97.442080] ? lock_release+0x577/0x5a1
[ 97.451865] ? __fs_reclaim_release+0x5/0x1d
[ 97.462856] ? kasan_kmalloc+0x8a/0x98
[ 97.472868] ? slab_post_alloc_hook+0x2e/0x3c
[ 97.484256] ? kernfs_fop_open+0x769/0x8c7
[ 97.495109] ? kmem_cache_alloc_trace+0xec/0x12f
[ 97.506548] ? kernfs_fop_open+0x769/0x8c7
[ 97.514224] ? kernfs_put_open_node+0x17f/0x17f
[ 97.524565] ? do_dentry_open+0x40c/0x7c1
[ 97.532699] ? path_openat+0xc93/0xfe6
[ 97.540674] ? vfs_tmpfile+0x1d6/0x1d6
[ 97.548349] ? check_chain_key+0x192/0x25a
[ 97.556616] ? find_held_lock+0x2d/0xf9
[ 97.564331] ? lock_release+0x577/0x5a1
[ 97.572141] ? ___slab_alloc+0x228/0x324
[ 97.582378] ? tracer_preempt_on+0x20/0x56
[ 97.590675] ? trace_preempt_on+0x1aa/0x1bc
[ 97.599132] ? do_filp_open+0xdb/0x148
[ 97.606661] ? path_openat+0xfe6/0xfe6
[ 97.614311] ? tracer_preempt_on+0x20/0x56
[ 97.622638] ? trace_preempt_on+0x1aa/0x1bc
[ 97.631100] ? preempt_count_sub+0x12e/0x138
[ 97.639778] ? do_sys_open+0xc2/0x1c5
[ 97.646490] ? do_sys_open+0xc2/0x1c5
[ 97.654293] ? file_open_root+0xc8/0xc8
[ 97.661953] ? do_syscall_64+0xad/0xe0
[ 97.669925] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 97.680032]
[ 97.683436] The buggy address belongs to the page:
[ 97.692794] page:ffffea00005463c0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[ 97.708487] flags: 0x4000000000000000()
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 40e020c129cfc991e8ab4736d2665351ffd1468d v4.19 --
git bisect bad e9ebc2151f88600e726e51e5f7ca9c33ad53b35f # 07:40 B 10 1 1 1 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 71f4d95b23654ec2b347bd15b1260d68ca9ea5ea # 08:05 G 80 0 6 6 Merge tag 'for-4.20/dm-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm
git bisect good 343a9f35409b68b6de66ecd0db90a277aee90ec2 # 08:30 G 83 0 11 11 Merge tag 'trace-v4.20' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
git bisect bad b5b1de3537e2cd8f52971224a1be24bb3ce34a65 # 08:55 B 21 2 0 0 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
git bisect good adb6b2b2b59f7872322f255206583b4c3ce661a3 # 09:25 G 78 0 5 5 Merge tag 'for-linus' of git://linux-c6x.org/git/projects/linux-c6x-upstreaming
git bisect good ffb845db50012eb3704a270efdf9b98be4e3454a # 09:49 G 79 0 12 12 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc
git bisect good 7c6c54b505b8aea1782ce6a6e8f3b8297d179937 # 10:16 G 83 0 10 10 Merge branch 'i2c/for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
git bisect bad 2d6bb6adb714b133db92ccd4bfc9c20f75f71f3f # 10:35 B 25 5 0 0 Merge tag 'stackleak-v4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect bad c8d126275a5fa59394fe17109bdb9812fed296b8 # 11:00 B 23 1 0 0 fs/proc: Show STACKLEAK metrics in the /proc file system
git bisect bad 10e9ae9fabaf96c8e5227c1cd4827d58b3aa406d # 11:27 B 29 3 0 0 gcc-plugins: Add STACKLEAK plugin for tracking the kernel stack
git bisect good afaef01c001537fa97a25092d7f54d764dc7d8c1 # 11:54 G 140 0 20 20 x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls
# first bad commit: [10e9ae9fabaf96c8e5227c1cd4827d58b3aa406d] gcc-plugins: Add STACKLEAK plugin for tracking the kernel stack
git bisect good afaef01c001537fa97a25092d7f54d764dc7d8c1 # 12:04 G 422 0 46 66 x86/entry: Add STACKLEAK erasing the kernel stack at the end of syscalls
# extra tests with debug options
git bisect bad 10e9ae9fabaf96c8e5227c1cd4827d58b3aa406d # 12:27 B 33 4 1 1 gcc-plugins: Add STACKLEAK plugin for tracking the kernel stack
# extra tests on HEAD of linux-devel/devel-hourly-2018121517
git bisect bad 5552a5433cdc6dce76cdbb2e3d8891d741176177 # 12:27 B 323 27 0 4 0day head guard for 'devel-hourly-2018121517'
# extra tests on tree/branch linus/master
git bisect bad 1a9430db2835c0c00acc87d915b573496998c1bf # 12:47 B 0 1 15 0 ima: cleanup the match_token policy code
# extra tests on tree/branch linux-next/master
git bisect bad 6648e120dd1a7a1d6eedea1b7dbe21108a189947 # 13:09 B 36 1 1 1 Add linux-next specific files for 20181217
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
2 years