[net] c55ca5814f: WARNING:suspicious_RCU_usage
by kernel test robot
FYI, we noticed the following commit (built with gcc-7):
commit: c55ca5814f22bb1d618275f2b46d40049bb7809f ("[PATCH net-next v3 7/7] net: ipv4: provide __rcu annotation for ifa_list")
url: https://github.com/0day-ci/linux/commits/Florian-Westphal/afs-do-not-send...
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------------------------------+------------+------------+
| | 3b1728410f | c55ca5814f |
+------------------------------------------------------------------+------------+------------+
| boot_successes | 6 | 0 |
| boot_failures | 2 | 10 |
| kernel_BUG_at_mm/usercopy.c | 1 | 3 |
| invalid_opcode:#[##] | 1 | 3 |
| RIP:usercopy_abort | 1 | 3 |
| Kernel_panic-not_syncing:Fatal_exception | 1 | 3 |
| BUG:workqueue_lockup-pool | 1 | |
| WARNING:suspicious_RCU_usage | 0 | 9 |
| drivers/net/plip/plip.c:#suspicious_rcu_dereference_check()usage | 0 | 9 |
| BUG:kernel_hang_in_boot_stage | 0 | 1 |
+------------------------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen(a)intel.com>
[ 77.391183] OF: overlay: WARNING: memory leak will occur if overlay removed, property: /testcase-data/overlay-node/test-bus/test-unittest0/status
[ 77.408020] OF: overlay: WARNING: memory leak will occur if overlay removed, property: /testcase-data/overlay-node/test-bus/test-unittest1/status
[ 77.411511] OF: overlay: WARNING: memory leak will occur if overlay removed, property: /testcase-data/overlay-node/test-bus/test-unittest2/status
[ 77.415507] OF: overlay: WARNING: memory leak will occur if overlay removed, property: /testcase-data/overlay-node/test-bus/test-unittest3/status
[ 77.421560] OF: overlay: WARNING: memory leak will occur if overlay removed, property: /testcase-data/overlay-node/test-bus/test-unittest5/status
[ 77.429409] OF: overlay: WARNING: memory leak will occur if overlay removed, property: /testcase-data/overlay-node/test-bus/test-unittest6/status
[ 77.434178] OF: overlay: WARNING: memory leak will occur if overlay removed, property: /testcase-data/overlay-node/test-bus/test-unittest7/status
[ 77.441290] OF: overlay: WARNING: memory leak will occur if overlay removed, property: /testcase-data/overlay-node/test-bus/test-unittest8/status
[ 77.446688] OF: overlay: WARNING: memory leak will occur if overlay removed, property: /testcase-data/overlay-node/test-bus/test-unittest8/property-foo
[ 77.448323] OF: overlay: node_overlaps_later_cs: #6 overlaps with #7 @/testcase-data/overlay-node/test-bus/test-unittest8
[ 77.449596] OF: overlay: overlay #6 is not topmost
[ 77.557568] i2c i2c-1: Added multiplexed i2c bus 2
[ 77.559468] OF: overlay: WARNING: memory leak will occur if overlay removed, property: /testcase-data/overlay-node/test-bus/i2c-test-bus/test-unittest12/status
[ 77.563749] OF: overlay: WARNING: memory leak will occur if overlay removed, property: /testcase-data/overlay-node/test-bus/i2c-test-bus/test-unittest13/status
[ 77.574358] i2c i2c-1: Added multiplexed i2c bus 3
[ 77.591050] ### dt-test ### FAIL of_unittest_overlay_high_level():2380 overlay_base_root not initialized
[ 77.592529] ### dt-test ### end of unittest - 219 passed, 1 failed
[ 77.597478] 8021q: adding VLAN 0 to HW filter on device bond0
[ 77.603753] IP-Config: Failed to open ipddp0
[ 77.615261] 8021q: adding VLAN 0 to HW filter on device eth0
[ 77.618741]
[ 77.619082] =============================
[ 77.619838] WARNING: suspicious RCU usage
[ 77.620585] 5.2.0-rc2-00578-gc55ca58 #1 Tainted: G T
[ 77.621514] -----------------------------
[ 77.622222] drivers/net/plip/plip.c:1110 suspicious rcu_dereference_check() usage!
[ 77.623580]
[ 77.623580] other info that might help us debug this:
[ 77.623580]
[ 77.624783]
[ 77.624783] rcu_scheduler_active = 2, debug_locks = 1
[ 77.625837] 1 lock held by swapper/0/1:
[ 77.626759] #0: (____ptrval____) (rtnl_mutex){+.+.}, at: rtnl_lock+0x23/0x2c
[ 77.628367]
[ 77.628367] stack backtrace:
[ 77.629334] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G T 5.2.0-rc2-00578-gc55ca58 #1
[ 77.630936] Call Trace:
[ 77.631610] dump_stack+0x195/0x25f
[ 77.632435] ? eth_change_mtu+0x49/0x49
[ 77.633327] lockdep_rcu_suspicious+0x166/0x176
[ 77.634317] plip_open+0x37c/0x423
[ 77.635116] __dev_open+0x37c/0x463
[ 77.635940] __dev_change_flags+0x3a1/0x5b0
[ 77.636789] ? _get_random_bytes+0x387/0x3b1
[ 77.636983] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
[ 77.637598] dev_change_flags+0x49/0xdb
[ 77.637720] ic_open_devs+0x507/0xbdd
[ 77.640368] ip_auto_config+0x82c/0x19ab
[ 77.641263] ? add_device_randomness+0x615/0x63f
[ 77.642229] ? root_nfs_parse_addr+0x502/0x502
[ 77.643201] do_one_initcall+0x41f/0x9f8
[ 77.644102] ? ip_auto_config+0x5/0x19ab
[ 77.644981] ? do_one_initcall+0x41f/0x9f8
[ 77.645877] kernel_init_freeable+0xae4/0xd0f
[ 77.646811] ? rest_init+0x420/0x420
[ 77.647648] kernel_init+0x1d/0x33f
[ 77.648475] ? rest_init+0x420/0x420
[ 77.649353] ret_from_fork+0x3a/0x50
[ 77.653793] IP-Config: Failed to open gretap0
[ 77.654685] IP-Config: Failed to open erspan0
[ 77.659786] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 77.686496] Sending DHCP requests ., OK
[ 77.689060] IP-Config: Got DHCP answer from 10.0.2.2, my address is 10.0.2.15
[ 77.690350] IP-Config: Complete:
[ 77.690976] device=eth0, hwaddr=52:54:00:12:34:56, ipaddr=10.0.2.15, mask=255.255.255.0, gw=10.0.2.2
[ 77.692647] host=vm-snb-quantal-x86_64-522, domain=, nis-domain=(none)
[ 77.693941] bootserver=10.0.2.2, rootserver=10.0.2.2, rootpath=
[ 77.693953] nameserver0=10.0.2.3
[ 77.705222] Bluetooth: Starting self testing
[ 77.706409] Bluetooth: Finished self testing
[ 77.707420] _warn_unseeded_randomness: 16 callbacks suppressed
[ 77.707453] random: get_random_bytes called from key_alloc+0x6ae/0xbad with crng_init=0
[ 77.710070] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 77.714257] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 77.716635] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 77.733315] Freeing unused kernel image memory: 5996K
[ 77.776451] Write protecting the kernel read-only data: 86016k
[ 77.831503] Freeing unused kernel image memory: 2032K
[ 77.837481] Freeing unused kernel image memory: 1872K
[ 77.838387] Run /init as init process
[ 77.840245] random: get_random_u64 called from arch_rnd+0x52/0x7a with crng_init=0
[ 77.841716] random: get_random_u64 called from load_elf_binary+0xadc/0x2279 with crng_init=0
[ 77.896320] random: init: uninitialized urandom read (12 bytes read)
[ 78.730499] _warn_unseeded_randomness: 75 callbacks suppressed
[ 78.730621] random: get_random_u64 called from load_elf_binary+0xadc/0x2279 with crng_init=0
[ 78.735823] random: get_random_u32 called from arch_setup_additional_pages+0xd3/0x108 with crng_init=0
[ 78.739747] random: get_random_u64 called from dup_task_struct+0x660/0x9ea with crng_init=0
[ 79.772164] _warn_unseeded_randomness: 97 callbacks suppressed
[ 79.772335] random: get_random_u64 called from dup_task_struct+0x660/0x9ea with crng_init=0
[ 79.859898] random: get_random_u64 called from arch_rnd+0x52/0x7a with crng_init=0
[ 79.861428] random: get_random_u64 called from load_elf_binary+0xadc/0x2279 with crng_init=0
[ 80.156549] random: mountall: uninitialized urandom read (12 bytes read)
[ 80.336808] Writes: Total: 1757652 Max/Min: 0/0 Fail: 0
[ 80.804248] _warn_unseeded_randomness: 47 callbacks suppressed
[ 80.804481] random: get_random_u64 called from arch_rnd+0x52/0x7a with crng_init=0
[ 80.806041] random: get_random_u64 called from load_elf_binary+0xadc/0x2279 with crng_init=0
[ 80.817631] random: get_random_u32 called from arch_setup_additional_pages+0xd3/0x108 with crng_init=0
LKP: HOSTNAME vm-snb-quantal-x86_64-522, MAC f2:0c:6a:d7:8a:de, kernel 5.2.0-rc2-00578-gc55ca58 1, serial console /dev/ttyS0
[ 81.292295] hostname: the specified hostname is invalid
[ 81.292394]
[ 81.735359] Kernel tests: Boot OK!
[ 81.735465]
[ 81.838429] _warn_unseeded_randomness: 70 callbacks suppressed
[ 81.838649] random: get_random_u64 called from arch_rnd+0x52/0x7a with crng_init=0
[ 81.841337] random: get_random_u64 called from load_elf_binary+0xadc/0x2279 with crng_init=0
[ 81.844409] random: get_random_u32 called from arch_setup_additional_pages+0xd3/0x108 with crng_init=0
[ 82.873819] _warn_unseeded_randomness: 56 callbacks suppressed
[ 82.873993] random: get_random_u64 called from arch_rnd+0x52/0x7a with crng_init=0
[ 82.880083] random: get_random_u64 called from load_elf_binary+0xadc/0x2279 with crng_init=0
[ 82.894258] random: get_random_u64 called from arch_rnd+0x52/0x7a with crng_init=0
[ 83.744830] /lkp/lkp/src/bin/run-lkp
[ 83.744951]
[ 83.939266] _warn_unseeded_randomness: 89 callbacks suppressed
[ 83.939478] random: get_random_u64 called from arch_rnd+0x52/0x7a with crng_init=0
[ 83.940509] random: get_random_u64 called from dup_task_struct+0x660/0x9ea with crng_init=0
[ 83.940709] random: get_random_u64 called from load_elf_binary+0xadc/0x2279 with crng_init=0
[ 84.826921] udevd[388]: starting version 175
[ 84.993862] _warn_unseeded_randomness: 57 callbacks suppressed
[ 84.993961] random: get_random_u64 called from arch_rnd+0x52/0x7a with crng_init=0
[ 84.996815] random: get_random_u64 called from load_elf_binary+0xadc/0x2279 with crng_init=0
[ 85.007440] random: get_random_u32 called from arch_setup_additional_pages+0xd3/0x108 with crng_init=0
[ 85.582308] RESULT_ROOT=/result/trinity/300s/vm-snb-quantal-x86_64/quantal-core-x86_64-2019-04-26.cgz/x86_64-randconfig-s2-06021328/gcc-7/c55ca5814f22bb1d618275f2b46d40049bb7809f/3
[ 85.582424]
To reproduce:
# build kernel
cd linux
cp config-5.2.0-rc2-00578-gc55ca58 .config
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 modules_prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 SHELL=/bin/bash
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Rong Chen
3 years, 2 months
[mm/vmalloc.c] 728e0fbf26: kernel_BUG_at_mm/vmalloc.c
by kernel test robot
FYI, we noticed the following commit (built with gcc-7):
commit: 728e0fbf263e3ed359c10cb13623390564102881 ("mm/vmalloc.c: get rid of one single unlink_va() when merge")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-------------------------------------------------+------------+------------+
| | 1ed20f4bc2 | 728e0fbf26 |
+-------------------------------------------------+------------+------------+
| boot_successes | 0 | 0 |
| boot_failures | 6 | 14 |
| BUG:kernel_reboot-without-warning_in_test_stage | 6 | |
| kernel_BUG_at_mm/vmalloc.c | 0 | 14 |
| invalid_opcode:#[##] | 0 | 14 |
| RIP:__free_vmap_area | 0 | 14 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 14 |
+-------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp(a)intel.com>
[ 2.860248] kernel BUG at mm/vmalloc.c:470!
[ 2.863532] invalid opcode: 0000 [#1] SMP PTI
[ 2.865038] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.2.0-rc2-00418-g728e0fbf263e3 #2
[ 2.867517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 2.869603] RIP: 0010:__free_vmap_area+0xab/0x314
[ 2.869603] Code: 4d e0 48 39 f0 73 0f 48 39 d1 72 0a 4c 8d 75 10 48 8b 4d 10 eb 16 48 39 f0 72 0f 48 39 d1 73 0a 4c 8d 75 08 48 8b 4d 08 eb 02 <0f> 0b 48 85 c9 75 c6 48 85 ed 49 89 ef 0f 84 27 02 00 00 48 8d 4d
[ 2.876280] RSP: 0000:ffffc90000327d00 EFLAGS: 00010287
[ 2.876280] RAX: ffffc900019e8000 RBX: ffff88806dbc9790 RCX: ffff88806dbc98f0
[ 2.876280] RDX: ffffc900019ed000 RSI: ffffc90001a00000 RDI: ffff88806d426d88
[ 2.876280] RBP: ffff88806dbc9a18 R08: 0000000000000001 R09: ffffffff8129d4c2
[ 2.884274] R10: ffffea0001b47880 R11: 00000000f0000080 R12: 0000000000008000
[ 2.884274] R13: ffff88806dbc9630 R14: ffff88806dbc9760 R15: 0000000000000000
[ 2.884274] FS: 0000000000000000(0000) GS:ffff88807cd00000(0000) knlGS:0000000000000000
[ 2.884274] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2.892282] CR2: ffffc900003bc000 CR3: 000000000260a000 CR4: 00000000000406e0
[ 2.892282] Call Trace:
[ 2.892282] ? kmem_cache_free+0x140/0x1f5
[ 2.892282] __purge_vmap_area_lazy+0x8f/0xdf
[ 2.892282] _vm_unmap_aliases+0x110/0x13d
[ 2.900279] change_page_attr_set_clr+0xc7/0x253
[ 2.900279] ? set_debug_rodata+0x11/0x11
[ 2.900279] set_memory_nx+0x35/0x38
[ 2.900279] free_init_pages+0x54/0x7f
[ 2.900279] ? do_name+0x2b1/0x2b1
[ 2.900279] populate_rootfs+0xe2/0x101
[ 2.908291] do_one_initcall+0x97/0x1b4
[ 2.908291] kernel_init_freeable+0x23b/0x2d4
[ 2.908291] ? rest_init+0xc6/0xc6
[ 2.908291] kernel_init+0xa/0xff
[ 2.908291] ret_from_fork+0x3a/0x50
[ 2.908291] Modules linked in:
[ 2.917205] ---[ end trace 1a2925ea0cc5d2c3 ]---
To reproduce:
# build kernel
cd linux
cp config-5.2.0-rc2-00418-g728e0fbf263e3 .config
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 modules_prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 SHELL=/bin/bash
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
lkp
3 years, 2 months
[mm/vmalloc.c] 728e0fbf26: kernel_BUG_at_mm/vmalloc.c
by kernel test robot
FYI, we noticed the following commit (built with gcc-7):
commit: 728e0fbf263e3ed359c10cb13623390564102881 ("mm/vmalloc.c: get rid of one single unlink_va() when merge")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-------------------------------------------------+------------+------------+
| | 1ed20f4bc2 | 728e0fbf26 |
+-------------------------------------------------+------------+------------+
| boot_successes | 0 | 0 |
| boot_failures | 6 | 14 |
| BUG:kernel_reboot-without-warning_in_test_stage | 6 | |
| kernel_BUG_at_mm/vmalloc.c | 0 | 14 |
| invalid_opcode:#[##] | 0 | 14 |
| RIP:__free_vmap_area | 0 | 14 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 14 |
+-------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp(a)intel.com>
[ 2.860248] kernel BUG at mm/vmalloc.c:470!
[ 2.863532] invalid opcode: 0000 [#1] SMP PTI
[ 2.865038] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.2.0-rc2-00418-g728e0fbf263e3 #2
[ 2.867517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 2.869603] RIP: 0010:__free_vmap_area+0xab/0x314
[ 2.869603] Code: 4d e0 48 39 f0 73 0f 48 39 d1 72 0a 4c 8d 75 10 48 8b 4d 10 eb 16 48 39 f0 72 0f 48 39 d1 73 0a 4c 8d 75 08 48 8b 4d 08 eb 02 <0f> 0b 48 85 c9 75 c6 48 85 ed 49 89 ef 0f 84 27 02 00 00 48 8d 4d
[ 2.876280] RSP: 0000:ffffc90000327d00 EFLAGS: 00010287
[ 2.876280] RAX: ffffc900019e8000 RBX: ffff88806dbc9790 RCX: ffff88806dbc98f0
[ 2.876280] RDX: ffffc900019ed000 RSI: ffffc90001a00000 RDI: ffff88806d426d88
[ 2.876280] RBP: ffff88806dbc9a18 R08: 0000000000000001 R09: ffffffff8129d4c2
[ 2.884274] R10: ffffea0001b47880 R11: 00000000f0000080 R12: 0000000000008000
[ 2.884274] R13: ffff88806dbc9630 R14: ffff88806dbc9760 R15: 0000000000000000
[ 2.884274] FS: 0000000000000000(0000) GS:ffff88807cd00000(0000) knlGS:0000000000000000
[ 2.884274] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2.892282] CR2: ffffc900003bc000 CR3: 000000000260a000 CR4: 00000000000406e0
[ 2.892282] Call Trace:
[ 2.892282] ? kmem_cache_free+0x140/0x1f5
[ 2.892282] __purge_vmap_area_lazy+0x8f/0xdf
[ 2.892282] _vm_unmap_aliases+0x110/0x13d
[ 2.900279] change_page_attr_set_clr+0xc7/0x253
[ 2.900279] ? set_debug_rodata+0x11/0x11
[ 2.900279] set_memory_nx+0x35/0x38
[ 2.900279] free_init_pages+0x54/0x7f
[ 2.900279] ? do_name+0x2b1/0x2b1
[ 2.900279] populate_rootfs+0xe2/0x101
[ 2.908291] do_one_initcall+0x97/0x1b4
[ 2.908291] kernel_init_freeable+0x23b/0x2d4
[ 2.908291] ? rest_init+0xc6/0xc6
[ 2.908291] kernel_init+0xa/0xff
[ 2.908291] ret_from_fork+0x3a/0x50
[ 2.908291] Modules linked in:
[ 2.917205] ---[ end trace 1a2925ea0cc5d2c3 ]---
To reproduce:
# build kernel
cd linux
cp config-5.2.0-rc2-00418-g728e0fbf263e3 .config
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 modules_prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 SHELL=/bin/bash
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
lkp
3 years, 2 months
[block] 47cdee29ef: BUG:kernel_NULL_pointer_dereference, address
by kernel test robot
FYI, we noticed the following commit (built with gcc-7):
commit: 47cdee29ef9d94e485eb08f962c74943023a5271 ("block: move blk_exit_queue into __blk_release_queue")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-------------------------------------------------+------------+------------+
| | 31cb1d64da | 47cdee29ef |
+-------------------------------------------------+------------+------------+
| boot_successes | 3 | 0 |
| boot_failures | 13 | 8 |
| BUG:kernel_reboot-without-warning_in_test_stage | 13 | |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 8 |
| Oops:#[##] | 0 | 8 |
| RIP:blk_mq_free_rqs | 0 | 8 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 8 |
+-------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen(a)intel.com>
[ 6.560544] BUG: kernel NULL pointer dereference, address: 0000000000000020
[ 6.561658] #PF: supervisor read access in kernel mode
[ 6.562495] #PF: error_code(0x0000) - not-present page
[ 6.563277] PGD 0 P4D 0
[ 6.563277] Oops: 0000 [#1] PTI
[ 6.563277] CPU: 0 PID: 147 Comm: kworker/0:2 Tainted: G T 5.2.0-rc1-00387-g47cdee29 #1
[ 6.563277] Workqueue: events __blk_release_queue
[ 6.563277] RIP: 0010:blk_mq_free_rqs+0x2c/0xaf
[ 6.563277] Code: 66 66 90 55 48 89 e5 41 57 41 56 41 55 41 54 49 89 fd 53 48 89 f3 41 89 d7 48 83 bb 90 00 00 00 00 74 0e 49 8b 45 38 45 31 e4 <48> 83 78 20 00 75 3b 4c 8d ab a0 00 00 00 eb 39 48 8b 83 98 00 00
[ 6.563277] RSP: 0000:ffff888071f6bdb0 EFLAGS: 00010246
[ 6.563277] RAX: 0000000000000000 RBX: ffff88807f1a76b8 RCX: 000000000011000b
[ 6.563277] RDX: 0000000000000000 RSI: ffff88807f1a76b8 RDI: ffff88807f0012c8
[ 6.563277] RBP: ffff888071f6bdd8 R08: ffff888071f6bf48 R09: 0000000000000000
[ 6.563277] R10: ffff888071f6bdd8 R11: 0000000000000030 R12: 0000000000000000
[ 6.563277] R13: ffff88807f0012c8 R14: ffff88807f0012c8 R15: 0000000000000000
[ 6.563277] FS: 0000000000000000(0000) GS:ffffffff8263d000(0000) knlGS:0000000000000000
[ 6.563277] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6.563277] CR2: 0000000000000020 CR3: 000000000262a000 CR4: 00000000000406b0
[ 6.563277] Call Trace:
[ 6.563277] blk_mq_sched_tags_teardown+0x46/0x6a
[ 6.563277] blk_mq_exit_sched+0x6f/0x81
[ 6.563277] elevator_exit+0x38/0x50
[ 6.563277] __blk_release_queue+0x6b/0xdc
[ 6.563277] process_one_work+0x174/0x26a
[ 6.563277] ? rescuer_thread+0x262/0x262
[ 6.563277] worker_thread+0x1a8/0x267
[ 6.563277] ? rescuer_thread+0x262/0x262
[ 6.563277] kthread+0xff/0x107
[ 6.563277] ? kthread_create_worker_on_cpu+0x5f/0x5f
[ 6.563277] ret_from_fork+0x24/0x30
[ 6.563277] Modules linked in:
[ 6.563277] CR2: 0000000000000020
[ 6.563277] _warn_unseeded_randomness: 1 callbacks suppressed
[ 6.563277] random: get_random_bytes called from init_oops_id+0x26/0x36 with crng_init=0
[ 6.563277] ---[ end trace 1855f0c417feab1e ]---
To reproduce:
# build kernel
cd linux
cp config-5.2.0-rc1-00387-g47cdee29 .config
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 modules_prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 SHELL=/bin/bash
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Rong Chen
3 years, 2 months
[XArray] fa858b6eec: BUG:Bad_page_state_in_process
by kernel test robot
FYI, we noticed the following commit (built with gcc-7):
commit: fa858b6eec3f4908973131b1d5a3f2e35c4182cd ("XArray: Add xas_replace")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------+------------+------------+
| | 12fd2aee6d | fa858b6eec |
+------------------------------------------+------------+------------+
| boot_successes | 6 | 29 |
| boot_failures | 0 | 17 |
| BUG:KASAN:wild-memory-access_in_g | 0 | 7 |
| RIP:copy_user_generic_unrolled | 0 | 4 |
| general_protection_fault:#[##] | 0 | 16 |
| RIP:get_page_from_freelist | 0 | 7 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 16 |
| BUG:Bad_page_state_in_process | 0 | 9 |
| BUG:KASAN:wild-memory-access_in_f | 0 | 8 |
| RIP:free_pcppages_bulk | 0 | 8 |
| BUG:KASAN:wild-memory-access_in_r | 0 | 1 |
| RIP:release_pages | 0 | 1 |
+------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp(a)intel.com>
[ 90.960908] BUG: Bad page state in process find pfn:05da9
[ 90.961733] page:ffffea0000176a40 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1
[ 90.962958] flags: 0x0()
[ 90.963352] raw: 0000000000000000 dead000000000100 dead000000000200 0000000000000000
[ 90.964491] raw: 0000000000000001 0000000000000000 00000000ffffff7f 0000000000000000
[ 90.965588] page dumped because: nonzero mapcount
[ 90.966270] CPU: 0 PID: 263 Comm: find Not tainted 5.2.0-rc2-00162-gfa858b6eec3f4 #1
[ 90.967353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 90.968534] Call Trace:
[ 90.968921] bad_page+0x118/0x14b
[ 90.969433] free_pcppages_bulk+0x2a9/0xc7b
[ 90.970060] ? ftrace_likely_update+0x29a/0x2ae
[ 90.970708] ? get_pfnblock_flags_mask+0xa9/0xa9
[ 90.971376] ? tracer_hardirqs_off+0x15/0x153
[ 90.972007] free_unref_page_list+0x1eb/0x266
[ 90.972633] release_pages+0x61e/0x65f
[ 90.973181] ? mark_page_accessed+0x3cb/0x3cb
[ 90.973806] ? ftrace_likely_update+0x29a/0x2ae
[ 90.974460] __pagevec_release+0x50/0x5e
[ 90.975035] shmem_undo_range+0x99e/0xa46
[ 90.975636] ? shmem_getpage+0x5f/0x5f
[ 90.976207] ? ftrace_likely_update+0x29a/0x2ae
[ 90.976881] ? match_held_lock+0x1c/0x1eb
[ 90.977465] ? find_held_lock+0x86/0x96
[ 90.978027] ? match_held_lock+0x1c/0x1eb
[ 90.978604] ? find_held_lock+0x86/0x96
[ 90.979165] ? match_held_lock+0x1c/0x1eb
[ 90.979742] ? match_held_lock+0x1c/0x1eb
[ 90.980328] ? match_held_lock+0x1c/0x1eb
[ 90.980934] ? find_held_lock+0x86/0x96
[ 90.981526] shmem_truncate_range+0x32/0x6b
[ 90.982135] shmem_evict_inode+0x172/0x496
[ 90.982726] ? find_held_lock+0x86/0x96
[ 90.983284] ? shmem_truncate_range+0x6b/0x6b
[ 90.983908] ? ftrace_likely_update+0x29a/0x2ae
[ 90.984560] ? shmem_truncate_range+0x6b/0x6b
[ 90.985190] evict+0x1b7/0x2cd
[ 90.985641] ? find_inode_nowait+0xe1/0xe1
[ 90.986236] iput+0x334/0x3b1
[ 90.986690] do_unlinkat+0x2b2/0x42a
[ 90.987241] ? vfs_unlink+0x26a/0x26a
[ 90.987792] ? __check_heap_object+0x88/0x149
[ 90.988449] ? ftrace_likely_update+0x29a/0x2ae
[ 90.989129] ? ftrace_likely_update+0x29a/0x2ae
[ 90.989804] ? getname_flags+0x3cb/0x3da
[ 90.990377] __x64_sys_unlinkat+0x7d/0x90
[ 90.990954] ? do_syscall_64+0x4f7/0x828
[ 90.991524] do_syscall_64+0x507/0x828
[ 90.992078] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 90.992795] RIP: 0033:0x7f21f9c27a5d
[ 90.993323] Code: e9 f3 2c 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 48 63 d2 48 63 ff b8 07 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 f3 c3 48 8b 15 b2 f3 2c 00 f7 d8 64 89 02
[ 90.995955] RSP: 002b:00007ffdbf2f9988 EFLAGS: 00000206 ORIG_RAX: 0000000000000107
[ 90.997023] RAX: ffffffffffffffda RBX: 00000000017f2bc0 RCX: 00007f21f9c27a5d
[ 90.998022] RDX: 0000000000000000 RSI: 00000000017fd108 RDI: ffffffffffffff9c
[ 90.999020] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 91.000052] R10: 00007ffdbf2f9720 R11: 0000000000000206 R12: 0000000000000000
[ 91.001087] R13: 00000000017f38a0 R14: 00007ffdbf2fbdcd R15: 00000000017f3820
[ 91.002087] Disabling lock debugging due to kernel taint
[ 91.002831] ==================================================================
[ 91.003845] BUG: KASAN: wild-memory-access in free_pcppages_bulk+0x13e/0xc7b
[ 91.004832] Write of size 8 at addr dead000000000108 by task find/263
[ 91.005758]
[ 91.006010] CPU: 0 PID: 263 Comm: find Tainted: G B 5.2.0-rc2-00162-gfa858b6eec3f4 #1
[ 91.007311] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 91.008468] Call Trace:
[ 91.008834] ? free_pcppages_bulk+0x13e/0xc7b
[ 91.009462] __kasan_report+0x1d0/0x1fa
[ 91.010023] ? free_pcppages_bulk+0x13e/0xc7b
[ 91.010660] kasan_report+0x31/0x3a
[ 91.011193] ? free_pcppages_bulk+0x13e/0xc7b
[ 91.011844] free_pcppages_bulk+0x13e/0xc7b
[ 91.012472] ? ftrace_likely_update+0x29a/0x2ae
[ 91.013149] ? get_pfnblock_flags_mask+0xa9/0xa9
[ 91.013828] ? tracer_hardirqs_off+0x15/0x153
[ 91.014457] free_unref_page_list+0x1eb/0x266
[ 91.015084] release_pages+0x61e/0x65f
[ 91.015624] ? mark_page_accessed+0x3cb/0x3cb
[ 91.016250] ? ftrace_likely_update+0x29a/0x2ae
[ 91.016894] __pagevec_release+0x50/0x5e
[ 91.017464] shmem_undo_range+0x99e/0xa46
[ 91.018047] ? shmem_getpage+0x5f/0x5f
[ 91.018584] ? ftrace_likely_update+0x29a/0x2ae
[ 91.019235] ? match_held_lock+0x1c/0x1eb
[ 91.019810] ? find_held_lock+0x86/0x96
[ 91.020365] ? match_held_lock+0x1c/0x1eb
[ 91.020940] ? find_held_lock+0x86/0x96
[ 91.021498] ? match_held_lock+0x1c/0x1eb
[ 91.022078] ? match_held_lock+0x1c/0x1eb
[ 91.022652] ? match_held_lock+0x1c/0x1eb
[ 91.023233] ? find_held_lock+0x86/0x96
[ 91.023782] shmem_truncate_range+0x32/0x6b
[ 91.027841] shmem_evict_inode+0x172/0x496
[ 91.028447] ? find_held_lock+0x86/0x96
[ 91.029003] ? shmem_truncate_range+0x6b/0x6b
[ 91.029635] ? ftrace_likely_update+0x29a/0x2ae
[ 91.030287] ? shmem_truncate_range+0x6b/0x6b
[ 91.030909] evict+0x1b7/0x2cd
[ 91.031369] ? find_inode_nowait+0xe1/0xe1
[ 91.031955] iput+0x334/0x3b1
[ 91.032399] do_unlinkat+0x2b2/0x42a
[ 91.032928] ? vfs_unlink+0x26a/0x26a
[ 91.033461] ? __check_heap_object+0x88/0x149
[ 91.034089] ? ftrace_likely_update+0x29a/0x2ae
[ 91.034733] ? ftrace_likely_update+0x29a/0x2ae
[ 91.035392] ? getname_flags+0x3cb/0x3da
[ 91.035957] __x64_sys_unlinkat+0x7d/0x90
[ 91.036554] ? do_syscall_64+0x4f7/0x828
[ 91.037144] do_syscall_64+0x507/0x828
[ 91.037721] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 91.038471] RIP: 0033:0x7f21f9c27a5d
[ 91.039025] Code: e9 f3 2c 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 48 63 d2 48 63 ff b8 07 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 f3 c3 48 8b 15 b2 f3 2c 00 f7 d8 64 89 02
[ 91.041597] RSP: 002b:00007ffdbf2f9988 EFLAGS: 00000206 ORIG_RAX: 0000000000000107
[ 91.042655] RAX: ffffffffffffffda RBX: 00000000017f2bc0 RCX: 00007f21f9c27a5d
[ 91.043650] RDX: 0000000000000000 RSI: 00000000017fd108 RDI: ffffffffffffff9c
[ 91.044646] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 91.045642] R10: 00007ffdbf2f9720 R11: 0000000000000206 R12: 0000000000000000
[ 91.046637] R13: 00000000017f38a0 R14: 00007ffdbf2fbdcd R15: 00000000017f3820
[ 91.047633] ==================================================================
[ 91.048657] general protection fault: 0000 [#1] DEBUG_PAGEALLOC KASAN
[ 91.049571] CPU: 0 PID: 263 Comm: find Tainted: G B 5.2.0-rc2-00162-gfa858b6eec3f4 #1
[ 91.050868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 91.052083] RIP: 0010:free_pcppages_bulk+0x143/0xc7b
[ 91.052786] Code: 8d 43 08 4c 8b 3b 48 89 c7 48 89 44 24 10 e8 1e 32 01 00 48 8b 43 08 49 8d 7f 08 48 89 44 24 10 e8 b8 32 01 00 48 8b 44 24 10 <49> 89 47 08 48 89 c7 e8 a7 32 01 00 48 8b 44 24 10 4c 89 ef 4c 89
[ 91.055362] RSP: 0018:ffff88805b997758 EFLAGS: 00010092
[ 91.056144] RAX: dead000000000200 RBX: ffffea0000176a48 RCX: ffff88805bb80040
[ 91.057181] RDX: 0000000000000000 RSI: ffffffff8124ce51 RDI: ffffffff837f81c0
[ 91.058199] RBP: ffff88806b1f85d0 R08: 0000000000000003 R09: 0000000000000007
[ 91.059197] R10: fffffbfff08469ee R11: fffffbfff08469ed R12: 0000000000000001
[ 91.060194] R13: ffff88806b1f85b0 R14: ffffffff84087a00 R15: dead000000000100
[ 91.061195] FS: 00007f21fa61b700(0000) GS:ffffffff83693000(0000) knlGS:0000000000000000
[ 91.062324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 91.063135] CR2: 00000000017f5000 CR3: 000000005fec7000 CR4: 00000000000406f0
[ 91.064137] Call Trace:
[ 91.064503] ? ftrace_likely_update+0x29a/0x2ae
[ 91.065190] ? get_pfnblock_flags_mask+0xa9/0xa9
[ 91.065873] ? tracer_hardirqs_off+0x15/0x153
[ 91.066541] free_unref_page_list+0x1eb/0x266
[ 91.067171] release_pages+0x61e/0x65f
[ 91.067712] ? mark_page_accessed+0x3cb/0x3cb
[ 91.068341] ? ftrace_likely_update+0x29a/0x2ae
[ 91.068985] __pagevec_release+0x50/0x5e
[ 91.069557] shmem_undo_range+0x99e/0xa46
[ 91.070144] ? shmem_getpage+0x5f/0x5f
[ 91.070685] ? ftrace_likely_update+0x29a/0x2ae
[ 91.071340] ? match_held_lock+0x1c/0x1eb
[ 91.071919] ? find_held_lock+0x86/0x96
[ 91.072478] ? match_held_lock+0x1c/0x1eb
[ 91.073063] ? find_held_lock+0x86/0x96
[ 91.073617] ? match_held_lock+0x1c/0x1eb
[ 91.074203] ? match_held_lock+0x1c/0x1eb
[ 91.074781] ? match_held_lock+0x1c/0x1eb
[ 91.075366] ? find_held_lock+0x86/0x96
[ 91.075920] shmem_truncate_range+0x32/0x6b
[ 91.076526] shmem_evict_inode+0x172/0x496
[ 91.077122] ? find_held_lock+0x86/0x96
[ 91.077672] ? shmem_truncate_range+0x6b/0x6b
[ 91.078301] ? ftrace_likely_update+0x29a/0x2ae
[ 91.078945] ? shmem_truncate_range+0x6b/0x6b
[ 91.079572] evict+0x1b7/0x2cd
[ 91.080026] ? find_inode_nowait+0xe1/0xe1
To reproduce:
# build kernel
cd linux
cp config-5.2.0-rc2-00162-gfa858b6eec3f4 .config
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 modules_prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 SHELL=/bin/bash
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
lkp
3 years, 2 months
[mm/vmalloc.c] 728e0fbf26: kernel_BUG_at_mm/vmalloc.c
by kernel test robot
FYI, we noticed the following commit (built with gcc-7):
commit: 728e0fbf263e3ed359c10cb13623390564102881 ("mm/vmalloc.c: get rid of one single unlink_va() when merge")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-------------------------------------------------+------------+------------+
| | 1ed20f4bc2 | 728e0fbf26 |
+-------------------------------------------------+------------+------------+
| boot_successes | 0 | 0 |
| boot_failures | 8 | 4 |
| BUG:kernel_reboot-without-warning_in_test_stage | 8 | |
| kernel_BUG_at_mm/vmalloc.c | 0 | 4 |
| invalid_opcode:#[##] | 0 | 4 |
| RIP:__free_vmap_area | 0 | 4 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 4 |
+-------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen(a)intel.com>
[ 6.585196] kernel BUG at mm/vmalloc.c:470!
[ 6.591517] invalid opcode: 0000 [#1] SMP PTI
[ 6.592505] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.2.0-rc2-00418-g728e0fb #1
[ 6.592505] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 6.592505] RIP: 0010:__free_vmap_area+0x96/0x330
[ 6.592505] Code: 24 40 48 8b 05 c3 c6 e2 01 48 85 c0 0f 84 81 02 00 00 49 8b 3c 24 49 8b 74 24 08 48 3b 78 e8 48 8b 50 e0 73 07 48 39 f2 73 19 <0f> 0b 48 39 f2 73 f9 48 8b 48 08 48 8d 50 08 48 85 c9 74 12 48 8b
[ 6.592505] RSP: 0000:ffffb22580c5fca0 EFLAGS: 00010287
[ 6.592505] RAX: ffff9bb386eda8b8 RBX: ffff9bb386eda700 RCX: ffff9bb386eda8b8
[ 6.592505] RDX: ffff9bb386eda790 RSI: ffffb2258100d000 RDI: ffffb22581008000
[ 6.592505] RBP: ffff9bb386eda718 R08: 0000000000000000 R09: ffffffff8de53c00
[ 6.592505] R10: ffff9bb386eda898 R11: 0000000000000001 R12: ffff9bb386eda6e0
[ 6.592505] R13: 0000000000008000 R14: ffffffff8fc7f8e0 R15: ffffffff8eeeb590
[ 6.592505] FS: 0000000000000000(0000) GS:ffff9bb4bfc00000(0000) knlGS:0000000000000000
[ 6.592505] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6.592505] CR2: 0000000000000000 CR3: 000000019080a000 CR4: 00000000000406f0
[ 6.592505] Call Trace:
[ 6.592505] __purge_vmap_area_lazy+0xbc/0x150
[ 6.592505] _vm_unmap_aliases+0x111/0x140
[ 6.592505] change_page_attr_set_clr+0xc0/0x1f0
[ 6.592505] ? set_debug_rodata+0x11/0x11
[ 6.592505] set_memory_nx+0x3c/0x50
[ 6.592505] free_init_pages+0x53/0x90
[ 6.592505] ? do_name+0x2ca/0x2ca
[ 6.592505] populate_rootfs+0xe7/0x106
[ 6.592505] do_one_initcall+0x46/0x214
[ 6.592505] kernel_init_freeable+0x1c7/0x272
[ 6.592505] ? rest_init+0xd0/0xd0
[ 6.592505] kernel_init+0xa/0x110
[ 6.592505] ret_from_fork+0x35/0x40
[ 6.592505] Modules linked in:
[ 6.642315] ---[ end trace 0ba0b231153bd8c8 ]---
To reproduce:
# build kernel
cd linux
cp config-5.2.0-rc2-00418-g728e0fb .config
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 modules_prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 SHELL=/bin/bash
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Rong Chen
3 years, 2 months
[sched] 0a9efc8e56: WARNING:at_kernel/sched/sched.h:#migrate_tasks
by kernel test robot
FYI, we noticed the following commit (built with gcc-7):
commit: 0a9efc8e562f66f927876db2effcbd6b80191476 ("sched: Basic tracking of matching tasks")
https://github.com/digitalocean/linux-coresched coresched
in testcase: rcutorture
with following parameters:
runtime: 300s
test: cpuhotplug
torture_type: srcud
test-description: rcutorture is rcutorture kernel module load/unload test.
test-url: https://www.kernel.org/doc/Documentation/RCU/torture.txt
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-------------------------------------------------------+------------+------------+
| | 6395f75d43 | 0a9efc8e56 |
+-------------------------------------------------------+------------+------------+
| boot_successes | 2 | 4 |
| boot_failures | 112 | 115 |
| BUG:kernel_hang_in_boot-around-mounting-root_stage | 112 | 113 |
| WARNING:at_kernel/sched/sched.h:#migrate_tasks | 0 | 2 |
| RIP:migrate_tasks | 0 | 2 |
| WARNING:possible_circular_locking_dependency_detected | 0 | 2 |
+-------------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen(a)intel.com>
[ 133.050138] WARNING: CPU: 1 PID: 14 at kernel/sched/sched.h:1763 migrate_tasks+0x24f/0x7a9
[ 133.060259] Modules linked in: rcutorture torture crct10dif_pclmul crc32c_intel input_leds pcspkr i2c_piix4 evdev
[ 133.062468] CPU: 1 PID: 14 Comm: migration/1 Tainted: G T 5.2.0-rc1-00109-g0a9efc8 #1
[ 133.064365] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 133.066105] RIP: 0010:migrate_tasks+0x24f/0x7a9
[ 133.067087] Code: 48 ff 05 72 25 a8 05 48 8d bb f8 09 00 00 48 ff 05 4c 25 a8 05 e8 cb 5d 2c 00 4c 39 ab f8 09 00 00 74 17 48 ff 05 57 25 a8 05 <0f> 0b 48 ff 05 56 25 a8 05 48 ff 05 57 25 a8 05 49 8d bd 88 03 00
[ 133.083817] RSP: 0018:ffff8880595cfc08 EFLAGS: 00010002
[ 133.084869] RAX: ffffed100b426800 RBX: ffff88805a133c80 RCX: ffffffff81181019
[ 133.086227] RDX: ffff88805a133c80 RSI: 2000040000000000 RDI: ffff88805a134678
[ 133.087637] RBP: ffff8880595cfc60 R08: 0000000000000007 R09: 0000000000000007
[ 133.089093] R10: ffffed100b42694f R11: 0000000000000000 R12: ffff88805a133c80
[ 133.090560] R13: ffff88803ce7a100 R14: ffff8880595cfc98 R15: ffffffff83471e60
[ 133.091940] FS: 0000000000000000(0000) GS:ffff88805a100000(0000) knlGS:0000000000000000
[ 133.106073] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 133.107285] CR2: 00000000004216d0 CR3: 0000000044ec4000 CR4: 00000000000406a0
[ 133.108742] Call Trace:
[ 133.109350] sched_cpu_dying+0x205/0x3d1
[ 133.110239] ? sched_cpu_starting+0x233/0x233
[ 133.111198] ? irq_work_run+0x4d/0x56
[ 133.112011] ? flush_smp_call_function_queue+0x356/0x369
[ 133.113166] ? sched_cpu_starting+0x233/0x233
[ 133.114111] cpuhp_invoke_callback+0x401/0x1675
[ 133.115082] ? _raw_spin_unlock+0x37/0x70
[ 133.115996] ? unlock_vector_lock+0x17/0x20
[ 133.116929] ? lapic_offline+0x2f/0x38
[ 133.117745] take_cpu_down+0xdb/0x180
[ 133.131667] ? multi_cpu_stop+0x14f/0x25a
[ 133.132589] ? cpuhp_invoke_callback+0x1675/0x1675
[ 133.133655] multi_cpu_stop+0x156/0x25a
[ 133.134507] ? cpu_stop_queue_work+0x1d4/0x1d4
[ 133.135494] cpu_stopper_thread+0x160/0x23d
[ 133.136382] ? cpu_stop_create+0x55/0x55
[ 133.137182] smpboot_thread_fn+0x605/0x651
[ 133.138027] ? sort_range+0x3e/0x3e
[ 133.138704] ? __kthread_parkme+0x27/0x10f
[ 133.139480] ? __kthread_parkme+0xfa/0x10f
[ 133.140303] kthread+0x254/0x270
[ 133.141003] ? sort_range+0x3e/0x3e
[ 133.141793] ? kthread_stop+0x566/0x566
[ 133.142643] ret_from_fork+0x24/0x30
[ 133.143436] irq event stamp: 2278
[ 133.144202] hardirqs last enabled at (2277): [<ffffffff82eeeb43>] _raw_spin_unlock_irq+0x43/0x8a
[ 133.151128] hardirqs last disabled at (2278): [<ffffffff812b9e48>] multi_cpu_stop+0x115/0x25a
[ 133.152925] softirqs last enabled at (2114): [<ffffffff832006fa>] __do_softirq+0x6fa/0x774
[ 133.154642] softirqs last disabled at (2025): [<ffffffff81122f4b>] irq_exit+0xaf/0x161
[ 133.156292] ---[ end trace b03815f8d0d80b05 ]---
To reproduce:
# build kernel
cd linux
cp config-5.2.0-rc1-00109-g0a9efc8 .config
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 modules_prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 SHELL=/bin/bash
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Rong Chen
3 years, 2 months
2cfd33e1af [ 1.919647] WARNING: suspicious RCU usage
by kernel test robot
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
git://git.infradead.org/users/willy/linux-dax.git xarray
commit 2cfd33e1afe2c603bbdb36d9de0e8d35bfae000d
Author: Matthew Wilcox <willy(a)infradead.org>
AuthorDate: Wed Mar 20 13:07:42 2019 -0400
Commit: Matthew Wilcox (Oracle) <willy(a)infradead.org>
CommitDate: Fri May 31 13:52:41 2019 -0400
XArray: Add xas_replace
Jan found a performance regression between the radix tree and the XArray
when truncating a file which is almost entirely swap entries. Most of
that regression was due to the tags being reset when removing the swap
entry from the tree. This is unnecessary because the tags are always
clear for swap entries. Use xas_replace() in parts of the pagecache
where we know it's safe to do so.
Signed-off-by: Matthew Wilcox <willy(a)infradead.org>
b1b481e767 XArray tests: Add check_insert
2cfd33e1af XArray: Add xas_replace
fa858b6eec XArray: Add xas_replace
+---------------------------------------------------------------------+------------+------------+------------+
| | b1b481e767 | 2cfd33e1af | fa858b6eec |
+---------------------------------------------------------------------+------------+------------+------------+
| boot_successes | 0 | 0 | 0 |
| boot_failures | 48 | 12 | 12 |
| WARNING:suspicious_RCU_usage | 48 | 12 | |
| include/linux/radix-tree.h:#suspicious_rcu_dereference_check()usage | 48 | 12 | |
| kernel_BUG_at_include/linux/pagemap.h | 0 | 12 | 12 |
| invalid_opcode:#[##] | 0 | 12 | 12 |
| EIP:find_get_entries | 0 | 12 | 12 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 12 | 12 |
+---------------------------------------------------------------------+------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp(a)intel.com>
[ 1.914730] VFS: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes)
[ 1.916607] FS-Cache: Loaded
[ 1.917646] CacheFiles: Loaded
[ 1.918380]
[ 1.918745] =============================
[ 1.919647] WARNING: suspicious RCU usage
[ 1.920575] 5.2.0-rc2-00162-g2cfd33e #1 Tainted: G T
[ 1.921929] -----------------------------
[ 1.922839] include/linux/radix-tree.h:180 suspicious rcu_dereference_check() usage!
[ 1.924962]
[ 1.924962] other info that might help us debug this:
[ 1.924962]
[ 1.926754]
[ 1.926754] rcu_scheduler_active = 2, debug_locks = 1
[ 1.928203] 2 locks held by swapper/1:
[ 1.929037] #0: (ptrval) (cb_lock){+.+.}, at: genl_register_family+0x8f/0x5f0
[ 1.930633] #1: (ptrval) (genl_mutex){+.+.}, at: genl_register_family+0x9b/0x5f0
[ 1.932293]
[ 1.932293] stack backtrace:
[ 1.933257] CPU: 0 PID: 1 Comm: swapper Tainted: G T 5.2.0-rc2-00162-g2cfd33e #1
[ 1.935164] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 1.937023] Call Trace:
[ 1.937611] dump_stack+0x16/0x26
[ 1.938343] lockdep_rcu_suspicious+0x91/0xa0
[ 1.939304] idr_get_next+0xe4/0x120
[ 1.940122] genl_family_find_byname+0x37/0x50
[ 1.941115] genl_register_family+0xa8/0x5f0
[ 1.942075] ? acpi_pnp_init+0x2c/0x2c
[ 1.942919] acpi_event_init+0x37/0x6b
[ 1.943788] do_one_initcall+0x133/0x31a
[ 1.944672] ? parameq+0xf/0x70
[ 1.945389] kernel_init_freeable+0x135/0x201
[ 1.946399] ? rest_init+0x110/0x110
[ 1.947193] kernel_init+0x8/0xf0
[ 1.947955] ret_from_fork+0x2e/0x40
[ 1.948832] pnp: PnP ACPI init
[ 1.949722] pnp 00:00: Plug and Play ACPI device, IDs PNP0b00 (active)
[ 1.951303] pnp 00:01: Plug and Play ACPI device, IDs PNP0303 (active)
[ 1.952918] pnp 00:02: Plug and Play ACPI device, IDs PNP0f13 (active)
[ 1.954397] pnp 00:03: [dma 2]
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 0a10abdc966ac102642835fa36e0129bda2c753a cd6c84d8f0cdc911df435bb075ba22ce3c605b07 --
git bisect bad c3e3673c1dedd0ca57110cdd7a07d1abc12dadea # 11:58 B 0 11 25 0 Merge 'linux-review/Paolo-Bonzini/KVM-x86-fix-return-value-for-reserved-EFER/20190525-141411' into devel-hourly-2019060103
git bisect bad 30a168fdabd2bd923f6381c5ce62e6917b2bbd73 # 11:58 B 0 11 25 0 Merge 'kuba-linux/app-ktls' into devel-hourly-2019060103
git bisect bad efe9973f868655c76698a3f9863af4f853efcc7c # 11:58 B 0 11 25 0 Merge 'hch-dma-mapping/for-next' into devel-hourly-2019060103
git bisect good 216479174f4acadf1bfc9294f497884ec623db65 # 12:02 G 10 0 8 17 Merge 'rcu/dev.2019.05.25b' into devel-hourly-2019060103
git bisect good 690ee90427b3e799bfc1a4e7f3a37ed62bac9386 # 23:13 G 11 0 10 21 Merge 'powerpc/next-test' into devel-hourly-2019060103
git bisect bad 26dbecbb04455255b0d2101a13f371d59a3f7ba3 # 23:14 B 0 11 25 0 Merge 'nfsd/nfsd-next' into devel-hourly-2019060103
git bisect good 11232e3d5842681ec9cc00892d005194259dccaa # 14:11 G 10 0 8 19 Merge 'kvms390/master' into devel-hourly-2019060103
git bisect good bc090674a5b8b8a390bc0e4243449d1f42d3259d # 14:14 G 10 0 7 15 Merge 'gpio/devel' into devel-hourly-2019060103
git bisect good e66cc94e2de071672201022b661cec6d3338e5c9 # 14:19 G 11 0 10 21 Merge 'linux-review/Renzo-Davoli/eventfd-new-tag-EFD_VPOLL-generate-epoll-events/20190527-110543' into devel-hourly-2019060103
git bisect bad 8959f42bd000101a0df00887fa7ef53a308e7998 # 14:19 B 0 8 25 3 Merge 'dax/xarray' into devel-hourly-2019060103
git bisect good c3cf73c7a2c6f278cf5be380c753c129fa03bb2b # 14:55 G 12 0 9 9 Merge branch 'aquantia-fixes'
git bisect good 21808437214637952b61beaba6034d97880fbeb3 # 15:33 G 12 0 10 10 net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
git bisect good adc3f554fa1e0f1c7b76007150814e1d8a5fcd2b # 16:13 G 11 0 10 10 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
git bisect good b73484b2fc0d0ba84a13e9d86eb4adcae718163b # 16:42 G 12 0 7 7 ethtool: Check for vlan etype or vlan tci when parsing flow_rule
git bisect good 7b785645e8f13e17cbce492708cf6e7039d32e46 # 17:23 G 11 0 11 11 mm: fix page cache convergence regression
git bisect good b1b481e767eb92a8a2f65e45e52e62ddb2ef9cc3 # 18:05 G 11 0 11 11 XArray tests: Add check_insert
git bisect bad 2cfd33e1afe2c603bbdb36d9de0e8d35bfae000d # 18:29 B 0 5 19 0 XArray: Add xas_replace
# first bad commit: [2cfd33e1afe2c603bbdb36d9de0e8d35bfae000d] XArray: Add xas_replace
git bisect good b1b481e767eb92a8a2f65e45e52e62ddb2ef9cc3 # 18:35 G 35 0 35 47 XArray tests: Add check_insert
# extra tests with debug options
git bisect bad 2cfd33e1afe2c603bbdb36d9de0e8d35bfae000d # 19:03 B 0 7 21 0 XArray: Add xas_replace
# extra tests on HEAD of linux-devel/devel-hourly-2019060103
git bisect bad 0a10abdc966ac102642835fa36e0129bda2c753a # 19:03 B 0 24 41 0 0day head guard for 'devel-hourly-2019060103'
# extra tests on tree/branch dax/xarray
git bisect bad fa858b6eec3f4908973131b1d5a3f2e35c4182cd # 19:27 B 0 1 15 0 XArray: Add xas_replace
# extra tests with first bad commit reverted
git bisect good 6fcdbd57f598151fd153e3166b610bc66d602634 # 19:42 G 12 0 12 12 Revert "XArray: Add xas_replace"
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
3 years, 2 months
Re: [LKP] rcu_read_lock lost its compiler barrier
by Linus Torvalds
On Mon, Jun 3, 2019 at 12:53 PM Paul E. McKenney <paulmck(a)linux.ibm.com> wrote:
>
> I agree that !PREEMPT rcu_read_lock() would not affect compiler code
> generation, but given that get_user() is a volatile asm, isn't the
> compiler already forbidden from reordering it with the volatile-casted
> WRITE_ONCE() access, even if there was nothing at all between them?
> Or are asms an exception to the rule that volatile executions cannot
> be reordered?
Paul, you MAKE NO SENSE.
What is wrong with you?
I just showed you an example of where rcu_read_lock() needs to be a
compiler barrier, and then you make incoherent noises about
WRITE_ONCE() that do not even exist in that example.
Forget about your READ_ONCE/WRITE_ONCE theories. Herbert already
showed code that doesn't have those accessors, so reality doesn't
match your fevered imagination.
And sometimes it's not even possible, since you can't do a bitfield
access, for exmaple, with READ_ONCE().
> We can of course put them back in,
Stop the craziness. It's not "we can". It is a "we will".
So I will add that barrier, and you need to stop arguing against it
based on specious theoretical arguments that do not match reality. And
we will not ever remove that barrier again. Herbert already pointed to
me having to do this once before in commit 386afc91144b ("spinlocks
and preemption points need to be at least compiler barriers"), and
rcu_read_lock() clearly has at a minimum that same preemption point
issue.
Linus
3 years, 2 months
Re: [LKP] rcu_read_lock lost its compiler barrier
by Herbert Xu
On Sun, Jun 02, 2019 at 05:06:17PM -0700, Paul E. McKenney wrote:
>
> Please note that preemptible Tree RCU has lacked the compiler barrier on
> all but the outermost rcu_read_unlock() for years before Boqun's patch.
Actually this is not true. Boqun's patch (commit bb73c52bad36) does
not add a barrier() to __rcu_read_lock. In fact I dug into the git
history and this compiler barrier() has existed in preemptible tree
RCU since the very start in 2009:
: commit f41d911f8c49a5d65c86504c19e8204bb605c4fd
: Author: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com>
: Date: Sat Aug 22 13:56:52 2009 -0700
:
: rcu: Merge preemptable-RCU functionality into hierarchical RCU
:
: +/*
: + * Tree-preemptable RCU implementation for rcu_read_lock().
: + * Just increment ->rcu_read_lock_nesting, shared state will be updated
: + * if we block.
: + */
: +void __rcu_read_lock(void)
: +{
: + ACCESS_ONCE(current->rcu_read_lock_nesting)++;
: + barrier(); /* needed if we ever invoke rcu_read_lock in rcutree.c */
: +}
: +EXPORT_SYMBOL_GPL(__rcu_read_lock);
However, you are correct that in the non-preempt tree RCU case,
the compiler barrier in __rcu_read_lock was not always present.
In fact it was added by:
: commit 386afc91144b36b42117b0092893f15bc8798a80
: Author: Linus Torvalds <torvalds(a)linux-foundation.org>
: Date: Tue Apr 9 10:48:33 2013 -0700
:
: spinlocks and preemption points need to be at least compiler barriers
I suspect this is what prompted you to remove it in 2015.
> I do not believe that reverting that patch will help you at all.
>
> But who knows? So please point me at the full code body that was being
> debated earlier on this thread. It will no doubt take me quite a while to
> dig through it, given my being on the road for the next couple of weeks,
> but so it goes.
Please refer to my response to Linus for the code in question.
In any case, I am now even more certain that compiler barriers are
not needed in the code in question. The reasoning is quite simple.
If you need those compiler barriers then you surely need real memory
barriers.
Vice versa, if real memory barriers are already present thanks to
RCU, then you don't need those compiler barriers.
In fact this calls into question the use of READ_ONCE/WRITE_ONCE in
RCU primitives such as rcu_dereference and rcu_assign_pointer. IIRC
when RCU was first added to the Linux kernel we did not have compiler
barriers in rcu_dereference and rcu_assign_pointer. They were added
later on.
As compiler barriers per se are useless, these are surely meant to
be coupled with the memory barriers provided by RCU grace periods
and synchronize_rcu. But then those real memory barriers would have
compiler barriers too. So why do we need the compiler barriers in
rcu_dereference and rcu_assign_pointer?
Cheers,
--
Email: Herbert Xu <herbert(a)gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
3 years, 2 months