July 2015 - LKP - Ml01.01.Org

[lkp] [net] 1fbe4b46cac: WARNING: CPU: 0 PID: 2245 at kernel/sched/core.c:7376 __might_sleep+0x8b/0xa8()

by kernel test robot

FYI, we noticed the below changes on git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master commit 1fbe4b46caca5b01b070af93d513031ffbcc480c ("net: pktgen: kill the "Wait for kthread_stop" code in pktgen_thread_worker()") +-------------------------------------------------+------------+------------+ | | fecdf8be2d | 1fbe4b46ca | +-------------------------------------------------+------------+------------+ | boot_successes | 395 | 359 | | boot_failures | 13 | 48 | | WARNING:at_kernel/trace/ftrace.c:#ftrace_bug() | 13 | 16 | | backtrace:perf_ftrace_event_register | 13 | 16 | | backtrace:perf_trace_init | 13 | 16 | | backtrace:perf_tp_event_init | 13 | 16 | | backtrace:perf_try_init_event | 13 | 16 | | backtrace:perf_init_event | 13 | 16 | | backtrace:SYSC_perf_event_open | 13 | 16 | | backtrace:SyS_perf_event_open | 13 | 16 | | WARNING:at_kernel/sched/core.c:#__might_sleep() | 0 | 32 | | backtrace:do_exit | 0 | 32 | +-------------------------------------------------+------------+------------+ [ 84.200121] ------------[ cut here ]------------ [ 84.201261] WARNING: CPU: 0 PID: 2245 at kernel/sched/core.c:7376 __might_sleep+0x8b/0xa8() [ 84.203323] do not call blocking ops when !TASK_RUNNING; state=1 set at [<ffffffff82ac75dc>] pktgen_thread_worker+0x1566/0x15db [ 84.205929] Modules linked in: [ 84.206883] CPU: 0 PID: 2245 Comm: kpktgend_0 Not tainted 4.1.0-12244-g1fbe4b46 #1 [ 84.208767] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014 [ 84.211097] 0000000000000009 ffff88000a5dbca8 ffffffff82e4c996 ffffffff81121ec6 [ 84.214918] ffff88000a5dbcf8 ffff88000a5dbce8 ffffffff810d5460 ffff880012cd5240 [ 84.223790] ffffffff810f793a ffffffff83a82d2e 0000000000000aa9 0000000000000000 [ 84.234963] Call Trace: [ 84.238782] [<ffffffff82e4c996>] dump_stack+0x4c/0x65 [ 84.243031] [<ffffffff81121ec6>] ? console_unlock+0x3fe/0x42d [ 84.249484] [<ffffffff810d5460>] warn_slowpath_common+0xa1/0xbb [ 84.253926] [<ffffffff810f793a>] ? __might_sleep+0x8b/0xa8 [ 84.260599] [<ffffffff810d54c0>] warn_slowpath_fmt+0x46/0x48 [ 84.263959] [<ffffffff82ac75dc>] ? pktgen_thread_worker+0x1566/0x15db [ 84.271531] [<ffffffff82ac75dc>] ? pktgen_thread_worker+0x1566/0x15db [ 84.276040] [<ffffffff810f793a>] __might_sleep+0x8b/0xa8 [ 84.283404] [<ffffffff82ac6076>] ? pktgen_rem_all_ifs+0x58/0x58 [ 84.288603] [<ffffffff810e2d4c>] exit_signals+0x26/0x124 [ 84.292953] [<ffffffff82ac6076>] ? pktgen_rem_all_ifs+0x58/0x58 [ 84.300442] [<ffffffff810d6c93>] do_exit+0x130/0xad3 [ 84.304699] [<ffffffff81109af8>] ? signal_pending_state+0x31/0x31 [ 84.309166] [<ffffffff82ac6076>] ? pktgen_rem_all_ifs+0x58/0x58 [ 84.317393] [<ffffffff810f0ed6>] kthread+0xe8/0xe8 [ 84.323034] [<ffffffff82e71466>] ? _raw_spin_unlock_irq+0x32/0x3d [ 84.328483] [<ffffffff82e6dc01>] ? __wait_for_common+0x42/0x16c [ 84.331869] [<ffffffff810f0dee>] ? __kthread_parkme+0xad/0xad [ 84.338704] [<ffffffff82e720df>] ret_from_fork+0x3f/0x70 [ 84.345698] [<ffffffff810f0dee>] ? __kthread_parkme+0xad/0xad [ 84.351359] ---[ end trace 54b4b7a8c145701e ]--- Thanks, Ying Huang

5 years, 9 months

2
3
0 / 0

[mic/SCIF] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:97

by Fengguang Wu

Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is https://github.com/sudeepdutt/mic.git master commit d9b3ca3e0275d3f816bb5cfc9d0dc29677369513 Author: Sudeep Dutt <sudeep.dutt(a)intel.com> AuthorDate: Sun Jul 12 12:32:47 2015 -0700 Commit: Sudeep Dutt <sudeep.dutt(a)intel.com> CommitDate: Mon Jul 27 11:21:37 2015 -0700 misc: mic: SCIF RMA nodeqp and minor miscellaneous changes This patch adds the SCIF kernel node QP control messages required to enable SCIF RMAs. Examples of such node QP control messages include registration, unregistration, remote memory allocation requests, remote memory unmap and SCIF remote fence requests. The patch also updates the SCIF driver with minor changes required to enable SCIF RMAs by adding the new files to the build, initializing RMA specific information during SCIF endpoint creation, reserving SCIF DMA channels, initializing SCIF RMA specific global data structures, adding the IOCTL hooks required for SCIF RMAs and updating RMA specific debugfs hooks. Reviewed-by: Ashutosh Dixit <ashutosh.dixit(a)intel.com> Reviewed-by: Nikhil Rao <nikhil.rao(a)intel.com> Signed-off-by: Sudeep Dutt <sudeep.dutt(a)intel.com> +-----------------------------------------------------------------------------+------------+------------+-----------------+ | | bf64426662 | d9b3ca3e02 | v4.2-rc4_072812 | +-----------------------------------------------------------------------------+------------+------------+-----------------+ | boot_successes | 1870 | 810 | 66 | | boot_failures | 54 | 102 | 6 | | BUG:kernel_boot_hang | 50 | 93 | 2 | | IP-Config:Auto-configuration_of_network_failed | 4 | 1 | 2 | | BUG:sleeping_function_called_from_invalid_context_at_kernel/locking/mutex.c | 0 | 8 | 2 | +-----------------------------------------------------------------------------+------------+------------+-----------------+ [ 65.983169] init: Failed to create pty - disabling logging for job [ 65.986582] init: Temporary process spawn error: No space left on device Kernel tests: Boot OK! [ 84.137274] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:97 [ 84.151965] in_atomic(): 1, irqs_disabled(): 0, pid: 27, name: kworker/1:1 [ 84.158038] Preemption disabled at:[<ffffffff814da919>] scif_cleanup_zombie_epd+0x19/0xc0 Elapsed time: 100 qemu-system-x86_64 -enable-kvm -cpu kvm64 -kernel /pkg/linux/x86_64-randconfig-a0-07281258/gcc-4.9/d9b3ca3e0275d3f816bb5cfc9d0dc29677369513/vmlinuz-4.2.0-rc4-00019-gd9b3ca3 -append 'hung_task_panic=1 earlyprintk=ttyS0,115200 systemd.log_level=err debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw link=/kbuild-tests/run-queue/kvm/x86_64-randconfig-a0-07281258/linux-devel:devel-hourly-2015072812:d9b3ca3e0275d3f816bb5cfc9d0dc29677369513:bisect-linux-7/.vmlinuz-d9b3ca3e0275d3f816bb5cfc9d0dc29677369513-20150728215553-321-vp branch=linux-devel/devel-hourly-2015072812 BOOT_IMAGE=/pkg/linux/x86_64-randconfig-a0-07281258/gcc-4.9/d9b3ca3e0275d3f816bb5cfc9d0dc29677369513/vmlinuz-4.2.0-rc4-00019-gd9b3ca3 drbd.minor_count=8' -initrd /osimage/quantal/quantal-core-x86_64.cgz -m 300 -smp 2 -device e1000,netdev=net0 -netdev user,id=net0 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -drive file=/fs/sde1/disk0-quantal-vp-13,media=disk,if=virtio -drive file=/fs/sde1/disk1-quantal-vp-13,media=disk,if=virtio -drive file=/fs/sde1/disk2-quantal-vp-13,media=disk,if=virtio -drive file=/fs/sde1/disk3-quantal-vp-13,media=disk,if=virtio -drive file=/fs/sde1/disk4-quantal-vp-13,media=disk,if=virtio -drive file=/fs/sde1/disk5-quantal-vp-13,media=disk,if=virtio -drive file=/fs/sde1/disk6-quantal-vp-13,media=disk,if=virtio -pidfile /dev/shm/kboot/pid-quantal-vp-13 -serial file:/dev/shm/kboot/serial-quantal-vp-13 -daemonize -display none -monitor null git bisect start 72393e966b06f24449c1996186119f6fd0130bdf cbfe8fa6cd672011c755c3cd85c9ffd4e2d10a6f -- git bisect bad eb7f76c33b2d8be8c9a803d1f20d9fe98f8246d9 # 18:55 0- 16 Merge 'arm-soc/omap/dt-dm814x' into devel-hourly-2015072812 git bisect good 638ef803569ecdb9972bbecfb794b6b890ec0cc9 # 19:27 906+ 78 Merge 'dm/dm-4.3' into devel-hourly-2015072812 git bisect bad 28cdc264da4db5ddc10159d0b812705c940db472 # 19:27 0- 4 Merge 'robclark/msm-fixes-4.2' into devel-hourly-2015072812 git bisect good c9e3f1b6ed3ab03f5be54465fecfa6862420864d # 19:59 908+ 85 Merge 'kvmarm/next' into devel-hourly-2015072812 git bisect bad 225463ff867d9cceaec4a601784451d9d4431a6e # 19:59 0- 19 Merge 'ntb/ntb-next' into devel-hourly-2015072812 git bisect bad ca86349941a1bbe628eebce913e37760668a1bd5 # 19:59 0- 69 Merge 'mic/master' into devel-hourly-2015072812 git bisect good 8131ebc8ecb5ef13ef0aa4c49dabe9694f0e410f # 20:39 902+ 116 lib: convert iova.c into a library git bisect good f8ad236fbde693a118935963ac5a59a63273918a # 21:16 906+ 137 misc: mic: SCIF RMA list operations git bisect good fe703268a77d8c29d670887ce036a4cf625d0b8d # 21:51 906+ 131 misc: mic: SCIF DMA and CPU copy interface git bisect bad d9b3ca3e0275d3f816bb5cfc9d0dc29677369513 # 22:01 57- 10 misc: mic: SCIF RMA nodeqp and minor miscellaneous changes git bisect good bf64426662d854590ba3bc149aaaf4977bc01c49 # 22:41 900+ 25 misc: mic: SCIF fence # first bad commit: [d9b3ca3e0275d3f816bb5cfc9d0dc29677369513] misc: mic: SCIF RMA nodeqp and minor miscellaneous changes git bisect good bf64426662d854590ba3bc149aaaf4977bc01c49 # 23:09 1014+ 54 misc: mic: SCIF fence # extra tests on HEAD of linux-devel/devel-hourly-2015072812 git bisect bad 72393e966b06f24449c1996186119f6fd0130bdf # 23:09 0- 6 0day head guard for 'devel-hourly-2015072812' # extra tests on tree/branch mic/master git bisect bad d9b3ca3e0275d3f816bb5cfc9d0dc29677369513 # 01:09 0- 102 misc: mic: SCIF RMA nodeqp and minor miscellaneous changes # extra tests with first bad commit reverted git bisect good 9b9b4cf984edd8e74084a139923ffc3a846f7bf5 # 01:47 1005+ 0 Revert "misc: mic: SCIF RMA nodeqp and minor miscellaneous changes" # extra tests on tree/branch linus/master git bisect good 67eb890e5e132b56d9af7adf407e7c2a6ed248dc # 02:23 1002+ 0 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/egtvedt/linux-avr32 # extra tests on tree/branch linux-next/master git bisect good 5aa6180315a5f8ea1236608082e7135a4beaaf8a # 02:57 1009+ 0 Add linux-next specific files for 20150728 This script may reproduce the error. ---------------------------------------------------------------------------- #!/bin/bash kernel=$1 initrd=quantal-core-x86_64.cgz wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd kvm=( qemu-system-x86_64 -enable-kvm -cpu kvm64 -kernel $kernel -initrd $initrd -m 300 -smp 2 -device e1000,netdev=net0 -netdev user,id=net0 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -serial stdio -display none -monitor null ) append=( hung_task_panic=1 earlyprintk=ttyS0,115200 systemd.log_level=err debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw drbd.minor_count=8 ) "${kvm[@]}" --append "${append[*]}" ---------------------------------------------------------------------------- --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/lkp Intel Corporation

5 years, 9 months

2
1
0 / 0

[lkp] [block] bcf2843b3f8: BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e6f8

by Huang Ying

FYI, we noticed the below changes on git://git.kernel.dk/linux-block.git for-4.3/bio-error commit bcf2843b3f8feae8f87c8028e1625540c1abdd5a ("block: add a bi_error field to struct bio") [ 38.880091] ================================================================== [ 38.880778] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e6f8 [ 38.881012] Read of size 4 by task mdadm/245 [ 38.881012] ============================================================================= [ 38.881012] BUG kmalloc-192 (Not tainted): kasan: bad access detected [ 38.881012] ----------------------------------------------------------------------------- [ 38.881012] [ 38.881012] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 38.881012] INFO: Object 0xffff88001114e6c0 @offset=1728 fp=0xffff88001114e240 [ 38.881012] [ 38.881012] Bytes b4 ffff88001114e6b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 38.881012] Object ffff88001114e6c0: 40 e2 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff @.........B..... [ 38.881012] Object ffff88001114e6d0: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 38.881012] Object ffff88001114e6e0: 88 ff 03 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 38.881012] Object ffff88001114e6f0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 38.881012] Object ffff88001114e700: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................ [ 38.881012] Object ffff88001114e710: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 38.881012] Object ffff88001114e720: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................ [ 38.881012] Object ffff88001114e730: 40 e7 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff @.......@.*..... [ 38.881012] Object ffff88001114e740: c0 61 ba 00 00 ea ff ff 00 10 00 00 00 00 00 00 .a.............. [ 38.881012] Object ffff88001114e750: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 38.881012] Object ffff88001114e760: e0 23 15 81 ff ff ff ff 6d 13 00 00 b6 1a 00 00 .#......m....... [ 38.881012] Object ffff88001114e770: 69 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 i............... [ 38.881012] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 38.881012] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 38.881012] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 38.881012] ffffea0000445380 ffff88001114e6c0 ffff880000090800 ffff88000efef868 [ 38.881012] Call Trace: [ 38.881012] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 38.881012] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 38.881012] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 38.881012] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 38.881012] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 38.881012] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 38.881012] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 38.881012] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 38.881012] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 38.881012] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 38.881012] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 38.881012] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 38.881012] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 38.881012] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 38.881012] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30 [ 38.881012] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 38.881012] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 38.881012] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 38.881012] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 38.881012] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 38.881012] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 38.881012] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 38.881012] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 38.881012] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 38.881012] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 38.881012] Memory state around the buggy address: [ 38.881012] ffff88001114e580: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 38.881012] ffff88001114e600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.881012] >ffff88001114e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.881012] ^ [ 38.881012] ffff88001114e700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 38.881012] ffff88001114e780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 38.881012] ================================================================== [ 39.071363] ================================================================== [ 39.072015] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e938 [ 39.072015] Read of size 4 by task mdadm/245 [ 39.072015] ============================================================================= [ 39.072015] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 39.072015] ----------------------------------------------------------------------------- [ 39.072015] [ 39.072015] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 39.072015] INFO: Object 0xffff88001114e900 @offset=2304 fp=0xffff88001114e180 [ 39.072015] [ 39.072015] Bytes b4 ffff88001114e8f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.072015] Object ffff88001114e900: 80 e1 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff ..........B..... [ 39.072015] Object ffff88001114e910: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 39.072015] Object ffff88001114e920: f8 ff 03 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.072015] Object ffff88001114e930: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.072015] Object ffff88001114e940: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................ [ 39.072015] Object ffff88001114e950: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 39.072015] Object ffff88001114e960: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................ [ 39.072015] Object ffff88001114e970: 80 e9 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ........@.*..... [ 39.072015] Object ffff88001114e980: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:............. [ 39.072015] Object ffff88001114e990: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 39.072015] Object ffff88001114e9a0: e0 23 15 81 ff ff ff ff 8f ba 00 00 8f ba 00 00 .#.............. [ 39.072015] Object ffff88001114e9b0: 8c 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .A.............. [ 39.072015] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 39.072015] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 39.072015] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 39.072015] ffffea0000445380 ffff88001114e900 ffff880000090800 ffff88000efef868 [ 39.072015] Call Trace: [ 39.072015] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 39.072015] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 39.072015] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 39.072015] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 39.072015] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 39.072015] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 39.072015] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 39.072015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.072015] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 39.072015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.072015] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 39.072015] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 39.072015] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 39.072015] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 39.072015] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30 [ 39.072015] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 39.072015] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 39.072015] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 39.072015] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 39.072015] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 39.072015] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 39.072015] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 39.072015] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 39.072015] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 39.072015] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 39.072015] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 39.072015] Memory state around the buggy address: [ 39.072015] ffff88001114e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.072015] ffff88001114e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.072015] >ffff88001114e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.072015] ^ [ 39.072015] ffff88001114e980: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 39.072015] ffff88001114ea00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 39.072015] ================================================================== [ 39.186345] ================================================================== [ 39.187015] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e938 [ 39.187015] Read of size 4 by task mdadm/245 [ 39.187015] ============================================================================= [ 39.187015] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 39.187015] ----------------------------------------------------------------------------- [ 39.187015] [ 39.187015] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 39.187015] INFO: Object 0xffff88001114e900 @offset=2304 fp=0xffff88001114e180 [ 39.187015] [ 39.187015] Bytes b4 ffff88001114e8f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.187015] Object ffff88001114e900: 80 e1 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff ..........B..... [ 39.187015] Object ffff88001114e910: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 39.187015] Object ffff88001114e920: 08 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.187015] Object ffff88001114e930: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.187015] Object ffff88001114e940: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................ [ 39.187015] Object ffff88001114e950: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 39.187015] Object ffff88001114e960: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................ [ 39.187015] Object ffff88001114e970: 80 e9 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ........@.*..... [ 39.187015] Object ffff88001114e980: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:............. [ 39.187015] Object ffff88001114e990: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 39.187015] Object ffff88001114e9a0: e0 23 15 81 ff ff ff ff 8f ba 00 00 8f ba 00 00 .#.............. [ 39.187015] Object ffff88001114e9b0: 8c 41 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .A.............. [ 39.187015] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 39.187015] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 39.187015] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 39.187015] ffffea0000445380 ffff88001114e900 ffff880000090800 ffff88000efef868 [ 39.187015] Call Trace: [ 39.187015] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 39.187015] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 39.187015] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 39.187015] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 39.187015] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 39.187015] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 39.187015] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 39.187015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.187015] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 39.187015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.187015] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 39.187015] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 39.187015] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 39.187015] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 39.187015] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30 [ 39.187015] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 39.187015] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 39.187015] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 39.187015] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 39.187015] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 39.187015] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 39.187015] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 39.187015] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 39.187015] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 39.187015] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 39.187015] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 39.187015] Memory state around the buggy address: [ 39.187015] ffff88001114e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.187015] ffff88001114e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.187015] >ffff88001114e900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.187015] ^ [ 39.187015] ffff88001114e980: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 39.187015] ffff88001114ea00: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 39.187015] ================================================================== [ 39.314250] ================================================================== [ 39.314970] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e7b8 [ 39.315012] Read of size 4 by task mdadm/245 [ 39.315012] ============================================================================= [ 39.315012] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 39.315012] ----------------------------------------------------------------------------- [ 39.315012] [ 39.315012] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 39.315012] INFO: Object 0xffff88001114e780 @offset=1920 fp=0xffff88001114e6c0 [ 39.315012] [ 39.315012] Bytes b4 ffff88001114e770: 69 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 i............... [ 39.315012] Object ffff88001114e780: c0 e6 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff ..........B..... [ 39.315012] Object ffff88001114e790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 39.315012] Object ffff88001114e7a0: 10 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.315012] Object ffff88001114e7b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.315012] Object ffff88001114e7c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................ [ 39.315012] Object ffff88001114e7d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 39.315012] Object ffff88001114e7e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................ [ 39.315012] Object ffff88001114e7f0: 00 e8 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ........@.*..... [ 39.315012] Object ffff88001114e800: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:............. [ 39.315012] Object ffff88001114e810: 80 fb 09 83 ff ff ff ff 98 e3 14 11 00 88 ff ff ................ [ 39.315012] Object ffff88001114e820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 39.315012] Object ffff88001114e830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.315012] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 39.315012] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 39.315012] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 39.315012] ffffea0000445380 ffff88001114e780 ffff880000090800 ffff88000efef868 [ 39.315012] Call Trace: [ 39.315012] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 39.315012] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 39.315012] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 39.315012] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 39.315012] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 39.315012] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 39.315012] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 39.315012] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.315012] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 39.315012] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.315012] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 39.315012] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 39.315012] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 39.315012] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 39.315012] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30 [ 39.315012] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 39.315012] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 39.315012] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 39.315012] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 39.315012] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 39.315012] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 39.315012] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 39.315012] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 39.315012] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 39.315012] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 39.315012] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 39.315012] Memory state around the buggy address: [ 39.315012] ffff88001114e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.315012] ffff88001114e700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.315012] >ffff88001114e780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.315012] ^ [ 39.315012] ffff88001114e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.315012] ffff88001114e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.315012] ================================================================== [ 39.399228] ================================================================== [ 39.399908] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e7b8 [ 39.400011] Read of size 4 by task mdadm/245 [ 39.400011] ============================================================================= [ 39.400011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 39.400011] ----------------------------------------------------------------------------- [ 39.400011] [ 39.400011] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 39.400011] INFO: Object 0xffff88001114e780 @offset=1920 fp=0xffff88001114e6c0 [ 39.400011] [ 39.400011] Bytes b4 ffff88001114e770: 69 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 i............... [ 39.400011] Object ffff88001114e780: c0 e6 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff ..........B..... [ 39.400011] Object ffff88001114e790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 39.400011] Object ffff88001114e7a0: 00 00 04 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.400011] Object ffff88001114e7b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.400011] Object ffff88001114e7c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................ [ 39.400011] Object ffff88001114e7d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 39.400011] Object ffff88001114e7e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................ [ 39.400011] Object ffff88001114e7f0: 00 e8 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ........@.*..... [ 39.400011] Object ffff88001114e800: 80 61 ba 00 00 ea ff ff 00 02 00 00 00 08 00 00 .a.............. [ 39.400011] Object ffff88001114e810: 80 fb 09 83 ff ff ff ff 98 e3 14 11 00 88 ff ff ................ [ 39.400011] Object ffff88001114e820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 39.400011] Object ffff88001114e830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.400011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 39.400011] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 39.400011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 39.400011] ffffea0000445380 ffff88001114e780 ffff880000090800 ffff88000efef868 [ 39.400011] Call Trace: [ 39.400011] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 39.400011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 39.400011] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 39.400011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 39.400011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 39.400011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 39.400011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 39.400011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.400011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 39.400011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.400011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 39.400011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 39.400011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 39.400011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 39.400011] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30 [ 39.400011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 39.400011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 39.400011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 39.400011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 39.400011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 39.400011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 39.400011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 39.400011] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 39.400011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 39.400011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 39.400011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 39.400011] Memory state around the buggy address: [ 39.400011] ffff88001114e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.400011] ffff88001114e700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.400011] >ffff88001114e780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.400011] ^ [ 39.400011] ffff88001114e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.400011] ffff88001114e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.400011] ================================================================== [ 39.483280] ================================================================== [ 39.483957] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e7b8 [ 39.484010] Read of size 4 by task mdadm/245 [ 39.484010] ============================================================================= [ 39.484010] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 39.484010] ----------------------------------------------------------------------------- [ 39.484010] [ 39.484010] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 39.484010] INFO: Object 0xffff88001114e780 @offset=1920 fp=0xffff88001114e6c0 [ 39.484010] [ 39.484010] Bytes b4 ffff88001114e770: 69 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 i............... [ 39.484010] Object ffff88001114e780: c0 e6 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff ..........B..... [ 39.484010] Object ffff88001114e790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 39.484010] Object ffff88001114e7a0: ff ff 03 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.484010] Object ffff88001114e7b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.484010] Object ffff88001114e7c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................ [ 39.484010] Object ffff88001114e7d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 39.484010] Object ffff88001114e7e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................ [ 39.484010] Object ffff88001114e7f0: 00 e8 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ........@.*..... [ 39.484010] Object ffff88001114e800: 80 61 ba 00 00 ea ff ff 00 02 00 00 00 08 00 00 .a.............. [ 39.484010] Object ffff88001114e810: 80 fb 09 83 ff ff ff ff 98 e3 14 11 00 88 ff ff ................ [ 39.484010] Object ffff88001114e820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 39.484010] Object ffff88001114e830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.484010] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 39.484010] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 39.484010] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 39.484010] ffffea0000445380 ffff88001114e780 ffff880000090800 ffff88000efef868 [ 39.484010] Call Trace: [ 39.484010] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 39.484010] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 39.484010] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 39.484010] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 39.484010] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 39.484010] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 39.484010] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 39.484010] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.484010] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 39.484010] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.484010] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 39.484010] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 39.484010] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 39.484010] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 39.484010] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 39.484010] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 39.484010] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 39.484010] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 39.484010] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 39.484010] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 39.484010] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 39.484010] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 39.484010] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 39.484010] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 39.484010] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 39.484010] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 39.484010] Memory state around the buggy address: [ 39.484010] ffff88001114e680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.484010] ffff88001114e700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.484010] >ffff88001114e780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.484010] ^ [ 39.484010] ffff88001114e800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.484010] ffff88001114e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.484010] ================================================================== [ 39.575174] ================================================================== [ 39.575873] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e878 [ 39.576011] Read of size 4 by task mdadm/245 [ 39.576011] ============================================================================= [ 39.576011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 39.576011] ----------------------------------------------------------------------------- [ 39.576011] [ 39.576011] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 39.576011] INFO: Object 0xffff88001114e840 @offset=2112 fp=0xffff88001114e300 [ 39.576011] [ 39.576011] Bytes b4 ffff88001114e830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.576011] Object ffff88001114e840: 00 e3 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff ..........B..... [ 39.576011] Object ffff88001114e850: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 39.576011] Object ffff88001114e860: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.576011] Object ffff88001114e870: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.576011] Object ffff88001114e880: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................ [ 39.576011] Object ffff88001114e890: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 39.576011] Object ffff88001114e8a0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................ [ 39.576011] Object ffff88001114e8b0: c0 e8 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ........@.*..... [ 39.576011] Object ffff88001114e8c0: 80 61 ba 00 00 ea ff ff 00 02 00 00 00 08 00 00 .a.............. [ 39.576011] Object ffff88001114e8d0: 80 fb 09 83 ff ff ff ff b0 c6 9d 10 00 88 ff ff ................ [ 39.576011] Object ffff88001114e8e0: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 39.576011] Object ffff88001114e8f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.576011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 39.576011] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 39.576011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 39.576011] ffffea0000445380 ffff88001114e840 ffff880000090800 ffff88000efef868 [ 39.576011] Call Trace: [ 39.576011] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 39.576011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 39.576011] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 39.576011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 39.576011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 39.576011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 39.576011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 39.576011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.576011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 39.576011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.576011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 39.576011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 39.576011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 39.576011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 39.576011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 39.576011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 39.576011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 39.576011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 39.576011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 39.576011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 39.576011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 39.576011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 39.576011] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 39.576011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 39.576011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 39.576011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 39.576011] Memory state around the buggy address: [ 39.576011] ffff88001114e700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.576011] ffff88001114e780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.576011] >ffff88001114e800: 00 00 00 00 00 00 00 00 fb fb fb fb fb fb fb fb [ 39.576011] ^ [ 39.576011] ffff88001114e880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.576011] ffff88001114e900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.576011] ================================================================== [ 39.686175] ================================================================== [ 39.686857] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88001114e038 [ 39.687011] Read of size 4 by task mdadm/245 [ 39.687011] ============================================================================= [ 39.687011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 39.687011] ----------------------------------------------------------------------------- [ 39.687011] [ 39.687011] INFO: Slab 0xffffea0000445380 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 39.687011] INFO: Object 0xffff88001114e000 @offset=0 fp=0xffff88001114e540 [ 39.687011] [ 39.687011] Object ffff88001114e000: 40 e5 14 11 00 88 ff ff c0 b9 42 2e 00 88 ff ff @.........B..... [ 39.687011] Object ffff88001114e010: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 39.687011] Object ffff88001114e020: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.687011] Object ffff88001114e030: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.687011] Object ffff88001114e040: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................ [ 39.687011] Object ffff88001114e050: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 39.687011] Object ffff88001114e060: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................ [ 39.687011] Object ffff88001114e070: 80 e0 14 11 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ........@.*..... [ 39.687011] Object ffff88001114e080: c0 61 ba 00 00 ea ff ff 00 02 00 00 00 00 00 00 .a.............. [ 39.687011] Object ffff88001114e090: 80 fb 09 83 ff ff ff ff f0 c8 9d 10 00 88 ff ff ................ [ 39.687011] Object ffff88001114e0a0: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 39.687011] Object ffff88001114e0b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.687011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 39.687011] ffff88001114e000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 39.687011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 39.687011] ffffea0000445380 ffff88001114e000 ffff880000090800 ffff88000efef868 [ 39.687011] Call Trace: [ 39.687011] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 39.687011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 39.687011] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 39.687011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 39.687011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 39.687011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 39.687011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 39.687011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.687011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 39.687011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.687011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 39.687011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 39.687011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 39.687011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 39.687011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 39.687011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 39.687011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 39.687011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 39.687011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 39.687011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 39.687011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 39.687011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 39.687011] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 39.687011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 39.687011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 39.687011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 39.687011] Memory state around the buggy address: [ 39.687011] ffff88001114df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 39.687011] ffff88001114df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.687011] >ffff88001114e000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.687011] ^ [ 39.687011] ffff88001114e080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.687011] ffff88001114e100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.687011] ================================================================== [ 39.781368] ================================================================== [ 39.782015] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed521b8 [ 39.782015] Read of size 4 by task mdadm/245 [ 39.782015] ============================================================================= [ 39.782015] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 39.782015] ----------------------------------------------------------------------------- [ 39.782015] [ 39.782015] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 39.782015] INFO: Object 0xffff88000ed52180 @offset=384 fp=0xffff88000ed52240 [ 39.782015] [ 39.782015] Bytes b4 ffff88000ed52170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.782015] Object ffff88000ed52180: 40 22 d5 0e 00 88 ff ff 80 b4 42 2e 00 88 ff ff @"........B..... [ 39.782015] Object ffff88000ed52190: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 39.782015] Object ffff88000ed521a0: 88 1f 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.782015] Object ffff88000ed521b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.782015] Object ffff88000ed521c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................ [ 39.782015] Object ffff88000ed521d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 39.782015] Object ffff88000ed521e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................ [ 39.782015] Object ffff88000ed521f0: 00 22 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ."......@.*..... [ 39.782015] Object ffff88000ed52200: c0 61 ba 00 00 ea ff ff 00 10 00 00 00 00 00 00 .a.............. [ 39.782015] Object ffff88000ed52210: 80 fb 09 83 ff ff ff ff d8 e8 14 11 00 88 ff ff ................ [ 39.782015] Object ffff88000ed52220: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 39.782015] Object ffff88000ed52230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.782015] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 39.782015] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 39.782015] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 39.782015] ffffea00003b5480 ffff88000ed52180 ffff880000090800 ffff88000efef868 [ 39.782015] Call Trace: [ 39.782015] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 39.782015] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 39.782015] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 39.782015] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 39.782015] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 39.782015] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 39.782015] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 39.782015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.782015] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 39.782015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.782015] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 39.782015] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 39.782015] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 39.782015] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 39.782015] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30 [ 39.782015] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 39.782015] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 39.782015] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 39.782015] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 39.782015] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 39.782015] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 39.782015] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 39.782015] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 39.782015] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 39.782015] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 39.782015] Memory state around the buggy address: [ 39.782015] ffff88000ed52080: 00 00 00 00 fc fc fc fc fb fb fb fb fb fb fb fb [ 39.782015] ffff88000ed52100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.782015] >ffff88000ed52180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.782015] ^ [ 39.782015] ffff88000ed52200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.782015] ffff88000ed52280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.782015] ================================================================== [ 39.871266] ================================================================== [ 39.872017] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed521b8 [ 39.872017] Read of size 4 by task mdadm/245 [ 39.872017] ============================================================================= [ 39.872017] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 39.872017] ----------------------------------------------------------------------------- [ 39.872017] [ 39.872017] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 39.872017] INFO: Object 0xffff88000ed52180 @offset=384 fp=0xffff88000ed52c00 [ 39.872017] [ 39.872017] Bytes b4 ffff88000ed52170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.872017] Object ffff88000ed52180: 00 2c d5 0e 00 88 ff ff 80 b4 42 2e 00 88 ff ff .,........B..... [ 39.872017] Object ffff88000ed52190: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 39.872017] Object ffff88000ed521a0: f8 1f 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.872017] Object ffff88000ed521b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.872017] Object ffff88000ed521c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................ [ 39.872017] Object ffff88000ed521d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 39.872017] Object ffff88000ed521e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................ [ 39.872017] Object ffff88000ed521f0: 00 22 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff ."......@.*..... [ 39.872017] Object ffff88000ed52200: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:............. [ 39.872017] Object ffff88000ed52210: 80 fb 09 83 ff ff ff ff 40 9a 18 0e 00 88 ff ff ........@....... [ 39.872017] Object ffff88000ed52220: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 39.872017] Object ffff88000ed52230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.872017] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 39.872017] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 39.872017] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 39.872017] ffffea00003b5480 ffff88000ed52180 ffff880000090800 ffff88000efef868 [ 39.872017] Call Trace: [ 39.872017] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 39.872017] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 39.872017] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 39.872017] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 39.872017] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 39.872017] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 39.872017] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 39.872017] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.872017] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 39.872017] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.872017] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 39.872017] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 39.872017] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 39.872017] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 39.872017] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30 [ 39.872017] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 39.872017] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 39.872017] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 39.872017] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 39.872017] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 39.872017] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 39.872017] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 39.872017] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 39.872017] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 39.872017] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 39.872017] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 39.872017] Memory state around the buggy address: [ 39.872017] ffff88000ed52080: 00 00 00 00 fc fc fc fc fb fb fb fb fb fb fb fb [ 39.872017] ffff88000ed52100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.872017] >ffff88000ed52180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.872017] ^ [ 39.872017] ffff88000ed52200: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 39.872017] ffff88000ed52280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.872017] ================================================================== [ 39.923703] scsi_id (258) used greatest stack depth: 29192 bytes left [ 39.967224] ================================================================== [ 39.967933] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed524b8 [ 39.968015] Read of size 4 by task mdadm/245 [ 39.968015] ============================================================================= [ 39.968015] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 39.968015] ----------------------------------------------------------------------------- [ 39.968015] [ 39.968015] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 39.968015] INFO: Object 0xffff88000ed52480 @offset=1152 fp=0xffff88000ed52e40 [ 39.968015] [ 39.968015] Bytes b4 ffff88000ed52470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.968015] Object ffff88000ed52480: 40 2e d5 0e 00 88 ff ff 80 b4 42 2e 00 88 ff ff @.........B..... [ 39.968015] Object ffff88000ed52490: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 39.968015] Object ffff88000ed524a0: 08 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.968015] Object ffff88000ed524b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 39.968015] Object ffff88000ed524c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................ [ 39.968015] Object ffff88000ed524d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 39.968015] Object ffff88000ed524e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................ [ 39.968015] Object ffff88000ed524f0: 00 25 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .%......@.*..... [ 39.968015] Object ffff88000ed52500: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:............. [ 39.968015] Object ffff88000ed52510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.968015] Object ffff88000ed52520: 3c 47 ea 82 ff ff ff ff 00 00 00 00 00 00 00 00 <G.............. [ 39.968015] Object ffff88000ed52530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 39.968015] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 39.968015] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 39.968015] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 39.968015] ffffea00003b5480 ffff88000ed52480 ffff880000090800 ffff88000efef868 [ 39.968015] Call Trace: [ 39.968015] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 39.968015] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 39.968015] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 39.968015] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 39.968015] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 39.968015] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 39.968015] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 39.968015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.968015] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 39.968015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 39.968015] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 39.968015] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 39.968015] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 39.968015] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 39.968015] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30 [ 39.968015] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 39.968015] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 39.968015] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 39.968015] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 39.968015] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 39.968015] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 39.968015] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 39.968015] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 39.968015] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 39.968015] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 39.968015] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 39.968015] Memory state around the buggy address: [ 39.968015] ffff88000ed52380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.968015] ffff88000ed52400: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 39.968015] >ffff88000ed52480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 39.968015] ^ [ 39.968015] ffff88000ed52500: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 39.968015] ffff88000ed52580: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc [ 39.968015] ================================================================== [ 40.060183] ================================================================== [ 40.060880] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8 [ 40.061011] Read of size 4 by task mdadm/245 [ 40.061011] ============================================================================= [ 40.061011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 40.061011] ----------------------------------------------------------------------------- [ 40.061011] [ 40.061011] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 40.061011] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0 [ 40.061011] [ 40.061011] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 40.061011] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 80 b4 42 2e 00 88 ff ff .,........B..... [ 40.061011] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 40.061011] Object ffff88000ed527a0: 10 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 40.061011] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 40.061011] Object ffff88000ed527c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................ [ 40.061011] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 40.061011] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................ [ 40.061011] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.*..... [ 40.061011] Object ffff88000ed52800: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:............. [ 40.061011] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 40.061011] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 40.061011] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 40.061011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 40.061011] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 40.061011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 40.061011] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868 [ 40.061011] Call Trace: [ 40.061011] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 40.061011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 40.061011] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 40.061011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 40.061011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 40.061011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 40.061011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 40.061011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 40.061011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 40.061011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 40.061011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 40.061011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 40.061011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 40.061011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 40.061011] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30 [ 40.061011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 40.061011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 40.061011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 40.061011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 40.061011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 40.061011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 40.061011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 40.061011] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 40.061011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 40.061011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 40.061011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 40.061011] Memory state around the buggy address: [ 40.061011] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.061011] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 40.061011] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.061011] ^ [ 40.061011] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 40.061011] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.061011] ================================================================== [ 40.158198] ================================================================== [ 40.158898] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8 [ 40.159011] Read of size 4 by task mdadm/245 [ 40.159011] ============================================================================= [ 40.159011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 40.159011] ----------------------------------------------------------------------------- [ 40.159011] [ 40.159011] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 40.159011] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0 [ 40.159011] [ 40.159011] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 40.159011] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 80 b4 42 2e 00 88 ff ff .,........B..... [ 40.159011] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 40.159011] Object ffff88000ed527a0: ff 1f 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 40.159011] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 40.159011] Object ffff88000ed527c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................ [ 40.159011] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 40.159011] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................ [ 40.159011] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.*..... [ 40.159011] Object ffff88000ed52800: 80 61 ba 00 00 ea ff ff 00 02 00 00 00 06 00 00 .a.............. [ 40.159011] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 40.159011] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 40.159011] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 40.159011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 40.159011] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 40.159011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 40.159011] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868 [ 40.159011] Call Trace: [ 40.159011] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 40.159011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 40.159011] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 40.159011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 40.159011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 40.159011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 40.159011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 40.159011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 40.159011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 40.159011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 40.159011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 40.159011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 40.159011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 40.159011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 40.159011] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30 [ 40.159011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 40.159011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 40.159011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 40.159011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 40.159011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 40.159011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 40.159011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 40.159011] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 40.159011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 40.159011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 40.159011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 40.159011] Memory state around the buggy address: [ 40.159011] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.159011] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 40.159011] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.159011] ^ [ 40.159011] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 40.159011] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.159011] ================================================================== [ 40.250179] ================================================================== [ 40.250870] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8 [ 40.251011] Read of size 4 by task mdadm/245 [ 40.251011] ============================================================================= [ 40.251011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 40.251011] ----------------------------------------------------------------------------- [ 40.251011] [ 40.251011] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 40.251011] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0 [ 40.251011] [ 40.251011] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 40.251011] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 80 b4 42 2e 00 88 ff ff .,........B..... [ 40.251011] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 40.251011] Object ffff88000ed527a0: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 40.251011] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 40.251011] Object ffff88000ed527c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................ [ 40.251011] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 40.251011] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................ [ 40.251011] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.*..... [ 40.251011] Object ffff88000ed52800: 80 61 ba 00 00 ea ff ff 00 02 00 00 00 06 00 00 .a.............. [ 40.251011] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 40.251011] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 40.251011] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 40.251011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 40.251011] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 40.251011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 40.251011] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868 [ 40.251011] Call Trace: [ 40.251011] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 40.251011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 40.251011] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 40.251011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 40.251011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 40.251011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 40.251011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 40.251011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 40.251011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 40.251011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 40.251011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 40.251011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 40.251011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 40.251011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 40.251011] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30 [ 40.251011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 40.251011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 40.251011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 40.251011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 40.251011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 40.251011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 40.251011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 40.251011] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 40.251011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 40.251011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 40.251011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 40.251011] Memory state around the buggy address: [ 40.251011] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.251011] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 40.251011] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.251011] ^ [ 40.251011] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 40.251011] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.251011] ================================================================== [ 40.331251] ================================================================== [ 40.332016] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8 [ 40.332016] Read of size 4 by task mdadm/245 [ 40.332016] ============================================================================= [ 40.332016] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 40.332016] ----------------------------------------------------------------------------- [ 40.332016] [ 40.332016] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 40.332016] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0 [ 40.332016] [ 40.332016] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 40.332016] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 80 b4 42 2e 00 88 ff ff .,........B..... [ 40.332016] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 40.332016] Object ffff88000ed527a0: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 40.332016] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 40.332016] Object ffff88000ed527c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................ [ 40.332016] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 40.332016] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................ [ 40.332016] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.*..... [ 40.332016] Object ffff88000ed52800: c0 61 ba 00 00 ea ff ff 00 02 00 00 00 00 00 00 .a.............. [ 40.332016] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 40.332016] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 40.332016] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 40.332016] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 40.332016] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 40.332016] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 40.332016] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868 [ 40.332016] Call Trace: [ 40.332016] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 40.332016] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 40.332016] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 40.332016] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 40.332016] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 40.332016] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 40.332016] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 40.332016] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 40.332016] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 40.332016] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 40.332016] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 40.332016] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 40.332016] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 40.332016] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 40.332016] [<ffffffff811bb9ad>] ? trace_hardirqs_on+0x1d/0x30 [ 40.332016] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 40.332016] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 40.332016] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 40.332016] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 40.332016] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 40.332016] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 40.332016] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 40.332016] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 40.332016] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 40.332016] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 40.332016] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 40.332016] Memory state around the buggy address: [ 40.332016] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.332016] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 40.332016] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.332016] ^ [ 40.332016] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 40.332016] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.332016] ================================================================== [ 40.445097] ================================================================== [ 40.445805] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8 [ 40.446010] Read of size 4 by task mdadm/245 [ 40.446010] ============================================================================= [ 40.446010] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 40.446010] ----------------------------------------------------------------------------- [ 40.446010] [ 40.446010] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 40.446010] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0 [ 40.446010] [ 40.446010] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 40.446010] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 40 af 42 2e 00 88 ff ff .,......@.B..... [ 40.446010] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 40.446010] Object ffff88000ed527a0: 88 3f 00 00 00 00 00 00 00 00 00 00 01 00 00 00 .?.............. [ 40.446010] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 40.446010] Object ffff88000ed527c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................ [ 40.446010] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 40.446010] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................ [ 40.446010] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.*..... [ 40.446010] Object ffff88000ed52800: c0 61 ba 00 00 ea ff ff 00 10 00 00 00 00 00 00 .a.............. [ 40.446010] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 40.446010] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 40.446010] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 40.446010] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 40.446010] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 40.446010] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 40.446010] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868 [ 40.446010] Call Trace: [ 40.446010] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 40.446010] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 40.446010] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 40.446010] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 40.446010] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 40.446010] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 40.446010] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 40.446010] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 40.446010] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 40.446010] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 40.446010] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 40.446010] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 40.446010] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 40.446010] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 40.446010] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 40.446010] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 40.446010] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 40.446010] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 40.446010] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 40.446010] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 40.446010] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 40.446010] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 40.446010] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 40.446010] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 40.446010] Memory state around the buggy address: [ 40.446010] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.446010] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 40.446010] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.446010] ^ [ 40.446010] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 40.446010] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.446010] ================================================================== [ 40.598193] ================================================================== [ 40.599015] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8 [ 40.599015] Read of size 4 by task mdadm/245 [ 40.599015] ============================================================================= [ 40.599015] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 40.599015] ----------------------------------------------------------------------------- [ 40.599015] [ 40.599015] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 40.599015] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0 [ 40.599015] [ 40.599015] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 40.599015] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 40 af 42 2e 00 88 ff ff .,......@.B..... [ 40.599015] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 40.599015] Object ffff88000ed527a0: f8 3f 00 00 00 00 00 00 00 00 00 00 01 00 00 00 .?.............. [ 40.599015] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 40.599015] Object ffff88000ed527c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................ [ 40.599015] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 40.599015] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................ [ 40.599015] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.*..... [ 40.599015] Object ffff88000ed52800: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:............. [ 40.599015] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 40.599015] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 40.599015] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 40.599015] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 40.599015] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 40.599015] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 40.599015] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868 [ 40.599015] Call Trace: [ 40.599015] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 40.599015] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 40.599015] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 40.599015] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 40.599015] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 40.599015] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 40.599015] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 40.599015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 40.599015] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 40.599015] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 40.599015] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 40.599015] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 40.599015] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 40.599015] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 40.599015] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 40.599015] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 40.599015] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 40.599015] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 40.599015] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 40.599015] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 40.599015] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 40.599015] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 40.599015] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 40.599015] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 40.599015] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 40.599015] Memory state around the buggy address: [ 40.599015] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.599015] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 40.599015] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.599015] ^ [ 40.599015] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 40.599015] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.599015] ================================================================== [ 40.829890] ================================================================== [ 40.830011] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8 [ 40.830011] Read of size 4 by task mdadm/245 [ 40.830011] ============================================================================= [ 40.830011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 40.830011] ----------------------------------------------------------------------------- [ 40.830011] [ 40.830011] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 40.830011] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0 [ 40.830011] [ 40.830011] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 40.830011] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 40 af 42 2e 00 88 ff ff .,......@.B..... [ 40.830011] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 40.830011] Object ffff88000ed527a0: 08 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 40.830011] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 40.830011] Object ffff88000ed527c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................ [ 40.830011] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 40.830011] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................ [ 40.830011] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.*..... [ 40.830011] Object ffff88000ed52800: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:............. [ 40.830011] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 40.830011] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 40.830011] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 40.830011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 40.830011] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 40.830011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 40.830011] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868 [ 40.830011] Call Trace: [ 40.830011] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 40.830011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 40.830011] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 40.830011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 40.830011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 40.830011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 40.830011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 40.830011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 40.830011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 40.830011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 40.830011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 40.830011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 40.830011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 40.830011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 40.830011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 40.830011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 40.830011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 40.830011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 40.830011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 40.830011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 40.830011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 40.830011] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 40.830011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 40.830011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 40.830011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 40.830011] Memory state around the buggy address: [ 40.830011] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.830011] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 40.830011] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 40.830011] ^ [ 40.830011] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 40.830011] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 40.830011] ================================================================== [ 41.027126] ================================================================== [ 41.027952] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8 [ 41.028017] Read of size 4 by task mdadm/245 [ 41.028017] ============================================================================= [ 41.028017] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 41.028017] ----------------------------------------------------------------------------- [ 41.028017] [ 41.028017] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 41.028017] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0 [ 41.028017] [ 41.028017] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 41.028017] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 40 af 42 2e 00 88 ff ff .,......@.B..... [ 41.028017] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 41.028017] Object ffff88000ed527a0: 10 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 41.028017] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 41.028017] Object ffff88000ed527c0: 00 10 00 00 00 10 00 00 01 00 00 00 00 00 00 00 ................ [ 41.028017] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 41.028017] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 01 00 01 00 00 00 ................ [ 41.028017] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.*..... [ 41.028017] Object ffff88000ed52800: 80 3f 3a 00 00 ea ff ff 00 10 00 00 00 00 00 00 .?:............. [ 41.028017] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 41.028017] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 41.028017] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 41.028017] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 41.028017] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 41.028017] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 41.028017] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868 [ 41.028017] Call Trace: [ 41.028017] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 41.028017] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 41.028017] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 41.028017] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 41.028017] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 41.028017] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 41.028017] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 41.028017] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 41.028017] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 41.028017] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 41.028017] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 41.028017] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 41.028017] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 41.028017] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 41.028017] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 41.028017] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 41.028017] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 41.028017] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 41.028017] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 41.028017] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 41.028017] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 41.028017] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 41.028017] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 41.028017] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 41.028017] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 41.028017] Memory state around the buggy address: [ 41.028017] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.028017] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 41.028017] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.028017] ^ [ 41.028017] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 41.028017] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.028017] ================================================================== [ 41.211139] ================================================================== [ 41.211836] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8 [ 41.212012] Read of size 4 by task mdadm/245 [ 41.212012] ============================================================================= [ 41.212012] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 41.212012] ----------------------------------------------------------------------------- [ 41.212012] [ 41.212012] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 41.212012] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0 [ 41.212012] [ 41.212012] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 41.212012] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 40 af 42 2e 00 88 ff ff .,......@.B..... [ 41.212012] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 41.212012] Object ffff88000ed527a0: ff 3f 00 00 00 00 00 00 00 00 00 00 01 00 00 00 .?.............. [ 41.212012] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 41.212012] Object ffff88000ed527c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................ [ 41.212012] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 41.212012] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................ [ 41.212012] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.*..... [ 41.212012] Object ffff88000ed52800: 80 61 ba 00 00 ea ff ff 00 02 00 00 00 06 00 00 .a.............. [ 41.212012] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 41.212012] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 41.212012] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 41.212012] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 41.212012] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 41.212012] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 41.212012] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868 [ 41.212012] Call Trace: [ 41.212012] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 41.212012] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 41.212012] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 41.212012] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 41.212012] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 41.212012] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 41.212012] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 41.212012] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 41.212012] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 41.212012] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 41.212012] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 41.212012] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 41.212012] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 41.212012] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 41.212012] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 41.212012] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 41.212012] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 41.212012] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 41.212012] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 41.212012] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 41.212012] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 41.212012] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 41.212012] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 41.212012] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 41.212012] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 41.212012] Memory state around the buggy address: [ 41.212012] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.212012] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 41.212012] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.212012] ^ [ 41.212012] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 41.212012] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.212012] ================================================================== [ 41.361178] ================================================================== [ 41.362017] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8 [ 41.362017] Read of size 4 by task mdadm/245 [ 41.362017] ============================================================================= [ 41.362017] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 41.362017] ----------------------------------------------------------------------------- [ 41.362017] [ 41.362017] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 41.362017] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0 [ 41.362017] [ 41.362017] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 41.362017] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 40 af 42 2e 00 88 ff ff .,......@.B..... [ 41.362017] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 41.362017] Object ffff88000ed527a0: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 41.362017] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 41.362017] Object ffff88000ed527c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................ [ 41.362017] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 41.362017] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................ [ 41.362017] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.*..... [ 41.362017] Object ffff88000ed52800: 80 61 ba 00 00 ea ff ff 00 02 00 00 00 06 00 00 .a.............. [ 41.362017] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 41.362017] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 41.362017] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 41.362017] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 41.362017] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 41.362017] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 41.362017] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868 [ 41.362017] Call Trace: [ 41.362017] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 41.362017] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 41.362017] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 41.362017] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 41.362017] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 41.362017] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 41.362017] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 41.362017] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 41.362017] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 41.362017] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 41.362017] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 41.362017] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 41.362017] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 41.362017] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 41.362017] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 41.362017] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 41.362017] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 41.362017] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 41.362017] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 41.362017] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 41.362017] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 41.362017] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 41.362017] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 41.362017] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 41.362017] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 41.362017] Memory state around the buggy address: [ 41.362017] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.362017] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 41.362017] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.362017] ^ [ 41.362017] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 41.362017] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.362017] ================================================================== [ 41.476621] ================================================================== [ 41.477011] BUG: KASan: use after free in dio_bio_complete+0x15a/0x190 at addr ffff88000ed527b8 [ 41.477011] Read of size 4 by task mdadm/245 [ 41.477011] ============================================================================= [ 41.477011] BUG kmalloc-192 (Tainted: G B ): kasan: bad access detected [ 41.477011] ----------------------------------------------------------------------------- [ 41.477011] [ 41.477011] INFO: Slab 0xffffea00003b5480 objects=21 used=21 fp=0x (null) flags=0xfffff80000080 [ 41.477011] INFO: Object 0xffff88000ed52780 @offset=1920 fp=0xffff88000ed52cc0 [ 41.477011] [ 41.477011] Bytes b4 ffff88000ed52770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 41.477011] Object ffff88000ed52780: c0 2c d5 0e 00 88 ff ff 40 af 42 2e 00 88 ff ff .,......@.B..... [ 41.477011] Object ffff88000ed52790: 02 00 00 00 00 00 00 f0 00 00 00 00 00 00 00 00 ................ [ 41.477011] Object ffff88000ed527a0: 01 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 41.477011] Object ffff88000ed527b0: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................ [ 41.477011] Object ffff88000ed527c0: 00 02 00 00 00 02 00 00 01 00 00 00 00 00 00 00 ................ [ 41.477011] Object ffff88000ed527d0: 80 d9 40 81 ff ff ff ff 00 00 00 00 00 00 00 00 ..@............. [ 41.477011] Object ffff88000ed527e0: 00 00 00 00 00 00 00 00 01 00 03 00 01 00 00 00 ................ [ 41.477011] Object ffff88000ed527f0: 00 28 d5 0e 00 88 ff ff 40 d2 2a 2e 00 88 ff ff .(......@.*..... [ 41.477011] Object ffff88000ed52800: c0 61 ba 00 00 ea ff ff 00 02 00 00 00 00 00 00 .a.............. [ 41.477011] Object ffff88000ed52810: 80 fb 09 83 ff ff ff ff 00 00 00 00 00 00 00 00 ................ [ 41.477011] Object ffff88000ed52820: e0 23 15 81 ff ff ff ff 00 00 00 00 00 00 00 00 .#.............. [ 41.477011] Object ffff88000ed52830: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 41.477011] CPU: 1 PID: 245 Comm: mdadm Tainted: G B 4.2.0-rc2-00195-gbcf2843 #1 [ 41.477011] ffff88000ed52000 ffff88000efef808 ffffffff8276de85 00000000000000c0 [ 41.477011] ffff880000090800 ffff88000efef838 ffffffff813657a4 ffff880000090800 [ 41.477011] ffffea00003b5480 ffff88000ed52780 ffff880000090800 ffff88000efef868 [ 41.477011] Call Trace: [ 41.477011] [<ffffffff8276de85>] dump_stack+0x84/0xb9 [ 41.477011] [<ffffffff813657a4>] print_trailer+0x124/0x1a0 [ 41.477011] [<ffffffff8136d9ba>] object_err+0x4a/0x60 [ 41.477011] [<ffffffff81376feb>] kasan_report_error+0x2db/0x5e0 [ 41.477011] [<ffffffff811bba09>] ? trace_hardirqs_off_caller+0x49/0x2a0 [ 41.477011] [<ffffffff8136f5da>] ? kmem_cache_free+0x28a/0x680 [ 41.477011] [<ffffffff812eb80f>] ? mempool_free_slab+0x1f/0x30 [ 41.477011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 41.477011] [<ffffffff8137747e>] kasan_report+0x8e/0xb0 [ 41.477011] [<ffffffff8140d94a>] ? dio_bio_complete+0x15a/0x190 [ 41.477011] [<ffffffff81375ed1>] __asan_load4+0xd1/0xf0 [ 41.477011] [<ffffffff81a1d9b1>] ? bio_put+0x71/0xc0 [ 41.477011] [<ffffffff8140d94a>] dio_bio_complete+0x15a/0x190 [ 41.477011] [<ffffffff8140f6fe>] __blockdev_direct_IO+0x14ae/0x69b0 [ 41.477011] [<ffffffff811bf0c5>] ? __lock_acquire+0x45/0x2c90 [ 41.477011] [<ffffffff814086c0>] ? bh_submit_read+0x140/0x140 [ 41.477011] [<ffffffff81408d23>] blkdev_direct_IO+0x93/0xf0 [ 41.477011] [<ffffffff812e3f84>] ? filemap_write_and_wait_range+0xa4/0xc0 [ 41.477011] [<ffffffff812e8fe7>] generic_file_read_iter+0xcc7/0xe50 [ 41.477011] [<ffffffff81289e42>] ? ftrace_likely_update+0x152/0x330 [ 41.477011] [<ffffffff81409242>] blkdev_read_iter+0x92/0xc0 [ 41.477011] [<ffffffff8138df13>] __vfs_read+0x173/0x240 [ 41.477011] [<ffffffff8138e14b>] vfs_read+0x16b/0x260 [ 41.477011] [<ffffffff8138e9fa>] SyS_read+0x7a/0x110 [ 41.477011] [<ffffffff8278f7ee>] entry_SYSCALL_64_fastpath+0x12/0x76 [ 41.477011] Memory state around the buggy address: [ 41.477011] ffff88000ed52680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.477011] ffff88000ed52700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 41.477011] >ffff88000ed52780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 41.477011] ^ [ 41.477011] ffff88000ed52800: fb fb fb fb fb fb fb fb 00 00 00 00 00 00 00 00 [ 41.477011] ffff88000ed52880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 41.477011] ================================================================== Thanks, Ying Huang

5 years, 9 months

2
1
0 / 0

[lkp] [mm] 112b650f83e: -6.8% will-it-scale.per_process_ops

by kernel test robot

FYI, we noticed the below changes on git://git.kernel.org/pub/scm/linux/kernel/git/andrea/aa.git master commit 112b650f83e5ccea260708f8b7ca747580584659 ("mm: gup: make get_user_pages_fast and __get_user_pages_fast latency conscious") ========================================================================================= tbox_group/testcase/rootfs/kconfig/compiler/cpufreq_governor/test: lkp-sbx04/will-it-scale/debian-x86_64-2015-02-07.cgz/x86_64-rhel/gcc-4.9/performance/futex1 commit: b7c3d6a0d545317e63ff58a1e60059ce79ac359e 112b650f83e5ccea260708f8b7ca747580584659 b7c3d6a0d545317e 112b650f83e5ccea260708f8b7 ---------------- -------------------------- %stddev %change %stddev \ | \ 5155618 ± 0% -6.8% 4806190 ± 0% will-it-scale.per_process_ops 1203105 ± 1% -3.0% 1166790 ± 0% will-it-scale.per_thread_ops 18828 ± 11% +97.6% 37211 ± 5% will-it-scale.time.involuntary_context_switches 80265 ± 8% -20.5% 63818 ± 11% numa-numastat.node0.numa_hit 18828 ± 11% +97.6% 37211 ± 5% time.involuntary_context_switches 3600 ± 3% +20.6% 4341 ± 5% vmstat.system.cs 227062 ± 3% +52.6% 346589 ± 1% latency_stats.hits.pipe_wait.pipe_read.__vfs_read.vfs_read.SyS_read.entry_SYSCALL_64_fastpath 5878405 ± 0% +19.7% 7035430 ± 0% latency_stats.sum.pipe_wait.pipe_read.__vfs_read.vfs_read.SyS_read.entry_SYSCALL_64_fastpath 7597 ± 12% -36.0% 4860 ± 32% numa-meminfo.node0.AnonPages 5012 ± 50% +59.1% 7975 ± 31% numa-meminfo.node2.Mapped 12346 ± 14% +24.2% 15338 ± 3% numa-meminfo.node3.SReclaimable 3516 ± 3% +10.0% 3867 ± 3% slabinfo.kmalloc-2048.active_objs 20418 ± 3% -10.9% 18198 ± 5% slabinfo.kmalloc-256.active_objs 344.25 ± 6% -25.9% 255.00 ± 14% slabinfo.kmem_cache.active_objs 344.25 ± 6% -25.9% 255.00 ± 14% slabinfo.kmem_cache.num_objs 683.00 ± 4% -16.4% 571.00 ± 7% slabinfo.kmem_cache_node.active_objs 752.00 ± 3% -14.9% 640.00 ± 7% slabinfo.kmem_cache_node.num_objs 1899 ± 12% -36.0% 1214 ± 32% numa-vmstat.node0.nr_anon_pages 113103 ± 8% -11.7% 99882 ± 4% numa-vmstat.node0.numa_hit 78508 ± 13% -16.9% 65214 ± 8% numa-vmstat.node0.numa_local 95.75 ± 24% -56.7% 41.50 ± 41% numa-vmstat.node2.nr_dirtied 1252 ± 50% +59.1% 1993 ± 31% numa-vmstat.node2.nr_mapped 93.25 ± 24% -57.1% 40.00 ± 44% numa-vmstat.node2.nr_written 3086 ± 14% +24.2% 3834 ± 3% numa-vmstat.node3.nr_slab_reclaimable 2.26 ± 2% -36.9% 1.42 ± 2% perf-profile.cpu-cycles.___might_sleep.__might_sleep.get_futex_key.futex_wake.do_futex 0.41 ± 5% +140.2% 0.98 ± 1% perf-profile.cpu-cycles.___might_sleep.get_futex_key.futex_wake.do_futex.sys_futex 0.00 ± -1% +Inf% 3.65 ± 1% perf-profile.cpu-cycles.___might_sleep.get_user_pages_fast.get_futex_key.futex_wake.do_futex 3.21 ± 2% -31.6% 2.20 ± 1% perf-profile.cpu-cycles.__might_sleep.get_futex_key.futex_wake.do_futex.sys_futex 4.42 ± 1% -11.8% 3.90 ± 1% perf-profile.cpu-cycles.get_futex_key_refs.isra.10.futex_wake.do_futex.sys_futex.entry_SYSCALL_64_fastpath 26.58 ± 0% +18.8% 31.59 ± 0% perf-profile.cpu-cycles.get_user_pages_fast.get_futex_key.futex_wake.do_futex.sys_futex 14.18 ± 1% -9.6% 12.81 ± 0% perf-profile.cpu-cycles.unlock_page.get_futex_key.futex_wake.do_futex.sys_futex 193.00 ± 55% -60.1% 77.00 ± 87% sched_debug.cfs_rq[10]:/.blocked_load_avg 209.25 ± 51% -73.2% 56.00 ±107% sched_debug.cfs_rq[10]:/.tg_load_contrib 0.50 ±100% +350.0% 2.25 ± 72% sched_debug.cfs_rq[14]:/.nr_spread_over 65.00 ±154% -96.2% 2.50 ±100% sched_debug.cfs_rq[15]:/.blocked_load_avg 81.00 ±124% -79.9% 16.25 ± 13% sched_debug.cfs_rq[15]:/.tg_load_contrib 217.25 ± 96% -61.4% 83.75 ±167% sched_debug.cfs_rq[17]:/.blocked_load_avg 219.75 ± 95% -60.8% 86.25 ±161% sched_debug.cfs_rq[17]:/.tg_load_contrib 9485 ± 11% +16.1% 11016 ± 6% sched_debug.cfs_rq[19]:/.tg_load_avg 9453 ± 12% +16.5% 11015 ± 6% sched_debug.cfs_rq[20]:/.tg_load_avg 8076 ± 0% +13.7% 9178 ± 11% sched_debug.cfs_rq[21]:/.avg->runnable_avg_sum 9442 ± 11% +16.6% 11010 ± 6% sched_debug.cfs_rq[21]:/.tg_load_avg 175.00 ± 0% +13.4% 198.50 ± 11% sched_debug.cfs_rq[21]:/.tg_runnable_contrib 9432 ± 12% +16.7% 11010 ± 6% sched_debug.cfs_rq[22]:/.tg_load_avg 9473 ± 12% +15.9% 10977 ± 6% sched_debug.cfs_rq[23]:/.tg_load_avg 175.00 ± 2% +7.7% 188.50 ± 5% sched_debug.cfs_rq[27]:/.tg_runnable_contrib 35551 ± 12% -10.3% 31893 ± 1% sched_debug.cfs_rq[50]:/.exec_clock 21745 ± 6% +8.6% 23612 ± 6% sched_debug.cfs_rq[56]:/.exec_clock 73.75 ±100% +526.4% 462.00 ± 54% sched_debug.cfs_rq[63]:/.blocked_load_avg 84.25 ± 88% +460.8% 472.50 ± 52% sched_debug.cfs_rq[63]:/.tg_load_contrib 0.50 ±100% +550.0% 3.25 ± 25% sched_debug.cfs_rq[9]:/.nr_spread_over 10053 ± 27% +101.2% 20226 ± 14% sched_debug.cpu#0.nr_switches 19037 ± 14% +54.0% 29326 ± 10% sched_debug.cpu#0.sched_count 2136 ± 12% +236.9% 7198 ± 32% sched_debug.cpu#0.sched_goidle 15374 ± 36% -57.4% 6548 ± 67% sched_debug.cpu#1.nr_switches 15861 ± 35% -54.4% 7236 ± 60% sched_debug.cpu#1.sched_count 6837 ± 44% -55.2% 3060 ± 71% sched_debug.cpu#1.sched_goidle 2.00 ± 0% +50.0% 3.00 ± 0% sched_debug.cpu#17.cpu_load[2] 3269 ± 52% +182.5% 9233 ± 65% sched_debug.cpu#19.ttwu_count 1684 ± 13% -29.3% 1191 ± 15% sched_debug.cpu#23.ttwu_local 1275 ± 20% +203.1% 3865 ± 58% sched_debug.cpu#24.ttwu_local -6.25 ±-54% -100.0% 0.00 ± 0% sched_debug.cpu#25.nr_uninterruptible 1.50 ±233% -650.0% -8.25 ±-97% sched_debug.cpu#30.nr_uninterruptible -1.00 ±-187% -325.0% 2.25 ± 79% sched_debug.cpu#32.nr_uninterruptible 3.50 ± 47% -114.3% -0.50 ±-331% sched_debug.cpu#34.nr_uninterruptible 3.25 ± 39% -76.9% 0.75 ±145% sched_debug.cpu#37.nr_uninterruptible 236.50 ± 25% +597.6% 1649 ±131% sched_debug.cpu#39.sched_goidle 1.50 ±137% +316.7% 6.25 ± 45% sched_debug.cpu#41.nr_uninterruptible 984.50 ± 80% -63.9% 355.75 ± 40% sched_debug.cpu#42.ttwu_local 241.00 ± 7% +102.3% 487.50 ± 25% sched_debug.cpu#44.ttwu_local 522.50 ± 6% +385.2% 2535 ± 91% sched_debug.cpu#45.sched_goidle 1481 ± 17% +972.4% 15890 ±117% sched_debug.cpu#47.nr_switches 1566 ± 16% +925.2% 16056 ±117% sched_debug.cpu#47.sched_count 618.00 ± 19% +1162.9% 7804 ±119% sched_debug.cpu#47.sched_goidle 4222 ± 70% -61.6% 1619 ± 9% sched_debug.cpu#5.nr_switches 4705 ± 63% -52.6% 2229 ± 14% sched_debug.cpu#5.sched_count 1971 ± 76% -65.4% 682.00 ± 9% sched_debug.cpu#5.sched_goidle 1835 ± 36% +215.7% 5792 ± 36% sched_debug.cpu#53.nr_switches 1961 ± 37% +197.9% 5843 ± 36% sched_debug.cpu#53.sched_count 396.00 ± 19% +402.3% 1989 ± 71% sched_debug.cpu#53.ttwu_local 1803 ± 13% -32.6% 1215 ± 10% sched_debug.cpu#6.nr_switches 766.25 ± 13% -34.5% 502.25 ± 10% sched_debug.cpu#6.sched_goidle 395.50 ± 10% -52.3% 188.50 ± 15% sched_debug.cpu#6.ttwu_local 1105 ± 33% +788.4% 9823 ±107% sched_debug.cpu#60.sched_goidle lkp-sbx04: Sandy Bridge-EX Memory: 64G will-it-scale.per_process_ops 5.2e+06 ++------------------*--------------------------------------------+ *.. .*..*..*. .*..*..*...* | 5.15e+06 ++ *...*. *..*..*...*. | 5.1e+06 ++ | | | 5.05e+06 ++ | 5e+06 ++ | | | 4.95e+06 ++ | 4.9e+06 ++ | | O O | 4.85e+06 ++ | 4.8e+06 ++ O O O O O O O O | O O O O O O O O O O 4.75e+06 ++-O-------------------------------------------------------------+ [*] bisect-good sample [O] bisect-bad sample To reproduce: git clone git://git.kernel.org/pub/scm/linux/kernel/git/wfg/lkp-tests.git cd lkp-tests bin/lkp install job.yaml # job file is attached in this email bin/lkp run job.yaml Disclaimer: Results have been estimated based on internal Intel analysis and are provided for informational purposes only. Any difference in system hardware or software design or configuration may affect actual performance. Thanks, Ying Huang

5 years, 9 months

1
0
0 / 0

WARNING: CPU: 0 PID: 3 at kernel/trace/trace_functions_graph.c:223 ftrace_return_to_handler()

by kernel test robot

Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is git://internal_merge_and_test_tree devel-hourly-2015072814 commit 24e1d1b870d425646bafa78d59d47ce2e6eeac61 Author: 0day robot <fengguang.wu(a)intel.com> AuthorDate: Tue Jul 28 14:27:06 2015 +0800 Commit: 0day robot <fengguang.wu(a)intel.com> CommitDate: Tue Jul 28 14:27:06 2015 +0800 0day head guard for 'devel-hourly-2015072814' +-----------------------------------------------------------------------------+------------+-----------------+-----------------+ | | fe40d12711 | v4.2-rc4_072814 | v4.2-rc4_072814 | +-----------------------------------------------------------------------------+------------+-----------------+-----------------+ | boot_successes | 66 | 0 | 0 | | boot_failures | 0 | 14 | 14 | | WARNING:at_kernel/trace/trace_functions_graph.c:#ftrace_return_to_handler() | 0 | 14 | 14 | | backtrace:smpboot_thread_fn | 0 | 9 | 9 | | backtrace:ftrace_graph_caller | 0 | 5 | 5 | +-----------------------------------------------------------------------------+------------+-----------------+-----------------+ [ 0.555993] Testing ftrace regs(no arch support): PASSED [ 0.557224] Testing tracer function_graph: [ 0.558428] ------------[ cut here ]------------ [ 0.559910] WARNING: CPU: 0 PID: 3 at kernel/trace/trace_functions_graph.c:223 ftrace_return_to_handler+0x150/0x26e() [ 0.562151] Bad frame pointer: expected ffffffff83024ee0, received ffffffff83024f10 [ 0.562151] from func __calc_delta return to ffffffff811176bd [ 0.564935] CPU: 0 PID: 3 Comm: ksoftirqd/0 Not tainted 4.2.0-rc4-02683-g24e1d1b #13 [ 0.567077] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014 [ 0.569093] 0000000000000000 ffffffff83024dc0 ffffffff8235a343 ffffffff83024df8 [ 0.571238] ffffffff810e1a25 ffffffff8118f110 00000000000001e0 ffffffff82352457 [ 0.573394] 000000000000000c ffffffff83024f10 ffffffff83024e60 ffffffff810e1aa4 [ 0.575396] Call Trace: [ 0.576133] <IRQ> [<ffffffff8235a343>] dump_stack+0x19/0x1b [ 0.577350] [<ffffffff810e1a25>] warn_slowpath_common+0xc3/0xdb [ 0.578531] [<ffffffff8118f110>] ? ftrace_return_to_handler+0x150/0x26e [ 0.579762] [<ffffffff82352457>] ? mm_fault_error+0x244/0x244 [ 0.580886] [<ffffffff810e1aa4>] warn_slowpath_fmt+0x48/0x50 [ 0.582006] [<ffffffff81116c01>] ? __calc_delta+0x25/0x171 [ 0.583105] [<ffffffff81116ce8>] ? __calc_delta+0x10c/0x171 [ 0.584206] [<ffffffff81116bfc>] ? __calc_delta+0x20/0x171 [ 0.585309] [<ffffffff8118f110>] ftrace_return_to_handler+0x150/0x26e [ 0.586522] [<ffffffff811176bd>] ? sched_slice+0xe7/0x105 [ 0.587775] [<ffffffff82381e44>] ? ftrace_graph_caller+0x94/0x94 [ 0.589189] [<ffffffff811176bd>] sched_slice+0xe7/0x105 [ 0.590342] [<ffffffff811176bd>] ? sched_slice+0xe7/0x105 [ 0.591517] [<ffffffff82381e59>] return_to_handler+0x15/0x27 [ 0.592633] [<ffffffff82381e44>] ? ftrace_graph_caller+0x94/0x94 [ 0.593799] [<ffffffff81119492>] task_tick_fair+0xb4/0x176 [ 0.594893] [<ffffffff82381e44>] ftrace_graph_caller+0x94/0x94 [ 0.596028] [<ffffffff81110a59>] scheduler_tick+0x3f/0x59 [ 0.597125] [<ffffffff82381e44>] ftrace_graph_caller+0x94/0x94 [ 0.598259] [<ffffffff81140136>] update_process_times+0x5c/0x69 [ 0.599420] [<ffffffff82381e44>] ftrace_graph_caller+0x94/0x94 [ 0.600560] [<ffffffff81151a26>] tick_periodic+0xb7/0xc3 [ 0.601764] [<ffffffff82381e44>] ftrace_graph_caller+0x94/0x94 [ 0.602900] [<ffffffff81151a4a>] tick_handle_periodic+0x18/0xb0 [ 0.604534] [<ffffffff82381e44>] ftrace_graph_caller+0x94/0x94 [ 0.606373] [<ffffffff8103d542>] local_apic_timer_interrupt+0x60/0x62 [ 0.608330] [<ffffffff82381e44>] ftrace_graph_caller+0x94/0x94 [ 0.610150] [<ffffffff82381fae>] smp_apic_timer_interrupt+0x3b/0x4a [ 0.612056] [<ffffffff82381e44>] ftrace_graph_caller+0x94/0x94 [ 0.613903] [<ffffffff82380b85>] apic_timer_interrupt+0x85/0x90 [ 0.615740] <EOI> [<ffffffff81127217>] ? lock_acquire+0xbe/0x11b [ 0.617759] [<ffffffff8113b1df>] ? __rcu_process_callbacks+0x99/0x146 [ 0.619688] [<ffffffff8117815e>] ? func_remove+0x19f/0x19f [ 0.621465] [<ffffffff8113b215>] __rcu_process_callbacks+0xcf/0x146 [ 0.623361] [<ffffffff8113b1df>] ? __rcu_process_callbacks+0x99/0x146 [ 0.625261] [<ffffffff82381e44>] ftrace_graph_caller+0x94/0x94 [ 0.627146] [<ffffffff8113b2a1>] rcu_process_callbacks+0x15/0x23 [ 0.629013] [<ffffffff82381e44>] ftrace_graph_caller+0x94/0x94 [ 0.630846] [<ffffffff810e5fda>] __do_softirq+0x194/0x446 [ 0.632589] [<ffffffff82381e44>] ftrace_graph_caller+0x94/0x94 [ 0.634426] [<ffffffff810e62c2>] run_ksoftirqd+0x36/0x74 [ 0.636127] [<ffffffff82381e44>] ftrace_graph_caller+0x94/0x94 [ 0.637942] [<ffffffff8110b314>] smpboot_thread_fn+0x2bf/0x2db [ 0.639769] [<ffffffff8110b055>] ? sort_range+0x22/0x22 [ 0.641389] [<ffffffff811062a0>] kthread+0x14b/0x153 [ 0.642949] [<ffffffff81106155>] ? __kthread_parkme+0xc4/0xc4 [ 0.644823] [<ffffffff823802cf>] ret_from_fork+0x3f/0x70 [ 0.646547] [<ffffffff81106155>] ? __kthread_parkme+0xc4/0xc4 [ 0.648354] ---[ end trace b33ea7363d4d926b ]--- [ 0.651821] CPU: 0 PID: 3 Comm: ksoftirqd/0 Tainted: G W 4.2.0-rc4-02683-g24e1d1b #13 git bisect start 24e1d1b870d425646bafa78d59d47ce2e6eeac61 cbfe8fa6cd672011c755c3cd85c9ffd4e2d10a6f -- git bisect good b7f42bec252eb30317a7434aad3edfb543bbef86 # 15:57 20+ 0 Merge 'bpf/master' into devel-hourly-2015072814 git bisect good a344e0ea2f6ebbd022fd99703a2361adfc8c31a4 # 16:07 21+ 1 Merge 'xen-tip/linux-next' into devel-hourly-2015072814 git bisect good 75aa67901966a029f9cef091498208de629acca1 # 16:23 22+ 0 Merge 'avr32/for-linus' into devel-hourly-2015072814 git bisect good abcbb64ccf1f6cb777bc7bffb9347e205d776b14 # 16:38 22+ 0 Merge 'pm/bleeding-edge' into devel-hourly-2015072814 git bisect good 25a3d9ab45fd4715305b04c1ea4a876445bb3459 # 16:47 22+ 0 Merge 'input/master' into devel-hourly-2015072814 git bisect good c1b12cf87f7e08f5098dcea09bd87f4719f93a68 # 16:57 21+ 0 Merge 'shawnguo/imx/defconfig' into devel-hourly-2015072814 git bisect good fe40d12711b27be9bbfaf2a90ea504476ded1371 # 17:06 21+ 0 Merge 'shawnguo/imx/fixes' into devel-hourly-2015072814 # first bad commit: [24e1d1b870d425646bafa78d59d47ce2e6eeac61] 0day head guard for 'devel-hourly-2015072814' git bisect good fe40d12711b27be9bbfaf2a90ea504476ded1371 # 17:10 63+ 0 Merge 'shawnguo/imx/fixes' into devel-hourly-2015072814 # extra tests with DEBUG_INFO git bisect good 24e1d1b870d425646bafa78d59d47ce2e6eeac61 # 17:22 65+ 0 0day head guard for 'devel-hourly-2015072814' # extra tests on HEAD of linux-devel/devel-hourly-2015072814 git bisect bad 24e1d1b870d425646bafa78d59d47ce2e6eeac61 # 17:22 0- 14 0day head guard for 'devel-hourly-2015072814' # extra tests on tree/branch linux-devel/devel-hourly-2015072814 git bisect bad 24e1d1b870d425646bafa78d59d47ce2e6eeac61 # 17:22 0- 14 0day head guard for 'devel-hourly-2015072814' # extra tests with first bad commit reverted git bisect good ddb1bdb359a40f81945ae22bcf52d1a8f7dd4c36 # 17:37 66+ 0 Revert "0day head guard for 'devel-hourly-2015072814'" # extra tests on tree/branch linus/master git bisect good cbfe8fa6cd672011c755c3cd85c9ffd4e2d10a6f # 17:43 61+ 6 Linux 4.2-rc4 # extra tests on tree/branch linux-next/master git bisect good 5aa6180315a5f8ea1236608082e7135a4beaaf8a # 17:53 66+ 0 Add linux-next specific files for 20150728 This script may reproduce the error. ---------------------------------------------------------------------------- #!/bin/bash kernel=$1 kvm=( qemu-system-x86_64 -enable-kvm -cpu Haswell,+smep,+smap -kernel $kernel -m 256 -smp 1 -device e1000,netdev=net0 -netdev user,id=net0 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -serial stdio -display none -monitor null ) append=( hung_task_panic=1 earlyprintk=ttyS0,115200 systemd.log_level=err debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw drbd.minor_count=8 ) "${kvm[@]}" --append "${append[*]}" ---------------------------------------------------------------------------- --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/lkp Intel Corporation

5 years, 9 months

1
0
0 / 0

[x86/mm/pat/32] EIP is at __copy_to_user_ll

by kernel test robot

Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is git://internal_merge_and_test_tree devel-catchup-201507071549 commit a1214ffa5cc35b5ecd0fb7f02958d55c42b3319e Author: Ingo Molnar <mingo(a)kernel.org> AuthorDate: Thu Jun 11 10:35:58 2015 +0200 Commit: Ingo Molnar <mingo(a)kernel.org> CommitDate: Tue Jul 7 08:48:57 2015 +0200 x86/mm/pat/32: Remove pgd_list use from the PAT code The 32-bit x86 PAT code uses __set_pmd_pte() to update pmds. This uses pgd_list currently, but we don't need the global list as we can walk the task list under RCU. (This code already holds the pgd_lock.) Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Andy Lutomirski <luto(a)amacapital.net> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Brian Gerst <brgerst(a)gmail.com> Cc: Denys Vlasenko <dvlasenk(a)redhat.com> Cc: H. Peter Anvin <hpa(a)zytor.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Cc: Oleg Nesterov <oleg(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Rik van Riel <riel(a)redhat.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Waiman Long <Waiman.Long(a)hp.com> Cc: linux-mm(a)kvack.org Signed-off-by: Ingo Molnar <mingo(a)kernel.org> +------------------------------------------------+------------+------------+------------+ | | 175e74c984 | a1214ffa5c | e0f02c15e8 | +------------------------------------------------+------------+------------+------------+ | boot_successes | 910 | 301 | 77 | | boot_failures | 0 | 9 | 6 | | Kernel_panic-not_syncing:softlockup:hung_tasks | 0 | 9 | 4 | | backtrace:do_group_exit | 0 | 9 | 4 | | backtrace:SyS_exit_group | 0 | 9 | 4 | | EIP_is_at__copy_to_user_ll | 0 | 8 | 2 | | IP-Config:Auto-configuration_of_network_failed | 0 | 0 | 2 | +------------------------------------------------+------------+------------+------------+ [ 44.532571] NMI watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [trinity-main:459] [ 44.534546] CPU: 0 PID: 459 Comm: trinity-main Not tainted 4.2.0-rc1-00026-ga1214ff #1 [ 44.535739] task: bdb3a880 ti: bdb4e000 task.ti: bdb4e000 [ 44.536499] EIP: 0060:[<b147e9e8>] EFLAGS: 00010297 CPU: 0 [ 44.537387] EIP is at __copy_to_user_ll+0x68/0xb0 [ 44.538209] EAX: b1000353 EBX: 00000001 ECX: 00000001 EDX: bdb4fdde [ 44.539245] ESI: bdb4fdde EDI: b1000353 EBP: bdb4fdac ESP: bdb4fda0 [ 44.540443] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 [ 44.541436] CR0: 80050033 CR2: b1000353 CR3: 0d469000 CR4: 00140790 [ 44.542605] DR0: 0922e000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 44.545007] DR6: ffff0ff0 DR7: 00050602 [ 44.545716] Stack: [ 44.546074] bdb3a880 00000001 b0000000 bdb4fdc4 b11c7933 00000001 bdb4fdde 00000001 [ 44.547747] 00b3c5c0 bdb4fdd4 b1054043 b1000353 b2394908 bdb4fdec b10540fd e8cc4380 [ 44.549297] 00b3c5c0 bf5c0000 b29e4380 bdb4fe1c b1054a35 b10542d1 bdb4fe10 b10543d9 [ 44.550955] Call Trace: [ 44.551375] [<b11c7933>] __probe_kernel_write+0x53/0x160 [ 44.552351] [<b1054043>] ftrace_write+0x33/0x70 [ 44.553219] [<b1000353>] ? run_init_process+0x3/0x50 [ 44.554134] [<b10540fd>] add_break+0x7d/0xb0 [ 44.554952] [<b1054a35>] ftrace_replace_code+0x75/0x750 [ 44.555907] [<b10542d1>] ? run_sync+0xa1/0xc0 [ 44.556737] [<b10543d9>] ? update_ftrace_func+0xe9/0x1d0 [ 44.557872] [<b1158007>] ftrace_modify_all_code+0x227/0x390 [ 44.558878] [<b105513a>] arch_ftrace_update_code+0x2a/0x50 [ 44.559894] [<b11582d6>] ftrace_run_update_code+0xa6/0x260 [ 44.560903] [<b1159940>] ftrace_shutdown+0x340/0x6a0 [ 44.561983] [<b115c460>] ? unregister_ftrace_function+0x20/0x70 [ 44.563055] [<b1185ce1>] ? perf_trace_destroy+0x21/0x90 [ 44.564026] [<b115c475>] unregister_ftrace_function+0x35/0x70 [ 44.565088] [<b118644b>] perf_ftrace_event_register+0x9b/0x4c0 [ 44.566175] [<b1185d02>] perf_trace_destroy+0x42/0x90 [ 44.569010] [<b11a7316>] tp_perf_event_destroy+0x16/0x30 [ 44.569980] [<b11aedb4>] _free_event+0x154/0x3b0 [ 44.570847] [<b11af365>] put_event+0x355/0x420 [ 44.571630] [<b11af07e>] ? put_event+0x6e/0x420 [ 44.572438] [<b12c72be>] ? locks_remove_file+0xe/0x180 [ 44.573395] [<b11af91c>] perf_release+0x1c/0x30 [ 44.574256] [<b1248238>] __fput+0x178/0x490 [ 44.575066] [<b124856b>] ____fput+0x1b/0x30 [ 44.575877] [<b10af747>] task_work_run+0x147/0x1b0 [ 44.576766] [<b107ce91>] do_exit+0x681/0xf40 [ 44.577482] [<b1153e8e>] ? ftrace_ops_control_func+0xee/0x370 [ 44.578591] [<b101e419>] ? syscall_trace_enter_phase2+0x9/0x3d0 [ 44.579614] [<b1b3c932>] ? ftrace_call+0x5/0xb [ 44.580320] [<b107d841>] do_group_exit+0x71/0x180 [ 44.581270] [<b107d974>] SyS_exit_group+0x24/0x30 [ 44.582153] [<b1b3bee6>] syscall_call+0x7/0x7 [ 44.582969] [<b1b30000>] ? __schedule+0x2f0/0x1100 [ 44.583855] Code: d6 83 05 b0 88 af b2 01 83 15 b4 88 af b2 00 83 f9 07 76 17 89 f9 f7 d9 83 e1 07 29 cb f3 a4 89 d9 c1 e9 02 83 e3 03 f3 a5 89 d9 <f3> a4 89 c8 83 05 c0 88 af b2 01 5b 83 15 c4 88 af b2 00 5e 5f [ 44.589342] Kernel panic - not syncing: softlockup: hung tasks [ 44.590385] CPU: 0 PID: 459 Comm: trinity-main Tainted: G L 4.2.0-rc1-00026-ga1214ff #1 [ 44.592032] 00000013 bf587eb8 b1b26a49 bf587ed0 b1b1c2f8 00000016 b20e0301 00000016 [ 44.593620] 00000013 bf587f00 b114c90f b1e902c6 00000000 00000016 bdb3aae8 000001cb [ 44.595229] bdb4fd64 00000013 b20e0360 00000000 b114c590 bf587f20 b110f902 b114c590 [ 44.596890] Call Trace: [ 44.597296] [<b1b26a49>] dump_stack+0x40/0x5e [ 44.599351] [<b1b1c2f8>] panic+0x11d/0x3af [ 44.600137] [<b114c90f>] watchdog_timer_fn+0x37f/0x380 [ 44.601081] [<b114c590>] ? watchdog+0x70/0x70 [ 44.601907] [<b110f902>] __run_hrtimer+0x192/0x620 [ 44.602966] [<b114c590>] ? watchdog+0x70/0x70 [ 44.603782] [<b1110da0>] hrtimer_run_queues+0x110/0x190 [ 44.604732] [<b110f14c>] update_process_times+0x3c/0xd0 [ 44.605644] [<b11297a6>] tick_periodic+0x46/0x1a0 [ 44.606739] [<b1129929>] ? tick_handle_periodic+0x29/0xe0 [ 44.607714] [<b1129929>] tick_handle_periodic+0x29/0xe0 [ 44.608622] [<b1b3c932>] ? ftrace_call+0x5/0xb [ 44.609407] [<b1008240>] timer_interrupt+0x20/0x40 [ 44.610300] [<b10fb5e1>] handle_irq_event_percpu+0x261/0x5d0 [ 44.611322] [<b1b3c932>] ? ftrace_call+0x5/0xb [ 44.612163] [<b10fb99f>] handle_irq_event+0x4f/0x90 [ 44.613060] [<b1100d7f>] handle_level_irq+0x19f/0x250 [ 44.613986] [<b1100be0>] ? handle_simple_irq+0x120/0x120 [ 44.614957] [<b100765e>] handle_irq+0x1ce/0x280 [ 44.615790] <IRQ> [<b1006db5>] do_IRQ+0x55/0x130 [ 44.616640] [<b1062087>] ? trace_do_page_fault+0x127/0x260 [ 44.617631] [<b105b080>] ? kvm_read_and_reset_pf_reason+0x50/0x50 [ 44.618775] [<b1000353>] ? run_init_process+0x3/0x50 [ 44.619659] [<b1000353>] ? run_init_process+0x3/0x50 [ 44.621980] [<b1b3c7a9>] common_interrupt+0x29/0x30 [ 44.622880] [<b1000353>] ? run_init_process+0x3/0x50 [ 44.623795] [<b1000353>] ? run_init_process+0x3/0x50 [ 44.624659] [<b1b30000>] ? __schedule+0x2f0/0x1100 [ 44.625489] [<b147e9e8>] ? __copy_to_user_ll+0x68/0xb0 [ 44.626431] [<b11c7933>] __probe_kernel_write+0x53/0x160 [ 44.627401] [<b1054043>] ftrace_write+0x33/0x70 [ 44.628251] [<b1000353>] ? run_init_process+0x3/0x50 [ 44.629161] [<b10540fd>] add_break+0x7d/0xb0 [ 44.629969] [<b1054a35>] ftrace_replace_code+0x75/0x750 [ 44.630924] [<b10542d1>] ? run_sync+0xa1/0xc0 [ 44.631729] [<b10543d9>] ? update_ftrace_func+0xe9/0x1d0 [ 44.632866] [<b1158007>] ftrace_modify_all_code+0x227/0x390 [ 44.633874] [<b105513a>] arch_ftrace_update_code+0x2a/0x50 [ 44.634865] [<b11582d6>] ftrace_run_update_code+0xa6/0x260 [ 44.635854] [<b1159940>] ftrace_shutdown+0x340/0x6a0 [ 44.636942] [<b115c460>] ? unregister_ftrace_function+0x20/0x70 [ 44.637998] [<b1185ce1>] ? perf_trace_destroy+0x21/0x90 [ 44.638952] [<b115c475>] unregister_ftrace_function+0x35/0x70 [ 44.639935] [<b118644b>] perf_ftrace_event_register+0x9b/0x4c0 [ 44.640927] [<b1185d02>] perf_trace_destroy+0x42/0x90 [ 44.641800] [<b11a7316>] tp_perf_event_destroy+0x16/0x30 [ 44.642652] [<b11aedb4>] _free_event+0x154/0x3b0 [ 44.643417] [<b11af365>] put_event+0x355/0x420 [ 44.644208] [<b11af07e>] ? put_event+0x6e/0x420 [ 44.645020] [<b12c72be>] ? locks_remove_file+0xe/0x180 [ 44.645913] [<b11af91c>] perf_release+0x1c/0x30 [ 44.646647] [<b1248238>] __fput+0x178/0x490 [ 44.647345] [<b124856b>] ____fput+0x1b/0x30 [ 44.648105] [<b10af747>] task_work_run+0x147/0x1b0 [ 44.648946] [<b107ce91>] do_exit+0x681/0xf40 [ 44.649649] [<b1153e8e>] ? ftrace_ops_control_func+0xee/0x370 [ 44.650622] [<b101e419>] ? syscall_trace_enter_phase2+0x9/0x3d0 [ 44.651649] [<b1b3c932>] ? ftrace_call+0x5/0xb [ 44.653576] [<b107d841>] do_group_exit+0x71/0x180 [ 44.654362] [<b107d974>] SyS_exit_group+0x24/0x30 [ 44.655193] [<b1b3bee6>] syscall_call+0x7/0x7 [ 44.655977] [<b1b30000>] ? __schedule+0x2f0/0x1100 [ 44.657036] Kernel Offset: disabled Elapsed time: 50 git bisect start e0f02c15e85c20807c906692ec511f08e775b640 cbfe8fa6cd672011c755c3cd85c9ffd4e2d10a6f -- git bisect bad f589b2f1336479c4dd7914b4c1edcf556bb8aeef # 05:00 79- 6 Merge 'jolsa-perf/perf/stat_script' into devel-spot-201507272307 git bisect bad 10fc30a3fe68e6b03aa04a35da49c194a8362e42 # 05:04 1- 1 Merge 'drm-exynos/exynos-drm/for-next' into devel-spot-201507272307 git bisect bad 4993d181e60275526de9b31cdca59090bd8467a3 # 05:11 72- 1 Merge 'hwmon/watchdog-next' into devel-spot-201507272307 git bisect bad e376684b99f5c052bbc20a75a0b2f4fd236910a6 # 05:31 182- 9 Merge 'jkirsher-next-queue/master' into devel-spot-201507272307 git bisect good eaa460226682b766d0d8eae0c5c8507ff68eaf64 # 05:40 308+ 0 Merge 'tip/locking/arch-atomic' into devel-spot-201507272307 git bisect bad ee0ca4ec0ccf6ee18c6a1e820f06323c12f36b70 # 05:49 141- 7 Merge 'jkirsher-next-queue/dev-queue' into devel-spot-201507272307 git bisect bad 033ce9532ab2d65cf338e123ac54e27744a2caa2 # 05:57 166- 5 Merge 'tip/master' into devel-spot-201507272307 git bisect good 73db087a8bd5540678bfa62bcc73f65a0b9f0896 # 06:06 309+ 308 kvm tools: Use correct subsys id in virtio-pci git bisect good 5a337ac3c4d0ae3b078912396b90de35fa11e7f0 # 06:16 302+ 302 kvm tools: don't exit on debug ioport write git bisect good 9ad420f5b7008bb339902049f79f36aac29d9232 # 06:29 302+ 0 kvmtool: Add virtio types for recent upstream changes git bisect good ed42ce7be7566b0b9f66349ae7f2342500abdf7b # 06:50 310+ 0 Merge branch 'x86/asm' git bisect bad f455187364ecb4596951dae8bb556f9f1258acc5 # 06:54 1- 1 Merge branch 'locking/urgent' git bisect good 44a92ebab3867bb1e350a6021e4af3545cfce3a6 # 07:06 304+ 0 Merge branch 'x86/platform' git bisect bad a1214ffa5cc35b5ecd0fb7f02958d55c42b3319e # 07:10 0- 1 x86/mm/pat/32: Remove pgd_list use from the PAT code git bisect good bd2ed2fac16a9d77fb8c775a59b680a98abb736c # 07:22 310+ 0 x86/mm/hotplug: Simplify sync_global_pgds() git bisect good 8584130102584987b1f4d8b6506b438a4806f2d5 # 07:32 306+ 0 x86/mm: Enable and use the arch_pgd_init_late() method git bisect good 175e74c9847f58f1268faef12d38adfaa8bb5286 # 07:46 310+ 0 x86/mm: Remove pgd_list use from vmalloc_sync_all() # first bad commit: [a1214ffa5cc35b5ecd0fb7f02958d55c42b3319e] x86/mm/pat/32: Remove pgd_list use from the PAT code git bisect good 175e74c9847f58f1268faef12d38adfaa8bb5286 # 08:01 910+ 0 x86/mm: Remove pgd_list use from vmalloc_sync_all() # extra tests with DEBUG_INFO git bisect bad a1214ffa5cc35b5ecd0fb7f02958d55c42b3319e # 08:06 28- 1 x86/mm/pat/32: Remove pgd_list use from the PAT code # extra tests on HEAD of linux-devel/devel-spot-201507272307 git bisect bad e0f02c15e85c20807c906692ec511f08e775b640 # 08:06 0- 6 0day head guard for 'devel-spot-201507272307' # extra tests on tree/branch linux-devel/devel-catchup-201507071549 git bisect bad 96621915140f677a7514940693fc0416d15e4f94 # 09:37 103- 8 0day head guard for 'devel-catchup-201507071549' # extra tests with first bad commit reverted # extra tests on tree/branch linus/master git bisect good cbfe8fa6cd672011c755c3cd85c9ffd4e2d10a6f # 09:59 903+ 5 Linux 4.2-rc4 # extra tests on tree/branch linux-next/master git bisect good 83a5f7f22cae24ea602152424bc9026fdc689ae9 # 10:22 910+ 2 Add linux-next specific files for 20150727 This script may reproduce the error. ---------------------------------------------------------------------------- #!/bin/bash kernel=$1 initrd=yocto-minimal-i386.cgz wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd kvm=( qemu-system-x86_64 -enable-kvm -cpu Haswell,+smep,+smap -kernel $kernel -initrd $initrd -m 256 -smp 1 -device e1000,netdev=net0 -netdev user,id=net0 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -serial stdio -display none -monitor null ) append=( hung_task_panic=1 earlyprintk=ttyS0,115200 systemd.log_level=err debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw drbd.minor_count=8 ) "${kvm[@]}" --append "${append[*]}" ---------------------------------------------------------------------------- --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/lkp Intel Corporation

5 years, 9 months

1
0
0 / 0

[parport] BUG kmalloc-16 (Not tainted): Object already free

by kernel test robot

Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master commit 23c405912b881e3ca516554efde852c2ad550b31 Author: Sudip Mukherjee <sudipm.mukherjee(a)gmail.com> AuthorDate: Mon Jun 15 20:05:50 2015 +0530 Commit: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> CommitDate: Wed Jul 22 21:15:49 2015 -0700 parport: fix memory leak After the reference count becomes 0 when put_device() is called, it will execute the release callback where we are freeing all the allocated memory associated with the device. We missed freeing par_dev->state. Signed-off-by: Sudip Mukherjee <sudip(a)vectorindia.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> +-------------------------------------------------------------+------------+------------+------------+ | | cabea69587 | 23c405912b | 3505500da0 | +-------------------------------------------------------------+------------+------------+------------+ | boot_successes | 63 | 0 | 0 | | boot_failures | 0 | 24 | 17 | | BUG_kmalloc-#(Not_tainted):Object_already_free | 0 | 24 | 17 | | INFO:Allocated_in_parport_register_dev_model_age=#cpu=#pid= | 0 | 24 | 17 | | INFO:Freed_in_parport_unregister_device_age=#cpu=#pid= | 0 | 24 | 17 | | INFO:Slab#objects=#used=#fp=#flags= | 0 | 24 | 17 | | INFO:Object#@offset=#fp= | 0 | 24 | 17 | | backtrace:__parport_register_driver | 0 | 24 | 17 | | backtrace:panel_init_module | 0 | 24 | 17 | | backtrace:kernel_init_freeable | 0 | 24 | 17 | | IP-Config:Auto-configuration_of_network_failed | 0 | 2 | 2 | +-------------------------------------------------------------+------------+------------+------------+ [ 8.033163] hv_vmbus: registering driver hid_hyperv [ 8.041742] panel: could not claim access to parport0. Aborting. [ 8.043371] ============================================================================= [ 8.045047] BUG kmalloc-16 (Not tainted): Object already free [ 8.046216] ----------------------------------------------------------------------------- [ 8.046216] [ 8.048066] Disabling lock debugging due to kernel taint [ 8.049127] INFO: Allocated in parport_register_dev_model+0x117/0x490 age=1 cpu=0 pid=1 [ 8.060317] INFO: Freed in parport_unregister_device+0x1a5/0x2d0 age=0 cpu=0 pid=1 [ 8.070909] INFO: Slab 0xffffea0000004500 objects=23 used=19 fp=0xffff880000115178 flags=0x4081 [ 8.072591] INFO: Object 0xffff880000115178 @offset=4472 fp=0xffff880000114d70 [ 8.072591] [ 8.074266] Bytes b4 ffff880000115168: 00 00 00 00 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ [ 8.076100] Object ffff880000115178: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk. [ 8.077883] Redzone ffff880000115188: bb bb bb bb bb bb bb bb ........ [ 8.079558] Padding ffff8800001152c8: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ [ 8.081225] CPU: 0 PID: 1 Comm: swapper Tainted: G B 4.2.0-rc3-00002-g23c4059 #1 [ 8.082846] ffff880000115178 ffff880010e03ac8 ffffffff81fa8b17 ffff880010e03b08 [ 8.084398] ffffffff8123e8ce 0000000000000008 0000000000000001 ffff880010c03b00 [ 8.085949] ffff880000115178 ffff880010c00380 ffffea0000004500 ffff880010e03b58 [ 8.087488] Call Trace: [ 8.087984] [<ffffffff81fa8b17>] dump_stack+0x19/0x1b [ 8.088975] [<ffffffff8123e8ce>] print_trailer+0x1ae/0x250 [ 8.090087] [<ffffffff81241a09>] free_debug_processing+0x329/0x3d0 [ 8.091356] [<ffffffff819bfad6>] ? free_pardevice+0x26/0x40 [ 8.092492] [<ffffffff81241d4c>] __slab_free+0x29c/0x4c0 [ 8.093578] [<ffffffff8112fd01>] ? mark_held_locks+0x11/0x90 [ 8.094704] [<ffffffff8112fd59>] ? mark_held_locks+0x69/0x90 [ 8.095846] [<ffffffff8124628f>] ? kfree+0x3df/0x580 [ 8.096817] [<ffffffff812463a6>] kfree+0x4f6/0x580 [ 8.097778] [<ffffffff819bfad6>] ? free_pardevice+0x26/0x40 [ 8.098915] [<ffffffff819bfad6>] free_pardevice+0x26/0x40 [ 8.100090] [<ffffffff819c714f>] device_release+0x7f/0x100 [ 8.101213] [<ffffffff832d0c1c>] ? staging_init+0x8/0x8 [ 8.102283] [<ffffffff813f5c1d>] kobject_release+0x9d/0x110 [ 8.103411] [<ffffffff832d0c1c>] ? staging_init+0x8/0x8 [ 8.104464] [<ffffffff813f5aa2>] kobject_put+0xc2/0xd0 [ 8.105465] [<ffffffff819c81d0>] put_device+0x30/0x40 [ 8.106454] [<ffffffff819c9295>] device_unregister+0x35/0x40 [ 8.107549] [<ffffffff832d0c1c>] ? staging_init+0x8/0x8 [ 8.108561] [<ffffffff819c18f4>] parport_unregister_device+0x234/0x2d0 [ 8.109862] [<ffffffff819bf990>] ? driver_detach+0x40/0x40 [ 8.110942] [<ffffffff81c79a5d>] panel_attach+0x27d/0xf00 [ 8.111929] [<ffffffff819bf990>] ? driver_detach+0x40/0x40 [ 8.112942] [<ffffffff832d0c1c>] ? staging_init+0x8/0x8 [ 8.113906] [<ffffffff819bf9c5>] port_check+0x35/0x40 [ 8.114834] [<ffffffff819cb60f>] bus_for_each_dev+0x7f/0xc0 [ 8.116060] [<ffffffff819bfd6d>] __parport_register_driver+0x13d/0x140 [ 8.117309] [<ffffffff832d0ed3>] panel_init_module+0x2b7/0x33c [ 8.118434] [<ffffffff83269451>] do_one_initcall+0x14b/0x254 [ 8.119523] [<ffffffff8110dd66>] ? parse_args+0x3a6/0x520 [ 8.120559] [<ffffffff83269763>] kernel_init_freeable+0x209/0x2ce [ 8.121722] [<ffffffff81f9ec20>] ? rest_init+0x160/0x160 [ 8.122743] [<ffffffff81f9ec2e>] kernel_init+0xe/0x160 [ 8.123735] [<ffffffff81fc060f>] ret_from_fork+0x3f/0x70 [ 8.124753] [<ffffffff81f9ec20>] ? rest_init+0x160/0x160 [ 8.125805] FIX kmalloc-16: Object at 0xffff880000115178 not freed [ 8.127013] panel: driver version 0.9.5 not yet registered [ 8.134972] ashmem: initialized git bisect start 3505500da066c2d61724b028f64bc96fa2f709fa 52721d9d3334c1cb1f76219a161084094ec634dc -- git bisect bad 1d4d38f2cc8de2fafdb947940acdc4534fd1ee38 # 23:52 0- 22 Merge 'kees/gcc-bug' into devel-spot-201507260856 git bisect good 65be6aecfa246aedd6ce2ec15eacc0d5c011c185 # 23:57 22+ 0 Merge 'tip/x86/platform' into devel-spot-201507260856 git bisect bad c326255c9385dd42e8b6a97bf4f2d3ec5009de33 # 00:03 0- 16 Merge 'phy/next' into devel-spot-201507260856 git bisect good d2ef6ed177d19d000cccc7a4eaf4c1ab5b883e15 # 00:09 20+ 0 Merge 'kvm/master' into devel-spot-201507260856 git bisect bad ba1c097b2e9302730d5bef75bd029e32cefe48ef # 00:13 0- 2 Merge 'mvebu/mvebu/soc' into devel-spot-201507260856 git bisect good 4b8c61b6674b3afabd119e0ac6a4ddb6a627eb14 # 00:18 22+ 0 Merge 'ext3/for_next' into devel-spot-201507260856 git bisect bad deae28e6e03aeed1293cd56f376ba54cbd3695aa # 00:23 0- 10 Merge 'char-misc/char-misc-linus' into devel-spot-201507260856 git bisect bad 23c405912b881e3ca516554efde852c2ad550b31 # 00:27 0- 15 parport: fix memory leak git bisect good cabea695875e3a07313c205a9753c7416126dfa2 # 00:34 22+ 0 parport: fix error handling # first bad commit: [23c405912b881e3ca516554efde852c2ad550b31] parport: fix memory leak git bisect good cabea695875e3a07313c205a9753c7416126dfa2 # 00:36 63+ 0 parport: fix error handling # extra tests with DEBUG_INFO git bisect bad 23c405912b881e3ca516554efde852c2ad550b31 # 00:40 0- 6 parport: fix memory leak # extra tests on HEAD of linux-devel/devel-spot-201507260856 git bisect bad 3505500da066c2d61724b028f64bc96fa2f709fa # 00:40 0- 17 0day head guard for 'devel-spot-201507260856' # extra tests on tree/branch linus/master git bisect good 26ae19a3883c9d595e9100fd10b856a7cf1a949a # 00:46 65+ 0 Merge tag 'usb-4.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb # extra tests on tree/branch linus/master git bisect good 26ae19a3883c9d595e9100fd10b856a7cf1a949a # 00:46 66+ 0 Merge tag 'usb-4.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb # extra tests on tree/branch linux-next/master git bisect bad e8e9cc31b0769f2152a6825560e4005b84b2c768 # 00:50 0- 3 Add linux-next specific files for 20150724 This script may reproduce the error. ---------------------------------------------------------------------------- #!/bin/bash kernel=$1 initrd=quantal-core-x86_64.cgz wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd kvm=( qemu-system-x86_64 -enable-kvm -cpu kvm64 -kernel $kernel -initrd $initrd -m 300 -smp 2 -device e1000,netdev=net0 -netdev user,id=net0 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -serial stdio -display none -monitor null ) append=( hung_task_panic=1 earlyprintk=ttyS0,115200 systemd.log_level=err debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw drbd.minor_count=8 ) "${kvm[@]}" --append "${append[*]}" ---------------------------------------------------------------------------- --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/lkp Intel Corporation

5 years, 9 months

3
2
0 / 0

[ring-buffer] WARNING: CPU: 0 PID: 75 at kernel/trace/ring_buffer.c:3597 rb_get_reader_page()

by Fengguang Wu

Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace.git ftrace/core commit a4543a2fa9ef31d6d0f854a4e14f8f82e7996d8d Author: Steven Rostedt (Red Hat) <rostedt(a)goodmis.org> AuthorDate: Fri May 29 09:40:18 2015 -0400 Commit: Steven Rostedt <rostedt(a)goodmis.org> CommitDate: Mon Jul 20 22:30:48 2015 -0400 ring-buffer: Get timestamp after event is allocated Move the capturing of the timestamp to after an event is allocated. If the event is not a commit (where it is an event that preempted another event), then no timestamp is needed, because the delta of nested events is always zero. If the event starts on a new page, no delta needs to be calculated as the full timestamp will be added to the page header, and the event will have a delta of zero. Now if the event requires a time extend (the delta does not fit in the 27 bit delta slot in the header), then the event is discarded, the length is extended to hold the TIME_EXTEND event that allows for a 59 bit delta, and the commit is tried again. If the event can't be discarded (another event came in after it), then the TIME_EXTEND is added directly to the allocated event and the rest of the event is given padding. Signed-off-by: Steven Rostedt <rostedt(a)goodmis.org> +--------------------------------------------------------------------------------+------------+------------+------------+ | | 9826b2733a | a4543a2fa9 | 3505500da0 | +--------------------------------------------------------------------------------+------------+------------+------------+ | boot_successes | 910 | 303 | 139 | | boot_failures | 2 | 9 | 8 | | IP-Config:Auto-configuration_of_network_failed | 2 | 2 | 2 | | WARNING:at_kernel/trace/ring_buffer.c:#rb_get_reader_page() | 0 | 5 | 2 | | WARNING:at_kernel/trace/ring_buffer_benchmark.c:#ring_buffer_consumer_thread() | 0 | 6 | 6 | | backtrace:ring_buffer_consumer_thread | 0 | 7 | 6 | +--------------------------------------------------------------------------------+------------+------------+------------+ [ 1.312048] crc32c_combine: 8373 self tests passed [ 1.312542] rbtree testing [ 1.509959] ------------[ cut here ]------------ [ 1.510007] WARNING: CPU: 0 PID: 75 at kernel/trace/ring_buffer.c:3597 rb_get_reader_page+0x360/0x390() [ 1.510007] Modules linked in: [ 1.510007] CPU: 0 PID: 75 Comm: rb_consumer Not tainted 4.2.0-rc3-00006-ga4543a2 #2 [ 1.510007] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014 [ 1.510007] 0000000000000009 ffff88000e15bc48 ffffffff8162db7e 0000000000000000 [ 1.510007] 0000000000000009 ffff88000e15bc88 ffffffff810b8b0e ffff88000e156000 [ 1.510007] ffff88000e1f3aa0 0000000000000001 ffff88000e1f3a01 ffff88000e18abc8 [ 1.510007] Call Trace: [ 1.510007] [<ffffffff8162db7e>] dump_stack+0x7d/0xdf [ 1.510007] [<ffffffff810b8b0e>] warn_slowpath_common+0xae/0x100 [ 1.510007] [<ffffffff810b8c1a>] warn_slowpath_null+0x1a/0x20 [ 1.510007] [<ffffffff811a5390>] rb_get_reader_page+0x360/0x390 [ 1.510007] [<ffffffff811a804b>] ? ring_buffer_consume+0x1fb/0x360 [ 1.510007] [<ffffffff811a62d1>] rb_buffer_peek+0x61/0x1b0 [ 1.510007] [<ffffffff811a805b>] ring_buffer_consume+0x20b/0x360 [ 1.510007] [<ffffffff811ae6dc>] ring_buffer_consumer_thread+0xbc/0x8e0 [ 1.510007] [<ffffffff811ae620>] ? wait_to_die+0xc0/0xc0 [ 1.510007] [<ffffffff810ea560>] kthread+0x150/0x160 [ 1.510007] [<ffffffff810ea410>] ? __kthread_unpark+0x70/0x70 [ 1.510007] [<ffffffff8163a65f>] ret_from_fork+0x3f/0x70 [ 1.510007] [<ffffffff810ea410>] ? __kthread_unpark+0x70/0x70 [ 1.510007] ---[ end trace 8bb978c879834c01 ]--- [ 1.510007] ------------[ cut here ]------------ git bisect start 3505500da066c2d61724b028f64bc96fa2f709fa 52721d9d3334c1cb1f76219a161084094ec634dc -- git bisect bad 1d4d38f2cc8de2fafdb947940acdc4534fd1ee38 # 14:01 57- 2 Merge 'kees/gcc-bug' into devel-spot-201507260856 git bisect bad 65be6aecfa246aedd6ce2ec15eacc0d5c011c185 # 14:06 62- 2 Merge 'tip/x86/platform' into devel-spot-201507260856 git bisect good 59bf09ccdb6a2974c419e88dab5ba232ab5ccbf5 # 14:17 310+ 0 Merge 'tip/master' into devel-spot-201507260856 git bisect bad e74ce77ccf44df0b4a5256ea8d042f513fa67029 # 14:25 132- 6 Merge 'rcu/initexp.2015.07.17b' into devel-spot-201507260856 git bisect good 7bb0f150f4eb1828d188ddaf49ade5f2ea3f98d0 # 14:35 310+ 0 Merge 'tip/locking/urgent' into devel-spot-201507260856 git bisect good 1942d1b4023eefb9d0f2041315364a2dab4ad729 # 14:45 302+ 2 Merge 'tip/x86/microcode' into devel-spot-201507260856 git bisect good d483afc50a2be36f431b2a040e4a1c5bda7921bc # 14:54 310+ 0 Merge 'tip/x86/asm' into devel-spot-201507260856 git bisect bad 33d88a2ef400f09aa4e51724417ad9888fb99c79 # 15:00 72- 1 Merge 'trace/ftrace/core' into devel-spot-201507260856 git bisect good 5e2d5ef8ec1e3854daec41a3697a8d2ce05ff2ef # 15:11 310+ 0 ftrace: correct the counter increment for trace_buffer data git bisect good 9826b2733a4399149072058a11f611357479229d # 15:21 310+ 0 ring-buffer: Move the adding of the extended timestamp out of line git bisect bad a4543a2fa9ef31d6d0f854a4e14f8f82e7996d8d # 15:25 28- 2 ring-buffer: Get timestamp after event is allocated # first bad commit: [a4543a2fa9ef31d6d0f854a4e14f8f82e7996d8d] ring-buffer: Get timestamp after event is allocated git bisect good 9826b2733a4399149072058a11f611357479229d # 15:38 908+ 2 ring-buffer: Move the adding of the extended timestamp out of line # extra tests with DEBUG_INFO git bisect bad a4543a2fa9ef31d6d0f854a4e14f8f82e7996d8d # 15:43 31- 3 ring-buffer: Get timestamp after event is allocated # extra tests on HEAD of linux-devel/devel-spot-201507260856 git bisect bad 3505500da066c2d61724b028f64bc96fa2f709fa # 15:43 0- 8 0day head guard for 'devel-spot-201507260856' # extra tests on tree/branch trace/ftrace/core git bisect bad c93bf928fea22c61f6b5c04786b325c9bfbc0462 # 15:57 7- 1 ftrace: Format MCOUNT_ADDR address as type unsigned long # extra tests on tree/branch linus/master git bisect good 26ae19a3883c9d595e9100fd10b856a7cf1a949a # 16:20 910+ 0 Merge tag 'usb-4.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb # extra tests on tree/branch linux-next/master git bisect good e8e9cc31b0769f2152a6825560e4005b84b2c768 # 16:44 910+ 2 Add linux-next specific files for 20150724 This script may reproduce the error. ---------------------------------------------------------------------------- #!/bin/bash kernel=$1 initrd=yocto-minimal-x86_64.cgz wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd kvm=( qemu-system-x86_64 -enable-kvm -cpu Haswell,+smep,+smap -kernel $kernel -initrd $initrd -m 256 -smp 1 -device e1000,netdev=net0 -netdev user,id=net0 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -serial stdio -display none -monitor null ) append=( hung_task_panic=1 earlyprintk=ttyS0,115200 systemd.log_level=err debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw drbd.minor_count=8 ) "${kvm[@]}" --append "${append[*]}" ---------------------------------------------------------------------------- --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/lkp Intel Corporation

5 years, 9 months

1
0
0 / 0

[lkp] [sched/preempt] 103637a5b94: 12.4% fsmark.app_overhead, -1.4% fsmark.files_per_sec

by kernel test robot

FYI, we noticed the below changes on git://internal_merge_and_test_tree revert-103637a5b947af7e6abb8d19b341acff6fbf1ec3-103637a5b947af7e6abb8d19b341acff6fbf1ec3 commit 103637a5b947af7e6abb8d19b341acff6fbf1ec3 ("sched/preempt: Fix cond_resched_lock() and cond_resched_softirq()") ========================================================================================= tbox_group/testcase/rootfs/kconfig/compiler/cpufreq_governor/iterations/nr_threads/disk/fs/fs2/filesize/test_size/sync_method/nr_directories/nr_files_per_directory: nhm4/fsmark/debian-x86_64-2015-02-07.cgz/x86_64-rhel/gcc-4.9/performance/1x/32t/1HDD/f2fs/nfsv4/9B/400M/fsyncBeforeClose/16d/256fpd commit: 834b9279b37ad019272ff140497b1e07ab52d124 103637a5b947af7e6abb8d19b341acff6fbf1ec3 834b9279b37ad019 103637a5b947af7e6abb8d19b3 ---------------- -------------------------- %stddev %change %stddev \ | \ 10808007 ± 2% +12.4% 12147111 ± 3% fsmark.app_overhead 348.95 ± 0% -1.4% 343.95 ± 0% fsmark.files_per_sec 292.92 ± 0% +1.8% 298.06 ± 0% fsmark.time.elapsed_time 292.92 ± 0% +1.8% 298.06 ± 0% fsmark.time.elapsed_time.max 103928 ± 0% +13.9% 118415 ± 0% fsmark.time.involuntary_context_switches 468477 ± 0% -2.2% 458135 ± 0% fsmark.time.voluntary_context_switches 103928 ± 0% +13.9% 118415 ± 0% time.involuntary_context_switches 16609 ± 0% -2.1% 16267 ± 0% vmstat.system.in 4527868 ± 2% +25.9% 5698416 ± 2% latency_stats.sum.rpc_wait_bit_killable.__rpc_execute.rpc_execute.rpc_run_task.nfs4_call_sync_sequence.[nfsv4]._nfs4_proc_lookup.[nfsv4].nfs4_proc_lookup_common.[nfsv4].nfs4_proc_lookup.[nfsv4].nfs_lookup_revalidate.nfs4_lookup_revalidate.lookup_dcache.__lookup_hash 2.317e+09 ± 0% +5.5% 2.444e+09 ± 0% latency_stats.sum.rpc_wait_bit_killable.__rpc_wait_for_completion_task.nfs4_run_open_task.[nfsv4]._nfs4_open_and_get_state.[nfsv4].nfs4_do_open.[nfsv4].nfs4_atomic_open.[nfsv4].nfs_atomic_open.path_openat.do_filp_open.do_sys_open.SyS_open.entry_SYSCALL_64_fastpath 1.548e+09 ± 0% +2.9% 1.593e+09 ± 0% latency_stats.sum.wait_on_page_bit.filemap_fdatawait_range.filemap_write_and_wait_range.nfs4_file_fsync.[nfsv4].vfs_fsync_range.do_fsync.SyS_fsync.entry_SYSCALL_64_fastpath 3.399e+08 ± 1% +19.0% 4.043e+08 ± 2% cpuidle.C1-NHM.time 82737781 ± 0% +24.8% 1.032e+08 ± 0% cpuidle.C1E-NHM.time 141228 ± 0% +23.4% 174263 ± 0% cpuidle.C1E-NHM.usage 128964 ±154% +209.1% 398639 ± 26% cpuidle.POLL.time 3.47 ± 0% -2.5% 3.38 ± 0% turbostat.%Busy 110.25 ± 0% -2.0% 108.00 ± 0% turbostat.Avg_MHz 32.94 ± 0% +14.4% 37.69 ± 1% turbostat.CPU%c1 32.26 ± 1% -11.3% 28.62 ± 1% turbostat.CPU%c3 -2795 ± -9% -19.2% -2258 ± -4% sched_debug.cfs_rq[1]:/.spread0 3273 ± 4% +29.9% 4250 ± 10% sched_debug.cfs_rq[5]:/.avg->runnable_avg_sum 70.25 ± 4% +29.5% 91.00 ± 10% sched_debug.cfs_rq[5]:/.tg_runnable_contrib -2687 ± 0% -14.1% -2308 ± -2% sched_debug.cpu#0.nr_uninterruptible 333314 ± 74% -46.7% 177695 ± 3% sched_debug.cpu#0.ttwu_count 318.25 ± 11% -41.3% 186.75 ± 6% sched_debug.cpu#1.nr_uninterruptible 331.50 ± 9% -16.0% 278.50 ± 11% sched_debug.cpu#2.nr_uninterruptible 172.25 ± 21% +63.6% 281.75 ± 14% sched_debug.cpu#3.nr_uninterruptible 753.75 ± 2% +38.7% 1045 ± 4% sched_debug.cpu#4.nr_uninterruptible 839497 ±169% -98.0% 16681 ± 1% sched_debug.cpu#4.ttwu_local 392.00 ± 3% -50.6% 193.50 ± 12% sched_debug.cpu#5.nr_uninterruptible 12.50 ± 35% +272.0% 46.50 ± 73% sched_debug.cpu#6.cpu_load[0] 385.00 ± 7% -53.0% 181.00 ± 8% sched_debug.cpu#6.nr_uninterruptible 362.00 ± 2% -53.8% 167.25 ± 15% sched_debug.cpu#7.nr_uninterruptible nhm4: Nehalem Memory: 4G fsmark.files_per_sec 352 *+-*-------------------------*-----*--*-------------------------------+ 351 ++ *.. .. : : : | | . . : : : | 350 ++ *.. .* : : : | 349 ++ *..*..*..*. * *...*..*..* | | | 348 ++ | 347 ++ | 346 ++ | O O O O O O O O | 345 ++ O O O 344 ++ O O O | | | 343 ++ O O O O O O O O O | 342 ++--------------------------------------------------------------------+ fsmark.time.elapsed_time 299 ++--------------------------------------------------------------------+ | O O O O O O O O O | 298 ++ O O O O O O O O O 297 O+ O O O | | O | 296 ++ | 295 ++ | | | 294 ++ *..*.. | 293 ++ .. *.. *...*..*.. | *.. *...* *..*... .*.. + * | 292 ++ .. *. *.. + | 291 ++ * * | | | 290 ++--------------------------------------------------------------------+ fsmark.time.elapsed_time.max 299 ++--------------------------------------------------------------------+ | O O O O O O O O O | 298 ++ O O O O O O O O O 297 O+ O O O | | O | 296 ++ | 295 ++ | | | 294 ++ *..*.. | 293 ++ .. *.. *...*..*.. | *.. *...* *..*... .*.. + * | 292 ++ .. *. *.. + | 291 ++ * * | | | 290 ++--------------------------------------------------------------------+ fsmark.time.voluntary_context_switches 470000 ++--------------------------------*--------------------------------+ | *..*. *.. .*..*..* | 468000 *+.*..*.. .*..*..*.. .. *. | 466000 ++ *. .* | | *. | 464000 ++ | | | 462000 ++ | | | 460000 ++ | 458000 ++ O O O O O O O O | O O O O O O O O | 456000 O+ O O O O O O | | | 454000 ++-----------------------------------------------------------------+ fsmark.time.involuntary_context_switches 120000 ++-----------------------------------------------------------------+ | O O O O O O 118000 O+ O O O O O O O | 116000 ++ O O O O O O O O O | | | 114000 ++ | 112000 ++ | | | 110000 ++ | 108000 ++ | | | 106000 ++ | 104000 *+.*..*..*..*.. .*..*...*..*.. .*..* | | *..*..*..*. *..*. | 102000 ++-----------------------------------------------------------------+ time.involuntary_context_switches 120000 ++-----------------------------------------------------------------+ | O O O O O O 118000 O+ O O O O O O O | 116000 ++ O O O O O O O O O | | | 114000 ++ | 112000 ++ | | | 110000 ++ | 108000 ++ | | | 106000 ++ | 104000 *+.*..*..*..*.. .*..*...*..*.. .*..* | | *..*..*..*. *..*. | 102000 ++-----------------------------------------------------------------+ [*] bisect-good sample [O] bisect-bad sample To reproduce: git clone git://git.kernel.org/pub/scm/linux/kernel/git/wfg/lkp-tests.git cd lkp-tests bin/lkp install job.yaml # job file is attached in this email bin/lkp run job.yaml Disclaimer: Results have been estimated based on internal Intel analysis and are provided for informational purposes only. Any difference in system hardware or software design or configuration may affect actual performance. Thanks, Ying Huang

5 years, 9 months

3
2
0 / 0

[netfilter] [ INFO: possible recursive locking detected ]

by kernel test robot

Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is git://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next.git master commit 085db2c04557d31db61541f361bd8b4de92c9939 Author: Eric W. Biederman <ebiederm(a)xmission.com> AuthorDate: Fri Jul 10 18:15:06 2015 -0500 Commit: Pablo Neira Ayuso <pablo(a)netfilter.org> CommitDate: Wed Jul 15 18:17:26 2015 +0200 netfilter: Per network namespace netfilter hooks. - Add a new set of functions for registering and unregistering per network namespace hooks. - Modify the old global namespace hook functions to use the per network namespace hooks in their implementation, so their remains a single list that needs to be walked for any hook (this is important for keeping the hook priority working and for keeping the code walking the hooks simple). - Only allow registering the per netdevice hooks in the network namespace where the network device lives. - Dynamically allocate the structures in the per network namespace hook list in nf_register_net_hook, and unregister them in nf_unregister_net_hook. Dynamic allocate is required somewhere as the number of network namespaces are not fixed so we might as well allocate them in the registration function. The chain of registered hooks on any list is expected to be small so the cost of walking that list to find the entry we are unregistering should also be small. Performing the management of the dynamically allocated list entries in the registration and unregistration functions keeps the complexity from spreading. Signed-off-by: "Eric W. Biederman" <ebiederm(a)xmission.com> +--------------------------------------------------+------------+------------+------------+ | | 0edcf282b0 | 085db2c045 | 21c41bab2b | +--------------------------------------------------+------------+------------+------------+ | boot_successes | 580 | 86 | 28 | | boot_failures | 0 | 13 | 7 | | INFO:possible_recursive_locking_detected | 0 | 13 | 7 | | backtrace:cleanup_net | 0 | 13 | 7 | | INFO:task_blocked_for_more_than#seconds | 0 | 7 | 7 | | INFO:lockdep_is_turned_off | 0 | 7 | 7 | | EIP_is_at_default_send_IPI_mask_logical | 0 | 7 | 6 | | Kernel_panic-not_syncing:hung_task:blocked_tasks | 0 | 7 | 6 | | backtrace:reg_check_chans_work | 0 | 5 | 1 | | backtrace:watchdog | 0 | 7 | 6 | | backtrace:reg_timeout_work | 0 | 2 | 6 | | BUG:kernel_test_hang | 0 | 0 | 1 | | backtrace:do_vfs_ioctl | 0 | 0 | 1 | | backtrace:SyS_ioctl | 0 | 0 | 1 | +--------------------------------------------------+------------+------------+------------+ [ 37.424659] VFS: Warning: trinity-c0 using old stat() call. Recompile your binary. [ 37.583903] [ 37.584142] ============================================= [ 37.584891] [ INFO: possible recursive locking detected ] [ 37.585617] 4.2.0-rc2-00147-g085db2c #2 Not tainted [ 37.586311] --------------------------------------------- [ 37.586674] kworker/u2:1/123 is trying to acquire lock: [ 37.586674] (rtnl_mutex){+.+.+.}, at: [<41bed15f>] rtnl_lock+0xf/0x20 [ 37.586674] [ 37.586674] but task is already holding lock: [ 37.586674] (rtnl_mutex){+.+.+.}, at: [<41bed15f>] rtnl_lock+0xf/0x20 [ 37.586674] [ 37.586674] other info that might help us debug this: [ 37.586674] Possible unsafe locking scenario: [ 37.586674] [ 37.586674] CPU0 [ 37.586674] ---- [ 37.586674] lock(rtnl_mutex); [ 37.586674] lock(rtnl_mutex); [ 37.586674] [ 37.586674] *** DEADLOCK *** [ 37.586674] [ 37.586674] May be due to missing lock nesting notation [ 37.586674] [ 37.586674] 4 locks held by kworker/u2:1/123: [ 37.586674] #0: ("%s""netns"){.+.+.+}, at: [<4105d076>] process_one_work+0x116/0x410 [ 37.586674] #1: (net_cleanup_work){+.+.+.}, at: [<4105d076>] process_one_work+0x116/0x410 [ 37.586674] #2: (net_mutex){+.+.+.}, at: [<41bd4251>] cleanup_net+0x61/0x220 [ 37.586674] #3: (rtnl_mutex){+.+.+.}, at: [<41bed15f>] rtnl_lock+0xf/0x20 [ 37.586674] [ 37.586674] stack backtrace: [ 37.586674] CPU: 0 PID: 123 Comm: kworker/u2:1 Not tainted 4.2.0-rc2-00147-g085db2c #2 [ 37.586674] Workqueue: netns cleanup_net [ 37.586674] 42bd8b00 42bd8b00 4dd09d1c 41e79a16 4dd09d98 4107dda6 422d747e 4dd06cb4 [ 37.586674] 0000007b 4dd06a40 00000004 00000004 1c100000 1c100080 4dd07410 4dd06a40 [ 37.586674] 00000003 4dd07400 00000000 00000004 4dd073d4 0001a48d 422db5d0 42b95140 [ 37.586674] Call Trace: [ 37.586674] [<41e79a16>] dump_stack+0x16/0x18 [ 37.586674] [<4107dda6>] __lock_acquire+0x19a6/0x1b90 [ 37.586674] [<4107e986>] lock_acquire+0x86/0xb0 [ 37.586674] [<41bed15f>] ? rtnl_lock+0xf/0x20 [ 37.586674] [<41e862e1>] mutex_lock_nested+0x61/0x360 [ 37.586674] [<41bed15f>] ? rtnl_lock+0xf/0x20 [ 37.586674] [<41bed15f>] ? rtnl_lock+0xf/0x20 [ 37.586674] [<41bed15f>] rtnl_lock+0xf/0x20 [ 37.586674] [<41c0c910>] nf_queue_nf_hook_drop+0x10/0x170 [ 37.586674] [<41c0ad35>] nf_unregister_net_hook+0xd5/0x160 [ 37.586674] [<41c0ade9>] netfilter_net_exit+0x29/0x50 [ 37.586674] [<41bd372e>] ops_exit_list+0x2e/0x50 [ 37.586674] [<41bd435e>] cleanup_net+0x16e/0x220 [ 37.586674] [<4105d0f0>] process_one_work+0x190/0x410 [ 37.586674] [<4105d076>] ? process_one_work+0x116/0x410 [ 37.586674] [<4105d429>] ? worker_thread+0xb9/0x440 [ 37.586674] [<4105d3a9>] worker_thread+0x39/0x440 [ 37.586674] [<4105d370>] ? process_one_work+0x410/0x410 [ 37.586674] [<410631d0>] kthread+0xb0/0xd0 [ 37.586674] [<4107a0eb>] ? trace_hardirqs_on+0xb/0x10 [ 37.586674] [<41e8a580>] ret_from_kernel_thread+0x20/0x30 [ 37.586674] [<41063120>] ? __kthread_unpark+0x30/0x30 [ 37.657380] VFS: Warning: trinity-c0 using old stat() call. Recompile your binary. Deconfiguring network interfaces... [ 95.626697] cfg80211: Verifying active interfaces after reg change [ 240.110021] INFO: task kworker/0:1:18 blocked for more than 120 seconds. [ 240.112798] Not tainted 4.2.0-rc2-00147-g085db2c #2 [ 240.113554] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 240.114421] kworker/0:1 D 00000246 6300 18 2 0x00000000 [ 240.115349] Workqueue: events_power_efficient reg_check_chans_work [ 240.116058] 401e7e0c 00000002 00000002 00000246 00000000 401e4480 401e8000 00000246 [ 240.117108] 401e4480 401e7e18 41e851fa 426e91c0 401e7e20 41e8525e 401e7e60 41e863bb [ 240.118110] 00000000 00000001 00000000 41bed15f 426e91ec 41bed15f 426e91fc 426e91ec [ 240.119129] Call Trace: [ 240.119425] [<41e851fa>] schedule+0x2a/0x80 [ 240.119901] [<41e8525e>] schedule_preempt_disabled+0xe/0x20 [ 240.120542] [<41e863bb>] mutex_lock_nested+0x13b/0x360 [ 240.121215] [<41bed15f>] ? rtnl_lock+0xf/0x20 [ 240.121705] [<41bed15f>] ? rtnl_lock+0xf/0x20 [ 240.122229] [<41bed15f>] rtnl_lock+0xf/0x20 [ 240.122696] [<41de26ea>] reg_check_chans_work+0x1a/0x260 [ 240.123308] [<4105d076>] ? process_one_work+0x116/0x410 [ 240.123919] [<4105d0f0>] process_one_work+0x190/0x410 [ 240.124484] [<4105d076>] ? process_one_work+0x116/0x410 [ 240.125135] [<4105d429>] ? worker_thread+0xb9/0x440 [ 240.125723] [<4105d3a9>] worker_thread+0x39/0x440 [ 240.126257] [<4105d370>] ? process_one_work+0x410/0x410 [ 240.126866] [<410631d0>] kthread+0xb0/0xd0 [ 240.127353] [<4107a0eb>] ? trace_hardirqs_on+0xb/0x10 [ 240.127923] [<41e8a580>] ret_from_kernel_thread+0x20/0x30 [ 240.128517] [<41063120>] ? __kthread_unpark+0x30/0x30 [ 240.129181] INFO: lockdep is turned off. [ 240.129626] sending NMI to all CPUs: [ 240.130163] NMI backtrace for cpu 0 [ 240.130554] CPU: 0 PID: 11 Comm: khungtaskd Not tainted 4.2.0-rc2-00147-g085db2c #2 [ 240.131386] task: 401442c0 ti: 40146000 task.ti: 40146000 [ 240.132011] EIP: 0060:[<41030c8c>] EFLAGS: 00000046 CPU: 0 [ 240.132603] EIP is at default_send_IPI_mask_logical+0x8c/0xf0 [ 240.133298] EAX: fffff000 EBX: 01000000 ECX: fffff000 EDX: 00000c00 [ 240.133993] ESI: 00000202 EDI: 00000002 EBP: 40147ec8 ESP: 40147eb8 [ 240.134669] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 [ 240.136210] CR0: 80050033 CR2: 09cfa090 CR3: 0df6ab40 CR4: 000407f0 [ 240.137022] DR0: 36eaa000 DR1: 08421000 DR2: 0841c000 DR3: 00000000 [ 240.137788] DR6: ffff0ff0 DR7: 00000600 [ 240.138234] Stack: [ 240.138505] 00000800 401e4480 00000002 401e45b0 40147ee4 41031716 422d4e12 422fbb1c [ 240.139487] 40147ee4 401e4480 00000002 40147f24 410c020e 422e0704 427a1590 42453486 [ 240.140414] 00000002 424534c7 00000078 401e4674 401e4480 000003ee 00007fee 401e4674 [ 240.141381] Call Trace: [ 240.141685] [<41031716>] arch_trigger_all_cpu_backtrace+0x176/0x1f0 [ 240.142438] [<410c020e>] watchdog+0x3de/0x480 [ 240.143313] [<410bfe30>] ? hung_task_panic+0x20/0x20 [ 240.143925] [<410631d0>] kthread+0xb0/0xd0 [ 240.144470] [<4107a0eb>] ? trace_hardirqs_on+0xb/0x10 [ 240.145086] [<41e8a580>] ret_from_kernel_thread+0x20/0x30 [ 240.145728] [<41063120>] ? __kthread_unpark+0x30/0x30 [ 240.146378] Code: 81 00 d3 ff ff f6 c4 10 75 ed c1 e3 18 89 99 10 d3 ff ff 89 f8 09 d0 80 ce 04 83 ff 02 0f 45 d0 a1 6c 74 46 42 89 90 00 d3 ff ff <f7> c6 00 02 00 00 74 1c e8 47 94 04 00 89 f0 50 9d 8d 74 26 00 [ 240.148606] Kernel panic - not syncing: hung_task: blocked tasks [ 240.149365] CPU: 0 PID: 11 Comm: khungtaskd Not tainted 4.2.0-rc2-00147-g085db2c #2 [ 240.150345] 401e4480 401e4480 40147ecc 41e79a16 40147ee4 41e78b8e 00000002 401e4480 [ 240.151438] 00000002 401e45b0 40147f24 410c021a 422d9504 427a1590 42453486 00000002 [ 240.151921] 424534c7 00000078 401e4674 401e4480 000003ee 00007fee 401e4674 4013b8a0 [ 240.151921] Call Trace: [ 240.151921] [<41e79a16>] dump_stack+0x16/0x18 [ 240.151921] [<41e78b8e>] panic+0x81/0x175 [ 240.151921] [<410c021a>] watchdog+0x3ea/0x480 [ 240.151921] [<410bfe30>] ? hung_task_panic+0x20/0x20 [ 240.151921] [<410631d0>] kthread+0xb0/0xd0 [ 240.151921] [<4107a0eb>] ? trace_hardirqs_on+0xb/0x10 [ 240.151921] [<41e8a580>] ret_from_kernel_thread+0x20/0x30 [ 240.151921] [<41063120>] ? __kthread_unpark+0x30/0x30 [ 240.151921] Kernel Offset: disabled Elapsed time: 250 git bisect start 21c41bab2b56f30e2200fd296e3f67af6b40e1f9 52721d9d3334c1cb1f76219a161084094ec634dc -- git bisect good ba4be4a88186b9c33e66155ec2c78b1966655c38 # 02:29 72+ 1 Merge 'kees/gcc-bug' into devel-spot-201507250731 git bisect good d42c23df778699e5ad1a4e00470410951bb36c12 # 02:34 72+ 0 Merge 'mcoquelin-sti/sti-soc-for-v4.3' into devel-spot-201507250731 git bisect good c9be260e660dd9ffdc3cc949a160268dc30123f5 # 02:42 72+ 0 Merge 'kgene-samsung/v4.3-next/cpufreq-clk-samsung' into devel-spot-201507250731 git bisect good 4f3776fa21e5c0edc5df3f6edb501001bfce09dd # 02:48 72+ 0 Merge 'asoc/topic/rt5645' into devel-spot-201507250731 git bisect good 8e58de4819e5c99d8649746a263206e16699ef35 # 02:50 68+ 0 Merge 'gabbayo/amdkfd-next' into devel-spot-201507250731 git bisect good 6d4e16af33c25af2768b0951aae5048d9d321e38 # 02:53 72+ 2 Merge 'ak/perf/skl-tools3' into devel-spot-201507250731 git bisect good 5054e47bfce0231e2f25bca275076c19d2d7acbb # 03:01 67+ 0 Merge 'shawnguo/imx/soc' into devel-spot-201507250731 git bisect bad c4e279d8b92fb2e1eba93d90251bdf5a35ac0ef8 # 03:06 5- 1 Merge 'ipvs-next/master' into devel-spot-201507250731 git bisect bad fd2ecda0341960d0ce361d648cf4dd98187afb06 # 03:11 5- 1 netfilter: nftables: Only run the nftables chains in the proper netns git bisect good 4c0911566dec7755d15cb89239fb2db4447f7a62 # 03:20 92+ 0 netfilter: Simply the tests for enabling and disabling the ingress queue hook git bisect bad 085db2c04557d31db61541f361bd8b4de92c9939 # 03:25 17- 1 netfilter: Per network namespace netfilter hooks. git bisect good 0edcf282b0a6f38168294264837cf7d52a2f5255 # 03:32 198+ 0 netfilter: Factor out the hook list selection from nf_register_hook # first bad commit: [085db2c04557d31db61541f361bd8b4de92c9939] netfilter: Per network namespace netfilter hooks. git bisect good 0edcf282b0a6f38168294264837cf7d52a2f5255 # 03:41 576+ 0 netfilter: Factor out the hook list selection from nf_register_hook # extra tests with DEBUG_INFO git bisect bad 085db2c04557d31db61541f361bd8b4de92c9939 # 03:46 5- 2 netfilter: Per network namespace netfilter hooks. # extra tests on HEAD of linux-devel/devel-spot-201507250731 git bisect bad 781d0e66eb2b8fecee2c3ff3f079e90267721348 # 03:46 0- 6 0day head guard for 'devel-spot-201507250731' # extra tests on tree/branch ipvs-next/master git bisect bad 7ef19cacacdc52e295245292d6aedcb15fc3863b # 04:20 1- 2 ipvs: Add ovf scheduler # extra tests with first bad commit reverted # extra tests on tree/branch linus/master git bisect good 763e326c8bcded22460fb25def2ed0e2459dcc8d # 04:39 580+ 2 Merge tag 'trace-v4.2-rc2-fix3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace # extra tests on tree/branch linux-next/master git bisect good e8e9cc31b0769f2152a6825560e4005b84b2c768 # 04:55 572+ 2 Add linux-next specific files for 20150724 This script may reproduce the error. ---------------------------------------------------------------------------- #!/bin/bash kernel=$1 initrd=yocto-minimal-i386.cgz wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd kvm=( qemu-system-x86_64 -enable-kvm -cpu Haswell,+smep,+smap -kernel $kernel -initrd $initrd -m 256 -smp 1 -device e1000,netdev=net0 -netdev user,id=net0 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -serial stdio -display none -monitor null ) append=( hung_task_panic=1 earlyprintk=ttyS0,115200 systemd.log_level=err debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw drbd.minor_count=8 ) "${kvm[@]}" --append "${append[*]}" ---------------------------------------------------------------------------- --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/lkp Intel Corporation

5 years, 9 months

1
0
0 / 0

2021

2020

2019

2018

2017

2016

2015

2014

2013

LKP July 2015