October 2023 - Lkft-triage - lists.linaro.org

selftests: ftrace: Internal error: Oops: sve_save_state

by Naresh Kamboju

Following kernel crash noticed while running selftests: ftrace: ftracetest-ktap on FVP models running stable-rc 6.5.8-rc2. This is not an easy to reproduce issue and not seen on mainline and next. We are investigating this report. Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> Reported-by: Naresh Kamboju <naresh.kamboju(a)linaro.org> Test log: ---------- kselftest: Running tests in ftrace TAP version 13 1..1 # timeout set to 0 # selftests: ftrace: ftracetest-ktap # TAP version 13 # 1..129 # ok 1 Basic trace file check # ok 2 Basic test for tracers # ok 3 Basic trace clock test # ok 4 Basic event tracing check # ok 5 Change the ringbuffer size # ok 6 Snapshot and tracing setting # ok 7 Snapshot and tracing_cpumask # ok 8 trace_pipe and trace_marker [ 471.689140] [ 471.689264] ********************************************************** [ 471.689422] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 471.689574] ** ** [ 471.689716] ** trace_printk() being used. Allocating extra memory. ** [ 471.689878] ** ** [ 471.690031] ** This means that this is a DEBUG kernel and it is ** [ 471.690183] ** unsafe for production use. ** [ 471.690335] ** ** [ 471.690487] ** If you see this message and you are not debugging ** [ 471.690728] ** the kernel, report this immediately to your vendor! ** [ 471.690881] ** ** [ 471.691033] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 471.691185] ********************************************************** [ 543.243648] hrtimer: interrupt took 11937170 ns [ 764.987161] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 [ 764.992518] Mem abort info: [ 764.995330] ESR = 0x0000000096000044 [ 764.998562] EC = 0x25: DABT (current EL), IL = 32 bits [ 765.002434] SET = 0, FnV = 0 [ 765.005361] EA = 0, S1PTW = 0 [ 765.008327] FSC = 0x04: level 0 translation fault [ 765.012011] Data abort info: [ 765.014858] ISV = 0, ISS = 0x00000044, ISS2 = 0x00000000 [ 765.018797] CM = 0, WnR = 1, TnD = 0, TagAccess = 0 [ 765.022562] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 765.026438] user pgtable: 4k pages, 48-bit VAs, pgdp=00000008848bd000 [ 765.030782] [0000000000000000] pgd=0000000000000000, p4d=0000000000000000 [ 765.037045] Internal error: Oops: 0000000096000044 [#1] PREEMPT SMP [ 765.038392] Modules linked in: ftrace_direct pl111_drm arm_spe_pmu drm_dma_helper crct10dif_ce panel_simple drm_kms_helper fuse drm dm_mod ip_tables x_tables [last unloaded: ftrace_direct] [ 765.044892] CPU: 3 PID: 808 Comm: rmmod Not tainted 6.5.8-rc2 #1 [ 765.046192] Hardware name: FVP Base RevC (DT) [ 765.047264] pstate: 234020c9 (nzCv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--) [ 765.048693] pc : sve_save_state+0x4/0xf0 [ 765.049820] lr : fpsimd_save+0x1b8/0x218 [ 765.050933] sp : ffff800080a83ac0 [ 765.051871] x29: ffff800080a83ac0 x28: ffff000805257058 x27: 0000000000000001 [ 765.054108] x26: 0000000000000000 x25: ffffd7c64d332980 x24: 0000000000000000 [ 765.056341] x23: 0000000000000001 x22: ffff284232103000 x21: 0000000000000040 [ 765.058575] x20: ffff00087f7470b0 x19: ffffd7c64d6440b0 x18: 0000000000000000 [ 765.060811] x17: 0000000000000000 x16: ffff800080018000 x15: 0000000000000000 [ 765.063041] x14: 0000000000000000 x13: 0000000000000000 x12: 0000380a873b560e [ 765.065277] x11: ffffd7c64e0ae390 x10: ffff800080a83b10 x9 : ffffd7c64b5b7710 [ 765.067516] x8 : ffff800080a839b8 x7 : 000000000000001e x6 : ffff00080000c200 [ 765.069752] x5 : ffffd7c64b78cc30 x4 : 0000000000000000 x3 : 0000000000000000 [ 765.071983] x2 : 0000000000000001 x1 : ffff000805257820 x0 : 0000000000000880 [ 765.074221] Call trace: [ 765.075045] sve_save_state+0x4/0xf0 [ 765.076138] fpsimd_thread_switch+0x2c/0xe8 [ 765.077305] __switch_to+0x20/0x158 [ 765.078384] __schedule+0x2cc/0xb38 [ 765.079464] preempt_schedule_irq+0x44/0xa8 [ 765.080633] el1_interrupt+0x4c/0x68 [ 765.081691] el1h_64_irq_handler+0x18/0x28 [ 765.082829] el1h_64_irq+0x64/0x68 [ 765.083874] ftrace_return_to_handler+0x98/0x158 [ 765.085090] return_to_handler+0x20/0x48 [ 765.086205] do_sve_acc+0x64/0x128 [ 765.087272] el0_sve_acc+0x3c/0xa0 [ 765.088356] el0t_64_sync_handler+0x114/0x130 [ 765.089524] el0t_64_sync+0x190/0x198 [ 765.090712] Code: d51b4408 d65f03c0 d503201f d503245f (e5bb5800) [ 765.092024] ---[ end trace 0000000000000000 ]--- [ 765.904294] pstore: backend (efi_pstore) writing error (-5) [ 765.905531] note: rmmod[808] exited with irqs disabled Links: test log link: - https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.5.y/build/v6.5.7… Details of tests: - https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2WrHwIIFdZ… Build link: - https://storage.tuxsuite.com/public/linaro/lkft/builds/2WrHvExYOOOZVoxlISTd… -- Linaro LKFT https://lkft.linaro.org

2 months, 3 weeks

6
12
0 0

selftests: gpio: crash on arm64

by Naresh Kamboju

Following kernel warnings and crash notices on arm64 Rpi4 device while running selftests: gpio on Linux mainline 6.3.0-rc1 kernel and Linux next. Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> Please refer to test log links for detailed test plan and kernel crash logs. It is reproducible on arm64 juno-r2, Rpi4 and Qualcomm dragonboard 410c and qemu-arm64. Test log: ----------- kselftest: Running tests in gpio TAP version 13 1..2 # selftests: gpio: gpio-mockup.sh # 1. Module load tests [ 61.176149] ============================================================================= [ 61.176802] [ 61.176807] ====================================================== [ 61.176809] WARNING: possible circular locking dependency detected [ 61.176811] 6.3.0-rc1-next-20230307 #1 Not tainted [ 61.176814] ------------------------------------------------------ [ 61.176816] modprobe/510 is trying to acquire lock: [ 61.176818] ffff80000b2284e8 (console_owner){..-.}-{0:0}, at: console_flush_all (kernel/printk/printk.c:2879 kernel/printk/printk.c:2942) [ 61.176846] [ 61.176846] but task is already holding lock: [ 61.176848] ffff000040000698 (&n->list_lock){-.-.}-{2:2}, at: get_partial_node.part.0 (mm/slub.c:2271) [ 61.176861] [ 61.176861] which lock already depends on the new lock. [ 61.176861] [ 61.176863] [ 61.176863] the existing dependency chain (in reverse order) is: [ 61.176864] [ 61.176864] -> #2 (&n->list_lock){-.-.}-{2:2}: [ 61.176871] lock_acquire (kernel/locking/lockdep.c:5673) [ 61.176879] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 61.176885] get_partial_node.part.0 (mm/slub.c:2271) [ 61.176890] ___slab_alloc (mm/slub.c:2268 mm/slub.c:2386 mm/slub.c:3188) [ 61.176894] __slab_alloc.constprop.0 (mm/slub.c:3292) [ 61.176899] __kmem_cache_alloc_node (mm/slub.c:3345 mm/slub.c:3442 mm/slub.c:3491) [ 61.176903] __kmalloc (mm/slab_common.c:968 mm/slab_common.c:980) [ 61.176908] tty_buffer_alloc (drivers/tty/tty_buffer.c:182) [ 61.176914] __tty_buffer_request_room (drivers/tty/tty_buffer.c:279) [ 61.176919] __tty_insert_flip_char (drivers/tty/tty_buffer.c:398) [ 61.176924] uart_insert_char (drivers/tty/serial/serial_core.c:3341) [ 61.176929] pl011_fifo_to_tty.isra.0 (drivers/tty/serial/amba-pl011.c:314) [ 61.176934] pl011_int (include/linux/spinlock.h:390 drivers/tty/serial/amba-pl011.c:1396 drivers/tty/serial/amba-pl011.c:1571) [ 61.176937] __handle_irq_event_percpu (kernel/irq/handle.c:158) [ 61.176941] handle_irq_event (kernel/irq/handle.c:193 kernel/irq/handle.c:210) [ 61.176944] handle_fasteoi_irq (kernel/irq/chip.c:716) [ 61.176950] generic_handle_domain_irq (kernel/irq/irqdesc.c:652 kernel/irq/irqdesc.c:707) [ 61.176953] gic_handle_irq (arch/arm64/include/asm/io.h:75 include/asm-generic/io.h:335 drivers/irqchip/irq-gic.c:344) [ 61.176958] call_on_irq_stack (arch/arm64/kernel/entry.S:905) [ 61.176962] do_interrupt_handler (arch/arm64/kernel/entry-common.c:274) [ 61.176968] el1_interrupt (arch/arm64/kernel/entry-common.c:472 arch/arm64/kernel/entry-common.c:486) [ 61.176971] el1h_64_irq_handler (arch/arm64/kernel/entry-common.c:492) [ 61.176975] el1h_64_irq (arch/arm64/kernel/entry.S:587) [ 61.176978] __kmem_cache_alloc_node (mm/slub.c:3490) [ 61.176983] kmalloc_trace (mm/slab_common.c:1064 (discriminator 4)) [ 61.176986] inet6_dump_fib (net/ipv6/ip6_fib.c:657) [ 61.176991] rtnl_dump_all (net/core/rtnetlink.c:3964) [ 61.176997] netlink_dump (net/netlink/af_netlink.c:2296) [ 61.177004] netlink_recvmsg (net/netlink/af_netlink.c:2024) [ 61.177009] ____sys_recvmsg (net/socket.c:1015 net/socket.c:1036 net/socket.c:2723) [ 61.177014] ___sys_recvmsg (net/socket.c:2765) [ 61.177019] __sys_recvmsg (include/linux/file.h:31 net/socket.c:2797) [ 61.177025] __arm64_sys_recvmsg (net/socket.c:2802) [ 61.177030] invoke_syscall (arch/arm64/include/asm/current.h:19 arch/arm64/kernel/syscall.c:57) [ 61.177037] el0_svc_common.constprop.0 (arch/arm64/kernel/syscall.c:149) [ 61.177043] do_el0_svc (arch/arm64/kernel/syscall.c:194) [ 61.177049] el0_svc (arch/arm64/include/asm/daifflags.h:28 arch/arm64/kernel/entry-common.c:133 arch/arm64/kernel/entry-common.c:142 arch/arm64/kernel/entry-common.c:638) [ 61.177052] el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:656) [ 61.177055] el0t_64_sync (arch/arm64/kernel/entry.S:591) [ 61.177058] [ 61.177058] -> #1 (&port_lock_key){-.-.}-{2:2}: [ 61.177065] lock_acquire (kernel/locking/lockdep.c:5673) [ 61.177071] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 61.177074] serial8250_console_write (drivers/tty/serial/8250/8250_port.c:3394) [ 61.177082] univ8250_console_write (drivers/tty/serial/8250/8250_core.c:585) [ 61.177087] console_flush_all (kernel/printk/printk.c:2888 kernel/printk/printk.c:2942) [ 61.177093] console_unlock.part.0 (kernel/printk/printk.c:3017) [ 61.177098] vprintk_emit (kernel/printk/printk.c:2317) [ 61.177104] vprintk_default (kernel/printk/printk.c:2328) [ 61.177110] vprintk (kernel/printk/printk_safe.c:50) [ 61.177116] _printk (kernel/printk/printk.c:2341) [ 61.177121] register_console (kernel/printk/printk.c:3468) [ 61.177126] uart_add_one_port (drivers/tty/serial/serial_core.c:2579 drivers/tty/serial/serial_core.c:3100) [ 61.177130] serial8250_register_8250_port (drivers/tty/serial/8250/8250_core.c:1093) [ 61.177135] bcm2835aux_serial_probe (drivers/tty/serial/8250/8250_bcm2835aux.c:184) [ 61.177141] platform_probe (drivers/base/platform.c:1405) [ 61.177148] really_probe (drivers/base/dd.c:552 drivers/base/dd.c:631) [ 61.177152] __driver_probe_device (drivers/base/dd.c:768) [ 61.177157] driver_probe_device (drivers/base/dd.c:798) [ 61.177161] __driver_attach (drivers/base/dd.c:1185) [ 61.177166] bus_for_each_dev (drivers/base/bus.c:368) [ 61.177170] driver_attach (drivers/base/dd.c:1202) [ 61.177173] bus_add_driver (drivers/base/bus.c:673) [ 61.177177] driver_register (drivers/base/driver.c:246) [ 61.177182] __platform_driver_register (drivers/base/platform.c:868) [ 61.177188] bcm2835aux_serial_driver_init (drivers/tty/serial/8250/8250_bcm2835aux.c:233) [ 61.177195] do_one_initcall (init/main.c:1306) [ 61.177199] kernel_init_freeable (init/main.c:1378 init/main.c:1395 init/main.c:1414 init/main.c:1634) [ 61.177207] kernel_init (init/main.c:1524) [ 61.177212] ret_from_fork (arch/arm64/kernel/entry.S:871) [ 61.177216] [ 61.177216] -> #0 (console_owner){..-.}-{0:0}: [ 61.177222] __lock_acquire (kernel/locking/lockdep.c:3099 kernel/locking/lockdep.c:3217 kernel/locking/lockdep.c:3832 kernel/locking/lockdep.c:5056) [ 61.177228] lock_acquire.part.0 (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5671) [ 61.177233] lock_acquire (kernel/locking/lockdep.c:5673) [ 61.177238] console_flush_all (kernel/printk/printk.c:2883 kernel/printk/printk.c:2942) [ 61.177244] console_unlock.part.0 (kernel/printk/printk.c:3017) [ 61.177250] vprintk_emit (kernel/printk/printk.c:2317) [ 61.177255] vprintk_default (kernel/printk/printk.c:2328) [ 61.177261] vprintk (kernel/printk/printk_safe.c:50) [ 61.177267] _printk (kernel/printk/printk.c:2341) [ 61.177271] slab_bug (mm/slub.c:892) [ 61.177274] check_bytes_and_report (mm/slub.c:1054) [ 61.177279] check_object (mm/slub.c:1196 (discriminator 2)) [ 61.177283] alloc_debug_processing (mm/slub.c:1415 mm/slub.c:1425) [ 61.177287] get_partial_node.part.0 (mm/slub.c:2146 mm/slub.c:2279) [ 61.177291] ___slab_alloc (mm/slub.c:2268 mm/slub.c:2386 mm/slub.c:3188) [ 61.177295] __slab_alloc.constprop.0 (mm/slub.c:3292) [ 61.177300] __kmem_cache_alloc_node (mm/slub.c:3345 mm/slub.c:3442 mm/slub.c:3491) [ 61.177304] kmalloc_trace (mm/slab_common.c:1064 (discriminator 4)) [ 61.177308] device_add (drivers/base/core.c:3436 drivers/base/core.c:3486) [ 61.177311] platform_device_add (drivers/base/platform.c:717) [ 61.177317] platform_device_register_full (drivers/base/platform.c:844) [ 61.177323] gpio_mockup_register_chip+0x1ec/0x2b8 gpio_mockup [ 61.177342] gpio_mockup_init+0xf0/0xd40 gpio_mockup [ 61.177352] do_one_initcall (init/main.c:1306) [ 61.177356] do_init_module (kernel/module/main.c:2457) [ 61.177363] load_module (kernel/module/main.c:2859) [ 61.177369] __do_sys_finit_module (kernel/module/main.c:2961) [ 61.177375] __arm64_sys_finit_module (kernel/module/main.c:2928) [ 61.177381] invoke_syscall (arch/arm64/include/asm/current.h:19 arch/arm64/kernel/syscall.c:57) [ 61.177387] el0_svc_common.constprop.0 (arch/arm64/kernel/syscall.c:149) [ 61.177393] do_el0_svc (arch/arm64/kernel/syscall.c:194) [ 61.177398] el0_svc (arch/arm64/include/asm/daifflags.h:28 arch/arm64/kernel/entry-common.c:133 arch/arm64/kernel/entry-common.c:142 arch/arm64/kernel/entry-common.c:638) [ 61.177402] el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:656) [ 61.177405] el0t_64_sync (arch/arm64/kernel/entry.S:591) [ 61.177408] [ 61.177408] other info that might help us debug this: [ 61.177408] [ 61.177410] Chain exists of: [ 61.177410] console_owner --> &port_lock_key --> &n->list_lock [ 61.177410] [ 61.177417] Possible unsafe locking scenario: [ 61.177417] [ 61.177418] CPU0 CPU1 [ 61.177419] ---- ---- [ 61.177420] lock(&n->list_lock); [ 61.177423] lock(&port_lock_key); [ 61.177426] lock(&n->list_lock); [ 61.177429] lock(console_owner); [ 61.177432] [ 61.177432] *** DEADLOCK *** [ 61.177432] [ 61.177434] 3 locks held by modprobe/510: [ 61.177436] #0: ffff000040000698 (&n->list_lock){-.-.}-{2:2}, at: get_partial_node.part.0 (mm/slub.c:2271) [ 61.177448] #1: ffff80000b227f18 (console_lock){+.+.}-{0:0}, at: vprintk_emit (kernel/printk/printk.c:1936 kernel/printk/printk.c:2315) [ 61.177460] #2: ffff80000b228388 (console_srcu){....}-{0:0}, at: console_flush_all (include/linux/srcu.h:200 kernel/printk/printk.c:290 kernel/printk/printk.c:2934) [ 61.177471] [ 61.177471] stack backtrace: [ 61.177474] CPU: 3 PID: 510 Comm: modprobe Not tainted 6.3.0-rc1-next-20230307 #1 [ 61.177479] Hardware name: Raspberry Pi 4 Model B (DT) [ 61.177482] Call trace: [ 61.177483] dump_backtrace (arch/arm64/kernel/stacktrace.c:160) [ 61.177487] show_stack (arch/arm64/kernel/stacktrace.c:167) [ 61.177490] dump_stack_lvl (lib/dump_stack.c:107) [ 61.177498] dump_stack (lib/dump_stack.c:114) [ 61.177504] print_circular_bug (kernel/locking/lockdep.c:2057) [ 61.177509] check_noncircular (kernel/locking/lockdep.c:2181) [ 61.177514] __lock_acquire (kernel/locking/lockdep.c:3099 kernel/locking/lockdep.c:3217 kernel/locking/lockdep.c:3832 kernel/locking/lockdep.c:5056) [ 61.177520] lock_acquire.part.0 (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5671) [ 61.177525] lock_acquire (kernel/locking/lockdep.c:5673) [ 61.177530] console_flush_all (kernel/printk/printk.c:2883 kernel/printk/printk.c:2942) [ 61.177536] console_unlock.part.0 (kernel/printk/printk.c:3017) [ 61.177542] vprintk_emit (kernel/printk/printk.c:2317) [ 61.177547] vprintk_default (kernel/printk/printk.c:2328) [ 61.177553] vprintk (kernel/printk/printk_safe.c:50) [ 61.177559] _printk (kernel/printk/printk.c:2341) [ 61.177564] slab_bug (mm/slub.c:892) [ 61.177567] check_bytes_and_report (mm/slub.c:1054) [ 61.177571] check_object (mm/slub.c:1196 (discriminator 2)) [ 61.177575] alloc_debug_processing (mm/slub.c:1415 mm/slub.c:1425) [ 61.177579] get_partial_node.part.0 (mm/slub.c:2146 mm/slub.c:2279) [ 61.177583] ___slab_alloc (mm/slub.c:2268 mm/slub.c:2386 mm/slub.c:3188) [ 61.177587] __slab_alloc.constprop.0 (mm/slub.c:3292) [ 61.177592] __kmem_cache_alloc_node (mm/slub.c:3345 mm/slub.c:3442 mm/slub.c:3491) [ 61.177596] kmalloc_trace (mm/slab_common.c:1064 (discriminator 4)) [ 61.177600] device_add (drivers/base/core.c:3436 drivers/base/core.c:3486) [ 61.177603] platform_device_add (drivers/base/platform.c:717) [ 61.177609] platform_device_register_full (drivers/base/platform.c:844) [ 61.177615] gpio_mockup_register_chip+0x1ec/0x2b8 gpio_mockup [ 61.177625] gpio_mockup_init+0xf0/0xd40 gpio_mockup [ 61.177634] do_one_initcall (init/main.c:1306) [ 61.177638] do_init_module (kernel/module/main.c:2457) [ 61.177644] load_module (kernel/module/main.c:2859) [ 61.177650] __do_sys_finit_module (kernel/module/main.c:2961) [ 61.177656] __arm64_sys_finit_module (kernel/module/main.c:2928) [ 61.177662] invoke_syscall (arch/arm64/include/asm/current.h:19 arch/arm64/kernel/syscall.c:57) [ 61.177668] el0_svc_common.constprop.0 (arch/arm64/kernel/syscall.c:149) [ 61.177674] do_el0_svc (arch/arm64/kernel/syscall.c:194) [ 61.177680] el0_svc (arch/arm64/include/asm/daifflags.h:28 arch/arm64/kernel/entry-common.c:133 arch/arm64/kernel/entry-common.c:142 arch/arm64/kernel/entry-common.c:638) [ 61.177683] el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:656) [ 61.177686] el0t_64_sync (arch/arm64/kernel/entry.S:591) [ 62.011685] BUG kmalloc-512 (Not tainted): Poison overwritten [ 62.017513] ----------------------------------------------------------------------------- [ 62.017513] [ 62.027300] 0xffff00004ecb7a38-0xffff00004ecb7a47 @offset=31288. First byte 0x6a instead of 0x6b [ 62.036210] Allocated in swnode_register+0x40/0x218 age=808 cpu=3 pid=386 [ 62.043101] __kmem_cache_alloc_node (mm/slub.c:3345 mm/slub.c:3442 mm/slub.c:3491) [ 62.047784] kmalloc_trace (mm/slab_common.c:1064 (discriminator 4)) [ 62.051406] swnode_register (drivers/base/swnode.c:776) [ 62.055293] fwnode_create_software_node (drivers/base/swnode.c:934 (discriminator 4)) [ 62.060238] gpio_mockup_register_chip+0x1c4/0x2b8 gpio_mockup [ 62.066337] gpio_mockup_init+0xf0/0xd40 gpio_mockup [ 62.071551] do_one_initcall (init/main.c:1306) [ 62.075437] do_init_module (kernel/module/main.c:2457) [ 62.079238] load_module (kernel/module/main.c:2859) [ 62.083037] __do_sys_finit_module (kernel/module/main.c:2961) [ 62.087455] __arm64_sys_finit_module (kernel/module/main.c:2928) [ 62.092048] invoke_syscall (arch/arm64/include/asm/current.h:19 arch/arm64/kernel/syscall.c:57) [ 62.095848] el0_svc_common.constprop.0 (arch/arm64/kernel/syscall.c:149) [ 62.100793] do_el0_svc (arch/arm64/kernel/syscall.c:194) [ 62.104151] el0_svc (arch/arm64/include/asm/daifflags.h:28 arch/arm64/kernel/entry-common.c:133 arch/arm64/kernel/entry-common.c:142 arch/arm64/kernel/entry-common.c:638) [ 62.107244] el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:656) [ 62.111570] Freed in software_node_release+0xdc/0x108 age=632 cpu=0 pid=428 [ 62.118633] __kmem_cache_free (mm/slub.c:3732 mm/slub.c:3788 mm/slub.c:3800) [ 62.122784] kfree (mm/slab_common.c:1020) [ 62.125788] software_node_release (drivers/base/swnode.c:761) [ 62.130204] kobject_put (lib/kobject.c:685 lib/kobject.c:712 include/linux/kref.h:65 lib/kobject.c:729) [ 62.133739] software_node_notify_remove (drivers/base/swnode.c:1093) [ 62.138597] device_del (drivers/base/core.c:2265 drivers/base/core.c:3778) [ 62.142134] platform_device_del.part.0 (drivers/base/platform.c:753) [ 62.146903] platform_device_unregister (drivers/base/platform.c:551 drivers/base/platform.c:794) [ 62.151672] gpio_mockup_exit+0x54/0x280 gpio_mockup [ 62.156888] __arm64_sys_delete_module (kernel/module/main.c:756 kernel/module/main.c:698 kernel/module/main.c:698) [ 62.161745] invoke_syscall (arch/arm64/include/asm/current.h:19 arch/arm64/kernel/syscall.c:57) [ 62.165545] el0_svc_common.constprop.0 (arch/arm64/kernel/syscall.c:149) [ 62.170490] do_el0_svc (arch/arm64/kernel/syscall.c:194) [ 62.173850] el0_svc (arch/arm64/include/asm/daifflags.h:28 arch/arm64/kernel/entry-common.c:133 arch/arm64/kernel/entry-common.c:142 arch/arm64/kernel/entry-common.c:638) [ 62.176941] el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:656) [ 62.181267] el0t_64_sync (arch/arm64/kernel/entry.S:591) [ 62.184975] Slab 0xfffffc00013b2c00 objects=21 used=7 fp=0xffff00004ecb7400 flags=0x7fffc0000010200(slab|head|node=0|zone=1|lastcpupid=0xffff) [ 62.197943] Object 0xffff00004ecb7a00 @offset=31232 fp=0xffff00004ecb7400 [ 62.197943] [ 62.206325] Redzone ffff00004ecb7800: ... [ 63.089597] CPU: 3 PID: 510 Comm: modprobe Not tainted 6.3.0-rc1-next-20230307 #1 [ 63.097186] Hardware name: Raspberry Pi 4 Model B (DT) [ 63.102392] Call trace: [ 63.104865] dump_backtrace (arch/arm64/kernel/stacktrace.c:160) [ 63.108665] show_stack (arch/arm64/kernel/stacktrace.c:167) [ 63.112021] dump_stack_lvl (lib/dump_stack.c:107) [ 63.115734] dump_stack (lib/dump_stack.c:114) [ 63.119093] print_trailer (mm/slub.c:953) [ 63.122892] check_bytes_and_report (mm/slub.c:1058) [ 63.127395] check_object (mm/slub.c:1196 (discriminator 2)) [ 63.131104] alloc_debug_processing (mm/slub.c:1415 mm/slub.c:1425) [ 63.135606] get_partial_node.part.0 (mm/slub.c:2146 mm/slub.c:2279) [ 63.140286] ___slab_alloc (mm/slub.c:2268 mm/slub.c:2386 mm/slub.c:3188) [ 63.144084] __slab_alloc.constprop.0 (mm/slub.c:3292) [ 63.148674] __kmem_cache_alloc_node (mm/slub.c:3345 mm/slub.c:3442 mm/slub.c:3491) [ 63.153354] kmalloc_trace (mm/slab_common.c:1064 (discriminator 4)) [ 63.156974] device_add (drivers/base/core.c:3436 drivers/base/core.c:3486) [ 63.160508] platform_device_add (drivers/base/platform.c:717) [ 63.164837] platform_device_register_full (drivers/base/platform.c:844) [ 63.169959] gpio_mockup_register_chip+0x1ec/0x2b8 gpio_mockup [ 63.176057] gpio_mockup_init+0xf0/0xd40 gpio_mockup [ 63.181269] do_one_initcall (init/main.c:1306) [ 63.185155] do_init_module (kernel/module/main.c:2457) [ 63.188956] load_module (kernel/module/main.c:2859) [ 63.192755] __do_sys_finit_module (kernel/module/main.c:2961) [ 63.197171] __arm64_sys_finit_module (kernel/module/main.c:2928) [ 63.201765] invoke_syscall (arch/arm64/include/asm/current.h:19 arch/arm64/kernel/syscall.c:57) [ 63.205565] el0_svc_common.constprop.0 (arch/arm64/kernel/syscall.c:149) [ 63.210510] do_el0_svc (arch/arm64/kernel/syscall.c:194) [ 63.213869] el0_svc (arch/arm64/include/asm/daifflags.h:28 arch/arm64/kernel/entry-common.c:133 arch/arm64/kernel/entry-common.c:142 arch/arm64/kernel/entry-common.c:638) [ 63.216961] el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:656) [ 63.221287] el0t_64_sync (arch/arm64/kernel/entry.S:591) [ 63.224998] FIX kmalloc-512: Restoring Poison 0xffff00004ecb7a38-0xffff00004ecb7a47=0x6b [ 63.233202] FIX kmalloc-512: Marking all objects used [ 63.399213] ============================================================================= links to the crash: - https://lkft.validation.linaro.org/scheduler/job/6224830#L1291 - https://lkft.validation.linaro.org/scheduler/job/6224742#L1202 - https://lkft.validation.linaro.org/scheduler/job/6224784#L3415 - https://lkft.validation.linaro.org/scheduler/job/6224810#L2029 metadata: git_ref: master git_repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next git_sha: 709c6adf19dc558e44ab5c01659b09a16a2d3c82 git_describe: next-20230307 kernel_version: 6.3.0-rc1 kernel-config: https://storage.tuxsuite.com/public/linaro/lkft/builds/2MfXESbRAbSUj9oic6d8… build-url: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next/-/pipelines/798095907 artifact-location: https://storage.tuxsuite.com/public/linaro/lkft/builds/2MfXESbRAbSUj9oic6d8… toolchain: gcc-11 -- Linaro LKFT https://lkft.linaro.org

5 months, 1 week

5
8
0 0

[PATCH 6.1 00/86] 6.1.61-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.61 release. There are 86 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 02 Nov 2023 16:59:03 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.61-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.61-rc1 John Sperbeck <jsperbeck(a)google.com> objtool/x86: add missing embedded_insn check Baokun Li <libaokun1(a)huawei.com> ext4: avoid overlapping preallocations due to overflow Baokun Li <libaokun1(a)huawei.com> ext4: fix BUG in ext4_mb_new_inode_pa() due to overflow Baokun Li <libaokun1(a)huawei.com> ext4: add two helper functions extent_logical_end() and pa_logical_end() David Lazar <dlazar(a)gmail.com> platform/x86: Add s2idle quirk for more Lenovo laptops Alessandro Carminati <alessandro.carminati(a)gmail.com> clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name Al Viro <viro(a)zeniv.linux.org.uk> sparc32: fix a braino in fault handling in csum_and_copy_..._user() Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix potential NULL deref Tony Luck <tony.luck(a)intel.com> x86/cpu: Add model number for Intel Arrow Lake mobile processor Thomas Gleixner <tglx(a)linutronix.de> x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility Peng Fan <peng.fan(a)nxp.com> nvmem: imx: correct nregs for i.MX6UL Peng Fan <peng.fan(a)nxp.com> nvmem: imx: correct nregs for i.MX6SLL Peng Fan <peng.fan(a)nxp.com> nvmem: imx: correct nregs for i.MX6ULL Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Unmap only if buffer is unmapped from DSP Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Clean buffers on remote invocation failures Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Free DMA handles for RPC calls with no arguments Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Reset metadata buffer to avoid incorrect free Yujie Liu <yujie.liu(a)intel.com> tracing/kprobes: Fix the description of variable length arguments Jian Zhang <zhangjian.3032(a)bytedance.com> i2c: aspeed: Fix i2c bus hang in slave read Alain Volmat <alain.volmat(a)foss.st.com> i2c: stm32f7: Fix PEC handling in case of SMBUS transfers Herve Codina <herve.codina(a)bootlin.com> i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() Herve Codina <herve.codina(a)bootlin.com> i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() Herve Codina <herve.codina(a)bootlin.com> i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() Robert Hancock <robert.hancock(a)calian.com> iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale Robert Hancock <robert.hancock(a)calian.com> iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds Marek Szyprowski <m.szyprowski(a)samsung.com> iio: exynos-adc: request second interupt only when touchscreen mode is used Linus Walleij <linus.walleij(a)linaro.org> iio: afe: rescale: Accept only offset channels Jens Axboe <axboe(a)kernel.dk> io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid Haibo Li <haibo.li(a)mediatek.com> kasan: print the original fault addr when access invalid shadow Khazhismel Kumykov <khazhy(a)chromium.org> blk-throttle: check for overflow in calculate_bytes_allowed Damien Le Moal <dlemoal(a)kernel.org> scsi: sd: Introduce manage_shutdown device flag Michal Schmidt <mschmidt(a)redhat.com> iavf: in iavf_down, disable queues when removing the driver Sui Jingfeng <suijingfeng(a)loongson.cn> drm/logicvc: Kconfig: select REGMAP and REGMAP_MMIO Ivan Vecera <ivecera(a)redhat.com> i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR Pablo Neira Ayuso <pablo(a)netfilter.org> gtp: fix fragmentation needed check with gso Pablo Neira Ayuso <pablo(a)netfilter.org> gtp: uapi: fix GTPA_MAX Fred Chen <fred.chenchen03(a)gmail.com> tcp: fix wrong RTO timeout when received SACK reneging Douglas Anderson <dianders(a)chromium.org> r8152: Release firmware if we have an error in probe Douglas Anderson <dianders(a)chromium.org> r8152: Cancel hw_phy_work if we have an error in probe Douglas Anderson <dianders(a)chromium.org> r8152: Run the unload routine if we have errors during probe Douglas Anderson <dianders(a)chromium.org> r8152: Increase USB control msg timeout to 5000ms as per spec Shigeru Yoshida <syoshida(a)redhat.com> net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() Dell Jin <dell.jin.code(a)outlook.com> net: ethernet: adi: adin1110: Fix uninitialized variable Sasha Neftin <sasha.neftin(a)intel.com> igc: Fix ambiguity in the ethtool advertising Eric Dumazet <edumazet(a)google.com> neighbour: fix various data-races Mateusz Palczewski <mateusz.palczewski(a)intel.com> igb: Fix potential memory leak in igb_add_ethtool_nfc_entry Kunwu Chan <chentao(a)kylinos.cn> treewide: Spelling fix in comment Ivan Vecera <ivecera(a)redhat.com> i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value Michal Schmidt <mschmidt(a)redhat.com> iavf: initialize waitqueues before starting watchdog_task Mirsad Goran Todorovac <mirsad.todorovac(a)alu.unizg.hr> r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 Mirsad Goran Todorovac <mirsad.todorovac(a)alu.unizg.hr> r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 Mirsad Goran Todorovac <mirsad.todorovac(a)alu.unizg.hr> r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx Tony Lindgren <tony(a)atomide.com> clk: ti: Fix missing omap5 mcbsp functional clock and aliases Tony Lindgren <tony(a)atomide.com> clk: ti: Fix missing omap4 mcbsp functional clock and aliases Hao Ge <gehao(a)kylinos.cn> firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() Randy Dunlap <rdunlap(a)infradead.org> ARM: OMAP: timer32K: fix all kernel-doc warnings Lukasz Majczak <lma(a)semihalf.com> drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Disable ASPM for VI w/ all Intel systems Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/i915/pmu: Check if pmu is closed before stopping event Al Viro <viro(a)zeniv.linux.org.uk> nfsd: lock_rename() needs both directories to live on the same fs Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: add GFP_KERNEL to allocations in mas_expected_entries() Rik van Riel <riel(a)surriel.com> hugetlbfs: extend hugetlb_vma_lock to private VMAs Gregory Price <gourry.memverge(a)gmail.com> mm/migrate: fix do_pages_move for compat pointers Kemeng Shi <shikemeng(a)huaweicloud.com> mm/page_alloc: correct start page when guard page debug is enabled Rik van Riel <riel(a)surriel.com> hugetlbfs: clear resv_map pointer if mmap fails Sebastian Ott <sebott(a)redhat.com> mm: fix vm_brk_flags() to not bail out while holding lock Christopher Obbard <chris.obbard(a)collabora.com> arm64: dts: rockchip: Fix i2s0 pin conflict on ROCK Pi 4 boards Christopher Obbard <chris.obbard(a)collabora.com> arm64: dts: rockchip: Add i2s0-2ch-bus-bclk-off pins to RK3399 Eric Auger <eric.auger(a)redhat.com> vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE Alexandru Matei <alexandru.matei(a)uipath.com> vsock/virtio: initialize the_virtio_vsock before using VQs Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> virtio_pci: fix the common cfg map size zhenwei pi <pizhenwei(a)bytedance.com> virtio-crypto: handle config changed by work queue Maximilian Heyne <mheyne(a)amazon.de> virtio-mmio: fix memory leak of vm_dev Gavin Shan <gshan(a)redhat.com> virtio_balloon: Fix endless deflation and inflation on arm64 Rodríguez Barbarin, José Javier <JoseJavier.Rodriguez(a)duagon.com> mcb-lpc: Reallocate memory region to avoid memory overlapping Rodríguez Barbarin, José Javier <JoseJavier.Rodriguez(a)duagon.com> mcb: Return actual parsed size when reading chameleon table Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> pinctrl: qcom: lpass-lpi: fix concurrent register updates Johan Hovold <johan+linaro(a)kernel.org> ASoC: codecs: wcd938x: fix runtime PM imbalance on remove Johan Hovold <johan+linaro(a)kernel.org> ASoC: codecs: wcd938x: fix regulator leaks on probe errors Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd938x: Simplify with dev_err_probe Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> ASoC: codecs: wcd938x: Convert to platform remove callback returning void Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Fix error propagation for some ioctl commands Christian Loehle <CLoehle(a)hyperstone.com> mmc: block: ioctl: do write error check for spi Ulf Hansson <ulf.hansson(a)linaro.org> mmc: core: Align to common busy polling behaviour for mmc ioctls Roman Kagan <rkagan(a)amazon.de> KVM: x86/pmu: Truncate counter value to allowed width on write ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/omap4-l4-abe.dtsi | 6 ++ arch/arm/boot/dts/omap4-l4.dtsi | 2 + arch/arm/boot/dts/omap5-l4-abe.dtsi | 6 ++ arch/arm/mach-omap1/timer32k.c | 14 ++--- arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk3399.dtsi | 10 +++ arch/sparc/lib/checksum_32.S | 2 +- arch/x86/include/asm/i8259.h | 2 + arch/x86/include/asm/intel-family.h | 2 + arch/x86/kernel/acpi/boot.c | 3 + arch/x86/kernel/i8259.c | 38 ++++++++--- arch/x86/kvm/pmu.h | 6 ++ arch/x86/kvm/svm/pmu.c | 2 +- arch/x86/kvm/vmx/pmu_intel.c | 4 +- block/blk-throttle.c | 6 ++ drivers/ata/libata-scsi.c | 5 +- drivers/clk/clk.c | 21 ++++--- drivers/clk/ti/clk-44xx.c | 5 ++ drivers/clk/ti/clk-54xx.c | 4 ++ drivers/crypto/virtio/virtio_crypto_common.h | 3 + drivers/crypto/virtio/virtio_crypto_core.c | 14 ++++- drivers/firewire/sbp2.c | 1 + drivers/firmware/imx/imx-dsp.c | 2 +- drivers/gpu/drm/amd/amdgpu/vi.c | 2 +- drivers/gpu/drm/display/drm_dp_mst_topology.c | 6 +- drivers/gpu/drm/i915/i915_pmu.c | 9 +++ drivers/gpu/drm/logicvc/Kconfig | 2 + drivers/i2c/busses/i2c-aspeed.c | 3 +- drivers/i2c/busses/i2c-stm32f7.c | 9 ++- drivers/i2c/muxes/i2c-demux-pinctrl.c | 2 +- drivers/i2c/muxes/i2c-mux-gpmux.c | 2 +- drivers/i2c/muxes/i2c-mux-pinctrl.c | 2 +- drivers/iio/adc/exynos_adc.c | 24 ++++--- drivers/iio/adc/xilinx-xadc-core.c | 39 +++++------- drivers/iio/adc/xilinx-xadc.h | 2 + drivers/iio/afe/iio-rescale.c | 19 ++++-- drivers/mcb/mcb-lpc.c | 35 +++++++++-- drivers/mcb/mcb-parse.c | 15 +++-- drivers/misc/fastrpc.c | 34 +++++----- drivers/mmc/core/block.c | 38 ++++++++--- drivers/mmc/core/mmc_ops.c | 1 + drivers/net/ethernet/adi/adin1110.c | 2 +- drivers/net/ethernet/intel/i40e/i40e.h | 2 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 7 ++- drivers/net/ethernet/intel/igb/igb_ethtool.c | 6 +- drivers/net/ethernet/intel/igc/igc_ethtool.c | 35 ++++++++--- drivers/net/ethernet/realtek/r8169_main.c | 6 +- drivers/net/ethernet/toshiba/ps3_gelic_wireless.c | 2 +- drivers/net/gtp.c | 5 +- drivers/net/ieee802154/adf7242.c | 5 +- drivers/net/usb/r8152.c | 11 +++- drivers/net/usb/smsc95xx.c | 4 +- drivers/nvmem/imx-ocotp.c | 6 +- drivers/pinctrl/qcom/pinctrl-lpass-lpi.c | 17 +++-- drivers/platform/x86/thinkpad_acpi.c | 73 ++++++++++++++++++++++ drivers/scsi/sd.c | 39 +++++++++++- drivers/vhost/vhost.c | 4 +- drivers/virtio/virtio_balloon.c | 6 +- drivers/virtio/virtio_mmio.c | 19 ++++-- drivers/virtio/virtio_pci_modern_dev.c | 2 +- fs/ext4/mballoc.c | 51 +++++++-------- fs/ext4/mballoc.h | 14 +++++ fs/nfsd/vfs.c | 12 ++-- include/linux/hugetlb.h | 6 ++ include/linux/kasan.h | 6 +- include/scsi/scsi_device.h | 20 +++++- include/uapi/linux/gtp.h | 2 +- io_uring/fdinfo.c | 18 ++++-- kernel/events/core.c | 3 +- kernel/trace/trace_kprobe.c | 4 +- lib/maple_tree.c | 2 +- lib/test_maple_tree.c | 35 +++++++---- mm/hugetlb.c | 48 +++++++++++--- mm/kasan/report.c | 4 +- mm/migrate.c | 14 ++++- mm/mmap.c | 6 +- mm/page_alloc.c | 2 +- net/core/neighbour.c | 67 ++++++++++---------- net/ipv4/tcp_input.c | 9 +-- net/vmw_vsock/virtio_transport.c | 18 +++++- sound/soc/codecs/wcd938x.c | 51 ++++++++------- tools/include/linux/rwsem.h | 40 ++++++++++++ tools/objtool/check.c | 2 +- 85 files changed, 789 insertions(+), 305 deletions(-)

5 months, 3 weeks

12
11
0 0

[PATCH 6.5 000/112] 6.5.10-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.5.10 release. There are 112 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 02 Nov 2023 16:58:38 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.5.10-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.5.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.5.10-rc1 Karol Wachowski <karol.wachowski(a)linux.intel.com> accel/ivpu/37xx: Fix missing VPUIP interrupts SeongJae Park <sj(a)kernel.org> mm/damon/sysfs: check DAMOS regions update progress from before_terminate() David Lazar <dlazar(a)gmail.com> platform/x86: Add s2idle quirk for more Lenovo laptops Dan Carpenter <dan.carpenter(a)linaro.org> clk: stm32: Fix a signedness issue in clk_stm32_composite_determine_rate() Maxime Ripard <mripard(a)kernel.org> clk: socfpga: gate: Account for the divider in determine_rate Alessandro Carminati <alessandro.carminati(a)gmail.com> clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name Al Viro <viro(a)zeniv.linux.org.uk> sparc32: fix a braino in fault handling in csum_and_copy_..._user() Peter Zijlstra <peterz(a)infradead.org> perf/core: Fix potential NULL deref Tony Luck <tony.luck(a)intel.com> x86/cpu: Add model number for Intel Arrow Lake mobile processor Thomas Gleixner <tglx(a)linutronix.de> x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility Thomas Gleixner <tglx(a)linutronix.de> x86/tsc: Defer marking TSC unstable to a worker Peng Fan <peng.fan(a)nxp.com> nvmem: imx: correct nregs for i.MX6UL Peng Fan <peng.fan(a)nxp.com> nvmem: imx: correct nregs for i.MX6SLL Peng Fan <peng.fan(a)nxp.com> nvmem: imx: correct nregs for i.MX6ULL Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Unmap only if buffer is unmapped from DSP Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Clean buffers on remote invocation failures Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Free DMA handles for RPC calls with no arguments Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Reset metadata buffer to avoid incorrect free Yujie Liu <yujie.liu(a)intel.com> tracing/kprobes: Fix the description of variable length arguments Andrii Nakryiko <andrii(a)kernel.org> tracing/kprobes: Fix symbol counting logic by looking at modules as well Jian Zhang <zhangjian.3032(a)bytedance.com> i2c: aspeed: Fix i2c bus hang in slave read Alain Volmat <alain.volmat(a)foss.st.com> i2c: stm32f7: Fix PEC handling in case of SMBUS transfers Herve Codina <herve.codina(a)bootlin.com> i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() Herve Codina <herve.codina(a)bootlin.com> i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() Herve Codina <herve.codina(a)bootlin.com> i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() Robert Hancock <robert.hancock(a)calian.com> iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale Robert Hancock <robert.hancock(a)calian.com> iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds Marek Szyprowski <m.szyprowski(a)samsung.com> iio: exynos-adc: request second interupt only when touchscreen mode is used Linus Walleij <linus.walleij(a)linaro.org> iio: afe: rescale: Accept only offset channels Jens Axboe <axboe(a)kernel.dk> io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid Haibo Li <haibo.li(a)mediatek.com> kasan: print the original fault addr when access invalid shadow Khazhismel Kumykov <khazhy(a)chromium.org> blk-throttle: check for overflow in calculate_bytes_allowed Damien Le Moal <dlemoal(a)kernel.org> scsi: sd: Introduce manage_shutdown device flag Michal Schmidt <mschmidt(a)redhat.com> iavf: in iavf_down, disable queues when removing the driver Matt Roper <matthew.d.roper(a)intel.com> drm/i915/mcr: Hold GT forcewake during steering operations Sui Jingfeng <suijingfeng(a)loongson.cn> drm/logicvc: Kconfig: select REGMAP and REGMAP_MMIO Vlad Buslov <vladbu(a)nvidia.com> net/sched: act_ct: additional checks for outdated flows Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: flowtable: GC pushes back packets to classic path Ivan Vecera <ivecera(a)redhat.com> i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/i915/perf: Determine context valid in OA reports Pablo Neira Ayuso <pablo(a)netfilter.org> gtp: fix fragmentation needed check with gso Pablo Neira Ayuso <pablo(a)netfilter.org> gtp: uapi: fix GTPA_MAX Moritz Wanzenböck <moritz.wanzenboeck(a)linbit.com> net/handshake: fix file ref count in handshake_nl_accept_doit() Avraham Stern <avraham.stern(a)intel.com> wifi: mac80211: don't drop all unprotected public action frames Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix assoc response warning on failed links Ben Greear <greearb(a)candelatech.com> wifi: cfg80211: pass correct pointer to rdev_inform_bss() Fred Chen <fred.chenchen03(a)gmail.com> tcp: fix wrong RTO timeout when received SACK reneging Douglas Anderson <dianders(a)chromium.org> r8152: Release firmware if we have an error in probe Douglas Anderson <dianders(a)chromium.org> r8152: Cancel hw_phy_work if we have an error in probe Douglas Anderson <dianders(a)chromium.org> r8152: Run the unload routine if we have errors during probe Douglas Anderson <dianders(a)chromium.org> r8152: Increase USB control msg timeout to 5000ms as per spec Shigeru Yoshida <syoshida(a)redhat.com> net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() Dell Jin <dell.jin.code(a)outlook.com> net: ethernet: adi: adin1110: Fix uninitialized variable Sasha Neftin <sasha.neftin(a)intel.com> igc: Fix ambiguity in the ethtool advertising Eric Dumazet <edumazet(a)google.com> neighbour: fix various data-races Eric Dumazet <edumazet(a)google.com> net: do not leave an empty skb in write queue Mateusz Palczewski <mateusz.palczewski(a)intel.com> igb: Fix potential memory leak in igb_add_ethtool_nfc_entry Kunwu Chan <chentao(a)kylinos.cn> treewide: Spelling fix in comment Ivan Vecera <ivecera(a)redhat.com> i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value Michal Schmidt <mschmidt(a)redhat.com> iavf: initialize waitqueues before starting watchdog_task Mirsad Goran Todorovac <mirsad.todorovac(a)alu.unizg.hr> r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 Mirsad Goran Todorovac <mirsad.todorovac(a)alu.unizg.hr> r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 Mirsad Goran Todorovac <mirsad.todorovac(a)alu.unizg.hr> r8169: fix the KCSAN reported data-race in rtl_tx() while reading tp->cur_tx Tony Lindgren <tony(a)atomide.com> clk: ti: Fix missing omap5 mcbsp functional clock and aliases Tony Lindgren <tony(a)atomide.com> clk: ti: Fix missing omap4 mcbsp functional clock and aliases Hao Ge <gehao(a)kylinos.cn> firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() Randy Dunlap <rdunlap(a)infradead.org> ARM: OMAP: timer32K: fix all kernel-doc warnings Filipe Manana <fdmanana(a)suse.com> btrfs: fix unwritten extent buffer after snapshotting a new subvolume Qu Wenruo <wqu(a)suse.com> btrfs: remove v0 extent handling Lukasz Majczak <lma(a)semihalf.com> drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Disable ASPM for VI w/ all Intel systems Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/i915/pmu: Check if pmu is closed before stopping event Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Don't enter d0i3 during FLR Alex Bee <knaerzche(a)gmail.com> ARM: dts: rockchip: Fix timer clocks for RK3128 Alex Bee <knaerzche(a)gmail.com> ARM: dts: rockchip: Add missing quirk for RK3128's dma engine Alex Bee <knaerzche(a)gmail.com> ARM: dts: rockchip: Add missing arm timer interrupt for RK3128 Alex Bee <knaerzche(a)gmail.com> ARM: dts: rockchip: Fix i2c0 register address for RK3128 Janusz Krzysztofik <jmkrzyszt(a)gmail.com> ARM: OMAP1: ams-delta: Fix MODEM initialization failure Dragos Tatulea <dtatulea(a)nvidia.com> vdpa/mlx5: Fix double release of debugfs entry Shawn.Shao <shawn.shao(a)jaguarmicro.com> vdpa_sim_blk: Fix the potential leak of mgmt_dev Al Viro <viro(a)zeniv.linux.org.uk> nfsd: lock_rename() needs both directories to live on the same fs Liam R. Howlett <Liam.Howlett(a)oracle.com> maple_tree: add GFP_KERNEL to allocations in mas_expected_entries() Rik van Riel <riel(a)surriel.com> hugetlbfs: extend hugetlb_vma_lock to private VMAs Liam R. Howlett <Liam.Howlett(a)oracle.com> mm/mempolicy: fix set_mempolicy_home_node() previous VMA pointer Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> selftests/mm: include mman header to access MREMAP_DONTUNMAP identifier Gregory Price <gourry.memverge(a)gmail.com> mm/migrate: fix do_pages_move for compat pointers Kemeng Shi <shikemeng(a)huaweicloud.com> mm/page_alloc: correct start page when guard page debug is enabled Rik van Riel <riel(a)surriel.com> hugetlbfs: clear resv_map pointer if mmap fails Sebastian Ott <sebott(a)redhat.com> mm: fix vm_brk_flags() to not bail out while holding lock Tirthendu Sarkar <tirthendu.sarkar(a)intel.com> i40e: sync next_to_clean and next_to_process for programming status desc Christopher Obbard <chris.obbard(a)collabora.com> arm64: dts: rockchip: Fix i2s0 pin conflict on ROCK Pi 4 boards Christopher Obbard <chris.obbard(a)collabora.com> arm64: dts: rockchip: Add i2s0-2ch-bus-bclk-off pins to RK3399 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: sa8775p: correct PMIC GPIO label in gpio-ranges Jakob Unterwurzacher <jakobunt(a)gmail.com> arm64: dts: rockchip: set codec system-clock-fixed on px30-ringneck-haikou Ermin Sunj <ermin.sunj(a)theobroma-systems.com> arm64: dts: rockchip: use codec as clock master on px30-ringneck-haikou Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: msm8996-xiaomi: fix missing clock populate Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: apq8096-db820c: fix missing clock populate Eric Auger <eric.auger(a)redhat.com> vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE Alexandru Matei <alexandru.matei(a)uipath.com> vsock/virtio: initialize the_virtio_vsock before using VQs Xuan Zhuo <xuanzhuo(a)linux.alibaba.com> virtio_pci: fix the common cfg map size zhenwei pi <pizhenwei(a)bytedance.com> virtio-crypto: handle config changed by work queue Maximilian Heyne <mheyne(a)amazon.de> virtio-mmio: fix memory leak of vm_dev Gavin Shan <gshan(a)redhat.com> virtio_balloon: Fix endless deflation and inflation on arm64 Paulo Alcantara <pc(a)manguebit.com> smb: client: prevent new fids from being removed by laundromat Paulo Alcantara <pc(a)manguebit.com> smb: client: make laundromat a delayed worker Paulo Alcantara <pc(a)manguebit.com> smb: client: do not start laundromat thread on nohandlecache Steve French <stfrench(a)microsoft.com> smb3: do not start laundromat thread when dir leases disabled Steve French <stfrench(a)microsoft.com> smb3: allow controlling maximum number of cached directories Steve French <stfrench(a)microsoft.com> smb3: allow controlling length of time directory entries are cached with dir leases Dragos Tatulea <dtatulea(a)nvidia.com> vdpa/mlx5: Fix firmware error on creation of 1k VQs Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: fix set_huge_pte_at() for NAPOT mappings when a swap entry is set ------------- Diffstat: Makefile | 4 +- arch/arm/boot/dts/rockchip/rk3128.dtsi | 18 +-- arch/arm/boot/dts/ti/omap/omap4-l4-abe.dtsi | 6 + arch/arm/boot/dts/ti/omap/omap4-l4.dtsi | 2 + arch/arm/boot/dts/ti/omap/omap5-l4-abe.dtsi | 6 + arch/arm/mach-omap1/board-ams-delta.c | 60 +++----- arch/arm/mach-omap1/timer32k.c | 14 +- arch/arm64/boot/dts/qcom/apq8096-db820c.dts | 32 ++--- .../arm64/boot/dts/qcom/msm8996-xiaomi-common.dtsi | 32 ++--- arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts | 18 ++- arch/arm64/boot/dts/qcom/sa8775p-pmics.dtsi | 2 +- .../boot/dts/rockchip/px30-ringneck-haikou.dts | 10 +- arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk3399.dtsi | 10 ++ arch/riscv/mm/hugetlbpage.c | 19 ++- arch/sparc/lib/checksum_32.S | 2 +- arch/x86/include/asm/i8259.h | 2 + arch/x86/include/asm/intel-family.h | 2 + arch/x86/kernel/acpi/boot.c | 3 + arch/x86/kernel/i8259.c | 38 +++-- arch/x86/kernel/tsc_sync.c | 10 +- block/blk-throttle.c | 6 + drivers/accel/ivpu/ivpu_drv.c | 11 +- drivers/accel/ivpu/ivpu_drv.h | 1 + drivers/accel/ivpu/ivpu_hw.h | 8 ++ drivers/accel/ivpu/ivpu_hw_mtl.c | 12 +- drivers/accel/ivpu/ivpu_pm.c | 3 +- drivers/ata/libata-scsi.c | 5 +- drivers/clk/clk.c | 21 +-- drivers/clk/socfpga/clk-gate.c | 27 +++- drivers/clk/stm32/clk-stm32-core.c | 2 +- drivers/clk/ti/clk-44xx.c | 5 + drivers/clk/ti/clk-54xx.c | 4 + drivers/crypto/virtio/virtio_crypto_common.h | 3 + drivers/crypto/virtio/virtio_crypto_core.c | 14 +- drivers/firewire/sbp2.c | 1 + drivers/firmware/imx/imx-dsp.c | 2 +- drivers/gpu/drm/amd/amdgpu/vi.c | 2 +- drivers/gpu/drm/display/drm_dp_mst_topology.c | 6 +- drivers/gpu/drm/i915/gt/intel_gt_mcr.c | 24 +++- drivers/gpu/drm/i915/i915_perf.c | 4 +- drivers/gpu/drm/i915/i915_pmu.c | 9 ++ drivers/gpu/drm/logicvc/Kconfig | 2 + drivers/i2c/busses/i2c-aspeed.c | 3 +- drivers/i2c/busses/i2c-stm32f7.c | 9 +- drivers/i2c/muxes/i2c-demux-pinctrl.c | 2 +- drivers/i2c/muxes/i2c-mux-gpmux.c | 2 +- drivers/i2c/muxes/i2c-mux-pinctrl.c | 2 +- drivers/iio/adc/exynos_adc.c | 24 ++-- drivers/iio/adc/xilinx-xadc-core.c | 39 ++---- drivers/iio/adc/xilinx-xadc.h | 2 + drivers/iio/afe/iio-rescale.c | 19 ++- drivers/misc/fastrpc.c | 34 ++--- drivers/net/ethernet/adi/adin1110.c | 2 +- drivers/net/ethernet/intel/i40e/i40e.h | 2 +- drivers/net/ethernet/intel/i40e/i40e_txrx.c | 11 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 7 +- drivers/net/ethernet/intel/igb/igb_ethtool.c | 6 +- drivers/net/ethernet/intel/igc/igc_ethtool.c | 35 +++-- drivers/net/ethernet/realtek/r8169_main.c | 6 +- drivers/net/ethernet/toshiba/ps3_gelic_wireless.c | 2 +- drivers/net/gtp.c | 5 +- drivers/net/ieee802154/adf7242.c | 5 +- drivers/net/usb/r8152.c | 11 +- drivers/net/usb/smsc95xx.c | 4 +- drivers/nvmem/imx-ocotp.c | 6 +- drivers/platform/x86/amd/pmc-quirks.c | 73 ++++++++++ drivers/scsi/sd.c | 39 +++++- drivers/vdpa/mlx5/net/debug.c | 5 +- drivers/vdpa/mlx5/net/mlx5_vnet.c | 70 +++++++-- drivers/vdpa/mlx5/net/mlx5_vnet.h | 11 +- drivers/vdpa/vdpa_sim/vdpa_sim_blk.c | 5 +- drivers/vhost/vhost.c | 4 +- drivers/virtio/virtio_balloon.c | 6 +- drivers/virtio/virtio_mmio.c | 19 ++- drivers/virtio/virtio_pci_modern_dev.c | 2 +- fs/btrfs/backref.c | 39 +++--- fs/btrfs/backref.h | 3 +- fs/btrfs/ctree.c | 21 ++- fs/btrfs/ctree.h | 3 +- fs/btrfs/extent-tree.c | 35 +++-- fs/btrfs/messages.c | 6 - fs/btrfs/messages.h | 2 - fs/btrfs/print-tree.c | 10 +- fs/btrfs/relocation.c | 18 +-- fs/nfsd/vfs.c | 12 +- fs/smb/client/cached_dir.c | 156 +++++++++++---------- fs/smb/client/cached_dir.h | 4 +- fs/smb/client/cifsfs.c | 12 ++ fs/smb/client/cifsglob.h | 4 +- fs/smb/client/cifsproto.h | 2 +- fs/smb/client/connect.c | 19 ++- fs/smb/client/fs_context.c | 11 +- fs/smb/client/fs_context.h | 4 +- fs/smb/client/misc.c | 14 +- fs/smb/client/smb2pdu.c | 2 +- include/linux/hugetlb.h | 6 + include/linux/ieee80211.h | 29 ++++ include/linux/kasan.h | 6 +- include/net/netfilter/nf_flow_table.h | 1 + include/scsi/scsi_device.h | 20 ++- include/trace/events/btrfs.h | 1 - include/uapi/linux/btrfs_tree.h | 6 +- include/uapi/linux/gtp.h | 2 +- io_uring/fdinfo.c | 18 ++- kernel/events/core.c | 3 +- kernel/trace/trace_kprobe.c | 28 +++- lib/maple_tree.c | 2 +- lib/test_maple_tree.c | 35 +++-- mm/damon/sysfs.c | 7 +- mm/hugetlb.c | 48 ++++++- mm/kasan/report.c | 4 +- mm/mempolicy.c | 4 +- mm/migrate.c | 14 +- mm/mmap.c | 6 +- mm/page_alloc.c | 2 +- net/core/neighbour.c | 67 ++++----- net/handshake/netlink.c | 30 +--- net/ipv4/tcp.c | 8 +- net/ipv4/tcp_input.c | 9 +- net/mac80211/rx.c | 3 +- net/netfilter/nf_flow_table_core.c | 14 +- net/sched/act_ct.c | 9 ++ net/vmw_vsock/virtio_transport.c | 18 ++- net/wireless/mlme.c | 3 +- net/wireless/scan.c | 2 +- tools/include/linux/rwsem.h | 40 ++++++ tools/testing/selftests/mm/mremap_dontunmap.c | 1 + 128 files changed, 1175 insertions(+), 583 deletions(-)

5 months, 3 weeks

9
9
0 0

selftests: user_events: ftrace_test - RIP: 0010:tracing_update_buffers (kernel/trace/trace.c:6470)

by Naresh Kamboju

Following kernel crash noticed on x86_64 while running selftests: user_events: ftrace_test running 6.6.0-rc7-next-20231026. Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> kselftest: Running tests in user_events TAP version 13 1..4 # timeout set to 90 # selftests: user_events: ftrace_test [ 2391.606817] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b8a83: 0000 [#1] PREEMPT SMP PTI [ 2391.617519] CPU: 1 PID: 34662 Comm: ftrace_test Not tainted 6.6.0-rc7-next-20231026 #1 [ 2391.625428] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 2391.632811] RIP: 0010:tracing_update_buffers (kernel/trace/trace.c:6470) [ 2391.637952] Code: 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 55 31 f6 48 89 e5 41 55 41 54 53 48 89 fb 48 c7 c7 40 8c 61 94 e8 92 d3 5a 01 <44> 0f b6 a3 18 1f 00 00 41 80 fc 01 0f 87 c8 dc 4e 01 45 31 ed 41 All code ======== 0: 90 nop 1: 90 nop 2: 90 nop 3: 90 nop 4: 90 nop 5: 90 nop 6: 90 nop 7: 90 nop 8: 90 nop 9: 90 nop a: 90 nop b: 90 nop c: 66 0f 1f 00 nopw (%rax) 10: 55 push %rbp 11: 31 f6 xor %esi,%esi 13: 48 89 e5 mov %rsp,%rbp 16: 41 55 push %r13 18: 41 54 push %r12 1a: 53 push %rbx 1b: 48 89 fb mov %rdi,%rbx 1e: 48 c7 c7 40 8c 61 94 mov $0xffffffff94618c40,%rdi 25: e8 92 d3 5a 01 callq 0x15ad3bc 2a:* 44 0f b6 a3 18 1f 00 movzbl 0x1f18(%rbx),%r12d <-- trapping instruction 31: 00 32: 41 80 fc 01 cmp $0x1,%r12b 36: 0f 87 c8 dc 4e 01 ja 0x14edd04 3c: 45 31 ed xor %r13d,%r13d 3f: 41 rex.B Code starting with the faulting instruction =========================================== 0: 44 0f b6 a3 18 1f 00 movzbl 0x1f18(%rbx),%r12d 7: 00 8: 41 80 fc 01 cmp $0x1,%r12b c: 0f 87 c8 dc 4e 01 ja 0x14edcda 12: 45 31 ed xor %r13d,%r13d 15: 41 rex.B [ 2391.656696] RSP: 0018:ffffb36e0a477d80 EFLAGS: 00010246 [ 2391.661937] RAX: 0000000000000000 RBX: 6b6b6b6b6b6b6b6b RCX: 0000000080000000 [ 2391.669064] RDX: 0000000000000000 RSI: ffffffff9299b722 RDI: ffffffff9299b722 [ 2391.676195] RBP: ffffb36e0a477d98 R08: 000000000000002f R09: 0000000000000002 [ 2391.683321] R10: ffffb36e0a477d70 R11: 0000000000000000 R12: 0000000000000002 [ 2391.690453] R13: ffffb36e0a477e88 R14: ffff99c5803a2230 R15: ffff99c581c39000 [ 2391.697586] FS: 00007fb4b9681740(0000) GS:ffff99c6efa80000(0000) knlGS:0000000000000000 [ 2391.705670] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2391.711410] CR2: 00007fb4b96ab5e0 CR3: 000000010635c002 CR4: 00000000003706f0 [ 2391.718540] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2391.725665] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2391.732797] Call Trace: [ 2391.735240] <TASK> [ 2391.737339] ? show_regs (arch/x86/kernel/dumpstack.c:479) [ 2391.740744] ? die_addr (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:460) [ 2391.744056] ? exc_general_protection (arch/x86/kernel/traps.c:697 arch/x86/kernel/traps.c:642) [ 2391.748766] ? asm_exc_general_protection (arch/x86/include/asm/idtentry.h:564) [ 2391.753652] ? __mutex_lock (kernel/locking/mutex.c:613 (discriminator 3) kernel/locking/mutex.c:747 (discriminator 3)) [ 2391.757487] ? __mutex_lock (kernel/locking/mutex.c:613 (discriminator 3) kernel/locking/mutex.c:747 (discriminator 3)) [ 2391.761318] ? tracing_update_buffers (kernel/trace/trace.c:6470) [ 2391.765851] event_enable_write (kernel/trace/trace_events.c:1408) [ 2391.769976] vfs_write (fs/read_write.c:582) [ 2391.773296] ? close_fd_get_file (fs/file.c:821) [ 2391.777396] ? preempt_count_sub (kernel/sched/core.c:5857 kernel/sched/core.c:5853 kernel/sched/core.c:5875) [ 2391.781496] ksys_write (fs/read_write.c:638) [ 2391.784918] __x64_sys_write (fs/read_write.c:646) [ 2391.788671] do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82) [ 2391.792248] ? do_syscall_64 (arch/x86/entry/common.c:101) [ 2391.795995] ? syscall_exit_to_user_mode (kernel/entry/common.c:299) [ 2391.800785] ? do_syscall_64 (arch/x86/entry/common.c:101) [ 2391.804529] ? do_syscall_64 (arch/x86/entry/common.c:101) [ 2391.808275] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) [ 2391.813327] RIP: 0033:0x7fb4b977c140 [ 2391.816920] Code: 40 00 48 8b 15 c1 9c 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d a1 24 0e 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 All code ======== 0: 40 00 48 8b add %cl,-0x75(%rax) 4: 15 c1 9c 0d 00 adc $0xd9cc1,%eax 9: f7 d8 neg %eax b: 64 89 02 mov %eax,%fs:(%rdx) e: 48 c7 c0 ff ff ff ff mov $0xffffffffffffffff,%rax 15: eb b7 jmp 0xffffffffffffffce 17: 0f 1f 00 nopl (%rax) 1a: 80 3d a1 24 0e 00 00 cmpb $0x0,0xe24a1(%rip) # 0xe24c2 21: 74 17 je 0x3a 23: b8 01 00 00 00 mov $0x1,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 58 ja 0x8a 32: c3 retq 33: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 3a: 48 83 ec 28 sub $0x28,%rsp 3e: 48 rex.W 3f: 89 .byte 0x89 Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 58 ja 0x60 8: c3 retq 9: 0f 1f 80 00 00 00 00 nopl 0x0(%rax) 10: 48 83 ec 28 sub $0x28,%rsp 14: 48 rex.W 15: 89 .byte 0x89 [ 2391.835660] RSP: 002b:00007ffc43b05b38 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 [ 2391.843225] RAX: ffffffffffffffda RBX: 00007ffc43b05d88 RCX: 00007fb4b977c140 [ 2391.850350] RDX: 0000000000000002 RSI: 000056376b59b7d4 RDI: 0000000000000007 [ 2391.857482] RBP: 00007ffc43b05b60 R08: 0000000000000000 R09: 00007fb4b9681740 [ 2391.864615] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2391.871747] R13: 00007ffc43b05d98 R14: 000056376b59ddc8 R15: 00007fb4b9981020 [ 2391.878907] </TASK> [ 2391.881106] Modules linked in: x86_pkg_temp_thermal fuse configfs [ 2391.887288] ---[ end trace 0000000000000000 ]--- [ 2391.891915] RIP: 0010:tracing_update_buffers (kernel/trace/trace.c:6470) [ 2391.897231] Code: 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 55 31 f6 48 89 e5 41 55 41 54 53 48 89 fb 48 c7 c7 40 8c 61 94 e8 92 d3 5a 01 <44> 0f b6 a3 18 1f 00 00 41 80 fc 01 0f 87 c8 dc 4e 01 45 31 ed 41 All code ======== 0: 90 nop 1: 90 nop 2: 90 nop 3: 90 nop 4: 90 nop 5: 90 nop 6: 90 nop 7: 90 nop 8: 90 nop 9: 90 nop a: 90 nop b: 90 nop c: 66 0f 1f 00 nopw (%rax) 10: 55 push %rbp 11: 31 f6 xor %esi,%esi 13: 48 89 e5 mov %rsp,%rbp 16: 41 55 push %r13 18: 41 54 push %r12 1a: 53 push %rbx 1b: 48 89 fb mov %rdi,%rbx 1e: 48 c7 c7 40 8c 61 94 mov $0xffffffff94618c40,%rdi 25: e8 92 d3 5a 01 callq 0x15ad3bc 2a:* 44 0f b6 a3 18 1f 00 movzbl 0x1f18(%rbx),%r12d <-- trapping instruction 31: 00 32: 41 80 fc 01 cmp $0x1,%r12b 36: 0f 87 c8 dc 4e 01 ja 0x14edd04 3c: 45 31 ed xor %r13d,%r13d 3f: 41 rex.B Code starting with the faulting instruction =========================================== 0: 44 0f b6 a3 18 1f 00 movzbl 0x1f18(%rbx),%r12d 7: 00 8: 41 80 fc 01 cmp $0x1,%r12b c: 0f 87 c8 dc 4e 01 ja 0x14edcda 12: 45 31 ed xor %r13d,%r13d 15: 41 rex.B [ 2391.916120] RSP: 0018:ffffb36e0a477d80 EFLAGS: 00010246 [ 2391.921569] RAX: 0000000000000000 RBX: 6b6b6b6b6b6b6b6b RCX: 0000000080000000 [ 2391.928872] RDX: 0000000000000000 RSI: ffffffff9299b722 RDI: ffffffff9299b722 [ 2391.936237] RBP: ffffb36e0a477d98 R08: 000000000000002f R09: 0000000000000002 [ 2391.943388] R10: ffffb36e0a477d70 R11: 0000000000000000 R12: 0000000000000002 [ 2391.950527] R13: ffffb36e0a477e88 R14: ffff99c5803a2230 R15: ffff99c581c39000 [ 2391.957670] FS: 00007fb4b9681740(0000) GS:ffff99c6efa80000(0000) knlGS:0000000000000000 [ 2391.965822] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2391.971579] CR2: 00007fb4b96ab5e0 CR3: 000000010635c002 CR4: 00000000003706f0 [ 2391.978721] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2391.985879] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2391.993028] Kernel panic - not syncing: Fatal exception [ 2391.998287] Kernel Offset: 0x10000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 2392.009066] ---[ end Kernel panic - not syncing: Fatal exception ]--- Links: - https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20231026/te… - https://lkft.validation.linaro.org/scheduler/job/6974179#L5053 metadata: git_ref: master git_repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next git_sha: 2ef7141596eed0b4b45ef18b3626f428a6b0a822 git_describe: next-20231026 kernel_version: 6.6.0-rc7 kernel-config: https://storage.tuxsuite.com/public/linaro/lkft/builds/2XHt24sNSdog7DYY3FLK… artifact-location: https://storage.tuxsuite.com/public/linaro/lkft/builds/2XHt24sNSdog7DYY3FLK… toolchain: gcc-13 -- Linaro LKFT https://lkft.linaro.org

5 months, 4 weeks

3
12
0 0

qemu-arm64: handle_futex_death - kernel/futex/core.c:661 - Unable to handle kernel unknown 43 at virtual address

by Naresh Kamboju

Following kernel crash noticed on qemu-arm64 while running LTP syscalls set_robust_list test case running Linux next 6.6.0-rc7-next-20231026 and 6.6.0-rc7-next-20231025. BAD: next-20231025 Good: next-20231024 Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> Reported-by: Naresh Kamboju <naresh.kamboju(a)linaro.org> Log: ---- <1>[ 203.119139] Unable to handle kernel unknown 43 at virtual address 0001ffff9e2e7d78 <1>[ 203.119838] Mem abort info: <1>[ 203.120064] ESR = 0x000000009793002b <1>[ 203.121040] EC = 0x25: DABT (current EL), IL = 32 bits set_robust_list01 1 TPASS : set_robust_list: retval = -1 (expected -1), errno = 22 (expected 22) set_robust_list01 2 TPASS : set_robust_list: retval = 0 (expected 0), errno = 0 (expected 0) <1>[ 203.124496] SET = 0, FnV = 0 <1>[ 203.124778] EA = 0, S1PTW = 0 <1>[ 203.125029] FSC = 0x2b: unknown 43 <1>[ 203.126470] Data abort info: <1>[ 203.126710] Access size = 4 byte(s) <1>[ 203.126969] SSE = 0, SRT = 19 <1>[ 203.127708] SF = 0, AR = 0 <1>[ 203.128213] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 <1>[ 203.128788] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 <1>[ 203.130416] user pgtable: 4k pages, 52-bit VAs, pgdp=000000010606a780 <1>[ 203.130817] [0001ffff9e2e7d78] pgd=0000000000000000 <0>[ 203.132603] Internal error: Oops: 000000009793002b [#1] PREEMPT SMP <4>[ 203.133483] Modules linked in: btrfs blake2b_generic libcrc32c xor xor_neon raid6_pq zstd_compress crct10dif_ce sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 fuse drm backlight dm_mod ip_tables x_tables <4>[ 203.135177] CPU: 1 PID: 653 Comm: set_robust_list Not tainted 6.6.0-rc7-next-20231026 #1 <4>[ 203.135642] Hardware name: linux,dummy-virt (DT) <4>[ 203.136609] pstate: 83400009 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) <4>[ 203.137028] pc : handle_futex_death (kernel/futex/core.c:661 (discriminator 6)) <4>[ 203.138844] lr : handle_futex_death (arch/arm64/include/asm/uaccess.h:46 (discriminator 1) kernel/futex/core.c:661 (discriminator 1)) <4>[ 203.139132] sp : ffff8000805c3c10 <4>[ 203.139356] x29: ffff8000805c3c10 x28: 0000ffffbf187740 x27: d53bd04035000220 <4>[ 203.140366] x26: 0000000000000000 x25: fff00000c6195280 x24: fff00000c6195280 <4>[ 203.141055] x23: 0000000000000001 x22: ffffa4e6aeef09d0 x21: 0001ffff9e2e7d78 <4>[ 203.141771] x20: 0001ffff9e2e7d78 x19: 0001ffff9e2e7d78 x18: ffff8000805c3cf8 <4>[ 203.142457] x17: 0000000000000000 x16: ffffa4e6aeae7078 x15: 000000000000000a <4>[ 203.143134] x14: 0000000000000000 x13: 1ffe000018258661 x12: ffff8000805c3cf8 <4>[ 203.143809] x11: 0000000000000000 x10: fff00000c12c3308 x9 : ffffa4e6ad0e5748 <4>[ 203.144504] x8 : ffff8000805c3c38 x7 : 0000000000000000 x6 : 0000000000000001 <4>[ 203.145186] x5 : 0000000000000000 x4 : fff00000c6195280 x3 : 0000000000000000 <4>[ 203.145929] x2 : 0000000000000000 x1 : 000ffffffffffffc x0 : 0001ffff9e2e7d78 <4>[ 203.147032] Call trace: <4>[ 203.147254] handle_futex_death (kernel/futex/core.c:661 (discriminator 6)) <4>[ 203.147560] exit_robust_list (kernel/futex/core.c:828) <4>[ 203.148348] futex_exit_release (kernel/futex/core.c:1035 (discriminator 1) kernel/futex/core.c:1131 (discriminator 1)) <4>[ 203.148891] exit_mm_release (kernel/fork.c:1657) <4>[ 203.149669] do_exit (kernel/exit.c:541 kernel/exit.c:858) <4>[ 203.149897] do_group_exit (kernel/exit.c:1002) <4>[ 203.150209] __arm64_sys_exit_group (kernel/exit.c:1032) <4>[ 203.150980] invoke_syscall (arch/arm64/include/asm/current.h:19 arch/arm64/kernel/syscall.c:56) <4>[ 203.151234] el0_svc_common.constprop.0 (include/linux/thread_info.h:127 (discriminator 2) arch/arm64/kernel/syscall.c:144 (discriminator 2)) <4>[ 203.151999] do_el0_svc (arch/arm64/kernel/syscall.c:156) <4>[ 203.152231] el0_svc (arch/arm64/include/asm/daifflags.h:28 arch/arm64/kernel/entry-common.c:133 arch/arm64/kernel/entry-common.c:144 arch/arm64/kernel/entry-common.c:679) <4>[ 203.152936] el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:697) <4>[ 203.153518] el0t_64_sync (arch/arm64/kernel/entry.S:595) <0>[ 203.154424] Code: d50323bf d65f03c0 9248fa93 52800002 (b8400a73) All code ======== 0: d50323bf autiasp 4: d65f03c0 ret 8: 9248fa93 and x19, x20, #0xff7fffffffffffff c: 52800002 mov w2, #0x0 // #0 10:* b8400a73 ldtr w19, [x19] <-- trapping instruction Code starting with the faulting instruction =========================================== 0: b8400a73 ldtr w19, [x19] <4>[ 203.155308] ---[ end trace 0000000000000000 ]--- <1>[ 203.156234] Fixing recursive fault but reboot is needed! <3>[ 203.157116] BUG: using smp_processor_id() in preemptible [00000000] code: set_robust_list/653 <4>[ 203.158116] caller is debug_smp_processor_id (lib/smp_processor_id.c:61) <4>[ 203.158983] CPU: 1 PID: 653 Comm: set_robust_list Tainted: G D 6.6.0-rc7-next-20231026 #1 <4>[ 203.159451] Hardware name: linux,dummy-virt (DT) <4>[ 203.159990] Call trace: <4>[ 203.160394] dump_backtrace (arch/arm64/kernel/stacktrace.c:235) <4>[ 203.160625] show_stack (arch/arm64/kernel/stacktrace.c:242) <4>[ 203.160854] dump_stack_lvl (lib/dump_stack.c:107) <4>[ 203.161869] dump_stack (lib/dump_stack.c:114) <4>[ 203.162093] check_preemption_disabled (arch/arm64/include/asm/current.h:19 arch/arm64/include/asm/preempt.h:54 lib/smp_processor_id.c:53) <4>[ 203.162898] debug_smp_processor_id (lib/smp_processor_id.c:61) <4>[ 203.163176] __schedule (kernel/sched/core.c:6578 (discriminator 1)) <4>[ 203.163894] do_task_dead (kernel/sched/core.c:6705) <4>[ 203.164143] make_task_dead (arch/arm64/include/asm/atomic_ll_sc.h:95 (discriminator 3) arch/arm64/include/asm/atomic.h:49 (discriminator 3) include/linux/atomic/atomic-arch-fallback.h:747 (discriminator 3) include/linux/atomic/atomic-instrumented.h:253 (discriminator 3) include/linux/refcount.h:193 (discriminator 3) include/linux/refcount.h:250 (discriminator 3) include/linux/refcount.h:267 (discriminator 3) kernel/exit.c:979 (discriminator 3)) <4>[ 203.164871] die (arch/arm64/kernel/traps.c:239) <4>[ 203.165093] die_kernel_fault (arch/arm64/mm/fault.c:321) <4>[ 203.165905] do_mem_abort (arch/arm64/mm/fault.c:850) <4>[ 203.166149] el1_abort (arch/arm64/include/asm/daifflags.h:28 arch/arm64/kernel/entry-common.c:399) <4>[ 203.166864] el1h_64_sync_handler (arch/arm64/kernel/entry-common.c:486) <4>[ 203.167173] el1h_64_sync (arch/arm64/kernel/entry.S:590) <4>[ 203.167824] handle_futex_death (kernel/futex/core.c:661 (discriminator 6)) <4>[ 203.168329] exit_robust_list (kernel/futex/core.c:828) <4>[ 203.168829] futex_exit_release (kernel/futex/core.c:1035 (discriminator 1) kernel/futex/core.c:1131 (discriminator 1)) <4>[ 203.169375] exit_mm_release (kernel/fork.c:1657) <4>[ 203.169884] do_exit (kernel/exit.c:541 kernel/exit.c:858) <4>[ 203.170372] do_group_exit (kernel/exit.c:1002) <4>[ 203.170857] __arm64_sys_exit_group (kernel/exit.c:1032) <4>[ 203.171643] invoke_syscall (arch/arm64/include/asm/current.h:19 arch/arm64/kernel/syscall.c:56) <4>[ 203.172281] el0_svc_common.constprop.0 (include/linux/thread_info.h:127 (discriminator 2) arch/arm64/kernel/syscall.c:144 (discriminator 2)) <4>[ 203.172815] do_el0_svc (arch/arm64/kernel/syscall.c:156) <4>[ 203.173284] el0_svc (arch/arm64/include/asm/daifflags.h:28 arch/arm64/kernel/entry-common.c:133 arch/arm64/kernel/entry-common.c:144 arch/arm64/kernel/entry-common.c:679) <4>[ 203.173769] el0t_64_sync_handler (arch/arm64/kernel/entry-common.c:697) <4>[ 203.174052] el0t_64_sync (arch/arm64/kernel/entry.S:595) Links: - https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20231026/te… - https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20231026/te… - https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20231026/te… -- Linaro LKFT https://lkft.linaro.org

5 months, 4 weeks

3
10
0 0

Daily cts/vts report for lkft - 2023-Oct-31

by lava＠validation.linaro.org

Total jobs: 32 Total errors: 6 (18.75%) LAVA errors: 0 (0.00%) Test errors: 4 (12.50%) Job errors: 2 (6.25%) Infra errors: 0 (0.00%) Canceled jobs: 0 (0.00%) Device type: dragonboard-845c Total jobs: 17 Total errors: 2 (11.76%) Error type: Job Error count: 2 (11.76%) Error: auto-login action timed out Count: 2 (11.76%) IDs: db845c-04: 6985009 db845c-10: 6985002 Device type: qrb5165-rb5 Total jobs: 11 Total errors: 4 (36.36%) Error type: Test Error count: 4 (36.36%) Error: No match for error type 'Test', message 'The network seems not available, as the ping command failed' Count: 1 (9.09%) IDs: rb5-05: 6985082 Error: No match for error type 'Test', message 'tradefed - adb device lost[4fc7b22]' Count: 1 (9.09%) IDs: rb5-06: 6985069 Error: No match for error type 'Test', message 'tradefed - adb device lost[74d67c95]' Count: 2 (18.18%) IDs: rb5-03: 6985053 6985066 Device type: x15 Total jobs: 1 Total errors: 0 (0.00%) Device type: x86 Total jobs: 1 Total errors: 0 (0.00%) Device type: bcm2711-rpi-4-b Total jobs: 1 Total errors: 0 (0.00%) Device type: e850-96 Total jobs: 1 Total errors: 0 (0.00%)

5 months, 4 weeks

1
0
0 0

Daily report for validation - 2023-Oct-31

by lava＠validation.linaro.org

Total jobs: 188 Total errors: 43 (22.87%) LAVA errors: 0 (0.00%) Test errors: 10 (5.32%) Job errors: 31 (16.49%) Infra errors: 2 (1.06%) Canceled jobs: 0 (0.00%) Device type: beaglebone-black Total jobs: 20 Total errors: 0 (0.00%) Device type: bcm2837-rpi-3-b-32 Total jobs: 17 Total errors: 0 (0.00%) Device type: hi6220-hikey-r2 Total jobs: 1 Total errors: 0 (0.00%) Device type: dragonboard-820c Total jobs: 8 Total errors: 7 (87.50%) Error type: Infrastructure Error count: 1 (12.50%) Error: No match for error type 'Infrastructure', message 'wait-device-boardid timed out after 1717 seconds' Count: 1 (12.50%) IDs: dragonboard-820c-01: 4011786 Error type: Job Error count: 6 (75.00%) Error: No match for error type 'Job', message 'Unable to run 'docker' 'run' '--rm' '--init' '--workdir=/lava-downloads' '--device=/dev/kvm' '--mount=type=bind,source=/var/lib/lava/dispatcher/tmp/4011753/downloads/common,destination=/lava-downloads' 'linaro/kir:master' '/lava-downloads/postprocess.sh'' Count: 1 (12.50%) IDs: dragonboard-820c-01: 4011753 Error: No match for error type 'Job', message 'Unable to run 'docker' 'run' '--rm' '--init' '--workdir=/lava-downloads' '--device=/dev/kvm' '--mount=type=bind,source=/var/lib/lava/dispatcher/tmp/4011728/downloads/common,destination=/lava-downloads' 'linaro/kir:master' '/lava-downloads/postprocess.sh'' Count: 1 (12.50%) IDs: dragonboard-820c-01: 4011728 Error: No match for error type 'Job', message 'Unable to run 'docker' 'run' '--rm' '--init' '--workdir=/lava-downloads' '--device=/dev/kvm' '--mount=type=bind,source=/var/lib/lava/dispatcher/tmp/4011692/downloads/common,destination=/lava-downloads' 'linaro/kir:master' '/lava-downloads/postprocess.sh'' Count: 1 (12.50%) IDs: dragonboard-820c-01: 4011692 Error: No match for error type 'Job', message 'Unable to run 'docker' 'run' '--rm' '--init' '--workdir=/lava-downloads' '--device=/dev/kvm' '--mount=type=bind,source=/var/lib/lava/dispatcher/tmp/4011653/downloads/common,destination=/lava-downloads' 'linaro/kir:master' '/lava-downloads/postprocess.sh'' Count: 1 (12.50%) IDs: dragonboard-820c-01: 4011653 Error: No match for error type 'Job', message 'Unable to run 'docker' 'run' '--rm' '--init' '--workdir=/lava-downloads' '--device=/dev/kvm' '--mount=type=bind,source=/var/lib/lava/dispatcher/tmp/4011641/downloads/common,destination=/lava-downloads' 'linaro/kir:master' '/lava-downloads/postprocess.sh'' Count: 1 (12.50%) IDs: dragonboard-820c-01: 4011641 Error: No match for error type 'Job', message 'Unable to run 'docker' 'run' '--rm' '--init' '--workdir=/lava-downloads' '--device=/dev/kvm' '--mount=type=bind,source=/var/lib/lava/dispatcher/tmp/4011634/downloads/common,destination=/lava-downloads' 'linaro/kir:master' '/lava-downloads/postprocess.sh'' Count: 1 (12.50%) IDs: dragonboard-820c-01: 4011634 Device type: hi960-hikey Total jobs: 37 Total errors: 10 (27.03%) Error type: Test Error count: 10 (27.03%) Error: Device NOT found! Count: 9 (24.32%) IDs: hi960-hikey-03: 4011541 4011629 4011717 hi960-hikey-05: 4011610 4011618 4011741 4011742 4011743 4011785 Error: No match for error type 'Test', message 'tradefed - adb device lost[57DD383701799F9A]' Count: 1 (2.70%) IDs: hi960-hikey-05: 4011224 Device type: x86 Total jobs: 15 Total errors: 0 (0.00%) Device type: qemu Total jobs: 5 Total errors: 0 (0.00%) Device type: frdm-kw41z Total jobs: 2 Total errors: 0 (0.00%) Device type: frdm-k64f Total jobs: 3 Total errors: 0 (0.00%) Device type: docker Total jobs: 3 Total errors: 0 (0.00%) Device type: x15-bl Total jobs: 1 Total errors: 0 (0.00%) Device type: soca9 Total jobs: 2 Total errors: 0 (0.00%) Device type: x15 Total jobs: 40 Total errors: 20 (50.00%) Error type: Job Error count: 19 (47.50%) Error: wait for prompt timed out Count: 18 (45.00%) IDs: x15-01: 4011662 4011668 4011676 4011679 4011682 4011686 4011687 4011690 4011700 4011709 4011712 4011715 4011723 4011735 4011740 4011755 4011762 4011767 Error: No match for error type 'Job', message '[ 3.676544] Kernel panic - not syncing: Fatal exception in interrupt [ 3.682922] CPU1: stopping [ 3.682952] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G D 6.6.0-rc7-00270-g55bd4c6e40ad #1 [ 3.682952] Hardware name: Generic DRA74X (Flattened Device Tree) [ 3.682952] unwind_backtrace from show_stack+0x10/0x14 [ 3.682983] show_stack from dump_stack_lvl+0x40/0x4c [ 3.682983] dump_stack_lvl from do_handle_IPI+0x194/0x1f4 [ 3.683013] do_handle_IPI from ipi_handler+0x14/0x20 [ 3.683044] ipi_handler from handle_percpu_devid_irq+0x84/0x1d0 [ 3.683044] handle_percpu_devid_irq from handle_irq_desc+0x1c/0x2c [ 3.683074] handle_irq_desc from gic_handle_irq+0x6c/0x90 [ 3.683074] gic_handle_irq from generic_handle_arch_irq+0x2c/0x64 [ 3.683105] generic_handle_arch_irq from call_with_stack+0x18/0x20 [ 3.683135] call_with_stack from __irq_svc+0x98/0xb4 [ 3.683135] Exception stack(0xf0049f58 to 0xf0049fa0) [ 3.683166] 9f40: 00006bf4 00000001 [ 3.683166] 9f60: 00000001 00000000 c110d250 c1949ec0 c1005218 c1005274 00000000 00000000 [ 3.683166] 9f80: 00000000 00000000 00000000 f0049fa8 c0b0fef8 c0b1123c 60000013 ffffffff [ 3.683166] __irq_svc from default_idle_call+0x14/0xfc [ 3.683197] default_idle_call from do_idle+0x1e8/0x288 [ 3.683197] do_idle from cpu_startup_entry+0x28/0x2c [ 3.683227] cpu_startup_entry from secondary_start_kernel+0x118/0x130 [ 3.683227] secondary_start_kernel from 0x80101754 [ 3.814453] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---' Count: 1 (2.50%) IDs: x15-01: 4011659 Error type: Infrastructure Error count: 1 (2.50%) Error: Unable to download job artefacts Count: 1 (2.50%) IDs: x15-01: 4011707 Device type: dragonboard-410c Total jobs: 8 Total errors: 0 (0.00%) Device type: dragonboard-845c Total jobs: 11 Total errors: 6 (54.55%) Error type: Job Error count: 6 (54.55%) Error: No match for error type 'Job', message 'login-action timed out after 874 seconds' Count: 1 (9.09%) IDs: dragonboard-845c-05: 4011752 Error: wait for prompt timed out Count: 3 (27.27%) IDs: dragonboard-845c-02: 4011730 dragonboard-845c-07: 4011696 dragonboard-845c-08: 4011642 Error: No match for error type 'Job', message 'login-action timed out after 875 seconds' Count: 2 (18.18%) IDs: dragonboard-845c-02: 4011654 dragonboard-845c-05: 4011636 Device type: synquacer Total jobs: 15 Total errors: 0 (0.00%)

5 months, 4 weeks

1
0
0 0

Re: [PATCH v2] eventfs: Test for ei->is_freed when accessing ei->dentry

by Naresh Kamboju

On Sun, 29 Oct 2023 at 02:16, Steven Rostedt <rostedt(a)goodmis.org> wrote: > > From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> > > The eventfs_inode (ei) is protected by SRCU, but the ei->dentry is not. It > is protected by the eventfs_mutex. Anytime the eventfs_mutex is released, > and access to the ei->dentry needs to be done, it should first check if > ei->is_freed is set under the eventfs_mutex. If it is, then the ei->dentry > is invalid and must not be used. The ei->dentry must only be accessed > under the eventfs_mutex and after checking if ei->is_freed is set. > > When the ei is being freed, it will (under the eventfs_mutex) set is_freed > and at the same time move the dentry to a free list to be cleared after > the eventfs_mutex is released. This means that any access to the > ei->dentry must check first if ei->is_freed is set, because if it is, then > the dentry is on its way to be freed. > > Also add comments to describe this better. > > Link: https://lore.kernel.org/all/CA+G9fYt6pY+tMZEOg=SoEywQOe19fGP3uR15SGowkdK+_X… > Link: https://lore.kernel.org/all/CA+G9fYuDP3hVQ3t7FfrBAjd_WFVSurMgCepTxunSJf=MTe… > > Fixes: 5790b1fb3d672 ("eventfs: Remove eventfs_file and just use eventfs_inode") > Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> > Reported-by: Naresh Kamboju <naresh.kamboju(a)linaro.org> > Reported-by: Beau Belgrave <beaub(a)linux.microsoft.com> > Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> Following build errors have been noticed. fs/tracefs/event_inode.c:348:1: error: return type defaults to 'int' [-Werror=implicit-int] 348 | create_dir_dentry(struct eventfs_inode *pei, struct eventfs_inode *ei, | ^~~~~~~~~~~~~~~~~ In file included from include/uapi/linux/posix_types.h:5, from include/uapi/linux/types.h:14, from include/linux/types.h:6, from include/linux/kasan-checks.h:5, from include/asm-generic/rwonce.h:26, from ./arch/x86/include/generated/asm/rwonce.h:1, from include/linux/compiler.h:251, from include/linux/build_bug.h:5, from include/linux/bits.h:21, from include/linux/bitops.h:6, from include/linux/radix-tree.h:11, from include/linux/idr.h:15, from include/linux/fsnotify_backend.h:13, from include/linux/fsnotify.h:15, from fs/tracefs/event_inode.c:17: fs/tracefs/event_inode.c: In function 'create_dir_dentry': include/linux/stddef.h:8:14: error: returning 'void *' from a function with return type 'int' makes integer from pointer without a cast [-Werror=int-conversion] 8 | #define NULL ((void *)0) | ^ fs/tracefs/event_inode.c:357:24: note: in expansion of macro 'NULL' 357 | return NULL; | ^~~~ fs/tracefs/event_inode.c:366:24: error: returning 'struct dentry *' from a function with return type 'int' makes integer from pointer without a cast [-Werror=int-conversion] 366 | return dentry; | ^~~~~~ fs/tracefs/event_inode.c:394:24: error: returning 'struct dentry *' from a function with return type 'int' makes integer from pointer without a cast [-Werror=int-conversion] 394 | return dentry; | ^~~~~~ fs/tracefs/event_inode.c:416:34: error: returning 'struct dentry *' from a function with return type 'int' makes integer from pointer without a cast [-Werror=int-conversion] 416 | return invalidate ? NULL : dentry; | ~~~~~~~~~~~~~~~~~~^~~~~~~~ fs/tracefs/event_inode.c: In function 'dcache_dir_open_wrapper': fs/tracefs/event_inode.c:609:49: error: passing argument 2 of 'create_dir_dentry' from incompatible pointer type [-Werror=incompatible-pointer-types] 609 | d = create_dir_dentry(ei_child, parent, false); | ^~~~~~ | | | struct dentry * fs/tracefs/event_inode.c:348:68: note: expected 'struct eventfs_inode *' but argument is of type 'struct dentry *' 348 | create_dir_dentry(struct eventfs_inode *pei, struct eventfs_inode *ei, | ~~~~~~~~~~~~~~~~~~~~~~^~ fs/tracefs/event_inode.c:609:21: error: too few arguments to function 'create_dir_dentry' 609 | d = create_dir_dentry(ei_child, parent, false); | ^~~~~~~~~~~~~~~~~ fs/tracefs/event_inode.c:348:1: note: declared here 348 | create_dir_dentry(struct eventfs_inode *pei, struct eventfs_inode *ei, | ^~~~~~~~~~~~~~~~~ fs/tracefs/event_inode.c:625:19: error: assignment to 'struct dentry *' from 'int' makes pointer from integer without a cast [-Werror=int-conversion] 625 | d = create_dir_dentry(ei, ei_child, parent, false); | ^ fs/tracefs/event_inode.c:626:46: error: left-hand operand of comma expression has no effect [-Werror=unused-value] 626 | parent, name, mode, cdata, fops, false); | ^ fs/tracefs/event_inode.c:626:52: error: left-hand operand of comma expression has no effect [-Werror=unused-value] 626 | parent, name, mode, cdata, fops, false); | ^ fs/tracefs/event_inode.c:626:58: error: left-hand operand of comma expression has no effect [-Werror=unused-value] 626 | parent, name, mode, cdata, fops, false); | ^ fs/tracefs/event_inode.c:626:65: error: left-hand operand of comma expression has no effect [-Werror=unused-value] 626 | parent, name, mode, cdata, fops, false); | ^ fs/tracefs/event_inode.c:626:71: error: left-hand operand of comma expression has no effect [-Werror=unused-value] 626 | parent, name, mode, cdata, fops, false); | ^ fs/tracefs/event_inode.c:626:71: error: statement with no effect [-Werror=unused-value] fs/tracefs/event_inode.c:626:78: error: expected ';' before ')' token 626 | parent, name, mode, cdata, fops, false); | ^ | ; fs/tracefs/event_inode.c:626:78: error: expected statement before ')' token fs/tracefs/event_inode.c: In function 'eventfs_remove_dir': fs/tracefs/event_inode.c:921:1: error: invalid use of void expression 921 | + call_srcu(&eventfs_srcu, &ei->rcu, free_rcu_ei); | ^ cc1: all warnings being treated as errors Links: - https://storage.tuxsuite.com/public/linaro/naresh/builds/2XQUK9V1Fm5uX0Gdoa… > --- > > Changes since v1: https://lore.kernel.org/all/20231028163749.0d3429a1@rorschach.local.home/ > > - Add comment about ei->is_freed is a union along with ei->rcu and > ei->del_list so that others can find where ei->is_freed is set and > not get confused about why ei->dentry is being removed but ei->is_freed > isn't mentioned. > > - And fixed change log to remove the double "Reported-by". > > fs/tracefs/event_inode.c | 65 +++++++++++++++++++++++++++++++++------- > fs/tracefs/internal.h | 3 +- > 2 files changed, 56 insertions(+), 12 deletions(-) > > diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c > index 4d2da7480e5f..45bddce7c747 100644 > --- a/fs/tracefs/event_inode.c > +++ b/fs/tracefs/event_inode.c > @@ -24,7 +24,20 @@ > #include <linux/delay.h> > #include "internal.h" > > +/* > + * eventfs_mutex protects the eventfs_inode (ei) dentry. Any access > + * to the ei->dentry must be done under this mutex and after checking > + * if ei->is_freed is not set. The ei->dentry is released under the > + * mutex at the same time ei->is_freed is set. If ei->is_freed is set > + * then the ei->dentry is invalid. > + */ > static DEFINE_MUTEX(eventfs_mutex); > + > +/* > + * The eventfs_inode (ei) itself is protected by SRCU. It is released from > + * its parent's list and will have is_freed set (under eventfs_mutex). > + * After the SRCU grace period is over, the ei may be freed. > + */ > DEFINE_STATIC_SRCU(eventfs_srcu); > > static struct dentry *eventfs_root_lookup(struct inode *dir, > @@ -234,6 +247,10 @@ create_file_dentry(struct eventfs_inode *ei, struct dentry **e_dentry, > bool invalidate = false; > > mutex_lock(&eventfs_mutex); > + if (ei->is_freed) { > + mutex_unlock(&eventfs_mutex); > + return NULL; > + } > /* If the e_dentry already has a dentry, use it */ > if (*e_dentry) { > /* lookup does not need to up the ref count */ > @@ -307,6 +324,8 @@ static void eventfs_post_create_dir(struct eventfs_inode *ei) > struct eventfs_inode *ei_child; > struct tracefs_inode *ti; > > + lockdep_assert_held(&eventfs_mutex); > + > /* srcu lock already held */ > /* fill parent-child relation */ > list_for_each_entry_srcu(ei_child, &ei->children, list, > @@ -320,6 +339,7 @@ static void eventfs_post_create_dir(struct eventfs_inode *ei) > > /** > * create_dir_dentry - Create a directory dentry for the eventfs_inode > + * @pei: The eventfs_inode parent of ei. > * @ei: The eventfs_inode to create the directory for > * @parent: The dentry of the parent of this directory > * @lookup: True if this is called by the lookup code > @@ -327,12 +347,17 @@ static void eventfs_post_create_dir(struct eventfs_inode *ei) > * This creates and attaches a directory dentry to the eventfs_inode @ei. > */ > static struct dentry * > -create_dir_dentry(struct eventfs_inode *ei, struct dentry *parent, bool lookup) > +create_dir_dentry(struct eventfs_inode *pei, struct eventfs_inode *ei, > + struct dentry *parent, bool lookup) > { > bool invalidate = false; > struct dentry *dentry = NULL; > > mutex_lock(&eventfs_mutex); > + if (pei->is_freed || ei->is_freed) { > + mutex_unlock(&eventfs_mutex); > + return NULL; > + } > if (ei->dentry) { > /* If the dentry already has a dentry, use it */ > dentry = ei->dentry; > @@ -435,7 +460,7 @@ static struct dentry *eventfs_root_lookup(struct inode *dir, > */ > mutex_lock(&eventfs_mutex); > ei = READ_ONCE(ti->private); > - if (ei) > + if (ei && !ei->is_freed) > ei_dentry = READ_ONCE(ei->dentry); > mutex_unlock(&eventfs_mutex); > > @@ -449,7 +474,7 @@ static struct dentry *eventfs_root_lookup(struct inode *dir, > if (strcmp(ei_child->name, name) != 0) > continue; > ret = simple_lookup(dir, dentry, flags); > - create_dir_dentry(ei_child, ei_dentry, true); > + create_dir_dentry(ei, ei_child, ei_dentry, true); > created = true; > break; > } > @@ -583,7 +608,7 @@ static int dcache_dir_open_wrapper(struct inode *inode, struct file *file) > > list_for_each_entry_srcu(ei_child, &ei->children, list, > srcu_read_lock_held(&eventfs_srcu)) { > - d = create_dir_dentry(ei_child, parent, false); > + d = create_dir_dentry(ei, ei_child, parent, false); > if (d) { > ret = add_dentries(&dentries, d, cnt); > if (ret < 0) > @@ -637,6 +662,13 @@ static int dcache_readdir_wrapper(struct file *file, struct dir_context *ctx) > return ret; > } > > +static void free_ei(struct eventfs_inode *ei) > +{ > + kfree_const(ei->name); > + kfree(ei->d_children); > + kfree(ei); > +} > + > /** > * eventfs_create_dir - Create the eventfs_inode for this directory > * @name: The name of the directory to create. > @@ -700,12 +732,20 @@ struct eventfs_inode *eventfs_create_dir(const char *name, struct eventfs_inode > ei->nr_entries = size; > ei->data = data; > INIT_LIST_HEAD(&ei->children); > + INIT_LIST_HEAD(&ei->list); > > mutex_lock(&eventfs_mutex); > - list_add_tail(&ei->list, &parent->children); > - ei->d_parent = parent->dentry; > + if (!parent->is_freed) { > + list_add_tail(&ei->list, &parent->children); > + ei->d_parent = parent->dentry; > + } > mutex_unlock(&eventfs_mutex); > > + /* Was the parent freed? */ > + if (list_empty(&ei->list)) { > + free_ei(ei); > + ei = NULL; > + } > return ei; > } > > @@ -787,13 +827,11 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry > return ERR_PTR(-ENOMEM); > } > > -static void free_ei(struct rcu_head *head) > +static void free_rcu_ei(struct rcu_head *head) > { > struct eventfs_inode *ei = container_of(head, struct eventfs_inode, rcu); > > - kfree_const(ei->name); > - kfree(ei->d_children); > - kfree(ei); > + free_ei(ei); > } > > /** > @@ -880,7 +918,12 @@ void eventfs_remove_dir(struct eventfs_inode *ei) > for (i = 0; i < ei->nr_entries; i++) > unhook_dentry(&ei->d_children[i], &dentry_list); > unhook_dentry(&ei->dentry, &dentry_list); > - call_srcu(&eventfs_srcu, &ei->rcu, free_ei); > + /* > + * Note, ei->is_freed is a union along with ei->rcu > + * and ei->del_list. When the ei is added to either > + * of those lists, it automatically sets ei->is_freed. > + */ > + call_srcu(&eventfs_srcu, &ei->rcu, free_rcu_ei); > } > mutex_unlock(&eventfs_mutex); > > diff --git a/fs/tracefs/internal.h b/fs/tracefs/internal.h > index 64fde9490f52..21a1fa682b74 100644 > --- a/fs/tracefs/internal.h > +++ b/fs/tracefs/internal.h > @@ -30,7 +30,7 @@ struct eventfs_inode { > const struct eventfs_entry *entries; > const char *name; > struct list_head children; > - struct dentry *dentry; > + struct dentry *dentry; /* Check is_freed to access */ > struct dentry *d_parent; > struct dentry **d_children; > void *data; > @@ -39,6 +39,7 @@ struct eventfs_inode { > * @del_list: list of eventfs_inode to delete > * @rcu: eventfs_inode to delete in RCU > * @is_freed: node is freed if one of the above is set > + * Note if is_freed is set, then dentry is corrupted. > */ > union { > struct list_head del_list; > -- > 2.42.0 >

5 months, 4 weeks

2
4
0 0

Daily cts/vts report for lkft - 2023-Oct-30

by lava＠validation.linaro.org

Total jobs: 13 Total errors: 1 (7.69%) LAVA errors: 0 (0.00%) Test errors: 1 (7.69%) Job errors: 0 (0.00%) Infra errors: 0 (0.00%) Canceled jobs: 0 (0.00%) Device type: qrb5165-rb5 Total jobs: 3 Total errors: 1 (33.33%) Error type: Test Error count: 1 (33.33%) Error: No match for error type 'Test', message 'tradefed - adb device lost[4fc7b22]' Count: 1 (33.33%) IDs: rb5-06: 6983018 Device type: dragonboard-845c Total jobs: 4 Total errors: 0 (0.00%) Device type: juno-r2 Total jobs: 2 Total errors: 0 (0.00%) Device type: bcm2711-rpi-4-b Total jobs: 2 Total errors: 0 (0.00%) Device type: dragonboard-410c Total jobs: 2 Total errors: 0 (0.00%)

6 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Lkft-triage October 2023