While running LTP syscalls ioctl_sg01 test case this kernel crash reported on x86_64 and i386 running today's Linux next tag 20201130.
Steps to reproduce: -------------------- # TuxMake is a command line tool and Python library that provides # portable and repeatable Linux kernel builds across a variety of # architectures, toolchains, kernel configurations, and make targets. # # TuxMake supports the concept of runtimes. # See https://docs.tuxmake.org/runtimes/, for that to work it requires # that you install podman or docker on your system. # # To install tuxmake on your system globally: # sudo pip3 install -U tuxmake # # See https://docs.tuxmake.org/ for complete documentation.
# tuxmake --runtime docker --target-arch x86 --toolchain gcc-9 --kconfig defconfig --kconfig-add https://builds.tuxbuild.com/1l0FDtgxYSNunuG5ERIXtvPjZ7R/config # run LTP # cd /opt/ltp # ./runltp -s ioctl_sg01 # you see below crash
Crash log: ----------- ioctl_sg01.c:81: TINFO: Found SCSI device /dev/sg1 [ 285.862123] ================================================================== [ 285.863025] BUG: KASAN: null-ptr-deref in workingset_eviction+0xf2/0x1e0 [ 285.863025] Read of size 4 at addr 00000000000000c8 by task kswapd0/245 [ 285.863025] [ 285.863025] CPU: 1 PID: 245 Comm: kswapd0 Not tainted 5.10.0-rc5-next-20201130 #2 [ 285.863025] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 285.863025] Call Trace: [ 285.863025] dump_stack+0xa4/0xd9 [ 285.863025] ? workingset_eviction+0xf2/0x1e0 [ 285.863025] kasan_report.cold+0x108/0x10a [ 285.863025] ? workingset_eviction+0xf2/0x1e0 [ 285.863025] __asan_load4+0x88/0xb0 [ 285.863025] workingset_eviction+0xf2/0x1e0 [ 285.863025] ? __kasan_check_read+0x11/0x20 [ 285.863025] __remove_mapping+0x2b6/0x350 [ 285.863025] shrink_page_list+0xcfb/0x16e0 [ 285.863025] ? pageout+0x670/0x670 [ 285.863025] ? __kasan_check_write+0x14/0x20 [ 285.863025] ? shrink_inactive_list+0x2cc/0x6b0 [ 285.863025] ? shrink_lruvec+0x680/0x9b0 [ 285.863025] shrink_inactive_list+0x361/0x6b0 [ 285.863025] ? isolate_lru_pages+0x710/0x710 [ 285.863025] ? lruvec_lru_size+0xab/0x130 [ 285.863025] shrink_lruvec+0x680/0x9b0 [ 285.863025] ? shrink_active_list+0x810/0x810 [ 285.863025] ? __update_load_avg_cfs_rq+0x1b7/0x560 [ 285.863025] ? mem_cgroup_iter+0xde/0x4d0 [ 285.863025] shrink_node+0x753/0xcc0 [ 285.863025] balance_pgdat+0x42a/0x7b0 [ 285.863025] ? __node_reclaim+0x3d0/0x3d0 [ 285.863025] ? __schedule+0x6cc/0x11d0 [ 285.863025] ? find_next_bit+0x14/0x20 [ 285.863025] ? cpumask_next+0x1a/0x20 [ 285.863025] kswapd+0x3a8/0x650 [ 285.863025] ? balance_pgdat+0x7b0/0x7b0 [ 285.863025] ? _raw_spin_unlock_irqrestore+0x34/0x40 [ 285.863025] ? __kthread_parkme+0x6d/0xb0 [ 285.863025] ? wait_woken+0x120/0x120 [ 285.863025] ? __kasan_check_read+0x11/0x20 [ 285.863025] ? balance_pgdat+0x7b0/0x7b0 [ 285.863025] kthread+0x1bd/0x210 [ 285.863025] ? kthread_create_on_node+0xd0/0xd0 [ 285.863025] ret_from_fork+0x22/0x30 [ 285.863025] ================================================================== [ 285.863025] Disabling lock debugging due to kernel taint [ 285.863025] BUG: kernel NULL pointer dereference, address: 00000000000000c8 [ 285.863025] #PF: supervisor read access in kernel mode [ 285.863025] #PF: error_code(0x0000) - not-present page [ 285.863025] PGD 1060fd067 P4D 1060fd067 PUD 108d6e067 PMD 0 [ 285.863025] Oops: 0000 [#1] SMP KASAN NOPTI [ 285.863025] CPU: 1 PID: 245 Comm: kswapd0 Tainted: G B 5.10.0-rc5-next-20201130 #2 [ 285.863025] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 285.863025] RIP: 0010:workingset_eviction+0xf2/0x1e0 [ 285.863025] Code: 0f 1f 44 00 00 49 8d bf a8 02 00 00 e8 f7 ee 07 00 4d 8b a7 a8 02 00 00 0f 1f 44 00 00 49 8d bc 24 c8 00 00 00 e8 7e ed 07 00 <41> 0f b7 94 24 c8 00 00 00 4d 8d 67 68 be 08 00 00 00 48 89 55 d0 [ 285.863025] RSP: 0018:ffff8881021e7550 EFLAGS: 00010082 [ 285.863025] RAX: 0000000000000001 RBX: ffffea000429c200 RCX: ffffffff980ac1d7 [ 285.863025] RDX: 1ffffffff33692dc RSI: 0000000000000046 RDI: ffffffff99b496e0 [ 285.863025] RBP: ffff8881021e7580 R08: 0000000000000001 R09: fffffbfff335d4d9 [ 285.863025] R10: ffffffff99aea6c7 R11: fffffbfff335d4d8 R12: 0000000000000000 [ 285.863025] R13: ffff88813fffa000 R14: ffff88813fffd440 R15: ffff88813fffd520 [ 285.863025] FS: 0000000000000000(0000) GS:ffff88811b480000(0000) knlGS:0000000000000000 [ 285.863025] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 285.863025] CR2: 00000000000000c8 CR3: 000000010a998000 CR4: 00000000003506e0 [ 285.863025] Call Trace: [ 285.863025] ? __kasan_check_read+0x11/0x20 [ 285.863025] __remove_mapping+0x2b6/0x350 [ 285.863025] shrink_page_list+0xcfb/0x16e0 [ 285.863025] ? pageout+0x670/0x670 [ 285.863025] ? __kasan_check_write+0x14/0x20 [ 285.863025] ? shrink_inactive_list+0x2cc/0x6b0 [ 285.863025] ? shrink_lruvec+0x680/0x9b0 [ 285.863025] shrink_inactive_list+0x361/0x6b0 [ 285.863025] ? isolate_lru_pages+0x710/0x710 [ 285.863025] ? lruvec_lru_size+0xab/0x130 [ 285.863025] shrink_lruvec+0x680/0x9b0 [ 285.863025] ? shrink_active_list+0x810/0x810 [ 285.863025] ? __update_load_avg_cfs_rq+0x1b7/0x560 [ 285.863025] ? mem_cgroup_iter+0xde/0x4d0 [ 285.863025] shrink_node+0x753/0xcc0 [ 285.863025] balance_pgdat+0x42a/0x7b0 [ 285.863025] ? __node_reclaim+0x3d0/0x3d0 [ 285.863025] ? __schedule+0x6cc/0x11d0 [ 285.863025] ? find_next_bit+0x14/0x20 [ 285.863025] ? cpumask_next+0x1a/0x20 [ 285.863025] kswapd+0x3a8/0x650 [ 285.863025] ? balance_pgdat+0x7b0/0x7b0 [ 285.863025] ? _raw_spin_unlock_irqrestore+0x34/0x40 [ 285.863025] ? __kthread_parkme+0x6d/0xb0 [ 285.863025] ? wait_woken+0x120/0x120 [ 285.863025] ? __kasan_check_read+0x11/0x20 [ 285.863025] ? balance_pgdat+0x7b0/0x7b0 [ 285.863025] kthread+0x1bd/0x210 [ 285.863025] ? kthread_create_on_node+0xd0/0xd0 [ 285.863025] ret_from_fork+0x22/0x30 [ 285.863025] Modules linked in: tun [ 285.863025] CR2: 00000000000000c8 [ 285.863025] ---[ end trace 060018eba39c640c ]--- [ 285.863025] RIP: 0010:workingset_eviction+0xf2/0x1e0 [ 285.863025] Code: 0f 1f 44 00 00 49 8d bf a8 02 00 00 e8 f7 ee 07 00 4d 8b a7 a8 02 00 00 0f 1f 44 00 00 49 8d bc 24 c8 00 00 00 e8 7e ed 07 00 <41> 0f b7 94 24 c8 00 00 00 4d 8d 67 68 be 08 00 00 00 48 89 55 d0 [ 285.863025] RSP: 0018:ffff8881021e7550 EFLAGS: 00010082 [ 285.863025] RAX: 0000000000000001 RBX: ffffea000429c200 RCX: ffffffff980ac1d7 [ 285.863025] RDX: 1ffffffff33692dc RSI: 0000000000000046 RDI: ffffffff99b496e0 [ 285.863025] RBP: ffff8881021e7580 R08: 0000000000000001 R09: fffffbfff335d4d9 [ 285.863025] R10: ffffffff99aea6c7 R11: fffffbfff335d4d8 R12: 0000000000000000 [ 285.863025] R13: ffff88813fffa000 R14: ffff88813fffd440 R15: ffff88813fffd520 [ 285.863025] FS: 0000000000000000(0000) GS:ffff88811b480000(0000) knlGS:0000000000000000 [ 285.863025] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 285.863025] CR2: 00000000000000c8 CR3: 000000010a998000 CR4: 00000000003506e0 [ 285.863025] note: kswapd0[245] exited with preempt_count 1
Reported-by: Naresh Kamboju naresh.kamboju@linaro.org
Full test log link, https://lkft.validation.linaro.org/scheduler/job/1993290#L7948 https://lkft.validation.linaro.org/scheduler/job/1993236#L8528
metadata: git branch: master git repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next git commit: c6b11acc5f85b6e11d128fad8e0b7b223aa7e33f git describe: next-20201130 make_kernelversion: 5.10.0-rc5 kernel-config: https://builds.tuxbuild.com/1l0FDtgxYSNunuG5ERIXtvPjZ7R/config
On Mon, 30 Nov 2020 at 19:52, Naresh Kamboju naresh.kamboju@linaro.org wrote:
[ 285.863025] BUG: kernel NULL pointer dereference, address: 00000000000000c8
This looks to be the same as https://lore.kernel.org/linux-mm/20201130132345.GJ17338@dhcp22.suse.cz/T/#t
在 2020/12/1 上午3:52, Naresh Kamboju 写道:
Crash log:
ioctl_sg01.c:81: TINFO: Found SCSI device /dev/sg1 [ 285.862123] ================================================================== [ 285.863025] BUG: KASAN: null-ptr-deref in workingset_eviction+0xf2/0x1e0 [ 285.863025] Read of size 4 at addr 00000000000000c8 by task kswapd0/245
Hi Naresh,
Good to know you again. :)
Would you like to use command to check whichh line cause the panic:
scripts/faddr2line vmlinux workingset_eviction+0xf2/0x1e0
I can't reproduce it. and my gcc version mismatch with yours.
Thanks Alex
On Tue, Dec 1, 2020 at 4:02 AM Lorenzo Stoakes lstoakes@gmail.com wrote:
On Mon, 30 Nov 2020 at 19:52, Naresh Kamboju naresh.kamboju@linaro.org wrote:
[ 285.863025] BUG: kernel NULL pointer dereference, address: 00000000000000c8
This looks to be the same as https://lore.kernel.org/linux-mm/20201130132345.GJ17338@dhcp22.suse.cz/T/#t
I am sure it is the same issue.
Hi Alex,
On Tue, 1 Dec 2020 at 13:14, Alex Shi alex.shi@linux.alibaba.com wrote:
在 2020/12/1 上午3:52, Naresh Kamboju 写道:
Crash log:
ioctl_sg01.c:81: TINFO: Found SCSI device /dev/sg1 [ 285.862123] ================================================================== [ 285.863025] BUG: KASAN: null-ptr-deref in workingset_eviction+0xf2/0x1e0 [ 285.863025] Read of size 4 at addr 00000000000000c8 by task kswapd0/245
Hi Naresh,
Good to know you again. :)
Same here :)
Would you like to use command to check whichh line cause the panic:
scripts/faddr2line vmlinux workingset_eviction+0xf2/0x1e0
scripts/faddr2line vmlinux workingset_eviction+0xf2/0x1e0 workingset_eviction+0xf2/0x1e0: workingset_eviction at ??:?
vmlinux and system.map files available in this location, https://builds.tuxbuild.com/1l0FDtgxYSNunuG5ERIXtvPjZ7R/
I can't reproduce it. and my gcc version mismatch with yours.
Please run below easy steps to reproduce. you may install docker and tuxmake.
Please share if you have any debug patch or proposed fix patch, I would be happy to test.
Steps to reproduce: -------------------- # TuxMake is a command line tool and Python library that provides # portable and repeatable Linux kernel builds across a variety of # architectures, toolchains, kernel configurations, and make targets. # # TuxMake supports the concept of runtimes. # See https://docs.tuxmake.org/runtimes/, for that to work it requires # that you install podman or docker on your system. # # To install tuxmake on your system globally: # sudo pip3 install -U tuxmake # # See https://docs.tuxmake.org/ for complete documentation.
# tuxmake --runtime docker --target-arch x86_64 --toolchain gcc-9 \ --kconfig defconfig \ --kconfig-add https://builds.tuxbuild.com/1l0FDtgxYSNunuG5ERIXtvPjZ7R/config
# run LTP # cd /opt/ltp # ./runltp -s ioctl_sg01 # you see below crash
- Naresh
On Tue, Dec 1, 2020 at 5:09 PM Naresh Kamboju naresh.kamboju@linaro.org wrote:
Hi Alex,
On Tue, 1 Dec 2020 at 13:14, Alex Shi alex.shi@linux.alibaba.com wrote:
在 2020/12/1 上午3:52, Naresh Kamboju 写道:
Crash log:
ioctl_sg01.c:81: TINFO: Found SCSI device /dev/sg1 [ 285.862123] ================================================================== [ 285.863025] BUG: KASAN: null-ptr-deref in workingset_eviction+0xf2/0x1e0 [ 285.863025] Read of size 4 at addr 00000000000000c8 by task kswapd0/245
Hi Naresh,
Good to know you again. :)
Same here :)
Would you like to use command to check whichh line cause the panic:
scripts/faddr2line vmlinux workingset_eviction+0xf2/0x1e0
scripts/faddr2line vmlinux workingset_eviction+0xf2/0x1e0 workingset_eviction+0xf2/0x1e0: workingset_eviction at ??:?
vmlinux and system.map files available in this location, https://builds.tuxbuild.com/1l0FDtgxYSNunuG5ERIXtvPjZ7R/
I can't reproduce it. and my gcc version mismatch with yours.
Please run below easy steps to reproduce. you may install docker and tuxmake.
Please share if you have any debug patch or proposed fix patch, I would be happy to test.
This is the fix patch. Thanks.
https://lore.kernel.org/linux-mm/20201130132345.GJ17338@dhcp22.suse.cz/T/#m9...
Steps to reproduce:
# TuxMake is a command line tool and Python library that provides # portable and repeatable Linux kernel builds across a variety of # architectures, toolchains, kernel configurations, and make targets. # # TuxMake supports the concept of runtimes. # See https://docs.tuxmake.org/runtimes/, for that to work it requires # that you install podman or docker on your system. # # To install tuxmake on your system globally: # sudo pip3 install -U tuxmake # # See https://docs.tuxmake.org/ for complete documentation.
# tuxmake --runtime docker --target-arch x86_64 --toolchain gcc-9 \ --kconfig defconfig \ --kconfig-add https://builds.tuxbuild.com/1l0FDtgxYSNunuG5ERIXtvPjZ7R/config
# run LTP # cd /opt/ltp # ./runltp -s ioctl_sg01 # you see below crash
- Naresh