| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Mar 2017 06:41:56 +0800
From: kernel test robot <fengguang.wu@...el.com>
To: Omar Sandoval <osandov@...com>
Cc: LKP <lkp@...org>, linux-kernel@...r.kernel.org,
linux-block@...r.kernel.org, Jens Axboe <axboe@...nel.dk>,
wfg@...ux.intel.com
Subject: [blk-stat] 34dbad5d26: BUG: KASAN: null-ptr-deref on address
0000000000000030
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git for-next
commit 34dbad5d26e2f4b88e60f0e9ad03f99480802812
Author: Omar Sandoval <osandov@...com>
AuthorDate: Tue Mar 21 08:56:08 2017 -0700
Commit: Jens Axboe <axboe@...com>
CommitDate: Tue Mar 21 10:03:11 2017 -0600
blk-stat: convert to callback-based statistics reporting
Currently, statistics are gathered in ~0.13s windows, and users grab the
statistics whenever they need them. This is not ideal for both in-tree
users:
1. Writeback throttling wants its own dynamically sized window of
statistics. Since the blk-stats statistics are reset after every
window and the wbt windows don't line up with the blk-stats windows,
wbt doesn't see every I/O.
2. Polling currently grabs the statistics on every I/O. Again, depending
on how the window lines up, we may miss some I/Os. It's also
unnecessary overhead to get the statistics on every I/O; the hybrid
polling heuristic would be just as happy with the statistics from the
previous full window.
This reworks the blk-stats infrastructure to be callback-based: users
register a callback that they want called at a given time with all of
the statistics from the window during which the callback was active.
Users can dynamically bucketize the statistics. wbt and polling both
currently use read vs. write, but polling can be extended to further
subdivide based on request size.
The callbacks are kept on an RCU list, and each callback has percpu
stats buffers. There will only be a few users, so the overhead on the
I/O completion side is low. The stats flushing is also simplified
considerably: since the timer function is responsible for clearing the
statistics, we don't have to worry about stale statistics.
wbt is a trivial conversion. After the conversion, the windowing problem
mentioned above is fixed.
For polling, we register an extra callback that caches the previous
window's statistics in the struct request_queue for the hybrid polling
heuristic to use.
Since we no longer have a single stats buffer for the request queue,
this also removes the sysfs and debugfs stats entries. To replace those,
we add a debugfs entry for the poll statistics.
Signed-off-by: Omar Sandoval <osandov@...com>
Signed-off-by: Jens Axboe <axboe@...com>
4875253fdd blk-stat: move BLK_RQ_STAT_BATCH definition to blk-stat.c
34dbad5d26 blk-stat: convert to callback-based statistics reporting
34dbad5d26 blk-stat: convert to callback-based statistics reporting
+------------------------------------------+------------+------------+------------+
| | 4875253fdd | 34dbad5d26 | 34dbad5d26 |
+------------------------------------------+------------+------------+------------+
| boot_successes | 33 | 0 | 0 |
| boot_failures | 0 | 48 | 48 |
| BUG:KASAN:null-ptr-deref_on_address | 0 | 48 | 48 |
| BUG:unable_to_handle_kernel | 0 | 48 | 48 |
| Oops:#[##] | 0 | 48 | 48 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 48 | 48 |
+------------------------------------------+------------+------------+------------+
[ 4.462836] kworker/u2:1 (129) used greatest stack depth: 29112 bytes left
[ 4.465516] Hangcheck: starting hangcheck timer 0.9.1 (tick is 180 seconds, margin is 60 seconds).
[ 4.465516] Hangcheck: starting hangcheck timer 0.9.1 (tick is 180 seconds, margin is 60 seconds).
[ 4.805175] ==================================================================
[ 4.805175] ==================================================================
[ 4.807817] BUG: KASAN: null-ptr-deref on address 0000000000000030
[ 4.807817] BUG: KASAN: null-ptr-deref on address 0000000000000030
[ 4.810134] Read of size 8 by task swapper/0/1
[ 4.810134] Read of size 8 by task swapper/0/1
[ 4.811257] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.11.0-rc3-00005-g34dbad5 #1
[ 4.811257] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.11.0-rc3-00005-g34dbad5 #1
[ 4.813351] Call Trace:
[ 4.813351] Call Trace:
[ 4.814224] dump_stack+0x7e/0xa6
[ 4.814224] dump_stack+0x7e/0xa6
[ 4.815203] kasan_report+0x11c/0x46c
[ 4.815203] kasan_report+0x11c/0x46c
[ 4.816331] ? __lock_acquire+0xbc/0x7a8
[ 4.816331] ? __lock_acquire+0xbc/0x7a8
[ 4.821898] __asan_load8+0x64/0x66
[ 4.821898] __asan_load8+0x64/0x66
[ 4.822909] __lock_acquire+0xbc/0x7a8
[ 4.822909] __lock_acquire+0xbc/0x7a8
[ 4.824413] lock_acquire+0x89/0xb6
[ 4.824413] lock_acquire+0x89/0xb6
[ 4.827583] ? blk_stat_add_callback+0x184/0x1ec
[ 4.827583] ? blk_stat_add_callback+0x184/0x1ec
[ 4.829018] _raw_spin_lock+0x2a/0x39
[ 4.829018] _raw_spin_lock+0x2a/0x39
[ 4.832807] ? blk_stat_add_callback+0x184/0x1ec
[ 4.832807] ? blk_stat_add_callback+0x184/0x1ec
[ 4.836900] blk_stat_add_callback+0x184/0x1ec
[ 4.836900] blk_stat_add_callback+0x184/0x1ec
[ 4.838239] wbt_init+0x1a2/0x254
[ 4.838239] wbt_init+0x1a2/0x254
[ 4.842123] blk_register_queue+0x14d/0x1f1
[ 4.842123] blk_register_queue+0x14d/0x1f1
[ 4.843407] device_add_disk+0x5be/0x7ce
[ 4.843407] device_add_disk+0x5be/0x7ce
[ 4.845634] ? blk_alloc_devt+0x159/0x159
[ 4.845634] ? blk_alloc_devt+0x159/0x159
[ 4.847030] ? device_initialize+0x1d9/0x1e8
[ 4.847030] ? device_initialize+0x1d9/0x1e8
[ 4.848480] ? alloc_disk_node+0x1c0/0x1ce
[ 4.848480] ? alloc_disk_node+0x1c0/0x1ce
[ 4.850202] ? brd_alloc+0x2a0/0x2ae
[ 4.850202] ? brd_alloc+0x2a0/0x2ae
[ 4.851404] brd_init+0x106/0x22e
[ 4.851404] brd_init+0x106/0x22e
[ 4.855372] ? ramdisk_size+0x29/0x29
[ 4.855372] ? ramdisk_size+0x29/0x29
[ 4.856702] ? set_debug_rodata+0x20/0x20
[ 4.856702] ? set_debug_rodata+0x20/0x20
[ 4.858217] do_one_initcall+0x118/0x226
[ 4.858217] do_one_initcall+0x118/0x226
[ 4.859269] ? initcall_blacklisted+0x14f/0x14f
[ 4.859269] ? initcall_blacklisted+0x14f/0x14f
[ 4.860409] ? parse_args+0x476/0x489
[ 4.860409] ? parse_args+0x476/0x489
[ 4.862709] ? set_debug_rodata+0x20/0x20
[ 4.862709] ? set_debug_rodata+0x20/0x20
[ 4.864021] kernel_init_freeable+0x1fc/0x2ab
[ 4.864021] kernel_init_freeable+0x1fc/0x2ab
[ 4.869014] ? rest_init+0xdc/0xdc
[ 4.869014] ? rest_init+0xdc/0xdc
[ 4.869907] kernel_init+0x11/0x157
[ 4.869907] kernel_init+0x11/0x157
[ 4.871086] ? rest_init+0xdc/0xdc
[ 4.871086] ? rest_init+0xdc/0xdc
[ 4.871957] ret_from_fork+0x2c/0x40
[ 4.871957] ret_from_fork+0x2c/0x40
[ 4.876237] ==================================================================
[ 4.876237] ==================================================================
[ 4.878151] Disabling lock debugging due to kernel taint
[ 4.878151] Disabling lock debugging due to kernel taint
[ 4.879881] BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
[ 4.879881] BUG: unable to handle kernel NULL pointer dereference at 0000000000000030
[ 4.884106] IP: __lock_acquire+0xbc/0x7a8
[ 4.884106] IP: __lock_acquire+0xbc/0x7a8
[ 4.885698] PGD 0
[ 4.885698] PGD 0
[ 4.885700]
[ 4.885700]
[ 4.886695] Oops: 0000 [#1] PREEMPT SMP KASAN
[ 4.886695] Oops: 0000 [#1] PREEMPT SMP KASAN
[ 4.888175] Modules linked in:
[ 4.888175] Modules linked in:
[ 4.889286] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B 4.11.0-rc3-00005-g34dbad5 #1
[ 4.889286] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B 4.11.0-rc3-00005-g34dbad5 #1
[ 4.892230] task: ffff88001a5d5880 task.stack: ffff88001a5d8000
[ 4.892230] task: ffff88001a5d5880 task.stack: ffff88001a5d8000
[ 4.894176] RIP: 0010:__lock_acquire+0xbc/0x7a8
[ 4.894176] RIP: 0010:__lock_acquire+0xbc/0x7a8
[ 4.895890] RSP: 0000:ffff88001a5dfb18 EFLAGS: 00010046
[ 4.895890] RSP: 0000:ffff88001a5dfb18 EFLAGS: 00010046
[ 4.897769] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81115cff
[ 4.897769] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81115cff
[ 4.900242] RDX: 1ffffffff04e6438 RSI: dffffc0000000000 RDI: 0000000000000096
[ 4.900242] RDX: 1ffffffff04e6438 RSI: dffffc0000000000 RDI: 0000000000000096
[ 4.902700] RBP: ffff88001a5dfb68 R08: 0000000000000001 R09: 0000000000000000
[ 4.902700] RBP: ffff88001a5dfb68 R08: 0000000000000001 R09: 0000000000000000
[ 4.905111] R10: ffff88001a5dfa17 R11: fffffbfff06cbf67 R12: ffff88001a5d5880
[ 4.905111] R10: ffff88001a5dfa17 R11: fffffbfff06cbf67 R12: ffff88001a5d5880
[ 4.910851] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000028
[ 4.910851] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000028
[ 4.912952] FS: 0000000000000000(0000) GS:ffff88001a800000(0000) knlGS:0000000000000000
[ 4.912952] FS: 0000000000000000(0000) GS:ffff88001a800000(0000) knlGS:0000000000000000
[ 4.915677] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4.915677] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4.917673] CR2: 0000000000000030 CR3: 0000000002613000 CR4: 00000000001406f0
[ 4.917673] CR2: 0000000000000030 CR3: 0000000002613000 CR4: 00000000001406f0
[ 4.919920] Call Trace:
[ 4.919920] Call Trace:
[ 4.920500] lock_acquire+0x89/0xb6
[ 4.920500] lock_acquire+0x89/0xb6
[ 4.921430] ? blk_stat_add_callback+0x184/0x1ec
[ 4.921430] ? blk_stat_add_callback+0x184/0x1ec
[ 4.923076] _raw_spin_lock+0x2a/0x39
[ 4.923076] _raw_spin_lock+0x2a/0x39
[ 4.924359] ? blk_stat_add_callback+0x184/0x1ec
[ 4.924359] ? blk_stat_add_callback+0x184/0x1ec
[ 4.926018] blk_stat_add_callback+0x184/0x1ec
[ 4.926018] blk_stat_add_callback+0x184/0x1ec
[ 4.927511] wbt_init+0x1a2/0x254
[ 4.927511] wbt_init+0x1a2/0x254
[ 4.928694] blk_register_queue+0x14d/0x1f1
[ 4.928694] blk_register_queue+0x14d/0x1f1
[ 4.929754] device_add_disk+0x5be/0x7ce
[ 4.929754] device_add_disk+0x5be/0x7ce
[ 4.930735] ? blk_alloc_devt+0x159/0x159
[ 4.930735] ? blk_alloc_devt+0x159/0x159
[ 4.932061] ? device_initialize+0x1d9/0x1e8
[ 4.932061] ? device_initialize+0x1d9/0x1e8
[ 4.933573] ? alloc_disk_node+0x1c0/0x1ce
[ 4.933573] ? alloc_disk_node+0x1c0/0x1ce
[ 4.934985] ? brd_alloc+0x2a0/0x2ae
[ 4.934985] ? brd_alloc+0x2a0/0x2ae
[ 4.936199] brd_init+0x106/0x22e
[ 4.936199] brd_init+0x106/0x22e
[ 4.937395] ? ramdisk_size+0x29/0x29
[ 4.937395] ? ramdisk_size+0x29/0x29
[ 4.938668] ? set_debug_rodata+0x20/0x20
[ 4.938668] ? set_debug_rodata+0x20/0x20
[ 4.940044] do_one_initcall+0x118/0x226
[ 4.940044] do_one_initcall+0x118/0x226
[ 4.941437] ? initcall_blacklisted+0x14f/0x14f
[ 4.941437] ? initcall_blacklisted+0x14f/0x14f
[ 4.942938] ? parse_args+0x476/0x489
[ 4.942938] ? parse_args+0x476/0x489
[ 4.944002] ? set_debug_rodata+0x20/0x20
[ 4.944002] ? set_debug_rodata+0x20/0x20
[ 4.945100] kernel_init_freeable+0x1fc/0x2ab
[ 4.945100] kernel_init_freeable+0x1fc/0x2ab
[ 4.946381] ? rest_init+0xdc/0xdc
[ 4.946381] ? rest_init+0xdc/0xdc
[ 4.947505] kernel_init+0x11/0x157
[ 4.947505] kernel_init+0x11/0x157
[ 4.948757] ? rest_init+0xdc/0xdc
[ 4.948757] ? rest_init+0xdc/0xdc
[ 4.949938] ret_from_fork+0x2c/0x40
[ 4.949938] ret_from_fork+0x2c/0x40
[ 4.950977] Code: a0 4f e6 81 48 c7 c2 a0 4e e6 81 be 97 0c 00 00 e9 a8 00 00 00 83 fb 01 0f 87 b0 00 00 00 41 89 dd 4b 8d 7c ef 08 e8 85 c9 10 00 <4b> 8b 44 ef 08 48 85 c0 0f 84 95 00 00 00 3e ff 80 98 01 00 00
[ 4.950977] Code: a0 4f e6 81 48 c7 c2 a0 4e e6 81 be 97 0c 00 00 e9 a8 00 00 00 83 fb 01 0f 87 b0 00 00 00 41 89 dd 4b 8d 7c ef 08 e8 85 c9 10 00 <4b> 8b 44 ef 08 48 85 c0 0f 84 95 00 00 00 3e ff 80 98 01 00 00
[ 4.956939] RIP: __lock_acquire+0xbc/0x7a8 RSP: ffff88001a5dfb18
[ 4.956939] RIP: __lock_acquire+0xbc/0x7a8 RSP: ffff88001a5dfb18
[ 4.959176] CR2: 0000000000000030
[ 4.959176] CR2: 0000000000000030
[ 4.960169] ---[ end trace 4e180df5ee2e289b ]---
[ 4.960169] ---[ end trace 4e180df5ee2e289b ]---
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 9757e8c35963f662f0a21c80132ccaca74c64b49 c1ae3cfa0e89fa1a7ecc4c99031f5e9ae99d9201 --
git bisect bad 0d3ea4d6c581f6f7e20ca63bdf30d54e3be8d733 # 02:10 B 0 11 22 0 Merge 'linux-review/Hans-de-Goede/gpio-acpi-Call-enable_irq_wake-for-_IAE-GpioInts-with-Wake-set/20170322-005456' into devel-catchup-201703220111
git bisect good 6843e7dacc3f7501dd5d0cc972e5ebe1720c4322 # 02:23 G 11 0 11 11 Merge 'linux-review/Luis-Oliveira/i2c-designware-add-I2C-SLAVE-support/20170321-225058' into devel-catchup-201703220111
git bisect good 49abb38c4e6dcc19ab8772ebb7dec896d99b6ddd # 02:41 G 10 0 0 0 Merge 'arm-platforms/timers/errata-rework' into devel-catchup-201703220111
git bisect bad d266f17d6ec278e015314b0b119c401311398d9f # 02:53 B 0 11 22 0 Merge 'block/for-next' into devel-catchup-201703220111
git bisect good fa2e39cb9ee78f440d99a1bcfa47462c48a6fc11 # 05:38 G 11 0 0 0 blk-stat: use READ and WRITE instead of BLK_STAT_{READ,WRITE}
git bisect bad 34dbad5d26e2f4b88e60f0e9ad03f99480802812 # 05:38 B 0 48 109 0 blk-stat: convert to callback-based statistics reporting
git bisect good 4875253fddd7b6d322f028ad023d44b6efb7f73b # 05:59 G 11 0 0 0 blk-stat: move BLK_RQ_STAT_BATCH definition to blk-stat.c
# first bad commit: [34dbad5d26e2f4b88e60f0e9ad03f99480802812] blk-stat: convert to callback-based statistics reporting
git bisect good 4875253fddd7b6d322f028ad023d44b6efb7f73b # 06:05 G 31 0 0 0 blk-stat: move BLK_RQ_STAT_BATCH definition to blk-stat.c
# extra tests on HEAD of linux-devel/devel-catchup-201703220111
git bisect bad 9757e8c35963f662f0a21c80132ccaca74c64b49 # 06:05 B 0 21 35 0 0day head guard for 'devel-catchup-201703220111'
# extra tests on tree/branch block/for-next
git bisect bad 34dbad5d26e2f4b88e60f0e9ad03f99480802812 # 06:08 B 0 48 109 0 blk-stat: convert to callback-based statistics reporting
# extra tests with first bad commit reverted
git bisect good 13c70c2e8cf9c46ed6442799a1ae3b9d073e53ce # 06:41 G 11 0 0 0 Revert "blk-stat: convert to callback-based statistics reporting"
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-yocto-ivb41-143:20170322032427:x86_64-randconfig-s0-03220031:4.11.0-rc3-00005-g34dbad5:1.gz" of type "application/gzip" (20018 bytes)
View attachment "reproduce-yocto-ivb41-143:20170322032427:x86_64-randconfig-s0-03220031:4.11.0-rc3-00005-g34dbad5:1" of type "text/plain" (903 bytes)
View attachment "config-4.11.0-rc3-00005-g34dbad5" of type "text/plain" (107995 bytes)
Powered by blists - more mailing lists