FYI, we noticed the following commit (built with gcc-7):
commit: 56d9b2efe552bceedd25e8efe0a0083ef9d541e6 ("VFS: Implement fsopen() to prepare for a mount")
https://git.kernel.org/cgit/linux/kernel/git/viro/vfs.git mount-reordered
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -m 512M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------+------------+------------+
| | e357de7398 | 56d9b2efe5 |
+------------------------------------------+------------+------------+
| boot_successes | 2 | 2 |
| boot_failures | 117 | 66 |
| BUG:unable_to_handle_kernel | 108 | 44 |
| Oops:#[##] | 110 | 51 |
| Kernel_panic-not_syncing:Fatal_exception | 117 | 66 |
| kernel_BUG_at_lib/list_debug.c | 7 | 2 |
| invalid_opcode:#[##] | 7 | 3 |
| RIP:__list_add_valid | 7 | |
| RIP:__list_del_entry_valid | 2 | 35 |
| general_protection_fault:#[##] | 0 | 12 |
| RIP:__x86_indirect_thunk_rax | 0 | 5 |
| RIP:__lock_acquire | 0 | 12 |
| kernel_BUG_at_mm/slob.c | 0 | 1 |
| RIP:slob_alloc | 0 | 1 |
+------------------------------------------+------------+------------+
[ 181.808767] random: get_random_u64 called from arch_pick_mmap_layout+0x60/0x130 with crng_init=0
[ 186.714232] _warn_unseeded_randomness: 11 callbacks suppressed
[ 186.714288] random: get_random_u64 called from copy_process+0x195/0x1ae0 with crng_init=0
[ 186.773591] random: get_random_u64 called from arch_pick_mmap_layout+0x60/0x130 with crng_init=0
[ 186.796449] random: get_random_u64 called from load_elf_binary+0x32e/0x16c6 with crng_init=0
[ 188.431860] general protection fault: 0000 [#1] PREEMPT
[ 188.448873] CPU: 0 PID: 557 Comm: trinity-main Not tainted 4.17.0-rc5-00193-g56d9b2e #1
[ 188.456923] RIP: 0010:__list_del_entry_valid+0x60/0x110
[ 188.462220] RSP: 0018:ffff88001908fd98 EFLAGS: 00010202
[ 188.467563] RAX: 0000000000000000 RBX: ffff880018c946d0 RCX: 0000000000000000
[ 188.474688] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff82eb6298
[ 188.481752] RBP: dead000000000200 R08: 0000000000000000 R09: 0000000000000001
[ 188.488885] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[ 188.496014] R13: dead4ead00000001 R14: ffffffff82253360 R15: 0000000000000000
[ 188.503046] FS: 000000000104a880(0000) GS:ffffffff82a43000(0000) knlGS:0000000000000000
[ 188.511083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 188.516885] CR2: 00007f91821ed000 CR3: 000000001b19f000 CR4: 00000000000006b0
[ 188.523950] Call Trace:
[ 188.526609] list_lru_del+0x25/0x70
[ 188.530284] iput+0x1dc/0x310
[ 188.533328] __dentry_kill+0x114/0x210
[ 188.537144] ? dput+0x29/0x350
[ 188.540362] dentry_kill+0x8c/0x360
[ 188.543952] ? dput+0x29/0x350
[ 188.547163] dput+0x318/0x350
[ 188.550304] __fput+0x1e5/0x2e0
[ 188.553583] task_work_run+0x91/0xc0
[ 188.557209] ? native_irq_disable+0x10/0x10
[ 188.561489] exit_to_usermode_loop+0x101/0x110
[ 188.565956] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 188.571144] RIP: 0033:0x4573da
[ 188.574255] RSP: 002b:00007ffe9767ab18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 188.581807] RAX: ffffffffffffffea RBX: 0000000000000001 RCX: 00000000004573da
[ 188.588843] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[ 188.596052] RBP: 000000000000001e R08: 000000000000001e R09: 0000000000000000
[ 188.603154] R10: 0000000000042831 R11: 0000000000000246 R12: 0000000000000000
[ 188.610247] R13: 0000000000000000 R14: 0000000000042831 R15: 0000000000000000
[ 188.617366] Code: ec 74 79 48 bd 00 02 00 00 00 00 ad de 31 f6 48 c7 c7 98 62 eb 82 49 39 ed 40 0f 94 c6 31 c9 31 d2 e8 d5 5f d7 ff 49 39 ed 74 65 <49> 8b 6d 00 31 f6 48 c7 c7 68 62 eb 82 48 39 dd 40 0f 95 c6 31
[ 188.636703] RIP: __list_del_entry_valid+0x60/0x110 RSP: ffff88001908fd98
[ 188.644757] ---[ end trace b5beff89e3c68ca1 ]---
[ 188.649780] Kernel panic - not syncing: Fatal exception
[ 188.657072] Kernel Offset: disabled
Elapsed time: 210
#!/bin/bash
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Xiaolong
kernel test robot <[email protected]> wrote:
> https://git.kernel.org/cgit/linux/kernel/git/viro/vfs.git mount-reordered
This branch is obsolete.
David