Hi,
Attached reproducer can crash kernel in several minutes. It's
looping a subset of LTP testcases consisting of proc01 and
ftruncate04:
$cat /opt/ltp/runtest/tfile
proc01 proc01 -m 128
ftruncate04 ftruncate04
ftruncate04_64 ftruncate04
After commented out ftruncate calls in ftruncate04.c, it's still
reproduciable.
Latest kernel commit:
commit bc4dee5aa72723632a1f83fd0d3720066c93b433
Merge: 56291b2 8b18e23
Author: Linus Torvalds <[email protected]>
Date: Mon Sep 5 11:10:00 2016 -0700
Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Calltrace:
[ 497.567282] ltptest proc01 start
[ 497.584599] general protection fault: 0000 [#1] SMP
[ 497.609178] Modules linked in: binfmt_misc ext4 jbd2 mbcache loop intel_rapl sb_edac edac_core x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel nd_pmem dax_pmem aesni_intel nd_btt dax lrw gf128mul ipmi_ssif glue_helper nd_e820 ablk_helper iTCO_wdt cryptd hpilo hpwdt libnvdimm iTCO_vendor_support sg nfsd ipmi_si pcspkr ioatdma shpchp i2c_i801 ipmi_msghandler dca pcc_cpufreq lpc_ich acpi_power_meter acpi_cpufreq i2c_smbus wmi auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs libcrc32c sd_mod mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm tg3 ptp hpsa serio_raw crc32c_intel pps_core i2c_core scsi_transport_sas fjes dm_mirror dm_region_hash dm_log dm_mod
[ 497.918435] CPU: 21 PID: 3214 Comm: proc01 Not tainted 4.8.0-rc5+ #1
[ 497.947019] Hardware name: HP ProLiant DL360 Gen9, BIOS P89 05/06/2015
[ 497.976447] task: ffff88085b610000 task.stack: ffff880840a54000
[ 498.003184] RIP: 0010:[<ffffffff81372d90>] [<ffffffff81372d90>] _find_next_bit.part.0+0x10/0x70
[ 498.042662] RSP: 0018:ffff880840a57a60 EFLAGS: 00010a06
[ 498.066543] RAX: 03ffffffffffff00 RBX: ffff88106ca0b000 RCX: 00000000ffffc000
[ 498.099534] RDX: ffffffffffffc000 RSI: ffffffffffffc0fd RDI: ffff88084822a000
[ 498.134230] RBP: ffff880840a57a70 R08: ffffffffffffffff R09: ffffffffffffffff
[ 498.167599] R10: 0000000000000000 R11: 0000000000000040 R12: ffffffffffffc000
[ 498.199576] R13: 0000000000000002 R14: ffff88106ca0c800 R15: ffff8808559f7208
[ 498.231538] FS: 00007f08b4c95800(0000) GS:ffff88085fd40000(0000) knlGS:0000000000000000
[ 498.268080] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 498.293825] CR2: 00007ffd1f4688f8 CR3: 0000000841682000 CR4: 00000000001406e0
[ 498.325787] Stack:
[ 498.334748] ffff880840a57a70 ffffffff81372e2e ffff880840a57ad0 ffffffffa07844aa
[ 498.367913] 0000000000000000 ffff880855aff110 ffff88106ca0b000 0000000000000002
[ 498.401539] ffff88106ca0b000 ffff88106ca0c800 ffff88084822a840 0000000000000002
[ 498.434763] Call Trace:
[ 498.445666] [<ffffffff81372e2e>] ? find_next_zero_bit+0x1e/0x20
[ 498.472276] [<ffffffffa07844aa>] ext4_validate_block_bitmap+0x2da/0x3a0 [ext4]
[ 498.505375] [<ffffffffa07850b7>] ext4_read_block_bitmap_nowait+0x277/0x5e0 [ext4]
[ 498.542504] [<ffffffff81202cae>] ? __kmalloc+0x1ce/0x200
[ 498.566777] [<ffffffffa07c4bb8>] ? ext4_mb_init_cache+0x98/0x750 [ext4]
[ 498.596890] [<ffffffffa07c4c94>] ext4_mb_init_cache+0x174/0x750 [ext4]
[ 498.630241] [<ffffffff811ac16e>] ? lru_cache_add+0xe/0x10
[ 498.657499] [<ffffffff8119b6ca>] ? add_to_page_cache_lru+0x8a/0xf0
[ 498.689362] [<ffffffff8119c67e>] ? pagecache_get_page+0x8e/0x250
[ 498.717082] [<ffffffffa07c53e1>] ext4_mb_init_group+0x171/0x2b0 [ext4]
[ 498.746880] [<ffffffffa07c5b2c>] ext4_mb_load_buddy_gfp+0x47c/0x520 [ext4]
[ 498.778204] [<ffffffffa07c5d2c>] ext4_mb_seq_groups_show+0x15c/0x1e0 [ext4]
[ 498.809757] [<ffffffff8124d714>] ? mntput+0x24/0x40
[ 498.832072] [<ffffffff8123670d>] ? terminate_walk+0xbd/0xd0
[ 498.859406] [<ffffffff81251b17>] seq_read+0x247/0x390
[ 498.884253] [<ffffffff8129cced>] proc_reg_read+0x3d/0x70
[ 498.909589] [<ffffffff8122b647>] __vfs_read+0x37/0x150
[ 498.933715] [<ffffffff812de463>] ? security_file_permission+0xa3/0xc0
[ 498.963390] [<ffffffff8122bc0e>] vfs_read+0x8e/0x140
[ 498.986086] [<ffffffff8122d105>] SyS_read+0x55/0xc0
[ 499.008492] [<ffffffff81003a47>] do_syscall_64+0x67/0x160
[ 499.033269] [<ffffffff816f8b21>] entry_SYSCALL64_slow_path+0x25/0x25
[ 499.062252] Code: 48 8d 04 0a 5d 48 39 f0 48 0f 47 c6 c3 31 c0 5d c3 66 2e 0f 1f 84 00 00 00 00 00 48 89 d0 55 49 89 c8 48 c1 e8 06 49 89 c9 89 d1 <4c> 33 04 c7 48 c7 c0 ff ff ff ff 48 83 e2 c0 48 d3 e0 48 89 e5
[ 499.147466] RIP [<ffffffff81372d90>] _find_next_bit.part.0+0x10/0x70
[ 499.178821] RSP <ffff880840a57a60>
[ 499.196144] ---[ end trace fc25249ef11fbba9 ]---
[ 499.221378] Kernel panic - not syncing: Fatal exception
[ 499.244979] Kernel Offset: disabled
[ 499.264961] ---[ end Kernel panic - not syncing: Fatal exception