| Message ID | 20230626001144.2635956-1-zhengyejian1@huawei.com |
|---|---|
| State | Accepted |
| Commit | f4e4ada586995b17f828c6d147d1800eb1471450 |
| Headers | show |
| Series | selftests/ftrace: Correctly enable event in instance-event.tc | expand |
On Mon, 26 Jun 2023 19:11:14 +0900 Masami Hiramatsu (Google) <mhiramat@kernel.org> wrote: > On Mon, 26 Jun 2023 08:11:44 +0800 > Zheng Yejian <zhengyejian1@huawei.com> wrote: > > > Function instance_set() expects to enable event 'sched_switch', so we > > should set 1 to its 'enable' file. > > > > Testcase passed after this patch: > > # ./ftracetest test.d/instances/instance-event.tc > > === Ftrace unit tests === > > [1] Test creation and deletion of trace instances while setting an event > > [PASS] > > > > # of passed: 1 > > # of failed: 0 > > # of unresolved: 0 > > # of untested: 0 > > # of unsupported: 0 > > # of xfailed: 0 > > # of undefined(test bug): 0 > > > > Good catch! > > Fixes: 91e6f1ce8657 ("ftracetest: Add instance created, delete, read and enable event test") > > It seems this tests internally broken but the result is same because this disabled > error checking ('set +e'). And Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> Thanks! > > > > Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com> > > --- > > .../testing/selftests/ftrace/test.d/instances/instance-event.tc | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc b/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc > > index 0eb47fbb3f44..42422e425107 100644 > > --- a/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc > > +++ b/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc > > @@ -39,7 +39,7 @@ instance_read() { > > > > instance_set() { > > while :; do > > - echo 1 > foo/events/sched/sched_switch > > + echo 1 > foo/events/sched/sched_switch/enable > > done 2> /dev/null > > } > > > > -- > > 2.25.1 > > > > > -- > Masami Hiramatsu (Google) <mhiramat@kernel.org>
On 2023/7/11 06:37, Steven Rostedt wrote: > > Shuah, can you take this? > Kindly ping and bug report :) Hi, Steve, Ajay, After this patch and run this testcase, I got an use-after-free report by KASAN. Short log see [1], full logs see attach "panic.log". And by simple bisect, I found it may be introduced by: 27152bceea1d ("eventfs: Move tracing/events to eventfs") Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27152bceea1df27ffebb12ac9cd9adbf2c4c3f35 [1] # ./ftracetest test.d/instances/instance-event.tc === Ftrace unit tests === [1] Test creation and deletion of trace instances while setting an event[ 89.472397] ================================================================== [ 89.475053] BUG: KASAN: slab-use-after-free in __ftrace_event_enable_disable+0x1b/0x3a0 [ 89.480039] Read of size 8 at addr ffff88814f5b2690 by task ftracetest/392 [ 89.483906] [ 89.484560] CPU: 10 PID: 392 Comm: ftracetest Tainted: G W 6.5.0+ #127 [ 89.487033] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 89.489751] Call Trace: [ 89.490315] <TASK> [ 89.490817] dump_stack_lvl+0x4b/0x80 [ 89.491570] print_report+0xd0/0x620 [ 89.492296] ? __virt_addr_valid+0xf9/0x180 [ 89.493134] ? __ftrace_event_enable_disable+0x1b/0x3a0 [ 89.494151] kasan_report+0xb6/0xf0 [ 89.494881] ? __ftrace_event_enable_disable+0x1b/0x3a0 [ 89.495878] __ftrace_event_enable_disable+0x1b/0x3a0 [ 89.496805] event_enable_write+0x109/0x170 [ 89.497631] ? __pfx_event_enable_write+0x10/0x10 [ 89.498618] ? __pfx_bpf_lsm_file_permission+0x10/0x10 [ 89.499659] ? security_file_permission+0x51/0x2d0 [ 89.500604] vfs_write+0x175/0x670 [ 89.501385] ? __pfx_vfs_write+0x10/0x10 [ 89.502246] ? __pfx__raw_spin_lock+0x10/0x10 [ 89.503187] ? expand_files+0x9b/0x330 [ 89.504011] ? __pfx_expand_files+0x10/0x10 [ 89.504898] ? set_close_on_exec+0x7b/0xe0 [ 89.505782] ? __fget_light+0xae/0x1e0 [ 89.506615] ? _raw_spin_lock+0x85/0xe0 [ 89.507989] ksys_write+0xbd/0x160 [ 89.509302] ? __pfx_ksys_write+0x10/0x10 [ 89.510493] ? dnotify_flush+0x38/0x220 [ 89.511654] ? fpregs_assert_state_consistent+0x5a/0x70 [ 89.513297] ? exit_to_user_mode_prepare+0x32/0x110 [ 89.514692] do_syscall_64+0x3f/0x90 [ 89.515516] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 > On Mon, 26 Jun 2023 19:12:55 +0900 > Masami Hiramatsu (Google) <mhiramat@kernel.org> wrote: > >> On Mon, 26 Jun 2023 19:11:14 +0900 >> Masami Hiramatsu (Google) <mhiramat@kernel.org> wrote: >> >>> On Mon, 26 Jun 2023 08:11:44 +0800 >>> Zheng Yejian <zhengyejian1@huawei.com> wrote: >>> >>>> Function instance_set() expects to enable event 'sched_switch', so we >>>> should set 1 to its 'enable' file. >>>> >>>> Testcase passed after this patch: >>>> # ./ftracetest test.d/instances/instance-event.tc >>>> === Ftrace unit tests === >>>> [1] Test creation and deletion of trace instances while setting an event >>>> [PASS] >>>> >>>> # of passed: 1 >>>> # of failed: 0 >>>> # of unresolved: 0 >>>> # of untested: 0 >>>> # of unsupported: 0 >>>> # of xfailed: 0 >>>> # of undefined(test bug): 0 >>>> >>> >>> Good catch! >>> >>> Fixes: 91e6f1ce8657 ("ftracetest: Add instance created, delete, read and enable event test") >>> >>> It seems this tests internally broken but the result is same because this disabled >>> error checking ('set +e'). >> >> And >> >> Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org> > > Acked-by: Steven Rostedt (Google) <rostedt@goodmis.org> > > Thanks for your ack :) -- Zheng Yejian > -- Steve > >> >> Thanks! >> >>> >>> >>>> Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com> >>>> --- >>>> .../testing/selftests/ftrace/test.d/instances/instance-event.tc | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>> >>>> diff --git a/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc b/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc >>>> index 0eb47fbb3f44..42422e425107 100644 >>>> --- a/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc >>>> +++ b/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc >>>> @@ -39,7 +39,7 @@ instance_read() { >>>> >>>> instance_set() { >>>> while :; do >>>> - echo 1 > foo/events/sched/sched_switch >>>> + echo 1 > foo/events/sched/sched_switch/enable >>>> done 2> /dev/null >>>> } >>>> >>>> -- >>>> 2.25.1 >>>> >>> >>> >>> -- >>> Masami Hiramatsu (Google) <mhiramat@kernel.org> >> >> > > # ./ftracetest test.d/instances/instance-event.tc === Ftrace unit tests === [1] Test creation and deletion of trace instances while setting an event[ 89.472397] ================================================================== [ 89.475053] BUG: KASAN: slab-use-after-free in __ftrace_event_enable_disable+0x1b/0x3a0 [ 89.480039] Read of size 8 at addr ffff88814f5b2690 by task ftracetest/392 [ 89.483906] [ 89.484560] CPU: 10 PID: 392 Comm: ftracetest Tainted: G W 6.5.0+ #127 [ 89.487033] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 89.489751] Call Trace: [ 89.490315] <TASK> [ 89.490817] dump_stack_lvl+0x4b/0x80 [ 89.491570] print_report+0xd0/0x620 [ 89.492296] ? __virt_addr_valid+0xf9/0x180 [ 89.493134] ? __ftrace_event_enable_disable+0x1b/0x3a0 [ 89.494151] kasan_report+0xb6/0xf0 [ 89.494881] ? __ftrace_event_enable_disable+0x1b/0x3a0 [ 89.495878] __ftrace_event_enable_disable+0x1b/0x3a0 [ 89.496805] event_enable_write+0x109/0x170 [ 89.497631] ? __pfx_event_enable_write+0x10/0x10 [ 89.498618] ? __pfx_bpf_lsm_file_permission+0x10/0x10 [ 89.499659] ? security_file_permission+0x51/0x2d0 [ 89.500604] vfs_write+0x175/0x670 [ 89.501385] ? __pfx_vfs_write+0x10/0x10 [ 89.502246] ? __pfx__raw_spin_lock+0x10/0x10 [ 89.503187] ? expand_files+0x9b/0x330 [ 89.504011] ? __pfx_expand_files+0x10/0x10 [ 89.504898] ? set_close_on_exec+0x7b/0xe0 [ 89.505782] ? __fget_light+0xae/0x1e0 [ 89.506615] ? _raw_spin_lock+0x85/0xe0 [ 89.507989] ksys_write+0xbd/0x160 [ 89.509302] ? __pfx_ksys_write+0x10/0x10 [ 89.510493] ? dnotify_flush+0x38/0x220 [ 89.511654] ? fpregs_assert_state_consistent+0x5a/0x70 [ 89.513297] ? exit_to_user_mode_prepare+0x32/0x110 [ 89.514692] do_syscall_64+0x3f/0x90 [ 89.515516] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 89.516574] RIP: 0033:0x7f2345c18077 [ 89.517399] Code: 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24 [ 89.520853] RSP: 002b:00007ffc322ec108 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 89.522367] RAX: ffffffffffffffda RBX: 0000563f82f3f560 RCX: 00007f2345c18077 [ 89.523717] RDX: 0000000000000002 RSI: 0000563f82f3f560 RDI: 0000000000000001 [ 89.525086] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000563f82f8d9d9 [ 89.526437] R10: 0000563f81225682 R11: 0000000000000246 R12: 0000000000000001 [ 89.527805] R13: 0000000000000002 R14: 7fffffffffffffff R15: 00007ffc322ec2d0 [ 89.529133] </TASK> [ 89.529650] [ 89.530135] Allocated by task 393: [ 89.530992] [ 89.531458] Freed by task 437: [ 89.532558] [ 89.533028] The buggy address belongs to the object at ffff88814f5b2680 [ 89.533028] which belongs to the cache trace_event_file of size 96 [ 89.536893] The buggy address is located 16 bytes inside of [ 89.536893] freed 96-byte region [ffff88814f5b2680, ffff88814f5b26e0) [ 89.540093] [ 89.540565] The buggy address belongs to the physical page: [ 89.541682] [ 89.542186] Memory state around the buggy address: [ 89.543171] ffff88814f5b2580: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 89.544561] ffff88814f5b2600: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 89.545991] >ffff88814f5b2680: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 89.547357] ^ [ 89.548180] ffff88814f5b2700: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 89.549603] ffff88814f5b2780: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 89.551022] ================================================================== [ 89.558057] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 89.559509] #PF: supervisor read access in kernel mode [ 89.560537] #PF: error_code(0x0000) - not-present page [ 89.561585] PGD 0 P4D 0 [ 89.562239] Oops: 0000 [#1] PREEMPT SMP KASAN PTI [ 89.563218] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B W 6.5.0+ #127 [ 89.564694] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 89.566739] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 89.567804] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 5b 5a 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 b1 1d 23 00 48 89 ef e8 59 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 00 65 8b 2d 00 86 5b 5a 41 [ 89.571057] RSP: 0018:ffffc900001879f8 EFLAGS: 00010082 [ 89.572112] RAX: 0000000000000000 RBX: 1ffff92000030f48 RCX: ffffffffa5a808f7 [ 89.573464] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 89.576277] RBP: 0000000000000008 R08: ffffffffa5a808f7 R09: fffffbfff50e2e1b [ 89.577668] R10: fffffbfff50e2e1a R11: ffffffffa87170d7 R12: 0000000000000000 [ 89.579093] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 89.580476] FS: 0000000000000000(0000) GS:ffff8880bb280000(0000) knlGS:0000000000000000 [ 89.582066] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.583190] CR2: 0000000000000008 CR3: 00000000102ee000 CR4: 00000000000006e0 [ 89.584521] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.585820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.587152] Call Trace: [ 89.587757] <TASK> [ 89.588321] ? __die_body+0x1f/0x70 [ 89.589105] ? page_fault_oops+0x1f5/0x580 [ 89.589976] ? __pfx_page_fault_oops+0x10/0x10 [ 89.590892] ? is_prefetch.isra.0+0x7a/0x260 [ 89.591798] ? __pfx_is_prefetch.isra.0+0x10/0x10 [ 89.592755] ? __rcu_read_unlock+0x50/0x260 [ 89.593617] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.594597] ? search_bpf_extables+0xb3/0xd0 [ 89.595480] ? fixup_exception+0x3b/0x4e0 [ 89.596315] ? exc_page_fault+0x59/0xb0 [ 89.597122] ? asm_exc_page_fault+0x26/0x30 [ 89.597991] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.598940] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.599888] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.600838] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.601798] ? __pfx_ring_buffer_lock_reserve+0x10/0x10 [ 89.602799] ? kasan_report+0x48/0xf0 [ 89.603574] ? ring_buffer_unlock_commit+0xfb/0x250 [ 89.604529] ? kasan_report+0x48/0xf0 [ 89.605293] trace_event_buffer_lock_reserve+0x145/0x210 [ 89.606358] trace_event_buffer_reserve+0xe2/0x150 [ 89.607312] trace_event_raw_event_sched_switch+0xb3/0x2d0 [ 89.608335] ? sched_clock_cpu+0x67/0x2e0 [ 89.609141] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 89.610276] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 89.611407] __traceiter_sched_switch+0x59/0x80 [ 89.612286] __schedule+0x72b/0x1580 [ 89.613026] ? __pfx___schedule+0x10/0x10 [ 89.613842] ? ct_nmi_exit+0xd8/0xf0 [ 89.614584] ? irqentry_exit+0x3b/0x50 [ 89.615351] ? rcu_preempt_deferred_qs+0x22/0x90 [ 89.616241] ? ct_kernel_exit.constprop.0+0xa0/0xc0 [ 89.617147] schedule_idle+0x33/0x50 [ 89.617919] do_idle+0x1f3/0x2f0 [ 89.618621] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 89.619603] ? __pfx_do_idle+0x10/0x10 [ 89.620397] ? swake_up_locked.part.0+0x79/0x90 [ 89.621300] cpu_startup_entry+0x1d/0x20 [ 89.622104] start_secondary+0x1a8/0x1d0 [ 89.622889] ? __pfx_start_secondary+0x10/0x10 [ 89.623754] secondary_startup_64_no_verify+0x178/0x17b [ 89.624725] </TASK> [ 89.625255] Modules linked in: [ 89.625972] CR2: 0000000000000008 [ 89.626684] ---[ end trace 0000000000000000 ]--- [ 89.626685] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 89.627201] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 89.628002] #PF: supervisor read access in kernel mode [ 89.628577] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 5b 5a 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 b1 1d 23 00 48 89 ef e8 59 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 00 65 8b 2d 00 86 5b 5a 41 [ 89.629117] #PF: error_code(0x0000) - not-present page [ 89.631094] RSP: 0018:ffffc900001879f8 EFLAGS: 00010082 [ 89.631652] PGD 0 [ 89.632032] RAX: 0000000000000000 RBX: 1ffff92000030f48 RCX: ffffffffa5a808f7 [ 89.632582] P4D 0 [ 89.632808] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 89.633554] [ 89.633789] RBP: 0000000000000008 R08: ffffffffa5a808f7 R09: fffffbfff50e2e1b [ 89.634533] Oops: 0000 [#2] PREEMPT SMP KASAN PTI [ 89.634707] R10: fffffbfff50e2e1a R11: ffffffffa87170d7 R12: 0000000000000000 [ 89.635450] CPU: 7 PID: 0 Comm: swapper/7 Tainted: G B D W 6.5.0+ #127 [ 89.635957] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 89.636709] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 89.637515] FS: 0000000000000000(0000) GS:ffff8880bb280000(0000) knlGS:0000000000000000 [ 89.638259] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 89.639466] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.640291] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 5b 5a 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 b1 1d 23 00 48 89 ef e8 59 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 00 65 8b 2d 00 86 5b 5a 41 [ 89.640855] CR2: 0000000000000008 CR3: 00000000102ee000 CR4: 00000000000006e0 [ 89.641450] RSP: 0018:ffffc900001e79f8 EFLAGS: 00010082 [ 89.643342] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.644070] [ 89.644620] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.645349] RAX: 0000000000000000 RBX: 1ffff9200003cf48 RCX: ffffffffa5a808f7 [ 89.645522] Kernel panic - not syncing: Attempted to kill the idle task! [ 89.646349] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 89.646352] RBP: 0000000000000008 R08: ffffffffa5a808f7 R09: fffffbfff50e2e1b [ 89.646355] R10: fffffbfff50e2e1a R11: ffffffffa87170d7 R12: 0000000000000000 [ 89.646357] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 89.646363] FS: 0000000000000000(0000) GS:ffff88823ba80000(0000) knlGS:0000000000000000 [ 89.646366] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.646368] CR2: 0000000000000008 CR3: 0000000144c12000 CR4: 00000000000006e0 [ 89.646371] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.646373] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.646375] Call Trace: [ 89.646376] <TASK> [ 89.646378] ? __die_body+0x1f/0x70 [ 89.646385] ? page_fault_oops+0x1f5/0x580 [ 89.646390] ? __pfx_page_fault_oops+0x10/0x10 [ 89.646394] ? is_prefetch.isra.0+0x7a/0x260 [ 89.646397] ? __pfx_is_prefetch.isra.0+0x10/0x10 [ 89.646401] ? __rcu_read_unlock+0x50/0x260 [ 89.646405] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.646409] ? search_bpf_extables+0xb3/0xd0 [ 89.646415] ? fixup_exception+0x3b/0x4e0 [ 89.646421] ? exc_page_fault+0x59/0xb0 [ 89.646427] ? asm_exc_page_fault+0x26/0x30 [ 89.646434] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.646437] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.646442] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.646446] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.646450] ? __pfx_ring_buffer_lock_reserve+0x10/0x10 [ 89.646454] ? kasan_report+0x48/0xf0 [ 89.646461] ? ring_buffer_unlock_commit+0xfb/0x250 [ 89.646465] ? kasan_report+0x48/0xf0 [ 89.646471] trace_event_buffer_lock_reserve+0x145/0x210 [ 89.646476] trace_event_buffer_reserve+0xe2/0x150 [ 89.646482] trace_event_raw_event_sched_switch+0xb3/0x2d0 [ 89.646488] ? ct_nmi_exit+0x82/0xf0 [ 89.646492] ? sched_clock_cpu+0x67/0x2e0 [ 89.646497] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 89.646504] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 89.646509] __traceiter_sched_switch+0x59/0x80 [ 89.646515] __schedule+0x72b/0x1580 [ 89.646520] ? _raw_spin_unlock_irqrestore+0x16/0x50 [ 89.646527] ? __pfx___schedule+0x10/0x10 [ 89.646531] ? ct_nmi_exit+0xd8/0xf0 [ 89.646535] ? irqentry_exit+0x3b/0x50 [ 89.646541] ? rcu_preempt_deferred_qs+0x22/0x90 [ 89.646545] ? ct_kernel_exit.constprop.0+0xa0/0xc0 [ 89.646550] schedule_idle+0x33/0x50 [ 89.646555] do_idle+0x1f3/0x2f0 [ 89.646559] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 89.646564] ? __pfx_do_idle+0x10/0x10 [ 89.646568] ? swake_up_locked.part.0+0x79/0x90 [ 89.646573] cpu_startup_entry+0x1d/0x20 [ 89.646577] start_secondary+0x1a8/0x1d0 [ 89.646582] ? __pfx_start_secondary+0x10/0x10 [ 89.646587] secondary_startup_64_no_verify+0x178/0x17b [ 89.646595] </TASK> [ 89.646596] Modules linked in: [ 89.646600] CR2: 0000000000000008 [ 89.647328] ---[ end trace 0000000000000000 ]--- [ 89.647329] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 89.647330] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 89.647332] #PF: supervisor read access in kernel mode [ 89.647335] #PF: error_code(0x0000) - not-present page [ 89.647335] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 5b 5a 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 b1 1d 23 00 48 89 ef e8 59 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 00 65 8b 2d 00 86 5b 5a 41 [ 89.647339] RSP: 0018:ffffc900001879f8 EFLAGS: 00010082 [ 89.647342] RAX: 0000000000000000 RBX: 1ffff92000030f48 RCX: ffffffffa5a808f7 [ 89.647345] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 89.647346] PGD 0 [ 89.647347] RBP: 0000000000000008 R08: ffffffffa5a808f7 R09: fffffbfff50e2e1b [ 89.647348] P4D 0 [ 89.647350] R10: fffffbfff50e2e1a R11: ffffffffa87170d7 R12: 0000000000000000 [ 89.647351] Oops: 0000 [#3] PREEMPT SMP KASAN PTI [ 89.647353] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 89.647355] CPU: 9 PID: 0 Comm: swapper/9 Tainted: G B D W 6.5.0+ #127 [ 89.647359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 89.647359] FS: 0000000000000000(0000) GS:ffff88823ba80000(0000) knlGS:0000000000000000 [ 89.647362] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.647361] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 89.647365] CR2: 0000000000000008 CR3: 0000000144c12000 CR4: 00000000000006e0 [ 89.647366] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 5b 5a 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 b1 1d 23 00 48 89 ef e8 59 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 00 65 8b 2d 00 86 5b 5a 41 [ 89.647368] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.647370] RSP: 0018:ffffc90000a0f9f8 EFLAGS: 00010082 [ 89.647370] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.647372] [ 89.647374] RAX: 0000000000000000 RBX: 1ffff92000141f48 RCX: ffffffffa5a808f7 [ 89.647376] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 89.647377] RBP: 0000000000000008 R08: ffffffffa5a808f7 R09: fffffbfff50e2e1b [ 89.647379] R10: fffffbfff50e2e1a R11: ffffffffa87170d7 R12: 0000000000000000 [ 89.647381] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 89.647386] FS: 0000000000000000(0000) GS:ffff88823bb80000(0000) knlGS:0000000000000000 [ 89.647389] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.647391] CR2: 0000000000000008 CR3: 0000000235a64000 CR4: 00000000000006e0 [ 89.647392] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.647394] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.647395] Call Trace: [ 89.647397] <TASK> [ 89.647399] ? __die_body+0x1f/0x70 [ 89.647403] ? page_fault_oops+0x1f5/0x580 [ 89.647407] ? __pfx_page_fault_oops+0x10/0x10 [ 89.647410] ? is_prefetch.isra.0+0x7a/0x260 [ 89.647413] ? __pfx_is_prefetch.isra.0+0x10/0x10 [ 89.647416] ? __rcu_read_unlock+0x50/0x260 [ 89.647419] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.647422] ? search_bpf_extables+0xb3/0xd0 [ 89.647426] ? fixup_exception+0x3b/0x4e0 [ 89.647431] ? exc_page_fault+0x59/0xb0 [ 89.647435] ? asm_exc_page_fault+0x26/0x30 [ 89.647440] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.647442] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.647446] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.647449] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.647452] ? ring_buffer_lock_reserve+0x25e/0x790 [ 89.647455] ? __pfx_ring_buffer_lock_reserve+0x10/0x10 [ 89.647458] ? kasan_report+0x48/0xf0 [ 89.647463] ? kasan_report+0x48/0xf0 [ 89.647468] trace_event_buffer_lock_reserve+0x145/0x210 [ 89.647473] trace_event_buffer_reserve+0xe2/0x150 [ 89.647477] trace_event_raw_event_sched_switch+0xb3/0x2d0 [ 89.647482] ? ct_nmi_exit+0x82/0xf0 [ 89.647484] ? sched_clock_cpu+0x67/0x2e0 [ 89.647488] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 89.647494] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 89.647498] __traceiter_sched_switch+0x59/0x80 [ 89.647502] __schedule+0x72b/0x1580 [ 89.647506] ? _raw_spin_unlock_irqrestore+0x16/0x50 [ 89.647511] ? __pfx___schedule+0x10/0x10 [ 89.647515] ? __pfx_hrtimer_start_range_ns+0x10/0x10 [ 89.647519] ? ct_nmi_exit+0xd8/0xf0 [ 89.647522] ? irqentry_exit+0x3b/0x50 [ 89.647527] ? account_idle_time+0x77/0x90 [ 89.647531] schedule_idle+0x33/0x50 [ 89.647535] do_idle+0x1f3/0x2f0 [ 89.647538] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 89.647542] ? __pfx_do_idle+0x10/0x10 [ 89.647545] ? swake_up_locked.part.0+0x79/0x90 [ 89.647549] cpu_startup_entry+0x1d/0x20 [ 89.647552] start_secondary+0x1a8/0x1d0 [ 89.647556] ? __pfx_start_secondary+0x10/0x10 [ 89.647560] secondary_startup_64_no_verify+0x178/0x17b [ 89.647566] </TASK> [ 89.647567] Modules linked in: [ 89.647569] CR2: 0000000000000008 [ 89.648173] ---[ end trace 0000000000000000 ]--- [ 89.648173] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 89.648174] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 89.648178] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 5b 5a 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 b1 1d 23 00 48 89 ef e8 59 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 00 65 8b 2d 00 86 5b 5a 41 [ 89.648178] #PF: supervisor read access in kernel mode [ 89.648181] #PF: error_code(0x0000) - not-present page [ 89.648181] RSP: 0018:ffffc900001879f8 EFLAGS: 00010082 [ 89.648184] PGD 0 [ 89.648185] RAX: 0000000000000000 RBX: 1ffff92000030f48 RCX: ffffffffa5a808f7 [ 89.648186] P4D 0 [ 89.648187] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 89.648189] RBP: 0000000000000008 R08: ffffffffa5a808f7 R09: fffffbfff50e2e1b [ 89.648189] Oops: 0000 [#4] PREEMPT SMP KASAN PTI [ 89.648191] R10: fffffbfff50e2e1a R11: ffffffffa87170d7 R12: 0000000000000000 [ 89.648194] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 89.648194] CPU: 5 PID: 0 Comm: swapper/5 Tainted: G B D W 6.5.0+ #127 [ 89.648198] FS: 0000000000000000(0000) GS:ffff88823bb80000(0000) knlGS:0000000000000000 [ 89.648199] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 89.648201] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.648203] CR2: 0000000000000008 CR3: 0000000235a64000 CR4: 00000000000006e0 [ 89.648201] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 89.648205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.648207] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.648208] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 5b 5a 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 b1 1d 23 00 48 89 ef e8 59 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 00 65 8b 2d 00 86 5b 5a 41 [ 89.648212] RSP: 0018:ffffc900001c79f8 EFLAGS: 00010082 [ 89.648216] RAX: 0000000000000000 RBX: 1ffff92000038f48 RCX: ffffffffa5a808f7 [ 89.648219] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 89.648221] RBP: 0000000000000008 R08: ffffffffa5a808f7 R09: fffff52000038f80 [ 89.648223] R10: fffff52000038f7f R11: 0000000000000003 R12: 0000000000000000 [ 89.648226] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 89.648231] FS: 0000000000000000(0000) GS:ffff8880bb480000(0000) knlGS:0000000000000000 [ 89.648234] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.648237] CR2: 0000000000000008 CR3: 0000000235a64000 CR4: 00000000000006e0 [ 89.648239] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.648241] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.648244] Call Trace: [ 89.648246] <TASK> [ 89.648248] ? __die_body+0x1f/0x70 [ 89.648253] ? page_fault_oops+0x1f5/0x580 [ 89.648258] ? __pfx_page_fault_oops+0x10/0x10 [ 89.648262] ? is_prefetch.isra.0+0x7a/0x260 [ 89.648266] ? __pfx_is_prefetch.isra.0+0x10/0x10 [ 89.648269] ? __rcu_read_unlock+0x50/0x260 [ 89.648273] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.648277] ? search_bpf_extables+0xb3/0xd0 [ 89.648283] ? fixup_exception+0x3b/0x4e0 [ 89.648289] ? exc_page_fault+0x59/0xb0 [ 89.648294] ? asm_exc_page_fault+0x26/0x30 [ 89.648300] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.648304] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.648308] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.648312] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.648316] ? __pfx_ring_buffer_lock_reserve+0x10/0x10 [ 89.648321] ? kasan_report+0x48/0xf0 [ 89.648327] ? ring_buffer_unlock_commit+0xfb/0x250 [ 89.648330] ? kasan_report+0x48/0xf0 [ 89.648336] trace_event_buffer_lock_reserve+0x145/0x210 [ 89.648342] trace_event_buffer_reserve+0xe2/0x150 [ 89.648347] trace_event_raw_event_sched_switch+0xb3/0x2d0 [ 89.648352] ? strncpy+0x33/0x60 [ 89.648358] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 89.648363] ? __pfx_trace_save_cmdline+0x10/0x10 [ 89.648371] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 89.648375] __traceiter_sched_switch+0x59/0x80 [ 89.648381] __schedule+0x72b/0x1580 [ 89.648386] ? _raw_spin_unlock_irqrestore+0x16/0x50 [ 89.648392] ? __pfx___schedule+0x10/0x10 [ 89.648397] ? ct_nmi_exit+0xd8/0xf0 [ 89.648401] ? irqentry_exit+0x3b/0x50 [ 89.648407] ? nr_iowait_cpu+0x46/0x60 [ 89.648412] ? tick_nohz_stop_idle+0x86/0xc0 [ 89.648417] schedule_idle+0x33/0x50 [ 89.648422] do_idle+0x1f3/0x2f0 [ 89.648426] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 89.648431] ? __pfx_do_idle+0x10/0x10 [ 89.648435] ? swake_up_locked.part.0+0x79/0x90 [ 89.648441] cpu_startup_entry+0x1d/0x20 [ 89.648445] start_secondary+0x1a8/0x1d0 [ 89.648450] ? __pfx_start_secondary+0x10/0x10 [ 89.648455] secondary_startup_64_no_verify+0x178/0x17b [ 89.648463] </TASK> [ 89.648464] Modules linked in: [ 89.648466] CR2: 0000000000000008 [ 89.649210] ---[ end trace 0000000000000000 ]--- [ 89.649211] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 89.649212] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 89.649215] #PF: supervisor read access in kernel mode [ 89.649217] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 5b 5a 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 b1 1d 23 00 48 89 ef e8 59 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 00 65 8b 2d 00 86 5b 5a 41 [ 89.649218] #PF: error_code(0x0000) - not-present page [ 89.649221] PGD 0 [ 89.649220] RSP: 0018:ffffc900001879f8 EFLAGS: 00010082 [ 89.649222] P4D 0 [ 89.649223] [ 89.649224] [ 89.649225] RAX: 0000000000000000 RBX: 1ffff92000030f48 RCX: ffffffffa5a808f7 [ 89.649226] Oops: 0000 [#5] PREEMPT SMP KASAN PTI [ 89.649228] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 89.649230] RBP: 0000000000000008 R08: ffffffffa5a808f7 R09: fffffbfff50e2e1b [ 89.649231] CPU: 11 PID: 169 Comm: systemd-journal Tainted: G B D W 6.5.0+ #127 [ 89.649232] R10: fffffbfff50e2e1a R11: ffffffffa87170d7 R12: 0000000000000000 [ 89.649235] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 89.649236] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 89.649241] FS: 0000000000000000(0000) GS:ffff8880bb480000(0000) knlGS:0000000000000000 [ 89.649239] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 89.649244] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.649245] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 5b 5a 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 b1 1d 23 00 48 89 ef e8 59 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 00 65 8b 2d 00 86 5b 5a 41 [ 89.649247] CR2: 0000000000000008 CR3: 0000000235a64000 CR4: 00000000000006e0 [ 89.649250] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.649249] RSP: 0018:ffffc90001d2f7e8 EFLAGS: 00010086 [ 89.649252] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.649253] [ 89.649254] RAX: 0000000000000000 RBX: 1ffff920003a5f06 RCX: ffffffffa5a808f7 [ 89.649258] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 89.649260] RBP: 0000000000000008 R08: ffffffffa5a808f7 R09: fffffbfff50e2e1b [ 89.649263] R10: fffffbfff50e2e1a R11: ffffffffa87170d7 R12: 0000000000000000 [ 89.649265] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 89.649272] FS: 00007f70b7c81980(0000) GS:ffff88823bc80000(0000) knlGS:0000000000000000 [ 89.649275] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.649278] CR2: 0000000000000008 CR3: 000000014bf78000 CR4: 00000000000006e0 [ 89.649280] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.649282] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.649285] Call Trace: [ 89.649286] <TASK> [ 89.649288] ? __die_body+0x1f/0x70 [ 89.649294] ? page_fault_oops+0x1f5/0x580 [ 89.649299] ? __pfx_page_fault_oops+0x10/0x10 [ 89.649302] ? is_prefetch.isra.0+0x7a/0x260 [ 89.649306] ? __pfx_is_prefetch.isra.0+0x10/0x10 [ 89.649310] ? __rcu_read_unlock+0x50/0x260 [ 89.649314] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.649318] ? search_bpf_extables+0xb3/0xd0 [ 89.649324] ? fixup_exception+0x3b/0x4e0 [ 89.649329] ? exc_page_fault+0x59/0xb0 [ 89.649335] ? asm_exc_page_fault+0x26/0x30 [ 89.649341] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.649345] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.649349] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.649353] ? ring_buffer_lock_reserve+0x97/0x790 [ 89.649357] ? __pfx_sched_clock_cpu+0x10/0x10 [ 89.649362] ? do_syscall_64+0x3f/0x90 [ 89.649366] ? record_times+0x8b/0xd0 [ 89.649370] ? __pfx_ring_buffer_lock_reserve+0x10/0x10 [ 89.649374] ? kasan_report+0x48/0xf0 [ 89.649379] ? __pfx_load_balance+0x10/0x10 [ 89.649385] ? kasan_report+0x48/0xf0 [ 89.649389] ? sched_clock+0x10/0x30 [ 89.649395] ? sched_clock_cpu+0x67/0x2e0 [ 89.649400] trace_event_buffer_lock_reserve+0x145/0x210 [ 89.649406] trace_event_buffer_reserve+0xe2/0x150 [ 89.649412] trace_event_raw_event_sched_switch+0xb3/0x2d0 [ 89.649418] ? sched_clock_cpu+0x67/0x2e0 [ 89.649422] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 89.649429] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 89.649434] __traceiter_sched_switch+0x59/0x80 [ 89.649440] __schedule+0x72b/0x1580 [ 89.649446] ? __pfx___schedule+0x10/0x10 [ 89.649452] ? stack_trace_save+0x95/0xd0 [ 89.649459] ? futex_wait_setup+0xbe/0x150 [ 89.649465] ? plist_add+0x14c/0x180 [ 89.649472] schedule+0x92/0x120 [ 89.649477] futex_wait_queue+0x87/0xc0 [ 89.649482] futex_wait+0x219/0x3a0 [ 89.649488] ? do_syscall_64+0x3f/0x90 [ 89.649492] ? __pfx_futex_wait+0x10/0x10 [ 89.649499] ? __virt_addr_valid+0xf9/0x180 [ 89.649507] ? trace_hardirqs_on+0x27/0xc0 [ 89.649513] do_futex+0x198/0x230 [ 89.649518] ? __pfx_do_futex+0x10/0x10 [ 89.649524] __x64_sys_futex+0x106/0x290 [ 89.649530] ? __pfx___x64_sys_futex+0x10/0x10 [ 89.649535] ? do_sys_open+0x8e/0xf0 [ 89.649542] do_syscall_64+0x3f/0x90 [ 89.649546] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 89.649552] RIP: 0033:0x7f70b8490cd7 [ 89.649555] Code: 52 fe ff ff 0f 1f 80 00 00 00 00 bb ca 00 00 00 eb 20 90 e8 7b 93 00 00 45 31 d2 44 89 e2 31 f6 41 89 c0 4c 89 ef 89 d8 0f 05 <44> 89 c7 e8 c1 93 00 00 45 8b 65 00 45 85 e4 75 d8 eb b6 66 0f 1f [ 89.649559] RSP: 002b:00007fffce6df9c0 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 89.649564] RAX: ffffffffffffffda RBX: 00000000000000ca RCX: 00007f70b8490cd7 [ 89.649566] RDX: 00000000000001bb RSI: 0000000000000000 RDI: 00007f70b7c809d0 [ 89.649568] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007fffce6dfba8 [ 89.649570] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000001bb [ 89.649572] R13: 00007f70b7c809d0 R14: 000055e4be93fc90 R15: 00007f70b7c80700 [ 89.649578] </TASK> [ 89.649579] Modules linked in: [ 89.649581] CR2: 0000000000000008 [ 89.650344] ---[ end trace 0000000000000000 ]--- [ 89.650346] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 89.650351] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 5b 5a 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 b1 1d 23 00 48 89 ef e8 59 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 00 65 8b 2d 00 86 5b 5a 41 [ 89.650354] RSP: 0018:ffffc900001879f8 EFLAGS: 00010082 [ 89.650357] RAX: 0000000000000000 RBX: 1ffff92000030f48 RCX: ffffffffa5a808f7 [ 89.650360] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 89.650361] RBP: 0000000000000008 R08: ffffffffa5a808f7 R09: fffffbfff50e2e1b [ 89.650364] R10: fffffbfff50e2e1a R11: ffffffffa87170d7 R12: 0000000000000000 [ 89.650366] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 89.650371] FS: 00007f70b7c81980(0000) GS:ffff88823bc80000(0000) knlGS:0000000000000000 [ 89.650374] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.650377] CR2: 0000000000000008 CR3: 000000014bf78000 CR4: 00000000000006e0 [ 89.650379] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 89.650381] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 89.650384] note: systemd-journal[169] exited with irqs disabled [ 90.684878] Shutting down cpus with NMI [ 91.022097] Kernel Offset: 0x24800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 91.023759] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]---
On Tue, 5 Sep 2023 20:54:40 +0800 Zheng Yejian <zhengyejian1@huawei.com> wrote: > Hi, Steve, Ajay, > > After this patch and run this testcase, I got an use-after-free report > by KASAN. Short log see [1], full logs see attach "panic.log". > > And by simple bisect, I found it may be introduced by: > > 27152bceea1d ("eventfs: Move tracing/events to eventfs") > > Link: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27152bceea1df27ffebb12ac9cd9adbf2c4c3f35 > > [1] > # ./ftracetest test.d/instances/instance-event.tc > === Ftrace unit tests === > [1] Test creation and deletion of trace instances while setting an > event[ 89.472397] > ================================================================== > [ 89.475053] BUG: KASAN: slab-use-after-free in > __ftrace_event_enable_disable+0x1b/0x3a0 > [ 89.480039] Read of size 8 at addr ffff88814f5b2690 by task > ftracetest/392 > [ 89.483906] > [ 89.484560] CPU: 10 PID: 392 Comm: ftracetest Tainted: G W > 6.5.0+ #127 > [ 89.487033] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), > BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 > [ 89.489751] Call Trace: > [ 89.490315] <TASK> > [ 89.490817] dump_stack_lvl+0x4b/0x80 > [ 89.491570] print_report+0xd0/0x620 > [ 89.492296] ? __virt_addr_valid+0xf9/0x180 > [ 89.493134] ? __ftrace_event_enable_disable+0x1b/0x3a0 > [ 89.494151] kasan_report+0xb6/0xf0 > [ 89.494881] ? __ftrace_event_enable_disable+0x1b/0x3a0 > [ 89.495878] __ftrace_event_enable_disable+0x1b/0x3a0 > [ 89.496805] event_enable_write+0x109/0x170 > [ 89.497631] ? __pfx_event_enable_write+0x10/0x10 > [ 89.498618] ? __pfx_bpf_lsm_file_permission+0x10/0x10 > [ 89.499659] ? security_file_permission+0x51/0x2d0 > [ 89.500604] vfs_write+0x175/0x670 > [ 89.501385] ? __pfx_vfs_write+0x10/0x10 > [ 89.502246] ? __pfx__raw_spin_lock+0x10/0x10 > [ 89.503187] ? expand_files+0x9b/0x330 > [ 89.504011] ? __pfx_expand_files+0x10/0x10 > [ 89.504898] ? set_close_on_exec+0x7b/0xe0 > [ 89.505782] ? __fget_light+0xae/0x1e0 > [ 89.506615] ? _raw_spin_lock+0x85/0xe0 > [ 89.507989] ksys_write+0xbd/0x160 > [ 89.509302] ? __pfx_ksys_write+0x10/0x10 > [ 89.510493] ? dnotify_flush+0x38/0x220 > [ 89.511654] ? fpregs_assert_state_consistent+0x5a/0x70 > [ 89.513297] ? exit_to_user_mode_prepare+0x32/0x110 > [ 89.514692] do_syscall_64+0x3f/0x90 > [ 89.515516] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 I wonder if this is related to: https://lore.kernel.org/all/202309050916.58201dc6-oliver.sang@intel.com/ Which I'm currently debugging. -- Steve
On Tue, 5 Sep 2023 12:25:00 -0400 Steven Rostedt <rostedt@goodmis.org> wrote: > I wonder if this is related to: > > https://lore.kernel.org/all/202309050916.58201dc6-oliver.sang@intel.com/ > > Which I'm currently debugging. I just noticed that the config supplied with that had LOCKDOWN enabled, which I never tested, so this is not the same bug. -- Steve
On Tue, 5 Sep 2023 20:54:40 +0800 Zheng Yejian <zhengyejian1@huawei.com> wrote: > Hi, Steve, Ajay, > > After this patch and run this testcase, I got an use-after-free report > by KASAN. Short log see [1], full logs see attach "panic.log". > > And by simple bisect, I found it may be introduced by: > > 27152bceea1d ("eventfs: Move tracing/events to eventfs") Can you send me your config? -- Steve
On Tue, 5 Sep 2023 14:45:52 -0400 Steven Rostedt <rostedt@goodmis.org> wrote: > On Tue, 5 Sep 2023 20:54:40 +0800 > Zheng Yejian <zhengyejian1@huawei.com> wrote: > > > Hi, Steve, Ajay, > > > > After this patch and run this testcase, I got an use-after-free report > > by KASAN. Short log see [1], full logs see attach "panic.log". > > > > And by simple bisect, I found it may be introduced by: > > > > 27152bceea1d ("eventfs: Move tracing/events to eventfs") > > Can you send me your config? > Never mind, I triggered it. I believe I see the bug. -- Steve
On Tue, 5 Sep 2023 20:54:40 +0800 Zheng Yejian <zhengyejian1@huawei.com> wrote: > Hi, Steve, Ajay, > > After this patch and run this testcase, I got an use-after-free report > by KASAN. Short log see [1], full logs see attach "panic.log". > > And by simple bisect, I found it may be introduced by: > > 27152bceea1d ("eventfs: Move tracing/events to eventfs") > > Link: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27152bceea1df27ffebb12ac9cd9adbf2c4c3f35 Hi Zheng, Can you test: https://lore.kernel.org/all/20230905183332.628d7cc0@gandalf.local.home/ and see if it fixes the KASAN issue for you? Thanks! -- Steve
On 9/5/23 06:54, Zheng Yejian wrote: > On 2023/7/11 06:37, Steven Rostedt wrote: >> >> Shuah, can you take this? >> > > Kindly ping and bug report :) > I am sorry for the delay. Looks this one got buried deep when I was away on vacation. Applied now for my next Linux 6.6 update. thanks, -- Shuah
On 2023/9/6 06:36, Steven Rostedt wrote: > On Tue, 5 Sep 2023 20:54:40 +0800 > Zheng Yejian <zhengyejian1@huawei.com> wrote: > >> Hi, Steve, Ajay, >> >> After this patch and run this testcase, I got an use-after-free report >> by KASAN. Short log see [1], full logs see attach "panic.log". >> >> And by simple bisect, I found it may be introduced by: >> >> 27152bceea1d ("eventfs: Move tracing/events to eventfs") >> >> Link: >> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27152bceea1df27ffebb12ac9cd9adbf2c4c3f35 > > Hi Zheng, > > Can you test: > > https://lore.kernel.org/all/20230905183332.628d7cc0@gandalf.local.home/ > > and see if it fixes the KASAN issue for you? Hi, Steve, your new patch seems not fixes the KASAN issue. I run the instance-event.tc with your patch again and get same KASAN report. My config is in: https://lore.kernel.org/all/da5495b5-cdb5-cb82-dd9b-37e7a87ed97d@huawei.com/ > > Thanks! > > -- Steve >
On 2023/9/6 06:43, Shuah Khan wrote: > On 9/5/23 06:54, Zheng Yejian wrote: >> On 2023/7/11 06:37, Steven Rostedt wrote: >>> >>> Shuah, can you take this? >>> >> >> Kindly ping and bug report :) >> > > I am sorry for the delay. Looks this one got buried deep > when I was away on vacation. > > Applied now for my next Linux 6.6 update. > Thanks! -- Zheng Yejian > thanks, > -- Shuah > >
On Wed, 6 Sep 2023 09:42:44 +0800 Zheng Yejian <zhengyejian1@huawei.com> wrote: > Hi, Steve, your new patch seems not fixes the KASAN issue. > > I run the instance-event.tc with your patch again and get same KASAN > report. > > My config is in: > > https://lore.kernel.org/all/da5495b5-cdb5-cb82-dd9b-37e7a87ed97d@huawei.com/ I'm not able to reproduce it. Can you send me the full dmesg. Thanks, -- Steve
On 2023/9/6 19:27, Steven Rostedt wrote: > On Wed, 6 Sep 2023 09:42:44 +0800 > Zheng Yejian <zhengyejian1@huawei.com> wrote: > >> Hi, Steve, your new patch seems not fixes the KASAN issue. >> >> I run the instance-event.tc with your patch again and get same KASAN >> report. >> >> My config is in: >> >> https://lore.kernel.org/all/da5495b5-cdb5-cb82-dd9b-37e7a87ed97d@huawei.com/ > > I'm not able to reproduce it. > > Can you send me the full dmesg. Hi, Steve, can you receive the attachments? dmesg log is too long, so I put them in attachment file: dmesg before the patch see attachment "dmesg_before_patch" https://lore.kernel.org/all/20230905183332.628d7cc0@gandalf.local.home/ and dmesg after above patch see attachment "dmesg_after_patch". BTW, I do reproduce with following testcase fix, then just run: ./ftracetest test.d/instances/instance-event.tc diff --git a/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc b/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc index 0eb47fbb3f44..42422e425107 100644 --- a/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc +++ b/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc @@ -39,7 +39,7 @@ instance_read() { instance_set() { while :; do - echo 1 > foo/events/sched/sched_switch + echo 1 > foo/events/sched/sched_switch/enable done 2> /dev/null } -- Thanks, Zheng Yejian > > Thanks, > > -- Steve > root@X8664:/tmp/hulkdt/ftrace# ./ftracetest test.d/instances/instance-event.tc === Ftrace unit tests === [1] Test creation and deletion of trace instances while setting an event[ 158.084125] ================================================================== [ 158.087206] BUG: KASAN: slab-use-after-free in __ftrace_event_enable_disable+0x1b/0x3a0 [ 158.089518] Read of size 8 at addr ffff8881462ed390 by task ftracetest/394 [ 158.091492] [ 158.092452] CPU: 4 PID: 394 Comm: ftracetest Tainted: G W 6.5.0+ #142 [ 158.094719] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 158.097195] Call Trace: [ 158.098022] <TASK> [ 158.098754] dump_stack_lvl+0x4b/0x80 [ 158.099517] print_report+0xd0/0x620 [ 158.100578] ? __virt_addr_valid+0xf9/0x180 [ 158.101869] ? __ftrace_event_enable_disable+0x1b/0x3a0 [ 158.103161] kasan_report+0xb6/0xf0 [ 158.104128] ? __ftrace_event_enable_disable+0x1b/0x3a0 [ 158.105137] __ftrace_event_enable_disable+0x1b/0x3a0 [ 158.106091] event_enable_write+0x109/0x170 [ 158.106908] ? __pfx_event_enable_write+0x10/0x10 [ 158.107805] ? __pfx_bpf_lsm_file_permission+0x10/0x10 [ 158.108830] ? security_file_permission+0x51/0x2d0 [ 158.109779] vfs_write+0x175/0x670 [ 158.110563] ? __pfx_vfs_write+0x10/0x10 [ 158.111420] ? __pfx__raw_spin_lock+0x10/0x10 [ 158.112363] ? expand_files+0x9b/0x330 [ 158.113198] ? __pfx_expand_files+0x10/0x10 [ 158.114084] ? set_close_on_exec+0x7b/0xe0 [ 158.114960] ? __fget_light+0xae/0x1e0 [ 158.115779] ? _raw_spin_lock+0x85/0xe0 [ 158.116626] ksys_write+0xbd/0x160 [ 158.117398] ? __pfx_ksys_write+0x10/0x10 [ 158.118267] ? dnotify_flush+0x38/0x220 [ 158.119594] ? fpregs_assert_state_consistent+0x5a/0x70 [ 158.121218] ? exit_to_user_mode_prepare+0x32/0x110 [ 158.122492] do_syscall_64+0x3f/0x90 [ 158.123712] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 158.124943] RIP: 0033:0x7f12b328c077 [ 158.126197] Code: 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 4 [ 158.130945] RSP: 002b:00007fff4833be68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 158.133536] RAX: ffffffffffffffda RBX: 000055e244f04540 RCX: 00007f12b328c077 [ 158.135934] RDX: 0000000000000002 RSI: 000055e244f04540 RDI: 0000000000000001 [ 158.138010] RBP: 0000000000000002 R08: 0000000000000000 R09: 000055e244f52ae1 [ 158.140079] R10: 000055e2437e2682 R11: 0000000000000246 R12: 0000000000000001 [ 158.141759] R13: 0000000000000002 R14: 7fffffffffffffff R15: 00007fff4833c030 [ 158.143725] </TASK> [ 158.144604] [ 158.145091] Allocated by task 395: [ 158.146419] [452/18554] [ 158.146987] Freed by task 436: [ 158.147782] [ 158.148525] The buggy address belongs to the object at ffff8881462ed380 [ 158.148525] which belongs to the cache trace_event_file of size 96 [ 158.151275] The buggy address is located 16 bytes inside of [ 158.151275] freed 96-byte region [ffff8881462ed380, ffff8881462ed3e0) [ 158.153443] [ 158.153922] The buggy address belongs to the physical page: [ 158.155053] [ 158.155520] Memory state around the buggy address: [ 158.156516] ffff8881462ed280: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 158.157927] ffff8881462ed300: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 158.159330] >ffff8881462ed380: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 158.160752] ^ [ 158.161583] ffff8881462ed400: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 158.162996] ffff8881462ed480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 158.164420] ================================================================== [ 158.173856] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 158.176166] #PF: supervisor read access in kernel mode [ 158.177589] #PF: error_code(0x0000) - not-present page [ 158.178697] PGD 0 P4D 0 [ 158.179373] Oops: 0000 [#1] PREEMPT SMP KASAN PTI [ 158.180449] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G B W 6.5.0+ #142 [ 158.182066] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 158.184390] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 158.185595] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 7b 62 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 41 1e 23 00 48 89 ef e8 e9 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 1 [ 158.189239] RSP: 0018:ffffc900001879f8 EFLAGS: 00010082 [ 158.190243] RAX: 0000000000000000 RBX: 1ffff92000030f48 RCX: ffffffff9d8808f7 [ 158.191566] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 158.192928] RBP: 0000000000000008 R08: ffffffff9d8808f7 R09: fffffbfff40a2d33 [ 158.194188] R10: fffffbfff40a2d32 R11: ffffffffa0516997 R12: 0000000000000000 [ 158.195519] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 158.196793] FS: 0000000000000000(0000) GS:ffff8880b7080000(0000) knlGS:0000000000000000 [ 158.198297] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.199330] CR2: 0000000000000008 CR3: 0000000117664000 CR4: 00000000000006e0 [ 158.200615] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 158.201929] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 158.203250] Call Trace: [ 158.203838] <TASK> [ 158.204401] ? __die_body+0x1f/0x70 [ 158.205161] ? page_fault_oops+0x1f5/0x580 [ 158.206028] ? __pfx_page_fault_oops+0x10/0x10 [ 158.206947] ? is_prefetch.isra.0+0x7a/0x260 [ 158.207821] ? __pfx_is_prefetch.isra.0+0x10/0x10 [ 158.208777] ? __rcu_read_unlock+0x50/0x260 [ 158.209655] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.210634] ? search_bpf_extables+0xb3/0xd0 [ 158.211469] ? fixup_exception+0x3b/0x4e0 [ 158.212312] ? arch_stack_walk+0x8c/0x100 [ 158.213165] ? exc_page_fault+0x59/0xb0 [ 158.213987] ? asm_exc_page_fault+0x26/0x30 [ 158.214849] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.215750] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.216700] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.217644] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.218615] ? ring_buffer_lock_reserve+0x25e/0x790 [ 158.219563] ? __pfx_ring_buffer_lock_reserve+0x10/0x10 [ 158.220594] ? kasan_report+0x48/0xf0 [ 158.221369] ? kasan_report+0x48/0xf0 [ 158.222122] trace_event_buffer_lock_reserve+0x145/0x210 [ 158.223172] trace_event_buffer_reserve+0xe2/0x150 [ 158.224141] trace_event_raw_event_sched_switch+0xb3/0x2d0 [ 158.225225] ? ct_nmi_exit+0x82/0xf0 [ 158.226006] ? sched_clock_cpu+0x67/0x2e0 [ 158.226845] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 158.227929] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 158.229101] __traceiter_sched_switch+0x59/0x80 [ 158.229964] __schedule+0x72b/0x1580 [ 158.230684] ? _raw_spin_unlock_irqrestore+0x16/0x50 [ 158.231676] ? __pfx___schedule+0x10/0x10 [ 158.232520] ? __pfx_hrtimer_start_range_ns+0x10/0x10 [ 158.233527] ? ct_nmi_exit+0xd8/0xf0 [ 158.234283] ? irqentry_exit+0x3b/0x50 [ 158.235078] ? account_idle_time+0x77/0x90 [ 158.235845] schedule_idle+0x33/0x50 [ 158.236574] do_idle+0x1f3/0x2f0 [ 158.237252] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 158.238258] ? __pfx_do_idle+0x10/0x10 [ 158.239021] ? swake_up_locked.part.0+0x79/0x90 [ 158.239951] cpu_startup_entry+0x1d/0x20 [ 158.240792] start_secondary+0x1a8/0x1d0 [ 158.241635] ? __pfx_start_secondary+0x10/0x10 [ 158.242565] secondary_startup_64_no_verify+0x178/0x17b [ 158.243565] </TASK> [ 158.244130] Modules linked in: [ 158.244819] CR2: 0000000000000008 [ 158.245580] ---[ end trace 0000000000000000 ]--- [ 158.245581] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 158.246120] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 158.246925] #PF: supervisor read access in kernel mode [ 158.247515] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 7b 62 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 41 1e 23 00 48 89 ef e8 e9 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 1 [ 158.248135] #PF: error_code(0x0000) - not-present page [ 158.250275] RSP: 0018:ffffc900001879f8 EFLAGS: 00010082 [ 158.250890] PGD 0 [ 158.251292] [ 158.251914] P4D 0 [ 158.252122] RAX: 0000000000000000 RBX: 1ffff92000030f48 RCX: ffffffff9d8808f7 [ 158.252322] [ 158.252575] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 158.253423] Oops: 0000 [#2] PREEMPT SMP KASAN PTI [ 158.253582] RBP: 0000000000000008 R08: ffffffff9d8808f7 R09: fffffbfff40a2d33 [ 158.254416] CPU: 4 PID: 394 Comm: ftracetest Tainted: G B D W 6.5.0+ #142 [ 158.254938] R10: fffffbfff40a2d32 R11: ffffffffa0516997 R12: 0000000000000000 [ 158.255783] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 158.256657] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 158.257511] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 158.258737] FS: 0000000000000000(0000) GS:ffff8880b7080000(0000) knlGS:0000000000000000 [ 158.259588] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 7b 62 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 41 1e 23 00 48 89 ef e8 e9 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 1 [ 158.260161] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.261085] RSP: 0018:ffffc900024bf7c8 EFLAGS: 00010082 [ 158.263138] CR2: 0000000000000008 CR3: 0000000117664000 CR4: 00000000000006e0 [ 158.263796] [ 158.264408] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 158.266198] RAX: 0000000000000000 RBX: 1ffff92000497f02 RCX: ffffffff9d8808f7 [ 158.266358] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 158.267177] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 158.267985] Kernel panic - not syncing: Attempted to kill the idle task! [ 158.268881] RBP: 0000000000000008 R08: ffffffff9d8808f7 R09: fffff52000497f3a [ 158.268885] R10: fffff52000497f39 R11: 0000000000000003 R12: 0000000000000000 [ 158.268888] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 158.268894] FS: 0000000000000000(0000) GS:ffff8880b7200000(0000) knlGS:0000000000000000 [ 158.268898] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.268900] CR2: 0000000000000008 CR3: 0000000117664000 CR4: 00000000000006e0 [ 158.268903] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 158.268905] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 158.268907] Call Trace: [ 158.268910] <TASK> [ 158.268912] ? __die_body+0x1f/0x70 [ 158.268921] ? page_fault_oops+0x1f5/0x580 [ 158.268928] ? __pfx_page_fault_oops+0x10/0x10 [ 158.268931] ? is_prefetch.isra.0+0x7a/0x260 [ 158.268935] ? __pfx_is_prefetch.isra.0+0x10/0x10 [ 158.268939] ? __rcu_read_unlock+0x50/0x260 [ 158.268945] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.268949] ? search_bpf_extables+0xb3/0xd0 [ 158.268957] ? fixup_exception+0x3b/0x4e0 [ 158.268963] ? exc_page_fault+0x59/0xb0 [ 158.268971] ? asm_exc_page_fault+0x26/0x30 [ 158.268978] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.268982] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.268986] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.268990] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.268995] ? __pfx_ring_buffer_lock_reserve+0x10/0x10 [ 158.268999] ? stack_trace_save+0x95/0xd0 [ 158.269008] ? kasan_report+0x48/0xf0 [ 158.269014] ? filter_irq_stacks+0x21/0x70 [ 158.269019] ? __stack_depot_save+0x38/0x480 [ 158.269027] ? task_work_run+0xfd/0x170 [ 158.269035] ? kasan_report+0x48/0xf0 [ 158.269040] ? __accumulate_pelt_segments+0x38/0xc0 [ 158.269050] trace_event_buffer_lock_reserve+0x145/0x210 [ 158.269136] trace_event_buffer_reserve+0xe2/0x150 [ 158.269143] trace_event_raw_event_sched_switch+0xb3/0x2d0 [ 158.269152] ? strncpy+0x33/0x60 [ 158.269159] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 158.269164] ? __pfx_trace_save_cmdline+0x10/0x10 [ 158.269171] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 158.269175] __traceiter_sched_switch+0x59/0x80 [ 158.269186] __schedule+0x72b/0x1580 [ 158.269194] ? __pfx___schedule+0x10/0x10 [ 158.269199] ? do_notify_parent+0x397/0x4c0 [ 158.269208] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 158.269213] ? __rcu_read_unlock+0x50/0x260 [ 158.269217] ? __rcu_read_lock+0x33/0x50 [ 158.269223] do_task_dead+0x5a/0x60 [ 158.269230] do_exit+0xd4b/0x1340 [ 158.269237] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 158.269242] ? __pfx_do_exit+0x10/0x10 [ 158.269248] ? _raw_spin_lock_irq+0x93/0xf0 [ 158.269253] do_group_exit+0x5c/0xf0 [ 158.269259] get_signal+0xdfa/0xe10 [ 158.269264] ? security_file_permission+0x51/0x2d0 [ 158.269270] ? vfs_write+0x3c1/0x670 [ 158.269274] ? __pfx_get_signal+0x10/0x10 [ 158.269278] ? __pfx_vfs_write+0x10/0x10 [ 158.269283] ? __pfx__raw_spin_lock+0x10/0x10 [ 158.269287] ? expand_files+0x9b/0x330 [ 158.269293] arch_do_signal_or_restart+0x7a/0x350 [ 158.269299] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 158.269303] ? __fget_light+0xae/0x1e0 [ 158.269308] ? _raw_spin_lock+0x85/0xe0 [ 158.269313] ? ksys_write+0xd2/0x160 [ 158.269318] ? __pfx_ksys_write+0x10/0x10 [ 158.269323] ? dnotify_flush+0x38/0x220 [ 158.269329] exit_to_user_mode_prepare+0xbe/0x110 [ 158.269335] syscall_exit_to_user_mode+0x2b/0x60 [ 158.269341] do_syscall_64+0x4c/0x90 [ 158.269346] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 158.269352] RIP: 0033:0x7f12b328c077 [ 158.269355] Code: Unable to access opcode bytes at 0x7f12b328c04d. [ 158.269357] RSP: 002b:00007fff4833be68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 158.269362] RAX: 0000000000000002 RBX: 000055e244f04540 RCX: 00007f12b328c077 [ 158.269364] RDX: 0000000000000002 RSI: 000055e244f04540 RDI: 0000000000000001 [ 158.269367] RBP: 0000000000000002 R08: 0000000000000000 R09: 000055e244f52ae1 [ 158.269369] R10: 000055e2437e2682 R11: 0000000000000246 R12: 0000000000000001 [ 158.269371] R13: 0000000000000002 R14: 7fffffffffffffff R15: 00007fff4833c030 [ 158.269376] </TASK> [ 158.269378] Modules linked in: [ 158.269382] CR2: 0000000000000008 [ 158.270186] ---[ end trace 0000000000000000 ]--- [ 158.270187] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 158.270189] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 158.270195] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 7b 62 48 8d 6f 08 be 04 00 1 [ 158.270195] #PF: supervisor read access in kernel mode [ 158.270200] #PF: error_code(0x0000) - not-present page [ 158.270201] RSP: 0018:ffffc900001879f8 EFLAGS: 00010082 [ 158.270205] PGD 0 [ 158.270206] [ 158.270208] P4D 0 [ 158.270210] RAX: 0000000000000000 RBX: 1ffff92000030f48 RCX: ffffffff9d8808f7 [ 158.270213] [ 158.270214] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 158.270216] Oops: 0000 [#3] PREEMPT SMP KASAN PTI [ 158.270218] RBP: 0000000000000008 R08: ffffffff9d8808f7 R09: fffffbfff40a2d33 [ 158.270224] R10: fffffbfff40a2d32 R11: ffffffffa0516997 R12: 0000000000000000 [ 158.270227] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 158.270225] CPU: 3 PID: 0 Comm: swapper/3 Tainted: G B D W 6.5.0+ #142 [ 158.270234] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd44 [ 158.270235] FS: 0000000000000000(0000) GS:ffff8880b7200000(0000) knlGS:0000000000000000 [ 158.270240] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.270237] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 158.270243] CR2: 0000000000000008 CR3: 0000000117664000 CR4: 00000000000006e0 [ 158.270246] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 158.270247] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 7b 62 48 8d 6f 08 be 04 00 1 [ 158.270250] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 158.270254] RSP: 0018:ffffc900001a79f8 EFLAGS: 00010082 [ 158.270256] note: ftracetest[394] exited with irqs disabled [ 158.270259] [ 158.270262] RAX: 0000000000000000 RBX: 1ffff92000034f48 RCX: ffffffff9d8808f7 [ 158.270266] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 158.270269] RBP: 0000000000000008 R08: ffffffff9d8808f7 R09: fffffbfff40a2d33 [ 158.270272] R10: fffffbfff40a2d32 R11: ffffffffa0516997 R12: 0000000000000000 [ 158.270274] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 158.270282] FS: 0000000000000000(0000) GS:ffff8880b7180000(0000) knlGS:0000000000000000 [ 158.270285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.270288] CR2: 0000000000000008 CR3: 00000001461a2000 CR4: 00000000000006e0 [ 158.270291] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 158.270293] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 158.270295] Call Trace: [ 158.270298] <TASK> [ 158.270300] ? __die_body+0x1f/0x70 [ 158.270308] ? page_fault_oops+0x1f5/0x580 [ 158.270314] ? __pfx_page_fault_oops+0x10/0x10 [ 158.270332] ? is_prefetch.isra.0+0x7a/0x260 [ 158.270336] ? __pfx_is_prefetch.isra.0+0x10/0x10 [ 158.270340] ? __rcu_read_unlock+0x50/0x260 [ 158.270345] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.270349] ? search_bpf_extables+0xb3/0xd0 [ 158.270356] ? fixup_exception+0x3b/0x4e0 [ 158.270362] ? exc_page_fault+0x59/0xb0 [ 158.270370] ? asm_exc_page_fault+0x26/0x30 [ 158.270378] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.270381] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.270386] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.270390] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.270394] ? __pfx_sched_clock_cpu+0x10/0x10 [ 158.270401] ? __pfx_ring_buffer_lock_reserve+0x10/0x10 [ 158.270406] ? kasan_report+0x48/0xf0 [ 158.270413] ? __pfx_load_balance+0x10/0x10 [ 158.270420] ? update_rq_clock+0x307/0x3f0 [ 158.270427] ? kasan_report+0x48/0xf0 [ 158.270432] ? sched_clock+0x10/0x30 [ 158.270439] ? sched_clock_cpu+0x67/0x2e0 [ 158.270444] trace_event_buffer_lock_reserve+0x145/0x210 [ 158.270450] trace_event_buffer_reserve+0xe2/0x150 [ 158.270457] trace_event_raw_event_sched_switch+0xb3/0x2d0 [ 158.270463] ? ct_nmi_exit+0x82/0xf0 [ 158.270469] ? sched_clock_cpu+0x67/0x2e0 [ 158.270474] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 158.270481] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 158.270485] __traceiter_sched_switch+0x59/0x80 [ 158.270492] __schedule+0x72b/0x1580 [ 158.270497] ? _raw_spin_unlock_irqrestore+0x16/0x50 [ 158.270504] ? __pfx___schedule+0x10/0x10 [ 158.270509] ? ct_nmi_exit+0xd8/0xf0 [ 158.270514] ? irqentry_exit+0x3b/0x50 [ 158.270520] ? rcu_preempt_deferred_qs+0x22/0x90 [ 158.270526] ? ct_kernel_exit.constprop.0+0xa0/0xc0 [ 158.270532] schedule_idle+0x33/0x50 [ 158.270537] do_idle+0x1f3/0x2f0 [ 158.270543] ? __pfx_do_idle+0x10/0x10 [ 158.270546] ? finish_task_switch+0x99/0x370 [ 158.270553] ? schedule_idle+0x3b/0x50 [ 158.270558] cpu_startup_entry+0x1d/0x20 [ 158.270562] start_secondary+0x1a8/0x1d0 [ 158.270568] ? __pfx_start_secondary+0x10/0x10 [ 158.270574] secondary_startup_64_no_verify+0x178/0x17b [ 158.270582] </TASK> [ 158.270584] Modules linked in: [ 158.270587] CR2: 0000000000000008 [ 158.271325] ---[ end trace 0000000000000000 ]--- [ 158.271326] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 158.271327] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 158.271331] #PF: supervisor read access in kernel mode [ 158.271333] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 7b 62 48 8d 6f 08 be 04 00 1 [ 158.271335] #PF: error_code(0x0000) - not-present page [ 158.271337] RSP: 0018:ffffc900001879f8 EFLAGS: 00010082 [ 158.271338] PGD 0 P4D 0 [ 158.271340] [ 158.271342] [ 158.271342] RAX: 0000000000000000 RBX: 1ffff92000030f48 RCX: ffffffff9d8808f7 [ 158.271344] Oops: 0000 [#4] PREEMPT SMP KASAN PTI [ 158.271345] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 158.271348] RBP: 0000000000000008 R08: ffffffff9d8808f7 R09: fffffbfff40a2d33 [ 158.271351] R10: fffffbfff40a2d32 R11: ffffffffa0516997 R12: 0000000000000000 [ 158.271350] CPU: 5 PID: 169 Comm: systemd-journal Tainted: G B D W 6.5.0+ #142 [ 158.271354] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 158.271356] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd44 [ 158.271360] FS: 0000000000000000(0000) GS:ffff8880b7180000(0000) knlGS:0000000000000000 [ 158.271359] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 158.271364] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.271367] CR2: 0000000000000008 CR3: 00000001461a2000 CR4: 00000000000006e0 [ 158.271367] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 7b 62 48 8d 6f 08 be 04 00 1 [ 158.271370] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 158.271372] RSP: 0018:ffffc90001d3f7e8 EFLAGS: 00010086 [ 158.271372] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 158.271375] [ 158.271377] RAX: 0000000000000000 RBX: 1ffff920003a7f06 RCX: ffffffff9d8808f7 [ 158.271380] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 158.271383] RBP: 0000000000000008 R08: ffffffff9d8808f7 R09: fffffbfff40a2d33 [ 158.271385] R10: fffffbfff40a2d32 R11: ffffffffa0516997 R12: 0000000000000000 [ 158.271388] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 158.271395] FS: 00007ff2899d0980(0000) GS:ffff8880b7280000(0000) knlGS:0000000000000000 [ 158.271398] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.271401] CR2: 0000000000000008 CR3: 000000014c41c000 CR4: 00000000000006e0 [ 158.271404] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 158.271406] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 158.271408] Call Trace: [ 158.271410] <TASK> [ 158.271412] ? __die_body+0x1f/0x70 [ 158.271419] ? page_fault_oops+0x1f5/0x580 [ 158.271424] ? __pfx_page_fault_oops+0x10/0x10 [ 158.271428] ? is_prefetch.isra.0+0x7a/0x260 [ 158.271432] ? __pfx_is_prefetch.isra.0+0x10/0x10 [ 158.271435] ? __rcu_read_unlock+0x50/0x260 [ 158.271440] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.271444] ? search_bpf_extables+0xb3/0xd0 [ 158.271450] ? fixup_exception+0x3b/0x4e0 [ 158.271456] ? exc_page_fault+0x59/0xb0 [ 158.271463] ? asm_exc_page_fault+0x26/0x30 [ 158.271469] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.271472] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.271477] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.271481] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.271484] ? do_sys_openat2+0x301/0x350 [ 158.271489] ? do_sys_open+0x8e/0xf0 [ 158.271494] ? do_syscall_64+0x3f/0x90 [ 158.271498] ? entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 158.271503] ? __pfx_lockref_put_or_lock+0x10/0x10 [ 158.271512] ? __pfx_ring_buffer_lock_reserve+0x10/0x10 [ 158.271516] ? try_grab_folio+0x2e0/0x4e0 [ 158.271521] ? kasan_report+0x48/0xf0 [ 158.271526] ? __rcu_read_unlock+0x50/0x260 [ 158.271530] ? trace_hardirqs_on+0x27/0xc0 [ 158.271536] ? internal_get_user_pages_fast+0x5b7/0x15a0 [ 158.271540] ? kasan_report+0x48/0xf0 [ 158.271545] ? __accumulate_pelt_segments+0x38/0xc0 [ 158.271553] trace_event_buffer_lock_reserve+0x145/0x210 [ 158.271559] trace_event_buffer_reserve+0xe2/0x150 [ 158.271565] trace_event_raw_event_sched_switch+0xb3/0x2d0 [ 158.271572] ? sched_clock_cpu+0x67/0x2e0 [ 158.271578] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 158.271586] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 158.271590] __traceiter_sched_switch+0x59/0x80 [ 158.271598] __schedule+0x72b/0x1580 [ 158.271604] ? __pfx___schedule+0x10/0x10 [ 158.271609] ? stack_trace_save+0x95/0xd0 [ 158.271618] ? futex_wait_setup+0xbe/0x150 [ 158.271626] ? plist_add+0x14c/0x180 [ 158.271634] schedule+0x92/0x120 [ 158.271639] futex_wait_queue+0x87/0xc0 [ 158.271645] futex_wait+0x219/0x3a0 [ 158.271651] ? do_syscall_64+0x3f/0x90 [ 158.271655] ? __pfx_futex_wait+0x10/0x10 [ 158.271662] ? __virt_addr_valid+0xf9/0x180 [ 158.271670] ? trace_hardirqs_on+0x27/0xc0 [ 158.271676] do_futex+0x198/0x230 [ 158.271681] ? __pfx_do_futex+0x10/0x10 [ 158.271687] __x64_sys_futex+0x106/0x290 [ 158.271693] ? __pfx___x64_sys_futex+0x10/0x10 [ 158.271697] ? do_sys_open+0x8e/0xf0 [ 158.271703] do_syscall_64+0x3f/0x90 [ 158.271707] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 158.271712] RIP: 0033:0x7ff28a1decd7 [ 158.272819] Code: 52 fe ff ff 0f 1f 80 00 00 00 00 bb ca 00 00 00 eb 20 90 e8 7b 93 00 00 f [ 158.272826] RSP: 002b:00007ffcc907a7d0 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 158.272832] RAX: ffffffffffffffda RBX: 00000000000000ca RCX: 00007ff28a1decd7 [ 158.272835] RDX: 00000000000001b8 RSI: 0000000000000000 RDI: 00007ff2899cf9d0 [ 158.272837] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffcc907a9b8 [ 158.272840] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000001b8 [ 158.272842] R13: 00007ff2899cf9d0 R14: 000055ed59198320 R15: 00007ff2899cf700 [ 158.272848] </TASK> [ 158.272849] Modules linked in: [ 158.272852] CR2: 0000000000000008 [ 158.273695] ---[ end trace 0000000000000000 ]--- [ 158.273696] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 158.273698] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 158.273701] #PF: supervisor read access in kernel mode [ 158.273705] #PF: error_code(0x0000) - not-present page [ 158.273705] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 7b 62 48 8d 6f 08 be 04 00 1 [ 158.273709] PGD 0 [ 158.273710] RSP: 0018:ffffc900001879f8 EFLAGS: 00010082 [ 158.273711] P4D 0 [ 158.273714] [ 158.273716] RAX: 0000000000000000 RBX: 1ffff92000030f48 RCX: ffffffff9d8808f7 [ 158.273716] Oops: 0000 [#5] PREEMPT SMP KASAN PTI [ 158.273719] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 158.273721] RBP: 0000000000000008 R08: ffffffff9d8808f7 R09: fffffbfff40a2d33 [ 158.273722] CPU: 8 PID: 0 Comm: swapper/8 Tainted: G B D W 6.5.0+ #142 [ 158.273724] R10: fffffbfff40a2d32 R11: ffffffffa0516997 R12: 0000000000000000 [ 158.273726] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 158.273727] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd44 [ 158.273733] FS: 00007ff2899d0980(0000) GS:ffff8880b7280000(0000) knlGS:0000000000000000 [ 158.273731] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 158.273737] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.273739] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 7b 62 48 8d 6f 08 be 04 00 1 [ 158.273741] CR2: 0000000000000008 CR3: 000000014c41c000 CR4: 00000000000006e0 [ 158.273744] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 158.273744] RSP: 0018:ffffc900001f79f8 EFLAGS: 00010082 [ 158.273747] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 158.273749] RAX: 0000000000000000 RBX: 1ffff9200003ef48 RCX: ffffffff9d8808f7 [ 158.273751] note: systemd-journal[169] exited with irqs disabled [ 158.273753] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 158.273756] RBP: 0000000000000008 R08: ffffffff9d8808f7 R09: fffff5200003ef80 [ 158.273758] R10: fffff5200003ef7f R11: 0000000000000003 R12: 0000000000000000 [ 158.273761] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 158.273767] FS: 0000000000000000(0000) GS:ffff88823bb00000(0000) knlGS:0000000000000000 [ 158.273771] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.273773] CR2: 0000000000000008 CR3: 0000000117664000 CR4: 00000000000006e0 [ 158.273776] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 158.273778] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 158.273780] Call Trace: [ 158.273782] <TASK> [ 158.273785] ? __die_body+0x1f/0x70 [ 158.273791] ? page_fault_oops+0x1f5/0x580 [ 158.273796] ? __pfx_page_fault_oops+0x10/0x10 [ 158.273800] ? is_prefetch.isra.0+0x7a/0x260 [ 158.273803] ? __pfx_is_prefetch.isra.0+0x10/0x10 [ 158.273807] ? __rcu_read_unlock+0x50/0x260 [ 158.273818] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.273822] ? search_bpf_extables+0xb3/0xd0 [ 158.273828] ? fixup_exception+0x3b/0x4e0 [ 158.273832] ? arch_stack_walk+0x8c/0x100 [ 158.273838] ? exc_page_fault+0x59/0xb0 [ 158.273844] ? asm_exc_page_fault+0x26/0x30 [ 158.273851] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.273854] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.273858] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.273862] ? ring_buffer_lock_reserve+0x97/0x790 [ 158.273866] ? cpu_startup_entry+0x1d/0x20 [ 158.273870] ? start_secondary+0x1a8/0x1d0 [ 158.273875] ? secondary_startup_64_no_verify+0x178/0x17b [ 158.273880] ? __pfx_ring_buffer_lock_reserve+0x10/0x10 [ 158.273884] ? kasan_report+0x48/0xf0 [ 158.273890] ? ring_buffer_unlock_commit+0xfb/0x250 [ 158.273895] ? kasan_report+0x48/0xf0 [ 158.273901] trace_event_buffer_lock_reserve+0x145/0x210 [ 158.273907] trace_event_buffer_reserve+0xe2/0x150 [ 158.273913] trace_event_raw_event_sched_switch+0xb3/0x2d0 [ 158.273919] ? strncpy+0x33/0x60 [ 158.273925] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 158.273930] ? __pfx_trace_save_cmdline+0x10/0x10 [ 158.273938] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 158.273943] __traceiter_sched_switch+0x59/0x80 [ 158.273950] __schedule+0x72b/0x1580 [ 158.273955] ? _raw_spin_unlock_irqrestore+0x16/0x50 [ 158.273961] ? __pfx___schedule+0x10/0x10 [ 158.273966] ? ct_nmi_exit+0xd8/0xf0 [ 158.273971] ? irqentry_exit+0x3b/0x50 [ 158.273978] ? nr_iowait_cpu+0x46/0x60 [ 158.273984] ? tick_nohz_stop_idle+0x86/0xc0 [ 158.273991] schedule_idle+0x33/0x50 [ 158.273996] do_idle+0x1f3/0x2f0 [ 158.273999] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 158.274005] ? __pfx_do_idle+0x10/0x10 [ 158.274009] ? swake_up_locked.part.0+0x79/0x90 [ 158.274015] cpu_startup_entry+0x1d/0x20 [ 158.274019] start_secondary+0x1a8/0x1d0 [ 158.274024] ? __pfx_start_secondary+0x10/0x10 [ 158.274029] secondary_startup_64_no_verify+0x178/0x17b [ 158.274037] </TASK> [ 158.274038] Modules linked in: [ 158.274041] CR2: 0000000000000008 [ 158.274913] ---[ end trace 0000000000000000 ]--- [ 158.274915] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 158.274919] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 7b 62 48 8d 6f 08 be 04 00 1 [ 158.274923] RSP: 0018:ffffc900001879f8 EFLAGS: 00010082 [ 158.274926] RAX: 0000000000000000 RBX: 1ffff92000030f48 RCX: ffffffff9d8808f7 [ 158.274928] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 158.274931] RBP: 0000000000000008 R08: ffffffff9d8808f7 R09: fffffbfff40a2d33 [ 158.274933] R10: fffffbfff40a2d32 R11: ffffffffa0516997 R12: 0000000000000000 [ 158.274935] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 158.274941] FS: 0000000000000000(0000) GS:ffff88823bb00000(0000) knlGS:0000000000000000 [ 158.274944] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 158.274946] CR2: 0000000000000008 CR3: 0000000117664000 CR4: 00000000000006e0 [ 158.274949] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 158.274951] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 159.308316] Shutting down cpus with NMI [ 159.676967] Kernel Offset: 0x1c600000 from 0xffffffff81000000 (relocation range: 0xfffffff) [ 159.678609] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]--- root@X8664:/tmp/hulkdt/ftrace# ./ftracetest test.d/instances/instance-event.tc === Ftrace unit tests === [1] Test creation and deletion of trace instances while setting an event[ 53.896538] ================================================================== [ 53.900580] BUG: KASAN: slab-use-after-free in __ftrace_event_enable_disable+0x1b/0x3a0 [ 53.903377] Read of size 8 at addr ffff8880107f4590 by task ftracetest/393 [ 53.906167] [ 53.907597] CPU: 5 PID: 393 Comm: ftracetest Tainted: G W 6.5.0+ #143 [ 53.911284] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 53.914338] Call Trace: [ 53.914934] <TASK> [ 53.915443] dump_stack_lvl+0x4b/0x80 [ 53.916293] print_report+0xd0/0x620 [ 53.917068] ? __virt_addr_valid+0xf9/0x180 [ 53.917979] ? __ftrace_event_enable_disable+0x1b/0x3a0 [ 53.919060] kasan_report+0xb6/0xf0 [ 53.919830] ? __ftrace_event_enable_disable+0x1b/0x3a0 [ 53.920977] __ftrace_event_enable_disable+0x1b/0x3a0 [ 53.922042] event_enable_write+0x109/0x170 [ 53.922924] ? __pfx_event_enable_write+0x10/0x10 [ 53.923923] ? __pfx_bpf_lsm_file_permission+0x10/0x10 [ 53.924992] ? security_file_permission+0x51/0x2d0 [ 53.926023] vfs_write+0x175/0x670 [ 53.926902] ? __pfx_vfs_write+0x10/0x10 [ 53.927778] ? __pfx__raw_spin_lock+0x10/0x10 [ 53.928821] ? expand_files+0x9b/0x330 [ 53.929653] ? __pfx_expand_files+0x10/0x10 [ 53.930591] ? set_close_on_exec+0x7b/0xe0 [ 53.931453] ? __fget_light+0xae/0x1e0 [ 53.932275] ? _raw_spin_lock+0x85/0xe0 [ 53.933100] ksys_write+0xbd/0x160 [ 53.933864] ? __pfx_ksys_write+0x10/0x10 [ 53.934715] ? dnotify_flush+0x38/0x220 [ 53.935530] ? fpregs_assert_state_consistent+0x5a/0x70 [ 53.936569] ? exit_to_user_mode_prepare+0x32/0x110 [ 53.937553] do_syscall_64+0x3f/0x90 [ 53.938354] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 53.939396] RIP: 0033:0x7fdf1faf7077 [ 53.940200] Code: 64 89 02 48 c7 c0 ff ff ff ff eb bb 0f 1f 80 00 00 00 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 4 [ 53.943488] RSP: 002b:00007ffee98d8cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 53.944957] RAX: ffffffffffffffda RBX: 000055e92c929540 RCX: 00007fdf1faf7077 [ 53.946272] RDX: 0000000000000002 RSI: 000055e92c929540 RDI: 0000000000000001 [ 53.947583] RBP: 0000000000000002 R08: 0000000000000000 R09: 000055e92c977ae1 [ 53.948920] R10: 000055e92ac8c682 R11: 0000000000000246 R12: 0000000000000001 [ 53.950252] R13: 0000000000000002 R14: 7fffffffffffffff R15: 00007ffee98d8e90 [ 53.951587] </TASK> [ 53.952159] [ 53.952612] Allocated by task 394: [ 53.953446] [ 53.953924] Freed by task 437: [ 53.954715] [ 53.955195] The buggy address belongs to the object at ffff8880107f4580 [ 53.955195] which belongs to the cache trace_event_file of size 96 [ 53.957541] The buggy address is located 16 bytes inside of [ 53.957541] freed 96-byte region [ffff8880107f4580, ffff8880107f45e0) [ 53.959763] [ 53.960245] The buggy address belongs to the physical page: [ 53.961402] [ 53.961873] Memory state around the buggy address: [ 53.962871] ffff8880107f4480: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 53.964472] ffff8880107f4500: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 53.965913] >ffff8880107f4580: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 53.967279] ^ [ 53.968089] ffff8880107f4600: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 53.969505] ffff8880107f4680: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 53.970905] ================================================================== [ 53.973686] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 53.975536] #PF: supervisor read access in kernel mode [ 53.976954] #PF: error_code(0x0000) - not-present page [ 53.978374] PGD 0 P4D 0 [ 53.979210] Oops: 0000 [#1] PREEMPT SMP KASAN PTI [ 53.980559] CPU: 10 PID: 0 Comm: swapper/10 Tainted: G B W 6.5.0+ #143 [ 53.982589] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 53.985083] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 53.985930] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 1b 5c 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 41 1e 23 00 48 89 ef e8 e9 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 1 [ 53.988522] RSP: 0018:ffffc90000a1f9f8 EFLAGS: 00010082 [ 53.989327] RAX: 0000000000000000 RBX: 1ffff92000143f48 RCX: ffffffffa3e808f7 [ 53.990348] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 53.991367] RBP: 0000000000000008 R08: ffffffffa3e808f7 R09: fffffbfff4d62d33 [ 53.992424] R10: fffffbfff4d62d32 R11: ffffffffa6b16997 R12: 0000000000000000 [ 53.993485] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 53.994555] FS: 0000000000000000(0000) GS:ffff88823bc00000(0000) knlGS:0000000000000000 [ 53.995754] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 53.996618] CR2: 0000000000000008 CR3: 0000000146440000 CR4: 00000000000006e0 [ 53.997671] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 53.998758] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 53.999795] Call Trace: [ 54.000257] <TASK> [ 54.000673] ? __die_body+0x1f/0x70 [ 54.001258] ? page_fault_oops+0x1f5/0x580 [ 54.001926] ? __pfx_page_fault_oops+0x10/0x10 [ 54.002609] ? is_prefetch.isra.0+0x7a/0x260 [ 54.003276] ? __pfx_is_prefetch.isra.0+0x10/0x10 [ 54.003993] ? __rcu_read_unlock+0x50/0x260 [ 54.004642] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.005322] ? search_bpf_extables+0xb3/0xd0 [ 54.005941] ? fixup_exception+0x3b/0x4e0 [ 54.006531] ? exc_page_fault+0x59/0xb0 [ 54.007113] ? asm_exc_page_fault+0x26/0x30 [ 54.007727] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.008419] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.009090] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.009740] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.010405] ? __pfx_ring_buffer_lock_reserve+0x10/0x10 [ 54.011102] ? kasan_report+0x48/0xf0 [ 54.011644] ? ring_buffer_unlock_commit+0xfb/0x250 [ 54.012344] ? kasan_report+0x48/0xf0 [ 54.012908] trace_event_buffer_lock_reserve+0x145/0x210 [ 54.013631] trace_event_buffer_reserve+0xe2/0x150 [ 54.014307] trace_event_raw_event_sched_switch+0xb3/0x2d0 [ 54.015068] ? sched_clock_cpu+0x67/0x2e0 [ 54.015664] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 54.016486] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 54.017298] __traceiter_sched_switch+0x59/0x80 [ 54.017952] __schedule+0x72b/0x1580 [ 54.018499] ? __pfx___schedule+0x10/0x10 [ 54.019091] ? ct_nmi_exit+0xd8/0xf0 [ 54.019623] ? irqentry_exit+0x3b/0x50 [ 54.020172] ? rcu_preempt_deferred_qs+0x22/0x90 [ 54.020841] ? ct_kernel_exit.constprop.0+0xa0/0xc0 [ 54.021517] schedule_idle+0x33/0x50 [ 54.022073] do_idle+0x1f3/0x2f0 [ 54.022585] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 54.023311] ? __pfx_do_idle+0x10/0x10 [ 54.023895] ? swake_up_locked.part.0+0x79/0x90 [ 54.024549] cpu_startup_entry+0x1d/0x20 [ 54.025147] start_secondary+0x1a8/0x1d0 [ 54.025735] ? __pfx_start_secondary+0x10/0x10 [ 54.026364] secondary_startup_64_no_verify+0x178/0x17b [ 54.027089] </TASK> [ 54.027481] Modules linked in: [ 54.027967] CR2: 0000000000000008 [ 54.028493] ---[ end trace 0000000000000000 ]--- [ 54.028494] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 54.028859] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 54.029560] #PF: supervisor read access in kernel mode [ 54.029987] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 1b 5c 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 41 1e 23 00 48 89 ef e8 e9 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 1 [ 54.030524] #PF: error_code(0x0000) - not-present page [ 54.031912] RSP: 0018:ffffc90000a1f9f8 EFLAGS: 00010082 [ 54.032458] PGD 0 [ 54.032722] [ 54.032724] RAX: 0000000000000000 RBX: 1ffff92000143f48 RCX: ffffffffa3e808f7 [ 54.033264] P4D 0 [ 54.033438] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 54.033611] [ 54.034164] RBP: 0000000000000008 R08: ffffffffa3e808f7 R09: fffffbfff4d62d33 [ 54.034390] Oops: 0000 [#2] PREEMPT SMP KASAN PTI [ 54.034947] R10: fffffbfff4d62d32 R11: ffffffffa6b16997 R12: 0000000000000000 [ 54.035120] CPU: 5 PID: 393 Comm: ftracetest Tainted: G B D W 6.5.0+ #143 [ 54.035669] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 54.036159] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 54.036726] FS: 0000000000000000(0000) GS:ffff88823bc00000(0000) knlGS:0000000000000000 [ 54.037524] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 54.038081] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.039249] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 1b 5c 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 41 1e 23 00 48 89 ef e8 e9 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 1 [ 54.039877] CR2: 0000000000000008 CR3: 0000000146440000 CR4: 00000000000006e0 [ 54.040446] RSP: 0018:ffffc900024cf7c8 EFLAGS: 00010082 [ 54.040899] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.042770] [ 54.043316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.043851] RAX: 0000000000000000 RBX: 1ffff92000499f02 RCX: ffffffffa3e808f7 [ 54.044409] Kernel panic - not syncing: Attempted to kill the idle task! [ 54.044599] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 54.044602] RBP: 0000000000000008 R08: ffffffffa3e808f7 R09: fffff52000499f3a [ 54.044605] R10: fffff52000499f39 R11: 0000000000000003 R12: 0000000000000000 [ 54.044608] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 54.044614] FS: 0000000000000000(0000) GS:ffff8880b7280000(0000) knlGS:0000000000000000 [ 54.044618] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.044620] CR2: 0000000000000008 CR3: 00000000bbc64000 CR4: 00000000000006e0 [ 54.044623] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.044625] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.044627] Call Trace: [ 54.044629] <TASK> [ 54.044631] ? __die_body+0x1f/0x70 [ 54.044645] ? page_fault_oops+0x1f5/0x580 [ 54.044650] ? __pfx_page_fault_oops+0x10/0x10 [ 54.044654] ? is_prefetch.isra.0+0x7a/0x260 [ 54.044657] ? __pfx_is_prefetch.isra.0+0x10/0x10 [ 54.044661] ? __rcu_read_unlock+0x50/0x260 [ 54.044666] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.044669] ? search_bpf_extables+0xb3/0xd0 [ 54.044676] ? fixup_exception+0x3b/0x4e0 [ 54.044682] ? exc_page_fault+0x59/0xb0 [ 54.044689] ? asm_exc_page_fault+0x26/0x30 [ 54.044696] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.044700] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.044704] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.044708] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.044712] ? __pfx_sched_clock_cpu+0x10/0x10 [ 54.044719] ? record_times+0x8b/0xd0 [ 54.044723] ? __pfx_ring_buffer_lock_reserve+0x10/0x10 [ 54.044728] ? kasan_report+0x48/0xf0 [ 54.044734] ? __pfx_load_balance+0x10/0x10 [ 54.044740] ? kasan_report+0x48/0xf0 [ 54.044745] ? sched_clock+0x10/0x30 [ 54.044751] ? sched_clock_cpu+0x67/0x2e0 [ 54.044756] trace_event_buffer_lock_reserve+0x145/0x210 [ 54.044762] trace_event_buffer_reserve+0xe2/0x150 [ 54.044768] trace_event_raw_event_sched_switch+0xb3/0x2d0 [ 54.044775] ? strncpy+0x33/0x60 [ 54.044782] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 54.044786] ? __pfx_trace_save_cmdline+0x10/0x10 [ 54.044793] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 54.044798] __traceiter_sched_switch+0x59/0x80 [ 54.044806] __schedule+0x72b/0x1580 [ 54.044813] ? __pfx___schedule+0x10/0x10 [ 54.044817] ? do_notify_parent+0x397/0x4c0 [ 54.044827] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 54.044832] ? __rcu_read_unlock+0x50/0x260 [ 54.044836] ? __rcu_read_lock+0x33/0x50 [ 54.044843] do_task_dead+0x5a/0x60 [ 54.044849] do_exit+0xd4b/0x1340 [ 54.044856] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 54.044861] ? __pfx_do_exit+0x10/0x10 [ 54.044866] ? _raw_spin_lock_irq+0x93/0xf0 [ 54.044872] do_group_exit+0x5c/0xf0 [ 54.044877] get_signal+0xdfa/0xe10 [ 54.044882] ? security_file_permission+0x51/0x2d0 [ 54.044892] ? vfs_write+0x3c1/0x670 [ 54.044898] ? __pfx_get_signal+0x10/0x10 [ 54.044902] ? __pfx_vfs_write+0x10/0x10 [ 54.044907] ? __pfx__raw_spin_lock+0x10/0x10 [ 54.044911] ? expand_files+0x9b/0x330 [ 54.044917] arch_do_signal_or_restart+0x7a/0x350 [ 54.044922] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 54.044926] ? __fget_light+0xae/0x1e0 [ 54.044931] ? _raw_spin_lock+0x85/0xe0 [ 54.044936] ? ksys_write+0xd2/0x160 [ 54.044941] ? __pfx_ksys_write+0x10/0x10 [ 54.044946] ? dnotify_flush+0x38/0x220 [ 54.044951] exit_to_user_mode_prepare+0xbe/0x110 [ 54.044957] syscall_exit_to_user_mode+0x2b/0x60 [ 54.044962] do_syscall_64+0x4c/0x90 [ 54.044967] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 54.044972] RIP: 0033:0x7fdf1faf7077 [ 54.044975] Code: Unable to access opcode bytes at 0x7fdf1faf704d. [ 54.044977] RSP: 002b:00007ffee98d8cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 54.044981] RAX: 0000000000000002 RBX: 000055e92c929540 RCX: 00007fdf1faf7077 [ 54.044984] RDX: 0000000000000002 RSI: 000055e92c929540 RDI: 0000000000000001 [ 54.044986] RBP: 0000000000000002 R08: 0000000000000000 R09: 000055e92c977ae1 [ 54.044988] R10: 000055e92ac8c682 R11: 0000000000000246 R12: 0000000000000001 [ 54.044990] R13: 0000000000000002 R14: 7fffffffffffffff R15: 00007ffee98d8e90 [ 54.044995] </TASK> [ 54.045079] Modules linked in: [ 54.045082] CR2: 0000000000000008 [ 54.045797] ---[ end trace 0000000000000000 ]--- [ 54.045798] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 54.045799] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 54.045803] #PF: supervisor read access in kernel mode [ 54.045804] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 1b 5c 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 41 1e 23 00 48 89 ef e8 e9 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 1 [ 54.045806] #PF: error_code(0x0000) - not-present page [ 54.045808] RSP: 0018:ffffc90000a1f9f8 EFLAGS: 00010082 [ 54.045809] PGD 0 [ 54.045810] [ 54.045811] P4D 0 [ 54.045812] RAX: 0000000000000000 RBX: 1ffff92000143f48 RCX: ffffffffa3e808f7 [ 54.045815] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 54.045814] Oops: 0000 [#3] PREEMPT SMP KASAN PTI [ 54.045817] RBP: 0000000000000008 R08: ffffffffa3e808f7 R09: fffffbfff4d62d33 [ 54.045820] R10: fffffbfff4d62d32 R11: ffffffffa6b16997 R12: 0000000000000000 [ 54.045820] CPU: 8 PID: 0 Comm: swapper/8 Tainted: G B D W 6.5.0+ #143 [ 54.045822] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 54.045825] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 54.045828] FS: 0000000000000000(0000) GS:ffff8880b7280000(0000) knlGS:0000000000000000 [ 54.045831] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.045828] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 54.045834] CR2: 0000000000000008 CR3: 00000000bbc64000 CR4: 00000000000006e0 [ 54.045835] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 1b 5c 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 41 1e 23 00 48 89 ef e8 e9 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 1 [ 54.045836] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.045838] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.045840] RSP: 0018:ffffc900001f79f8 EFLAGS: 00010082 [ 54.045842] note: ftracetest[393] exited with irqs disabled [ 54.045843] [ 54.045845] RAX: 0000000000000000 RBX: 1ffff9200003ef48 RCX: ffffffffa3e808f7 [ 54.045848] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 54.045850] RBP: 0000000000000008 R08: ffffffffa3e808f7 R09: fffffbfff4d62d33 [ 54.045852] R10: fffffbfff4d62d32 R11: ffffffffa6b16997 R12: 0000000000000000 [ 54.045855] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 54.045860] FS: 0000000000000000(0000) GS:ffff88823bb00000(0000) knlGS:0000000000000000 [ 54.045864] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.045866] CR2: 0000000000000008 CR3: 00000001436ae000 CR4: 00000000000006e0 [ 54.045869] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.045871] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.045873] Call Trace: [ 54.045875] <TASK> [ 54.045877] ? __die_body+0x1f/0x70 [ 54.045884] ? page_fault_oops+0x1f5/0x580 [ 54.045899] ? __pfx_page_fault_oops+0x10/0x10 [ 54.045902] ? is_prefetch.isra.0+0x7a/0x260 [ 54.045906] ? __pfx_is_prefetch.isra.0+0x10/0x10 [ 54.045910] ? __rcu_read_unlock+0x50/0x260 [ 54.045915] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.045918] ? search_bpf_extables+0xb3/0xd0 [ 54.045925] ? fixup_exception+0x3b/0x4e0 [ 54.045931] ? exc_page_fault+0x59/0xb0 [ 54.045937] ? asm_exc_page_fault+0x26/0x30 [ 54.045944] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.045947] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.045952] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.045956] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.045960] ? __pfx_ring_buffer_lock_reserve+0x10/0x10 [ 54.045965] ? kasan_report+0x48/0xf0 [ 54.045971] ? ring_buffer_unlock_commit+0xfb/0x250 [ 54.045975] ? kasan_report+0x48/0xf0 [ 54.045981] trace_event_buffer_lock_reserve+0x145/0x210 [ 54.045987] trace_event_buffer_reserve+0xe2/0x150 [ 54.045993] trace_event_raw_event_sched_switch+0xb3/0x2d0 [ 54.045999] ? ct_nmi_exit+0x82/0xf0 [ 54.046004] ? sched_clock_cpu+0x67/0x2e0 [ 54.046010] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 54.046017] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 54.046021] __traceiter_sched_switch+0x59/0x80 [ 54.046028] __schedule+0x72b/0x1580 [ 54.046033] ? _raw_spin_unlock_irqrestore+0x16/0x50 [ 54.046039] ? __pfx___schedule+0x10/0x10 [ 54.046043] ? ct_nmi_exit+0xd8/0xf0 [ 54.046049] ? irqentry_exit+0x3b/0x50 [ 54.046054] ? rcu_preempt_deferred_qs+0x22/0x90 [ 54.046059] ? ct_kernel_exit.constprop.0+0xa0/0xc0 [ 54.046065] schedule_idle+0x33/0x50 [ 54.046070] do_idle+0x1f3/0x2f0 [ 54.046075] ? __pfx_do_idle+0x10/0x10 [ 54.046078] ? finish_task_switch+0x99/0x370 [ 54.046084] ? schedule_idle+0x3b/0x50 [ 54.046089] cpu_startup_entry+0x1d/0x20 [ 54.046093] start_secondary+0x1a8/0x1d0 [ 54.046099] ? __pfx_start_secondary+0x10/0x10 [ 54.046104] secondary_startup_64_no_verify+0x178/0x17b [ 54.046113] </TASK> [ 54.046114] Modules linked in: [ 54.046117] CR2: 0000000000000008 [ 54.046855] ---[ end trace 0000000000000000 ]--- [ 54.046856] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 54.046858] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 54.046861] #PF: supervisor read access in kernel mode [ 54.046863] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 1b 5c 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 41 1e 23 00 48 89 ef e8 e9 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 1 [ 54.046865] #PF: error_code(0x0000) - not-present page [ 54.046868] RSP: 0018:ffffc90000a1f9f8 EFLAGS: 00010082 [ 54.046869] PGD 0 [ 54.046871] P4D 0 [ 54.046873] RAX: 0000000000000000 RBX: 1ffff92000143f48 RCX: ffffffffa3e808f7 [ 54.046874] [ 54.046877] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 54.046877] Oops: 0000 [#4] PREEMPT SMP KASAN PTI [ 54.046880] RBP: 0000000000000008 R08: ffffffffa3e808f7 R09: fffffbfff4d62d33 [ 54.046884] R10: fffffbfff4d62d32 R11: ffffffffa6b16997 R12: 0000000000000000 [ 54.046883] CPU: 3 PID: 0 Comm: swapper/3 Tainted: G B D W 6.5.0+ #143 [ 54.046887] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 54.046888] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 [ 54.046892] FS: 0000000000000000(0000) GS:ffff88823bb00000(0000) knlGS:0000000000000000 [ 54.046891] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 54.046897] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.046900] CR2: 0000000000000008 CR3: 00000001436ae000 CR4: 00000000000006e0 [ 54.046899] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 1b 5c 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 41 1e 23 00 48 89 ef e8 e9 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 1 [ 54.046904] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.046906] RSP: 0018:ffffc900001a79f8 EFLAGS: 00010082 [ 54.046907] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.046911] [ 54.046913] RAX: 0000000000000000 RBX: 1ffff92000034f48 RCX: ffffffffa3e808f7 [ 54.046916] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 54.046918] RBP: 0000000000000008 R08: ffffffffa3e808f7 R09: fffffbfff4d62d33 [ 54.046921] R10: fffffbfff4d62d32 R11: ffffffffa6b16997 R12: 0000000000000000 [ 54.046924] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 54.046930] FS: 0000000000000000(0000) GS:ffff8880b7180000(0000) knlGS:0000000000000000 [ 54.046934] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.046937] CR2: 0000000000000008 CR3: 00000000bbc64000 CR4: 00000000000006e0 [ 54.046940] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.046942] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.046944] Call Trace: [ 54.046946] <TASK> [ 54.046948] ? __die_body+0x1f/0x70 [ 54.046954] ? page_fault_oops+0x1f5/0x580 [ 54.046959] ? __pfx_page_fault_oops+0x10/0x10 [ 54.046962] ? is_prefetch.isra.0+0x7a/0x260 [ 54.046966] ? __pfx_is_prefetch.isra.0+0x10/0x10 [ 54.046970] ? __rcu_read_unlock+0x50/0x260 [ 54.046974] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.046978] ? search_bpf_extables+0xb3/0xd0 [ 54.046984] ? fixup_exception+0x3b/0x4e0 [ 54.046989] ? exc_page_fault+0x59/0xb0 [ 54.046995] ? asm_exc_page_fault+0x26/0x30 [ 54.047002] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.047005] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.047009] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.047013] ? ring_buffer_lock_reserve+0x97/0x790 [ 54.047017] ? start_secondary+0x1a8/0x1d0 [ 54.047022] ? __pfx_ring_buffer_lock_reserve+0x10/0x10 [ 54.047026] ? kasan_report+0x48/0xf0 [ 54.047032] ? ring_buffer_unlock_commit+0xfb/0x250 [ 54.047036] ? kasan_report+0x48/0xf0 [ 54.047042] trace_event_buffer_lock_reserve+0x145/0x210 [ 54.047048] trace_event_buffer_reserve+0xe2/0x150 [ 54.047054] trace_event_raw_event_sched_switch+0xb3/0x2d0 [ 54.047060] ? sched_clock_cpu+0x67/0x2e0 [ 54.047065] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 54.047072] ? __pfx_trace_event_raw_event_sched_switch+0x10/0x10 [ 54.047076] __traceiter_sched_switch+0x59/0x80 [ 54.047082] __schedule+0x72b/0x1580 [ 54.047087] ? _raw_spin_unlock_irqrestore+0x16/0x50 [ 54.047093] ? __pfx___schedule+0x10/0x10 [ 54.047098] ? ct_nmi_exit+0xd8/0xf0 [ 54.047103] ? irqentry_exit+0x3b/0x50 [ 54.047109] ? rcu_preempt_deferred_qs+0x22/0x90 [ 54.047113] ? ct_kernel_exit.constprop.0+0xa0/0xc0 [ 54.047120] schedule_idle+0x33/0x50 [ 54.047124] do_idle+0x1f3/0x2f0 [ 54.047128] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 54.047133] ? __pfx_do_idle+0x10/0x10 [ 54.047137] ? swake_up_locked.part.0+0x79/0x90 [ 54.047143] cpu_startup_entry+0x1d/0x20 [ 54.047148] start_secondary+0x1a8/0x1d0 [ 54.047152] ? __pfx_start_secondary+0x10/0x10 [ 54.047158] secondary_startup_64_no_verify+0x178/0x17b [ 54.047166] </TASK> [ 54.047167] Modules linked in: [ 54.047170] CR2: 0000000000000008 [ 54.047874] ---[ end trace 0000000000000000 ]--- [ 54.047876] RIP: 0010:ring_buffer_lock_reserve+0x97/0x790 [ 54.047880] Code: 48 89 84 24 e0 00 00 00 31 c0 65 ff 05 2a 86 1b 5c 48 8d 6f 08 be 04 00 00 00 48 89 ef e8 41 1e 23 00 48 89 ef e8 e9 09 23 00 <45> 8b 74 24 08 45 85 f6 0f 85 a0 02 00 1 [ 54.047884] RSP: 0018:ffffc90000a1f9f8 EFLAGS: 00010082 [ 54.047887] RAX: 0000000000000000 RBX: 1ffff92000143f48 RCX: ffffffffa3e808f7 [ 54.047890] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000008 [ 54.047892] RBP: 0000000000000008 R08: ffffffffa3e808f7 R09: fffffbfff4d62d33 [ 54.047894] R10: fffffbfff4d62d32 R11: ffffffffa6b16997 R12: 0000000000000000 [ 54.047896] R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000 [ 54.047901] FS: 0000000000000000(0000) GS:ffff8880b7180000(0000) knlGS:0000000000000000 [ 54.047904] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.047907] CR2: 0000000000000008 CR3: 00000000bbc64000 CR4: 00000000000006e0 [ 54.047909] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.047911] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.094835] Shutting down cpus with NMI [ 55.395334] Kernel Offset: 0x22c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 55.397167] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]---
On Wed, 6 Sep 2023 19:57:24 +0800 Zheng Yejian <zhengyejian1@huawei.com> wrote: > BTW, I do reproduce with following testcase fix, then just run: > ./ftracetest test.d/instances/instance-event.tc > diff --git > a/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc > b/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc > index 0eb47fbb3f44..42422e425107 100644 > --- a/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc > +++ b/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc > @@ -39,7 +39,7 @@ instance_read() { > > instance_set() { > while :; do > - echo 1 > foo/events/sched/sched_switch > + echo 1 > foo/events/sched/sched_switch/enable > done 2> /dev/null > } Ah thanks. I didn't have that on my test box :-p Although I'm still having issues reproducing it. Do you have anything special on your kernel command line? -- Steve
On Wed, 6 Sep 2023 08:56:21 -0400 Steven Rostedt <rostedt@goodmis.org> wrote: > On Wed, 6 Sep 2023 19:57:24 +0800 > Zheng Yejian <zhengyejian1@huawei.com> wrote: > > > BTW, I do reproduce with following testcase fix, then just run: > > ./ftracetest test.d/instances/instance-event.tc > > diff --git > > a/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc > > b/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc > > index 0eb47fbb3f44..42422e425107 100644 > > --- a/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc > > +++ b/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc > > @@ -39,7 +39,7 @@ instance_read() { > > > > instance_set() { > > while :; do > > - echo 1 > foo/events/sched/sched_switch > > + echo 1 > foo/events/sched/sched_switch/enable > > done 2> /dev/null > > } > > Ah thanks. I didn't have that on my test box :-p > > Although I'm still having issues reproducing it. Do you have anything > special on your kernel command line? > Also, which branch are you testing? What's the sha of the code you are testing? -- Steve
On 2023/9/6 21:02, Steven Rostedt wrote: > On Wed, 6 Sep 2023 08:56:21 -0400 > Steven Rostedt <rostedt@goodmis.org> wrote: > >> On Wed, 6 Sep 2023 19:57:24 +0800 >> Zheng Yejian <zhengyejian1@huawei.com> wrote: >> >>> BTW, I do reproduce with following testcase fix, then just run: >>> ./ftracetest test.d/instances/instance-event.tc >>> diff --git >>> a/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc >>> b/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc >>> index 0eb47fbb3f44..42422e425107 100644 >>> --- a/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc >>> +++ b/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc >>> @@ -39,7 +39,7 @@ instance_read() { >>> >>> instance_set() { >>> while :; do >>> - echo 1 > foo/events/sched/sched_switch >>> + echo 1 > foo/events/sched/sched_switch/enable >>> done 2> /dev/null >>> } >> >> Ah thanks. I didn't have that on my test box :-p >> >> Although I'm still having issues reproducing it. Do you have anything >> special on your kernel command line? >> I can reproduce it on qemu, boot command seems nothing special (replace ${kernel} with bzImage path and replace ${rootfs} with a ubuntu image): qemu-system-x86_64 -M pc -m 8G -enable-kvm -smp cpus=12 -kernel ${kernel} -drive file=${rootfs},if=virtio,format=raw,id=hd0 -fsdev local,security_model=passthrough,id=fsdev0,path=/home/test -nographic -append "rootwait root=/dev/vda rw console=ttyS0 rodata=off" > > Also, which branch are you testing? What's the sha of the code you are testing? > I think it can be reproduced after any commit after commit 27152bceea1d ("eventfs: Move tracing/events to eventfs") also can be reproduced with the newest: 65d6e954e378 ("Merge tag 'gfs2-v6.5-rc5-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2") And revert commit 27152bceea1d ("eventfs: Move tracing/events to eventfs"), the issue just seems gone. -- Thanks, Zheng Yejian > -- Steve >
On Wed, 6 Sep 2023 21:31:32 +0800 Zheng Yejian <zhengyejian1@huawei.com> wrote: > > Also, which branch are you testing? What's the sha of the code you are testing? > > > > I think it can be reproduced after any commit after commit > 27152bceea1d ("eventfs: Move tracing/events to eventfs") > > also can be reproduced with the newest: > 65d6e954e378 ("Merge tag 'gfs2-v6.5-rc5-fixes' of > git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2") > > And revert commit 27152bceea1d ("eventfs: Move tracing/events to > eventfs"), the issue just seems gone. The reason I'm asking is that there could be something added that fixes it. I'm testing Linus's tree at: cbb557ba92f08b945e2cb20b7ab37ef49ab53cdd Can you add the patch to that and see if you can still reproduce it? -- Steve
On Wed, 6 Sep 2023 09:43:06 -0400 Steven Rostedt <rostedt@goodmis.org> wrote: > > also can be reproduced with the newest: > > 65d6e954e378 ("Merge tag 'gfs2-v6.5-rc5-fixes' of > > git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2") > > > > And revert commit 27152bceea1d ("eventfs: Move tracing/events to > > eventfs"), the issue just seems gone. > > The reason I'm asking is that there could be something added that fixes it. > I'm testing Linus's tree at: cbb557ba92f08b945e2cb20b7ab37ef49ab53cdd Never mind, I just noticed that your above sha includes this one. Not sure why I can't reproduce this. I'm using qemu as well. -- Steve
On 2023/9/6 21:45, Steven Rostedt wrote: > On Wed, 6 Sep 2023 09:43:06 -0400 > Steven Rostedt <rostedt@goodmis.org> wrote: > >>> also can be reproduced with the newest: >>> 65d6e954e378 ("Merge tag 'gfs2-v6.5-rc5-fixes' of >>> git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2") >>> >>> And revert commit 27152bceea1d ("eventfs: Move tracing/events to >>> eventfs"), the issue just seems gone. >> >> The reason I'm asking is that there could be something added that fixes it. >> I'm testing Linus's tree at: cbb557ba92f08b945e2cb20b7ab37ef49ab53cdd > > Never mind, I just noticed that your above sha includes this one. > > Not sure why I can't reproduce this. I'm using qemu as well. > Will the qemu version have an impact? Mine is: $ qemu-system-x86_64 --version QEMU emulator version 4.2.1 (Debian 1:4.2-3ubuntu6.27) Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers -- Thanks, Zheng Yejian > -- Steve >
On Wed, 6 Sep 2023 22:01:35 +0800 Zheng Yejian <zhengyejian1@huawei.com> wrote: > Will the qemu version have an impact? Mine is: It shouldn't, but... > > $ qemu-system-x86_64 --version > QEMU emulator version 4.2.1 (Debian 1:4.2-3ubuntu6.27) > Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers I'm using: $ qemu-system-x86_64 --version QEMU emulator version 8.0.3 (Debian 1:8.0.3+dfsg-5) Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers Maybe it's just that yours causes the race window to be bigger. -- Steve
On Wed, 6 Sep 2023 19:56:52 +0530 Naresh Kamboju <naresh.kamboju@linaro.org> wrote: > [my two cents] > > I do see similar kernel panic while running ftrace testing on today's > Linux next-20230906 tag. This crash is from qemu-arm64. > > Here I am providing steps to reproduced link and scripts by using tuxrun tool. > - https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2V0OqxEZUXIPNqWhQnnsuFOGYxR/reproducer > [..] > Log details, > ------------- > # ok 45 ftrace - test tracing error log support > <47>[ 1373.662292] systemd-journald[90]: Sent WATCHDOG=1 notification. > # ok 46 Test creation and deletion of trace instances while setting an event It's definitely a race with the creation and deletion of instances. I'm going to run it on my laptop VM and see if that reproduces it. My other VM is on a pretty powerful machine, and perhaps that's keeping it from hitting the race. -- Steve > <1>[ 1382.873224] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030 > <1>[ 1382.873223] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030 > <1>[ 1382.873426] Mem abort info:
On Wed, 6 Sep 2023 10:37:18 -0400 Steven Rostedt <rostedt@goodmis.org> wrote: > > Log details, > > ------------- > > # ok 45 ftrace - test tracing error log support > > <47>[ 1373.662292] systemd-journald[90]: Sent WATCHDOG=1 notification. > > # ok 46 Test creation and deletion of trace instances while setting an event > > It's definitely a race with the creation and deletion of instances. > > I'm going to run it on my laptop VM and see if that reproduces it. My other > VM is on a pretty powerful machine, and perhaps that's keeping it from > hitting the race. Putting in a while loop of: # while :; do ./ftracetest test.d/instances/instance-event.tc ; done eventually triggered the bug. Looks like this is really an existing bug not related to the eventfs, but the eventfs code actually opened up the window of this race. Hopefully I'll have a fix shortly. -- Steve
On 2023/9/7 05:37, Steven Rostedt wrote: > On Wed, 6 Sep 2023 10:37:18 -0400 > Steven Rostedt <rostedt@goodmis.org> wrote: > >>> Log details, >>> ------------- >>> # ok 45 ftrace - test tracing error log support >>> <47>[ 1373.662292] systemd-journald[90]: Sent WATCHDOG=1 notification. >>> # ok 46 Test creation and deletion of trace instances while setting an event >> >> It's definitely a race with the creation and deletion of instances. >> >> I'm going to run it on my laptop VM and see if that reproduces it. My other >> VM is on a pretty powerful machine, and perhaps that's keeping it from >> hitting the race. > > Putting in a while loop of: > > # while :; do ./ftracetest test.d/instances/instance-event.tc ; done > In test.d/instances/instance-event.tc, concurrently create/delete/access intances just about 1 second and then killed them, it may cause missing the race. No longer sleep and kill, following testcase can also reproduce: ``` #!/bin/bash cd /sys/kernel/tracing/instances instance_slam() { while :; do mkdir foo 2> /dev/null rmdir foo 2> /dev/null done } instance_set() { while :; do echo 1 > foo/events/sched/sched_switch/enable done 2> /dev/null } instance_slam & p1=$! echo $p1 instance_set & p2=$! echo $p2 ``` -- Thanks, Zheng Yejian > eventually triggered the bug. Looks like this is really an existing bug not > related to the eventfs, but the eventfs code actually opened up the window > of this race. > > Hopefully I'll have a fix shortly. > > -- Steve >
On Thu, 7 Sep 2023 09:39:56 +0800 Zheng Yejian <zhengyejian1@huawei.com> wrote: > Hi, Steve > > Only apply this new patch, the kasan issue seems gone. I believe the other patch is required too, as the KASAN I hit pointed directly at that. -- Steve
diff --git a/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc b/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc index 0eb47fbb3f44..42422e425107 100644 --- a/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc +++ b/tools/testing/selftests/ftrace/test.d/instances/instance-event.tc @@ -39,7 +39,7 @@ instance_read() { instance_set() { while :; do - echo 1 > foo/events/sched/sched_switch + echo 1 > foo/events/sched/sched_switch/enable done 2> /dev/null }
Function instance_set() expects to enable event 'sched_switch', so we should set 1 to its 'enable' file. Testcase passed after this patch: # ./ftracetest test.d/instances/instance-event.tc === Ftrace unit tests === [1] Test creation and deletion of trace instances while setting an event [PASS] # of passed: 1 # of failed: 0 # of unresolved: 0 # of untested: 0 # of unsupported: 0 # of xfailed: 0 # of undefined(test bug): 0 Signed-off-by: Zheng Yejian <zhengyejian1@huawei.com> --- .../testing/selftests/ftrace/test.d/instances/instance-event.tc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)