Re: [lkp-robot] [blk] 47e0fb461f: BUG:unable_to_handle_kernel
From: NeilBrown
Date: Sat Sep 30 2017 - 03:35:58 EST
On Thu, Sep 21 2017, kernel test robot wrote:
> FYI, we noticed the following commit:
>
> commit: 47e0fb461fca1a68a566c82fcc006cc787312d8c ("blk: make the bioset rescue_workqueue optional.")
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
>
> in testcase: trinity
> with following parameters:
>
> runtime: 300s
>
> test-description: Trinity is a linux system call fuzz tester.
> test-url: http://codemonkey.org.uk/projects/trinity/
>
>
> on test machine: qemu-system-x86_64 -enable-kvm -cpu IvyBridge -m 420M
>
> caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
Interesting.
I cannot see how that bug could be caused by that patch.
I think it is crashing in
static inline bool ata_is_host_link(const struct ata_link *link)
{
return link == &link->ap->link || link == link->ap->slave_link;
}
from
static inline int ata_link_max_devices(const struct ata_link *link)
{
if (ata_is_host_link(link) && link->ap->flags & ATA_FLAG_SLAVE_POSS)
return 2;
return 1;
}
from ata_dev_next().
I think %rdi holds link->ap, so the "link->ap->slave_link" dereference
causes the crash.
link->ap seems to be initialized quite early, and never cleared, so I
don't know how it could be NULL...
Confused.
Thanks,
NeilBrown
Attachment:
signature.asc
Description: PGP signature