* BUG: WARNING in kvfree_rcu_bulk
@ 2024-08-28 21:30 Xingyu Li
2024-08-29 8:17 ` Uladzislau Rezki
0 siblings, 1 reply; 9+ messages in thread
From: Xingyu Li @ 2024-08-28 21:30 UTC (permalink / raw)
To: paulmck, frederic, neeraj.upadhyay, joel, josh, boqun.feng,
urezki, rostedt, mathieu.desnoyers, jiangshanlai, qiang.zhang1211,
rcu, linux-kernel
Cc: Yu Hao
Hi,
We found a bug in Linux 6.10 using syzkaller. It is possibly a task hung bug.
The reprodcuer is
https://gist.github.com/freexxxyyy/67172235de920ccf2f282f9e1179354d
The bug report is:
------------[ cut here ]------------
ODEBUG: active_state not available (active state 0) object:
ffff88802526c180 object type: rcu_head hint: 0x0
WARNING: CPU: 0 PID: 4497 at lib/debugobjects.c:517 debug_print_object
lib/debugobjects.c:514 [inline]
WARNING: CPU: 0 PID: 4497 at lib/debugobjects.c:517
debug_object_active_state+0x2b0/0x360 lib/debugobjects.c:954
Modules linked in:
CPU: 0 PID: 4497 Comm: kworker/0:3 Not tainted 6.10.0 #13
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Workqueue: events kfree_rcu_work
RIP: 0010:debug_print_object lib/debugobjects.c:514 [inline]
RIP: 0010:debug_object_active_state+0x2b0/0x360 lib/debugobjects.c:954
Code: d7 95 fd 4d 8b 0c 24 48 c7 c7 a0 61 a9 8b 48 c7 c6 60 5e a9 8b
48 89 ea 8b 4c 24 04 49 89 d8 41 57 e8 24 1b f7 fc 48 83 c4 08 <0f> 0b
ff 05 88 0c c6 0a 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d
RSP: 0018:ffffc90002cc7a10 EFLAGS: 00010292
RAX: f9c69a923cadb800 RBX: ffff88802526c180 RCX: ffff88801e3cbc00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffffff8ba96360 R08: ffffffff8155a25a R09: 1ffff1100c74519a
R10: dffffc0000000000 R11: ffffed100c74519b R12: ffffffff8b4de5c0
R13: 0000000000000005 R14: dffffc0000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff888063a00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fa7a316ef78 CR3: 000000000d932000 CR4: 0000000000350ef0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
debug_rcu_head_unqueue kernel/rcu/rcu.h:236 [inline]
debug_rcu_bhead_unqueue kernel/rcu/tree.c:3287 [inline]
kvfree_rcu_bulk+0xc5/0x4d0 kernel/rcu/tree.c:3364
kfree_rcu_work+0x443/0x500 kernel/rcu/tree.c:3450
process_one_work kernel/workqueue.c:3248 [inline]
process_scheduled_works+0x977/0x1410 kernel/workqueue.c:3329
worker_thread+0xaa0/0x1020 kernel/workqueue.c:3409
kthread+0x2eb/0x380 kernel/kthread.c:389
ret_from_fork+0x49/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244
</TASK>
--
Yours sincerely,
Xingyu
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: WARNING in kvfree_rcu_bulk
2024-08-28 21:30 BUG: WARNING in kvfree_rcu_bulk Xingyu Li
@ 2024-08-29 8:17 ` Uladzislau Rezki
2024-08-29 23:29 ` Xingyu Li
0 siblings, 1 reply; 9+ messages in thread
From: Uladzislau Rezki @ 2024-08-29 8:17 UTC (permalink / raw)
To: Xingyu Li
Cc: paulmck, frederic, neeraj.upadhyay, joel, josh, boqun.feng,
urezki, rostedt, mathieu.desnoyers, jiangshanlai, qiang.zhang1211,
rcu, linux-kernel, Yu Hao
Hello!
> Hi,
>
> We found a bug in Linux 6.10 using syzkaller. It is possibly a task hung bug.
> The reprodcuer is
> https://gist.github.com/freexxxyyy/67172235de920ccf2f282f9e1179354d
>
> The bug report is:
>
> ------------[ cut here ]------------
> ODEBUG: active_state not available (active state 0) object:
> ffff88802526c180 object type: rcu_head hint: 0x0
> WARNING: CPU: 0 PID: 4497 at lib/debugobjects.c:517 debug_print_object
> lib/debugobjects.c:514 [inline]
> WARNING: CPU: 0 PID: 4497 at lib/debugobjects.c:517
> debug_object_active_state+0x2b0/0x360 lib/debugobjects.c:954
> Modules linked in:
> CPU: 0 PID: 4497 Comm: kworker/0:3 Not tainted 6.10.0 #13
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
> Workqueue: events kfree_rcu_work
> RIP: 0010:debug_print_object lib/debugobjects.c:514 [inline]
> RIP: 0010:debug_object_active_state+0x2b0/0x360 lib/debugobjects.c:954
> Code: d7 95 fd 4d 8b 0c 24 48 c7 c7 a0 61 a9 8b 48 c7 c6 60 5e a9 8b
> 48 89 ea 8b 4c 24 04 49 89 d8 41 57 e8 24 1b f7 fc 48 83 c4 08 <0f> 0b
> ff 05 88 0c c6 0a 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d
> RSP: 0018:ffffc90002cc7a10 EFLAGS: 00010292
> RAX: f9c69a923cadb800 RBX: ffff88802526c180 RCX: ffff88801e3cbc00
> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
> RBP: ffffffff8ba96360 R08: ffffffff8155a25a R09: 1ffff1100c74519a
> R10: dffffc0000000000 R11: ffffed100c74519b R12: ffffffff8b4de5c0
> R13: 0000000000000005 R14: dffffc0000000000 R15: 0000000000000000
> FS: 0000000000000000(0000) GS:ffff888063a00000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007fa7a316ef78 CR3: 000000000d932000 CR4: 0000000000350ef0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
> <TASK>
> debug_rcu_head_unqueue kernel/rcu/rcu.h:236 [inline]
> debug_rcu_bhead_unqueue kernel/rcu/tree.c:3287 [inline]
> kvfree_rcu_bulk+0xc5/0x4d0 kernel/rcu/tree.c:3364
> kfree_rcu_work+0x443/0x500 kernel/rcu/tree.c:3450
> process_one_work kernel/workqueue.c:3248 [inline]
> process_scheduled_works+0x977/0x1410 kernel/workqueue.c:3329
> worker_thread+0xaa0/0x1020 kernel/workqueue.c:3409
> kthread+0x2eb/0x380 kernel/kthread.c:389
> ret_from_fork+0x49/0x80 arch/x86/kernel/process.c:147
> ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244
> </TASK>
>
Is your kernel configuration special? I mean should i have something
truly enabled in the .config to reproduce it?
Thank you for the report!
--
Uladzislau Rezki
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: WARNING in kvfree_rcu_bulk
2024-08-29 8:17 ` Uladzislau Rezki
@ 2024-08-29 23:29 ` Xingyu Li
2024-09-04 17:52 ` Uladzislau Rezki
0 siblings, 1 reply; 9+ messages in thread
From: Xingyu Li @ 2024-08-29 23:29 UTC (permalink / raw)
To: Uladzislau Rezki
Cc: paulmck, frederic, neeraj.upadhyay, joel, josh, boqun.feng,
rostedt, mathieu.desnoyers, jiangshanlai, qiang.zhang1211, rcu,
linux-kernel, Yu Hao
Here is the config file:
https://gist.github.com/TomAPU/64f5db0fe976a3e94a6dd2b621887cdd
On Thu, Aug 29, 2024 at 1:17 AM Uladzislau Rezki <urezki@gmail.com> wrote:
>
> Hello!
>
> > Hi,
> >
> > We found a bug in Linux 6.10 using syzkaller. It is possibly a task hung bug.
> > The reprodcuer is
> > https://gist.github.com/freexxxyyy/67172235de920ccf2f282f9e1179354d
> >
> > The bug report is:
> >
> > ------------[ cut here ]------------
> > ODEBUG: active_state not available (active state 0) object:
> > ffff88802526c180 object type: rcu_head hint: 0x0
> > WARNING: CPU: 0 PID: 4497 at lib/debugobjects.c:517 debug_print_object
> > lib/debugobjects.c:514 [inline]
> > WARNING: CPU: 0 PID: 4497 at lib/debugobjects.c:517
> > debug_object_active_state+0x2b0/0x360 lib/debugobjects.c:954
> > Modules linked in:
> > CPU: 0 PID: 4497 Comm: kworker/0:3 Not tainted 6.10.0 #13
> > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
> > Workqueue: events kfree_rcu_work
> > RIP: 0010:debug_print_object lib/debugobjects.c:514 [inline]
> > RIP: 0010:debug_object_active_state+0x2b0/0x360 lib/debugobjects.c:954
> > Code: d7 95 fd 4d 8b 0c 24 48 c7 c7 a0 61 a9 8b 48 c7 c6 60 5e a9 8b
> > 48 89 ea 8b 4c 24 04 49 89 d8 41 57 e8 24 1b f7 fc 48 83 c4 08 <0f> 0b
> > ff 05 88 0c c6 0a 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d
> > RSP: 0018:ffffc90002cc7a10 EFLAGS: 00010292
> > RAX: f9c69a923cadb800 RBX: ffff88802526c180 RCX: ffff88801e3cbc00
> > RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
> > RBP: ffffffff8ba96360 R08: ffffffff8155a25a R09: 1ffff1100c74519a
> > R10: dffffc0000000000 R11: ffffed100c74519b R12: ffffffff8b4de5c0
> > R13: 0000000000000005 R14: dffffc0000000000 R15: 0000000000000000
> > FS: 0000000000000000(0000) GS:ffff888063a00000(0000) knlGS:0000000000000000
> > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > CR2: 00007fa7a316ef78 CR3: 000000000d932000 CR4: 0000000000350ef0
> > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> > Call Trace:
> > <TASK>
> > debug_rcu_head_unqueue kernel/rcu/rcu.h:236 [inline]
> > debug_rcu_bhead_unqueue kernel/rcu/tree.c:3287 [inline]
> > kvfree_rcu_bulk+0xc5/0x4d0 kernel/rcu/tree.c:3364
> > kfree_rcu_work+0x443/0x500 kernel/rcu/tree.c:3450
> > process_one_work kernel/workqueue.c:3248 [inline]
> > process_scheduled_works+0x977/0x1410 kernel/workqueue.c:3329
> > worker_thread+0xaa0/0x1020 kernel/workqueue.c:3409
> > kthread+0x2eb/0x380 kernel/kthread.c:389
> > ret_from_fork+0x49/0x80 arch/x86/kernel/process.c:147
> > ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244
> > </TASK>
> >
> Is your kernel configuration special? I mean should i have something
> truly enabled in the .config to reproduce it?
>
> Thank you for the report!
>
> --
> Uladzislau Rezki
--
Yours sincerely,
Xingyu
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: WARNING in kvfree_rcu_bulk
2024-08-29 23:29 ` Xingyu Li
@ 2024-09-04 17:52 ` Uladzislau Rezki
2024-09-05 2:23 ` Xingyu Li
0 siblings, 1 reply; 9+ messages in thread
From: Uladzislau Rezki @ 2024-09-04 17:52 UTC (permalink / raw)
To: Xingyu Li
Cc: Uladzislau Rezki, paulmck, frederic, neeraj.upadhyay, joel, josh,
boqun.feng, rostedt, mathieu.desnoyers, jiangshanlai,
qiang.zhang1211, rcu, linux-kernel, Yu Hao
Hello!
>
> Here is the config file:
> https://gist.github.com/TomAPU/64f5db0fe976a3e94a6dd2b621887cdd
>
Thank you. I was not able to boot my box using your config file. But i
enabled all needed configs in to run your reproduce so it does not
complain on below warnings:
<snip>
urezki@pc638:~$ sudo ./a.out
the reproducer may not work as expected: USB injection setup failed: failed to chmod /dev/raw-gadget
the reproducer may not work as expected: 802154 injection setup failed: netlink_query_family_id failed
<snip>
sudo modprobe raw_gadget
sudo modprobe ieee802154
sudo modprobe ieee802154_socket
sudo modprobe hci
sudo modprobe hci_vhci
sudo modprobe mac802154
sudo modprobe ieee802154
sudo modprobe ieee802154_socket
sudo modprobe mac802154_hwsim
sudo modprobe adf7242
sudo modprobe atusb
sudo modprobe at86rf230
sudo modprobe fakelb
sudo modprobe mrf24j40
sudo modprobe cc2520
and even after that i am not able to get any "WARNING in kvfree_rcu_bulk".
urezki@pc638:~$ uname -a
Linux pc638 6.11.0-rc2+ #3827 SMP PREEMPT_DYNAMIC Wed Sep 4 19:37:22 CEST 2024 x86_64 GNU/Linux
urezki@pc638:~$
is it easy to reproduce? Am i missing something in my setup?
--
Uladzislau Rezki
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: WARNING in kvfree_rcu_bulk
2024-09-04 17:52 ` Uladzislau Rezki
@ 2024-09-05 2:23 ` Xingyu Li
2024-09-12 16:08 ` Uladzislau Rezki
0 siblings, 1 reply; 9+ messages in thread
From: Xingyu Li @ 2024-09-05 2:23 UTC (permalink / raw)
To: Uladzislau Rezki
Cc: paulmck, frederic, neeraj.upadhyay, joel, josh, boqun.feng,
rostedt, mathieu.desnoyers, jiangshanlai, qiang.zhang1211, rcu,
linux-kernel, Yu Hao
Here is to set up the reproducing environment:
https://github.com/TomAPU/Linux610BugReort
We tested it, and it can reproduce.
On Wed, Sep 4, 2024 at 10:52 AM Uladzislau Rezki <urezki@gmail.com> wrote:
>
> Hello!
>
> >
> > Here is the config file:
> > https://gist.github.com/TomAPU/64f5db0fe976a3e94a6dd2b621887cdd
> >
> Thank you. I was not able to boot my box using your config file. But i
> enabled all needed configs in to run your reproduce so it does not
> complain on below warnings:
>
> <snip>
> urezki@pc638:~$ sudo ./a.out
> the reproducer may not work as expected: USB injection setup failed: failed to chmod /dev/raw-gadget
> the reproducer may not work as expected: 802154 injection setup failed: netlink_query_family_id failed
> <snip>
>
> sudo modprobe raw_gadget
> sudo modprobe ieee802154
> sudo modprobe ieee802154_socket
> sudo modprobe hci
> sudo modprobe hci_vhci
> sudo modprobe mac802154
> sudo modprobe ieee802154
> sudo modprobe ieee802154_socket
> sudo modprobe mac802154_hwsim
> sudo modprobe adf7242
> sudo modprobe atusb
> sudo modprobe at86rf230
> sudo modprobe fakelb
> sudo modprobe mrf24j40
> sudo modprobe cc2520
>
> and even after that i am not able to get any "WARNING in kvfree_rcu_bulk".
>
> urezki@pc638:~$ uname -a
> Linux pc638 6.11.0-rc2+ #3827 SMP PREEMPT_DYNAMIC Wed Sep 4 19:37:22 CEST 2024 x86_64 GNU/Linux
> urezki@pc638:~$
>
> is it easy to reproduce? Am i missing something in my setup?
>
> --
> Uladzislau Rezki
--
Yours sincerely,
Xingyu
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: WARNING in kvfree_rcu_bulk
2024-09-05 2:23 ` Xingyu Li
@ 2024-09-12 16:08 ` Uladzislau Rezki
2024-09-16 0:02 ` Xingyu Li
0 siblings, 1 reply; 9+ messages in thread
From: Uladzislau Rezki @ 2024-09-12 16:08 UTC (permalink / raw)
To: Xingyu Li
Cc: Uladzislau Rezki, paulmck, frederic, neeraj.upadhyay, joel, josh,
boqun.feng, rostedt, mathieu.desnoyers, jiangshanlai,
qiang.zhang1211, rcu, linux-kernel, Yu Hao
> > >
> > > Here is the config file:
> > > https://gist.github.com/TomAPU/64f5db0fe976a3e94a6dd2b621887cdd
> > >
I tested your "reproducer" on 6.11.0-rc2. I see some panics and they are
different. For example below one triggers: BUG: kernel NULL pointer dereference, address: 0000000000000010
<snip>
Linux pc640 6.11.0-rc2-00037-g6b376d473b12 #3833 SMP PREEMPT_DYNAMIC Thu Sep 12 15:42:02 CEST 2024 x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Sep 12 11:13:52 EDT 2024 on ttyS0
uroot@pc640:~# /home/urezki/a.out
[ 108.612276][ T8454] chnl_net:caif_netlink_parms(): no params data found
[ 108.630121][ T8455] chnl_net:caif_netlink_parms(): no params data found
[ 109.305626][ T8454] bridge0: port 1(bridge_slave_0) entered blocking state
[ 109.310125][ T8454] bridge0: port 1(bridge_slave_0) entered disabled state
[ 109.314806][ T8454] bridge_slave_0: entered allmulticast mode
[ 109.321617][ T8454] bridge_slave_0: entered promiscuous mode
[ 109.614547][ T8454] bridge0: port 2(bridge_slave_1) entered blocking state
[ 109.618924][ T8454] bridge0: port 2(bridge_slave_1) entered disabled state
[ 109.624061][ T8454] bridge_slave_1: entered allmulticast mode
[ 109.630982][ T8454] bridge_slave_1: entered promiscuous mode
[ 109.774534][ T8455] bridge0: port 1(bridge_slave_0) entered blocking state
[ 109.781204][ T8455] bridge0: port 1(bridge_slave_0) entered disabled state
[ 109.787878][ T8455] bridge_slave_0: entered allmulticast mode
[ 109.792835][ T8455] bridge_slave_0: entered promiscuous mode
[ 109.974516][ T8455] bridge0: port 2(bridge_slave_1) entered blocking state
[ 109.978872][ T8455] bridge0: port 2(bridge_slave_1) entered disabled state
[ 109.983548][ T8455] bridge_slave_1: entered allmulticast mode
[ 109.988361][ T8455] bridge_slave_1: entered promiscuous mode
[ 109.997251][ T8454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 110.187177][ T8454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 110.527036][ T8455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 110.666716][ T8455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 110.677591][ T8454] team0: Port device team_slave_0 added
[ 110.836395][ T8454] team0: Port device team_slave_1 added
[ 111.510715][ T8455] team0: Port device team_slave_0 added
[ 111.626814][ T8455] team0: Port device team_slave_1 added
[ 111.632180][ T8454] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 111.638793][ T8454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 111.661108][ T8454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 111.835012][ T8454] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 111.841107][ T8454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 111.857352][ T8454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 112.081965][ T8455] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 112.088499][ T8455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 112.111075][ T8455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 112.119385][ T8455] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 112.123657][ T8455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 112.141098][ T8455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 112.715591][ T8454] hsr_slave_0: entered promiscuous mode
[ 112.801330][ T8454] hsr_slave_1: entered promiscuous mode
[ 113.095845][ T8455] hsr_slave_0: entered promiscuous mode
[ 113.171469][ T8455] hsr_slave_1: entered promiscuous mode
[ 113.251172][ T8455] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 113.261201][ T8455] Cannot create hsr debugfs directory
[ 114.440022][ T8454] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 114.508448][ T8454] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 114.634433][ T8454] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 114.744227][ T8454] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 114.866169][ T8455] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 114.974856][ T8455] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 115.094399][ T8455] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 115.198370][ T8455] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 115.393414][ T8454] 8021q: adding VLAN 0 to HW filter on device bond0
[ 115.428509][ T8454] 8021q: adding VLAN 0 to HW filter on device team0
[ 115.445428][ T8455] 8021q: adding VLAN 0 to HW filter on device bond0
[ 115.455183][ T841] bridge0: port 1(bridge_slave_0) entered blocking state
[ 115.463761][ T841] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 115.479368][ T142] bridge0: port 2(bridge_slave_1) entered blocking state
[ 115.487741][ T142] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 115.513042][ T8455] 8021q: adding VLAN 0 to HW filter on device team0
[ 115.534056][ T841] bridge0: port 1(bridge_slave_0) entered blocking state
[ 115.540831][ T841] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 115.556733][ T1883] bridge0: port 2(bridge_slave_1) entered blocking state
[ 115.563088][ T1883] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 115.621249][ T8454] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 115.662366][ T8455] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 115.692483][ T8454] veth0_vlan: entered promiscuous mode
[ 115.709197][ T8454] veth1_vlan: entered promiscuous mode
[ 115.740423][ T8455] veth0_vlan: entered promiscuous mode
[ 115.752797][ T8455] veth1_vlan: entered promiscuous mode
[ 115.768040][ T8454] veth0_macvtap: entered promiscuous mode
[ 115.776722][ T8454] veth1_macvtap: entered promiscuous mode
[ 115.799794][ T8454] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 115.810688][ T8455] veth0_macvtap: entered promiscuous mode
[ 115.823230][ T8454] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 115.832372][ T8455] veth1_macvtap: entered promiscuous mode
[ 115.846846][ T8454] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.855626][ T8454] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.863223][ T8454] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.869729][ T8454] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 115.934253][ T8455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[ 115.944230][ T8455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 115.954913][ T8455] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 116.054848][ T8455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[ 116.064684][ T8455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 116.075471][ T8455] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 116.174807][ T8455] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 116.183164][ T8455] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 116.191693][ T8455] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 116.199476][ T8455] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 116.210161][ T8454] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht'
[ 116.314373][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.323148][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.363438][ T8454] ieee80211 phy4: Selected rate control algorithm 'minstrel_ht'
[ 116.427601][ T8455] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
[ 116.439923][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.447760][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.513068][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.515525][ T8455] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
[ 116.517602][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 116.554182][ T120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 116.562646][ T120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
executing program
[ 116.605018][T10471] program a.out is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 117.764915][ T65] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 119.264267][ T65] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 121.375536][ T65] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 121.963598][ T65] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 122.381273][ T65] bridge_slave_1: left allmulticast mode
[ 122.389071][ T65] bridge_slave_1: left promiscuous mode
[ 122.396906][ T65] bridge0: port 2(bridge_slave_1) entered disabled state
[ 122.601981][ T65] bridge_slave_0: left allmulticast mode
[ 122.611091][ T65] bridge_slave_0: left promiscuous mode
[ 122.617820][ T65] bridge0: port 1(bridge_slave_0) entered disabled state
[ 125.712116][ T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 125.921681][ T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 126.042002][ T65] bond0 (unregistering): Released all slaves
[ 128.331207][ T65] hsr_slave_0: left promiscuous mode
[ 128.461209][ T65] hsr_slave_1: left promiscuous mode
[ 128.591184][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 128.595352][ T65] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 128.655982][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 128.664072][ T65] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 128.867924][ T65] veth1_macvtap: left promiscuous mode
[ 128.875673][ T65] veth0_macvtap: left promiscuous mode
[ 128.882671][ T65] veth1_vlan: left promiscuous mode
[ 128.889132][ T65] veth0_vlan: left promiscuous mode
[ 138.513086][ T65] team0 (unregistering): Port device team_slave_1 removed
[ 139.601978][ T65] team0 (unregistering): Port device team_slave_0 removed
[ 150.514196][ T1333] ieee802154 phy0 wpan0: encryption failed: -22
[ 150.531082][ T1333] ieee802154 phy1 wpan1: encryption failed: -22
[ 181.351814][ T1058] ata1: lost interrupt (Status 0x58)
[ 182.061440][ T1058] ata1: found unknown device (class 0)
executing program
[ 182.101661][T10525] program a.out is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 182.331131][ C7] BUG: kernel NULL pointer dereference, address: 0000000000000010
[ 182.339044][ C7] #PF: supervisor read access in kernel mode
[ 182.345673][ C7] #PF: error_code(0x0000) - not-present page
[ 182.352216][ C7] PGD 150394067 P4D 150394067 PUD 192e9f067 PMD 0
[ 182.359123][ C7] Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 182.365905][ C7] CPU: 7 UID: 0 PID: 54 Comm: ksoftirqd/7 Not tainted 6.11.0-rc2-00037-g6b376d473b12 #3833
[ 182.375040][ C7] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 182.382819][ C7] RIP: 0010:stack_depot_save_flags+0x147/0x8d0
[ 182.388239][ C7] Code: c1 e1 04 4c 03 0d 81 1d c8 0f 65 ff 05 5a ae 92 7b 49 8b 09 49 39 c9 75 11 e9 91 00 00 00 48 8b 09 49 39 c9 0f 84 a4 01 00 00 <39> 59 10 75 ef 44 3b 79 14 75 e9 31 c0 48 8b 54 c1 20 49 39 54 c5
[ 182.399223][ C7] RSP: 0018:ffffc90006657970 EFLAGS: 00010286
[ 182.402848][ C7] RAX: 00000000f759be75 RBX: 00000000f759be75 RCX: 0000000000000000
[ 182.407055][ C7] RDX: 0000000018e8f28b RSI: 000000004a278650 RDI: 00000000bc02d21f
[ 182.411271][ C7] RBP: 0000000000000001 R08: 0000000000000005 R09: ffff88901cdbe750
[ 182.415500][ C7] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 182.419717][ C7] R13: ffffc900066579d0 R14: 000000000000000e R15: 000000000000000e
[ 182.423938][ C7] FS: 0000000000000000(0000) GS:ffff88901d780000(0000) knlGS:0000000000000000
[ 182.428464][ C7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 182.432274][ C7] CR2: 0000000000000010 CR3: 00000001730ac000 CR4: 00000000000006f0
[ 182.436523][ C7] Call Trace:
[ 182.439244][ C7] <TASK>
[ 182.441839][ C7] ? show_regs+0x88/0x90
[ 182.444877][ C7] ? __die+0x28/0x80
[ 182.447798][ C7] ? page_fault_oops+0x3b6/0xb80
[ 182.451009][ C7] ? copy_from_kernel_nofault_allowed+0xe6/0x110
[ 182.454703][ C7] ? __pfx_page_fault_oops+0x10/0x10
[ 182.458029][ C7] ? copy_from_kernel_nofault+0x12f/0x2c0
[ 182.461515][ C7] ? __sanitizer_cov_trace_switch+0x50/0x90
[ 182.465062][ C7] ? stack_depot_save_flags+0x147/0x8d0
[ 182.468496][ C7] ? is_prefetch.constprop.0+0x9d/0x520
[ 182.471883][ C7] ? stack_depot_save_flags+0x156/0x8d0
[ 182.475300][ C7] ? __pfx_is_prefetch.constprop.0+0x10/0x10
[ 182.478866][ C7] ? fixup_exception+0x108/0xae0
[ 182.482081][ C7] ? kernelmode_fixup_or_oops.constprop.0+0xb8/0xe0
[ 182.485867][ C7] ? __bad_area_nosemaphore+0x390/0x6a0
[ 182.489306][ C7] ? ret_from_fork_asm+0x19/0x30
[ 182.492554][ C7] ? do_user_addr_fault+0x928/0x12c0
[ 182.495874][ C7] ? rcu_is_watching+0xe/0xc0
[ 182.499002][ C7] ? exc_page_fault+0x57/0xd0
[ 182.502122][ C7] ? asm_exc_page_fault+0x22/0x30
[ 182.505376][ C7] ? stack_depot_save_flags+0x147/0x8d0
[ 182.508798][ C7] ? __lock_acquire+0xd09/0x5d30
[ 182.512038][ C7] ? i_callback+0x5d/0x70
[ 182.515071][ C7] kasan_save_stack+0x3e/0x50
[ 182.518234][ C7] ? kasan_save_stack+0x2f/0x50
[ 182.521420][ C7] ? kasan_save_track+0x10/0x30
[ 182.524622][ C7] ? kasan_save_free_info+0x37/0x60
[ 182.527907][ C7] ? poison_slab_object+0xf7/0x160
[ 182.531169][ C7] ? __kasan_slab_free+0x2e/0x50
[ 182.534346][ C7] ? kmem_cache_free+0x12b/0x4a0
[ 182.537489][ C7] ? i_callback+0x5d/0x70
[ 182.540435][ C7] ? rcu_core+0x84d/0x1c60
[ 182.543390][ C7] ? handle_softirqs+0x219/0x980
[ 182.546499][ C7] ? run_ksoftirqd+0x36/0x60
[ 182.549492][ C7] ? smpboot_thread_fn+0x660/0xa10
[ 182.552629][ C7] ? kthread+0x336/0x440
[ 182.555447][ C7] ? ret_from_fork+0x44/0x70
[ 182.558334][ C7] ? ret_from_fork_asm+0x1a/0x30
[ 182.561276][ C7] kasan_save_track+0x10/0x30
[ 182.564051][ C7] kasan_save_free_info+0x37/0x60
[ 182.566922][ C7] poison_slab_object+0xf7/0x160
[ 182.569747][ C7] __kasan_slab_free+0x2e/0x50
[ 182.572530][ C7] kmem_cache_free+0x12b/0x4a0
[ 182.575296][ C7] ? i_callback+0x5d/0x70
[ 182.577922][ C7] ? rcu_core+0x848/0x1c60
[ 182.580554][ C7] i_callback+0x5d/0x70
[ 182.583066][ C7] rcu_core+0x84d/0x1c60
[ 182.585582][ C7] ? __pfx_rcu_core+0x10/0x10
[ 182.588229][ C7] handle_softirqs+0x219/0x980
[ 182.590882][ C7] ? __pfx_handle_softirqs+0x10/0x10
[ 182.593717][ C7] ? rcu_is_watching+0xe/0xc0
[ 182.596347][ C7] ? __pfx_run_ksoftirqd+0x10/0x10
[ 182.599104][ C7] ? smpboot_thread_fn+0x599/0xa10
[ 182.601869][ C7] run_ksoftirqd+0x36/0x60
[ 182.604434][ C7] smpboot_thread_fn+0x660/0xa10
[ 182.607152][ C7] ? __kthread_parkme+0x148/0x220
[ 182.609906][ C7] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 182.612801][ C7] kthread+0x336/0x440
[ 182.615219][ C7] ? _raw_spin_unlock_irq+0x1f/0x50
[ 182.618023][ C7] ? __pfx_kthread+0x10/0x10
[ 182.620623][ C7] ret_from_fork+0x44/0x70
[ 182.623162][ C7] ? __pfx_kthread+0x10/0x10
[ 182.625755][ C7] ret_from_fork_asm+0x1a/0x30
[ 182.628385][ C7] </TASK>
[ 182.630443][ C7] Modules linked in:
[ 182.632779][ C7] CR2: 0000000000000010
[ 182.635183][ C7] ---[ end trace 0000000000000000 ]---
[ 182.638056][ C7] RIP: 0010:stack_depot_save_flags+0x147/0x8d0
[ 182.641146][ C7] Code: c1 e1 04 4c 03 0d 81 1d c8 0f 65 ff 05 5a ae 92 7b 49 8b 09 49 39 c9 75 11 e9 91 00 00 00 48 8b 09 49 39 c9 0f 84 a4 01 00 00 <39> 59 10 75 ef 44 3b 79 14 75 e9 31 c0 48 8b 54 c1 20 49 39 54 c5
[ 182.649808][ C7] RSP: 0018:ffffc90006657970 EFLAGS: 00010286
[ 182.653031][ C7] RAX: 00000000f759be75 RBX: 00000000f759be75 RCX: 0000000000000000
[ 182.656897][ C7] RDX: 0000000018e8f28b RSI: 000000004a278650 RDI: 00000000bc02d21f
[ 182.660748][ C7] RBP: 0000000000000001 R08: 0000000000000005 R09: ffff88901cdbe750
[ 182.664628][ C7] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 182.668435][ C7] R13: ffffc900066579d0 R14: 000000000000000e R15: 000000000000000e
[ 182.672198][ C7] FS: 0000000000000000(0000) GS:ffff88901d780000(0000) knlGS:0000000000000000
[ 182.676268][ C7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 182.679617][ C7] CR2: 0000000000000010 CR3: 00000001730ac000 CR4: 00000000000006f0
[ 182.683435][ C7] Kernel panic - not syncing: Fatal exception in interrupt
[ 182.687412][ C7] Kernel Offset: disabled
<snip>
second one:
<snip>
[ 657.192361][ C0] list_add corruption. next->prev should be prev (ffff8881996a2670), but was 0000000000000000. (next=ffff8881a3571000).
[ 657.204270][ C0] ------------[ cut here ]------------
[ 657.210763][ C0] kernel BUG at lib/list_debug.c:29!
[ 657.217140][ C0] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[ 657.224382][ C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc2-00037-g6b376d473b12 #3833
[ 657.233350][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 657.241232][ C0] RIP: 0010:__list_add_valid_or_report+0xa2/0x100
[ 657.246703][ C0] Code: c7 c7 e0 2e 2a 8b e8 4d 3d 24 fd 0f 0b 48 c7 c7 80 2f 2a 8b e8 3f 3d 24 fd 0f 0b 48 89 d9 48 c7 c7 e0 2f 2a 8b e8 2e 3d 24 fd <0f> 0b 48 89 f1 48 c7 c7 60 30 2a 8b 48 89 de e8 1a 3d 24 fd 0f 0b
[ 657.257782][ C0] RSP: 0018:ffffc9000434f458 EFLAGS: 00010082
[ 657.261306][ C0] RAX: 0000000000000075 RBX: ffff8881a3571000 RCX: ffffffff816b4fb9
[ 657.265447][ C0] RDX: 0000000000000000 RSI: ffffffff816bef02 RDI: 0000000000000005
[ 657.269555][ C0] RBP: ffff8881b1b40d40 R08: 0000000000000005 R09: 0000000000000000
[ 657.273686][ C0] R10: 0000000000000101 R11: 0000000000000001 R12: ffff8881996a2670
[ 657.277798][ C0] R13: 0000000000000820 R14: ffff8881b1b40d40 R15: ffff8881a3571000
[ 657.281918][ C0] FS: 0000000000000000(0000) GS:ffff88861fc00000(0000) knlGS:0000000000000000
[ 657.286383][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 657.290128][ C0] CR2: 00007f4027088128 CR3: 000000000d17c000 CR4: 00000000000006f0
[ 657.294297][ C0] Call Trace:
[ 657.297076][ C0] <TASK>
[ 657.299729][ C0] ? show_regs+0x88/0x90
[ 657.302756][ C0] ? die+0x32/0xa0
[ 657.305654][ C0] ? do_trap+0x232/0x430
[ 657.308703][ C0] ? __list_add_valid_or_report+0xa2/0x100
[ 657.312223][ C0] ? __list_add_valid_or_report+0xa2/0x100
[ 657.315709][ C0] ? do_error_trap+0xf4/0x230
[ 657.318839][ C0] ? __list_add_valid_or_report+0xa2/0x100
[ 657.322308][ C0] ? handle_invalid_op+0x34/0x40
[ 657.325530][ C0] ? __list_add_valid_or_report+0xa2/0x100
[ 657.329015][ C0] ? exc_invalid_op+0x29/0x40
[ 657.332190][ C0] ? asm_exc_invalid_op+0x16/0x20
[ 657.335452][ C0] ? __wake_up_klogd.part.0+0x99/0xf0
[ 657.338814][ C0] ? vprintk+0x82/0x90
[ 657.341768][ C0] ? __list_add_valid_or_report+0xa2/0x100
[ 657.345267][ C0] ? __list_add_valid_or_report+0xa2/0x100
[ 657.348732][ C0] ? ref_tracker_alloc+0x205/0x5a0
[ 657.352010][ C0] ref_tracker_alloc+0x236/0x5a0
[ 657.355208][ C0] ? __pfx_ref_tracker_alloc+0x10/0x10
[ 657.358533][ C0] ? dst_init+0xd6/0x570
[ 657.361499][ C0] ? dst_alloc+0xb7/0x1a0
[ 657.364473][ C0] ? ip6_dst_alloc+0x28/0xa0
[ 657.367536][ C0] ? icmp6_dst_alloc+0x6c/0x4a0
[ 657.370635][ C0] ? ndisc_send_skb+0x1275/0x1c20
[ 657.373740][ C0] ? ndisc_send_rs+0x127/0x690
[ 657.376821][ C0] ? addrconf_rs_timer+0x41e/0x850
[ 657.379973][ C0] ? call_timer_fn+0x1a3/0x600
[ 657.383021][ C0] ? __run_timers+0x749/0xae0
[ 657.386018][ C0] ? timer_expire_remote+0xfb/0x160
[ 657.389128][ C0] ? tmigr_handle_remote+0x7c7/0xfc0
[ 657.392261][ C0] ? run_timer_softirq+0x31/0x40
[ 657.395251][ C0] ? handle_softirqs+0x219/0x980
[ 657.398195][ C0] ? run_ksoftirqd+0x36/0x60
[ 657.401024][ C0] ? smpboot_thread_fn+0x660/0xa10
[ 657.404017][ C0] ? kthread+0x336/0x440
[ 657.406708][ C0] ? rcu_is_watching+0xe/0xc0
[ 657.409508][ C0] dst_init+0xd6/0x570
[ 657.412090][ C0] dst_alloc+0xb7/0x1a0
[ 657.414630][ C0] ip6_dst_alloc+0x28/0xa0
[ 657.417183][ C0] icmp6_dst_alloc+0x6c/0x4a0
[ 657.419786][ C0] ndisc_send_skb+0x1275/0x1c20
[ 657.422420][ C0] ? validate_store+0x1e/0x60
[ 657.425004][ C0] ? __pfx_ndisc_send_skb+0x10/0x10
[ 657.427726][ C0] ? __build_skb_around+0x278/0x3b0
[ 657.430441][ C0] ? __alloc_skb+0x1fc/0x380
[ 657.432973][ C0] ? skb_put+0x134/0x1a0
[ 657.435368][ C0] ndisc_send_rs+0x127/0x690
[ 657.437856][ C0] addrconf_rs_timer+0x41e/0x850
[ 657.440437][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10
[ 657.443169][ C0] ? try_to_wake_up+0x13b/0x15d0
[ 657.445750][ C0] ? __pfx_lock_release+0x10/0x10
[ 657.448369][ C0] call_timer_fn+0x1a3/0x600
[ 657.450828][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10
[ 657.453586][ C0] ? __pfx_call_timer_fn+0x10/0x10
[ 657.456234][ C0] ? __pfx_lock_release+0x10/0x10
[ 657.458856][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10
[ 657.461613][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10
[ 657.464365][ C0] __run_timers+0x749/0xae0
[ 657.466804][ C0] ? __pfx___run_timers+0x10/0x10
[ 657.469401][ C0] ? __pfx_lock_acquire+0x10/0x10
[ 657.471986][ C0] ? lock_acquire+0x1ad/0x550
[ 657.474472][ C0] timer_expire_remote+0xfb/0x160
[ 657.477069][ C0] ? __pfx_timer_expire_remote+0x10/0x10
[ 657.479850][ C0] ? _raw_spin_unlock_irq+0x1f/0x50
[ 657.482475][ C0] ? lockdep_hardirqs_on+0x78/0x100
[ 657.485141][ C0] tmigr_handle_remote+0x7c7/0xfc0
[ 657.487771][ C0] ? __pfx_tmigr_handle_remote+0x10/0x10
[ 657.490551][ C0] ? run_timer_base+0x11e/0x190
[ 657.493102][ C0] ? __pfx_run_timer_base+0x10/0x10
[ 657.495762][ C0] run_timer_softirq+0x31/0x40
[ 657.498286][ C0] handle_softirqs+0x219/0x980
[ 657.500812][ C0] ? __pfx_handle_softirqs+0x10/0x10
[ 657.503503][ C0] ? rcu_is_watching+0xe/0xc0
[ 657.506009][ C0] ? __pfx_run_ksoftirqd+0x10/0x10
[ 657.508657][ C0] ? smpboot_thread_fn+0x599/0xa10
[ 657.511301][ C0] run_ksoftirqd+0x36/0x60
[ 657.513734][ C0] smpboot_thread_fn+0x660/0xa10
[ 657.516336][ C0] ? __kthread_parkme+0x148/0x220
[ 657.518950][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10
[ 657.521715][ C0] kthread+0x336/0x440
[ 657.524064][ C0] ? _raw_spin_unlock_irq+0x1f/0x50
[ 657.526737][ C0] ? __pfx_kthread+0x10/0x10
[ 657.529240][ C0] ret_from_fork+0x44/0x70
[ 657.531687][ C0] ? __pfx_kthread+0x10/0x10
[ 657.534185][ C0] ret_from_fork_asm+0x1a/0x30
[ 657.536744][ C0] </TASK>
[ 657.538752][ C0] Modules linked in:
[ 657.541038][ C0] ---[ end trace 0000000000000000 ]---
[ 657.543837][ C0] RIP: 0010:__list_add_valid_or_report+0xa2/0x100
[ 657.546921][ C0] Code: c7 c7 e0 2e 2a 8b e8 4d 3d 24 fd 0f 0b 48 c7 c7 80 2f 2a 8b e8 3f 3d 24 fd 0f 0b 48 89 d9 48 c7 c7 e0 2f 2a 8b e8 2e 3d 24 fd <0f> 0b 48 89 f1 48 c7 c7 60 30 2a 8b 48 89 de e8 1a 3d 24 fd 0f 0b
[ 657.555312][ C0] RSP: 0018:ffffc9000434f458 EFLAGS: 00010082
[ 657.558444][ C0] RAX: 0000000000000075 RBX: ffff8881a3571000 RCX: ffffffff816b4fb9
[ 657.562186][ C0] RDX: 0000000000000000 RSI: ffffffff816bef02 RDI: 0000000000000005
[ 657.565917][ C0] RBP: ffff8881b1b40d40 R08: 0000000000000005 R09: 0000000000000000
[ 657.569676][ C0] R10: 0000000000000101 R11: 0000000000000001 R12: ffff8881996a2670
[ 657.573430][ C0] R13: 0000000000000820 R14: ffff8881b1b40d40 R15: ffff8881a3571000
[ 657.577198][ C0] FS: 0000000000000000(0000) GS:ffff88861fc00000(0000) knlGS:0000000000000000
[ 657.581305][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 657.584702][ C0] CR2: 00007f4027088128 CR3: 000000000d17c000 CR4: 00000000000006f0
[ 657.588528][ C0] Kernel panic - not syncing: Fatal exception in interrupt
[ 657.592637][ C0] Kernel Offset: disabled
<snip>
is about list corruption BUG. So they are different and looks like
something is corrupted. So i would not trust that your report is about
kvfree_rcu_bulk() warning is related to a real issue with kvfree_rcu()
call.
A also run the reproducer on the 6.11.0-rc7 kernel. It still runs
without any panics yet.
Could you please test the latest kernel? For example 6.11.0-rc7?
--
Uladzislau Rezki
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: WARNING in kvfree_rcu_bulk
2024-09-12 16:08 ` Uladzislau Rezki
@ 2024-09-16 0:02 ` Xingyu Li
2024-09-16 5:12 ` Juefei Pu
0 siblings, 1 reply; 9+ messages in thread
From: Xingyu Li @ 2024-09-16 0:02 UTC (permalink / raw)
To: Uladzislau Rezki
Cc: paulmck, frederic, neeraj.upadhyay, joel, josh, boqun.feng,
rostedt, mathieu.desnoyers, jiangshanlai, qiang.zhang1211, rcu,
linux-kernel, Yu Hao, Juefei Pu
Juefei will answer this. I already Cc'd him.
On Thu, Sep 12, 2024 at 9:08 AM Uladzislau Rezki <urezki@gmail.com> wrote:
>
> > > >
> > > > Here is the config file:
> > > > https://gist.github.com/TomAPU/64f5db0fe976a3e94a6dd2b621887cdd
> > > >
> I tested your "reproducer" on 6.11.0-rc2. I see some panics and they are
> different. For example below one triggers: BUG: kernel NULL pointer dereference, address: 0000000000000010
>
> <snip>
> Linux pc640 6.11.0-rc2-00037-g6b376d473b12 #3833 SMP PREEMPT_DYNAMIC Thu Sep 12 15:42:02 CEST 2024 x86_64
>
> The programs included with the Debian GNU/Linux system are free software;
> the exact distribution terms for each program are described in the
> individual files in /usr/share/doc/*/copyright.
>
> Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
> permitted by applicable law.
> Last login: Thu Sep 12 11:13:52 EDT 2024 on ttyS0
> uroot@pc640:~# /home/urezki/a.out
> [ 108.612276][ T8454] chnl_net:caif_netlink_parms(): no params data found
> [ 108.630121][ T8455] chnl_net:caif_netlink_parms(): no params data found
> [ 109.305626][ T8454] bridge0: port 1(bridge_slave_0) entered blocking state
> [ 109.310125][ T8454] bridge0: port 1(bridge_slave_0) entered disabled state
> [ 109.314806][ T8454] bridge_slave_0: entered allmulticast mode
> [ 109.321617][ T8454] bridge_slave_0: entered promiscuous mode
> [ 109.614547][ T8454] bridge0: port 2(bridge_slave_1) entered blocking state
> [ 109.618924][ T8454] bridge0: port 2(bridge_slave_1) entered disabled state
> [ 109.624061][ T8454] bridge_slave_1: entered allmulticast mode
> [ 109.630982][ T8454] bridge_slave_1: entered promiscuous mode
> [ 109.774534][ T8455] bridge0: port 1(bridge_slave_0) entered blocking state
> [ 109.781204][ T8455] bridge0: port 1(bridge_slave_0) entered disabled state
> [ 109.787878][ T8455] bridge_slave_0: entered allmulticast mode
> [ 109.792835][ T8455] bridge_slave_0: entered promiscuous mode
> [ 109.974516][ T8455] bridge0: port 2(bridge_slave_1) entered blocking state
> [ 109.978872][ T8455] bridge0: port 2(bridge_slave_1) entered disabled state
> [ 109.983548][ T8455] bridge_slave_1: entered allmulticast mode
> [ 109.988361][ T8455] bridge_slave_1: entered promiscuous mode
> [ 109.997251][ T8454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
> [ 110.187177][ T8454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
> [ 110.527036][ T8455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
> [ 110.666716][ T8455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
> [ 110.677591][ T8454] team0: Port device team_slave_0 added
> [ 110.836395][ T8454] team0: Port device team_slave_1 added
> [ 111.510715][ T8455] team0: Port device team_slave_0 added
> [ 111.626814][ T8455] team0: Port device team_slave_1 added
> [ 111.632180][ T8454] batman_adv: batadv0: Adding interface: batadv_slave_0
> [ 111.638793][ T8454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> [ 111.661108][ T8454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
> [ 111.835012][ T8454] batman_adv: batadv0: Adding interface: batadv_slave_1
> [ 111.841107][ T8454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> [ 111.857352][ T8454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
> [ 112.081965][ T8455] batman_adv: batadv0: Adding interface: batadv_slave_0
> [ 112.088499][ T8455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> [ 112.111075][ T8455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
> [ 112.119385][ T8455] batman_adv: batadv0: Adding interface: batadv_slave_1
> [ 112.123657][ T8455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> [ 112.141098][ T8455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
> [ 112.715591][ T8454] hsr_slave_0: entered promiscuous mode
> [ 112.801330][ T8454] hsr_slave_1: entered promiscuous mode
> [ 113.095845][ T8455] hsr_slave_0: entered promiscuous mode
> [ 113.171469][ T8455] hsr_slave_1: entered promiscuous mode
> [ 113.251172][ T8455] debugfs: Directory 'hsr0' with parent 'hsr' already present!
> [ 113.261201][ T8455] Cannot create hsr debugfs directory
> [ 114.440022][ T8454] netdevsim netdevsim0 netdevsim0: renamed from eth0
> [ 114.508448][ T8454] netdevsim netdevsim0 netdevsim1: renamed from eth1
> [ 114.634433][ T8454] netdevsim netdevsim0 netdevsim2: renamed from eth2
> [ 114.744227][ T8454] netdevsim netdevsim0 netdevsim3: renamed from eth3
> [ 114.866169][ T8455] netdevsim netdevsim1 netdevsim0: renamed from eth0
> [ 114.974856][ T8455] netdevsim netdevsim1 netdevsim1: renamed from eth1
> [ 115.094399][ T8455] netdevsim netdevsim1 netdevsim2: renamed from eth2
> [ 115.198370][ T8455] netdevsim netdevsim1 netdevsim3: renamed from eth3
> [ 115.393414][ T8454] 8021q: adding VLAN 0 to HW filter on device bond0
> [ 115.428509][ T8454] 8021q: adding VLAN 0 to HW filter on device team0
> [ 115.445428][ T8455] 8021q: adding VLAN 0 to HW filter on device bond0
> [ 115.455183][ T841] bridge0: port 1(bridge_slave_0) entered blocking state
> [ 115.463761][ T841] bridge0: port 1(bridge_slave_0) entered forwarding state
> [ 115.479368][ T142] bridge0: port 2(bridge_slave_1) entered blocking state
> [ 115.487741][ T142] bridge0: port 2(bridge_slave_1) entered forwarding state
> [ 115.513042][ T8455] 8021q: adding VLAN 0 to HW filter on device team0
> [ 115.534056][ T841] bridge0: port 1(bridge_slave_0) entered blocking state
> [ 115.540831][ T841] bridge0: port 1(bridge_slave_0) entered forwarding state
> [ 115.556733][ T1883] bridge0: port 2(bridge_slave_1) entered blocking state
> [ 115.563088][ T1883] bridge0: port 2(bridge_slave_1) entered forwarding state
> [ 115.621249][ T8454] 8021q: adding VLAN 0 to HW filter on device batadv0
> [ 115.662366][ T8455] 8021q: adding VLAN 0 to HW filter on device batadv0
> [ 115.692483][ T8454] veth0_vlan: entered promiscuous mode
> [ 115.709197][ T8454] veth1_vlan: entered promiscuous mode
> [ 115.740423][ T8455] veth0_vlan: entered promiscuous mode
> [ 115.752797][ T8455] veth1_vlan: entered promiscuous mode
> [ 115.768040][ T8454] veth0_macvtap: entered promiscuous mode
> [ 115.776722][ T8454] veth1_macvtap: entered promiscuous mode
> [ 115.799794][ T8454] batman_adv: batadv0: Interface activated: batadv_slave_0
> [ 115.810688][ T8455] veth0_macvtap: entered promiscuous mode
> [ 115.823230][ T8454] batman_adv: batadv0: Interface activated: batadv_slave_1
> [ 115.832372][ T8455] veth1_macvtap: entered promiscuous mode
> [ 115.846846][ T8454] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
> [ 115.855626][ T8454] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
> [ 115.863223][ T8454] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
> [ 115.869729][ T8454] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
> [ 115.934253][ T8455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
> [ 115.944230][ T8455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
> [ 115.954913][ T8455] batman_adv: batadv0: Interface activated: batadv_slave_0
> [ 116.054848][ T8455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
> [ 116.064684][ T8455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
> [ 116.075471][ T8455] batman_adv: batadv0: Interface activated: batadv_slave_1
> [ 116.174807][ T8455] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
> [ 116.183164][ T8455] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
> [ 116.191693][ T8455] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
> [ 116.199476][ T8455] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
> [ 116.210161][ T8454] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht'
> [ 116.314373][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
> [ 116.323148][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
> [ 116.363438][ T8454] ieee80211 phy4: Selected rate control algorithm 'minstrel_ht'
> [ 116.427601][ T8455] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
> [ 116.439923][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
> [ 116.447760][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
> [ 116.513068][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
> [ 116.515525][ T8455] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
> [ 116.517602][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
> [ 116.554182][ T120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
> [ 116.562646][ T120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
> executing program
> [ 116.605018][T10471] program a.out is using a deprecated SCSI ioctl, please convert it to SG_IO
> [ 117.764915][ T65] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> [ 119.264267][ T65] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> [ 121.375536][ T65] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> [ 121.963598][ T65] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> [ 122.381273][ T65] bridge_slave_1: left allmulticast mode
> [ 122.389071][ T65] bridge_slave_1: left promiscuous mode
> [ 122.396906][ T65] bridge0: port 2(bridge_slave_1) entered disabled state
> [ 122.601981][ T65] bridge_slave_0: left allmulticast mode
> [ 122.611091][ T65] bridge_slave_0: left promiscuous mode
> [ 122.617820][ T65] bridge0: port 1(bridge_slave_0) entered disabled state
> [ 125.712116][ T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
> [ 125.921681][ T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
> [ 126.042002][ T65] bond0 (unregistering): Released all slaves
> [ 128.331207][ T65] hsr_slave_0: left promiscuous mode
> [ 128.461209][ T65] hsr_slave_1: left promiscuous mode
> [ 128.591184][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
> [ 128.595352][ T65] batman_adv: batadv0: Removing interface: batadv_slave_0
> [ 128.655982][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
> [ 128.664072][ T65] batman_adv: batadv0: Removing interface: batadv_slave_1
> [ 128.867924][ T65] veth1_macvtap: left promiscuous mode
> [ 128.875673][ T65] veth0_macvtap: left promiscuous mode
> [ 128.882671][ T65] veth1_vlan: left promiscuous mode
> [ 128.889132][ T65] veth0_vlan: left promiscuous mode
> [ 138.513086][ T65] team0 (unregistering): Port device team_slave_1 removed
> [ 139.601978][ T65] team0 (unregistering): Port device team_slave_0 removed
> [ 150.514196][ T1333] ieee802154 phy0 wpan0: encryption failed: -22
> [ 150.531082][ T1333] ieee802154 phy1 wpan1: encryption failed: -22
> [ 181.351814][ T1058] ata1: lost interrupt (Status 0x58)
> [ 182.061440][ T1058] ata1: found unknown device (class 0)
> executing program
> [ 182.101661][T10525] program a.out is using a deprecated SCSI ioctl, please convert it to SG_IO
> [ 182.331131][ C7] BUG: kernel NULL pointer dereference, address: 0000000000000010
> [ 182.339044][ C7] #PF: supervisor read access in kernel mode
> [ 182.345673][ C7] #PF: error_code(0x0000) - not-present page
> [ 182.352216][ C7] PGD 150394067 P4D 150394067 PUD 192e9f067 PMD 0
> [ 182.359123][ C7] Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
> [ 182.365905][ C7] CPU: 7 UID: 0 PID: 54 Comm: ksoftirqd/7 Not tainted 6.11.0-rc2-00037-g6b376d473b12 #3833
> [ 182.375040][ C7] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> [ 182.382819][ C7] RIP: 0010:stack_depot_save_flags+0x147/0x8d0
> [ 182.388239][ C7] Code: c1 e1 04 4c 03 0d 81 1d c8 0f 65 ff 05 5a ae 92 7b 49 8b 09 49 39 c9 75 11 e9 91 00 00 00 48 8b 09 49 39 c9 0f 84 a4 01 00 00 <39> 59 10 75 ef 44 3b 79 14 75 e9 31 c0 48 8b 54 c1 20 49 39 54 c5
> [ 182.399223][ C7] RSP: 0018:ffffc90006657970 EFLAGS: 00010286
> [ 182.402848][ C7] RAX: 00000000f759be75 RBX: 00000000f759be75 RCX: 0000000000000000
> [ 182.407055][ C7] RDX: 0000000018e8f28b RSI: 000000004a278650 RDI: 00000000bc02d21f
> [ 182.411271][ C7] RBP: 0000000000000001 R08: 0000000000000005 R09: ffff88901cdbe750
> [ 182.415500][ C7] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> [ 182.419717][ C7] R13: ffffc900066579d0 R14: 000000000000000e R15: 000000000000000e
> [ 182.423938][ C7] FS: 0000000000000000(0000) GS:ffff88901d780000(0000) knlGS:0000000000000000
> [ 182.428464][ C7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 182.432274][ C7] CR2: 0000000000000010 CR3: 00000001730ac000 CR4: 00000000000006f0
> [ 182.436523][ C7] Call Trace:
> [ 182.439244][ C7] <TASK>
> [ 182.441839][ C7] ? show_regs+0x88/0x90
> [ 182.444877][ C7] ? __die+0x28/0x80
> [ 182.447798][ C7] ? page_fault_oops+0x3b6/0xb80
> [ 182.451009][ C7] ? copy_from_kernel_nofault_allowed+0xe6/0x110
> [ 182.454703][ C7] ? __pfx_page_fault_oops+0x10/0x10
> [ 182.458029][ C7] ? copy_from_kernel_nofault+0x12f/0x2c0
> [ 182.461515][ C7] ? __sanitizer_cov_trace_switch+0x50/0x90
> [ 182.465062][ C7] ? stack_depot_save_flags+0x147/0x8d0
> [ 182.468496][ C7] ? is_prefetch.constprop.0+0x9d/0x520
> [ 182.471883][ C7] ? stack_depot_save_flags+0x156/0x8d0
> [ 182.475300][ C7] ? __pfx_is_prefetch.constprop.0+0x10/0x10
> [ 182.478866][ C7] ? fixup_exception+0x108/0xae0
> [ 182.482081][ C7] ? kernelmode_fixup_or_oops.constprop.0+0xb8/0xe0
> [ 182.485867][ C7] ? __bad_area_nosemaphore+0x390/0x6a0
> [ 182.489306][ C7] ? ret_from_fork_asm+0x19/0x30
> [ 182.492554][ C7] ? do_user_addr_fault+0x928/0x12c0
> [ 182.495874][ C7] ? rcu_is_watching+0xe/0xc0
> [ 182.499002][ C7] ? exc_page_fault+0x57/0xd0
> [ 182.502122][ C7] ? asm_exc_page_fault+0x22/0x30
> [ 182.505376][ C7] ? stack_depot_save_flags+0x147/0x8d0
> [ 182.508798][ C7] ? __lock_acquire+0xd09/0x5d30
> [ 182.512038][ C7] ? i_callback+0x5d/0x70
> [ 182.515071][ C7] kasan_save_stack+0x3e/0x50
> [ 182.518234][ C7] ? kasan_save_stack+0x2f/0x50
> [ 182.521420][ C7] ? kasan_save_track+0x10/0x30
> [ 182.524622][ C7] ? kasan_save_free_info+0x37/0x60
> [ 182.527907][ C7] ? poison_slab_object+0xf7/0x160
> [ 182.531169][ C7] ? __kasan_slab_free+0x2e/0x50
> [ 182.534346][ C7] ? kmem_cache_free+0x12b/0x4a0
> [ 182.537489][ C7] ? i_callback+0x5d/0x70
> [ 182.540435][ C7] ? rcu_core+0x84d/0x1c60
> [ 182.543390][ C7] ? handle_softirqs+0x219/0x980
> [ 182.546499][ C7] ? run_ksoftirqd+0x36/0x60
> [ 182.549492][ C7] ? smpboot_thread_fn+0x660/0xa10
> [ 182.552629][ C7] ? kthread+0x336/0x440
> [ 182.555447][ C7] ? ret_from_fork+0x44/0x70
> [ 182.558334][ C7] ? ret_from_fork_asm+0x1a/0x30
> [ 182.561276][ C7] kasan_save_track+0x10/0x30
> [ 182.564051][ C7] kasan_save_free_info+0x37/0x60
> [ 182.566922][ C7] poison_slab_object+0xf7/0x160
> [ 182.569747][ C7] __kasan_slab_free+0x2e/0x50
> [ 182.572530][ C7] kmem_cache_free+0x12b/0x4a0
> [ 182.575296][ C7] ? i_callback+0x5d/0x70
> [ 182.577922][ C7] ? rcu_core+0x848/0x1c60
> [ 182.580554][ C7] i_callback+0x5d/0x70
> [ 182.583066][ C7] rcu_core+0x84d/0x1c60
> [ 182.585582][ C7] ? __pfx_rcu_core+0x10/0x10
> [ 182.588229][ C7] handle_softirqs+0x219/0x980
> [ 182.590882][ C7] ? __pfx_handle_softirqs+0x10/0x10
> [ 182.593717][ C7] ? rcu_is_watching+0xe/0xc0
> [ 182.596347][ C7] ? __pfx_run_ksoftirqd+0x10/0x10
> [ 182.599104][ C7] ? smpboot_thread_fn+0x599/0xa10
> [ 182.601869][ C7] run_ksoftirqd+0x36/0x60
> [ 182.604434][ C7] smpboot_thread_fn+0x660/0xa10
> [ 182.607152][ C7] ? __kthread_parkme+0x148/0x220
> [ 182.609906][ C7] ? __pfx_smpboot_thread_fn+0x10/0x10
> [ 182.612801][ C7] kthread+0x336/0x440
> [ 182.615219][ C7] ? _raw_spin_unlock_irq+0x1f/0x50
> [ 182.618023][ C7] ? __pfx_kthread+0x10/0x10
> [ 182.620623][ C7] ret_from_fork+0x44/0x70
> [ 182.623162][ C7] ? __pfx_kthread+0x10/0x10
> [ 182.625755][ C7] ret_from_fork_asm+0x1a/0x30
> [ 182.628385][ C7] </TASK>
> [ 182.630443][ C7] Modules linked in:
> [ 182.632779][ C7] CR2: 0000000000000010
> [ 182.635183][ C7] ---[ end trace 0000000000000000 ]---
> [ 182.638056][ C7] RIP: 0010:stack_depot_save_flags+0x147/0x8d0
> [ 182.641146][ C7] Code: c1 e1 04 4c 03 0d 81 1d c8 0f 65 ff 05 5a ae 92 7b 49 8b 09 49 39 c9 75 11 e9 91 00 00 00 48 8b 09 49 39 c9 0f 84 a4 01 00 00 <39> 59 10 75 ef 44 3b 79 14 75 e9 31 c0 48 8b 54 c1 20 49 39 54 c5
> [ 182.649808][ C7] RSP: 0018:ffffc90006657970 EFLAGS: 00010286
> [ 182.653031][ C7] RAX: 00000000f759be75 RBX: 00000000f759be75 RCX: 0000000000000000
> [ 182.656897][ C7] RDX: 0000000018e8f28b RSI: 000000004a278650 RDI: 00000000bc02d21f
> [ 182.660748][ C7] RBP: 0000000000000001 R08: 0000000000000005 R09: ffff88901cdbe750
> [ 182.664628][ C7] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> [ 182.668435][ C7] R13: ffffc900066579d0 R14: 000000000000000e R15: 000000000000000e
> [ 182.672198][ C7] FS: 0000000000000000(0000) GS:ffff88901d780000(0000) knlGS:0000000000000000
> [ 182.676268][ C7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 182.679617][ C7] CR2: 0000000000000010 CR3: 00000001730ac000 CR4: 00000000000006f0
> [ 182.683435][ C7] Kernel panic - not syncing: Fatal exception in interrupt
> [ 182.687412][ C7] Kernel Offset: disabled
> <snip>
>
> second one:
>
> <snip>
> [ 657.192361][ C0] list_add corruption. next->prev should be prev (ffff8881996a2670), but was 0000000000000000. (next=ffff8881a3571000).
> [ 657.204270][ C0] ------------[ cut here ]------------
> [ 657.210763][ C0] kernel BUG at lib/list_debug.c:29!
> [ 657.217140][ C0] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
> [ 657.224382][ C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc2-00037-g6b376d473b12 #3833
> [ 657.233350][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> [ 657.241232][ C0] RIP: 0010:__list_add_valid_or_report+0xa2/0x100
> [ 657.246703][ C0] Code: c7 c7 e0 2e 2a 8b e8 4d 3d 24 fd 0f 0b 48 c7 c7 80 2f 2a 8b e8 3f 3d 24 fd 0f 0b 48 89 d9 48 c7 c7 e0 2f 2a 8b e8 2e 3d 24 fd <0f> 0b 48 89 f1 48 c7 c7 60 30 2a 8b 48 89 de e8 1a 3d 24 fd 0f 0b
> [ 657.257782][ C0] RSP: 0018:ffffc9000434f458 EFLAGS: 00010082
> [ 657.261306][ C0] RAX: 0000000000000075 RBX: ffff8881a3571000 RCX: ffffffff816b4fb9
> [ 657.265447][ C0] RDX: 0000000000000000 RSI: ffffffff816bef02 RDI: 0000000000000005
> [ 657.269555][ C0] RBP: ffff8881b1b40d40 R08: 0000000000000005 R09: 0000000000000000
> [ 657.273686][ C0] R10: 0000000000000101 R11: 0000000000000001 R12: ffff8881996a2670
> [ 657.277798][ C0] R13: 0000000000000820 R14: ffff8881b1b40d40 R15: ffff8881a3571000
> [ 657.281918][ C0] FS: 0000000000000000(0000) GS:ffff88861fc00000(0000) knlGS:0000000000000000
> [ 657.286383][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 657.290128][ C0] CR2: 00007f4027088128 CR3: 000000000d17c000 CR4: 00000000000006f0
> [ 657.294297][ C0] Call Trace:
> [ 657.297076][ C0] <TASK>
> [ 657.299729][ C0] ? show_regs+0x88/0x90
> [ 657.302756][ C0] ? die+0x32/0xa0
> [ 657.305654][ C0] ? do_trap+0x232/0x430
> [ 657.308703][ C0] ? __list_add_valid_or_report+0xa2/0x100
> [ 657.312223][ C0] ? __list_add_valid_or_report+0xa2/0x100
> [ 657.315709][ C0] ? do_error_trap+0xf4/0x230
> [ 657.318839][ C0] ? __list_add_valid_or_report+0xa2/0x100
> [ 657.322308][ C0] ? handle_invalid_op+0x34/0x40
> [ 657.325530][ C0] ? __list_add_valid_or_report+0xa2/0x100
> [ 657.329015][ C0] ? exc_invalid_op+0x29/0x40
> [ 657.332190][ C0] ? asm_exc_invalid_op+0x16/0x20
> [ 657.335452][ C0] ? __wake_up_klogd.part.0+0x99/0xf0
> [ 657.338814][ C0] ? vprintk+0x82/0x90
> [ 657.341768][ C0] ? __list_add_valid_or_report+0xa2/0x100
> [ 657.345267][ C0] ? __list_add_valid_or_report+0xa2/0x100
> [ 657.348732][ C0] ? ref_tracker_alloc+0x205/0x5a0
> [ 657.352010][ C0] ref_tracker_alloc+0x236/0x5a0
> [ 657.355208][ C0] ? __pfx_ref_tracker_alloc+0x10/0x10
> [ 657.358533][ C0] ? dst_init+0xd6/0x570
> [ 657.361499][ C0] ? dst_alloc+0xb7/0x1a0
> [ 657.364473][ C0] ? ip6_dst_alloc+0x28/0xa0
> [ 657.367536][ C0] ? icmp6_dst_alloc+0x6c/0x4a0
> [ 657.370635][ C0] ? ndisc_send_skb+0x1275/0x1c20
> [ 657.373740][ C0] ? ndisc_send_rs+0x127/0x690
> [ 657.376821][ C0] ? addrconf_rs_timer+0x41e/0x850
> [ 657.379973][ C0] ? call_timer_fn+0x1a3/0x600
> [ 657.383021][ C0] ? __run_timers+0x749/0xae0
> [ 657.386018][ C0] ? timer_expire_remote+0xfb/0x160
> [ 657.389128][ C0] ? tmigr_handle_remote+0x7c7/0xfc0
> [ 657.392261][ C0] ? run_timer_softirq+0x31/0x40
> [ 657.395251][ C0] ? handle_softirqs+0x219/0x980
> [ 657.398195][ C0] ? run_ksoftirqd+0x36/0x60
> [ 657.401024][ C0] ? smpboot_thread_fn+0x660/0xa10
> [ 657.404017][ C0] ? kthread+0x336/0x440
> [ 657.406708][ C0] ? rcu_is_watching+0xe/0xc0
> [ 657.409508][ C0] dst_init+0xd6/0x570
> [ 657.412090][ C0] dst_alloc+0xb7/0x1a0
> [ 657.414630][ C0] ip6_dst_alloc+0x28/0xa0
> [ 657.417183][ C0] icmp6_dst_alloc+0x6c/0x4a0
> [ 657.419786][ C0] ndisc_send_skb+0x1275/0x1c20
> [ 657.422420][ C0] ? validate_store+0x1e/0x60
> [ 657.425004][ C0] ? __pfx_ndisc_send_skb+0x10/0x10
> [ 657.427726][ C0] ? __build_skb_around+0x278/0x3b0
> [ 657.430441][ C0] ? __alloc_skb+0x1fc/0x380
> [ 657.432973][ C0] ? skb_put+0x134/0x1a0
> [ 657.435368][ C0] ndisc_send_rs+0x127/0x690
> [ 657.437856][ C0] addrconf_rs_timer+0x41e/0x850
> [ 657.440437][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10
> [ 657.443169][ C0] ? try_to_wake_up+0x13b/0x15d0
> [ 657.445750][ C0] ? __pfx_lock_release+0x10/0x10
> [ 657.448369][ C0] call_timer_fn+0x1a3/0x600
> [ 657.450828][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10
> [ 657.453586][ C0] ? __pfx_call_timer_fn+0x10/0x10
> [ 657.456234][ C0] ? __pfx_lock_release+0x10/0x10
> [ 657.458856][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10
> [ 657.461613][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10
> [ 657.464365][ C0] __run_timers+0x749/0xae0
> [ 657.466804][ C0] ? __pfx___run_timers+0x10/0x10
> [ 657.469401][ C0] ? __pfx_lock_acquire+0x10/0x10
> [ 657.471986][ C0] ? lock_acquire+0x1ad/0x550
> [ 657.474472][ C0] timer_expire_remote+0xfb/0x160
> [ 657.477069][ C0] ? __pfx_timer_expire_remote+0x10/0x10
> [ 657.479850][ C0] ? _raw_spin_unlock_irq+0x1f/0x50
> [ 657.482475][ C0] ? lockdep_hardirqs_on+0x78/0x100
> [ 657.485141][ C0] tmigr_handle_remote+0x7c7/0xfc0
> [ 657.487771][ C0] ? __pfx_tmigr_handle_remote+0x10/0x10
> [ 657.490551][ C0] ? run_timer_base+0x11e/0x190
> [ 657.493102][ C0] ? __pfx_run_timer_base+0x10/0x10
> [ 657.495762][ C0] run_timer_softirq+0x31/0x40
> [ 657.498286][ C0] handle_softirqs+0x219/0x980
> [ 657.500812][ C0] ? __pfx_handle_softirqs+0x10/0x10
> [ 657.503503][ C0] ? rcu_is_watching+0xe/0xc0
> [ 657.506009][ C0] ? __pfx_run_ksoftirqd+0x10/0x10
> [ 657.508657][ C0] ? smpboot_thread_fn+0x599/0xa10
> [ 657.511301][ C0] run_ksoftirqd+0x36/0x60
> [ 657.513734][ C0] smpboot_thread_fn+0x660/0xa10
> [ 657.516336][ C0] ? __kthread_parkme+0x148/0x220
> [ 657.518950][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10
> [ 657.521715][ C0] kthread+0x336/0x440
> [ 657.524064][ C0] ? _raw_spin_unlock_irq+0x1f/0x50
> [ 657.526737][ C0] ? __pfx_kthread+0x10/0x10
> [ 657.529240][ C0] ret_from_fork+0x44/0x70
> [ 657.531687][ C0] ? __pfx_kthread+0x10/0x10
> [ 657.534185][ C0] ret_from_fork_asm+0x1a/0x30
> [ 657.536744][ C0] </TASK>
> [ 657.538752][ C0] Modules linked in:
> [ 657.541038][ C0] ---[ end trace 0000000000000000 ]---
> [ 657.543837][ C0] RIP: 0010:__list_add_valid_or_report+0xa2/0x100
> [ 657.546921][ C0] Code: c7 c7 e0 2e 2a 8b e8 4d 3d 24 fd 0f 0b 48 c7 c7 80 2f 2a 8b e8 3f 3d 24 fd 0f 0b 48 89 d9 48 c7 c7 e0 2f 2a 8b e8 2e 3d 24 fd <0f> 0b 48 89 f1 48 c7 c7 60 30 2a 8b 48 89 de e8 1a 3d 24 fd 0f 0b
> [ 657.555312][ C0] RSP: 0018:ffffc9000434f458 EFLAGS: 00010082
> [ 657.558444][ C0] RAX: 0000000000000075 RBX: ffff8881a3571000 RCX: ffffffff816b4fb9
> [ 657.562186][ C0] RDX: 0000000000000000 RSI: ffffffff816bef02 RDI: 0000000000000005
> [ 657.565917][ C0] RBP: ffff8881b1b40d40 R08: 0000000000000005 R09: 0000000000000000
> [ 657.569676][ C0] R10: 0000000000000101 R11: 0000000000000001 R12: ffff8881996a2670
> [ 657.573430][ C0] R13: 0000000000000820 R14: ffff8881b1b40d40 R15: ffff8881a3571000
> [ 657.577198][ C0] FS: 0000000000000000(0000) GS:ffff88861fc00000(0000) knlGS:0000000000000000
> [ 657.581305][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 657.584702][ C0] CR2: 00007f4027088128 CR3: 000000000d17c000 CR4: 00000000000006f0
> [ 657.588528][ C0] Kernel panic - not syncing: Fatal exception in interrupt
> [ 657.592637][ C0] Kernel Offset: disabled
> <snip>
>
> is about list corruption BUG. So they are different and looks like
> something is corrupted. So i would not trust that your report is about
> kvfree_rcu_bulk() warning is related to a real issue with kvfree_rcu()
> call.
>
> A also run the reproducer on the 6.11.0-rc7 kernel. It still runs
> without any panics yet.
>
> Could you please test the latest kernel? For example 6.11.0-rc7?
>
> --
> Uladzislau Rezki
--
Yours sincerely,
Xingyu
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: WARNING in kvfree_rcu_bulk
2024-09-16 0:02 ` Xingyu Li
@ 2024-09-16 5:12 ` Juefei Pu
2024-09-16 13:54 ` Uladzislau Rezki
0 siblings, 1 reply; 9+ messages in thread
From: Juefei Pu @ 2024-09-16 5:12 UTC (permalink / raw)
To: Xingyu Li
Cc: Uladzislau Rezki, paulmck, frederic, neeraj.upadhyay, joel, josh,
boqun.feng, rostedt, mathieu.desnoyers, jiangshanlai,
qiang.zhang1211, rcu, linux-kernel, Yu Hao
After several tests, I found that the same PoC can cause multiple
different crashes for some unknown reason. Thus, I suspect that the
bug is capable of performing unintended memory writing without being
caught by KASAN.
I tested the PoC on the latest kernel, Linux 6.11 rc7 and it can still
cause crashes.
For reproducibility, I've created a GitHub repo at
https://github.com/TomAPU/Linux611BugReport, which contains the
software versions we used, the QEMU arguments we used to boot up the
kernel, the kernel config we used, the pre-compiled kernel image,
Dockerfile that can be used to compile the kernel.
I hope this repo will be helpful for analyzing the bug.
Yours,
Juefei
On Sun, Sep 15, 2024 at 5:02 PM Xingyu Li <xli399@ucr.edu> wrote:
>
> Juefei will answer this. I already Cc'd him.
>
>
> On Thu, Sep 12, 2024 at 9:08 AM Uladzislau Rezki <urezki@gmail.com> wrote:
> >
> > > > >
> > > > > Here is the config file:
> > > > > https://gist.github.com/TomAPU/64f5db0fe976a3e94a6dd2b621887cdd
> > > > >
> > I tested your "reproducer" on 6.11.0-rc2. I see some panics and they are
> > different. For example below one triggers: BUG: kernel NULL pointer dereference, address: 0000000000000010
> >
> > <snip>
> > Linux pc640 6.11.0-rc2-00037-g6b376d473b12 #3833 SMP PREEMPT_DYNAMIC Thu Sep 12 15:42:02 CEST 2024 x86_64
> >
> > The programs included with the Debian GNU/Linux system are free software;
> > the exact distribution terms for each program are described in the
> > individual files in /usr/share/doc/*/copyright.
> >
> > Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
> > permitted by applicable law.
> > Last login: Thu Sep 12 11:13:52 EDT 2024 on ttyS0
> > uroot@pc640:~# /home/urezki/a.out
> > [ 108.612276][ T8454] chnl_net:caif_netlink_parms(): no params data found
> > [ 108.630121][ T8455] chnl_net:caif_netlink_parms(): no params data found
> > [ 109.305626][ T8454] bridge0: port 1(bridge_slave_0) entered blocking state
> > [ 109.310125][ T8454] bridge0: port 1(bridge_slave_0) entered disabled state
> > [ 109.314806][ T8454] bridge_slave_0: entered allmulticast mode
> > [ 109.321617][ T8454] bridge_slave_0: entered promiscuous mode
> > [ 109.614547][ T8454] bridge0: port 2(bridge_slave_1) entered blocking state
> > [ 109.618924][ T8454] bridge0: port 2(bridge_slave_1) entered disabled state
> > [ 109.624061][ T8454] bridge_slave_1: entered allmulticast mode
> > [ 109.630982][ T8454] bridge_slave_1: entered promiscuous mode
> > [ 109.774534][ T8455] bridge0: port 1(bridge_slave_0) entered blocking state
> > [ 109.781204][ T8455] bridge0: port 1(bridge_slave_0) entered disabled state
> > [ 109.787878][ T8455] bridge_slave_0: entered allmulticast mode
> > [ 109.792835][ T8455] bridge_slave_0: entered promiscuous mode
> > [ 109.974516][ T8455] bridge0: port 2(bridge_slave_1) entered blocking state
> > [ 109.978872][ T8455] bridge0: port 2(bridge_slave_1) entered disabled state
> > [ 109.983548][ T8455] bridge_slave_1: entered allmulticast mode
> > [ 109.988361][ T8455] bridge_slave_1: entered promiscuous mode
> > [ 109.997251][ T8454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
> > [ 110.187177][ T8454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
> > [ 110.527036][ T8455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
> > [ 110.666716][ T8455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
> > [ 110.677591][ T8454] team0: Port device team_slave_0 added
> > [ 110.836395][ T8454] team0: Port device team_slave_1 added
> > [ 111.510715][ T8455] team0: Port device team_slave_0 added
> > [ 111.626814][ T8455] team0: Port device team_slave_1 added
> > [ 111.632180][ T8454] batman_adv: batadv0: Adding interface: batadv_slave_0
> > [ 111.638793][ T8454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> > [ 111.661108][ T8454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
> > [ 111.835012][ T8454] batman_adv: batadv0: Adding interface: batadv_slave_1
> > [ 111.841107][ T8454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> > [ 111.857352][ T8454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
> > [ 112.081965][ T8455] batman_adv: batadv0: Adding interface: batadv_slave_0
> > [ 112.088499][ T8455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> > [ 112.111075][ T8455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
> > [ 112.119385][ T8455] batman_adv: batadv0: Adding interface: batadv_slave_1
> > [ 112.123657][ T8455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
> > [ 112.141098][ T8455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
> > [ 112.715591][ T8454] hsr_slave_0: entered promiscuous mode
> > [ 112.801330][ T8454] hsr_slave_1: entered promiscuous mode
> > [ 113.095845][ T8455] hsr_slave_0: entered promiscuous mode
> > [ 113.171469][ T8455] hsr_slave_1: entered promiscuous mode
> > [ 113.251172][ T8455] debugfs: Directory 'hsr0' with parent 'hsr' already present!
> > [ 113.261201][ T8455] Cannot create hsr debugfs directory
> > [ 114.440022][ T8454] netdevsim netdevsim0 netdevsim0: renamed from eth0
> > [ 114.508448][ T8454] netdevsim netdevsim0 netdevsim1: renamed from eth1
> > [ 114.634433][ T8454] netdevsim netdevsim0 netdevsim2: renamed from eth2
> > [ 114.744227][ T8454] netdevsim netdevsim0 netdevsim3: renamed from eth3
> > [ 114.866169][ T8455] netdevsim netdevsim1 netdevsim0: renamed from eth0
> > [ 114.974856][ T8455] netdevsim netdevsim1 netdevsim1: renamed from eth1
> > [ 115.094399][ T8455] netdevsim netdevsim1 netdevsim2: renamed from eth2
> > [ 115.198370][ T8455] netdevsim netdevsim1 netdevsim3: renamed from eth3
> > [ 115.393414][ T8454] 8021q: adding VLAN 0 to HW filter on device bond0
> > [ 115.428509][ T8454] 8021q: adding VLAN 0 to HW filter on device team0
> > [ 115.445428][ T8455] 8021q: adding VLAN 0 to HW filter on device bond0
> > [ 115.455183][ T841] bridge0: port 1(bridge_slave_0) entered blocking state
> > [ 115.463761][ T841] bridge0: port 1(bridge_slave_0) entered forwarding state
> > [ 115.479368][ T142] bridge0: port 2(bridge_slave_1) entered blocking state
> > [ 115.487741][ T142] bridge0: port 2(bridge_slave_1) entered forwarding state
> > [ 115.513042][ T8455] 8021q: adding VLAN 0 to HW filter on device team0
> > [ 115.534056][ T841] bridge0: port 1(bridge_slave_0) entered blocking state
> > [ 115.540831][ T841] bridge0: port 1(bridge_slave_0) entered forwarding state
> > [ 115.556733][ T1883] bridge0: port 2(bridge_slave_1) entered blocking state
> > [ 115.563088][ T1883] bridge0: port 2(bridge_slave_1) entered forwarding state
> > [ 115.621249][ T8454] 8021q: adding VLAN 0 to HW filter on device batadv0
> > [ 115.662366][ T8455] 8021q: adding VLAN 0 to HW filter on device batadv0
> > [ 115.692483][ T8454] veth0_vlan: entered promiscuous mode
> > [ 115.709197][ T8454] veth1_vlan: entered promiscuous mode
> > [ 115.740423][ T8455] veth0_vlan: entered promiscuous mode
> > [ 115.752797][ T8455] veth1_vlan: entered promiscuous mode
> > [ 115.768040][ T8454] veth0_macvtap: entered promiscuous mode
> > [ 115.776722][ T8454] veth1_macvtap: entered promiscuous mode
> > [ 115.799794][ T8454] batman_adv: batadv0: Interface activated: batadv_slave_0
> > [ 115.810688][ T8455] veth0_macvtap: entered promiscuous mode
> > [ 115.823230][ T8454] batman_adv: batadv0: Interface activated: batadv_slave_1
> > [ 115.832372][ T8455] veth1_macvtap: entered promiscuous mode
> > [ 115.846846][ T8454] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
> > [ 115.855626][ T8454] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
> > [ 115.863223][ T8454] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
> > [ 115.869729][ T8454] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
> > [ 115.934253][ T8455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
> > [ 115.944230][ T8455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
> > [ 115.954913][ T8455] batman_adv: batadv0: Interface activated: batadv_slave_0
> > [ 116.054848][ T8455] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
> > [ 116.064684][ T8455] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
> > [ 116.075471][ T8455] batman_adv: batadv0: Interface activated: batadv_slave_1
> > [ 116.174807][ T8455] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
> > [ 116.183164][ T8455] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
> > [ 116.191693][ T8455] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
> > [ 116.199476][ T8455] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
> > [ 116.210161][ T8454] ieee80211 phy3: Selected rate control algorithm 'minstrel_ht'
> > [ 116.314373][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
> > [ 116.323148][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
> > [ 116.363438][ T8454] ieee80211 phy4: Selected rate control algorithm 'minstrel_ht'
> > [ 116.427601][ T8455] ieee80211 phy5: Selected rate control algorithm 'minstrel_ht'
> > [ 116.439923][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
> > [ 116.447760][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
> > [ 116.513068][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
> > [ 116.515525][ T8455] ieee80211 phy6: Selected rate control algorithm 'minstrel_ht'
> > [ 116.517602][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
> > [ 116.554182][ T120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
> > [ 116.562646][ T120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
> > executing program
> > [ 116.605018][T10471] program a.out is using a deprecated SCSI ioctl, please convert it to SG_IO
> > [ 117.764915][ T65] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> > [ 119.264267][ T65] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> > [ 121.375536][ T65] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> > [ 121.963598][ T65] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
> > [ 122.381273][ T65] bridge_slave_1: left allmulticast mode
> > [ 122.389071][ T65] bridge_slave_1: left promiscuous mode
> > [ 122.396906][ T65] bridge0: port 2(bridge_slave_1) entered disabled state
> > [ 122.601981][ T65] bridge_slave_0: left allmulticast mode
> > [ 122.611091][ T65] bridge_slave_0: left promiscuous mode
> > [ 122.617820][ T65] bridge0: port 1(bridge_slave_0) entered disabled state
> > [ 125.712116][ T65] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
> > [ 125.921681][ T65] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
> > [ 126.042002][ T65] bond0 (unregistering): Released all slaves
> > [ 128.331207][ T65] hsr_slave_0: left promiscuous mode
> > [ 128.461209][ T65] hsr_slave_1: left promiscuous mode
> > [ 128.591184][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_0
> > [ 128.595352][ T65] batman_adv: batadv0: Removing interface: batadv_slave_0
> > [ 128.655982][ T65] batman_adv: batadv0: Interface deactivated: batadv_slave_1
> > [ 128.664072][ T65] batman_adv: batadv0: Removing interface: batadv_slave_1
> > [ 128.867924][ T65] veth1_macvtap: left promiscuous mode
> > [ 128.875673][ T65] veth0_macvtap: left promiscuous mode
> > [ 128.882671][ T65] veth1_vlan: left promiscuous mode
> > [ 128.889132][ T65] veth0_vlan: left promiscuous mode
> > [ 138.513086][ T65] team0 (unregistering): Port device team_slave_1 removed
> > [ 139.601978][ T65] team0 (unregistering): Port device team_slave_0 removed
> > [ 150.514196][ T1333] ieee802154 phy0 wpan0: encryption failed: -22
> > [ 150.531082][ T1333] ieee802154 phy1 wpan1: encryption failed: -22
> > [ 181.351814][ T1058] ata1: lost interrupt (Status 0x58)
> > [ 182.061440][ T1058] ata1: found unknown device (class 0)
> > executing program
> > [ 182.101661][T10525] program a.out is using a deprecated SCSI ioctl, please convert it to SG_IO
> > [ 182.331131][ C7] BUG: kernel NULL pointer dereference, address: 0000000000000010
> > [ 182.339044][ C7] #PF: supervisor read access in kernel mode
> > [ 182.345673][ C7] #PF: error_code(0x0000) - not-present page
> > [ 182.352216][ C7] PGD 150394067 P4D 150394067 PUD 192e9f067 PMD 0
> > [ 182.359123][ C7] Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
> > [ 182.365905][ C7] CPU: 7 UID: 0 PID: 54 Comm: ksoftirqd/7 Not tainted 6.11.0-rc2-00037-g6b376d473b12 #3833
> > [ 182.375040][ C7] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> > [ 182.382819][ C7] RIP: 0010:stack_depot_save_flags+0x147/0x8d0
> > [ 182.388239][ C7] Code: c1 e1 04 4c 03 0d 81 1d c8 0f 65 ff 05 5a ae 92 7b 49 8b 09 49 39 c9 75 11 e9 91 00 00 00 48 8b 09 49 39 c9 0f 84 a4 01 00 00 <39> 59 10 75 ef 44 3b 79 14 75 e9 31 c0 48 8b 54 c1 20 49 39 54 c5
> > [ 182.399223][ C7] RSP: 0018:ffffc90006657970 EFLAGS: 00010286
> > [ 182.402848][ C7] RAX: 00000000f759be75 RBX: 00000000f759be75 RCX: 0000000000000000
> > [ 182.407055][ C7] RDX: 0000000018e8f28b RSI: 000000004a278650 RDI: 00000000bc02d21f
> > [ 182.411271][ C7] RBP: 0000000000000001 R08: 0000000000000005 R09: ffff88901cdbe750
> > [ 182.415500][ C7] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> > [ 182.419717][ C7] R13: ffffc900066579d0 R14: 000000000000000e R15: 000000000000000e
> > [ 182.423938][ C7] FS: 0000000000000000(0000) GS:ffff88901d780000(0000) knlGS:0000000000000000
> > [ 182.428464][ C7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 182.432274][ C7] CR2: 0000000000000010 CR3: 00000001730ac000 CR4: 00000000000006f0
> > [ 182.436523][ C7] Call Trace:
> > [ 182.439244][ C7] <TASK>
> > [ 182.441839][ C7] ? show_regs+0x88/0x90
> > [ 182.444877][ C7] ? __die+0x28/0x80
> > [ 182.447798][ C7] ? page_fault_oops+0x3b6/0xb80
> > [ 182.451009][ C7] ? copy_from_kernel_nofault_allowed+0xe6/0x110
> > [ 182.454703][ C7] ? __pfx_page_fault_oops+0x10/0x10
> > [ 182.458029][ C7] ? copy_from_kernel_nofault+0x12f/0x2c0
> > [ 182.461515][ C7] ? __sanitizer_cov_trace_switch+0x50/0x90
> > [ 182.465062][ C7] ? stack_depot_save_flags+0x147/0x8d0
> > [ 182.468496][ C7] ? is_prefetch.constprop.0+0x9d/0x520
> > [ 182.471883][ C7] ? stack_depot_save_flags+0x156/0x8d0
> > [ 182.475300][ C7] ? __pfx_is_prefetch.constprop.0+0x10/0x10
> > [ 182.478866][ C7] ? fixup_exception+0x108/0xae0
> > [ 182.482081][ C7] ? kernelmode_fixup_or_oops.constprop.0+0xb8/0xe0
> > [ 182.485867][ C7] ? __bad_area_nosemaphore+0x390/0x6a0
> > [ 182.489306][ C7] ? ret_from_fork_asm+0x19/0x30
> > [ 182.492554][ C7] ? do_user_addr_fault+0x928/0x12c0
> > [ 182.495874][ C7] ? rcu_is_watching+0xe/0xc0
> > [ 182.499002][ C7] ? exc_page_fault+0x57/0xd0
> > [ 182.502122][ C7] ? asm_exc_page_fault+0x22/0x30
> > [ 182.505376][ C7] ? stack_depot_save_flags+0x147/0x8d0
> > [ 182.508798][ C7] ? __lock_acquire+0xd09/0x5d30
> > [ 182.512038][ C7] ? i_callback+0x5d/0x70
> > [ 182.515071][ C7] kasan_save_stack+0x3e/0x50
> > [ 182.518234][ C7] ? kasan_save_stack+0x2f/0x50
> > [ 182.521420][ C7] ? kasan_save_track+0x10/0x30
> > [ 182.524622][ C7] ? kasan_save_free_info+0x37/0x60
> > [ 182.527907][ C7] ? poison_slab_object+0xf7/0x160
> > [ 182.531169][ C7] ? __kasan_slab_free+0x2e/0x50
> > [ 182.534346][ C7] ? kmem_cache_free+0x12b/0x4a0
> > [ 182.537489][ C7] ? i_callback+0x5d/0x70
> > [ 182.540435][ C7] ? rcu_core+0x84d/0x1c60
> > [ 182.543390][ C7] ? handle_softirqs+0x219/0x980
> > [ 182.546499][ C7] ? run_ksoftirqd+0x36/0x60
> > [ 182.549492][ C7] ? smpboot_thread_fn+0x660/0xa10
> > [ 182.552629][ C7] ? kthread+0x336/0x440
> > [ 182.555447][ C7] ? ret_from_fork+0x44/0x70
> > [ 182.558334][ C7] ? ret_from_fork_asm+0x1a/0x30
> > [ 182.561276][ C7] kasan_save_track+0x10/0x30
> > [ 182.564051][ C7] kasan_save_free_info+0x37/0x60
> > [ 182.566922][ C7] poison_slab_object+0xf7/0x160
> > [ 182.569747][ C7] __kasan_slab_free+0x2e/0x50
> > [ 182.572530][ C7] kmem_cache_free+0x12b/0x4a0
> > [ 182.575296][ C7] ? i_callback+0x5d/0x70
> > [ 182.577922][ C7] ? rcu_core+0x848/0x1c60
> > [ 182.580554][ C7] i_callback+0x5d/0x70
> > [ 182.583066][ C7] rcu_core+0x84d/0x1c60
> > [ 182.585582][ C7] ? __pfx_rcu_core+0x10/0x10
> > [ 182.588229][ C7] handle_softirqs+0x219/0x980
> > [ 182.590882][ C7] ? __pfx_handle_softirqs+0x10/0x10
> > [ 182.593717][ C7] ? rcu_is_watching+0xe/0xc0
> > [ 182.596347][ C7] ? __pfx_run_ksoftirqd+0x10/0x10
> > [ 182.599104][ C7] ? smpboot_thread_fn+0x599/0xa10
> > [ 182.601869][ C7] run_ksoftirqd+0x36/0x60
> > [ 182.604434][ C7] smpboot_thread_fn+0x660/0xa10
> > [ 182.607152][ C7] ? __kthread_parkme+0x148/0x220
> > [ 182.609906][ C7] ? __pfx_smpboot_thread_fn+0x10/0x10
> > [ 182.612801][ C7] kthread+0x336/0x440
> > [ 182.615219][ C7] ? _raw_spin_unlock_irq+0x1f/0x50
> > [ 182.618023][ C7] ? __pfx_kthread+0x10/0x10
> > [ 182.620623][ C7] ret_from_fork+0x44/0x70
> > [ 182.623162][ C7] ? __pfx_kthread+0x10/0x10
> > [ 182.625755][ C7] ret_from_fork_asm+0x1a/0x30
> > [ 182.628385][ C7] </TASK>
> > [ 182.630443][ C7] Modules linked in:
> > [ 182.632779][ C7] CR2: 0000000000000010
> > [ 182.635183][ C7] ---[ end trace 0000000000000000 ]---
> > [ 182.638056][ C7] RIP: 0010:stack_depot_save_flags+0x147/0x8d0
> > [ 182.641146][ C7] Code: c1 e1 04 4c 03 0d 81 1d c8 0f 65 ff 05 5a ae 92 7b 49 8b 09 49 39 c9 75 11 e9 91 00 00 00 48 8b 09 49 39 c9 0f 84 a4 01 00 00 <39> 59 10 75 ef 44 3b 79 14 75 e9 31 c0 48 8b 54 c1 20 49 39 54 c5
> > [ 182.649808][ C7] RSP: 0018:ffffc90006657970 EFLAGS: 00010286
> > [ 182.653031][ C7] RAX: 00000000f759be75 RBX: 00000000f759be75 RCX: 0000000000000000
> > [ 182.656897][ C7] RDX: 0000000018e8f28b RSI: 000000004a278650 RDI: 00000000bc02d21f
> > [ 182.660748][ C7] RBP: 0000000000000001 R08: 0000000000000005 R09: ffff88901cdbe750
> > [ 182.664628][ C7] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
> > [ 182.668435][ C7] R13: ffffc900066579d0 R14: 000000000000000e R15: 000000000000000e
> > [ 182.672198][ C7] FS: 0000000000000000(0000) GS:ffff88901d780000(0000) knlGS:0000000000000000
> > [ 182.676268][ C7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 182.679617][ C7] CR2: 0000000000000010 CR3: 00000001730ac000 CR4: 00000000000006f0
> > [ 182.683435][ C7] Kernel panic - not syncing: Fatal exception in interrupt
> > [ 182.687412][ C7] Kernel Offset: disabled
> > <snip>
> >
> > second one:
> >
> > <snip>
> > [ 657.192361][ C0] list_add corruption. next->prev should be prev (ffff8881996a2670), but was 0000000000000000. (next=ffff8881a3571000).
> > [ 657.204270][ C0] ------------[ cut here ]------------
> > [ 657.210763][ C0] kernel BUG at lib/list_debug.c:29!
> > [ 657.217140][ C0] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
> > [ 657.224382][ C0] CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.11.0-rc2-00037-g6b376d473b12 #3833
> > [ 657.233350][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> > [ 657.241232][ C0] RIP: 0010:__list_add_valid_or_report+0xa2/0x100
> > [ 657.246703][ C0] Code: c7 c7 e0 2e 2a 8b e8 4d 3d 24 fd 0f 0b 48 c7 c7 80 2f 2a 8b e8 3f 3d 24 fd 0f 0b 48 89 d9 48 c7 c7 e0 2f 2a 8b e8 2e 3d 24 fd <0f> 0b 48 89 f1 48 c7 c7 60 30 2a 8b 48 89 de e8 1a 3d 24 fd 0f 0b
> > [ 657.257782][ C0] RSP: 0018:ffffc9000434f458 EFLAGS: 00010082
> > [ 657.261306][ C0] RAX: 0000000000000075 RBX: ffff8881a3571000 RCX: ffffffff816b4fb9
> > [ 657.265447][ C0] RDX: 0000000000000000 RSI: ffffffff816bef02 RDI: 0000000000000005
> > [ 657.269555][ C0] RBP: ffff8881b1b40d40 R08: 0000000000000005 R09: 0000000000000000
> > [ 657.273686][ C0] R10: 0000000000000101 R11: 0000000000000001 R12: ffff8881996a2670
> > [ 657.277798][ C0] R13: 0000000000000820 R14: ffff8881b1b40d40 R15: ffff8881a3571000
> > [ 657.281918][ C0] FS: 0000000000000000(0000) GS:ffff88861fc00000(0000) knlGS:0000000000000000
> > [ 657.286383][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 657.290128][ C0] CR2: 00007f4027088128 CR3: 000000000d17c000 CR4: 00000000000006f0
> > [ 657.294297][ C0] Call Trace:
> > [ 657.297076][ C0] <TASK>
> > [ 657.299729][ C0] ? show_regs+0x88/0x90
> > [ 657.302756][ C0] ? die+0x32/0xa0
> > [ 657.305654][ C0] ? do_trap+0x232/0x430
> > [ 657.308703][ C0] ? __list_add_valid_or_report+0xa2/0x100
> > [ 657.312223][ C0] ? __list_add_valid_or_report+0xa2/0x100
> > [ 657.315709][ C0] ? do_error_trap+0xf4/0x230
> > [ 657.318839][ C0] ? __list_add_valid_or_report+0xa2/0x100
> > [ 657.322308][ C0] ? handle_invalid_op+0x34/0x40
> > [ 657.325530][ C0] ? __list_add_valid_or_report+0xa2/0x100
> > [ 657.329015][ C0] ? exc_invalid_op+0x29/0x40
> > [ 657.332190][ C0] ? asm_exc_invalid_op+0x16/0x20
> > [ 657.335452][ C0] ? __wake_up_klogd.part.0+0x99/0xf0
> > [ 657.338814][ C0] ? vprintk+0x82/0x90
> > [ 657.341768][ C0] ? __list_add_valid_or_report+0xa2/0x100
> > [ 657.345267][ C0] ? __list_add_valid_or_report+0xa2/0x100
> > [ 657.348732][ C0] ? ref_tracker_alloc+0x205/0x5a0
> > [ 657.352010][ C0] ref_tracker_alloc+0x236/0x5a0
> > [ 657.355208][ C0] ? __pfx_ref_tracker_alloc+0x10/0x10
> > [ 657.358533][ C0] ? dst_init+0xd6/0x570
> > [ 657.361499][ C0] ? dst_alloc+0xb7/0x1a0
> > [ 657.364473][ C0] ? ip6_dst_alloc+0x28/0xa0
> > [ 657.367536][ C0] ? icmp6_dst_alloc+0x6c/0x4a0
> > [ 657.370635][ C0] ? ndisc_send_skb+0x1275/0x1c20
> > [ 657.373740][ C0] ? ndisc_send_rs+0x127/0x690
> > [ 657.376821][ C0] ? addrconf_rs_timer+0x41e/0x850
> > [ 657.379973][ C0] ? call_timer_fn+0x1a3/0x600
> > [ 657.383021][ C0] ? __run_timers+0x749/0xae0
> > [ 657.386018][ C0] ? timer_expire_remote+0xfb/0x160
> > [ 657.389128][ C0] ? tmigr_handle_remote+0x7c7/0xfc0
> > [ 657.392261][ C0] ? run_timer_softirq+0x31/0x40
> > [ 657.395251][ C0] ? handle_softirqs+0x219/0x980
> > [ 657.398195][ C0] ? run_ksoftirqd+0x36/0x60
> > [ 657.401024][ C0] ? smpboot_thread_fn+0x660/0xa10
> > [ 657.404017][ C0] ? kthread+0x336/0x440
> > [ 657.406708][ C0] ? rcu_is_watching+0xe/0xc0
> > [ 657.409508][ C0] dst_init+0xd6/0x570
> > [ 657.412090][ C0] dst_alloc+0xb7/0x1a0
> > [ 657.414630][ C0] ip6_dst_alloc+0x28/0xa0
> > [ 657.417183][ C0] icmp6_dst_alloc+0x6c/0x4a0
> > [ 657.419786][ C0] ndisc_send_skb+0x1275/0x1c20
> > [ 657.422420][ C0] ? validate_store+0x1e/0x60
> > [ 657.425004][ C0] ? __pfx_ndisc_send_skb+0x10/0x10
> > [ 657.427726][ C0] ? __build_skb_around+0x278/0x3b0
> > [ 657.430441][ C0] ? __alloc_skb+0x1fc/0x380
> > [ 657.432973][ C0] ? skb_put+0x134/0x1a0
> > [ 657.435368][ C0] ndisc_send_rs+0x127/0x690
> > [ 657.437856][ C0] addrconf_rs_timer+0x41e/0x850
> > [ 657.440437][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10
> > [ 657.443169][ C0] ? try_to_wake_up+0x13b/0x15d0
> > [ 657.445750][ C0] ? __pfx_lock_release+0x10/0x10
> > [ 657.448369][ C0] call_timer_fn+0x1a3/0x600
> > [ 657.450828][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10
> > [ 657.453586][ C0] ? __pfx_call_timer_fn+0x10/0x10
> > [ 657.456234][ C0] ? __pfx_lock_release+0x10/0x10
> > [ 657.458856][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10
> > [ 657.461613][ C0] ? __pfx_addrconf_rs_timer+0x10/0x10
> > [ 657.464365][ C0] __run_timers+0x749/0xae0
> > [ 657.466804][ C0] ? __pfx___run_timers+0x10/0x10
> > [ 657.469401][ C0] ? __pfx_lock_acquire+0x10/0x10
> > [ 657.471986][ C0] ? lock_acquire+0x1ad/0x550
> > [ 657.474472][ C0] timer_expire_remote+0xfb/0x160
> > [ 657.477069][ C0] ? __pfx_timer_expire_remote+0x10/0x10
> > [ 657.479850][ C0] ? _raw_spin_unlock_irq+0x1f/0x50
> > [ 657.482475][ C0] ? lockdep_hardirqs_on+0x78/0x100
> > [ 657.485141][ C0] tmigr_handle_remote+0x7c7/0xfc0
> > [ 657.487771][ C0] ? __pfx_tmigr_handle_remote+0x10/0x10
> > [ 657.490551][ C0] ? run_timer_base+0x11e/0x190
> > [ 657.493102][ C0] ? __pfx_run_timer_base+0x10/0x10
> > [ 657.495762][ C0] run_timer_softirq+0x31/0x40
> > [ 657.498286][ C0] handle_softirqs+0x219/0x980
> > [ 657.500812][ C0] ? __pfx_handle_softirqs+0x10/0x10
> > [ 657.503503][ C0] ? rcu_is_watching+0xe/0xc0
> > [ 657.506009][ C0] ? __pfx_run_ksoftirqd+0x10/0x10
> > [ 657.508657][ C0] ? smpboot_thread_fn+0x599/0xa10
> > [ 657.511301][ C0] run_ksoftirqd+0x36/0x60
> > [ 657.513734][ C0] smpboot_thread_fn+0x660/0xa10
> > [ 657.516336][ C0] ? __kthread_parkme+0x148/0x220
> > [ 657.518950][ C0] ? __pfx_smpboot_thread_fn+0x10/0x10
> > [ 657.521715][ C0] kthread+0x336/0x440
> > [ 657.524064][ C0] ? _raw_spin_unlock_irq+0x1f/0x50
> > [ 657.526737][ C0] ? __pfx_kthread+0x10/0x10
> > [ 657.529240][ C0] ret_from_fork+0x44/0x70
> > [ 657.531687][ C0] ? __pfx_kthread+0x10/0x10
> > [ 657.534185][ C0] ret_from_fork_asm+0x1a/0x30
> > [ 657.536744][ C0] </TASK>
> > [ 657.538752][ C0] Modules linked in:
> > [ 657.541038][ C0] ---[ end trace 0000000000000000 ]---
> > [ 657.543837][ C0] RIP: 0010:__list_add_valid_or_report+0xa2/0x100
> > [ 657.546921][ C0] Code: c7 c7 e0 2e 2a 8b e8 4d 3d 24 fd 0f 0b 48 c7 c7 80 2f 2a 8b e8 3f 3d 24 fd 0f 0b 48 89 d9 48 c7 c7 e0 2f 2a 8b e8 2e 3d 24 fd <0f> 0b 48 89 f1 48 c7 c7 60 30 2a 8b 48 89 de e8 1a 3d 24 fd 0f 0b
> > [ 657.555312][ C0] RSP: 0018:ffffc9000434f458 EFLAGS: 00010082
> > [ 657.558444][ C0] RAX: 0000000000000075 RBX: ffff8881a3571000 RCX: ffffffff816b4fb9
> > [ 657.562186][ C0] RDX: 0000000000000000 RSI: ffffffff816bef02 RDI: 0000000000000005
> > [ 657.565917][ C0] RBP: ffff8881b1b40d40 R08: 0000000000000005 R09: 0000000000000000
> > [ 657.569676][ C0] R10: 0000000000000101 R11: 0000000000000001 R12: ffff8881996a2670
> > [ 657.573430][ C0] R13: 0000000000000820 R14: ffff8881b1b40d40 R15: ffff8881a3571000
> > [ 657.577198][ C0] FS: 0000000000000000(0000) GS:ffff88861fc00000(0000) knlGS:0000000000000000
> > [ 657.581305][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 657.584702][ C0] CR2: 00007f4027088128 CR3: 000000000d17c000 CR4: 00000000000006f0
> > [ 657.588528][ C0] Kernel panic - not syncing: Fatal exception in interrupt
> > [ 657.592637][ C0] Kernel Offset: disabled
> > <snip>
> >
> > is about list corruption BUG. So they are different and looks like
> > something is corrupted. So i would not trust that your report is about
> > kvfree_rcu_bulk() warning is related to a real issue with kvfree_rcu()
> > call.
> >
> > A also run the reproducer on the 6.11.0-rc7 kernel. It still runs
> > without any panics yet.
> >
> > Could you please test the latest kernel? For example 6.11.0-rc7?
> >
> > --
> > Uladzislau Rezki
>
>
>
> --
> Yours sincerely,
> Xingyu
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: BUG: WARNING in kvfree_rcu_bulk
2024-09-16 5:12 ` Juefei Pu
@ 2024-09-16 13:54 ` Uladzislau Rezki
0 siblings, 0 replies; 9+ messages in thread
From: Uladzislau Rezki @ 2024-09-16 13:54 UTC (permalink / raw)
To: Juefei Pu
Cc: Xingyu Li, Uladzislau Rezki, paulmck, frederic, neeraj.upadhyay,
joel, josh, boqun.feng, rostedt, mathieu.desnoyers, jiangshanlai,
qiang.zhang1211, rcu, linux-kernel, Yu Hao
> After several tests, I found that the same PoC can cause multiple
> different crashes for some unknown reason. Thus, I suspect that the
> bug is capable of performing unintended memory writing without being
> caught by KASAN.
> I tested the PoC on the latest kernel, Linux 6.11 rc7 and it can still
> cause crashes.
> For reproducibility, I've created a GitHub repo at
> https://github.com/TomAPU/Linux611BugReport, which contains the
> software versions we used, the QEMU arguments we used to boot up the
> kernel, the kernel config we used, the pre-compiled kernel image,
> Dockerfile that can be used to compile the kernel.
> I hope this repo will be helpful for analyzing the bug.
>
Could you please help to bisect this bug then?
Thanks!
--
Uladzislau Rezki
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2024-09-16 13:54 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-28 21:30 BUG: WARNING in kvfree_rcu_bulk Xingyu Li
2024-08-29 8:17 ` Uladzislau Rezki
2024-08-29 23:29 ` Xingyu Li
2024-09-04 17:52 ` Uladzislau Rezki
2024-09-05 2:23 ` Xingyu Li
2024-09-12 16:08 ` Uladzislau Rezki
2024-09-16 0:02 ` Xingyu Li
2024-09-16 5:12 ` Juefei Pu
2024-09-16 13:54 ` Uladzislau Rezki
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox