[PATCH] KEYS: fix KEYCTL_INSTANTIATE_IOV error case memory leak

Avoid leaking memory in the keyctl() KEYCTL_INSTANTIATE_IOV operation, by also checking in the error case if rw_copy_check_uvector() kmalloc'd memory for us. Discovered with Trinity. Signed-off-by: Tommi Rantala tt.rant...@gmail.com --- security/keys/keyctl.c |3 ++- 1 file changed, 2

trinity locking troubles with ax25_recvmsg()

Hello, Noticed a huge load in one of my trinity test machines: 14:07:10 up 6:11, 1 user, load average: 39,00, 39,01, 38,95 But it is just 39x trinity child processes sitting there for couple of hours in D state, plus trinity-child38 in S state: USER PID %CPU %MEMVSZ RSS TTY

Re: [Intel-gfx] [PATCH] drm/i915: Sanity check incoming ioctl data for a NULL pointer

2013/3/17 Chris Wilson ch...@chris-wilson.co.uk: On Mon, Mar 18, 2013 at 07:42:58AM +1000, Dave Airlie wrote: On Mon, Mar 18, 2013 at 7:40 AM, Chris Wilson ch...@chris-wilson.co.uk wrote: On Sun, Mar 17, 2013 at 08:50:03PM +0100, Daniel Vetter wrote: On Sat, Mar 16, 2013 at 11:19 AM, Chris

sw_perf_event_destroy() oops while fuzzing

Hello, Saw these oopses while fuzzing with trinity. I have some local modifications to trinity that might explain why Dave and others have not hit this before. Tommi [91911.171328] warning: process `trinity-child7' used the deprecated sysctl system call with 1029078728.32609.1029078728.32609.

Re: sw_perf_event_destroy() oops while fuzzing

2013/4/12 Peter Zijlstra a.p.zijls...@chello.nl: On Fri, 2013-04-12 at 08:34 +0300, Tommi Rantala wrote: [92759.011005] RIP [811a7200] sw_perf_event_destroy+0x30/0x90 [114607.070003] RIP: 0010:[811a7200] [811a7200] sw_perf_event_destroy+0x30/0x90 [114607.070003

Re: sw_perf_event_destroy() oops while fuzzing

2013/4/12 Tommi Rantala tt.rant...@gmail.com: 2013/4/12 Peter Zijlstra a.p.zijls...@chello.nl: perf_swevent_init() only sets event-destroy() (to sw_perf_event_destroy) _after_ it increments the static key thing and enqueues (and allocates) the hash list stuff. Obviously something is funny

[PATCH] perf: treat attr.config as u64 in perf_swevent_init()

Trinity discovered that we fail to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Introduced in commit b0a873ebb (perf: Register PMU implementations). Signed-off-by: Tommi Rantala tt.rant

i915 drm oopses while fuzzing

Hi, I saw these i915 oopses while fuzzing with trinity. The kernel is mainline v3.9-rc2-188-g6c23cbb, along with these two patches from Dave Airlie applied: [PATCH 1/2] drm: fix idr_remove warning during fuzzing [PATCH 2/2] drm: don't oops in ioctls that require the lock if no lock [

Re: [PATCH] drm/i915: Sanity check incoming ioctl data for a NULL pointer

2013/3/14 Chris Wilson ch...@chris-wilson.co.uk: In order to prevent a potential NULL deference with hostile userspace, we need to check whether the ioctl was passed an invalid args pointer. Reported-by: Tommi Rantala tt.rant...@gmail.com Link: http://lkml.kernel.org/r/ca+ydwtpubvbwxbt

Re: snd_seq_timer_open() NULL pointer dereference

2013/3/8 Takashi Iwai ti...@suse.de: At Thu, 7 Mar 2013 21:59:32 +0200, Tommi Rantala wrote: Hello, I'm hitting this while fuzzing the kernel with Trinity: The patch below fixes a clear bug in the code path. Could you check whether it'll fit? thanks, Takashi --- From: Takashi Iwai

Re: kernel BUG at fs/sysfs/group.c:65!

2013/3/8 Greg KH gre...@linuxfoundation.org: On Fri, Mar 08, 2013 at 09:35:17PM +0200, Tommi Rantala wrote: [ 205.043027] kernel BUG at /home/ttrantal/git/linux-2.6/fs/sysfs/group.c:65! And now we crash. For a loop device we are trying to add. Ick. I'm guessing that the caller of whom

Re: kernel BUG at fs/sysfs/group.c:65!

2013/3/9 Ming Lei tom.leim...@gmail.com: On Sat, Mar 9, 2013 at 4:41 AM, Greg KH gre...@linuxfoundation.org wrote: On Fri, Mar 08, 2013 at 09:35:17PM +0200, Tommi Rantala wrote: Hello, Saw this while fuzzing with trinity: # ./trinity -q -l off -C20 --dangerous -c ioctl -V /dev Trinity

Re: [PATCH 4/9] mm: use mm_populate() for blocking remap_file_pages()

2012/12/21 Michel Lespinasse wal...@google.com: Signed-off-by: Michel Lespinasse wal...@google.com Hello, this patch introduced the following bug, seen while fuzzing with trinity: [ 396.825414] BUG: unable to handle kernel NULL pointer dereference at 0050 [ 396.826013] IP:

hpet ioctl() divide error: 0000

Hello, I'm seeing this bug while fuzzing 3.9.0-rc1 with trinity (in a qemu virtual machine as the root user). [ 95.509983] divide error: [#1] SMP [ 95.510072] CPU 0 [ 95.510072] Pid: 2421, comm: trinity-child8 Not tainted 3.9.0-rc1+ #95 Bochs Bochs [ 95.510072] RIP:

Re: [PATCH 5/5] mempolicy: fix a memory corruption by refcount imbalance in alloc_pages_vma()

2012/10/9 Mel Gorman mgor...@suse.de: commit 00442ad04a5eac08a98255697c510e708f6082e2 upstream. Commit cc9a6c877661 (cpuset: mm: reduce large amounts of memory barrier related damage v3) introduced a potential memory corruption. shmem_alloc_page() uses a pseudo vma and it has one significant

[PATCH 1/2] staging: dgrp: use correct release op for /proc/dgrp/info

] do_filp_open+0x3c/0xa0 [811a2dcc] do_sys_open+0x11c/0x1c0 [811a2e8c] sys_open+0x1c/0x20 [81ca3d69] system_call_fastpath+0x16/0x1b [] 0x Signed-off-by: Tommi Rantala tt.rant...@gmail.com --- drivers/staging/dgrp/dgrp_specproc.c

[PATCH 2/2] staging: dgrp: prefix function names with dgrp_ in dgrp_specproc.c

[811a2dcc] do_sys_open+0x11c/0x1c0 [811a2e8c] sys_open+0x1c/0x20 [81ca3d69] system_call_fastpath+0x16/0x1b [] 0x Signed-off-by: Tommi Rantala tt.rant...@gmail.com --- drivers/staging/dgrp/dgrp_specproc.c | 66

Re: clock_nanosleep() task_struct leak

2013/2/6 Stanislaw Gruszka sgrus...@redhat.com: Below is proposed fix. Error cases wasn't that bad since there are various limitations when timer could be fired (i.e. timer which already fired can not be fired again). Tommi, please check if patch really fixes the problem. I tested it with

selinux_msg_queue_msgrcv() oops

Hello, I'm hitting an oops in selinux_msg_queue_msgrcv() when fuzzing with Trinity as the root user (in a qemu VM): [12578.053111] BUG: unable to handle kernel NULL pointer dereference at (null) [12578.054025] IP: [8131e1da] selinux_msg_queue_msgrcv+0xda/0x1e0 [12578.054025]

Re: selinux_msg_queue_msgrcv() oops

2013/2/6 Stephen Smalley s...@tycho.nsa.gov: On 02/06/2013 07:56 AM, Tommi Rantala wrote: Hello, I'm hitting an oops in selinux_msg_queue_msgrcv() when fuzzing with Trinity as the root user (in a qemu VM): NULL msg-security at that point is a bug in the ipc subsystem; SELinux is just

Re: selinux_msg_queue_msgrcv() oops

2013/2/6 Stephen Smalley s...@tycho.nsa.gov: On 02/06/2013 10:21 AM, Tommi Rantala wrote: 2013/2/6 Stephen Smalley s...@tycho.nsa.gov: On 02/06/2013 07:56 AM, Tommi Rantala wrote: Hello, I'm hitting an oops in selinux_msg_queue_msgrcv() when fuzzing with Trinity as the root user

idr_remove called for id=4096 which is not allocated

Hello, Saw this WARNING a few times while fuzzing the kernel with Trinity in a qemu virtual machine: [ 22.883257] idr_remove called for id=4096 which is not allocated. [ 22.884487] Pid: 2303, comm: trinity-child1 Not tainted 3.8.0+ #87 [ 22.885601] Call Trace: [ 22.886080]

NULL pointer deref at drm_newctx()

Hello, Hit this oops a few times while fuzzing the kernel with trinity in a qemu VM: [ 139.826369] BUG: unable to handle kernel NULL pointer dereference at (null) [ 139.827023] IP: [8143cb04] drm_newctx+0x64/0xb0 [ 139.827023] PGD 36f6d067 PUD 36f6e067 PMD 0 [ 139.827023]

autofs ioctl() = impossibly large user copy

Hello, Saw this WARNING while fuzzing the kernel with trinity in qemu virtual machine as the root user: [ 392.585489] [ cut here ] [ 392.586464] WARNING: at /home/ttrantal/git/linux-2.6/mm/page_alloc.c:2376 __alloc_pages_nodemask+0x20e/0x970() [ 392.588446] Hardware

WARNING: at drivers/ata/libata-core.c:5049 ata_qc_issue+0x1c7/0x3a0()

Hello, Hit this WARNING once while fuzzing the kernel with trinity in a qemu virtual machine as the root user. Does this make any sense? I have occasionally seen some ATA related troubles while fuzzing in a VM, but this warning is new to me. [ 490.717030] WARNING: at

Re: WARNING: at drivers/ata/libata-core.c:5049 ata_qc_issue+0x1c7/0x3a0()

2013/2/20 Douglas Gilbert dgilb...@interlog.com: On 13-02-19 04:52 PM, Dave Jones wrote: On Tue, Feb 19, 2013 at 04:04:33PM -0500, Douglas Gilbert wrote: On 13-02-19 01:37 PM, Tommi Rantala wrote: Hello, Hit this WARNING once while fuzzing the kernel with trinity in a qemu

Re: [PATCH] tmpfs: fix shared mempolicy leak

2012/12/5 Mel Gorman mgor...@suse.de: On Tue, Dec 04, 2012 at 11:24:30PM -0800, Hugh Dickins wrote: From: Mel Gorman mgor...@suse.de Commit 00442ad04a5e (mempolicy: fix a memory corruption by refcount imbalance in alloc_pages_vma()) changed get_vma_policy() to raise the refcount on a shmem

kernel BUG at security/keys/keyring.c:1003!

Hello, Hit the following BUG while fuzzing 3.14.0-rc3 with trinity. Tommi [708836.755392] [ cut here ] [708836.756044] kernel BUG at /build/linux/security/keys/keyring.c:1003! [708836.756044] invalid opcode: [#1] SMP DEBUG_PAGEALLOC [708836.756044] CPU: 0 PID: 5594

BUG: Bad page state in process trinity-c19

Hello, Hit the following bug while fuzzing with trinity. I can see that Dave reported similar bad page state problems for 3.13-rc4, but this one does not seem to be AIO related. https://lkml.org/lkml/2013/12/18/932 Tommi BUG: Bad page state in process trinity-c19 pfn:2429e

BUG: Bad rss-counter state mm:ffff88005f936c00 idx:0 val:1

Hello, Noticed the following kernel message while fuzzing 3.14.0-rc2-00488-gca03339 with trinity. Should I be worried? [40879.796336] BUG: Bad rss-counter state mm:88005f936c00 idx:0 val:1 Tommi -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a

btrfs possible irq lock inversion dependency detected

Hello, Saw this while fuzzing the kernel with Trinity. Tommi [ 396.136048] = [ 396.136048] [ INFO: possible irq lock inversion dependency detected ] [ 396.136048] 3.14.0-rc3 #1 Not tainted [ 396.136048]

lockdep: strange %s#5 lock name

Hello, Noticed a suspicious %s#5 lock name in a lockdep splat while fuzzing with trinity. Tommi [249844.491141] INFO: task kworker/u2:2:32113 blocked for more than 120 seconds. [249844.493268] Not tainted v3.13-11268-g8a1f006 #3 [249844.494731] echo 0

ipv6 kernel BUG at net/core/skbuff.c:126!

Hello, Hit this while fuzzing v3.10-rc4-214-g1612e11 (plus a one-liner af_netlink patch from Patrick McHardy, that I hope is not related to this bug). Tommi [19081.311430] vhci_hcd: changed 0 [19085.248780] type=1401 audit(1370620096.643:275): SELinux: unrecognized netlink message type=26994

Re: GPF at fsnotify_clear_marks_by_group_flags()

2013/6/7 Lino Sanfilippo linosanfili...@gmx.de: On 03.06.2013 10:03, Tommi Rantala wrote: Hello, Hit this while fuzzing v3.10-rc4-0-gd683b96 with trinity. Looks similar to what I reported back in March: https://lkml.org/lkml/2013/3/13/222 Hi Tommi, thank you for reporting. Do you know

Re: ipv6 kernel BUG at net/core/skbuff.c:126!

2013/6/8 Brian Haley brian.ha...@hp.com: On 06/07/2013 02:33 PM, Tommi Rantala wrote: Hello, Hit this while fuzzing v3.10-rc4-214-g1612e11 (plus a one-liner af_netlink patch from Patrick McHardy, that I hope is not related to this bug). Tommi [19491.615447] Call Trace: [19491.616273

WARNING: at kernel/events/core.c:913 add_event_to_ctx+0x5b/0x1c0()

Hello, One of my trinity boxes was not responding, this is what was logged. The kernel is v3.10-rc4-214-g1612e11 (plus a one-liner NETLINK_MMAP patch from Patrick McHardy, that I hope is not related to this). Tommi [186635.051311] [ cut here ] [186635.052009] WARNING:

include/net/ipv6.h:408:38: warning: ‘*((void *)addr+8)’ may be used uninitialized in this function

Hello, I'm seeing the following compiler warnings. Do these make any sense? I'm doing a x86-64 build. /build/linux/net/ipv4/tcp_metrics.c: In function ‘tcp_peer_is_proven’: /build/linux/include/net/ipv6.h:408:38: warning: ‘*((void *)addr+8)’ may be used uninitialized in this function

sound/oss/ad1848.c:2867:32: warning: ‘id_table’ defined but not used

Hello, I'm seeing the following compiler warning, does it look useful? I'm doing a v3.10-rc5 x86-64 build. /build/linux/sound/oss/ad1848.c:2867:32: warning: ‘id_table’ defined but not used [-Wunused-variable] $ gcc --version gcc (Ubuntu/Linaro 4.7.3-1ubuntu1) 4.7.3 Copyright (C) 2012 Free

Re: [PATCH linux-next v2] DM RAID: validate_raid_redundancy: Silence uninitialized variable warning

2013/2/21 Tim Gardner tim.gard...@canonical.com: drivers/md/dm-raid.c:453:53: warning: 'rebuilds_per_group' may be used uninitialized in this function [-Wuninitialized] drivers/md/dm-raid.c:383:11: note: 'rebuilds_per_group' was declared here Hello, is this patch getting merged? I'm also

Re: include/net/ipv6.h:408:38: warning: ‘*((void *)addr+8)’ may be used uninitialized in this function

2013/6/13 Eric Dumazet eric.duma...@gmail.com: On Thu, 2013-06-13 at 18:16 +0300, Tommi Rantala wrote: Hello, I'm seeing the following compiler warnings. Do these make any sense? I'm doing a x86-64 build. $ gcc --version gcc (Ubuntu/Linaro 4.7.3-1ubuntu1) 4.7.3 Copyright (C) 2012 Free

kernel BUG at net/core/skbuff.c:1065!

Hello, Hit this bug while fuzzing in a qemu virtual machine as the root user. Kernel is v3.10-rc5-0-g317ddd2. Tommi [575180.874750] type=1401 audit(1371378748.322:7750): SELinux: unrecognized netlink message type=0 for sclass=36 [575180.874750] [575191.358143] [ cut here

vhost kernel BUG at /build/linux/mm/slub.c:3352!

Hello, Hit this right after killing trinity with Ctrl-C. Was fuzzing v3.10-rc4-0-gd683b96 in a qemu virtual machine as the root user. Tommi [29175] Random reseed: 3970521611 [29175] Random reseed: 202886419 [29175] Random reseed: 2930978521 [179904.099501] binder: 29175:2539 ioctl 4010630e fff

Re: vhost kernel BUG at /build/linux/mm/slub.c:3352!

2013/6/5 Michael S. Tsirkin m...@redhat.com: On Tue, Jun 04, 2013 at 09:50:59PM +0300, Tommi Rantala wrote: Hello, Hit this right after killing trinity with Ctrl-C. Was fuzzing v3.10-rc4-0-gd683b96 in a qemu virtual machine as the root user. Tommi Thanks a lot for the report. If found

Re: [PATCH net 0/2] vhost fixes for 3.10

2013/6/6 Michael S. Tsirkin m...@redhat.com: Two patches fixing the fallout from the vhost cleanup in 3.10. Thanks to Tommi Rantala who reported the issue. Tommi, could you please confirm this fixes the crashes for you? Confirmed! With the two patches applied, I can no longer reproduce

GPF at fsnotify_clear_marks_by_group_flags()

Hello, Hit this while fuzzing v3.10-rc4-0-gd683b96 with trinity. Looks similar to what I reported back in March: https://lkml.org/lkml/2013/3/13/222 Tommi [42279.088045] general protection fault: [#1] SMP DEBUG_PAGEALLOC [42279.091904] CPU: 1 PID: 10937 Comm: trinity-child7 Tainted: G

kernel/events/callchain.c:141 suspicious rcu_dereference_check() usage!

Hello, Hit this while fuzzing v3.10-rc4-0-gd683b96 with trinity. Tommi [ 8703.304587] [ 8703.305106] === [ 8703.305106] [ INFO: suspicious RCU usage. ] [ 8703.305106] 3.10.0-rc4 #1 Tainted: G I [ 8703.305106] --- [ 8703.305106]

pipe-mutex sig-cred_guard_mutex - possible circular locking dependency detected

Hello, Hit this while fuzzing v3.10-rc4-0-gd683b96 with trinity. Tommi [40303.740229] [40303.740752] == [40303.741014] [ INFO: possible circular locking dependency detected ] [40303.741014] 3.10.0-rc4 #1 Not tainted [40303.741014]

NULL pointer deref after vmalloc() failure in fill_files_note()

Hello, Noticed while fuzzing with trinity, that if the vmalloc() in fill_files_note() fails, we Oops. I can easily reproduce the bug with this applied: diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index f8a0b0e..11b444f 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1432,7 +1432,7 @@

BUG ip_dst_cache (Not tainted): Poison overwritten

Hello, Hit this while fuzzing v3.13-9218-g0e47c96 with trinity in a qemu virtual machine. Tommi [ 6329.061605] = [ 6329.062014] BUG ip_dst_cache (Not tainted): Poison overwritten [ 6329.062014]

Re: BUG ip_dst_cache (Not tainted): Poison overwritten

2014-01-31 Eric Dumazet eric.duma...@gmail.com: On Fri, 2014-01-31 at 22:11 +0200, Tommi Rantala wrote: Hello, Hit this while fuzzing v3.13-9218-g0e47c96 with trinity in a qemu virtual machine. Tommi Hi Tommi Could you please try the following fix ? Thanks, giving this a spin

Re: BUG ip_dst_cache (Not tainted): Poison overwritten

2014-02-01 Tommi Rantala tt.rant...@gmail.com: 2014-01-31 Eric Dumazet eric.duma...@gmail.com: On Fri, 2014-01-31 at 22:11 +0200, Tommi Rantala wrote: Hello, Hit this while fuzzing v3.13-9218-g0e47c96 with trinity in a qemu virtual machine. Tommi Hi Tommi Could you please try

sched_rr_get_interval NULL pointer OOPS

Hello, Trinity triggered the following bug in two separate qemu virtual machines after fuzzing v3.13-3995-g0dc3fd0 for a day or two. I have not been running Trinity in a while, so no idea if this is a regression or not. If I'm reading this right, it's oopsing in kernel/sched/core.c:

Re: drm_mode_create_dumb_ioctl: divide error

22.8.2014 13.38 kirjoitti David Herrmann dh.herrm...@gmail.com: Hi On Thu, Aug 21, 2014 at 8:18 PM, Tommi Rantala tt.rant...@gmail.com wrote: Hello, Triggered this while fuzzing v3.17-rc1-51-g372b1db with Trinity. Tommi [drm:drm_mode_legacy_fb_format] *ERROR* bad bpp, assuming

/proc/asound/card0/oss_mixer stack corruption

Hello, Trinity discovered that writing 128 bytes to /proc/asound/card0/oss_mixer triggers a stack corruption. Tommi # printf %128s /proc/asound/card0/oss_mixer ALSA: mixer_oss: invalid OSS volume '' Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: 81e193ba

drm_mode_create_dumb_ioctl: divide error

Hello, Triggered this while fuzzing v3.17-rc1-51-g372b1db with Trinity. Tommi [drm:drm_mode_legacy_fb_format] *ERROR* bad bpp, assuming x8r8g8b8 pixel format divide error: [#1] SMP DEBUG_PAGEALLOC CPU: 0 PID: 2854 Comm: trinity-c7 Not tainted 3.17.0-rc1+ #14 Hardware name: Bochs Bochs,

[PATCH 1/2] Input: xpad - add USB ID for Thrustmaster Ferrari 458 Racing Wheel

Add the USB ID for the Xbox 360 Thrustmaster Ferrari 458 Racing Wheel. Signed-off-by: Tommi Rantala tt.rant...@gmail.com --- drivers/input/joystick/xpad.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c index cd13c82..cee4fe3

[PATCH 2/2] Input: xpad - add Thrustmaster as Xbox 360 controller vendor

Add Thrustmaster as Xbox 360 controller vendor. This is required for example to make the GP XID (044f:b326) gamepad work. Signed-off-by: Tommi Rantala tt.rant...@gmail.com --- drivers/input/joystick/xpad.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/input/joystick/xpad.c b

f2fs get_dnode_of_data oops

Hello, Hit this oops while fuzzing v3.17-rc3-176-g2b12164 with Trinity. Tommi BUG: unable to handle kernel paging request at 8804338717a8 IP: [81779039] get_dnode_of_data+0x3a9/0x440 PGD 4594067 PUD 0 Oops: [#1] SMP DEBUG_PAGEALLOC CPU: 0 PID: 4719 Comm: trinity-c3 Not tainted

Re: f2fs get_dnode_of_data oops

2014-09-07 22:14 GMT+03:00 Tommi Rantala tt.rant...@gmail.com: Hello, Hit this oops while fuzzing v3.17-rc3-176-g2b12164 with Trinity. Tommi BUG: unable to handle kernel paging request at 8804338717a8 IP: [81779039] get_dnode_of_data+0x3a9/0x440 PGD 4594067 PUD 0 Oops:

Re: f2fs get_dnode_of_data oops

2014-09-08 7:20 GMT+03:00 Jaegeuk Kim jaeg...@kernel.org: Hi, Thank you for the report. Could you share a little bit more information about the file accessing f2fs_llseek? E.g., file size, file offset, file allocation information, or dump of that file. Hi, I can reproduce the bug with

drm_ioctl WARNING at arch/x86/mm/ioremap.c:98

Hello, Got this warning while fuzzing v3.17-rc2-40-gff0c57a with Trinity. Was running as root in qemu. Tommi ioremap: invalid physical address 40004000 [ cut here ] WARNING: CPU: 0 PID: 2887 at arch/x86/mm/ioremap.c:98 __ioremap_caller+0x7a/0x2e0() CPU: 0 PID:

RTNL: assertion failed at net/ipv6/addrconf.c (1699)

Hi, Was fuzzing Linus v3.17-rc2-89-g59753a8 with Trinity as the root user in qemu, when I hit the following assertion failures. Tommi [init] Started watchdog process, PID is 4841 [main] Main thread is alive. [ 77.229699] sctp: [Deprecated]: trinity-main (pid 4842) Use of int in max_burst

Re: f2fs get_dnode_of_data oops

2014-09-09 7:41 GMT+03:00 Jaegeuk Kim jaeg...@kernel.org: Hi Tommi, This patch should resolve this bug. Thanks a lot. :) From ee24677b9917583f50f16b6f59771439f91b890c Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim jaeg...@kernel.org Date: Mon, 8 Sep 2014 10:59:43 -0700 Subject: [PATCH] f2fs:

[PATCH] drm/radeon: fix DRM_IOCTL_RADEON_CS oops

] ---[ end trace 09576b4e8b2c20b8 ]--- Signed-off-by: Tommi Rantala tt.rant...@gmail.com --- drivers/gpu/drm/radeon/radeon_cs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/radeon/radeon_cs.c b/drivers/gpu/drm/radeon/radeon_cs.c index a579ed3..4d0f96c 100644

[PATCH] [media] cx231xx: Add support for Terratec Grabby

Add support for the Terratec Grabby with USB ID 0ccd:00a6. Signed-off-by: Tommi Rantala tt.rant...@gmail.com --- drivers/media/usb/cx231xx/cx231xx-cards.c | 28 drivers/media/usb/cx231xx/cx231xx.h | 1 + 2 files changed, 29 insertions(+) diff --git a/drivers

Re: nouveau: iowrite32 oops & warning at drivers/gpu/drm/nouveau/nouveau_fence.c:198

2015-11-22 22:49 GMT+02:00 Ilia Mirkin : > Not sure if these apply here but there are a couple of outstanding > locking fixes available in > http://cgit.freedesktop.org/~darktama/nouveau/ -- specifically these > two: > >

nouveau: BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40

Hello, I'm seeing this kasan report after booting with linus v4.4-rc1-290-g3ad5d7e. BUG: KASAN: slab-out-of-bounds in memcpy+0x1d/0x40 at addr 880169e21fd0 Read of size 64 by task kworker/1:0/14 = BUG kmalloc-8192

nouveau: iowrite32 oops & warning at drivers/gpu/drm/nouveau/nouveau_fence.c:198

Hello, I'm seeing this warning and oops when trying to fuzz linus v4.4-rc1-290-g3ad5d7e with trinity. [ cut here ] WARNING: CPU: 1 PID: 4308 at drivers/gpu/drm/nouveau/nouveau_fence.c:198 nouveau_fence_context_new+0x22e/0x270() CPU: 1 PID: 4308 Comm: trinity-c19 Tainted:

sudo x86info -a => kernel BUG at mm/usercopy.c:78!

Hi, Running: $ sudo x86info -a On this HP ZBook 15 G3 laptop kills the x86info process with segfault and produces the following kernel BUG. $ git describe v4.11-rc4-40-gfe82203 It is also reproducible with the fedora kernel: 4.9.14-200.fc25.x86_64 Full dmesg output here:

Re: sudo x86info -a => kernel BUG at mm/usercopy.c:78!

On 31.03.2017 21:26, Linus Torvalds wrote: Hmm. Thinking more about this, we do allow access to the first 1MB of physical memory unconditionally (see devmem_is_allowed() in arch/x86/mm/init.c). And I think we only _reserve_ the first 64kB or something. So I guess even STRICT_DEVMEM isn't

[PATCH 0/6] perf string handling fixes

Hi, Some small perf fixes, mostly caught with valgrind. The last patch is a simplification: it is easier to open /proc/self/exe than /proc/$pid/exe. Tommi Rantala (6): perf buildid: do not update SDT cache with null filename perf buildid: do not assume that readlink() returns a null

[PATCH 4/6] perf utils: use sizeof(buf)-1 in readlink() call

Ensure that we have space for the null byte in buf. Signed-off-by: Tommi Rantala <tommi.t.rant...@nokia.com> --- tools/perf/util/header.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index 05714d5..ab10e9d

[PATCH 5/6] perf utils: null terminate buf in read_ftrace_printk()

==by 0x429F5D: cmd_annotate (builtin-annotate.c:472) ==31357==by 0x497150: run_builtin (perf.c:359) ==31357==by 0x428CE0: handle_internal_command (perf.c:421) ==31357==by 0x428CE0: run_argv (perf.c:467) ==31357==by 0x428CE0: main (perf.c:614) Signed-off-by: Tommi Rantala <tommi.t.r

[PATCH 3/6] perf tests: do not assume that readlink() returns a null terminated string

Ensure that the string in buf is null terminated. Signed-off-by: Tommi Rantala <tommi.t.rant...@nokia.com> --- tools/perf/tests/sdt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/tests/sdt.c b/tools/perf/tests/sdt.c index f59d210..121949a 100644 --- a/tool

[PATCH 2/6] perf buildid: do not assume that readlink() returns a null terminated string

359) ==11643==by 0x428CE0: handle_internal_command (perf.c:421) ==11643==by 0x428CE0: run_argv (perf.c:467) ==11643==by 0x428CE0: main (perf.c:614) [...] Additionally, a zero length result from readlink() is not very interesting. Signed-off-by: Tommi Rantala <tommi.t.rant...@nok

[PATCH 6/6] perf utils: readlink /proc/self/exe to find the perf binary

Signed-off-by: Tommi Rantala <tommi.t.rant...@nokia.com> --- tools/perf/util/header.c | 8 ++-- 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/tools/perf/util/header.c b/tools/perf/util/header.c index ab10e9d..c6243af 100644 --- a/tools/perf/util/header.c +++ b/tools/per

[PATCH 1/6] perf buildid: do not update SDT cache with null filename

==by 0x428CE0: main (perf.c:614) ==2633== Address 0x0 is not stack'd, malloc'd or (recently) free'd Signed-off-by: Tommi Rantala <tommi.t.rant...@nokia.com> --- tools/perf/util/build-id.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/util/build-id.c b

Re: sudo x86info -a => kernel BUG at mm/usercopy.c:78!

On 30.03.2017 20:44, Laura Abbott wrote: On 03/30/2017 10:37 AM, Kees Cook wrote: Reads out of /dev/mem should be restricted to non-RAM on Fedora, yes? Tommi, do your kernels have CONFIG_STRICT_DEVMEM=y ? -Kees CONFIG_STRICT_DEVMEM should be on in all Fedora kernels. Yes, the fedora

Re: sudo x86info -a => kernel BUG at mm/usercopy.c:78!

On 30.03.2017 23:01, Dave Jones wrote: On Thu, Mar 30, 2017 at 12:52:31PM -0700, Kees Cook wrote: > On Thu, Mar 30, 2017 at 12:41 PM, Dave Jones <da...@codemonkey.org.uk> wrote: > > On Thu, Mar 30, 2017 at 09:45:26AM -0700, Kees Cook wrote: > > > On Wed, Mar 29,

Re: sudo x86info -a => kernel BUG at mm/usercopy.c:78!

On 31.03.2017 08:40, Tommi Rantala wrote: The only thing that I can think of would be a rogue ptr in the bios table, but that seems unlikely. Tommi, can you put strace of x86info -mp somewhere? That will confirm/deny whether we're at least asking the kernel to do sane things. Indeed the bug

Re: [patch 0/6] hwmon/coretemp: Hotplug fixes, cleanups and state machine conversion

2016-11-23 17:28 GMT+02:00 Guenter Roeck : > > On 11/22/2016 09:42 AM, Thomas Gleixner wrote: >> >> After the first attempt to convert the coretemp driver to the hotplug state >> machine failed, we had a deeper look and went a bit farther. >> >> The driver has quite some

Re: [patch 0/6] hwmon/coretemp: Hotplug fixes, cleanups and state machine conversion

2017-04-12 13:52 GMT+03:00 Thomas Gleixner <t...@linutronix.de>: > On Wed, 12 Apr 2017, Tommi Rantala wrote: >> 2017-04-12 12:28 GMT+03:00 Thomas Gleixner <t...@linutronix.de>: >> > On Wed, 12 Apr 2017, Tommi Rantala wrote: >> >> Resume-from-suspend sto

Re: [patch 0/6] hwmon/coretemp: Hotplug fixes, cleanups and state machine conversion

2017-04-12 12:28 GMT+03:00 Thomas Gleixner <t...@linutronix.de>: > On Wed, 12 Apr 2017, Tommi Rantala wrote: >> Resume-from-suspend stopped working in HP xw6600 in fedora kernel >> 4.10.8-200.fc25.x86_64, while it worked just fine in >> 4.9.9-200.fc25.x86_64. >>

Re: [RFC][PATCH] mm: Tighten x86 /dev/mem with zeroing

: this still needs mmap support. Reported-by: Tommi Rantala <tommi.t.rant...@nokia.com> Signed-off-by: Kees Cook <keesc...@chromium.org> --- Tommi, can you check and see if this fixes what you're seeing? I want to make sure this actually works first. (x86info uses seek/read not mmap.)

Re: [patch 0/6] hwmon/coretemp: Hotplug fixes, cleanups and state machine conversion

2017-04-14 20:35 GMT+03:00 Thomas Gleixner : > On Wed, 12 Apr 2017, Thomas Gleixner wrote: >> >> Can you please try the following: >> >> # for STATE in freezer devices platform processors core; do \ >> echo $STATE; \ >> echo $STATE >/sys/power/pm_test; \ >> echo mem

Re: nouveau "eDP-1: EDID is invalid" regression after 4.11 with HP ZBook 15 G3

bin.com/j6lq Tommi 2017-05-10 11:24 GMT+03:00 Tommi Rantala <tt.rant...@gmail.com>: > Hi, > > The HP ZBook 15 G3 laptop builtin display (eDP-1) does not work > correctly with v4.11-11413-g2868b25. > > When booting the laptop, the resolution seems to be limited to > 1024x7

Re: nouveau "eDP-1: EDID is invalid" regression after 4.11 with HP ZBook 15 G3

2017-05-15 3:03 GMT+03:00 Ben Skeggs <bske...@redhat.com>: > On 05/15/2017 01:10 AM, Tommi Rantala wrote: >> >> Hi, > > Hey Tommi, > > Thanks for bisecting this. It's rather unexpected that you should be seeing > problems here, but, the commit makes sense for

Re: [PATCH] hwmon: (coretemp) Handle frozen hotplug state correctly

2017-05-10 23:09 GMT+03:00 Guenter Roeck <li...@roeck-us.net>: > On Wed, May 10, 2017 at 10:16:33PM +0300, Tommi Rantala wrote: >> 2017-05-10 17:30 GMT+03:00 Thomas Gleixner <t...@linutronix.de>: >> > The recent conversion to the hotplug state machine missed

Re: [patch 0/6] hwmon/coretemp: Hotplug fixes, cleanups and state machine conversion

2017-05-09 10:16 GMT+03:00 Thomas Gleixner <t...@linutronix.de>: > On Thu, 4 May 2017, Tommi Rantala wrote: >> Here's the trace output, does it help? > > Not much. Can you please try the following: > > 1) Offline all CPUs except CPU0 before suspend/resume it works! &

Re: [patch 0/6] hwmon/coretemp: Hotplug fixes, cleanups and state machine conversion

2017-05-10 17:01 GMT+03:00 Thomas Gleixner <t...@linutronix.de>: > On Wed, 10 May 2017, Tommi Rantala wrote: >> 2017-05-09 10:16 GMT+03:00 Thomas Gleixner <t...@linutronix.de>: >> > On Thu, 4 May 2017, Tommi Rantala wrote: >> >> Here's the trace output,

nouveau "eDP-1: EDID is invalid" regression after 4.11 with HP ZBook 15 G3

Hi, The HP ZBook 15 G3 laptop builtin display (eDP-1) does not work correctly with v4.11-11413-g2868b25. When booting the laptop, the resolution seems to be limited to 1024x768, and gnome-session segfaults. Up to 4.11 the display works just fine in 1920x1080 mode. I'm seeing this in the kernel

Re: [PATCH] hwmon: (coretemp) Handle frozen hotplug state correctly

uhp_tasks_frozen is true. > > Thanks to Tommi for providing debug information patiently while I failed to > spot the obvious. > > Fixes: e00ca5df37ad ("hwmon: (coretemp) Convert to hotplug state machine") > Reported-by: Tommi Rantala <tt.rant...@gmail.com> > Signed

(radeon?) WARNING: drivers/gpu/drm/drm_irq.c:1195 drm_vblank_put (v4.11-12441-g56868a4)

Hi, I just tested v4.11-12441-g56868a4 on HP xw6600 with radeon graphics, and I'm seeing the following WARNING triggered constantly. I have not seen this earlier e.g. with the distro kernel 4.10.13-200.fc25.x86_64 $ lspci|grep -i amd 60:00.0 VGA compatible controller: Advanced Micro Devices,

Re: (radeon?) WARNING: drivers/gpu/drm/drm_irq.c:1195 drm_vblank_put (v4.11-12441-g56868a4)

2017-05-11 5:51 GMT+03:00 Michel Dänzer <mic...@daenzer.net>: > On 11/05/17 04:33 AM, Tommi Rantala wrote: >> Complete kernel log: >> http://termbin.com/dzy5 >> >> [ 249.952546] [ cut here ] >> [ 249.952593] WARNING: CPU: 5 PID: 0

Re: (radeon?) WARNING: drivers/gpu/drm/drm_irq.c:1195 drm_vblank_put (v4.11-12441-g56868a4)

2017-05-22 10:32 GMT+03:00 Daniel Vetter : > Yeah I think the locking stuff we've fixed, at least if you don't see it > in 4.12 it should be all good. And I think I spotted the bug you've > bisected to, patch is on dri-devel, pls test. Thanks! I'll test it later today. -Tommi

Re: nouveau "eDP-1: EDID is invalid" regression after 4.11 with HP ZBook 15 G3

2017-05-15 8:20 GMT+03:00 Tommi Rantala <tt.rant...@gmail.com>: > 2017-05-15 3:03 GMT+03:00 Ben Skeggs <bske...@redhat.com>: >> On 05/15/2017 01:10 AM, Tommi Rantala wrote: >>> >>> Hi, >> >> Hey Tommi, >> >> Thanks for bisecting this

4.9.30 NULL pointer dereference in __remove_shared_vm_struct

Hi, I have hit this kernel bug twice with 4.9.30 while running trinity, any ideas? It's not easily reproducible. Perhaps I should enable some more debug options to see if they reveal anything... (note that I had different kernel builds, so the IP addresses are different in the logs below)

Re: [patch 0/6] hwmon/coretemp: Hotplug fixes, cleanups and state machine conversion

2017-04-23 18:01 GMT+03:00 Thomas Gleixner <t...@linutronix.de>: > On Sat, 15 Apr 2017, Tommi Rantala wrote: > >> Testing with 4.10.8-200.fc25.x86_64: freezer, devices and platform are >> OK, it breaks at "processors". >> The screen stays off, a

Re: tipc_udp_send_msg oops in 4.4 when setting link tolerance

On 14.11.2017 13:35, Jon Maloy wrote: Found it, the missing patch is this one (9b3009604b8e does not help): commit d01332f1acacc0cb43a61f4244dd2b846d4cd585 Author: Richard Alpe Date: Mon Feb 1 08:19:56 2016 +0100 tipc: fix link attribute propagation bug It

[PATCH] tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv()

8200 (relocation range: 0x8000-0xbfff) [ 12.751215] Rebooting in 60 seconds.. Fixes: c9b64d492b1f ("tipc: add replicast peer discovery") Signed-off-by: Tommi Rantala <tommi.t.rant...@nokia.com> --- net/tipc/udp_media.c | 29 +++--

  1   2   3   >