On Thu, Sep 21 2017, kernel test robot wrote: > FYI, we noticed the following commit: > > commit: 47e0fb461fca1a68a566c82fcc006cc787312d8c ("blk: make the bioset > rescue_workqueue optional.") > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master > > in testcase: trinity > with following parameters: > > runtime: 300s > > test-description: Trinity is a linux system call fuzz tester. > test-url: http://codemonkey.org.uk/projects/trinity/ > > > on test machine: qemu-system-x86_64 -enable-kvm -cpu IvyBridge -m 420M > > caused below changes (please refer to attached dmesg/kmsg for entire > log/backtrace):
Interesting. I cannot see how that bug could be caused by that patch. I think it is crashing in static inline bool ata_is_host_link(const struct ata_link *link) { return link == &link->ap->link || link == link->ap->slave_link; } from static inline int ata_link_max_devices(const struct ata_link *link) { if (ata_is_host_link(link) && link->ap->flags & ATA_FLAG_SLAVE_POSS) return 2; return 1; } from ata_dev_next(). I think %rdi holds link->ap, so the "link->ap->slave_link" dereference causes the crash. link->ap seems to be initialized quite early, and never cleared, so I don't know how it could be NULL... Confused. Thanks, NeilBrown
signature.asc
Description: PGP signature