From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1757405AbdKGPvD (ORCPT <rfc822;w@1wt.eu>);
        Tue, 7 Nov 2017 10:51:03 -0500
Received: from mail-io0-f174.google.com ([209.85.223.174]:46758 "EHLO
        mail-io0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750818AbdKGPvB (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 7 Nov 2017 10:51:01 -0500
X-Google-Smtp-Source: ABhQp+TxY77SqRAO7L6PUVDywIz7ypp+TktMr2K3p5vog49APOg4+d0GLUQFbpcoGs1fQrIrzzDKGKyNHo0AfxzJEVM=
MIME-Version: 1.0
In-Reply-To: <20171107102827.y5pmiqtifzbrlwfo@wfg-t540p.sh.intel.com>
References: <20171107100552.jqvf4n7p4ypdeuw7@wfg-t540p.sh.intel.com> <20171107102827.y5pmiqtifzbrlwfo@wfg-t540p.sh.intel.com>
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Tue, 7 Nov 2017 07:51:00 -0800
X-Google-Sender-Auth: p6SldlFfxz8fVGrLsENdNSH8SjY
Message-ID: <CA+55aFybLHpR0KVo-nXjBgXD6B5vnNryVg19y--wSU-0CbVrTQ@mail.gmail.com>
Subject: Re: [inotify_read] BUG: unable to handle kernel paging request at ffff8800172f8000
To: Fengguang Wu <fengguang.wu@intel.com>
Cc: linux-fsdevel <linux-fsdevel@vger.kernel.org>, Jan Kara <jack@suse.cz>,
        Amir Goldstein <amir73il@gmail.com>,
        Miklos Szeredi <mszeredi@redhat.com>,
        Nikolay Borisov <n.borisov.lkml@gmail.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Nov 7, 2017 at 2:28 AM, Fengguang Wu <fengguang.wu@intel.com> wrote:
> FYI This bug trace also contains inotify_read().
>
> [    3.365745] BUG: unable to handle kernel paging request at ffff8800172f8000
> [    3.366661] IP: slob_free+0x1c4/0x276
> [    3.373500] RBP: ffff8800172f7ffe

Same gcc bug: it's a 2-byte read from the end of the page that has
been turned by gcc into a 4-byte read, and causes an oops because your
gcc version is bad.

I *think* it's triggered by CONFIG_OPTIMIZE_FOR_SIZE=y, which causes
gcc to generate garbage code. Yes, the 32-bit read is one byte shorter
because it doesn't have a operand size prefix, but it's buggy.

               Linus