Greeting, FYI, we noticed the following commit (built with gcc-9): commit: 1b84613d303e1496ea759aa171b7b36dfd8f26c3 ("[PATCH] inet: missing lock releases in udp.c") url: https://github.com/0day-ci/linux/commits/ycaibb/inet-missing-lock-releases-in-udp-c/20220121-111922 base: https://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git 8aaaf2f3af2ae212428f4db1af34214225f5cec3 patch link: https://lore.kernel.org/netdev/20220121031553.5342-1-ycaibb@gmail.com in testcase: trinity version: trinity-i386-4d2343bd-1_20200320 with following parameters: runtime: 300s group: group-03 test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 205.786467][ C1] WARNING: CPU: 1 PID: 4066 at kernel/softirq.c:362 __local_bh_enable_ip (kernel/softirq.c:362 (discriminator 1)) [ 205.786560][ C1] Modules linked in: af_alg(E) fcrypt(E) pcbc(E) rxrpc(E) crypto_user(E) scsi_transport_iscsi(E) xfrm_user(E) xfrm_algo(E) llc2(E) llc(E) sctp(E) ip6_udp_tunnel(E) udp_tunnel(E) libcrc32c(E) crc32c_generic(E) intel_rapl_msr(E) intel_rapl_common(E) crc32_pclmul(E) crc32c_intel(E) bochs(E) drm_vram_helper(E) drm_ttm_helper(E) ppdev(E) ttm(E) drm_kms_helper(E) aesni_intel(E) crypto_simd(E) cryptd(E) rapl(E) syscopyarea(E) sysfillrect(E) sysimgblt(E) fb_sys_fops(E) cec(E) drm(E) ata_generic(E) ata_piix(E) psmouse(E) evdev(E) serio_raw(E) libata(E) parport_pc(E) floppy(E) i2c_piix4(E) parport(E) qemu_fw_cfg(E) button(E) autofs4(E) [ 205.786814][ C1] CPU: 1 PID: 4066 Comm: trinity-c7 Tainted: G E 5.16.0-rc8-02291-g1b84613d303e #1 [ 205.786817][ C1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 205.786823][ C1] EIP: __local_bh_enable_ip (kernel/softirq.c:362 (discriminator 1)) [ 205.786826][ C1] Code: ea 01 f7 da 64 01 15 d4 d6 20 d5 64 a1 d4 d6 20 d5 a9 00 ff ff 00 74 1a 5d 64 ff 0d d4 d6 20 d5 c3 8d b4 26 00 00 00 00 66 90 <0f> 0b eb d1 8d 74 26 00 64 66 a1 c0 64 21 d5 66 85 c0 74 da e8 27 All code ======== 0: ea (bad) 1: 01 f7 add %esi,%edi 3: da 64 01 15 fisubl 0x15(%rcx,%rax,1) 7: d4 (bad) 8: d6 (bad) 9: 20 d5 and %dl,%ch b: 64 a1 d4 d6 20 d5 a9 movabs %fs:0xffff00a9d520d6d4,%eax 12: 00 ff ff 15: 00 74 1a 5d add %dh,0x5d(%rdx,%rbx,1) 19: 64 ff 0d d4 d6 20 d5 decl %fs:-0x2adf292c(%rip) # 0xffffffffd520d6f4 20: c3 retq 21: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi 28: 66 90 xchg %ax,%ax 2a:* 0f 0b ud2 <-- trapping instruction 2c: eb d1 jmp 0xffffffffffffffff 2e: 8d 74 26 00 lea 0x0(%rsi,%riz,1),%esi 32: 64 66 a1 c0 64 21 d5 movabs %fs:0x74c08566d52164c0,%ax 39: 66 85 c0 74 3d: da e8 (bad) 3f: 27 (bad) Code starting with the faulting instruction =========================================== 0: 0f 0b ud2 2: eb d1 jmp 0xffffffffffffffd5 4: 8d 74 26 00 lea 0x0(%rsi,%riz,1),%esi 8: 64 66 a1 c0 64 21 d5 movabs %fs:0x74c08566d52164c0,%ax f: 66 85 c0 74 13: da e8 (bad) 15: 27 (bad) [ 205.786829][ C1] EAX: 7ffffdff EBX: d50ccb40 ECX: d50d9df8 EDX: 00000201 [ 205.786851][ C1] ESI: c113af40 EDI: 0000000a EBP: f0c59e08 ESP: f0c59e08 [ 205.786853][ C1] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010206 [ 205.786858][ C1] CR0: 80050033 CR2: 00000004 CR3: 30c5a000 CR4: 000406f0 [ 205.786864][ C1] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 [ 205.786866][ C1] DR6: fffe0ff0 DR7: 00000400 [ 205.786867][ C1] Call Trace: [ 205.786894][ C1] _raw_spin_unlock_bh (kernel/locking/spinlock.c:211) [ 205.786936][ C1] udp_get_next (include/linux/spinlock.h:394 net/ipv4/udp.c:3007) [ 205.786980][ C1] ? udp_seq_start (net/ipv4/udp.c:3033) [ 205.786983][ C1] udp_seq_next (net/ipv4/udp.c:3041) [ 205.786987][ C1] seq_read_iter (fs/seq_file.c:263) [ 205.787023][ C1] ? udp_seq_start (net/ipv4/udp.c:3033) [ 205.787027][ C1] seq_read (fs/seq_file.c:163) [ 205.787031][ C1] ? seq_read_iter (fs/seq_file.c:152) [ 205.787034][ C1] proc_reg_read (fs/proc/inode.c:311 fs/proc/inode.c:323) [ 205.787070][ C1] ? proc_reg_unlocked_ioctl (fs/proc/inode.c:316) [ 205.787073][ C1] vfs_read (fs/read_write.c:479) [ 205.787081][ C1] ? common_mmap+0x40/0x80 [ 205.787111][ C1] ? common_mmap+0x80/0x80 [ 205.787113][ C1] ? __might_sleep (kernel/sched/core.c:9468 (discriminator 14)) [ 205.787133][ C1] ? __cond_resched (kernel/sched/core.c:8149) [ 205.787136][ C1] ksys_read (fs/read_write.c:620) [ 205.787140][ C1] __ia32_sys_read (fs/read_write.c:627) [ 205.787143][ C1] __do_fast_syscall_32 (arch/x86/entry/common.c:112 arch/x86/entry/common.c:178) [ 205.787156][ C1] do_fast_syscall_32 (arch/x86/entry/common.c:203) [ 205.787160][ C1] do_SYSENTER_32 (arch/x86/entry/common.c:247) [ 205.787163][ C1] entry_SYSENTER_32 (arch/x86/entry/entry_32.S:872) [ 205.787166][ C1] EIP: 0xb7f02589 [ 205.787175][ C1] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76 All code ======== ... 20: 00 51 52 add %dl,0x52(%rcx) 23: 55 push %rbp 24: 89 e5 mov %esp,%ebp 26: 0f 34 sysenter 28: cd 80 int $0x80 2a:* 5d pop %rbp <-- trapping instruction 2b: 5a pop %rdx 2c: 59 pop %rcx 2d: c3 retq 2e: 90 nop 2f: 90 nop 30: 90 nop 31: 90 nop 32: 8d 76 00 lea 0x0(%rsi),%esi 35: 58 pop %rax 36: b8 77 00 00 00 mov $0x77,%eax 3b: cd 80 int $0x80 3d: 90 nop 3e: 8d .byte 0x8d 3f: 76 .byte 0x76 Code starting with the faulting instruction =========================================== 0: 5d pop %rbp 1: 5a pop %rdx 2: 59 pop %rcx 3: c3 retq 4: 90 nop 5: 90 nop 6: 90 nop 7: 90 nop 8: 8d 76 00 lea 0x0(%rsi),%esi b: 58 pop %rax c: b8 77 00 00 00 mov $0x77,%eax 11: cd 80 int $0x80 13: 90 nop 14: 8d .byte 0x8d 15: 76 .byte 0x76 [ 205.787177][ C1] EAX: ffffffda EBX: 000000dd ECX: b6975000 EDX: 00000591 [ 205.787178][ C1] ESI: 00000000 EDI: 00000089 EBP: 000000ef ESP: bfabca5c [ 205.787180][ C1] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000296 [ 205.787193][ C1] ---[ end trace 5d00563d8897f1ee ]--- To reproduce: # build kernel cd linux cp config-5.16.0-rc8-02291-g1b84613d303e .config make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 INSTALL_MOD_PATH= modules_install cd find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k -m modules.cgz job-script # job-script is attached in this email # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation Thanks, Oliver Sang