Trinity

Bugs found so far using Trinity. (git hashes from linux.git)

Like the 'fixed' list, this is partial, and only lists the bugs I notice that have been attributed to Trinity.

Due to the high volume of bugs trinity has been finding of late, I no longer have time to chase down the links to the mailing list discussions for this page, or to track when they got fixed, and move them to the 'fixed' page.

Search lkml.org for the subject line below, and read the full thread to conclusion to find the related patch.

Still unfixed (or unattributed fix):

April/May 2011:
* sel_netnode_insert suspicious rcu usage. http://lkml.org/lkml/2011/4/20/308 http://lkml.org/lkml/2012/6/5/10
July 2011:
* irqs_disabled page fault lockdep trace. http://lkml.org/lkml/2011/7/23/167
November 2011:
* DECNET redzone overwritten http://lkml.org/lkml/2011/11/21/59 * [BUG] Recursive locking in sound/core http://lkml.org/lkml/2011/11/18/206 * ieee802154: WARNING: at mm/page_alloc.c:2095 http://lkml.org/lkml/2011/11/22/41 * nfsd: Fix oops when parsing a 0 length export http://lkml.org/lkml/2011/11/18/130 * vhost-net: Acquire device lock when releasing device http://lkml.org/lkml/2011/11/18/69 * pipe: Fail cleanly when root tries F_SETPIPE_SZ with big size http://lkml.org/lkml/2011/11/19/14
December 2011:
* net: kernel BUG at include/net/netns/generic.h:40! http://lkml.org/lkml/2011/12/3/3 http://lkml.org/lkml/2012/4/5/290 * net: WARNING: at fs/sysfs/dir.c:481 sysfs_add_one+0xb7/0xe0() http://lkml.org/lkml/2011/12/5/192 * WARNING: at block/blk-ioc.c:234 exit_io_context+0x40/0x92() http://lkml.org/lkml/2011/12/26/35
January 2012:
* mm: Don't warn if memdup_user fails http://lkml.org/lkml/2012/1/11/234 * Hung task when calling clone() due to netfilter/slab http://lkml.org/lkml/2012/1/14/45 * [BUG] kernel BUG at mm/memcontrol.c:1074! http://lkml.org/lkml/2012/1/18/509 * BUG: unable to handle kernel paging request at ffffc7ff81000398 (sys_kexec_load) http://lkml.org/lkml/2012/1/21/209 * net: caif: Don't act on notification for non-caif devices http://lkml.org/lkml/2012/1/24/4 * Hang (deadlock?) inside iscsi_if_rx http://lkml.org/lkml/2012/1/24/154
February 2012:
* TTY: NULL dereference when closing a pty file http://lkml.org/lkml/2012/2/19/75 * 9p: BUG: unable to handle kernel paging request at ffff880035698000 http://lkml.org/lkml/2012/2/21/180 * rtc: INFO: possible circular locking dependency detected http://lkml.org/lkml/2012/2/27/438
March 2012:
* sys_poll use after free (hibernate) http://lkml.org/lkml/2012/3/12/748 * tun oops dereferencing garbage nsproxy-> address. http://lkml.org/lkml/2012/3/12/838 * vfs namespace: Don't assume mount namespace has valid root http://lkml.org/lkml/2012/3/14/372 http://lkml.org/lkml/2012/3/14/461 * vfs: chmod: Hung task after calling chmod() http://lkml.org/lkml/2012/3/14/373 * net: Hung task when closing device http://lkml.org/lkml/2012/3/14/375 * ntp: Fix integer overflow when setting time http://lkml.org/lkml/2012/3/14/406 * ntp: BUG: spinlock lockup on CPU#1 http://lkml.org/lkml/2012/3/15/144 * sound: BUG: unable to handle kernel irq event stamp: 2013419 http://lkml.org/lkml/2012/3/15/223 * netfilter: Hung task http://lkml.org/lkml/2012/3/18/14 * sched: BUG: spinlock recursion on CPU#4 http://lkml.org/lkml/2012/3/19/639 * BUG: sleeping function called from invalid context at fs/proc/task_mmu.c:826 * mm: hung task (handle_pte_fault) http://lkml.org/lkml/2012/3/23/112 http://lkml.org/lkml/2012/3/28/379 http://lkml.org/lkml/2012/3/30/862 * sched: WARNING: at include/linux/cpumask.h:108 select_fallback_rq+0x241/0x280() http://lkml.org/lkml/2012/3/29/446 * vfs: hung task at path_openat http://lkml.org/lkml/2012/3/29/390
April 2012:
* [PATCH] phonet: Check input from user before allocating http://lkml.org/lkml/2012/4/2/374 http://lkml.org/lkml/2012/4/5/282 * kvm: RCU warning in async pf http://lkml.org/lkml/2012/4/2/496 * CPU softlockup due to smp_call_function() http://lkml.org/lkml/2012/4/4/282 * [PATCH] netfilter: ipvs: Verify that IP_VS protocol has been registered http://lkml.org/lkml/2012/4/5/303 * remove unnecessary ftrace WARN_ONCE's. http://lkml.org/lkml/2012/4/11/825 * [PATCH 1/2] mm: fix NULL ptr dereference in migrate_pages http://lkml.org/lkml/2012/4/13/79 * [PATCH] 9p: disconnect channel when PCI device is removed http://lkml.org/lkml/2012/4/13/352 * New RCU related warning due to rcu_preempt_depth() changes http://lkml.org/lkml/2012/4/17/84 * [3.4-rc3] Thread overran stack, or stack corrupted http://lkml.org/lkml/2012/4/17/366 * bdi_debug_stats_show oops. http://lkml.org/lkml/2012/4/18/279 * jbd: NULL dereference on chown() http://lkml.org/lkml/2012/4/18/328 * 3.4-rc3: kernel BUG at mm/memory.c:1228! http://lkml.org/lkml/2012/4/19/272 http://lkml.org/lkml/2012/6/6/495 * mm: divide by zero in percpu_pagelist_fraction_sysctl_handler() http://lkml.org/lkml/2012/4/20/32
May 2012:
* WARNING: at include/linux/iocontext.h:140 copy_io+0xb9/0x130() http://lkml.org/lkml/2012/5/1/82 * net: l2tp: unlock socket lock before returning from l2tp_ip_sendmsg http://lkml.org/lkml/2012/5/2/195 http://lkml.org/lkml/2012/5/2/216 * c/r: broken locking when executing map_files http://lkml.org/lkml/2012/5/2/274 * ecryptfs: Kernel BUG when closing device http://lkml.org/lkml/2012/5/3/20 * rcu: BUG on exit_group http://lkml.org/lkml/2012/5/3/290 * vfs: INFO: possible circular locking dependency detected http://lkml.org/lkml/2012/5/9/349 * [PATCH] cred: use correct cred accessor with regards to rcu read lock http://lkml.org/lkml/2012/5/17/376 * GPF in numa_vma_unlink http://www.spinics.net/lists/kernel/msg1346336.html * [PATCH] Bluetooth: Really fix registering hci with duplicate name http://lkml.org/lkml/2012/5/26/115 * [PATCH] USB: Staging: media: lirc: initialize spinlocks before usage http://lkml.org/lkml/2012/5/26/117 * mm: kernel BUG at mm/memory.c:1230 http://lkml.org/lkml/2012/5/24/232 * 3.4+ tty lockdep trace http://lkml.org/lkml/2012/5/24/108
June 2012:
* [PATCH] ieee802154: verify packet size before trying to allocate it http://lkml.org/lkml/2012/6/10/74 * net: nfc: BUG and panic in accept() on 3.5-rc2 http://lkml.org/lkml/2012/6/11/305 * processes hung after sys_renameat, and 'missing' processes http://lkml.org/lkml/2012/6/3/122 * blk/dm: Kernel crash on 3.5-rc2 * Re: rcu,sched: spinlock recursion on 3.5-rc2 * [PATCH] NFC: only put local on destruction if it was created before * New tty ldisc lockup on 3.5-rc3 http://lkml.org/lkml/2012/6/22/184 * mtd: kernel BUG at arch/x86/mm/pat.c:279! http://lkml.org/lkml/2012/6/29/49 * rcu: BUG: spinlock recursion on CPU#3, trinity-child19/5970 http://lkml.org/lkml/2012/6/29/66
July 2012:
* 3.5-rc6 dentry related GPF http://lkml.org/lkml/2012/7/11/433 * 3.5-rc6 configfs BUG_ON * sysvipc bug http://lkml.org/lkml/2012/7/11/629 * [PATCH] SUNRPC: Prevent kernel stack corruption on long values of flush http://lkml.org/lkml/2012/7/16/416 * sched, debug: INFO: possible irq lock inversion dependency detected * hrtimer: Lockups with latest -next kernel http://lkml.org/lkml/2012/7/20/133 * netfilter,rcu: hang in nf_conntrack_net_exit http://lkml.org/lkml/2012/7/20/345 * lockdep trace from posix timers http://lkml.org/lkml/2012/7/24/443
August 2012: * mq: INFO: possible circular locking dependency detected http://lkml.org/lkml/2012/8/4/65 * 3.6rc3 lockdep trace. tasklist_lock vs fasync http://lkml.org/lkml/2012/8/22/673
September 2012: * 3.6-rc4 audit_log_d_path oops. http://lkml.org/lkml/2012/9/6/269 * RCU idle CPU detection is broken in linux-next https://lkml.org/lkml/2012/9/12/533 * [PATCH 1/2] Revert "xattr: mark variable as uninitialized to make both gcc and smatch happy" https://lkml.org/lkml/2012/9/14/516 * Re: [PATCH 6/7] mm: add CONFIG_DEBUG_VM_RB build option https://lkml.org/lkml/2012/9/14/593 * blk, mm: lockdep irq lock inversion in linux-next https://lkml.org/lkml/2012/9/15/54 * [PATCH] mm: thp: fix pmd_present for split_huge_page and PROT_NONE with THP http://www.spinics.net/lists/linux-mm/msg42040.html * blk: NULL ptr deref in blk_dequeue_request() https://lkml.org/lkml/2012/9/22/113 * GPF in ip6_dst_lookup_tail http://www.spinics.net/lists/netdev/msg211894.html
October 2012:
* [PATCH] i7core_edac, Fix panic when accessing sysfs files https://lkml.org/lkml/2012/10/16/277 * [PATCH] kvm, async_pf: exit idleness when handling KVM_PV_REASON_PAGE_NOT_PRESENT https://lkml.org/lkml/2012/10/19/362 * net,sctp: oops in sctp_do_sm https://lkml.org/lkml/2012/10/18/691 * mm: NULL ptr deref in anon_vma_interval_tree_verify https://lkml.org/lkml/2012/10/18/589 * yama: lockdep warning on yama_ptracer_del https://lkml.org/lkml/2012/10/17/600 * weird use-after-free bug in module_put https://lkml.org/lkml/2012/10/19/299 * MAX_LOCKDEP_ENTRIES too low (called from ioc_release_fn) https://lkml.org/lkml/2012/10/17/575 * shmem_getpage_gfp VM_BUG_ON triggered. [3.7rc2] https://lkml.org/lkml/2012/10/24/721
December 2012:
* [PATCH] net, TTY: initialize tty->driver_data before usage * [PATCH resend] net, bluetooth: don't attempt to free a channel that wasn't created * vfs: oops on open_by_handle_at() in linux-next * Re: [PATCH v3 06/10] mm: kill vma flag VM_CAN_NONLINEAR * yama: lockdep warning on yama_ptracer_del * [PATCH] kvm, async_pf: exit idleness when handling KVM_PV_REASON_PAGE_NOT_PRESENT * net,sctp: oops in sctp_do_sm * mm: NULL ptr deref in anon_vma_interval_tree_verify * tty, vt: lockdep warnings * ipc, msgqueue: NULL ptr deref in msgrcv * Re: [patch for-3.7] mm, mempolicy: fix printing stack contents in numa_maps * Re: [PATCH 21/21] TTY: move tty buffers to tty_port * Re: [PATCH 03/16] mm: check rb_subtree_gap correctness * net, batman: NULL ptr deref in batadv_iv_ogm_queue_add * tty_ldisc_hangup: waiting (init) for ttyS0 took too long, but we keep waiting... * net, batman: lockdep circular dependency warning * net, bluetooth: object debug warning in bt_host_release() * [patch] mm, mempolicy: Introduce spinlock to read shared policy tree https://lkml.org/lkml/2012/12/3/540 * WARNING: at drivers/tty/tty_buffer.c:476 flush_to_ldisc+0x1de/0x1f0() https://lkml.org/lkml/2012/12/11/596 * mm, ksm: NULL ptr deref in unstable_tree_search_insert
January 2013:
https://lkml.org/lkml/2012/12/18/468 * oops in copy_page_rep() https://lkml.org/lkml/2013/1/5/115
February 2013
autofs ioctl() => impossibly large user copy batman-adv: gpf in batadv_slide_own_bcast_window BUG in find_pid_ns BUG: unable to handle kernel paging request at ffffc90000669000, IP: clock_nanosleep() task_struct leak edac: NULL deref when handling sysfs write fs: WARNING: at fs/dcache.c:2587 prepend_path GPF in numa_vma_unlink gpf in pm_qos_remote_wakeup_show idr_remove called for id=4096 which is not allocated lockdep circular locking splat: tasklist_lock --> &nonblocking_pool.lock mm: BUG in mempolicy's sp_insert net: rcu warnings in ip6fl_get_first NULL pointer deref at drm_lock_free() NULL pointer deref at drm_newctx() [PATCH 00/10] ipc MSG_COPY fixes [PATCH 01/10] ipc: Fix potential oops when src msg > 4k w/ MSG_COPY [PATCH 02/10] ipc: Clamp with min() [PATCH 03/10] ipc: Separate msg allocation from userspace copy [PATCH 04/10] ipc: Tighten msg copy loops [PATCH 05/10] ipc: Set EFAULT as default error in load_msg() [PATCH 06/10] ipc: Don't allocate a copy larger than max [PATCH 07/10] ipc: Remove msg handling from queue scan [PATCH 08/10] ipc: Implement MSG_COPY as a new receive mode [PATCH 09/10] ipc: Simplify msg list search [PATCH 10/10] ipc: Refactor msg list search into separate function [PATCH 1/2] mempolicy: fix wrong sp_node insertion [PATCH 1/2] staging: dgrp: use correct release op for /proc/dgrp/info [PATCH 2/2] mempolicy: fix typo [PATCH 2/2] staging: dgrp: prefix function names with dgrp_ in dgrp_specproc.c [PATCH] Fix selinux_msg_queue_msgrcv() oops. [PATCH] kvmvapic: add read operation to the MemoryRegionOps to fix segfault [PATCH] net: fix infinite loop in __skb_recv_datagram() [PATCH] posix-cpu-timers: fix nanosleep task_struct leak [PATCH v2 09/10] ipc: Simplify msg list search [PATCH v2 10/10] ipc: Refactor msg list search into separate function [PATCH v2] posix-cpu-timers: fix nanosleep task_struct leak Re: batman-adv: gpf in batadv_slide_own_bcast_window Re: [B.A.T.M.A.N.] batman-adv: gpf in batadv_slide_own_bcast_window Re: BUG in find_pid_ns Re: clock_nanosleep() task_struct leak Re: edac: NULL deref when handling sysfs write Re: fs: WARNING: at fs/dcache.c:2587 prepend_path Re: mm: BUG in mempolicy's sp_insert Re: [PATCH 00/10] ipc MSG_COPY fixes Re: [PATCH 2/2] mempolicy: fix typo Re: [PATCH] kexec: prevent double free on image allocation failure Re: [PATCH] kvmvapic: add read operation to the MemoryRegionOps to Re: [PATCH] net: fix infinite loop in __skb_recv_datagram() Re: [PATCH] posix-cpu-timers: fix nanosleep task_struct leak Re: [PATCH v2] posix-cpu-timers: fix nanosleep task_struct leak Re: sched: BUG in load_balance Re: sched: circular dependency between sched_domains_mutex and Re: sched: circular dependency between sched_domains_mutex and oom_notify_list Re: selinux_msg_queue_msgrcv() oops Re: slab: odd BUG on kzalloc Re: slub error in fs/sysfs/bin.c related code Re: soft lockup at __skb_recv_datagram() when fuzzing with trinity Re: soft lockup at __skb_recv_datagram() when fuzzing with trinity as Re: WARNING: at drivers/ata/libata-core.c:5049 ata_qc_issue+0x1c7/0x3a0() sched: BUG in load_balance sched: circular dependency between sched_domains_mutex and oom_notify_list selinux_msg_queue_msgrcv() oops slab: odd BUG on kzalloc slub error in fs/sysfs/bin.c related code soft lockup at __skb_recv_datagram() when fuzzing with trinity as WARNING: at drivers/ata/libata-core.c:5049 ata_qc_issue+0x1c7/0x3a0()
March 2013:
NOTE: Many of these threads actually contain traces from multiple bugs.
BUG_ON(nd->inode->i_op->follow_link); BUG_ON(nd->inode != parent->d_inode); BUG: unable to handle kernel NULL pointer dereference at [CFT] Re: VFS deadlock ? cgroup: INFO: suspicious RCU usage. in cgroup_name cgroup_release_agent() hung task warnings ext4_block_to_path block > max warning. ext4 object already free. fanotify soft lockup / GPF fasync_remove_entry oops gpf in pm_qos_remote_wakeup_show hpet ioctl() divide error: 0000 i915 drm oopses while fuzzing ipc/testmsg GPF. irq_work: WARNING: at kernel/irq_work.c:98 irq_work_needs_cpu+0x8a/0xb0() kernel BUG at fs/sysfs/group.c:65! kmemleak BUG: unable to handle kernel paging request at ffffc90000c68000 linux-v3.9-rc3: BUG: Bad page map in process trinity-child6 pte:002f9045 lockdep trace from kill_fasync (tty) vs account (random) lockdep trace from prepare_bprm_creds mm: BUG in do_huge_pmd_wp_page mm/fremap.c: fix oops on error path oops in udpv6_sendmsg [PATCH 0/1] do not abuse ->cred_guard_mutex in threadgroup_lock() [PATCH 0/2] sysfs: fix use after free in sysfs_readdir() [PATCH 1/1] do not abuse ->cred_guard_mutex in threadgroup_lock() [PATCH 1/2] sysfs: fix race between readdir and lseek [PATCH 2/2] sysfs: handle failure path correctly for readdir() [PATCH] ALSA: seq: Fix missing error handling in snd_seq_timer_open() [PATCH] drm/i915: Sanity check incoming ioctl data for a NULL pointer [PATCH -mm -next] ipc,sem: fix lockdep false positive [Patch net] rds: limit the size allocated by rds_message_alloc() pipe_release oops. Re: BUG at kmem_cache_alloc Re: BUG_ON(nd->inode->i_op->follow_link); Re: BUG_ON(nd->inode != parent->d_inode); Re: [CFT] Re: VFS deadlock ? Re: cgroup: INFO: suspicious RCU usage. in cgroup_name Re: cgroup_release_agent() hung task warnings Re: ext4_block_to_path block > max warning. Re: fasync_remove_entry oops Re: gpf in pm_qos_remote_wakeup_show Re: [Intel-gfx] [PATCH] drm/i915: Sanity check incoming ioctl data Re: ipc,sem: sysv semaphore scalability Re: ipc/testmsg GPF. Re: irq_work: WARNING: at kernel/irq_work.c:98 irq_work_needs_cpu+0x8a/0xb0() Re: kernel BUG at fs/sysfs/group.c:65! Re: linux-v3.9-rc3: BUG: Bad page map in process trinity-child6 pte:002f9045 Re: lockdep trace from kill_fasync (tty) vs account (random) Re: lockdep trace from prepare_bprm_creds Re: [PATCH 00/10] ipc MSG_COPY fixes Re: [PATCH 1/1] do not abuse ->cred_guard_mutex in threadgroup_lock() Re: [PATCH 1/2] sysfs: fix race between readdir and lseek Re: [PATCH 2/2] sysfs: handle failure path correctly for readdir() Re: [PATCH 4/9] mm: use mm_populate() for blocking remap_file_pages() Re: [PATCH] do not abuse ->cred_guard_mutex in threadgroup_lock() Re: [PATCH] drm/i915: Sanity check incoming ioctl data for a NULL pointer Re: [PATCH -mm -next] ipc,sem: fix lockdep false positive Re: [PATCH v5 00/44] ldisc patchset Re: [PATCH v5 26/44] tty: Add read-recursive, writer-prioritized rw Re: [PATCH v5 28/44] tty: Remove ldsem recursion support Re: pipe_release oops. Re: sctp: hang in sctp_remaddr_seq_show Re: SLAB + UML : WARNING: at mm/page_alloc.c:2386 Re: snd_seq_timer_open() NULL pointer dereference Re: sysfs_dir_cache slab corruption Re: use after free in sysfs_find_dirent revert "ipc: don't allocate a copy larger than max" Re: VFS deadlock ? Re: vfs: lockdep splat with prepare_bprm_creds Re: WARNING: at lib/idr.c:678 idr_find_slowpath+0x97/0xc0() Re: Yet another pipe related oops. sctp: hang in sctp_remaddr_seq_show SLAB + UML : WARNING: at mm/page_alloc.c:2386 snd_seq_timer_open() NULL pointer dereference sysfs_dir_cache slab corruption use after free in sysfs_find_dirent VFS deadlock ? vfs: lockdep splat with prepare_bprm_creds Yet another pipe related oops.
April 2013:
[ 08/56] sysfs: fix race between readdir and lseek [ 09/56] sysfs: handle failure path correctly for readdir() af_unix udev startup regression [Bug 956181] WARNING: at mm/page_alloc.c:2386 ext4 object already free. ipc,sem: sysv semaphore scalability kernel 3.8.4 : kernel BUG at fs/locks.c:2093! part #2 mm: BUG in do_huge_pmd_wp_page oops in udpv6_sendmsg [PATCH] thp: fix huge zero page logic for page with pfn == 0 [PATCH v1] sysfs: check if one entry has been removed before freeing remove_proc_entry() races (was Yet another pipe related oops.) + revert-ipc-dont-allocate-a-copy-larger-than-max.patch added to RE: WARNING: at kernel/smp.c:385 smp_call_function_many sw_perf_event_destroy() oops while fuzzing CVE-2013-2094 WARNING: at kernel/smp.c:385 smp_call_function_many Word-at-a-time dcache name accesses (was .. anybody know of Yet another pipe related oops.


back to Dave Jones home page..