On Fri, Feb 26, 2016 at 10:50:27AM +0100, Jiri Slaby wrote: > On 02/26/2016, 10:23 AM, Jiri Slaby wrote: > > On 02/26/2016, 09:56 AM, Jiri Slaby wrote: > >>> I really don't see how it would happen here - that code doesn't look > >>> particularly odd. > > > > Funnily enough, this is what I got today, when booting 4.4.2 in qemu VM > > on my host. > > > > RIP crashing (ffffffff810f28d5) is action->dev_id dereference in > > handle_irq_event_percpu. Look: > > 0xffffffff810f28d5 <+101>: mov 0x8(%rbx),%rsi > > 0xffffffff810f28d9 <+105>: mov %r12d,%edi > > 0xffffffff810f28dc <+108>: callq *(%rbx) > > which is > > trace_irq_handler_entry(irq, action); > > res = action->handler(irq, action->dev_id); > > trace_irq_handler_exit(irq, action, res); > > > ... > > So is this the same bug or not? > > Seems not, actually. I think I need: > commit 570540d50710ed192e98e2f7f74578c9486b6b05 > Author: Thomas Gleixner <tglx@xxxxxxxxxxxxx> > Date: Wed Jan 13 14:07:25 2016 +0100 > > genirq: Validate action before dereferencing it in > handle_irq_event_percpu() That's in my queue to pick up later today, sorry about that. greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html