From: kernel test robot <oliver.sang@intel.com>
To: "Liam R. Howlett" <Liam.Howlett@oracle.com>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>,
Linux Memory Management List <linux-mm@kvack.org>,
Andrew Morton <akpm@linux-foundation.org>,
"Lorenzo Stoakes" <lorenzo.stoakes@oracle.com>,
Bert Karwatzki <spasswolf@web.de>,
"Jiri Olsa" <olsajiri@gmail.com>, Kees Cook <kees@kernel.org>,
Lorenzo Stoakes <lstoakes@gmail.com>,
Matthew Wilcox <willy@infradead.org>,
"Paul E. McKenney" <paulmck@kernel.org>,
Paul Moore <paul@paul-moore.com>,
"Sidhartha Kumar" <sidhartha.kumar@oracle.com>,
Suren Baghdasaryan <surenb@google.com>,
Vlastimil Babka <vbabka@suse.cz>, <oliver.sang@intel.com>
Subject: [linux-next:master] [mm] [confidence: ] 131e4ef350: BUG:kernel_NULL_pointer_dereference,address
Date: Wed, 28 Aug 2024 12:42:43 +0800 [thread overview]
Message-ID: <202408281008.b26bed01-lkp@intel.com> (raw)
Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: 131e4ef350fae9d7bb5077330f4a7805d429d4b7 ("mm: change failure of MAP_FIXED to restoring the gap on failure")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
[test failed on linux-next/master 6f923748057a4f6aa187e0d5b22990d633a48d12]
in testcase: trinity
version:
with following parameters:
runtime: 300s
group: group-03
nr_groups: 5
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+-------------------------------------------------------+------------+------------+
| | 80cb1398c2 | 131e4ef350 |
+-------------------------------------------------------+------------+------------+
| BUG:kernel_NULL_pointer_dereference,address | 0 | 12 |
| Oops:Oops:#[##] | 0 | 12 |
| EIP:mmap_region | 0 | 12 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 12 |
+-------------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202408281008.b26bed01-lkp@intel.com
[ 36.945736][ T3519] BUG: kernel NULL pointer dereference, address: 00000000
[ 36.947543][ T3519] #PF: supervisor read access in kernel mode
[ 36.948751][ T3519] #PF: error_code(0x0000) - not-present page
[ 36.950005][ T3519] *pde = 00000000
[ 36.951050][ T3519] Oops: Oops: 0000 [#1]
[ 36.952388][ T3519] CPU: 0 UID: 0 PID: 3519 Comm: trinity-main Not tainted 6.11.0-rc4-00360-g131e4ef350fa #1
[ 36.955401][ T3519] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 36.958508][ T3519] EIP: mmap_region (mm/vma.h:90 mm/vma.h:187 mm/mmap.c:1625)
[ 36.959891][ T3519] Code: ff 8b 85 0c ff ff ff 85 c0 0f 85 17 01 00 00 8b 45 a8 85 c0 0f 84 8e fe ff ff 80 7d c1 00 0f 85 07 02 00 00 8b 9d 7c ff ff ff <a1> 00 00 00 00 83 7b 1c 01 74 0a 3b 43 04 72 49 39 43 08 72 44 8b
All code
========
0: ff 8b 85 0c ff ff decl -0xf37b(%rbx)
6: ff 85 c0 0f 85 17 incl 0x17850fc0(%rbp)
c: 01 00 add %eax,(%rax)
e: 00 8b 45 a8 85 c0 add %cl,-0x3f7a57bb(%rbx)
14: 0f 84 8e fe ff ff je 0xfffffffffffffea8
1a: 80 7d c1 00 cmpb $0x0,-0x3f(%rbp)
1e: 0f 85 07 02 00 00 jne 0x22b
24: 8b 9d 7c ff ff ff mov -0x84(%rbp),%ebx
2a:* a1 00 00 00 00 83 7b movabs 0x11c7b8300000000,%eax <-- trapping instruction
31: 1c 01
33: 74 0a je 0x3f
35: 3b 43 04 cmp 0x4(%rbx),%eax
38: 72 49 jb 0x83
3a: 39 43 08 cmp %eax,0x8(%rbx)
3d: 72 44 jb 0x83
3f: 8b .byte 0x8b
Code starting with the faulting instruction
===========================================
0: a1 00 00 00 00 83 7b movabs 0x11c7b8300000000,%eax
7: 1c 01
9: 74 0a je 0x15
b: 3b 43 04 cmp 0x4(%rbx),%eax
e: 72 49 jb 0x59
10: 39 43 08 cmp %eax,0x8(%rbx)
13: 72 44 jb 0x59
15: 8b .byte 0x8b
[ 36.965467][ T3519] EAX: 00000001 EBX: ec941df4 ECX: 0003d5a1 EDX: 0003d5a0
[ 36.967583][ T3519] ESI: ecbf3090 EDI: ffffffed EBP: ec941ea0 ESP: ec941d94
[ 36.969628][ T3519] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010246
[ 36.972151][ T3519] CR0: 80050033 CR2: 00000000 CR3: 2c027000 CR4: 00040690
[ 36.976717][ T3519] Call Trace:
[ 36.978114][ T3519] ? show_regs (arch/x86/kernel/dumpstack.c:479)
[ 36.979568][ T3519] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)
[ 36.980890][ T3519] ? debug_locks_off (lib/debug_locks.c:44)
[ 36.982519][ T3519] ? oops_enter (kernel/panic.c:624 kernel/panic.c:682)
[ 36.983919][ T3519] ? page_fault_oops (arch/x86/mm/fault.c:715)
[ 36.985598][ T3519] ? kernelmode_fixup_or_oops+0x68/0x7c
[ 36.987717][ T3519] ? __bad_area_nosemaphore+0x11d/0x1fc
[ 36.989674][ T3519] ? search_extable (lib/extable.c:118)
[ 36.991264][ T3519] ? search_module_extables (kernel/module/main.c:3277)
[ 36.992945][ T3519] ? mmap_region (mm/vma.h:90 mm/vma.h:187 mm/mmap.c:1625)
[ 36.994489][ T3519] ? search_exception_tables (kernel/extable.c:64)
[ 36.996215][ T3519] ? lock_mm_and_find_vma (mm/memory.c:5883 mm/memory.c:5938)
[ 36.997911][ T3519] ? bad_area_nosemaphore (arch/x86/mm/fault.c:835)
[ 36.999481][ T3519] ? do_user_addr_fault (arch/x86/mm/fault.c:1452)
[ 37.001030][ T3519] ? exc_page_fault (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:87 arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539)
[ 37.002529][ T3519] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 37.004196][ T3519] ? handle_exception (arch/x86/entry/entry_32.S:1047)
[ 37.005567][ T3519] ? alloc_pages_bulk_noprof (mm/page_alloc.c:4528)
[ 37.007193][ T3519] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 37.008933][ T3519] ? mmap_region (mm/vma.h:90 mm/vma.h:187 mm/mmap.c:1625)
[ 37.010396][ T3519] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 37.012303][ T3519] ? mmap_region (mm/vma.h:90 mm/vma.h:187 mm/mmap.c:1625)
[ 37.013810][ T3519] ? mas_prev_slot (lib/maple_tree.c:760 lib/maple_tree.c:4553)
[ 37.015420][ T3519] do_mmap (mm/mmap.c:495)
[ 37.016772][ T3519] vm_mmap_pgoff (mm/util.c:588)
[ 37.018235][ T3519] ksys_mmap_pgoff (mm/mmap.c:541)
[ 37.019761][ T3519] __ia32_sys_mmap_pgoff (mm/mmap.c:548)
[ 37.021406][ T3519] ia32_sys_call (arch/x86/entry/syscall_32.c:44)
[ 37.022995][ T3519] __do_fast_syscall_32 (arch/x86/entry/common.c:165 arch/x86/entry/common.c:386)
[ 37.024620][ T3519] do_fast_syscall_32 (arch/x86/entry/common.c:411)
[ 37.026203][ T3519] do_SYSENTER_32 (arch/x86/entry/common.c:450)
[ 37.027715][ T3519] entry_SYSENTER_32 (arch/x86/entry/entry_32.S:836)
[ 37.029275][ T3519] EIP: 0xb7ff1579
[ 37.030483][ T3519] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
All code
========
0: b8 01 10 06 03 mov $0x3061001,%eax
5: 74 b4 je 0xffffffffffffffbb
7: 01 10 add %edx,(%rax)
9: 07 (bad)
a: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
e: 10 08 adc %cl,(%rax)
10: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24:* 89 e5 mov %esp,%ebp <-- trapping instruction
26: 0f 34 sysenter
28: cd 80 int $0x80
2a: 5d pop %rbp
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 8d 76 00 lea 0x0(%rsi),%esi
35: 58 pop %rax
36: b8 77 00 00 00 mov $0x77,%eax
3b: cd 80 int $0x80
3d: 90 nop
3e: 8d .byte 0x8d
3f: 76 .byte 0x76
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 ret
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 8d 76 00 lea 0x0(%rsi),%esi
b: 58 pop %rax
c: b8 77 00 00 00 mov $0x77,%eax
11: cd 80 int $0x80
13: 90 nop
14: 8d .byte 0x8d
15: 76 .byte 0x76
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240828/202408281008.b26bed01-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2024-08-28 4:43 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-28 4:42 kernel test robot [this message]
2024-08-28 8:50 ` Lorenzo Stoakes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202408281008.b26bed01-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=kees@kernel.org \
--cc=linux-mm@kvack.org \
--cc=lkp@intel.com \
--cc=lorenzo.stoakes@oracle.com \
--cc=lstoakes@gmail.com \
--cc=oe-lkp@lists.linux.dev \
--cc=olsajiri@gmail.com \
--cc=paul@paul-moore.com \
--cc=paulmck@kernel.org \
--cc=sidhartha.kumar@oracle.com \
--cc=spasswolf@web.de \
--cc=surenb@google.com \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox