* [vbabka:slub-percpu-sheaves-v3] [slab] c19bb08297: BUG:kernel_NULL_pointer_dereference,address
@ 2025-03-24 6:18 kernel test robot
2025-04-02 14:23 ` Harry Yoo
0 siblings, 1 reply; 4+ messages in thread
From: kernel test robot @ 2025-03-24 6:18 UTC (permalink / raw)
To: Vlastimil Babka; +Cc: oe-lkp, lkp, linux-mm, oliver.sang
Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: c19bb0829736a5c7abe1d1b70d013489d720bb54 ("slab: add opt-in caching layer of percpu sheaves")
https://git.kernel.org/cgit/linux/kernel/git/vbabka/linux.git slub-percpu-sheaves-v3
in testcase: rcutorture
version:
with following parameters:
runtime: 300s
test: cpuhotplug
torture_type: srcud
config: i386-randconfig-005-20250321
compiler: gcc-12
test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------+------------+------------+
| | d52c71b1f1 | c19bb08297 |
+---------------------------------------------+------------+------------+
| boot_successes | 6 | 0 |
| boot_failures | 0 | 6 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 6 |
| Oops | 0 | 6 |
| EIP:slub_cpu_dead | 0 | 6 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 6 |
+---------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202503241413.afff5aa1-lkp@intel.com
[ 100.813833][ T6] BUG: kernel NULL pointer dereference, address: 00000008
[ 100.814405][ T6] #PF: supervisor read access in kernel mode
[ 100.814830][ T6] #PF: error_code(0x0000) - not-present page
[ 100.815260][ T6] *pde = 00000000
[ 100.815526][ T6] Oops: Oops: 0000 [#1] SMP
[ 100.815856][ T6] CPU: 0 UID: 0 PID: 6 Comm: kworker/0:0 Not tainted 6.14.0-rc1-00007-gc19bb0829736 #1
[ 100.816542][ T6] Workqueue: events work_for_cpu_fn
[ 100.816933][ T6] EIP: slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783)
[ 100.817301][ T6] Code: 01 a1 2c 56 a2 43 3d 2c 56 a2 43 74 72 8d 70 b8 8d 76 00 8b 1e 83 7d f0 07 77 7a 8b 45 f0 8b 0c 85 e0 78 5f 43 01 cb 8b 7b 1c <8b> 57 08 85 d2 74 11 8d 4f 0c 89 f0 e8 c0 e3 ff ff c7 47 08 00 00
All code
========
0: 01 a1 2c 56 a2 43 add %esp,0x43a2562c(%rcx)
6: 3d 2c 56 a2 43 cmp $0x43a2562c,%eax
b: 74 72 je 0x7f
d: 8d 70 b8 lea -0x48(%rax),%esi
10: 8d 76 00 lea 0x0(%rsi),%esi
13: 8b 1e mov (%rsi),%ebx
15: 83 7d f0 07 cmpl $0x7,-0x10(%rbp)
19: 77 7a ja 0x95
1b: 8b 45 f0 mov -0x10(%rbp),%eax
1e: 8b 0c 85 e0 78 5f 43 mov 0x435f78e0(,%rax,4),%ecx
25: 01 cb add %ecx,%ebx
27: 8b 7b 1c mov 0x1c(%rbx),%edi
2a:* 8b 57 08 mov 0x8(%rdi),%edx <-- trapping instruction
2d: 85 d2 test %edx,%edx
2f: 74 11 je 0x42
31: 8d 4f 0c lea 0xc(%rdi),%ecx
34: 89 f0 mov %esi,%eax
36: e8 c0 e3 ff ff call 0xffffffffffffe3fb
3b: c7 .byte 0xc7
3c: 47 08 00 rex.RXB or %r8b,(%r8)
...
Code starting with the faulting instruction
===========================================
0: 8b 57 08 mov 0x8(%rdi),%edx
3: 85 d2 test %edx,%edx
5: 74 11 je 0x18
7: 8d 4f 0c lea 0xc(%rdi),%ecx
a: 89 f0 mov %esi,%eax
c: e8 c0 e3 ff ff call 0xffffffffffffe3d1
11: c7 .byte 0xc7
12: 47 08 00 rex.RXB or %r8b,(%r8)
...
[ 100.819393][ T6] EAX: 00000001 EBX: a9148000 ECX: a9148000 EDX: 00000000
[ 100.819900][ T6] ESI: 40392e80 EDI: 00000000 EBP: 401cfe78 ESP: 401cfe68
[ 100.820414][ T6] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010286
[ 100.820969][ T6] CR0: 80050033 CR2: 00000008 CR3: 7c8e9000 CR4: 00040690
[ 100.821493][ T6] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 100.822008][ T6] DR6: fffe0ff0 DR7: 00000400
[ 100.822356][ T6] Call Trace:
[ 100.822609][ T6] ? show_regs (arch/x86/kernel/dumpstack.c:478)
[ 100.822935][ T6] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)
[ 100.823237][ T6] ? page_fault_oops (arch/x86/mm/fault.c:709)
[ 100.823596][ T6] ? kernelmode_fixup_or_oops+0x58/0x70
[ 100.824081][ T6] ? __bad_area_nosemaphore+0x10f/0x1f0
[ 100.824560][ T6] ? hrtimer_interrupt (kernel/time/hrtimer.c:1877)
[ 100.824934][ T6] ? bad_area_nosemaphore (arch/x86/mm/fault.c:834)
[ 100.825309][ T6] ? do_user_addr_fault (arch/x86/mm/fault.c:1451)
[ 100.825686][ T6] ? sysvec_call_function_single (arch/x86/kernel/apic/apic.c:1049)
[ 100.826123][ T6] ? exc_page_fault (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:87 arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1488 arch/x86/mm/fault.c:1538)
[ 100.826474][ T6] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1493)
[ 100.826923][ T6] ? handle_exception (arch/x86/entry/entry_32.S:1055)
[ 100.827294][ T6] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1493)
[ 100.827737][ T6] ? slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783)
[ 100.828071][ T6] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1493)
[ 100.828520][ T6] ? slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783)
[ 100.828861][ T6] ? cpuhp_invoke_callback (kernel/cpu.c:194)
[ 100.829258][ T6] ? __wait_for_common (kernel/sched/completion.c:122)
[ 100.829631][ T6] ? hrtimer_nanosleep_restart (kernel/time/sleep_timeout.c:62)
[ 100.830069][ T6] ? kfree (mm/slub.c:3777)
[ 100.830367][ T6] ? __cpuhp_invoke_callback_range (kernel/cpu.c:967)
[ 100.830805][ T6] ? _cpu_down+0xf9/0x390
[ 100.831205][ T6] ? __cpu_down_maps_locked (kernel/cpu.c:1475)
[ 100.831611][ T6] ? work_for_cpu_fn (kernel/workqueue.c:6731)
[ 100.831966][ T6] ? process_one_work (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/jump_label.h:262 include/trace/events/workqueue.h:110 kernel/workqueue.c:3241)
[ 100.832338][ T6] ? worker_thread (kernel/workqueue.c:3311 kernel/workqueue.c:3398)
[ 100.832694][ T6] ? kthread (kernel/kthread.c:464)
[ 100.833001][ T6] ? rescuer_thread (kernel/workqueue.c:3344)
[ 100.833356][ T6] ? kthreads_online_cpu (kernel/kthread.c:413)
[ 100.833733][ T6] ? ret_from_fork (arch/x86/kernel/process.c:154)
[ 100.838377][ T6] ? kthreads_online_cpu (kernel/kthread.c:413)
[ 100.838752][ T6] ? ret_from_fork_asm (arch/x86/entry/entry_32.S:737)
[ 100.839109][ T6] ? entry_INT80_32 (arch/x86/entry/entry_32.S:945)
[ 100.839472][ T6] Modules linked in: rcutorture torture
[ 100.839877][ T6] CR2: 0000000000000008
[ 100.840173][ T6] ---[ end trace 0000000000000000 ]---
[ 100.840547][ T6] EIP: slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783)
[ 100.840886][ T6] Code: 01 a1 2c 56 a2 43 3d 2c 56 a2 43 74 72 8d 70 b8 8d 76 00 8b 1e 83 7d f0 07 77 7a 8b 45 f0 8b 0c 85 e0 78 5f 43 01 cb 8b 7b 1c <8b> 57 08 85 d2 74 11 8d 4f 0c 89 f0 e8 c0 e3 ff ff c7 47 08 00 00
All code
========
0: 01 a1 2c 56 a2 43 add %esp,0x43a2562c(%rcx)
6: 3d 2c 56 a2 43 cmp $0x43a2562c,%eax
b: 74 72 je 0x7f
d: 8d 70 b8 lea -0x48(%rax),%esi
10: 8d 76 00 lea 0x0(%rsi),%esi
13: 8b 1e mov (%rsi),%ebx
15: 83 7d f0 07 cmpl $0x7,-0x10(%rbp)
19: 77 7a ja 0x95
1b: 8b 45 f0 mov -0x10(%rbp),%eax
1e: 8b 0c 85 e0 78 5f 43 mov 0x435f78e0(,%rax,4),%ecx
25: 01 cb add %ecx,%ebx
27: 8b 7b 1c mov 0x1c(%rbx),%edi
2a:* 8b 57 08 mov 0x8(%rdi),%edx <-- trapping instruction
2d: 85 d2 test %edx,%edx
2f: 74 11 je 0x42
31: 8d 4f 0c lea 0xc(%rdi),%ecx
34: 89 f0 mov %esi,%eax
36: e8 c0 e3 ff ff call 0xffffffffffffe3fb
3b: c7 .byte 0xc7
3c: 47 08 00 rex.RXB or %r8b,(%r8)
...
Code starting with the faulting instruction
===========================================
0: 8b 57 08 mov 0x8(%rdi),%edx
3: 85 d2 test %edx,%edx
5: 74 11 je 0x18
7: 8d 4f 0c lea 0xc(%rdi),%ecx
a: 89 f0 mov %esi,%eax
c: e8 c0 e3 ff ff call 0xffffffffffffe3d1
11: c7 .byte 0xc7
12: 47 08 00 rex.RXB or %r8b,(%r8)
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250324/202503241413.afff5aa1-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [vbabka:slub-percpu-sheaves-v3] [slab] c19bb08297: BUG:kernel_NULL_pointer_dereference,address 2025-03-24 6:18 [vbabka:slub-percpu-sheaves-v3] [slab] c19bb08297: BUG:kernel_NULL_pointer_dereference,address kernel test robot @ 2025-04-02 14:23 ` Harry Yoo 2025-04-02 14:33 ` Vlastimil Babka 0 siblings, 1 reply; 4+ messages in thread From: Harry Yoo @ 2025-04-02 14:23 UTC (permalink / raw) To: kernel test robot; +Cc: Vlastimil Babka, oe-lkp, lkp, linux-mm On Mon, Mar 24, 2025 at 02:18:53PM +0800, kernel test robot wrote: > > > Hello, > > kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on: > > commit: c19bb0829736a5c7abe1d1b70d013489d720bb54 ("slab: add opt-in caching layer of percpu sheaves") > https://git.kernel.org/cgit/linux/kernel/git/vbabka/linux.git slub-percpu-sheaves-v3 If HEAD is commit c19bb0829, no user enables sheaves. That means it's trying to flush sheaves when no users enabled sheaves yet. #syz test: https://git.kernel.org/cgit/linux/kernel/git/vbabka/linux.git slub-percpu-sheaves-v3 diff --git a/mm/slub.c b/mm/slub.c index 2c7b2a85c628..dfd301ce4c76 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -3853,7 +3853,8 @@ static int slub_cpu_dead(unsigned int cpu) mutex_lock(&slab_mutex); list_for_each_entry(s, &slab_caches, list) { __flush_cpu_slab(s, cpu); - __pcs_flush_all_cpu(s, cpu); + if (s->cpu_sheaves) + __pcs_flush_all_cpu(s, cpu); } mutex_unlock(&slab_mutex); return 0; > > in testcase: rcutorture > version: > with following parameters: > > runtime: 300s > test: cpuhotplug > torture_type: srcud > > > > config: i386-randconfig-005-20250321 > compiler: gcc-12 > test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G > > (please refer to attached dmesg/kmsg for entire log/backtrace) > > > +---------------------------------------------+------------+------------+ > | | d52c71b1f1 | c19bb08297 | > +---------------------------------------------+------------+------------+ > | boot_successes | 6 | 0 | > | boot_failures | 0 | 6 | > | BUG:kernel_NULL_pointer_dereference,address | 0 | 6 | > | Oops | 0 | 6 | > | EIP:slub_cpu_dead | 0 | 6 | > | Kernel_panic-not_syncing:Fatal_exception | 0 | 6 | > +---------------------------------------------+------------+------------+ > > > If you fix the issue in a separate patch/commit (i.e. not just a new version of > the same patch/commit), kindly add following tags > | Reported-by: kernel test robot <oliver.sang@intel.com> > | Closes: https://lore.kernel.org/oe-lkp/202503241413.afff5aa1-lkp@intel.com > > > [ 100.813833][ T6] BUG: kernel NULL pointer dereference, address: 00000008 > [ 100.814405][ T6] #PF: supervisor read access in kernel mode > [ 100.814830][ T6] #PF: error_code(0x0000) - not-present page > [ 100.815260][ T6] *pde = 00000000 > [ 100.815526][ T6] Oops: Oops: 0000 [#1] SMP > [ 100.815856][ T6] CPU: 0 UID: 0 PID: 6 Comm: kworker/0:0 Not tainted 6.14.0-rc1-00007-gc19bb0829736 #1 > [ 100.816542][ T6] Workqueue: events work_for_cpu_fn > [ 100.816933][ T6] EIP: slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783) > [ 100.817301][ T6] Code: 01 a1 2c 56 a2 43 3d 2c 56 a2 43 74 72 8d 70 b8 8d 76 00 8b 1e 83 7d f0 07 77 7a 8b 45 f0 8b 0c 85 e0 78 5f 43 01 cb 8b 7b 1c <8b> 57 08 85 d2 74 11 8d 4f 0c 89 f0 e8 c0 e3 ff ff c7 47 08 00 00 > All code > ======== > 0: 01 a1 2c 56 a2 43 add %esp,0x43a2562c(%rcx) > 6: 3d 2c 56 a2 43 cmp $0x43a2562c,%eax > b: 74 72 je 0x7f > d: 8d 70 b8 lea -0x48(%rax),%esi > 10: 8d 76 00 lea 0x0(%rsi),%esi > 13: 8b 1e mov (%rsi),%ebx > 15: 83 7d f0 07 cmpl $0x7,-0x10(%rbp) > 19: 77 7a ja 0x95 > 1b: 8b 45 f0 mov -0x10(%rbp),%eax > 1e: 8b 0c 85 e0 78 5f 43 mov 0x435f78e0(,%rax,4),%ecx > 25: 01 cb add %ecx,%ebx > 27: 8b 7b 1c mov 0x1c(%rbx),%edi > 2a:* 8b 57 08 mov 0x8(%rdi),%edx <-- trapping instruction > 2d: 85 d2 test %edx,%edx > 2f: 74 11 je 0x42 > 31: 8d 4f 0c lea 0xc(%rdi),%ecx > 34: 89 f0 mov %esi,%eax > 36: e8 c0 e3 ff ff call 0xffffffffffffe3fb > 3b: c7 .byte 0xc7 > 3c: 47 08 00 rex.RXB or %r8b,(%r8) > ... > > Code starting with the faulting instruction > =========================================== > 0: 8b 57 08 mov 0x8(%rdi),%edx > 3: 85 d2 test %edx,%edx > 5: 74 11 je 0x18 > 7: 8d 4f 0c lea 0xc(%rdi),%ecx > a: 89 f0 mov %esi,%eax > c: e8 c0 e3 ff ff call 0xffffffffffffe3d1 > 11: c7 .byte 0xc7 > 12: 47 08 00 rex.RXB or %r8b,(%r8) > ... > [ 100.819393][ T6] EAX: 00000001 EBX: a9148000 ECX: a9148000 EDX: 00000000 > [ 100.819900][ T6] ESI: 40392e80 EDI: 00000000 EBP: 401cfe78 ESP: 401cfe68 > [ 100.820414][ T6] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010286 > [ 100.820969][ T6] CR0: 80050033 CR2: 00000008 CR3: 7c8e9000 CR4: 00040690 > [ 100.821493][ T6] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 > [ 100.822008][ T6] DR6: fffe0ff0 DR7: 00000400 > [ 100.822356][ T6] Call Trace: > [ 100.822609][ T6] ? show_regs (arch/x86/kernel/dumpstack.c:478) > [ 100.822935][ T6] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434) > [ 100.823237][ T6] ? page_fault_oops (arch/x86/mm/fault.c:709) > [ 100.823596][ T6] ? kernelmode_fixup_or_oops+0x58/0x70 > [ 100.824081][ T6] ? __bad_area_nosemaphore+0x10f/0x1f0 > [ 100.824560][ T6] ? hrtimer_interrupt (kernel/time/hrtimer.c:1877) > [ 100.824934][ T6] ? bad_area_nosemaphore (arch/x86/mm/fault.c:834) > [ 100.825309][ T6] ? do_user_addr_fault (arch/x86/mm/fault.c:1451) > [ 100.825686][ T6] ? sysvec_call_function_single (arch/x86/kernel/apic/apic.c:1049) > [ 100.826123][ T6] ? exc_page_fault (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:87 arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1488 arch/x86/mm/fault.c:1538) > [ 100.826474][ T6] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1493) > [ 100.826923][ T6] ? handle_exception (arch/x86/entry/entry_32.S:1055) > [ 100.827294][ T6] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1493) > [ 100.827737][ T6] ? slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783) > [ 100.828071][ T6] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1493) > [ 100.828520][ T6] ? slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783) > [ 100.828861][ T6] ? cpuhp_invoke_callback (kernel/cpu.c:194) > [ 100.829258][ T6] ? __wait_for_common (kernel/sched/completion.c:122) > [ 100.829631][ T6] ? hrtimer_nanosleep_restart (kernel/time/sleep_timeout.c:62) > [ 100.830069][ T6] ? kfree (mm/slub.c:3777) > [ 100.830367][ T6] ? __cpuhp_invoke_callback_range (kernel/cpu.c:967) > [ 100.830805][ T6] ? _cpu_down+0xf9/0x390 > [ 100.831205][ T6] ? __cpu_down_maps_locked (kernel/cpu.c:1475) > [ 100.831611][ T6] ? work_for_cpu_fn (kernel/workqueue.c:6731) > [ 100.831966][ T6] ? process_one_work (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/jump_label.h:262 include/trace/events/workqueue.h:110 kernel/workqueue.c:3241) > [ 100.832338][ T6] ? worker_thread (kernel/workqueue.c:3311 kernel/workqueue.c:3398) > [ 100.832694][ T6] ? kthread (kernel/kthread.c:464) > [ 100.833001][ T6] ? rescuer_thread (kernel/workqueue.c:3344) > [ 100.833356][ T6] ? kthreads_online_cpu (kernel/kthread.c:413) > [ 100.833733][ T6] ? ret_from_fork (arch/x86/kernel/process.c:154) > [ 100.838377][ T6] ? kthreads_online_cpu (kernel/kthread.c:413) > [ 100.838752][ T6] ? ret_from_fork_asm (arch/x86/entry/entry_32.S:737) > [ 100.839109][ T6] ? entry_INT80_32 (arch/x86/entry/entry_32.S:945) > [ 100.839472][ T6] Modules linked in: rcutorture torture > [ 100.839877][ T6] CR2: 0000000000000008 > [ 100.840173][ T6] ---[ end trace 0000000000000000 ]--- > [ 100.840547][ T6] EIP: slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783) > [ 100.840886][ T6] Code: 01 a1 2c 56 a2 43 3d 2c 56 a2 43 74 72 8d 70 b8 8d 76 00 8b 1e 83 7d f0 07 77 7a 8b 45 f0 8b 0c 85 e0 78 5f 43 01 cb 8b 7b 1c <8b> 57 08 85 d2 74 11 8d 4f 0c 89 f0 e8 c0 e3 ff ff c7 47 08 00 00 > All code > ======== > 0: 01 a1 2c 56 a2 43 add %esp,0x43a2562c(%rcx) > 6: 3d 2c 56 a2 43 cmp $0x43a2562c,%eax > b: 74 72 je 0x7f > d: 8d 70 b8 lea -0x48(%rax),%esi > 10: 8d 76 00 lea 0x0(%rsi),%esi > 13: 8b 1e mov (%rsi),%ebx > 15: 83 7d f0 07 cmpl $0x7,-0x10(%rbp) > 19: 77 7a ja 0x95 > 1b: 8b 45 f0 mov -0x10(%rbp),%eax > 1e: 8b 0c 85 e0 78 5f 43 mov 0x435f78e0(,%rax,4),%ecx > 25: 01 cb add %ecx,%ebx > 27: 8b 7b 1c mov 0x1c(%rbx),%edi > 2a:* 8b 57 08 mov 0x8(%rdi),%edx <-- trapping instruction > 2d: 85 d2 test %edx,%edx > 2f: 74 11 je 0x42 > 31: 8d 4f 0c lea 0xc(%rdi),%ecx > 34: 89 f0 mov %esi,%eax > 36: e8 c0 e3 ff ff call 0xffffffffffffe3fb > 3b: c7 .byte 0xc7 > 3c: 47 08 00 rex.RXB or %r8b,(%r8) > ... > > Code starting with the faulting instruction > =========================================== > 0: 8b 57 08 mov 0x8(%rdi),%edx > 3: 85 d2 test %edx,%edx > 5: 74 11 je 0x18 > 7: 8d 4f 0c lea 0xc(%rdi),%ecx > a: 89 f0 mov %esi,%eax > c: e8 c0 e3 ff ff call 0xffffffffffffe3d1 > 11: c7 .byte 0xc7 > 12: 47 08 00 rex.RXB or %r8b,(%r8) > > > The kernel config and materials to reproduce are available at: > https://download.01.org/0day-ci/archive/20250324/202503241413.afff5aa1-lkp@intel.com > > > > -- > 0-DAY CI Kernel Test Service > https://github.com/intel/lkp-tests/wiki > -- Cheers, Harry (formerly known as Hyeonggon) ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [vbabka:slub-percpu-sheaves-v3] [slab] c19bb08297: BUG:kernel_NULL_pointer_dereference,address 2025-04-02 14:23 ` Harry Yoo @ 2025-04-02 14:33 ` Vlastimil Babka 2025-04-02 14:37 ` Harry Yoo 0 siblings, 1 reply; 4+ messages in thread From: Vlastimil Babka @ 2025-04-02 14:33 UTC (permalink / raw) To: Harry Yoo, kernel test robot; +Cc: oe-lkp, lkp, linux-mm On 4/2/25 16:23, Harry Yoo wrote: > On Mon, Mar 24, 2025 at 02:18:53PM +0800, kernel test robot wrote: >> >> >> Hello, >> >> kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on: >> >> commit: c19bb0829736a5c7abe1d1b70d013489d720bb54 ("slab: add opt-in caching layer of percpu sheaves") >> https://git.kernel.org/cgit/linux/kernel/git/vbabka/linux.git slub-percpu-sheaves-v3 > > If HEAD is commit c19bb0829, no user enables sheaves. > That means it's trying to flush sheaves when no users enabled sheaves yet. > > #syz test: https://git.kernel.org/cgit/linux/kernel/git/vbabka/linux.git slub-percpu-sheaves-v3 Uh this is lkp not syzbot so likely won't do anything. > diff --git a/mm/slub.c b/mm/slub.c > index 2c7b2a85c628..dfd301ce4c76 100644 > --- a/mm/slub.c > +++ b/mm/slub.c > @@ -3853,7 +3853,8 @@ static int slub_cpu_dead(unsigned int cpu) > mutex_lock(&slab_mutex); > list_for_each_entry(s, &slab_caches, list) { > __flush_cpu_slab(s, cpu); > - __pcs_flush_all_cpu(s, cpu); > + if (s->cpu_sheaves) > + __pcs_flush_all_cpu(s, cpu); > } > mutex_unlock(&slab_mutex); > return 0; Thanks Harry! Will apply it and push a new branch probably called slub-percpu-sheaves-v4r0 for now. >> >> in testcase: rcutorture >> version: >> with following parameters: >> >> runtime: 300s >> test: cpuhotplug >> torture_type: srcud >> >> >> >> config: i386-randconfig-005-20250321 >> compiler: gcc-12 >> test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G >> >> (please refer to attached dmesg/kmsg for entire log/backtrace) >> >> >> +---------------------------------------------+------------+------------+ >> | | d52c71b1f1 | c19bb08297 | >> +---------------------------------------------+------------+------------+ >> | boot_successes | 6 | 0 | >> | boot_failures | 0 | 6 | >> | BUG:kernel_NULL_pointer_dereference,address | 0 | 6 | >> | Oops | 0 | 6 | >> | EIP:slub_cpu_dead | 0 | 6 | >> | Kernel_panic-not_syncing:Fatal_exception | 0 | 6 | >> +---------------------------------------------+------------+------------+ >> >> >> If you fix the issue in a separate patch/commit (i.e. not just a new version of >> the same patch/commit), kindly add following tags >> | Reported-by: kernel test robot <oliver.sang@intel.com> >> | Closes: https://lore.kernel.org/oe-lkp/202503241413.afff5aa1-lkp@intel.com >> >> >> [ 100.813833][ T6] BUG: kernel NULL pointer dereference, address: 00000008 >> [ 100.814405][ T6] #PF: supervisor read access in kernel mode >> [ 100.814830][ T6] #PF: error_code(0x0000) - not-present page >> [ 100.815260][ T6] *pde = 00000000 >> [ 100.815526][ T6] Oops: Oops: 0000 [#1] SMP >> [ 100.815856][ T6] CPU: 0 UID: 0 PID: 6 Comm: kworker/0:0 Not tainted 6.14.0-rc1-00007-gc19bb0829736 #1 >> [ 100.816542][ T6] Workqueue: events work_for_cpu_fn >> [ 100.816933][ T6] EIP: slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783) >> [ 100.817301][ T6] Code: 01 a1 2c 56 a2 43 3d 2c 56 a2 43 74 72 8d 70 b8 8d 76 00 8b 1e 83 7d f0 07 77 7a 8b 45 f0 8b 0c 85 e0 78 5f 43 01 cb 8b 7b 1c <8b> 57 08 85 d2 74 11 8d 4f 0c 89 f0 e8 c0 e3 ff ff c7 47 08 00 00 >> All code >> ======== >> 0: 01 a1 2c 56 a2 43 add %esp,0x43a2562c(%rcx) >> 6: 3d 2c 56 a2 43 cmp $0x43a2562c,%eax >> b: 74 72 je 0x7f >> d: 8d 70 b8 lea -0x48(%rax),%esi >> 10: 8d 76 00 lea 0x0(%rsi),%esi >> 13: 8b 1e mov (%rsi),%ebx >> 15: 83 7d f0 07 cmpl $0x7,-0x10(%rbp) >> 19: 77 7a ja 0x95 >> 1b: 8b 45 f0 mov -0x10(%rbp),%eax >> 1e: 8b 0c 85 e0 78 5f 43 mov 0x435f78e0(,%rax,4),%ecx >> 25: 01 cb add %ecx,%ebx >> 27: 8b 7b 1c mov 0x1c(%rbx),%edi >> 2a:* 8b 57 08 mov 0x8(%rdi),%edx <-- trapping instruction >> 2d: 85 d2 test %edx,%edx >> 2f: 74 11 je 0x42 >> 31: 8d 4f 0c lea 0xc(%rdi),%ecx >> 34: 89 f0 mov %esi,%eax >> 36: e8 c0 e3 ff ff call 0xffffffffffffe3fb >> 3b: c7 .byte 0xc7 >> 3c: 47 08 00 rex.RXB or %r8b,(%r8) >> ... >> >> Code starting with the faulting instruction >> =========================================== >> 0: 8b 57 08 mov 0x8(%rdi),%edx >> 3: 85 d2 test %edx,%edx >> 5: 74 11 je 0x18 >> 7: 8d 4f 0c lea 0xc(%rdi),%ecx >> a: 89 f0 mov %esi,%eax >> c: e8 c0 e3 ff ff call 0xffffffffffffe3d1 >> 11: c7 .byte 0xc7 >> 12: 47 08 00 rex.RXB or %r8b,(%r8) >> ... >> [ 100.819393][ T6] EAX: 00000001 EBX: a9148000 ECX: a9148000 EDX: 00000000 >> [ 100.819900][ T6] ESI: 40392e80 EDI: 00000000 EBP: 401cfe78 ESP: 401cfe68 >> [ 100.820414][ T6] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010286 >> [ 100.820969][ T6] CR0: 80050033 CR2: 00000008 CR3: 7c8e9000 CR4: 00040690 >> [ 100.821493][ T6] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 >> [ 100.822008][ T6] DR6: fffe0ff0 DR7: 00000400 >> [ 100.822356][ T6] Call Trace: >> [ 100.822609][ T6] ? show_regs (arch/x86/kernel/dumpstack.c:478) >> [ 100.822935][ T6] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434) >> [ 100.823237][ T6] ? page_fault_oops (arch/x86/mm/fault.c:709) >> [ 100.823596][ T6] ? kernelmode_fixup_or_oops+0x58/0x70 >> [ 100.824081][ T6] ? __bad_area_nosemaphore+0x10f/0x1f0 >> [ 100.824560][ T6] ? hrtimer_interrupt (kernel/time/hrtimer.c:1877) >> [ 100.824934][ T6] ? bad_area_nosemaphore (arch/x86/mm/fault.c:834) >> [ 100.825309][ T6] ? do_user_addr_fault (arch/x86/mm/fault.c:1451) >> [ 100.825686][ T6] ? sysvec_call_function_single (arch/x86/kernel/apic/apic.c:1049) >> [ 100.826123][ T6] ? exc_page_fault (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:87 arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1488 arch/x86/mm/fault.c:1538) >> [ 100.826474][ T6] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1493) >> [ 100.826923][ T6] ? handle_exception (arch/x86/entry/entry_32.S:1055) >> [ 100.827294][ T6] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1493) >> [ 100.827737][ T6] ? slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783) >> [ 100.828071][ T6] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1493) >> [ 100.828520][ T6] ? slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783) >> [ 100.828861][ T6] ? cpuhp_invoke_callback (kernel/cpu.c:194) >> [ 100.829258][ T6] ? __wait_for_common (kernel/sched/completion.c:122) >> [ 100.829631][ T6] ? hrtimer_nanosleep_restart (kernel/time/sleep_timeout.c:62) >> [ 100.830069][ T6] ? kfree (mm/slub.c:3777) >> [ 100.830367][ T6] ? __cpuhp_invoke_callback_range (kernel/cpu.c:967) >> [ 100.830805][ T6] ? _cpu_down+0xf9/0x390 >> [ 100.831205][ T6] ? __cpu_down_maps_locked (kernel/cpu.c:1475) >> [ 100.831611][ T6] ? work_for_cpu_fn (kernel/workqueue.c:6731) >> [ 100.831966][ T6] ? process_one_work (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/jump_label.h:262 include/trace/events/workqueue.h:110 kernel/workqueue.c:3241) >> [ 100.832338][ T6] ? worker_thread (kernel/workqueue.c:3311 kernel/workqueue.c:3398) >> [ 100.832694][ T6] ? kthread (kernel/kthread.c:464) >> [ 100.833001][ T6] ? rescuer_thread (kernel/workqueue.c:3344) >> [ 100.833356][ T6] ? kthreads_online_cpu (kernel/kthread.c:413) >> [ 100.833733][ T6] ? ret_from_fork (arch/x86/kernel/process.c:154) >> [ 100.838377][ T6] ? kthreads_online_cpu (kernel/kthread.c:413) >> [ 100.838752][ T6] ? ret_from_fork_asm (arch/x86/entry/entry_32.S:737) >> [ 100.839109][ T6] ? entry_INT80_32 (arch/x86/entry/entry_32.S:945) >> [ 100.839472][ T6] Modules linked in: rcutorture torture >> [ 100.839877][ T6] CR2: 0000000000000008 >> [ 100.840173][ T6] ---[ end trace 0000000000000000 ]--- >> [ 100.840547][ T6] EIP: slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783) >> [ 100.840886][ T6] Code: 01 a1 2c 56 a2 43 3d 2c 56 a2 43 74 72 8d 70 b8 8d 76 00 8b 1e 83 7d f0 07 77 7a 8b 45 f0 8b 0c 85 e0 78 5f 43 01 cb 8b 7b 1c <8b> 57 08 85 d2 74 11 8d 4f 0c 89 f0 e8 c0 e3 ff ff c7 47 08 00 00 >> All code >> ======== >> 0: 01 a1 2c 56 a2 43 add %esp,0x43a2562c(%rcx) >> 6: 3d 2c 56 a2 43 cmp $0x43a2562c,%eax >> b: 74 72 je 0x7f >> d: 8d 70 b8 lea -0x48(%rax),%esi >> 10: 8d 76 00 lea 0x0(%rsi),%esi >> 13: 8b 1e mov (%rsi),%ebx >> 15: 83 7d f0 07 cmpl $0x7,-0x10(%rbp) >> 19: 77 7a ja 0x95 >> 1b: 8b 45 f0 mov -0x10(%rbp),%eax >> 1e: 8b 0c 85 e0 78 5f 43 mov 0x435f78e0(,%rax,4),%ecx >> 25: 01 cb add %ecx,%ebx >> 27: 8b 7b 1c mov 0x1c(%rbx),%edi >> 2a:* 8b 57 08 mov 0x8(%rdi),%edx <-- trapping instruction >> 2d: 85 d2 test %edx,%edx >> 2f: 74 11 je 0x42 >> 31: 8d 4f 0c lea 0xc(%rdi),%ecx >> 34: 89 f0 mov %esi,%eax >> 36: e8 c0 e3 ff ff call 0xffffffffffffe3fb >> 3b: c7 .byte 0xc7 >> 3c: 47 08 00 rex.RXB or %r8b,(%r8) >> ... >> >> Code starting with the faulting instruction >> =========================================== >> 0: 8b 57 08 mov 0x8(%rdi),%edx >> 3: 85 d2 test %edx,%edx >> 5: 74 11 je 0x18 >> 7: 8d 4f 0c lea 0xc(%rdi),%ecx >> a: 89 f0 mov %esi,%eax >> c: e8 c0 e3 ff ff call 0xffffffffffffe3d1 >> 11: c7 .byte 0xc7 >> 12: 47 08 00 rex.RXB or %r8b,(%r8) >> >> >> The kernel config and materials to reproduce are available at: >> https://download.01.org/0day-ci/archive/20250324/202503241413.afff5aa1-lkp@intel.com >> >> >> >> -- >> 0-DAY CI Kernel Test Service >> https://github.com/intel/lkp-tests/wiki >> > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [vbabka:slub-percpu-sheaves-v3] [slab] c19bb08297: BUG:kernel_NULL_pointer_dereference,address 2025-04-02 14:33 ` Vlastimil Babka @ 2025-04-02 14:37 ` Harry Yoo 0 siblings, 0 replies; 4+ messages in thread From: Harry Yoo @ 2025-04-02 14:37 UTC (permalink / raw) To: Vlastimil Babka; +Cc: kernel test robot, oe-lkp, lkp, linux-mm On Wed, Apr 02, 2025 at 04:33:05PM +0200, Vlastimil Babka wrote: > On 4/2/25 16:23, Harry Yoo wrote: > > On Mon, Mar 24, 2025 at 02:18:53PM +0800, kernel test robot wrote: > >> > >> > >> Hello, > >> > >> kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on: > >> > >> commit: c19bb0829736a5c7abe1d1b70d013489d720bb54 ("slab: add opt-in caching layer of percpu sheaves") > >> https://git.kernel.org/cgit/linux/kernel/git/vbabka/linux.git slub-percpu-sheaves-v3 > > > > If HEAD is commit c19bb0829, no user enables sheaves. > > That means it's trying to flush sheaves when no users enabled sheaves yet. > > > > #syz test: https://git.kernel.org/cgit/linux/kernel/git/vbabka/linux.git slub-percpu-sheaves-v3 > > Uh this is lkp not syzbot so likely won't do anything. Nah, you're right :) it just slipped my mind. > > diff --git a/mm/slub.c b/mm/slub.c > > index 2c7b2a85c628..dfd301ce4c76 100644 > > --- a/mm/slub.c > > +++ b/mm/slub.c > > @@ -3853,7 +3853,8 @@ static int slub_cpu_dead(unsigned int cpu) > > mutex_lock(&slab_mutex); > > list_for_each_entry(s, &slab_caches, list) { > > __flush_cpu_slab(s, cpu); > > - __pcs_flush_all_cpu(s, cpu); > > + if (s->cpu_sheaves) > > + __pcs_flush_all_cpu(s, cpu); > > } > > mutex_unlock(&slab_mutex); > > return 0; > > Thanks Harry! Will apply it and push a new branch probably called > slub-percpu-sheaves-v4r0 for now. Thanks! > >> > >> in testcase: rcutorture > >> version: > >> with following parameters: > >> > >> runtime: 300s > >> test: cpuhotplug > >> torture_type: srcud > >> > >> > >> > >> config: i386-randconfig-005-20250321 > >> compiler: gcc-12 > >> test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G > >> > >> (please refer to attached dmesg/kmsg for entire log/backtrace) > >> > >> > >> +---------------------------------------------+------------+------------+ > >> | | d52c71b1f1 | c19bb08297 | > >> +---------------------------------------------+------------+------------+ > >> | boot_successes | 6 | 0 | > >> | boot_failures | 0 | 6 | > >> | BUG:kernel_NULL_pointer_dereference,address | 0 | 6 | > >> | Oops | 0 | 6 | > >> | EIP:slub_cpu_dead | 0 | 6 | > >> | Kernel_panic-not_syncing:Fatal_exception | 0 | 6 | > >> +---------------------------------------------+------------+------------+ > >> > >> > >> If you fix the issue in a separate patch/commit (i.e. not just a new version of > >> the same patch/commit), kindly add following tags > >> | Reported-by: kernel test robot <oliver.sang@intel.com> > >> | Closes: https://lore.kernel.org/oe-lkp/202503241413.afff5aa1-lkp@intel.com > >> > >> > >> [ 100.813833][ T6] BUG: kernel NULL pointer dereference, address: 00000008 > >> [ 100.814405][ T6] #PF: supervisor read access in kernel mode > >> [ 100.814830][ T6] #PF: error_code(0x0000) - not-present page > >> [ 100.815260][ T6] *pde = 00000000 > >> [ 100.815526][ T6] Oops: Oops: 0000 [#1] SMP > >> [ 100.815856][ T6] CPU: 0 UID: 0 PID: 6 Comm: kworker/0:0 Not tainted 6.14.0-rc1-00007-gc19bb0829736 #1 > >> [ 100.816542][ T6] Workqueue: events work_for_cpu_fn > >> [ 100.816933][ T6] EIP: slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783) > >> [ 100.817301][ T6] Code: 01 a1 2c 56 a2 43 3d 2c 56 a2 43 74 72 8d 70 b8 8d 76 00 8b 1e 83 7d f0 07 77 7a 8b 45 f0 8b 0c 85 e0 78 5f 43 01 cb 8b 7b 1c <8b> 57 08 85 d2 74 11 8d 4f 0c 89 f0 e8 c0 e3 ff ff c7 47 08 00 00 > >> All code > >> ======== > >> 0: 01 a1 2c 56 a2 43 add %esp,0x43a2562c(%rcx) > >> 6: 3d 2c 56 a2 43 cmp $0x43a2562c,%eax > >> b: 74 72 je 0x7f > >> d: 8d 70 b8 lea -0x48(%rax),%esi > >> 10: 8d 76 00 lea 0x0(%rsi),%esi > >> 13: 8b 1e mov (%rsi),%ebx > >> 15: 83 7d f0 07 cmpl $0x7,-0x10(%rbp) > >> 19: 77 7a ja 0x95 > >> 1b: 8b 45 f0 mov -0x10(%rbp),%eax > >> 1e: 8b 0c 85 e0 78 5f 43 mov 0x435f78e0(,%rax,4),%ecx > >> 25: 01 cb add %ecx,%ebx > >> 27: 8b 7b 1c mov 0x1c(%rbx),%edi > >> 2a:* 8b 57 08 mov 0x8(%rdi),%edx <-- trapping instruction > >> 2d: 85 d2 test %edx,%edx > >> 2f: 74 11 je 0x42 > >> 31: 8d 4f 0c lea 0xc(%rdi),%ecx > >> 34: 89 f0 mov %esi,%eax > >> 36: e8 c0 e3 ff ff call 0xffffffffffffe3fb > >> 3b: c7 .byte 0xc7 > >> 3c: 47 08 00 rex.RXB or %r8b,(%r8) > >> ... > >> > >> Code starting with the faulting instruction > >> =========================================== > >> 0: 8b 57 08 mov 0x8(%rdi),%edx > >> 3: 85 d2 test %edx,%edx > >> 5: 74 11 je 0x18 > >> 7: 8d 4f 0c lea 0xc(%rdi),%ecx > >> a: 89 f0 mov %esi,%eax > >> c: e8 c0 e3 ff ff call 0xffffffffffffe3d1 > >> 11: c7 .byte 0xc7 > >> 12: 47 08 00 rex.RXB or %r8b,(%r8) > >> ... > >> [ 100.819393][ T6] EAX: 00000001 EBX: a9148000 ECX: a9148000 EDX: 00000000 > >> [ 100.819900][ T6] ESI: 40392e80 EDI: 00000000 EBP: 401cfe78 ESP: 401cfe68 > >> [ 100.820414][ T6] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010286 > >> [ 100.820969][ T6] CR0: 80050033 CR2: 00000008 CR3: 7c8e9000 CR4: 00040690 > >> [ 100.821493][ T6] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 > >> [ 100.822008][ T6] DR6: fffe0ff0 DR7: 00000400 > >> [ 100.822356][ T6] Call Trace: > >> [ 100.822609][ T6] ? show_regs (arch/x86/kernel/dumpstack.c:478) > >> [ 100.822935][ T6] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434) > >> [ 100.823237][ T6] ? page_fault_oops (arch/x86/mm/fault.c:709) > >> [ 100.823596][ T6] ? kernelmode_fixup_or_oops+0x58/0x70 > >> [ 100.824081][ T6] ? __bad_area_nosemaphore+0x10f/0x1f0 > >> [ 100.824560][ T6] ? hrtimer_interrupt (kernel/time/hrtimer.c:1877) > >> [ 100.824934][ T6] ? bad_area_nosemaphore (arch/x86/mm/fault.c:834) > >> [ 100.825309][ T6] ? do_user_addr_fault (arch/x86/mm/fault.c:1451) > >> [ 100.825686][ T6] ? sysvec_call_function_single (arch/x86/kernel/apic/apic.c:1049) > >> [ 100.826123][ T6] ? exc_page_fault (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:87 arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1488 arch/x86/mm/fault.c:1538) > >> [ 100.826474][ T6] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1493) > >> [ 100.826923][ T6] ? handle_exception (arch/x86/entry/entry_32.S:1055) > >> [ 100.827294][ T6] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1493) > >> [ 100.827737][ T6] ? slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783) > >> [ 100.828071][ T6] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1493) > >> [ 100.828520][ T6] ? slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783) > >> [ 100.828861][ T6] ? cpuhp_invoke_callback (kernel/cpu.c:194) > >> [ 100.829258][ T6] ? __wait_for_common (kernel/sched/completion.c:122) > >> [ 100.829631][ T6] ? hrtimer_nanosleep_restart (kernel/time/sleep_timeout.c:62) > >> [ 100.830069][ T6] ? kfree (mm/slub.c:3777) > >> [ 100.830367][ T6] ? __cpuhp_invoke_callback_range (kernel/cpu.c:967) > >> [ 100.830805][ T6] ? _cpu_down+0xf9/0x390 > >> [ 100.831205][ T6] ? __cpu_down_maps_locked (kernel/cpu.c:1475) > >> [ 100.831611][ T6] ? work_for_cpu_fn (kernel/workqueue.c:6731) > >> [ 100.831966][ T6] ? process_one_work (arch/x86/include/asm/atomic.h:23 include/linux/atomic/atomic-arch-fallback.h:457 include/linux/jump_label.h:262 include/trace/events/workqueue.h:110 kernel/workqueue.c:3241) > >> [ 100.832338][ T6] ? worker_thread (kernel/workqueue.c:3311 kernel/workqueue.c:3398) > >> [ 100.832694][ T6] ? kthread (kernel/kthread.c:464) > >> [ 100.833001][ T6] ? rescuer_thread (kernel/workqueue.c:3344) > >> [ 100.833356][ T6] ? kthreads_online_cpu (kernel/kthread.c:413) > >> [ 100.833733][ T6] ? ret_from_fork (arch/x86/kernel/process.c:154) > >> [ 100.838377][ T6] ? kthreads_online_cpu (kernel/kthread.c:413) > >> [ 100.838752][ T6] ? ret_from_fork_asm (arch/x86/entry/entry_32.S:737) > >> [ 100.839109][ T6] ? entry_INT80_32 (arch/x86/entry/entry_32.S:945) > >> [ 100.839472][ T6] Modules linked in: rcutorture torture > >> [ 100.839877][ T6] CR2: 0000000000000008 > >> [ 100.840173][ T6] ---[ end trace 0000000000000000 ]--- > >> [ 100.840547][ T6] EIP: slub_cpu_dead (mm/slub.c:2578 mm/slub.c:2625 mm/slub.c:3783) > >> [ 100.840886][ T6] Code: 01 a1 2c 56 a2 43 3d 2c 56 a2 43 74 72 8d 70 b8 8d 76 00 8b 1e 83 7d f0 07 77 7a 8b 45 f0 8b 0c 85 e0 78 5f 43 01 cb 8b 7b 1c <8b> 57 08 85 d2 74 11 8d 4f 0c 89 f0 e8 c0 e3 ff ff c7 47 08 00 00 > >> All code > >> ======== > >> 0: 01 a1 2c 56 a2 43 add %esp,0x43a2562c(%rcx) > >> 6: 3d 2c 56 a2 43 cmp $0x43a2562c,%eax > >> b: 74 72 je 0x7f > >> d: 8d 70 b8 lea -0x48(%rax),%esi > >> 10: 8d 76 00 lea 0x0(%rsi),%esi > >> 13: 8b 1e mov (%rsi),%ebx > >> 15: 83 7d f0 07 cmpl $0x7,-0x10(%rbp) > >> 19: 77 7a ja 0x95 > >> 1b: 8b 45 f0 mov -0x10(%rbp),%eax > >> 1e: 8b 0c 85 e0 78 5f 43 mov 0x435f78e0(,%rax,4),%ecx > >> 25: 01 cb add %ecx,%ebx > >> 27: 8b 7b 1c mov 0x1c(%rbx),%edi > >> 2a:* 8b 57 08 mov 0x8(%rdi),%edx <-- trapping instruction > >> 2d: 85 d2 test %edx,%edx > >> 2f: 74 11 je 0x42 > >> 31: 8d 4f 0c lea 0xc(%rdi),%ecx > >> 34: 89 f0 mov %esi,%eax > >> 36: e8 c0 e3 ff ff call 0xffffffffffffe3fb > >> 3b: c7 .byte 0xc7 > >> 3c: 47 08 00 rex.RXB or %r8b,(%r8) > >> ... > >> > >> Code starting with the faulting instruction > >> =========================================== > >> 0: 8b 57 08 mov 0x8(%rdi),%edx > >> 3: 85 d2 test %edx,%edx > >> 5: 74 11 je 0x18 > >> 7: 8d 4f 0c lea 0xc(%rdi),%ecx > >> a: 89 f0 mov %esi,%eax > >> c: e8 c0 e3 ff ff call 0xffffffffffffe3d1 > >> 11: c7 .byte 0xc7 > >> 12: 47 08 00 rex.RXB or %r8b,(%r8) > >> > >> > >> The kernel config and materials to reproduce are available at: > >> https://download.01.org/0day-ci/archive/20250324/202503241413.afff5aa1-lkp@intel.com > >> > >> > >> > >> -- > >> 0-DAY CI Kernel Test Service > >> https://github.com/intel/lkp-tests/wiki > >> > > > -- Cheers, Harry (formerly known as Hyeonggon) ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-04-02 14:38 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2025-03-24 6:18 [vbabka:slub-percpu-sheaves-v3] [slab] c19bb08297: BUG:kernel_NULL_pointer_dereference,address kernel test robot 2025-04-02 14:23 ` Harry Yoo 2025-04-02 14:33 ` Vlastimil Babka 2025-04-02 14:37 ` Harry Yoo
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox