From: kernel test robot <oliver.sang@intel.com>
To: "Matthew Wilcox (Oracle)" <willy@infradead.org>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>,
Axel Rasmussen <axelrasmussen@google.com>, <linux-mm@kvack.org>,
Johannes Weiner <hannes@cmpxchg.org>,
Michal Hocko <mhocko@kernel.org>,
Roman Gushchin <roman.gushchin@linux.dev>,
Shakeel Butt <shakeel.butt@linux.dev>, <cgroups@vger.kernel.org>,
"Matthew Wilcox (Oracle)" <willy@infradead.org>,
<oliver.sang@intel.com>
Subject: Re: [PATCH 3/3] ptdesc: Account page tables to memcgs again
Date: Thu, 5 Mar 2026 15:00:34 +0800 [thread overview]
Message-ID: <202603051407.fde83fdb-lkp@intel.com> (raw)
In-Reply-To: <20260225162319.315281-4-willy@infradead.org>
Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: 1445ef3d5f2fefd1fcedb68cff3fff0a33994791 ("[PATCH 3/3] ptdesc: Account page tables to memcgs again")
url: https://github.com/intel-lab-lkp/linux/commits/Matthew-Wilcox-Oracle/memcg-Add-memcg_stat_mod/20260226-003144
base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/all/20260225162319.315281-4-willy@infradead.org/
patch subject: [PATCH 3/3] ptdesc: Account page tables to memcgs again
in testcase: boot
config: x86_64-randconfig-r052-20250414
compiler: gcc-14
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202603051407.fde83fdb-lkp@intel.com
[ 14.109191][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000880
[ 14.109653][ T1] #PF: supervisor read access in kernel mode
[ 14.109989][ T1] #PF: error_code(0x0000) - not-present page
[ 14.110322][ T1] PGD 12a8ff067 P4D 12a8ff067 PUD 0
[ 14.110622][ T1] Oops: Oops: 0000 [#1] SMP
[ 14.110878][ T1] CPU: 0 UID: 0 PID: 1 Comm: systemd Not tainted 7.0.0-rc1-00154-g1445ef3d5f2f #1 PREEMPT(full)
[ 14.111462][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 14.112082][ T1] RIP: 0010:mem_cgroup_lruvec (include/linux/memcontrol.h:729 (discriminator 1))
[ 14.112396][ T1] Code: 74 09 48 8d 83 40 22 00 00 eb 1f 4d 85 e4 75 07 4c 8b 25 bd c3 1e 02 48 63 83 b8 1e 00 00 49 8b 84 c4 58 07 00 00 48 83 c0 40 <48> 39 98 40 08 00 00 74 07 48 89 98 40 08 00 00 5b 41 5c 5d c3 cc
All code
========
0: 74 09 je 0xb
2: 48 8d 83 40 22 00 00 lea 0x2240(%rbx),%rax
9: eb 1f jmp 0x2a
b: 4d 85 e4 test %r12,%r12
e: 75 07 jne 0x17
10: 4c 8b 25 bd c3 1e 02 mov 0x21ec3bd(%rip),%r12 # 0x21ec3d4
17: 48 63 83 b8 1e 00 00 movslq 0x1eb8(%rbx),%rax
1e: 49 8b 84 c4 58 07 00 mov 0x758(%r12,%rax,8),%rax
25: 00
26: 48 83 c0 40 add $0x40,%rax
2a:* 48 39 98 40 08 00 00 cmp %rbx,0x840(%rax) <-- trapping instruction
31: 74 07 je 0x3a
33: 48 89 98 40 08 00 00 mov %rbx,0x840(%rax)
3a: 5b pop %rbx
3b: 41 5c pop %r12
3d: 5d pop %rbp
3e: c3 ret
3f: cc int3
Code starting with the faulting instruction
===========================================
0: 48 39 98 40 08 00 00 cmp %rbx,0x840(%rax)
7: 74 07 je 0x10
9: 48 89 98 40 08 00 00 mov %rbx,0x840(%rax)
10: 5b pop %rbx
11: 41 5c pop %r12
13: 5d pop %rbp
14: c3 ret
15: cc int3
[ 14.113448][ T1] RSP: 0018:ffff888101467c10 EFLAGS: 00210202
[ 14.113783][ T1] RAX: 0000000000000040 RBX: ffffffff83708880 RCX: 0000000000000001
[ 14.114217][ T1] RDX: 0000000000000001 RSI: ffffffff83708880 RDI: ffff88812a845f82
[ 14.114652][ T1] RBP: ffff888101467c20 R08: 0000000000000000 R09: 0000000000000000
[ 14.115087][ T1] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88812a845f82
[ 14.115979][ T1] R13: ffff888105fdd3a8 R14: ffff888105fdd740 R15: ffff888101442000
[ 14.116421][ T1] FS: 0000000000000000(0000) GS:ffff88889bc98000(0063) knlGS:00000000f72f8840
[ 14.116911][ T1] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 14.117276][ T1] CR2: 0000000000000880 CR3: 000000012b816000 CR4: 00000000000406f0
[ 14.117713][ T1] Call Trace:
[ 14.117901][ T1] <TASK>
[ 14.118070][ T1] memcg_stat_mod (mm/memcontrol.c:804)
[ 14.118328][ T1] __pagetable_ctor (include/linux/mm.h:3547)
[ 14.118595][ T1] pgd_alloc (include/asm-generic/pgalloc.h:291 arch/x86/mm/pgtable.c:314 arch/x86/mm/pgtable.c:328)
[ 14.118863][ T1] mm_init+0x210/0x390
[ 14.119129][ T1] dup_mm+0x45/0xe0
[ 14.119401][ T1] copy_process (kernel/fork.c:1587 (discriminator 1) kernel/fork.c:2228 (discriminator 1))
[ 14.119661][ T1] ? free_filename (fs/namei.c:148)
[ 14.119930][ T1] kernel_clone (include/linux/random.h:26 kernel/fork.c:2660)
[ 14.120200][ T1] __do_compat_sys_ia32_clone (arch/x86/kernel/sys_ia32.c:255)
[ 14.120519][ T1] __ia32_compat_sys_ia32_clone (arch/x86/kernel/sys_ia32.c:240)
[ 14.120837][ T1] ia32_sys_call (kbuild/obj/consumer/x86_64-randconfig-r052-20250414/./arch/x86/include/generated/asm/syscalls_32.h:121)
[ 14.121105][ T1] __do_fast_syscall_32 (arch/x86/entry/syscall_32.c:83 arch/x86/entry/syscall_32.c:307)
[ 14.121398][ T1] do_fast_syscall_32 (arch/x86/entry/syscall_32.c:332 (discriminator 1))
[ 14.121671][ T1] do_SYSENTER_32 (arch/x86/entry/syscall_32.c:371)
[ 14.121926][ T1] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:127)
[ 14.122298][ T1] RIP: 0023:0xf7f9c38c
[ 14.122527][ T1] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8
All code
========
0: d2 74 05 c1 shlb %cl,-0x3f(%rbp,%rax,1)
4: e8 0c 89 02 8b call 0xffffffff8b028915
9: 5d pop %rbp
a: fc cld
b: 31 c0 xor %eax,%eax
d: c9 leave
e: c3 ret
f: cc int3
10: 90 nop
11: 90 nop
12: 90 nop
13: 90 nop
14: 90 nop
15: 90 nop
16: 90 nop
17: 90 nop
18: 90 nop
19: 90 nop
1a: 90 nop
1b: 90 nop
1c: 90 nop
1d: 90 nop
1e: 0f 1f 00 nopl (%rax)
21: 51 push %rcx
22: 52 push %rdx
23: 55 push %rbp
24: 89 e5 mov %esp,%ebp
26: 0f 34 sysenter
28: cd 80 int $0x80
2a:* 5d pop %rbp <-- trapping instruction
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: cc int3
2f: 90 nop
30: 90 nop
31: 90 nop
32: 90 nop
33: 90 nop
34: 90 nop
35: 90 nop
36: 90 nop
37: 90 nop
38: 90 nop
39: 90 nop
3a: 90 nop
3b: 90 nop
3c: 90 nop
3d: 90 nop
3e: 58 pop %rax
3f: b8 .byte 0xb8
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 ret
4: cc int3
5: 90 nop
6: 90 nop
7: 90 nop
8: 90 nop
9: 90 nop
a: 90 nop
b: 90 nop
c: 90 nop
d: 90 nop
e: 90 nop
f: 90 nop
10: 90 nop
11: 90 nop
12: 90 nop
13: 90 nop
14: 58 pop %rax
15: b8 .byte 0xb8
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260305/202603051407.fde83fdb-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
prev parent reply other threads:[~2026-03-05 7:00 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-25 16:22 [PATCH 0/3] Make memcg location more flexible Matthew Wilcox (Oracle)
2026-02-25 16:22 ` [PATCH 1/3] memcg: Add memcg_stat_mod() Matthew Wilcox (Oracle)
2026-02-25 19:22 ` Johannes Weiner
2026-02-25 16:22 ` [PATCH 2/3] memcg: Simplify mod_lruvec_kmem_state() Matthew Wilcox (Oracle)
2026-02-25 16:22 ` [PATCH 3/3] ptdesc: Account page tables to memcgs again Matthew Wilcox (Oracle)
2026-02-25 16:55 ` Shakeel Butt
2026-02-25 21:01 ` Matthew Wilcox
2026-02-26 0:00 ` Shakeel Butt
2026-02-25 20:57 ` Matthew Wilcox
2026-02-25 21:48 ` Axel Rasmussen
2026-03-05 7:00 ` kernel test robot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202603051407.fde83fdb-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=axelrasmussen@google.com \
--cc=cgroups@vger.kernel.org \
--cc=hannes@cmpxchg.org \
--cc=linux-mm@kvack.org \
--cc=lkp@intel.com \
--cc=mhocko@kernel.org \
--cc=oe-lkp@lists.linux.dev \
--cc=roman.gushchin@linux.dev \
--cc=shakeel.butt@linux.dev \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox