From: kernel test robot <oliver.sang@intel.com>
To: Oscar Salvador <osalvador@suse.de>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>, <linux-mm@kvack.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
<linux-kernel@vger.kernel.org>, Peter Xu <peterx@redhat.com>,
Muchun Song <muchun.song@linux.dev>,
David Hildenbrand <david@redhat.com>,
Donet Tom <donettom@linux.ibm.com>,
Matthew Wilcox <willy@infradead.org>,
Vlastimil Babka <vbabka@suse.cz>, Michal Hocko <mhocko@suse.com>,
Oscar Salvador <osalvador@suse.de>, <oliver.sang@intel.com>
Subject: Re: [PATCH v2 6/9] mm: Make hugetlb mappings go through mm_get_unmapped_area_vmflags
Date: Sun, 11 Aug 2024 21:23:49 +0800 [thread overview]
Message-ID: <202408112137.e013a399-oliver.sang@intel.com> (raw)
In-Reply-To: <20240729091018.2152-7-osalvador@suse.de>
Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: 535f03fb3da2b7b2fe5089ee5d1a291774a298e3 ("[PATCH v2 6/9] mm: Make hugetlb mappings go through mm_get_unmapped_area_vmflags")
url: https://github.com/intel-lab-lkp/linux/commits/Oscar-Salvador/mm-mmap-Teach-generic_get_unmapped_area-_topdown-to-handle-hugetlb-mappings/20240729-171449
base: https://git.kernel.org/cgit/linux/kernel/git/s390/linux.git features
patch link: https://lore.kernel.org/all/20240729091018.2152-7-osalvador@suse.de/
patch subject: [PATCH v2 6/9] mm: Make hugetlb mappings go through mm_get_unmapped_area_vmflags
in testcase: trinity
version: trinity-static-x86_64-x86_64-1c734c75-1_2020-01-06
with following parameters:
runtime: 600s
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------+------------+------------+
| | ec3b0c2006 | 535f03fb3d |
+---------------------------------------------+------------+------------+
| boot_successes | 6 | 0 |
| boot_failures | 0 | 9 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 9 |
| Oops | 0 | 9 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 9 |
+---------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202408112137.e013a399-oliver.sang@intel.com
[ 38.976763][ T448] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 38.977518][ T448] #PF: supervisor instruction fetch in kernel mode
[ 38.977981][ T448] #PF: error_code(0x0010) - not-present page
[ 38.978411][ T448] PGD 800000012c3cc067 P4D 800000012c3cc067 PUD 12c3cd067 PMD 0
[ 38.978949][ T448] Oops: Oops: 0010 [#1] PREEMPT SMP PTI
[ 38.979343][ T448] CPU: 1 UID: 0 PID: 448 Comm: trinity Not tainted 6.10.0-12075-g535f03fb3da2 #1
[ 38.979990][ T448] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 38.980725][ T448] RIP: 0010:0x0
[ 38.980993][ T448] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
Code starting with the faulting instruction
===========================================
[ 38.981530][ T448] RSP: 0018:ffffc9000108fb58 EFLAGS: 00010246
[ 38.981977][ T448] RAX: 0000000000000000 RBX: 0000000000200000 RCX: 0000000000000000
[ 38.982550][ T448] RDX: 0000000000200000 RSI: 0000000000000000 RDI: ffff88812ce36600
[ 38.983124][ T448] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000073
[ 38.983692][ T448] R10: fffffffffffffff4 R11: 0000000000000000 R12: ffff888319920000
[ 38.984258][ T448] R13: 0000000000000003 R14: ffff88831996fe00 R15: ffff888114c42000
[ 38.984826][ T448] FS: 000000000109a880(0000) GS:ffff88842fc00000(0000) knlGS:0000000000000000
[ 38.985465][ T448] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 38.985942][ T448] CR2: ffffffffffffffd6 CR3: 0000000114c52000 CR4: 00000000000406b0
[ 38.986515][ T448] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 38.988705][ T448] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 38.989257][ T448] Call Trace:
[ 38.989493][ T448] <TASK>
[ 38.989709][ T448] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)
[ 38.990001][ T448] ? page_fault_oops (arch/x86/mm/fault.c:715)
[ 38.990343][ T448] ? exc_page_fault (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:87 arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539)
[ 38.990680][ T448] ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:623)
[ 38.991046][ T448] __get_unmapped_area (mm/mmap.c:1932)
[ 38.991458][ T448] ? find_held_lock (kernel/locking/lockdep.c:5249)
[ 38.991796][ T448] ? do_shmat (include/linux/mmap_lock.h:122 ipc/shm.c:1643)
[ 38.992098][ T448] do_mmap (mm/mmap.c:1325)
[ 38.992394][ T448] ? do_shmat (include/linux/mmap_lock.h:122 ipc/shm.c:1643)
[ 38.992712][ T448] do_shmat (ipc/shm.c:1658)
[ 38.993016][ T448] __x64_sys_shmat (ipc/shm.c:1694 ipc/shm.c:1688 ipc/shm.c:1688)
[ 38.993337][ T448] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
[ 38.993670][ T448] ? lock_acquire (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5761 kernel/locking/lockdep.c:5724)
[ 38.994000][ T448] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91)
[ 38.994366][ T448] ? local_clock_noinstr (kernel/sched/clock.c:301)
[ 38.994720][ T448] ? local_clock (arch/x86/include/asm/preempt.h:94 kernel/sched/clock.c:316)
[ 38.995061][ T448] ? __lock_release+0x11a/0x290
[ 38.995511][ T448] ? lock_release (kernel/locking/lockdep.c:466 kernel/locking/lockdep.c:5782)
[ 38.995833][ T448] ? syscall_exit_to_user_mode_prepare (kernel/entry/common.c:199 (discriminator 1))
[ 38.996289][ T448] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4299 kernel/locking/lockdep.c:4358)
[ 38.996715][ T448] ? syscall_exit_to_user_mode (arch/x86/include/asm/processor.h:702 arch/x86/include/asm/entry-common.h:91 include/linux/entry-common.h:364 kernel/entry/common.c:220)
[ 38.997105][ T448] ? do_syscall_64 (arch/x86/entry/common.c:102)
[ 38.997436][ T448] ? do_shmat (ipc/shm.c:1680)
[ 38.997749][ T448] ? syscall_exit_to_user_mode_prepare (kernel/entry/common.c:199 (discriminator 1))
[ 38.998189][ T448] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4299 kernel/locking/lockdep.c:4358)
[ 38.998606][ T448] ? syscall_exit_to_user_mode (arch/x86/include/asm/processor.h:702 arch/x86/include/asm/entry-common.h:91 include/linux/entry-common.h:364 kernel/entry/common.c:220)
[ 39.000911][ T448] ? do_syscall_64 (arch/x86/entry/common.c:102)
[ 39.001243][ T448] ? do_syscall_64 (arch/x86/entry/common.c:102)
[ 39.001574][ T448] ? syscall_exit_to_user_mode_prepare (kernel/entry/common.c:199 (discriminator 1))
[ 39.002016][ T448] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4299 kernel/locking/lockdep.c:4358)
[ 39.002445][ T448] ? syscall_exit_to_user_mode (arch/x86/include/asm/processor.h:702 arch/x86/include/asm/entry-common.h:91 include/linux/entry-common.h:364 kernel/entry/common.c:220)
[ 39.002840][ T448] ? do_syscall_64 (arch/x86/entry/common.c:102)
[ 39.003201][ T448] ? syscall_exit_to_user_mode_prepare (kernel/entry/common.c:199 (discriminator 1))
[ 39.003644][ T448] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4299 kernel/locking/lockdep.c:4358)
[ 39.004049][ T448] ? syscall_exit_to_user_mode (arch/x86/include/asm/processor.h:702 arch/x86/include/asm/entry-common.h:91 include/linux/entry-common.h:364 kernel/entry/common.c:220)
[ 39.004443][ T448] ? do_syscall_64 (arch/x86/entry/common.c:102)
[ 39.004767][ T448] ? do_syscall_64 (arch/x86/entry/common.c:102)
[ 39.005087][ T448] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 39.005501][ T448] RIP: 0033:0x4648b7
[ 39.005775][ T448] Code: 00 66 90 b8 29 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 5d 46 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 1e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 3d 46 00 00 c3 66 2e 0f 1f 84 00 00 00 00
All code
========
0: 00 66 90 add %ah,-0x70(%rsi)
3: b8 29 00 00 00 mov $0x29,%eax
8: 0f 05 syscall
a: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
10: 0f 83 5d 46 00 00 jae 0x4673
16: c3 ret
17: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
1e: 00 00 00
21: 66 90 xchg %ax,%ax
23: b8 1e 00 00 00 mov $0x1e,%eax
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 0f 83 3d 46 00 00 jae 0x4673
36: c3 ret
37: 66 data16
38: 2e cs
39: 0f .byte 0xf
3a: 1f (bad)
3b: 84 00 test %al,(%rax)
3d: 00 00 add %al,(%rax)
...
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 0f 83 3d 46 00 00 jae 0x4649
c: c3 ret
d: 66 data16
e: 2e cs
f: 0f .byte 0xf
10: 1f (bad)
11: 84 00 test %al,(%rax)
13: 00 00 add %al,(%rax)
...
[ 39.007086][ T448] RSP: 002b:00007ffe45cb7dc8 EFLAGS: 00000246 ORIG_RAX: 000000000000001e
[ 39.007608][ T448] RAX: ffffffffffffffda RBX: 0000000000007000 RCX: 00000000004648b7
[ 39.008147][ T448] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[ 39.008683][ T448] RBP: 00007ffe45cb7df0 R08: 00000000010975f0 R09: 000000000109a880
[ 39.009185][ T448] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000001000
[ 39.009547][ T448] R13: 0000000000000002 R14: 00000000010b0e20 R15: 0000000054001fb0
[ 39.009912][ T448] </TASK>
[ 39.010094][ T448] Modules linked in: polyval_clmulni polyval_generic ghash_clmulni_intel intel_agp intel_gtt
[ 39.010801][ T448] CR2: 0000000000000000
[ 39.011091][ T448] ---[ end trace 0000000000000000 ]---
[ 39.011399][ T448] RIP: 0010:0x0
[ 39.011649][ T448] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
Code starting with the faulting instruction
===========================================
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240811/202408112137.e013a399-oliver.sang@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next prev parent reply other threads:[~2024-08-11 13:24 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-29 9:10 [PATCH v2 0/9] Unify hugetlb into arch_get_unmapped_area functions Oscar Salvador
2024-07-29 9:10 ` [PATCH v2 1/9] mm/mmap: Teach generic_get_unmapped_area{_topdown} to handle hugetlb mappings Oscar Salvador
2024-07-29 9:10 ` [PATCH v2 2/9] arch/s390: Teach arch_get_unmapped_area{_topdown} " Oscar Salvador
2024-07-29 9:10 ` [PATCH v2 3/9] arch/x86: Teach arch_get_unmapped_area_vmflags " Oscar Salvador
2024-07-29 9:10 ` [PATCH v2 4/9] arch/sparc: Teach arch_get_unmapped_area{_topdown} " Oscar Salvador
2024-07-29 9:10 ` [PATCH v2 5/9] arch/powerpc: Teach book3s64 " Oscar Salvador
2024-07-29 9:10 ` [PATCH v2 6/9] mm: Make hugetlb mappings go through mm_get_unmapped_area_vmflags Oscar Salvador
2024-07-31 11:02 ` Lorenzo Stoakes
2024-07-31 15:08 ` Oscar Salvador
2024-07-31 15:11 ` Oscar Salvador
2024-07-31 20:03 ` Andrew Morton
2024-07-31 15:19 ` Lorenzo Stoakes
2024-07-31 16:04 ` Oscar Salvador
2024-07-31 16:15 ` Lorenzo Stoakes
2024-08-01 8:14 ` Oscar Salvador
2024-08-01 10:11 ` Lorenzo Stoakes
2024-08-05 21:03 ` kernel test robot
2024-08-11 13:23 ` kernel test robot [this message]
2024-07-29 9:10 ` [PATCH v2 7/9] mm: Drop hugetlb_get_unmapped_area{_*} functions Oscar Salvador
2024-07-29 9:10 ` [PATCH v2 8/9] arch/s390: Clean up hugetlb definitions Oscar Salvador
2024-07-29 9:10 ` [PATCH v2 9/9] mm: Consolidate common checks in hugetlb_mmap_check_and_align Oscar Salvador
2024-07-30 9:59 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202408112137.e013a399-oliver.sang@intel.com \
--to=oliver.sang@intel.com \
--cc=akpm@linux-foundation.org \
--cc=david@redhat.com \
--cc=donettom@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lkp@intel.com \
--cc=mhocko@suse.com \
--cc=muchun.song@linux.dev \
--cc=oe-lkp@lists.linux.dev \
--cc=osalvador@suse.de \
--cc=peterx@redhat.com \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.