* [peterz-queue:perf/pmu-unregister] [perf] 4cbf3df69c: BUG:kernel_NULL_pointer_dereference,address
@ 2024-10-25 2:19 kernel test robot
2024-10-25 8:20 ` Peter Zijlstra
0 siblings, 1 reply; 2+ messages in thread
From: kernel test robot @ 2024-10-25 2:19 UTC (permalink / raw)
To: Peter Zijlstra; +Cc: oe-lkp, lkp, linux-perf-users, linux-kernel, oliver.sang
Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: 4cbf3df69c5697061018989b08423d4c04bbe101 ("perf: Make perf_pmu_unregister() useable")
https://git.kernel.org/cgit/linux/kernel/git/peterz/queue.git perf/pmu-unregister
in testcase: trinity
version: trinity-x86_64-ba2360ed-1_20240923
with following parameters:
runtime: 600s
config: x86_64-kexec
compiler: clang-18
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+-----------------------------------------------------------+------------+------------+
| | d4187ab34e | 4cbf3df69c |
+-----------------------------------------------------------+------------+------------+
| BUG:kernel_NULL_pointer_dereference,address | 0 | 15 |
| Oops | 0 | 15 |
| RIP:__free_event | 0 | 15 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 15 |
+-----------------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202410251048.2505fe51-lkp@intel.com
[ 27.301103][ T3733] BUG: kernel NULL pointer dereference, address: 0000000000000008
[ 27.302392][ T3733] #PF: supervisor write access in kernel mode
[ 27.303317][ T3733] #PF: error_code(0x0002) - not-present page
[ 27.304207][ T3733] PGD 80000001bfbc3067 P4D 80000001bfbc3067 PUD 1ae899067 PMD 0
[ 27.305417][ T3733] Oops: Oops: 0002 [#1] PREEMPT SMP PTI
[ 27.306260][ T3733] CPU: 0 UID: 65534 PID: 3733 Comm: trinity-c0 Not tainted 6.12.0-rc2-00028-g4cbf3df69c56 #1
[ 27.307747][ T3733] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 27.309232][ T3733] RIP: 0010:__free_event (include/linux/list.h:195 include/linux/list.h:218 include/linux/list.h:229 kernel/events/core.c:5395)
[ 27.310053][ T3733] Code: ff ff 4d 85 f6 74 56 49 8b 7e 28 e8 a7 af ec ff 4d 8d 7e 10 4c 89 ff e8 2b 25 ce 00 48 8b 83 18 05 00 00 48 8b 8b 20 05 00 00 <48> 89 48 08 48 89 01 48 b8 00 01 00 00 00 00 ad de 48 89 83 18 05
All code
========
0: ff (bad)
1: ff 4d 85 decl -0x7b(%rbp)
4: f6 74 56 49 divb 0x49(%rsi,%rdx,2)
8: 8b 7e 28 mov 0x28(%rsi),%edi
b: e8 a7 af ec ff call 0xffffffffffecafb7
10: 4d 8d 7e 10 lea 0x10(%r14),%r15
14: 4c 89 ff mov %r15,%rdi
17: e8 2b 25 ce 00 call 0xce2547
1c: 48 8b 83 18 05 00 00 mov 0x518(%rbx),%rax
23: 48 8b 8b 20 05 00 00 mov 0x520(%rbx),%rcx
2a:* 48 89 48 08 mov %rcx,0x8(%rax) <-- trapping instruction
2e: 48 89 01 mov %rax,(%rcx)
31: 48 b8 00 01 00 00 00 movabs $0xdead000000000100,%rax
38: 00 ad de
3b: 48 rex.W
3c: 89 .byte 0x89
3d: 83 18 05 sbbl $0x5,(%rax)
Code starting with the faulting instruction
===========================================
0: 48 89 48 08 mov %rcx,0x8(%rax)
4: 48 89 01 mov %rax,(%rcx)
7: 48 b8 00 01 00 00 00 movabs $0xdead000000000100,%rax
e: 00 ad de
11: 48 rex.W
12: 89 .byte 0x89
13: 83 18 05 sbbl $0x5,(%rax)
[ 27.312693][ T3733] RSP: 0018:ffffc90000a1bda8 EFLAGS: 00010246
[ 27.313597][ T3733] RAX: 0000000000000000 RBX: ffff8881ae90cf90 RCX: 0000000000000000
[ 27.314773][ T3733] RDX: 0000000000000002 RSI: 0000000000000002 RDI: ffffffff82dfcc30
[ 27.316088][ T3733] RBP: 00000000000000ff R08: 0000000000000002 R09: 0000000000000000
[ 27.317342][ T3733] R10: ffff88842fc30b48 R11: ffffffff810408c0 R12: ffffffff82dfcc20
[ 27.318567][ T3733] R13: 0000000000000000 R14: ffffffff82dfcc20 R15: ffffffff82dfcc30
[ 27.319832][ T3733] FS: 00007f373e201740(0000) GS:ffff88842fc00000(0000) knlGS:0000000000000000
[ 27.321164][ T3733] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 27.322150][ T3733] CR2: 0000000000000008 CR3: 000000014a5b8000 CR4: 00000000000406f0
[ 27.327720][ T3733] Call Trace:
[ 27.328333][ T3733] <TASK>
[ 27.328866][ T3733] ? __die_body (arch/x86/kernel/dumpstack.c:421)
[ 27.329570][ T3733] ? page_fault_oops (arch/x86/mm/fault.c:711)
[ 27.330359][ T3733] ? do_user_addr_fault (arch/x86/mm/fault.c:?)
[ 27.331207][ T3733] ? __pfx_do_sync_core (arch/x86/kernel/alternative.c:2079)
[ 27.332004][ T3733] ? exc_page_fault (arch/x86/include/asm/irqflags.h:37 arch/x86/include/asm/irqflags.h:92 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539)
[ 27.332774][ T3733] ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:623)
[ 27.333605][ T3733] ? __pfx_do_sync_core (arch/x86/kernel/alternative.c:2079)
[ 27.334428][ T3733] ? __free_event (include/linux/list.h:195 include/linux/list.h:218 include/linux/list.h:229 kernel/events/core.c:5395)
[ 27.335253][ T3733] ? __free_event (include/linux/list.h:218 include/linux/list.h:229 kernel/events/core.c:5395)
[ 27.336027][ T3733] perf_event_alloc (kernel/events/core.c:12566)
[ 27.336836][ T3733] __se_sys_perf_event_open (kernel/events/core.c:12978)
[ 27.337703][ T3733] ? enqueue_hrtimer (kernel/time/hrtimer.c:1093)
[ 27.338512][ T3733] ? hrtimer_start_range_ns (kernel/time/hrtimer.c:1302)
[ 27.339427][ T3733] do_syscall_64 (arch/x86/entry/common.c:?)
[ 27.340215][ T3733] ? irqentry_exit_to_user_mode (arch/x86/include/asm/processor.h:701 arch/x86/include/asm/entry-common.h:100 include/linux/entry-common.h:364 kernel/entry/common.c:233)
[ 27.341134][ T3733] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 27.342052][ T3733] RIP: 0033:0x7f373e305719
[ 27.342835][ T3733] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 06 0d 00 f7 d8 64 89 01 48
All code
========
0: 08 89 e8 5b 5d c3 or %cl,-0x3ca2a418(%rcx)
6: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
d: 00 00 00
10: 90 nop
11: 48 89 f8 mov %rdi,%rax
14: 48 89 f7 mov %rsi,%rdi
17: 48 89 d6 mov %rdx,%rsi
1a: 48 89 ca mov %rcx,%rdx
1d: 4d 89 c2 mov %r8,%r10
20: 4d 89 c8 mov %r9,%r8
23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 ret
33: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06f1
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 ret
9: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06c7
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
[ 27.345728][ T3733] RSP: 002b:00007ffce1cad208 EFLAGS: 00000246 ORIG_RAX: 000000000000012a
[ 27.347094][ T3733] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f373e305719
[ 27.348378][ T3733] RDX: 0000000000000001 RSI: 0000000000000136 RDI: 000055ca24f7fab0
[ 27.349658][ T3733] RBP: 00007f373cc3b058 R08: 000000000000000d R09: 0000000040000000
[ 27.350991][ T3733] R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000000012a
[ 27.352312][ T3733] R13: 00007f373e2016c0 R14: 00007f373cc3b058 R15: 00007f373cc3b000
[ 27.353629][ T3733] </TASK>
[ 27.354206][ T3733] Modules linked in: can_bcm can_raw can cn scsi_transport_iscsi ipmi_msghandler sr_mod cdrom sg ata_generic fuse dm_mod
[ 27.356119][ T3733] CR2: 0000000000000008
[ 27.356801][ T3733] ---[ end trace 0000000000000000 ]---
[ 27.357630][ T3733] RIP: 0010:__free_event (include/linux/list.h:195 include/linux/list.h:218 include/linux/list.h:229 kernel/events/core.c:5395)
[ 27.358462][ T3733] Code: ff ff 4d 85 f6 74 56 49 8b 7e 28 e8 a7 af ec ff 4d 8d 7e 10 4c 89 ff e8 2b 25 ce 00 48 8b 83 18 05 00 00 48 8b 8b 20 05 00 00 <48> 89 48 08 48 89 01 48 b8 00 01 00 00 00 00 ad de 48 89 83 18 05
All code
========
0: ff (bad)
1: ff 4d 85 decl -0x7b(%rbp)
4: f6 74 56 49 divb 0x49(%rsi,%rdx,2)
8: 8b 7e 28 mov 0x28(%rsi),%edi
b: e8 a7 af ec ff call 0xffffffffffecafb7
10: 4d 8d 7e 10 lea 0x10(%r14),%r15
14: 4c 89 ff mov %r15,%rdi
17: e8 2b 25 ce 00 call 0xce2547
1c: 48 8b 83 18 05 00 00 mov 0x518(%rbx),%rax
23: 48 8b 8b 20 05 00 00 mov 0x520(%rbx),%rcx
2a:* 48 89 48 08 mov %rcx,0x8(%rax) <-- trapping instruction
2e: 48 89 01 mov %rax,(%rcx)
31: 48 b8 00 01 00 00 00 movabs $0xdead000000000100,%rax
38: 00 ad de
3b: 48 rex.W
3c: 89 .byte 0x89
3d: 83 18 05 sbbl $0x5,(%rax)
Code starting with the faulting instruction
===========================================
0: 48 89 48 08 mov %rcx,0x8(%rax)
4: 48 89 01 mov %rax,(%rcx)
7: 48 b8 00 01 00 00 00 movabs $0xdead000000000100,%rax
e: 00 ad de
11: 48 rex.W
12: 89 .byte 0x89
13: 83 18 05 sbbl $0x5,(%rax)
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241025/202410251048.2505fe51-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [peterz-queue:perf/pmu-unregister] [perf] 4cbf3df69c: BUG:kernel_NULL_pointer_dereference,address
2024-10-25 2:19 [peterz-queue:perf/pmu-unregister] [perf] 4cbf3df69c: BUG:kernel_NULL_pointer_dereference,address kernel test robot
@ 2024-10-25 8:20 ` Peter Zijlstra
0 siblings, 0 replies; 2+ messages in thread
From: Peter Zijlstra @ 2024-10-25 8:20 UTC (permalink / raw)
To: kernel test robot; +Cc: oe-lkp, lkp, linux-perf-users, linux-kernel
On Fri, Oct 25, 2024 at 10:19:41AM +0800, kernel test robot wrote:
>
>
> Hello,
>
> kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
>
> commit: 4cbf3df69c5697061018989b08423d4c04bbe101 ("perf: Make perf_pmu_unregister() useable")
> https://git.kernel.org/cgit/linux/kernel/git/peterz/queue.git perf/pmu-unregister
>
> in testcase: trinity
> version: trinity-x86_64-ba2360ed-1_20240923
> with following parameters:
>
> runtime: 600s
>
>
>
> config: x86_64-kexec
> compiler: clang-18
> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
>
> (please refer to attached dmesg/kmsg for entire log/backtrace)
>
>
> +-----------------------------------------------------------+------------+------------+
> | | d4187ab34e | 4cbf3df69c |
> +-----------------------------------------------------------+------------+------------+
> | BUG:kernel_NULL_pointer_dereference,address | 0 | 15 |
> | Oops | 0 | 15 |
> | RIP:__free_event | 0 | 15 |
> | Kernel_panic-not_syncing:Fatal_exception | 0 | 15 |
> +-----------------------------------------------------------+------------+------------+
>
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang@intel.com>
> | Closes: https://lore.kernel.org/oe-lkp/202410251048.2505fe51-lkp@intel.com
>
>
> [ 27.301103][ T3733] BUG: kernel NULL pointer dereference, address: 0000000000000008
> [ 27.302392][ T3733] #PF: supervisor write access in kernel mode
> [ 27.303317][ T3733] #PF: error_code(0x0002) - not-present page
> [ 27.304207][ T3733] PGD 80000001bfbc3067 P4D 80000001bfbc3067 PUD 1ae899067 PMD 0
> [ 27.305417][ T3733] Oops: Oops: 0002 [#1] PREEMPT SMP PTI
> [ 27.306260][ T3733] CPU: 0 UID: 65534 PID: 3733 Comm: trinity-c0 Not tainted 6.12.0-rc2-00028-g4cbf3df69c56 #1
> [ 27.307747][ T3733] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> [ 27.309232][ T3733] RIP: 0010:__free_event (include/linux/list.h:195 include/linux/list.h:218 include/linux/list.h:229 kernel/events/core.c:5395)
> [ 27.334428][ T3733] ? __free_event (include/linux/list.h:195 include/linux/list.h:218 include/linux/list.h:229 kernel/events/core.c:5395)
> [ 27.335253][ T3733] ? __free_event (include/linux/list.h:218 include/linux/list.h:229 kernel/events/core.c:5395)
> [ 27.336027][ T3733] perf_event_alloc (kernel/events/core.c:12566)
> [ 27.336836][ T3733] __se_sys_perf_event_open (kernel/events/core.c:12978)
> [ 27.337703][ T3733] ? enqueue_hrtimer (kernel/time/hrtimer.c:1093)
> [ 27.338512][ T3733] ? hrtimer_start_range_ns (kernel/time/hrtimer.c:1302)
> [ 27.339427][ T3733] do_syscall_64 (arch/x86/entry/common.c:?)
> [ 27.340215][ T3733] ? irqentry_exit_to_user_mode (arch/x86/include/asm/processor.h:701 arch/x86/include/asm/entry-common.h:100 include/linux/entry-common.h:364 kernel/entry/common.c:233)
This might help... Let me fold that and push out an updated brranch.
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -12395,6 +12395,7 @@ perf_event_alloc(struct perf_event_attr
INIT_LIST_HEAD(&event->active_entry);
INIT_LIST_HEAD(&event->addr_filters.list);
INIT_HLIST_NODE(&event->hlist_entry);
+ INIT_LIST_HEAD(&event->pmu_list);
init_waitqueue_head(&event->waitq);
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-10-25 8:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-10-25 2:19 [peterz-queue:perf/pmu-unregister] [perf] 4cbf3df69c: BUG:kernel_NULL_pointer_dereference,address kernel test robot
2024-10-25 8:20 ` Peter Zijlstra
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.