* [linux-next:master] [cgroup] 731bdd9746: BUG:kernel_NULL_pointer_dereference,address
@ 2025-05-28 5:00 kernel test robot
[not found] ` <15942ff6-a2d8-4f97-9818-1ff1b269428c@redhat.com>
0 siblings, 1 reply; 2+ messages in thread
From: kernel test robot @ 2025-05-28 5:00 UTC (permalink / raw)
To: JP Kobryn; +Cc: oe-lkp, lkp, Tejun Heo, Klara Modin, cgroups, oliver.sang
Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: 731bdd97466a280d6bdd8eceeb13d9fab6f26cbd ("cgroup: avoid per-cpu allocation of size zero rstat cpu locks")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
[test failed on linux-next/master 176e917e010cb7dcc605f11d2bc33f304292482b]
in testcase: boot
config: x86_64-randconfig-123-20250522
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+------------------------------------------------+------------+------------+
| | dc9f08bac2 | 731bdd9746 |
+------------------------------------------------+------------+------------+
| BUG:kernel_NULL_pointer_dereference,address | 0 | 6 |
| Oops | 0 | 6 |
| RIP:lockdep_init_map_type | 0 | 6 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 6 |
+------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202505281034.7ae1668d-lkp@intel.com
[ 3.888181][ T0] BUG: kernel NULL pointer dereference, address: 0000000000000028
[ 3.888838][ T0] #PF: supervisor write access in kernel mode
[ 3.889345][ T0] #PF: error_code(0x0002) - not-present page
[ 3.889345][ T0] PGD 0 P4D 0
[ 3.889345][ T0] Oops: Oops: 0002 [#1] KASAN PTI
[ 3.889345][ T0] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.14.0-11173-g731bdd97466a #1 PREEMPT(undef)
[ 3.889345][ T0] RIP: 0010:lockdep_init_map_type (kernel/locking/lockdep.c:4945)
[ 3.889345][ T0] Code: 5b c3 cc cc cc cc cc 48 89 df e8 e2 6f d0 ff eb e5 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 41 56 53 50 <48> c7 47 10 00 00 00 00 48 c7 47 08 00 00 00 00 c7 47 24 00 00 00
All code
========
0: 5b pop %rbx
1: c3 ret
2: cc int3
3: cc int3
4: cc int3
5: cc int3
6: cc int3
7: 48 89 df mov %rbx,%rdi
a: e8 e2 6f d0 ff call 0xffffffffffd06ff1
f: eb e5 jmp 0xfffffffffffffff6
11: 90 nop
12: 90 nop
13: 90 nop
14: 90 nop
15: 90 nop
16: 90 nop
17: 90 nop
18: 90 nop
19: 90 nop
1a: 90 nop
1b: 90 nop
1c: 90 nop
1d: 90 nop
1e: 90 nop
1f: 90 nop
20: 90 nop
21: f3 0f 1e fa endbr64
25: 55 push %rbp
26: 41 56 push %r14
28: 53 push %rbx
29: 50 push %rax
2a:* 48 c7 47 10 00 00 00 movq $0x0,0x10(%rdi) <-- trapping instruction
31: 00
32: 48 c7 47 08 00 00 00 movq $0x0,0x8(%rdi)
39: 00
3a: c7 .byte 0xc7
3b: 47 24 00 rex.RXB and $0x0,%al
...
Code starting with the faulting instruction
===========================================
0: 48 c7 47 10 00 00 00 movq $0x0,0x10(%rdi)
7: 00
8: 48 c7 47 08 00 00 00 movq $0x0,0x8(%rdi)
f: 00
10: c7 .byte 0xc7
11: 47 24 00 rex.RXB and $0x0,%al
...
[ 3.889345][ T0] RSP: 0000:ffffffff86207dc8 EFLAGS: 00010246
[ 3.889345][ T0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000
[ 3.889345][ T0] RDX: ffffffff89125900 RSI: ffffffff84a8a080 RDI: 0000000000000018
[ 3.889345][ T0] RBP: 0000000000000002 R08: 0000000000000002 R09: 0000000000000000
[ 3.889345][ T0] R10: 0000000000000000 R11: ffffed1024080701 R12: dffffc0000000000
[ 3.889345][ T0] R13: dffffc0000000000 R14: ffffffff89125900 R15: ffffffff84a8a080
[ 3.889345][ T0] FS: 0000000000000000(0000) GS:0000000000000000(0000) knlGS:0000000000000000
[ 3.889345][ T0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 3.889345][ T0] CR2: 0000000000000028 CR3: 000000000629a000 CR4: 00000000000406b0
[ 3.889345][ T0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 3.889345][ T0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 3.889345][ T0] Call Trace:
[ 3.889345][ T0] <TASK>
[ 3.889345][ T0] __raw_spin_lock_init (include/linux/lockdep.h:135 include/linux/lockdep.h:142 kernel/locking/spinlock_debug.c:25)
[ 3.889345][ T0] ss_rstat_init (kernel/cgroup/rstat.c:532)
[ 3.889345][ T0] cgroup_init_subsys (kernel/cgroup/cgroup.c:6091)
[ 3.889345][ T0] cgroup_init (kernel/cgroup/cgroup.c:?)
[ 3.889345][ T0] start_kernel (init/main.c:1094)
[ 3.889345][ T0] x86_64_start_reservations (??:?)
[ 3.889345][ T0] x86_64_start_kernel (??:?)
[ 3.889345][ T0] common_startup_64 (arch/x86/kernel/head_64.S:419)
[ 3.889345][ T0] </TASK>
[ 3.889345][ T0] Modules linked in:
[ 3.889345][ T0] CR2: 0000000000000028
[ 3.889345][ T0] ---[ end trace 0000000000000000 ]---
[ 3.889345][ T0] RIP: 0010:lockdep_init_map_type (kernel/locking/lockdep.c:4945)
[ 3.889345][ T0] Code: 5b c3 cc cc cc cc cc 48 89 df e8 e2 6f d0 ff eb e5 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 41 56 53 50 <48> c7 47 10 00 00 00 00 48 c7 47 08 00 00 00 00 c7 47 24 00 00 00
All code
========
0: 5b pop %rbx
1: c3 ret
2: cc int3
3: cc int3
4: cc int3
5: cc int3
6: cc int3
7: 48 89 df mov %rbx,%rdi
a: e8 e2 6f d0 ff call 0xffffffffffd06ff1
f: eb e5 jmp 0xfffffffffffffff6
11: 90 nop
12: 90 nop
13: 90 nop
14: 90 nop
15: 90 nop
16: 90 nop
17: 90 nop
18: 90 nop
19: 90 nop
1a: 90 nop
1b: 90 nop
1c: 90 nop
1d: 90 nop
1e: 90 nop
1f: 90 nop
20: 90 nop
21: f3 0f 1e fa endbr64
25: 55 push %rbp
26: 41 56 push %r14
28: 53 push %rbx
29: 50 push %rax
2a:* 48 c7 47 10 00 00 00 movq $0x0,0x10(%rdi) <-- trapping instruction
31: 00
32: 48 c7 47 08 00 00 00 movq $0x0,0x8(%rdi)
39: 00
3a: c7 .byte 0xc7
3b: 47 24 00 rex.RXB and $0x0,%al
...
Code starting with the faulting instruction
===========================================
0: 48 c7 47 10 00 00 00 movq $0x0,0x10(%rdi)
7: 00
8: 48 c7 47 08 00 00 00 movq $0x0,0x8(%rdi)
f: 00
10: c7 .byte 0xc7
11: 47 24 00 rex.RXB and $0x0,%al
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250528/202505281034.7ae1668d-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [linux-next:master] [cgroup] 731bdd9746: BUG:kernel_NULL_pointer_dereference,address
[not found] ` <15942ff6-a2d8-4f97-9818-1ff1b269428c@redhat.com>
@ 2025-05-28 15:10 ` JP Kobryn
0 siblings, 0 replies; 2+ messages in thread
From: JP Kobryn @ 2025-05-28 15:10 UTC (permalink / raw)
To: Waiman Long, kernel test robot
Cc: oe-lkp, lkp, Tejun Heo, Klara Modin, cgroups
On 5/27/25 11:25 PM, Waiman Long wrote:
> On 5/28/25 1:00 AM, kernel test robot wrote:
>> Hello,
>>
>> kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
>>
>> commit: 731bdd97466a280d6bdd8eceeb13d9fab6f26cbd ("cgroup: avoid per-cpu allocation of size zero rstat cpu locks")
>> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
>>
>> [test failed on linux-next/master 176e917e010cb7dcc605f11d2bc33f304292482b]
>>
>> in testcase: boot
>>
>> config: x86_64-randconfig-123-20250522
>> compiler: clang-20
>> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
>>
>> (please refer to attached dmesg/kmsg for entire log/backtrace)
>
> It is true that sizeof(arch_spinlock_t) is 0 for UP config. However,
> sizeof(raw_spinlock_t) can be > sizeof(arch_spinlock_t) if some of the
> lock debugging configs (like LOCKDEP or DEBUG_SPINLOCK) are enabled. So
> commit 731bdd97466a2 should either be reverted or sizeof(raw_spinlock_t)
> should be explicitly checked to see if alloc_percpu() should be called.
Good point on the non-zero state when debugging is enabled. I'll send a
patch today that changes from checking smp to checking size instead.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-05-28 15:10 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-28 5:00 [linux-next:master] [cgroup] 731bdd9746: BUG:kernel_NULL_pointer_dereference,address kernel test robot
[not found] ` <15942ff6-a2d8-4f97-9818-1ff1b269428c@redhat.com>
2025-05-28 15:10 ` JP Kobryn
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.