From: "Chen, Yu C" <yu.c.chen@intel.com>
To: Fernand Sieber <sieberf@amazon.com>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>,
<linux-kernel@vger.kernel.org>, <x86@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
<aubrey.li@linux.intel.com>,
kernel test robot <oliver.sang@intel.com>
Subject: Re: [tip:sched/core] [sched/fair] 79104becf4: BUG:kernel_NULL_pointer_dereference,address
Date: Tue, 21 Oct 2025 14:39:58 +0800 [thread overview]
Message-ID: <37ebc412-5924-42ba-8919-af72deb98086@intel.com> (raw)
In-Reply-To: <202510211205.1e0f5223-lkp@intel.com>
On 10/21/2025 1:14 PM, kernel test robot wrote:
>
>
> Hello,
>
> kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
>
> commit: 79104becf42baeeb4a3f2b106f954b9fc7c10a3c ("sched/fair: Forfeit vruntime on yield")
> https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git sched/core
>
> [ 23.486344][ T3682] BUG: kernel NULL pointer dereference, address: 0000000000000051
> [ 23.486846][ T3682] #PF: supervisor read access in kernel mode
> [ 23.487189][ T3682] #PF: error_code(0x0000) - not-present page
> [ 23.487532][ T3682] PGD 12b0a5067 P4D 12b0a5067 PUD 12b0b0067 PMD 0
> [ 23.487905][ T3682] Oops: Oops: 0000 [#1]
> [ 23.488147][ T3682] CPU: 0 UID: 65534 PID: 3682 Comm: trinity-c1 Not tainted 6.18.0-rc1-00001-g79104becf42b #1 PREEMPT
> [ 23.488817][ T3682] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> [ 23.489401][ T3682] RIP: 0010:pick_task_fair (kernel/sched/fair.c:5526 kernel/sched/fair.c:8846)
Take a glance at the context, it seems to break here:
pick_next_entity(rq, cfs_rq)
se = pick_eevdf(cfs_rq);
se->sched_delayed <=== se is NULL
In the original change, we force the current running
se's vruntime moving forward and I guess for some
reason the corresponding cfs_rq->min_vruntime moves
forward too. Thus the rest se in the cfs_rq become
ineligible, and pick_eevdf() return NULL.
thanks,
Chenyu
next prev parent reply other threads:[~2025-10-21 6:40 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-21 5:14 [tip:sched/core] [sched/fair] 79104becf4: BUG:kernel_NULL_pointer_dereference,address kernel test robot
2025-10-21 6:39 ` Chen, Yu C [this message]
2025-10-21 11:04 ` Peter Zijlstra
2025-10-27 12:54 ` Peter Zijlstra
2025-10-27 13:14 ` Chen, Yu C
2025-10-27 13:55 ` Peter Zijlstra
2025-10-27 14:07 ` Peter Zijlstra
2025-10-27 14:09 ` Peter Zijlstra
2025-10-28 2:30 ` Chen, Yu C
2025-11-05 11:00 ` Peter Zijlstra
2025-11-05 12:06 ` Philip Li
2025-11-07 10:16 ` Philip Li
2025-11-07 10:53 ` Peter Zijlstra
2025-11-04 21:04 ` Fernand Sieber
2025-11-05 8:43 ` Fernand Sieber
2025-11-05 11:03 ` Peter Zijlstra
2025-11-05 12:28 ` Peter Zijlstra
2025-11-06 10:54 ` Fernand Sieber
2025-11-06 23:57 ` John Stultz
2025-11-07 8:18 ` Fernand Sieber
-- strict thread matches above, loose matches on Subject: below --
2025-11-06 10:40 [PATCH] sched: Proxy yields to donor tasks Fernand Sieber
2025-11-06 10:57 ` Peter Zijlstra
2025-11-07 6:54 ` kernel test robot
2025-11-07 8:12 ` Fernand Sieber
2025-11-07 8:25 ` Peter Zijlstra
2025-11-11 11:37 ` [tip: sched/core] sched/proxy: Yield the donor task tip-bot2 for Fernand Sieber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=37ebc412-5924-42ba-8919-af72deb98086@intel.com \
--to=yu.c.chen@intel.com \
--cc=aubrey.li@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
--cc=oliver.sang@intel.com \
--cc=peterz@infradead.org \
--cc=sieberf@amazon.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox