[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20210813031136.GA6652@xsang-OptiPlex-9020>
Date: Fri, 13 Aug 2021 11:11:36 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Christoph Hellwig <hch@....de>
Cc: Jens Axboe <axboe@...nel.dk>,
Johannes Thumshirn <johannes.thumshirn@....com>,
LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org,
lkp@...el.com
Subject: [block] edb0872f44: BUG:kernel_NULL_pointer_dereference,address
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: edb0872f44ec9976ea6d052cb4b93cd2d23ac2ba ("block: move the bdi from the request_queue to the gendisk")
https://git.kernel.org/cgit/linux/kernel/git/axboe/linux-block.git for-5.15/block
in testcase: stress-ng
version: stress-ng-x86_64-0.11-06_20210811
with following parameters:
nr_threads: 10%
disk: 1HDD
testtime: 60s
fs: ext4
class: os
test: loop
cpufreq_governor: performance
ucode: 0x5003006
on test machine: 96 threads 2 sockets Intel(R) Xeon(R) Gold 6252 CPU @ 2.10GHz with 192G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 50.333977][ C51] BUG: kernel NULL pointer dereference, address: 00000000000002f8
[ 50.342132][ C51] #PF: supervisor read access in kernel mode
[ 50.348459][ C51] #PF: error_code(0x0000) - not-present page
[ 50.354784][ C51] PGD 0 P4D 0
[ 50.358514][ C51] Oops: 0000 [#1] SMP NOPTI
[ 50.363385][ C51] CPU: 51 PID: 0 Comm: swapper/51 Not tainted 5.14.0-rc4-00051-gedb0872f44ec #1
[ 50.372786][ C51] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019
[ 50.384465][ C51] RIP: 0010:wb_timer_fn (block/blk-wbt.c:237 block/blk-wbt.c:360)
[ 50.389993][ C51] Code: 60 4c 8b 67 50 8b 9d 98 00 00 00 8b 95 b8 00 00 00 8b 85 d8 00 00 00 4c 8b 6d 28 01 d3 01 c3 48 8b 45 60 48 8b 80 90 00 00 00 <48> 8b 80 f8 02 00 00 4c 8b b0 98 00 00 00 4d 85 ed 0f 84 ca 00 00
All code
========
0: 60 (bad)
1: 4c 8b 67 50 mov 0x50(%rdi),%r12
5: 8b 9d 98 00 00 00 mov 0x98(%rbp),%ebx
b: 8b 95 b8 00 00 00 mov 0xb8(%rbp),%edx
11: 8b 85 d8 00 00 00 mov 0xd8(%rbp),%eax
17: 4c 8b 6d 28 mov 0x28(%rbp),%r13
1b: 01 d3 add %edx,%ebx
1d: 01 c3 add %eax,%ebx
1f: 48 8b 45 60 mov 0x60(%rbp),%rax
23: 48 8b 80 90 00 00 00 mov 0x90(%rax),%rax
2a:* 48 8b 80 f8 02 00 00 mov 0x2f8(%rax),%rax <-- trapping instruction
31: 4c 8b b0 98 00 00 00 mov 0x98(%rax),%r14
38: 4d 85 ed test %r13,%r13
3b: 0f .byte 0xf
3c: 84 ca test %cl,%dl
...
Code starting with the faulting instruction
===========================================
0: 48 8b 80 f8 02 00 00 mov 0x2f8(%rax),%rax
7: 4c 8b b0 98 00 00 00 mov 0x98(%rax),%r14
e: 4d 85 ed test %r13,%r13
11: 0f .byte 0xf
12: 84 ca test %cl,%dl
...
[ 50.410596][ C51] RSP: 0018:ffffc9000d530eb8 EFLAGS: 00010246
[ 50.417103][ C51] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000060
[ 50.425532][ C51] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88810f6ae100
[ 50.433951][ C51] RBP: ffff888140c4eb00 R08: 0000000000000060 R09: 0000000000000000
[ 50.442389][ C51] R10: ffffffff82df9be0 R11: 000000000000002c R12: ffff8881e01d7540
[ 50.450824][ C51] R13: 0000000000000000 R14: ffff88810f6ae110 R15: ffff8897e0cdc030
[ 50.459278][ C51] FS: 0000000000000000(0000) GS:ffff8897e0cc0000(0000) knlGS:0000000000000000
[ 50.468695][ C51] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 50.475775][ C51] CR2: 00000000000002f8 CR3: 000000303ec10004 CR4: 00000000007706e0
[ 50.484268][ C51] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 50.492754][ C51] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 50.501248][ C51] PKRU: 55555554
[ 50.505323][ C51] Call Trace:
[ 50.509133][ C51] <IRQ>
[ 50.512511][ C51] ? blk_stat_free_callback_rcu (block/blk-stat.c:81)
[ 50.518762][ C51] call_timer_fn (kernel/time/timer.c:1419)
[ 50.523797][ C51] run_timer_softirq (kernel/time/timer.c:1465 kernel/time/timer.c:1732 kernel/time/timer.c:1708 kernel/time/timer.c:1745)
[ 50.529273][ C51] ? enqueue_hrtimer (kernel/time/hrtimer.c:990)
[ 50.534567][ C51] ? ktime_get (kernel/time/timekeeping.c:193 kernel/time/timekeeping.c:287 kernel/time/timekeeping.c:386 kernel/time/timekeeping.c:829 kernel/time/timekeeping.c:817)
[ 50.539325][ C51] __do_softirq (kernel/softirq.c:558)
[ 50.544252][ C51] irq_exit_rcu (kernel/softirq.c:432 kernel/softirq.c:636 kernel/softirq.c:648)
[ 50.549158][ C51] sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1100 (discriminator 14))
[ 50.555275][ C51] </IRQ>
[ 50.558692][ C51] asm_sysvec_apic_timer_interrupt (arch/x86/include/asm/idtentry.h:638)
[ 50.565149][ C51] RIP: 0010:cpuidle_enter_state (drivers/cpuidle/cpuidle.c:259)
[ 50.571437][ C51] Code: 49 89 c5 0f 1f 44 00 00 31 ff e8 89 28 70 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 62 02 00 00 31 ff e8 f2 6b 77 ff fb 45 85 f6 <0f> 88 fb 00 00 00 49 63 c6 4c 2b 2c 24 48 8d 14 40 48 8d 14 90 49
All code
========
0: 49 89 c5 mov %rax,%r13
3: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
8: 31 ff xor %edi,%edi
a: e8 89 28 70 ff callq 0xffffffffff702898
f: 45 84 ff test %r15b,%r15b
12: 74 12 je 0x26
14: 9c pushfq
15: 58 pop %rax
16: f6 c4 02 test $0x2,%ah
19: 0f 85 62 02 00 00 jne 0x281
1f: 31 ff xor %edi,%edi
21: e8 f2 6b 77 ff callq 0xffffffffff776c18
26: fb sti
27: 45 85 f6 test %r14d,%r14d
2a:* 0f 88 fb 00 00 00 js 0x12b <-- trapping instruction
30: 49 63 c6 movslq %r14d,%rax
33: 4c 2b 2c 24 sub (%rsp),%r13
37: 48 8d 14 40 lea (%rax,%rax,2),%rdx
3b: 48 8d 14 90 lea (%rax,%rdx,4),%rdx
3f: 49 rex.WB
Code starting with the faulting instruction
===========================================
0: 0f 88 fb 00 00 00 js 0x101
6: 49 63 c6 movslq %r14d,%rax
9: 4c 2b 2c 24 sub (%rsp),%r13
d: 48 8d 14 40 lea (%rax,%rax,2),%rdx
11: 48 8d 14 90 lea (%rax,%rdx,4),%rdx
15: 49 rex.WB
[ 50.592195][ C51] RSP: 0018:ffffc9000cb03e80 EFLAGS: 00000206
[ 50.598770][ C51] RAX: ffff8897e0cebd00 RBX: 0000000000000003 RCX: 000000000000001f
[ 50.607277][ C51] RDX: 0000000000000000 RSI: 000000003d18701d RDI: 0000000000000000
[ 50.615775][ C51] RBP: ffff8897e0cf6730 R08: 0000000bb82342cb R09: 00000000000002d1
[ 50.624275][ C51] R10: 00000000000002d9 R11: ffff8897e0ceaa44 R12: ffffffff82ce4880
[ 50.632778][ C51] R13: 0000000bb82342cb R14: 0000000000000003 R15: 0000000000000000
[ 50.641286][ C51] cpuidle_enter (drivers/cpuidle/cpuidle.c:353)
[ 50.646235][ C51] do_idle (kernel/sched/idle.c:243 kernel/sched/idle.c:306)
[ 50.650831][ C51] cpu_startup_entry (kernel/sched/idle.c:402 (discriminator 1))
[ 50.656119][ C51] start_secondary (arch/x86/kernel/smpboot.c:271)
[ 50.661395][ C51] secondary_startup_64_no_verify (arch/x86/kernel/head_64.S:283)
[ 50.667791][ C51] Modules linked in: loop dm_mod binfmt_misc btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c intel_rapl_msr intel_rapl_common sd_mod t10_pi sg skx_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass ipmi_ssif crct10dif_pclmul ast crc32_pclmul drm_vram_helper crc32c_intel drm_ttm_helper ghash_clmulni_intel ttm rapl drm_kms_helper intel_cstate syscopyarea sysfillrect sysimgblt ahci fb_sys_fops libahci acpi_ipmi mei_me intel_uncore drm ipmi_si ioatdma ipmi_devintf libata mei joydev intel_pch_thermal wmi dca ipmi_msghandler acpi_pad acpi_power_meter ip_tables
[ 50.726361][ C51] CR2: 00000000000002f8
[ 50.731146][ C51] ---[ end trace a8a75fcc0a216b4e ]---
[ 50.749073][ C51] RIP: 0010:wb_timer_fn (block/blk-wbt.c:237 block/blk-wbt.c:360)
[ 50.754746][ C51] Code: 60 4c 8b 67 50 8b 9d 98 00 00 00 8b 95 b8 00 00 00 8b 85 d8 00 00 00 4c 8b 6d 28 01 d3 01 c3 48 8b 45 60 48 8b 80 90 00 00 00 <48> 8b 80 f8 02 00 00 4c 8b b0 98 00 00 00 4d 85 ed 0f 84 ca 00 00
All code
========
0: 60 (bad)
1: 4c 8b 67 50 mov 0x50(%rdi),%r12
5: 8b 9d 98 00 00 00 mov 0x98(%rbp),%ebx
b: 8b 95 b8 00 00 00 mov 0xb8(%rbp),%edx
11: 8b 85 d8 00 00 00 mov 0xd8(%rbp),%eax
17: 4c 8b 6d 28 mov 0x28(%rbp),%r13
1b: 01 d3 add %edx,%ebx
1d: 01 c3 add %eax,%ebx
1f: 48 8b 45 60 mov 0x60(%rbp),%rax
23: 48 8b 80 90 00 00 00 mov 0x90(%rax),%rax
2a:* 48 8b 80 f8 02 00 00 mov 0x2f8(%rax),%rax <-- trapping instruction
31: 4c 8b b0 98 00 00 00 mov 0x98(%rax),%r14
38: 4d 85 ed test %r13,%r13
3b: 0f .byte 0xf
3c: 84 ca test %cl,%dl
...
Code starting with the faulting instruction
===========================================
0: 48 8b 80 f8 02 00 00 mov 0x2f8(%rax),%rax
7: 4c 8b b0 98 00 00 00 mov 0x98(%rax),%r14
e: 4d 85 ed test %r13,%r13
11: 0f .byte 0xf
12: 84 ca test %cl,%dl
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
bin/lkp run generated-yaml-file
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.14.0-rc4-00051-gedb0872f44ec" of type "text/plain" (175468 bytes)
View attachment "job-script" of type "text/plain" (8246 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (37296 bytes)
View attachment "job.yaml" of type "text/plain" (5445 bytes)
Powered by blists - more mailing lists