lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Sat, 16 Oct 2021 22:38:28 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Kent Overstreet <kent.overstreet@...il.com>
Cc:     0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
        lkp@...ts.01.org
Subject: [mm]  1a02176bc9: BUG:kernel_NULL_pointer_dereference,address



Greeting,

FYI, we noticed the following commit (built with gcc-9):

commit: 1a02176bc974b8b8137312310f5bbdf431a7e1bd ("mm: Make free_area->nr_free per migratetype")
url: https://github.com/0day-ci/linux/commits/UPDATE-20211014-223052/Kent-Overstreet/Minor-mm-struct-page-work/20211014-000511


in testcase: rcutorture
version: 
with following parameters:

	runtime: 300s
	test: cpuhotplug
	torture_type: tasks

test-description: rcutorture is rcutorture kernel module load/unload test.
test-url: https://www.kernel.org/doc/Documentation/RCU/torture.txt


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+---------------------------------------------+-----------+------------+
|                                             | v5.15-rc3 | 1a02176bc9 |
+---------------------------------------------+-----------+------------+
| boot_successes                              | 20        | 0          |
| boot_failures                               | 0         | 12         |
| BUG:kernel_NULL_pointer_dereference,address | 0         | 12         |
| Oops:#[##]                                  | 0         | 12         |
| RIP:steal_suitable_fallback                 | 0         | 12         |
| Kernel_panic-not_syncing:Fatal_exception    | 0         | 12         |
+---------------------------------------------+-----------+------------+


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>



[    1.552936][    T0] BUG: kernel NULL pointer dereference, address: 0000000000000028
[    1.553728][    T0] #PF: supervisor read access in kernel mode
[    1.554315][    T0] #PF: error_code(0x0000) - not-present page
[    1.554904][    T0] PGD 0 P4D 0
[    1.555230][    T0] Oops: 0000 [#1] PREEMPT SMP
[    1.555693][    T0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.15.0-rc3-00001-g1a02176bc974 #1
[    1.556596][    T0] RIP: 0010:steal_suitable_fallback+0x2a/0x280
[    1.557246][    T0] Code: 0f 1f 44 00 00 41 57 41 89 d7 ba 07 00 00 00 41 56 45 89 c6 41 55 41 54 49 89 f4 55 48 63 e9 53 48 89 fb 4c 89 e7 48 83 ec 10 <4c> 8b 6e
28 48 2b 35 43 48 9b 01 48 c1 fe 06 e8 02 da ff ff 83 f8
[    1.559307][    T0] RSP: 0000:ffffffff82e03938 EFLAGS: 00010082
[    1.559907][    T0] RAX: ffffffff835e36f0 RBX: ffffffff835e3100 RCX: 0000000000000002
[    1.560694][    T0] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000000
[    1.561494][    T0] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000000000
[    1.562319][    T0] R10: 0000000000000001 R11: ffffffff82e1b0e8 R12: 0000000000000000
[    1.563146][    T0] R13: 0000000000000002 R14: 0000000000000001 R15: 0000000000000101
[    1.564018][    T0] FS:  0000000000000000(0000) GS:ffff88842fa00000(0000) knlGS:0000000000000000
[    1.564948][    T0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.565604][    T0] CR2: 0000000000000028 CR3: 0000000002e12000 CR4: 00000000000406b0
[    1.566424][    T0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    1.567230][    T0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    1.568075][    T0] Call Trace:
[    1.568408][    T0]  rmqueue_bulk+0x439/0x800
[    1.568873][    T0]  ? lock_acquire+0xc2/0x2c0
[    1.569363][    T0]  rmqueue+0x79e/0xd80
[    1.569841][    T0]  ? __lock_acquire+0x59d/0xa40
[    1.570322][    T0]  get_page_from_freelist+0xc3/0x3c0
[    1.570864][    T0]  ? create_prof_cpu_mask+0x40/0x40
[    1.571417][    T0]  __alloc_pages+0x14a/0x340
[    1.571918][    T0]  allocate_slab+0x334/0x440
[    1.572423][    T0]  ? radix_tree_node_alloc+0x46/0x140
[    1.573076][    T0]  ___slab_alloc+0x8f8/0x1580
[    1.573646][    T0]  ? lockdep_unlock+0x55/0xc0
[    1.574122][    T0]  ? validate_chain+0x53a/0xdc0
[    1.574612][    T0]  ? radix_tree_node_alloc+0x46/0x140
[    1.575249][    T0]  ? lockdep_unlock+0x55/0xc0
[    1.575742][    T0]  ? radix_tree_node_alloc+0x46/0x140
[    1.576401][    T0]  ? __slab_alloc+0x4c/0xc0
[    1.577029][    T0]  __slab_alloc+0x4c/0xc0
[    1.577635][    T0]  ? radix_tree_node_alloc+0x46/0x140
[    1.578296][    T0]  kmem_cache_alloc+0x2bd/0x300
[    1.578774][    T0]  radix_tree_node_alloc+0x46/0x140
[    1.579393][    T0]  idr_get_free+0x1ce/0x380
[    1.579869][    T0]  ? __mutex_lock+0x3cf/0xa00
[    1.580344][    T0]  idr_alloc_u32+0x4f/0xc0
[    1.580832][    T0]  idr_alloc+0x29/0x80
[    1.581267][    T0]  worker_pool_assign_id+0x2f/0x80
[    1.581822][    T0]  workqueue_init_early+0x1b4/0x35d
[    1.582349][    T0]  start_kernel+0x57e/0x7db
[    1.582807][    T0]  secondary_startup_64_no_verify+0xc2/0xcb
[    1.583410][    T0] Modules linked in:
[    1.583821][    T0] CR2: 0000000000000028
[    1.584216][    T0] random: get_random_bytes called from print_oops_end_marker+0x26/0x40 with crng_init=0
[    1.584227][    T0] ---[ end trace 38f01c1d6a66ca51 ]---
[    1.585759][    T0] RIP: 0010:steal_suitable_fallback+0x2a/0x280
[    1.586374][    T0] Code: 0f 1f 44 00 00 41 57 41 89 d7 ba 07 00 00 00 41 56 45 89 c6 41 55 41 54 49 89 f4 55 48 63 e9 53 48 89 fb 4c 89 e7 48 83 ec 10 <4c> 8b 6e 28 48 2b 35 43 48 9b 01 48 c1 fe 06 e8 02 da ff ff 83 f8
[    1.588429][    T0] RSP: 0000:ffffffff82e03938 EFLAGS: 00010082
[    1.589053][    T0] RAX: ffffffff835e36f0 RBX: ffffffff835e3100 RCX: 0000000000000002
[    1.589872][    T0] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000000
[    1.590717][    T0] RBP: 0000000000000002 R08: 0000000000000001 R09: 0000000000000000
[    1.591523][    T0] R10: 0000000000000001 R11: ffffffff82e1b0e8 R12: 0000000000000000
[    1.592360][    T0] R13: 0000000000000002 R14: 0000000000000001 R15: 0000000000000101
[    1.593163][    T0] FS:  0000000000000000(0000) GS:ffff88842fa00000(0000) knlGS:0000000000000000
[    1.594060][    T0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.594724][    T0] CR2: 0000000000000028 CR3: 0000000002e12000 CR4: 00000000000406b0
[    1.595563][    T0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[    1.596378][    T0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[    1.597197][    T0] Kernel panic - not syncing: Fatal exception



To reproduce:

        # build kernel
	cd linux
	cp config-5.15.0-rc3-00001-g1a02176bc974 .config
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



---
0DAY/LKP+ Test Infrastructure                   Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org       Intel Corporation

Thanks,
Oliver Sang


View attachment "config-5.15.0-rc3-00001-g1a02176bc974" of type "text/plain" (141711 bytes)

View attachment "job-script" of type "text/plain" (5049 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (4968 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ