lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202410311530.3de6361b-lkp@intel.com>
Date: Thu, 31 Oct 2024 16:22:54 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Lucas De Marchi <lucas.demarchi@...el.com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
	<linux-fsdevel@...r.kernel.org>, <linux-perf-users@...r.kernel.org>,
	<linux-kernel@...r.kernel.org>, <intel-gfx@...ts.freedesktop.org>,
	<oliver.sang@...el.com>
Subject: Re: [CI 1/1] pmu changes



Hello,

kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:

commit: 47b40a2914e5bd319e85aab763b60dd2e13b4076 ("[CI 1/1] pmu changes")
url: https://github.com/intel-lab-lkp/linux/commits/Lucas-De-Marchi/pmu-changes/20241029-224928
base: https://git.kernel.org/cgit/linux/kernel/git/perf/perf-tools-next.git perf-tools-next
patch link: https://lore.kernel.org/all/20241029144803.631999-2-lucas.demarchi@intel.com/
patch subject: [CI 1/1] pmu changes

in testcase: trinity
version: trinity-i386-abe9de86-1_20230429
with following parameters:

	runtime: 300s
	group: group-00
	nr_groups: 5



config: i386-randconfig-141-20241030
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+------------------------------------------------+------------+------------+
|                                                | 150dab31d5 | 47b40a2914 |
+------------------------------------------------+------------+------------+
| BUG:kernel_NULL_pointer_dereference,address    | 0          | 6          |
| Oops                                           | 0          | 6          |
| EIP:__free_event                               | 0          | 6          |
| Kernel_panic-not_syncing:Fatal_exception       | 0          | 6          |
+------------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202410311530.3de6361b-lkp@intel.com


[  269.760917][ T5119] BUG: kernel NULL pointer dereference, address: 00000000
[  269.762008][ T5119] #PF: supervisor read access in kernel mode
[  269.762871][ T5119] #PF: error_code(0x0000) - not-present page
[  269.763640][ T5119] *pdpt = 000000006b932001 *pde = 0000000000000000
[  269.764436][ T5119] Oops: Oops: 0000 [#1] PREEMPT PTI
[  269.765118][ T5119] CPU: 0 UID: 65534 PID: 5119 Comm: trinity-c1 Tainted: G S                 6.12.0-rc3-00137-g47b40a2914e5 #1
[  269.766301][ T5119] Tainted: [S]=CPU_OUT_OF_SPEC
[  269.766950][ T5119] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 269.768012][ T5119] EIP: __free_event (include/linux/list.h:119 (discriminator 5) include/linux/list.h:215 (discriminator 5) include/linux/list.h:229 (discriminator 5) kernel/events/core.c:5395 (discriminator 5)) 
[ 269.768671][ T5119] Code: 74 60 8b 47 34 8d 77 08 e8 d6 18 f0 ff 89 f0 e8 db fd a5 01 85 f6 74 4a 8b 83 a8 03 00 00 8b 93 a4 03 00 00 8d 8b a4 03 00 00 <3b> 08 0f 85 ad 00 00 00 3b 4a 04 0f 85 a4 00 00 00 89 42 04 89 10
All code
========
   0:	74 60                	je     0x62
   2:	8b 47 34             	mov    0x34(%rdi),%eax
   5:	8d 77 08             	lea    0x8(%rdi),%esi
   8:	e8 d6 18 f0 ff       	call   0xfffffffffff018e3
   d:	89 f0                	mov    %esi,%eax
   f:	e8 db fd a5 01       	call   0x1a5fdef
  14:	85 f6                	test   %esi,%esi
  16:	74 4a                	je     0x62
  18:	8b 83 a8 03 00 00    	mov    0x3a8(%rbx),%eax
  1e:	8b 93 a4 03 00 00    	mov    0x3a4(%rbx),%edx
  24:	8d 8b a4 03 00 00    	lea    0x3a4(%rbx),%ecx
  2a:*	3b 08                	cmp    (%rax),%ecx		<-- trapping instruction
  2c:	0f 85 ad 00 00 00    	jne    0xdf
  32:	3b 4a 04             	cmp    0x4(%rdx),%ecx
  35:	0f 85 a4 00 00 00    	jne    0xdf
  3b:	89 42 04             	mov    %eax,0x4(%rdx)
  3e:	89 10                	mov    %edx,(%rax)

Code starting with the faulting instruction
===========================================
   0:	3b 08                	cmp    (%rax),%ecx
   2:	0f 85 ad 00 00 00    	jne    0xb5
   8:	3b 4a 04             	cmp    0x4(%rdx),%ecx
   b:	0f 85 a4 00 00 00    	jne    0xb5
  11:	89 42 04             	mov    %eax,0x4(%rdx)
  14:	89 10                	mov    %edx,(%rax)
[  269.770846][ T5119] EAX: 00000000 EBX: ece52bd8 ECX: ece52f7c EDX: 00000000
[  269.771647][ T5119] ESI: 840a5728 EDI: 840a5720 EBP: 8a9e3a90 ESP: 8a9e3a84
[  269.772469][ T5119] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010286
[  269.773369][ T5119] CR0: 80050033 CR2: 00000000 CR3: 6bada000 CR4: 000406f0
[  269.774272][ T5119] DR0: 76a0e000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[  269.775127][ T5119] DR6: ffff0ff0 DR7: 00030602
[  269.775810][ T5119] Call Trace:
[ 269.776374][ T5119] ? show_regs (arch/x86/kernel/dumpstack.c:479) 
[ 269.777014][ T5119] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434) 
[ 269.777590][ T5119] ? page_fault_oops (arch/x86/mm/fault.c:715) 
[ 269.778232][ T5119] ? kernelmode_fixup_or_oops+0x68/0x84 
[ 269.779041][ T5119] ? __bad_area_nosemaphore+0x11d/0x1c8 
[ 269.779854][ T5119] ? bad_area_nosemaphore (arch/x86/mm/fault.c:835) 
[ 269.780558][ T5119] ? do_user_addr_fault (arch/x86/mm/fault.c:1452) 
[ 269.781302][ T5119] ? __print_lock_name (kernel/locking/lockdep.c:728) 
[ 269.782017][ T5119] ? exc_page_fault (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:87 arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539) 
[ 269.782707][ T5119] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494) 
[ 269.783506][ T5119] ? handle_exception (arch/x86/entry/entry_32.S:1047) 
[ 269.784205][ T5119] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494) 
[ 269.784987][ T5119] ? __free_event (include/linux/list.h:119 (discriminator 5) include/linux/list.h:215 (discriminator 5) include/linux/list.h:229 (discriminator 5) kernel/events/core.c:5395 (discriminator 5)) 
[ 269.787167][ T5119] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494) 
[ 269.787970][ T5119] ? __free_event (include/linux/list.h:119 (discriminator 5) include/linux/list.h:215 (discriminator 5) include/linux/list.h:229 (discriminator 5) kernel/events/core.c:5395 (discriminator 5)) 
[ 269.788626][ T5119] perf_event_alloc (kernel/events/core.c:12566) 
[ 269.789313][ T5119] __do_sys_perf_event_open (kernel/events/core.c:12978) 
[ 269.790044][ T5119] ? perf_event_output_forward (kernel/events/core.c:8148) 
[ 269.790792][ T5119] __ia32_sys_perf_event_open (kernel/events/core.c:12865) 
[ 269.791511][ T5119] ia32_sys_call (arch/x86/entry/syscall_32.c:44) 
[ 269.792158][ T5119] __do_fast_syscall_32 (arch/x86/entry/common.c:165 arch/x86/entry/common.c:386) 
[ 269.792821][ T5119] ? lock_acquire (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827 kernel/locking/lockdep.c:5790) 
[ 269.793531][ T5119] ? __lock_acquire (kernel/locking/lockdep.c:5202) 
[ 269.794189][ T5119] ? find_held_lock (kernel/locking/lockdep.c:5315) 
[ 269.794830][ T5119] ? __lock_release+0x49/0x15c 
[ 269.795490][ T5119] ? hrtimer_start_range_ns (kernel/time/hrtimer.c:338 kernel/time/hrtimer.c:1246 kernel/time/hrtimer.c:1302) 
[ 269.796180][ T5119] ? find_held_lock (kernel/locking/lockdep.c:5315) 
[ 269.796805][ T5119] ? __lock_release+0x49/0x15c 
[ 269.797495][ T5119] ? __lock_acquire (kernel/locking/lockdep.c:5202) 
[ 269.798131][ T5119] ? lock_acquire (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827 kernel/locking/lockdep.c:5790) 
[ 269.798742][ T5119] ? find_held_lock (kernel/locking/lockdep.c:5315) 
[ 269.799363][ T5119] ? __lock_release+0x49/0x15c 
[ 269.800028][ T5119] ? __task_pid_nr_ns (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880 kernel/pid.c:514) 
[ 269.800661][ T5119] ? __task_pid_nr_ns (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880 kernel/pid.c:514) 
[ 269.801307][ T5119] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4613) 
[ 269.802056][ T5119] ? syscall_exit_to_user_mode (kernel/entry/common.c:221) 
[ 269.802747][ T5119] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391) 
[ 269.803393][ T5119] ? __ia32_sys_alarm (kernel/time/itimer.c:295 kernel/time/itimer.c:308 kernel/time/itimer.c:306 kernel/time/itimer.c:306) 
[ 269.804009][ T5119] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4613) 
[ 269.804739][ T5119] ? syscall_exit_to_user_mode (kernel/entry/common.c:221) 
[ 269.805424][ T5119] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391) 
[ 269.806050][ T5119] ? __lock_release+0x49/0x15c 
[ 269.806669][ T5119] ? __task_pid_nr_ns (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880 kernel/pid.c:514) 
[ 269.807213][ T5119] ? __task_pid_nr_ns (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880 kernel/pid.c:514) 
[ 269.807782][ T5119] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4613) 
[ 269.808416][ T5119] ? syscall_exit_to_user_mode (kernel/entry/common.c:221) 
[ 269.808858][ T5119] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391) 
[ 269.809284][ T5119] ? lock_acquire (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827 kernel/locking/lockdep.c:5790) 
[ 269.809705][ T5119] ? find_held_lock (kernel/locking/lockdep.c:5315) 
[ 269.810270][ T5119] ? __lock_release+0x49/0x15c 
[ 269.810857][ T5119] ? __task_pid_nr_ns (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880 kernel/pid.c:514) 
[ 269.811447][ T5119] ? __task_pid_nr_ns (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880 kernel/pid.c:514) 
[ 269.811994][ T5119] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4613) 
[ 269.812645][ T5119] ? syscall_exit_to_user_mode (kernel/entry/common.c:221) 
[ 269.813265][ T5119] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391) 
[ 269.813848][ T5119] ? mutex_unlock (kernel/locking/mutex.c:549) 
[ 269.814377][ T5119] ? __f_unlock_pos (fs/file.c:1168) 
[ 269.814949][ T5119] ? ksys_read (include/linux/file.h:68 include/linux/file.h:85 fs/read_write.c:715) 
[ 269.815480][ T5119] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4613) 
[ 269.816143][ T5119] ? syscall_exit_to_user_mode (kernel/entry/common.c:221) 
[ 269.816761][ T5119] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391) 
[ 269.817368][ T5119] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391) 
[ 269.817932][ T5119] ? irqentry_exit (kernel/entry/common.c:367) 
[ 269.818468][ T5119] do_fast_syscall_32 (arch/x86/entry/common.c:411) 
[ 269.819026][ T5119] do_SYSENTER_32 (arch/x86/entry/common.c:450) 
[ 269.819555][ T5119] entry_SYSENTER_32 (arch/x86/entry/entry_32.S:836) 
[  269.819984][ T5119] EIP: 0x77f83579
[ 269.820310][ T5119] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
All code
========
   0:	b8 01 10 06 03       	mov    $0x3061001,%eax
   5:	74 b4                	je     0xffffffffffffffbb
   7:	01 10                	add    %edx,(%rax)
   9:	07                   	(bad)
   a:	03 74 b0 01          	add    0x1(%rax,%rsi,4),%esi
   e:	10 08                	adc    %cl,(%rax)
  10:	03 74 d8 01          	add    0x1(%rax,%rbx,8),%esi
	...
  20:	00 51 52             	add    %dl,0x52(%rcx)
  23:	55                   	push   %rbp
  24:*	89 e5                	mov    %esp,%ebp		<-- trapping instruction
  26:	0f 34                	sysenter
  28:	cd 80                	int    $0x80
  2a:	5d                   	pop    %rbp
  2b:	5a                   	pop    %rdx
  2c:	59                   	pop    %rcx
  2d:	c3                   	ret
  2e:	90                   	nop
  2f:	90                   	nop
  30:	90                   	nop
  31:	90                   	nop
  32:	8d 76 00             	lea    0x0(%rsi),%esi
  35:	58                   	pop    %rax
  36:	b8 77 00 00 00       	mov    $0x77,%eax
  3b:	cd 80                	int    $0x80
  3d:	90                   	nop
  3e:	8d                   	.byte 0x8d
  3f:	76                   	.byte 0x76

Code starting with the faulting instruction
===========================================
   0:	5d                   	pop    %rbp
   1:	5a                   	pop    %rdx
   2:	59                   	pop    %rcx
   3:	c3                   	ret
   4:	90                   	nop
   5:	90                   	nop
   6:	90                   	nop
   7:	90                   	nop
   8:	8d 76 00             	lea    0x0(%rsi),%esi
   b:	58                   	pop    %rax
   c:	b8 77 00 00 00       	mov    $0x77,%eax
  11:	cd 80                	int    $0x80
  13:	90                   	nop
  14:	8d                   	.byte 0x8d
  15:	76                   	.byte 0x76


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241031/202410311530.3de6361b-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ