| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202506121630.2ea2a5b4-lkp@intel.com>
Date: Thu, 12 Jun 2025 16:45:12 +0800
From: kernel test robot <oliver.sang@...el.com>
To: JP Kobryn <inwardvessel@...il.com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-kernel@...r.kernel.org>,
Tejun Heo <tj@...nel.org>, Klara Modin <klarasmodin@...il.com>,
<cgroups@...r.kernel.org>, <oliver.sang@...el.com>
Subject: [linus:master] [cgroup] 731bdd9746:
BUG:kernel_NULL_pointer_dereference,address
Hello,
we reported
"[linux-next:master] [cgroup] 731bdd9746: BUG:kernel_NULL_pointer_dereference,address"
in
https://lore.kernel.org/all/202505281034.7ae1668d-lkp@intel.com/
and we noticed in
https://lore.kernel.org/all/9b500a3d-296b-4643-85d3-78d7bd6ec66b@gmail.com/
that there will be a patch.
since we noticed the commit is in mainline and we still observed similar issues,
just report again as a reminder. thanks
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: 731bdd97466a280d6bdd8eceeb13d9fab6f26cbd ("cgroup: avoid per-cpu allocation of size zero rstat cpu locks")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
[test failed on linus/master aef17cb3d3c43854002956f24c24ec8e1a0e3546]
[test failed on linux-next/master 19a60293b9925080d97f22f122aca3fc46dadaf9]
in testcase: locktorture
version:
with following parameters:
runtime: 300s
test: cpuhotplug
config: i386-randconfig-017-20250610
compiler: clang-20
test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+------------------------------------------------------------------+------------+------------+
| | dc9f08bac2 | 731bdd9746 |
+------------------------------------------------------------------+------------+------------+
| BUG:kernel_NULL_pointer_dereference,address | 0 | 18 |
| Oops:Oops:#[##] | 0 | 18 |
| EIP:lockdep_init_map_type | 0 | 18 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 18 |
+------------------------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202506121630.2ea2a5b4-lkp@intel.com
[ 2.332700][ T0] BUG: kernel NULL pointer dereference, address: 00000018
[ 2.333523][ T0] #PF: supervisor write access in kernel mode
[ 2.333523][ T0] #PF: error_code(0x0002) - not-present page
[ 2.333523][ T0] *pde = 00000000
[ 2.333523][ T0] Oops: Oops: 0002 [#1]
[ 2.333523][ T0] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.14.0-11173-g731bdd97466a #1 PREEMPT(voluntary) 00fbd346f9ecab0633cc52854fbaacf90c8417e1
[ 2.333523][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 2.333523][ T0] EIP: lockdep_init_map_type (kernel/locking/lockdep.c:4945)
[ 2.333523][ T0] Code: 00 00 00 5e 5d 2e e9 4e bf 3f 01 89 f0 e8 a7 43 f1 ff eb e5 90 90 90 90 90 55 89 e5 57 56 83 ec 08 8b 35 14 20 b8 9a 89 75 f4 <c7> 40 08 00 00 00 00 c7 40 04 00 00 00 00 8b 35 90 dd 90 9b 89 d7
All code
========
0: 00 00 add %al,(%rax)
2: 00 5e 5d add %bl,0x5d(%rsi)
5: 2e e9 4e bf 3f 01 cs jmp 0x13fbf59
b: 89 f0 mov %esi,%eax
d: e8 a7 43 f1 ff call 0xfffffffffff143b9
12: eb e5 jmp 0xfffffffffffffff9
14: 90 nop
15: 90 nop
16: 90 nop
17: 90 nop
18: 90 nop
19: 55 push %rbp
1a: 89 e5 mov %esp,%ebp
1c: 57 push %rdi
1d: 56 push %rsi
1e: 83 ec 08 sub $0x8,%esp
21: 8b 35 14 20 b8 9a mov -0x6547dfec(%rip),%esi # 0xffffffff9ab8203b
27: 89 75 f4 mov %esi,-0xc(%rbp)
2a:* c7 40 08 00 00 00 00 movl $0x0,0x8(%rax) <-- trapping instruction
31: c7 40 04 00 00 00 00 movl $0x0,0x4(%rax)
38: 8b 35 90 dd 90 9b mov -0x646f2270(%rip),%esi # 0xffffffff9b90ddce
3e: 89 d7 mov %edx,%edi
Code starting with the faulting instruction
===========================================
0: c7 40 08 00 00 00 00 movl $0x0,0x8(%rax)
7: c7 40 04 00 00 00 00 movl $0x0,0x4(%rax)
e: 8b 35 90 dd 90 9b mov -0x646f2270(%rip),%esi # 0xffffffff9b90dda4
14: 89 d7 mov %edx,%edi
[ 2.333523][ T0] EAX: 00000010 EBX: 9a8f2e13 ECX: 9ba10c30 EDX: 9a8f2e13
[ 2.333523][ T0] ESI: f894bc3e EDI: 9ba10c30 EBP: 9ab77efc ESP: 9ab77eec
[ 2.333523][ T0] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00210292
[ 2.333523][ T0] CR0: 80050033 CR2: 00000018 CR3: 1b321000 CR4: 000406d0
[ 2.333523][ T0] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 2.333523][ T0] DR6: fffe0ff0 DR7: 00000400
[ 2.333523][ T0] Call Trace:
[ 2.333523][ T0] __raw_spin_lock_init (include/linux/lockdep.h:135 include/linux/lockdep.h:142 kernel/locking/spinlock_debug.c:25)
[ 2.333523][ T0] ss_rstat_init (kernel/cgroup/rstat.c:530)
[ 2.333523][ T0] cgroup_init_subsys (kernel/cgroup/cgroup.c:6091)
[ 2.333523][ T0] cgroup_init (kernel/cgroup/cgroup.c:?)
[ 2.333523][ T0] start_kernel (init/main.c:1094)
[ 2.333523][ T0] i386_start_kernel (arch/x86/kernel/head32.c:79)
[ 2.333523][ T0] startup_32_smp (arch/x86/kernel/head_32.S:292)
[ 2.333523][ T0] Modules linked in:
[ 2.333523][ T0] CR2: 0000000000000018
[ 2.333523][ T0] ---[ end trace 0000000000000000 ]---
[ 2.333523][ T0] EIP: lockdep_init_map_type (kernel/locking/lockdep.c:4945)
[ 2.333523][ T0] Code: 00 00 00 5e 5d 2e e9 4e bf 3f 01 89 f0 e8 a7 43 f1 ff eb e5 90 90 90 90 90 55 89 e5 57 56 83 ec 08 8b 35 14 20 b8 9a 89 75 f4 <c7> 40 08 00 00 00 00 c7 40 04 00 00 00 00 8b 35 90 dd 90 9b 89 d7
All code
========
0: 00 00 add %al,(%rax)
2: 00 5e 5d add %bl,0x5d(%rsi)
5: 2e e9 4e bf 3f 01 cs jmp 0x13fbf59
b: 89 f0 mov %esi,%eax
d: e8 a7 43 f1 ff call 0xfffffffffff143b9
12: eb e5 jmp 0xfffffffffffffff9
14: 90 nop
15: 90 nop
16: 90 nop
17: 90 nop
18: 90 nop
19: 55 push %rbp
1a: 89 e5 mov %esp,%ebp
1c: 57 push %rdi
1d: 56 push %rsi
1e: 83 ec 08 sub $0x8,%esp
21: 8b 35 14 20 b8 9a mov -0x6547dfec(%rip),%esi # 0xffffffff9ab8203b
27: 89 75 f4 mov %esi,-0xc(%rbp)
2a:* c7 40 08 00 00 00 00 movl $0x0,0x8(%rax) <-- trapping instruction
31: c7 40 04 00 00 00 00 movl $0x0,0x4(%rax)
38: 8b 35 90 dd 90 9b mov -0x646f2270(%rip),%esi # 0xffffffff9b90ddce
3e: 89 d7 mov %edx,%edi
Code starting with the faulting instruction
===========================================
0: c7 40 08 00 00 00 00 movl $0x0,0x8(%rax)
7: c7 40 04 00 00 00 00 movl $0x0,0x4(%rax)
e: 8b 35 90 dd 90 9b mov -0x646f2270(%rip),%esi # 0xffffffff9b90dda4
14: 89 d7 mov %edx,%edi
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250612/202506121630.2ea2a5b4-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists