| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202509101342.a803ecaa-lkp@intel.com>
Date: Wed, 10 Sep 2025 14:05:50 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Daniel Wagner <wagi@...nel.org>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-block@...r.kernel.org>,
Jens Axboe <axboe@...nel.dk>, Keith Busch <kbusch@...nel.org>, "Christoph
Hellwig" <hch@....de>, Sagi Grimberg <sagi@...mberg.me>, "Michael S. Tsirkin"
<mst@...hat.com>, Aaron Tomlin <atomlin@...mlin.com>, "Martin K. Petersen"
<martin.petersen@...cle.com>, Thomas Gleixner <tglx@...utronix.de>, "Costa
Shulyupin" <costa.shul@...hat.com>, Juri Lelli <juri.lelli@...hat.com>,
Valentin Schneider <vschneid@...hat.com>, Waiman Long <llong@...hat.com>,
Ming Lei <ming.lei@...hat.com>, Frederic Weisbecker <frederic@...nel.org>,
Mel Gorman <mgorman@...e.de>, Hannes Reinecke <hare@...e.de>, "Mathieu
Desnoyers" <mathieu.desnoyers@...icios.com>, <linux-kernel@...r.kernel.org>,
<linux-nvme@...ts.infradead.org>, <megaraidlinux.pdl@...adcom.com>,
<linux-scsi@...r.kernel.org>, <storagedev@...rochip.com>,
<virtualization@...ts.linux.dev>, <GR-QLogic-Storage-Upstream@...vell.com>,
Daniel Wagner <wagi@...nel.org>, <oliver.sang@...el.com>
Subject: Re: [PATCH v8 10/12] blk-mq: use hk cpus only when isolcpus=io_queue
is enabled
Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: d918b4998cfeebf2116443c533f7e3e593658465 ("[PATCH v8 10/12] blk-mq: use hk cpus only when isolcpus=io_queue is enabled")
url: https://github.com/intel-lab-lkp/linux/commits/Daniel-Wagner/scsi-aacraid-use-block-layer-helpers-to-calculate-num-of-queues/20250905-230949
patch link: https://lore.kernel.org/all/20250905-isolcpus-io-queues-v8-10-885984c5daca@kernel.org/
patch subject: [PATCH v8 10/12] blk-mq: use hk cpus only when isolcpus=io_queue is enabled
in testcase: rcutorture
version:
with following parameters:
runtime: 300s
test: cpuhotplug
torture_type: tasks-rude
config: i386-randconfig-017-20250909
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------+------------+------------+
| | 0365b94791 | d918b4998c |
+---------------------------------------------+------------+------------+
| boot_successes | 12 | 0 |
| boot_failures | 0 | 15 |
| Mem-Info | 0 | 15 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 15 |
| Oops | 0 | 15 |
| EIP:__blk_mq_all_tag_iter | 0 | 15 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 15 |
+---------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202509101342.a803ecaa-lkp@intel.com
[ 874.700557][ T21] BUG: kernel NULL pointer dereference, address: 00000004
[ 874.701560][ T21] #PF: supervisor read access in kernel mode
[ 874.702264][ T21] #PF: error_code(0x0000) - not-present page
[ 874.702940][ T21] *pde = 00000000
[ 874.703513][ T21] Oops: Oops: 0000 [#1] SMP
[ 874.704091][ T21] CPU: 1 UID: 0 PID: 21 Comm: cpuhp/1 Tainted: G S 6.17.0-rc4-00010-gd918b4998cfe #1 NONE
[ 874.705003][ T21] Tainted: [S]=CPU_OUT_OF_SPEC
[ 874.705657][ T21] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 874.706497][ T21] EIP: __blk_mq_all_tag_iter (block/blk-mq-tag.c:399)
[ 874.707121][ T21] Code: c9 6a 00 e8 d8 4f 94 ff 83 c4 04 89 da 83 e2 01 74 02 0f 0b 8b 5d 08 b8 30 7c 33 45 31 c9 6a 00 e8 bb 4f 94 ff 89 d9 83 c4 04 <83> 7e 04 00 8b 5d 0c 74 2e 89 d8 83 c8 01 89 75 e4 89 7d e8 89 4d
All code
========
0: c9 leave
1: 6a 00 push $0x0
3: e8 d8 4f 94 ff call 0xffffffffff944fe0
8: 83 c4 04 add $0x4,%esp
b: 89 da mov %ebx,%edx
d: 83 e2 01 and $0x1,%edx
10: 74 02 je 0x14
12: 0f 0b ud2
14: 8b 5d 08 mov 0x8(%rbp),%ebx
17: b8 30 7c 33 45 mov $0x45337c30,%eax
1c: 31 c9 xor %ecx,%ecx
1e: 6a 00 push $0x0
20: e8 bb 4f 94 ff call 0xffffffffff944fe0
25: 89 d9 mov %ebx,%ecx
27: 83 c4 04 add $0x4,%esp
2a:* 83 7e 04 00 cmpl $0x0,0x4(%rsi) <-- trapping instruction
2e: 8b 5d 0c mov 0xc(%rbp),%ebx
31: 74 2e je 0x61
33: 89 d8 mov %ebx,%eax
35: 83 c8 01 or $0x1,%eax
38: 89 75 e4 mov %esi,-0x1c(%rbp)
3b: 89 7d e8 mov %edi,-0x18(%rbp)
3e: 89 .byte 0x89
3f: 4d rex.WRB
Code starting with the faulting instruction
===========================================
0: 83 7e 04 00 cmpl $0x0,0x4(%rsi)
4: 8b 5d 0c mov 0xc(%rbp),%ebx
7: 74 2e je 0x37
9: 89 d8 mov %ebx,%eax
b: 83 c8 01 or $0x1,%eax
e: 89 75 e4 mov %esi,-0x1c(%rbp)
11: 89 7d e8 mov %edi,-0x18(%rbp)
14: 89 .byte 0x89
15: 4d rex.WRB
[ 874.708716][ T21] EAX: 00000000 EBX: 4632deb8 ECX: 4632deb8 EDX: 00000000
[ 874.709385][ T21] ESI: 00000000 EDI: 4192ace0 EBP: 4632de9c ESP: 4632de80
[ 874.710046][ T21] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010212
[ 874.710741][ T21] CR0: 80050033 CR2: 00000004 CR3: 158ad000 CR4: 00040690
[ 874.711424][ T21] Call Trace:
[ 874.711911][ T21] ? blk_mq_all_tag_iter (block/blk-mq-tag.c:420)
[ 874.712479][ T21] ? blk_mq_hctx_notify_offline (block/blk-mq.c:3736)
[ 874.713083][ T21] ? blk_mq_hctx_notify_online (block/blk-mq.c:3713)
[ 874.713672][ T21] ? cpuhp_invoke_callback (kernel/cpu.c:217)
[ 874.714273][ T21] ? blk_mq_hctx_notify_online (block/blk-mq.c:3713)
[ 874.714861][ T21] ? cpuhp_thread_fun (kernel/cpu.c:1105)
[ 874.715433][ T21] ? smpboot_thread_fn (kernel/smpboot.c:?)
[ 874.716005][ T21] ? kthread (kernel/kthread.c:465)
[ 874.716528][ T21] ? smpboot_unregister_percpu_thread (kernel/smpboot.c:103)
[ 874.717144][ T21] ? __do_trace_sched_kthread_stop_ret (kernel/kthread.c:412)
[ 874.717763][ T21] ? __do_trace_sched_kthread_stop_ret (kernel/kthread.c:412)
[ 874.718378][ T21] ? ret_from_fork (arch/x86/kernel/process.c:154)
[ 874.718945][ T21] ? __do_trace_sched_kthread_stop_ret (kernel/kthread.c:412)
[ 874.719574][ T21] ? ret_from_fork_asm (arch/x86/entry/entry_32.S:737)
[ 874.720128][ T21] ? entry_INT80_32 (arch/x86/entry/entry_32.S:945)
[ 874.720667][ T21] Modules linked in: rcutorture torture
[ 874.721260][ T21] CR2: 0000000000000004
[ 874.721773][ T21] ---[ end trace 0000000000000000 ]---
[ 874.722424][ T21] EIP: __blk_mq_all_tag_iter (block/blk-mq-tag.c:399)
[ 874.723094][ T21] Code: c9 6a 00 e8 d8 4f 94 ff 83 c4 04 89 da 83 e2 01 74 02 0f 0b 8b 5d 08 b8 30 7c 33 45 31 c9 6a 00 e8 bb 4f 94 ff 89 d9 83 c4 04 <83> 7e 04 00 8b 5d 0c 74 2e 89 d8 83 c8 01 89 75 e4 89 7d e8 89 4d
All code
========
0: c9 leave
1: 6a 00 push $0x0
3: e8 d8 4f 94 ff call 0xffffffffff944fe0
8: 83 c4 04 add $0x4,%esp
b: 89 da mov %ebx,%edx
d: 83 e2 01 and $0x1,%edx
10: 74 02 je 0x14
12: 0f 0b ud2
14: 8b 5d 08 mov 0x8(%rbp),%ebx
17: b8 30 7c 33 45 mov $0x45337c30,%eax
1c: 31 c9 xor %ecx,%ecx
1e: 6a 00 push $0x0
20: e8 bb 4f 94 ff call 0xffffffffff944fe0
25: 89 d9 mov %ebx,%ecx
27: 83 c4 04 add $0x4,%esp
2a:* 83 7e 04 00 cmpl $0x0,0x4(%rsi) <-- trapping instruction
2e: 8b 5d 0c mov 0xc(%rbp),%ebx
31: 74 2e je 0x61
33: 89 d8 mov %ebx,%eax
35: 83 c8 01 or $0x1,%eax
38: 89 75 e4 mov %esi,-0x1c(%rbp)
3b: 89 7d e8 mov %edi,-0x18(%rbp)
3e: 89 .byte 0x89
3f: 4d rex.WRB
Code starting with the faulting instruction
===========================================
0: 83 7e 04 00 cmpl $0x0,0x4(%rsi)
4: 8b 5d 0c mov 0xc(%rbp),%ebx
7: 74 2e je 0x37
9: 89 d8 mov %ebx,%eax
b: 83 c8 01 or $0x1,%eax
e: 89 75 e4 mov %esi,-0x1c(%rbp)
11: 89 7d e8 mov %edi,-0x18(%rbp)
14: 89 .byte 0x89
15: 4d rex.WRB
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250910/202509101342.a803ecaa-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists