| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202602032236.bcc0d1b7-lkp@intel.com>
Date: Tue, 3 Feb 2026 22:13:19 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Peter Zijlstra <peterz@...radead.org>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-kernel@...r.kernel.org>,
<aubrey.li@...ux.intel.com>, <yu.c.chen@...el.com>, <oliver.sang@...el.com>
Subject: [peterz-queue:sched/hrtick] [sched/fair] fb047eb995:
Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]KASAN_PTI
Hello,
kernel test robot noticed "Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]KASAN_PTI" on:
commit: fb047eb995aea53b2ddc61661210e507d098248e ("sched/fair: Increase weight bits for avg_vruntime")
https://git.kernel.org/cgit/linux/kernel/git/peterz/queue.git sched/hrtick
in testcase: trinity
version:
with following parameters:
runtime: 300s
group: group-01
nr_groups: 5
config: x86_64-randconfig-123-20250522
compiler: gcc-14
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+----------------------------------------------------------------------------------+------------+------------+
| | 854e0fe280 | fb047eb995 |
+----------------------------------------------------------------------------------+------------+------------+
| boot_failures | 0 | 6 |
| Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]KASAN_PTI | 0 | 6 |
| KASAN:null-ptr-deref_in_range[#-#] | 0 | 6 |
| RIP:pick_task_fair | 0 | 6 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 6 |
+----------------------------------------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202602032236.bcc0d1b7-lkp@intel.com
[ 110.120926][ T3839] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000a: 0000 [#1] KASAN PTI
[ 110.121772][ T3839] KASAN: null-ptr-deref in range [0x0000000000000050-0x0000000000000057]
[ 110.122306][ T3839] CPU: 0 UID: 0 PID: 3839 Comm: kworker/u4:3 Not tainted 6.19.0-rc1-00053-gfb047eb995ae #1 PREEMPT(lazy)
[ 110.123021][ T3839] Workqueue: 0x0 (events_unbound)
[ 110.123364][ T3839] RIP: 0010:pick_task_fair (kernel/sched/fair.c:5544 kernel/sched/fair.c:8967)
[ 110.123759][ T3839] Code: 00 85 c0 0f 85 f0 00 00 00 be 01 00 00 00 4c 89 ff e8 41 4b fd ff 48 8d 78 51 48 89 c6 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <42> 0f b6 04 30 38 d0 7f 08 84 c0 0f 85 e2 01 00 00 80 7e 51 00 0f
All code
========
0: 00 85 c0 0f 85 f0 add %al,-0xf7af040(%rbp)
6: 00 00 add %al,(%rax)
8: 00 be 01 00 00 00 add %bh,0x1(%rsi)
e: 4c 89 ff mov %r15,%rdi
11: e8 41 4b fd ff call 0xfffffffffffd4b57
16: 48 8d 78 51 lea 0x51(%rax),%rdi
1a: 48 89 c6 mov %rax,%rsi
1d: 48 89 f8 mov %rdi,%rax
20: 48 89 fa mov %rdi,%rdx
23: 48 c1 e8 03 shr $0x3,%rax
27: 83 e2 07 and $0x7,%edx
2a:* 42 0f b6 04 30 movzbl (%rax,%r14,1),%eax <-- trapping instruction
2f: 38 d0 cmp %dl,%al
31: 7f 08 jg 0x3b
33: 84 c0 test %al,%al
35: 0f 85 e2 01 00 00 jne 0x21d
3b: 80 7e 51 00 cmpb $0x0,0x51(%rsi)
3f: 0f .byte 0xf
Code starting with the faulting instruction
===========================================
0: 42 0f b6 04 30 movzbl (%rax,%r14,1),%eax
5: 38 d0 cmp %dl,%al
7: 7f 08 jg 0x11
9: 84 c0 test %al,%al
b: 0f 85 e2 01 00 00 jne 0x1f3
11: 80 7e 51 00 cmpb $0x0,0x51(%rsi)
15: 0f .byte 0xf
[ 110.125105][ T3839] RSP: 0018:ffff88811d317bf0 EFLAGS: 00010002
[ 110.125497][ T3839] RAX: 000000000000000a RBX: ffffffff86b454c0 RCX: 1ffffffff1022aa7
[ 110.126030][ T3839] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000051
[ 110.126528][ T3839] RBP: fffffbfff0d68aba R08: ffffffff86b454c0 R09: 0000000000000000
[ 110.127026][ T3839] R10: ffffffff86b45648 R11: 0000000000000000 R12: ffffffff86b455d0
[ 110.127525][ T3839] R13: 0000000000000000 R14: dffffc0000000000 R15: ffff88811ea67000
[ 110.128095][ T3839] FS: 0000000000000000(0000) GS:0000000000000000(0000) knlGS:0000000000000000
[ 110.128732][ T3839] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 110.129171][ T3839] CR2: 000000000a561000 CR3: 000000011b972000 CR4: 00000000000406b0
[ 110.129707][ T3839] Call Trace:
[ 110.129919][ T3839] <TASK>
[ 110.130113][ T3839] pick_next_task_fair (kernel/sched/fair.c:8990)
[ 110.130436][ T3839] ? dequeue_task_fair (kernel/sched/fair.c:7184 (discriminator 1))
[ 110.130758][ T3839] __pick_next_task+0x75/0x5b0
[ 110.131130][ T3839] __schedule (kernel/sched/core.c:6813)
[ 110.131414][ T3839] ? schedule (kernel/sched/core.c:6908 (discriminator 1) kernel/sched/core.c:6966 (discriminator 1))
[ 110.131721][ T3839] ? __pfx___schedule (kernel/sched/core.c:6725)
[ 110.132063][ T3839] ? local_clock_noinstr (kernel/sched/clock.c:304 (discriminator 1))
[ 110.132429][ T3839] ? local_clock (arch/x86/include/asm/preempt.h:95 (discriminator 1) kernel/sched/clock.c:319 (discriminator 1))
[ 110.132750][ T3839] ? __lock_release+0x119/0x2b0
[ 110.133127][ T3839] schedule (arch/x86/include/asm/preempt.h:85 (discriminator 13) kernel/sched/core.c:6953 (discriminator 13) kernel/sched/core.c:6967 (discriminator 13))
[ 110.133390][ T3839] ? worker_thread (kernel/workqueue.c:3434 (discriminator 3))
[ 110.133741][ T3839] worker_thread (kernel/workqueue.c:3437)
[ 110.134034][ T3839] ? __kthread_parkme (arch/x86/include/asm/bitops.h:202 (discriminator 1) arch/x86/include/asm/bitops.h:232 (discriminator 1) include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 1) kernel/kthread.c:290 (discriminator 1))
[ 110.134347][ T3839] ? __pfx_worker_thread (kernel/workqueue.c:3367)
[ 110.134676][ T3839] kthread (kernel/kthread.c:463)
[ 110.134934][ T3839] ? local_clock_noinstr (kernel/sched/clock.c:304 (discriminator 1))
[ 110.135259][ T3839] ? __pfx_kthread (kernel/kthread.c:412)
[ 110.135549][ T3839] ? ret_from_fork (arch/x86/kernel/process.c:157 (discriminator 1))
[ 110.135898][ T3839] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4351 kernel/locking/lockdep.c:4410)
[ 110.136315][ T3839] ? __pfx_kthread (kernel/kthread.c:412)
[ 110.136642][ T3839] ret_from_fork (arch/x86/kernel/process.c:164)
[ 110.136985][ T3839] ? __pfx_ret_from_fork (arch/x86/kernel/process.c:153)
[ 110.137309][ T3839] ? __switch_to (arch/x86/include/asm/bitops.h:202 (discriminator 1) arch/x86/include/asm/bitops.h:232 (discriminator 1) include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 1) include/linux/thread_info.h:133 (discriminator 1) include/linux/sched.h:2012 (discriminator 1) arch/x86/include/asm/fpu/sched.h:34 (discriminator 1) arch/x86/kernel/process_64.c:619 (discriminator 1))
[ 110.137605][ T3839] ? __switch_to_asm (arch/x86/entry/entry_64.S:207)
[ 110.137954][ T3839] ? __pfx_kthread (kernel/kthread.c:412)
[ 110.138243][ T3839] ret_from_fork_asm (arch/x86/entry/entry_64.S:259)
[ 110.138551][ T3839] </TASK>
[ 110.138776][ T3839] Modules linked in:
[ 110.139037][ T3839] ---[ end trace 0000000000000000 ]---
[ 110.139382][ T3839] RIP: 0010:pick_task_fair (kernel/sched/fair.c:5544 kernel/sched/fair.c:8967)
[ 110.139749][ T3839] Code: 00 85 c0 0f 85 f0 00 00 00 be 01 00 00 00 4c 89 ff e8 41 4b fd ff 48 8d 78 51 48 89 c6 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <42> 0f b6 04 30 38 d0 7f 08 84 c0 0f 85 e2 01 00 00 80 7e 51 00 0f
All code
========
0: 00 85 c0 0f 85 f0 add %al,-0xf7af040(%rbp)
6: 00 00 add %al,(%rax)
8: 00 be 01 00 00 00 add %bh,0x1(%rsi)
e: 4c 89 ff mov %r15,%rdi
11: e8 41 4b fd ff call 0xfffffffffffd4b57
16: 48 8d 78 51 lea 0x51(%rax),%rdi
1a: 48 89 c6 mov %rax,%rsi
1d: 48 89 f8 mov %rdi,%rax
20: 48 89 fa mov %rdi,%rdx
23: 48 c1 e8 03 shr $0x3,%rax
27: 83 e2 07 and $0x7,%edx
2a:* 42 0f b6 04 30 movzbl (%rax,%r14,1),%eax <-- trapping instruction
2f: 38 d0 cmp %dl,%al
31: 7f 08 jg 0x3b
33: 84 c0 test %al,%al
35: 0f 85 e2 01 00 00 jne 0x21d
3b: 80 7e 51 00 cmpb $0x0,0x51(%rsi)
3f: 0f .byte 0xf
Code starting with the faulting instruction
===========================================
0: 42 0f b6 04 30 movzbl (%rax,%r14,1),%eax
5: 38 d0 cmp %dl,%al
7: 7f 08 jg 0x11
9: 84 c0 test %al,%al
b: 0f 85 e2 01 00 00 jne 0x1f3
11: 80 7e 51 00 cmpb $0x0,0x51(%rsi)
15: 0f .byte 0xf
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260203/202602032236.bcc0d1b7-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists