Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: 47b40a2914e5bd319e85aab763b60dd2e13b4076 ("[CI 1/1] pmu changes")
url: https://github.com/intel-lab-lkp/linux/commits/Lucas-De-Marchi/pmu-changes/20241029-224928
base: https://git.kernel.org/cgit/linux/kernel/git/perf/perf-tools-next.git perf-tools-next
patch link: https://lore.kernel.org/all/20241029144803.631999-2-lucas.demarchi@xxxxxxxxx/
patch subject: [CI 1/1] pmu changes
in testcase: trinity
version: trinity-i386-abe9de86-1_20230429
with following parameters:
runtime: 300s
group: group-00
nr_groups: 5
config: i386-randconfig-141-20241030
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+------------------------------------------------+------------+------------+
| | 150dab31d5 | 47b40a2914 |
+------------------------------------------------+------------+------------+
| BUG:kernel_NULL_pointer_dereference,address | 0 | 6 |
| Oops | 0 | 6 |
| EIP:__free_event | 0 | 6 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 6 |
+------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202410311530.3de6361b-lkp@xxxxxxxxx
[ 269.760917][ T5119] BUG: kernel NULL pointer dereference, address: 00000000
[ 269.762008][ T5119] #PF: supervisor read access in kernel mode
[ 269.762871][ T5119] #PF: error_code(0x0000) - not-present page
[ 269.763640][ T5119] *pdpt = 000000006b932001 *pde = 0000000000000000
[ 269.764436][ T5119] Oops: Oops: 0000 [#1] PREEMPT PTI
[ 269.765118][ T5119] CPU: 0 UID: 65534 PID: 5119 Comm: trinity-c1 Tainted: G S 6.12.0-rc3-00137-g47b40a2914e5 #1
[ 269.766301][ T5119] Tainted: [S]=CPU_OUT_OF_SPEC
[ 269.766950][ T5119] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 269.768012][ T5119] EIP: __free_event (include/linux/list.h:119 (discriminator 5) include/linux/list.h:215 (discriminator 5) include/linux/list.h:229 (discriminator 5) kernel/events/core.c:5395 (discriminator 5))
[ 269.768671][ T5119] Code: 74 60 8b 47 34 8d 77 08 e8 d6 18 f0 ff 89 f0 e8 db fd a5 01 85 f6 74 4a 8b 83 a8 03 00 00 8b 93 a4 03 00 00 8d 8b a4 03 00 00 <3b> 08 0f 85 ad 00 00 00 3b 4a 04 0f 85 a4 00 00 00 89 42 04 89 10
All code
========
0: 74 60 je 0x62
2: 8b 47 34 mov 0x34(%rdi),%eax
5: 8d 77 08 lea 0x8(%rdi),%esi
8: e8 d6 18 f0 ff call 0xfffffffffff018e3
d: 89 f0 mov %esi,%eax
f: e8 db fd a5 01 call 0x1a5fdef
14: 85 f6 test %esi,%esi
16: 74 4a je 0x62
18: 8b 83 a8 03 00 00 mov 0x3a8(%rbx),%eax
1e: 8b 93 a4 03 00 00 mov 0x3a4(%rbx),%edx
24: 8d 8b a4 03 00 00 lea 0x3a4(%rbx),%ecx
2a:* 3b 08 cmp (%rax),%ecx <-- trapping instruction
2c: 0f 85 ad 00 00 00 jne 0xdf
32: 3b 4a 04 cmp 0x4(%rdx),%ecx
35: 0f 85 a4 00 00 00 jne 0xdf
3b: 89 42 04 mov %eax,0x4(%rdx)
3e: 89 10 mov %edx,(%rax)
Code starting with the faulting instruction
===========================================
0: 3b 08 cmp (%rax),%ecx
2: 0f 85 ad 00 00 00 jne 0xb5
8: 3b 4a 04 cmp 0x4(%rdx),%ecx
b: 0f 85 a4 00 00 00 jne 0xb5
11: 89 42 04 mov %eax,0x4(%rdx)
14: 89 10 mov %edx,(%rax)
[ 269.770846][ T5119] EAX: 00000000 EBX: ece52bd8 ECX: ece52f7c EDX: 00000000
[ 269.771647][ T5119] ESI: 840a5728 EDI: 840a5720 EBP: 8a9e3a90 ESP: 8a9e3a84
[ 269.772469][ T5119] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010286
[ 269.773369][ T5119] CR0: 80050033 CR2: 00000000 CR3: 6bada000 CR4: 000406f0
[ 269.774272][ T5119] DR0: 76a0e000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 269.775127][ T5119] DR6: ffff0ff0 DR7: 00030602
[ 269.775810][ T5119] Call Trace:
[ 269.776374][ T5119] ? show_regs (arch/x86/kernel/dumpstack.c:479)
[ 269.777014][ T5119] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)
[ 269.777590][ T5119] ? page_fault_oops (arch/x86/mm/fault.c:715)
[ 269.778232][ T5119] ? kernelmode_fixup_or_oops+0x68/0x84
[ 269.779041][ T5119] ? __bad_area_nosemaphore+0x11d/0x1c8
[ 269.779854][ T5119] ? bad_area_nosemaphore (arch/x86/mm/fault.c:835)
[ 269.780558][ T5119] ? do_user_addr_fault (arch/x86/mm/fault.c:1452)
[ 269.781302][ T5119] ? __print_lock_name (kernel/locking/lockdep.c:728)
[ 269.782017][ T5119] ? exc_page_fault (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:87 arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539)
[ 269.782707][ T5119] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 269.783506][ T5119] ? handle_exception (arch/x86/entry/entry_32.S:1047)
[ 269.784205][ T5119] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 269.784987][ T5119] ? __free_event (include/linux/list.h:119 (discriminator 5) include/linux/list.h:215 (discriminator 5) include/linux/list.h:229 (discriminator 5) kernel/events/core.c:5395 (discriminator 5))
[ 269.787167][ T5119] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 269.787970][ T5119] ? __free_event (include/linux/list.h:119 (discriminator 5) include/linux/list.h:215 (discriminator 5) include/linux/list.h:229 (discriminator 5) kernel/events/core.c:5395 (discriminator 5))
[ 269.788626][ T5119] perf_event_alloc (kernel/events/core.c:12566)
[ 269.789313][ T5119] __do_sys_perf_event_open (kernel/events/core.c:12978)
[ 269.790044][ T5119] ? perf_event_output_forward (kernel/events/core.c:8148)
[ 269.790792][ T5119] __ia32_sys_perf_event_open (kernel/events/core.c:12865)
[ 269.791511][ T5119] ia32_sys_call (arch/x86/entry/syscall_32.c:44)
[ 269.792158][ T5119] __do_fast_syscall_32 (arch/x86/entry/common.c:165 arch/x86/entry/common.c:386)
[ 269.792821][ T5119] ? lock_acquire (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827 kernel/locking/lockdep.c:5790)
[ 269.793531][ T5119] ? __lock_acquire (kernel/locking/lockdep.c:5202)
[ 269.794189][ T5119] ? find_held_lock (kernel/locking/lockdep.c:5315)
[ 269.794830][ T5119] ? __lock_release+0x49/0x15c
[ 269.795490][ T5119] ? hrtimer_start_range_ns (kernel/time/hrtimer.c:338 kernel/time/hrtimer.c:1246 kernel/time/hrtimer.c:1302)
[ 269.796180][ T5119] ? find_held_lock (kernel/locking/lockdep.c:5315)
[ 269.796805][ T5119] ? __lock_release+0x49/0x15c
[ 269.797495][ T5119] ? __lock_acquire (kernel/locking/lockdep.c:5202)
[ 269.798131][ T5119] ? lock_acquire (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827 kernel/locking/lockdep.c:5790)
[ 269.798742][ T5119] ? find_held_lock (kernel/locking/lockdep.c:5315)
[ 269.799363][ T5119] ? __lock_release+0x49/0x15c
[ 269.800028][ T5119] ? __task_pid_nr_ns (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880 kernel/pid.c:514)
[ 269.800661][ T5119] ? __task_pid_nr_ns (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880 kernel/pid.c:514)
[ 269.801307][ T5119] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4613)
[ 269.802056][ T5119] ? syscall_exit_to_user_mode (kernel/entry/common.c:221)
[ 269.802747][ T5119] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391)
[ 269.803393][ T5119] ? __ia32_sys_alarm (kernel/time/itimer.c:295 kernel/time/itimer.c:308 kernel/time/itimer.c:306 kernel/time/itimer.c:306)
[ 269.804009][ T5119] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4613)
[ 269.804739][ T5119] ? syscall_exit_to_user_mode (kernel/entry/common.c:221)
[ 269.805424][ T5119] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391)
[ 269.806050][ T5119] ? __lock_release+0x49/0x15c
[ 269.806669][ T5119] ? __task_pid_nr_ns (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880 kernel/pid.c:514)
[ 269.807213][ T5119] ? __task_pid_nr_ns (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880 kernel/pid.c:514)
[ 269.807782][ T5119] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4613)
[ 269.808416][ T5119] ? syscall_exit_to_user_mode (kernel/entry/common.c:221)
[ 269.808858][ T5119] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391)
[ 269.809284][ T5119] ? lock_acquire (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5827 kernel/locking/lockdep.c:5790)
[ 269.809705][ T5119] ? find_held_lock (kernel/locking/lockdep.c:5315)
[ 269.810270][ T5119] ? __lock_release+0x49/0x15c
[ 269.810857][ T5119] ? __task_pid_nr_ns (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880 kernel/pid.c:514)
[ 269.811447][ T5119] ? __task_pid_nr_ns (include/linux/rcupdate.h:347 include/linux/rcupdate.h:880 kernel/pid.c:514)
[ 269.811994][ T5119] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4613)
[ 269.812645][ T5119] ? syscall_exit_to_user_mode (kernel/entry/common.c:221)
[ 269.813265][ T5119] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391)
[ 269.813848][ T5119] ? mutex_unlock (kernel/locking/mutex.c:549)
[ 269.814377][ T5119] ? __f_unlock_pos (fs/file.c:1168)
[ 269.814949][ T5119] ? ksys_read (include/linux/file.h:68 include/linux/file.h:85 fs/read_write.c:715)
[ 269.815480][ T5119] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4613)
[ 269.816143][ T5119] ? syscall_exit_to_user_mode (kernel/entry/common.c:221)
[ 269.816761][ T5119] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391)
[ 269.817368][ T5119] ? __do_fast_syscall_32 (arch/x86/entry/common.c:391)
[ 269.817932][ T5119] ? irqentry_exit (kernel/entry/common.c:367)
[ 269.818468][ T5119] do_fast_syscall_32 (arch/x86/entry/common.c:411)
[ 269.819026][ T5119] do_SYSENTER_32 (arch/x86/entry/common.c:450)
[ 269.819555][ T5119] entry_SYSENTER_32 (arch/x86/entry/entry_32.S:836)
[ 269.819984][ T5119] EIP: 0x77f83579
[ 269.820310][ T5119] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
All code
========
0: b8 01 10 06 03 mov $0x3061001,%eax
5: 74 b4 je 0xffffffffffffffbb
7: 01 10 add %edx,(%rax)
9: 07 (bad)
a: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
e: 10 08 adc %cl,(%rax)
10: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24:* 89 e5 mov %esp,%ebp <-- trapping instruction
26: 0f 34 sysenter
28: cd 80 int $0x80
2a: 5d pop %rbp
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 8d 76 00 lea 0x0(%rsi),%esi
35: 58 pop %rax
36: b8 77 00 00 00 mov $0x77,%eax
3b: cd 80 int $0x80
3d: 90 nop
3e: 8d .byte 0x8d
3f: 76 .byte 0x76
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 ret
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 8d 76 00 lea 0x0(%rsi),%esi
b: 58 pop %rax
c: b8 77 00 00 00 mov $0x77,%eax
11: cd 80 int $0x80
13: 90 nop
14: 8d .byte 0x8d
15: 76 .byte 0x76
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241031/202410311530.3de6361b-lkp@xxxxxxxxx
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
