Hello,
kernel test robot noticed "BUG:unable_to_handle_page_fault_for_address" on:
commit: 54bd8ce1737414436322ddcda7634ad0a6f499a1 ("srcu: Make SRCU readers use ->srcu_ctrs for counter selection")
https://github.com/paulmckrcu/linux dev.2024.12.23a
in testcase: rcutorture
version:
with following parameters:
runtime: 300s
test: default
torture_type: srcu
config: i386-randconfig-014-20241227
compiler: gcc-11
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------+------------+------------+
| | 75e0a2b0b3 | 54bd8ce173 |
+---------------------------------------------+------------+------------+
| boot_successes | 12 | 0 |
| boot_failures | 0 | 12 |
| BUG:unable_to_handle_page_fault_for_address | 0 | 12 |
| Oops | 0 | 12 |
| EIP:__srcu_read_lock | 0 | 12 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 12 |
+---------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202412271357.91770b27-lkp@xxxxxxxxx
[ 155.064720][ T856] BUG: unable to handle page fault for address: 243f1000
[ 155.065336][ T856] #PF: supervisor write access in kernel mode
[ 155.066547][ T856] #PF: error_code(0x0002) - not-present page
[ 155.067393][ T856] *pde = 00000000
[ 155.068187][ T856] Oops: Oops: 0002 [#1] PREEMPT SMP
[ 155.069080][ T856] CPU: 1 UID: 0 PID: 856 Comm: rcu_torture_rea Not tainted 6.13.0-rc1-00069-g54bd8ce17374 #1
[ 155.071249][ T856] EIP: __srcu_read_lock (kernel/rcu/srcutree.c:749)
[ 155.072290][ T856] Code: d7 b1 00 85 f6 74 0c e8 48 5f 00 00 83 3b 00 74 02 0f 0b 58 5b 5e 5d c3 8b 00 f0 83 44 24 fc 00 83 c0 07 83 e0 fc c3 8b 50 04 <64> ff 02 f0 83 44 24 fc 00 2b 50 08 89 d0 c1 f8 03 c3 55 89 e5 56
All code
========
0: d7 xlat %ds:(%rbx)
1: b1 00 mov $0x0,%cl
3: 85 f6 test %esi,%esi
5: 74 0c je 0x13
7: e8 48 5f 00 00 call 0x5f54
c: 83 3b 00 cmpl $0x0,(%rbx)
f: 74 02 je 0x13
11: 0f 0b ud2
13: 58 pop %rax
14: 5b pop %rbx
15: 5e pop %rsi
16: 5d pop %rbp
17: c3 ret
18: 8b 00 mov (%rax),%eax
1a: f0 83 44 24 fc 00 lock addl $0x0,-0x4(%rsp)
20: 83 c0 07 add $0x7,%eax
23: 83 e0 fc and $0xfffffffc,%eax
26: c3 ret
27: 8b 50 04 mov 0x4(%rax),%edx
2a:* 64 ff 02 incl %fs:(%rdx) <-- trapping instruction
2d: f0 83 44 24 fc 00 lock addl $0x0,-0x4(%rsp)
33: 2b 50 08 sub 0x8(%rax),%edx
36: 89 d0 mov %edx,%eax
38: c1 f8 03 sar $0x3,%eax
3b: c3 ret
3c: 55 push %rbp
3d: 89 e5 mov %esp,%ebp
3f: 56 push %rsi
Code starting with the faulting instruction
===========================================
0: 64 ff 02 incl %fs:(%rdx)
3: f0 83 44 24 fc 00 lock addl $0x0,-0x4(%rsp)
9: 2b 50 08 sub 0x8(%rax),%edx
c: 89 d0 mov %edx,%eax
e: c1 f8 03 sar $0x3,%eax
11: c3 ret
12: 55 push %rbp
13: 89 e5 mov %esp,%ebp
15: 56 push %rsi
[ 155.076009][ T856] EAX: eec8a380 EBX: eec8a380 ECX: e707e540 EDX: 00000000
[ 155.077234][ T856] ESI: 00000000 EDI: 00000020 EBP: edf09c9c ESP: edf09c90
[ 155.078468][ T856] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010246
[ 155.079782][ T856] CR0: 80050033 CR2: 243f1000 CR3: 067be000 CR4: 00040690
[ 155.080734][ T856] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 155.081570][ T856] DR6: fffe0ff0 DR7: 00000400
[ 155.082104][ T856] Call Trace:
[ 155.082536][ T856] ? show_regs (arch/x86/kernel/dumpstack.c:479 arch/x86/kernel/dumpstack.c:465)
[ 155.083000][ T856] ? __die_body (arch/x86/kernel/dumpstack.c:421)
[ 155.083618][ T856] ? __die (arch/x86/kernel/dumpstack.c:435)
[ 155.084048][ T856] ? page_fault_oops (arch/x86/mm/fault.c:712)
[ 155.084673][ T856] ? kernelmode_fixup_or_oops+0x46/0x4e
[ 155.085443][ T856] ? __bad_area_nosemaphore+0x2b/0x1c9
[ 155.086263][ T856] ? bad_area_nosemaphore (arch/x86/mm/fault.c:835)
[ 155.086840][ T856] ? do_user_addr_fault (arch/x86/mm/fault.c:1280 (discriminator 1))
[ 155.087467][ T856] ? trace_irq_disable (include/trace/events/preemptirq.h:36 (discriminator 57))
[ 155.087967][ T856] ? exc_page_fault (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:87 arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539)
[ 155.088600][ T856] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 155.089309][ T856] ? handle_exception (arch/x86/entry/entry_32.S:1055)
[ 155.089950][ T856] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 155.090754][ T856] ? __srcu_read_lock (kernel/rcu/srcutree.c:749)
[ 155.091358][ T856] ? rcu_torture_writer_state_getname (kernel/rcu/rcutorture.c:287) rcutorture
[ 155.092202][ T856] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 155.092910][ T856] ? __srcu_read_lock (kernel/rcu/srcutree.c:749)
[ 155.093526][ T856] ? srcu_read_lock (include/linux/srcu.h:165 include/linux/srcu.h:257) rcutorture
[ 155.094198][ T856] srcu_torture_read_lock (kernel/rcu/rcutorture.c:693) rcutorture
[ 155.103773][ T856] rcutorture_one_extend+0x14c/0x38f rcutorture
[ 155.104728][ T856] rcu_torture_one_read (kernel/rcu/rcutorture.c:2163 (discriminator 3)) rcutorture
[ 155.105530][ T856] ? validate_chain (kernel/locking/lockdep.c:3819 kernel/locking/lockdep.c:3872)
[ 155.106112][ T856] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:269)
[ 155.106743][ T856] rcu_torture_reader (kernel/rcu/rcutorture.c:2286) rcutorture
[ 155.107520][ T856] ? rcu_torture_one_read (kernel/rcu/rcutorture.c:2248) rcutorture
[ 155.108331][ T856] kthread (kernel/kthread.c:391)
[ 155.108818][ T856] ? rcu_torture_read_exit_child (kernel/rcu/rcutorture.c:2269) rcutorture
[ 155.109677][ T856] ? list_del_init (include/linux/posix-timers.h:225)
[ 155.110238][ T856] ret_from_fork (arch/x86/kernel/process.c:153)
[ 155.110778][ T856] ? list_del_init (include/linux/posix-timers.h:225)
[ 155.111328][ T856] ret_from_fork_asm (arch/x86/entry/entry_32.S:737)
[ 155.111766][ T856] entry_INT80_32 (arch/x86/entry/entry_32.S:945)
[ 155.115711][ T856] Modules linked in: rcutorture(+) torture
[ 155.117176][ T856] CR2: 00000000243f1000
[ 155.118089][ T856] ---[ end trace 0000000000000000 ]---
[ 155.119343][ T856] EIP: __srcu_read_lock (kernel/rcu/srcutree.c:749)
[ 155.120400][ T856] Code: d7 b1 00 85 f6 74 0c e8 48 5f 00 00 83 3b 00 74 02 0f 0b 58 5b 5e 5d c3 8b 00 f0 83 44 24 fc 00 83 c0 07 83 e0 fc c3 8b 50 04 <64> ff 02 f0 83 44 24 fc 00 2b 50 08 89 d0 c1 f8 03 c3 55 89 e5 56
All code
========
0: d7 xlat %ds:(%rbx)
1: b1 00 mov $0x0,%cl
3: 85 f6 test %esi,%esi
5: 74 0c je 0x13
7: e8 48 5f 00 00 call 0x5f54
c: 83 3b 00 cmpl $0x0,(%rbx)
f: 74 02 je 0x13
11: 0f 0b ud2
13: 58 pop %rax
14: 5b pop %rbx
15: 5e pop %rsi
16: 5d pop %rbp
17: c3 ret
18: 8b 00 mov (%rax),%eax
1a: f0 83 44 24 fc 00 lock addl $0x0,-0x4(%rsp)
20: 83 c0 07 add $0x7,%eax
23: 83 e0 fc and $0xfffffffc,%eax
26: c3 ret
27: 8b 50 04 mov 0x4(%rax),%edx
2a:* 64 ff 02 incl %fs:(%rdx) <-- trapping instruction
2d: f0 83 44 24 fc 00 lock addl $0x0,-0x4(%rsp)
33: 2b 50 08 sub 0x8(%rax),%edx
36: 89 d0 mov %edx,%eax
38: c1 f8 03 sar $0x3,%eax
3b: c3 ret
3c: 55 push %rbp
3d: 89 e5 mov %esp,%ebp
3f: 56 push %rsi
Code starting with the faulting instruction
===========================================
0: 64 ff 02 incl %fs:(%rdx)
3: f0 83 44 24 fc 00 lock addl $0x0,-0x4(%rsp)
9: 2b 50 08 sub 0x8(%rax),%edx
c: 89 d0 mov %edx,%eax
e: c1 f8 03 sar $0x3,%eax
11: c3 ret
12: 55 push %rbp
13: 89 e5 mov %esp,%ebp
15: 56 push %rsi
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241227/202412271357.91770b27-lkp@xxxxxxxxx
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
