2022-05-16 07:09:05

by Naresh Kamboju

[permalink] [raw]
Subject: BUG: kernel NULL pointer dereference, address: 00000004 - mas_update_gap

While running LTP sched tests on i386 the following kernel BUG noticed on
Linux next-20220513 [1].

Running with 50*40 (== 2000) tasks.
Time: 7.618
Running with 20*40 (== 800) tasks.
[ 75.590440] BUG: kernel NULL pointer dereference, address: 00000004
[ 75.596710] #PF: supervisor read access in kernel mode
[ 75.601842] #PF: error_code(0x0000) - not-present page
[ 75.606979] *pde = 00000000
[ 75.609858] Oops: 0000 [#1] PREEMPT SMP
[ 75.613697] CPU: 1 PID: 2694 Comm: hackbench Not tainted
5.18.0-rc6-next-20220513 #1
[ 75.621427] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS
2.0b 07/27/2017
[ 75.628898] EIP: mas_update_gap+0xa9/0x290
[ 75.632996] Code: 02 89 4d e8 0f 84 ef 01 00 00 89 d6 8b 4d ec 8b
55 f0 81 e6 00 ff ff ff 89 75 e0 21 d1 31 d2 83 f9 06 75 06 8d 96 a8
00 00 00 <3b> 3c 82 0f 84 73 ff ff ff 83 7d e8 01 8b 4d f0 19 d2 83 e2
fc 83
[ 75.651735] EAX: 00000001 EBX: e507fd2c ECX: 00000086 EDX: 00000000
[ 75.657992] ESI: c6030500 EDI: 40152000 EBP: e507f8ec ESP: e507f8cc
[ 75.664248] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010202
[ 75.671024] CR0: 80050033 CR2: 00000004 CR3: 25e5f000 CR4: 003506d0
[ 75.677283] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 75.683541] DR6: fffe0ff0 DR7: 00000400
[ 75.687372] Call Trace:
[ 75.689817] mas_wr_modify+0x193/0x1c20
[ 75.693665] mas_wr_store_entry.isra.0+0x187/0x4d0
[ 75.698465] mas_store_prealloc+0x44/0xe0
[ 75.702477] vma_mas_store+0x2f/0x80
[ 75.706057] __vma_adjust+0x334/0x8e0
[ 75.709724] __split_vma+0x148/0x160
[ 75.713303] do_mas_align_munmap.constprop.0+0xd3/0x3f0
[ 75.718529] ? find_idlest_group+0xdb/0x7f0
[ 75.722714] do_mas_munmap+0x7d/0xb0
[ 75.726294] mmap_region+0x11e/0x6b0
[ 75.729875] ? selinux_msg_queue_msgctl+0xc0/0xc0
[ 75.734579] ? security_mmap_addr+0x2a/0x40
[ 75.738765] ? get_unmapped_area+0x74/0xe0
[ 75.742864] do_mmap+0x3f8/0x500
[ 75.746096] ? file_map_prot_check+0x190/0x190
[ 75.750532] vm_mmap_pgoff+0xc6/0x160
[ 75.754192] ksys_mmap_pgoff+0x50/0x200
[ 75.758032] __ia32_sys_mmap_pgoff+0x2f/0x40
[ 75.762302] __do_fast_syscall_32+0x4c/0xc0
[ 75.766478] do_fast_syscall_32+0x32/0x70
[ 75.770482] do_SYSENTER_32+0x15/0x20
[ 75.774141] entry_SYSENTER_32+0x98/0xf1
[ 75.778068] EIP: 0xb7fcf549
[ 75.780868] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01
10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f
34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90
8d 76
[ 75.799613] EAX: ffffffda EBX: 00000000 ECX: 00005000 EDX: 00000000
[ 75.805878] ESI: 00020022 EDI: ffffffff EBP: 00000000 ESP: bfeab8ec
[ 75.812134] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246
[ 75.818915] Modules linked in: x86_pkg_temp_thermal
[ 75.823792] CR2: 0000000000000004
[ 75.827104] ---[ end trace 0000000000000000 ]---
[ 75.827105] EIP: mas_update_gap+0xa9/0x290
[ 75.827107] Code: 02 89 4d e8 0f 84 ef 01 00 00 89 d6 8b 4d ec 8b
55 f0 81 e6 00 ff ff ff 89 75 e0 21 d1 31 d2 83 f9 06 75 06 8d 96 a8
00 00 00 <3b> 3c 82 0f 84 73 ff ff ff 83 7d e8 01 8b 4d f0 19 d2 83 e2
fc 83
[ 75.827108] EAX: 00000001 EBX: e507fd2c ECX: 00000086 EDX: 00000000
[ 75.827109] ESI: c6030500 EDI: 40152000 EBP: e507f8ec ESP: e507f8cc
[ 75.827110] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010202
[ 75.827111] CR0: 80050033 CR2: 00000004 CR3: 25e5f000 CR4: 003506d0
[ 75.827111] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 75.827112] DR6: fffe0ff0 DR7: 00000400

Reported-by: Linux Kernel Functional Testing <[email protected]>

metadata:
git_ref: master
git_repo: ''
git_sha: 1e1b28b936aed946122b4e0991e7144fdbbfd77e
git_describe: next-20220513
kernel_version: 5.18.0-rc6
kernel-config: https://builds.tuxbuild.com/296PiI1oM7N6Vk7m9lxuipmXW7B/config
build-url: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next/-/pipelines/538244935
artifact-location: https://builds.tuxbuild.com/296PiI1oM7N6Vk7m9lxuipmXW7B
toolchain: gcc-11

--
Linaro LKFT
https://lkft.linaro.org

[1] https://lkft.validation.linaro.org/scheduler/job/5021335#L1718


2022-05-17 20:25:43

by Liam R. Howlett

[permalink] [raw]
Subject: Re: BUG: kernel NULL pointer dereference, address: 00000004 - mas_update_gap

* Naresh Kamboju <[email protected]> [220516 02:35]:
> While running LTP sched tests on i386 the following kernel BUG noticed on
> Linux next-20220513 [1].
>
...

> Reported-by: Linux Kernel Functional Testing <[email protected]>
>
> metadata:
> git_ref: master
> git_repo: ''
> git_sha: 1e1b28b936aed946122b4e0991e7144fdbbfd77e
> git_describe: next-20220513
> kernel_version: 5.18.0-rc6
> kernel-config: https://builds.tuxbuild.com/296PiI1oM7N6Vk7m9lxuipmXW7B/config
> build-url: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next/-/pipelines/538244935
> artifact-location: https://builds.tuxbuild.com/296PiI1oM7N6Vk7m9lxuipmXW7B
> toolchain: gcc-11
>
> --
> Linaro LKFT
> https://lkft.linaro.org
>
> [1] https://lkft.validation.linaro.org/scheduler/job/5021335#L1718


I was able to reproduce this issue with ltp running:
"./runltp -p -q -f sched"

I have sent a fix out [1] that allows the test to execute on i386 qemu.

Thanks,
Liam

1. https://lore.kernel.org/linux-mm/[email protected]/