Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: 9c2540f95729727e3df2fba6df1502f9dace872c ("null_blk: poll queue support")
https://git.kernel.org/cgit/linux/kernel/git/axboe/linux-block.git for-5.13/drivers-post-merge
in testcase: blktests
version: blktests-x86_64-a210761-1_20210124
with following parameters:
disk: 1HDD
test: block-010
ucode: 0xe2
on test machine: 4 threads Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz with 32G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <[email protected]>
[ 73.942961] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 73.949928] #PF: supervisor read access in kernel mode
[ 73.955065] #PF: error_code(0x0000) - not-present page
[ 73.960203] PGD 0 P4D 0
[ 73.962736] Oops: 0000 [#1] SMP PTI
[ 73.966226] CPU: 0 PID: 1147 Comm: modprobe Tainted: G I 5.12.0-rc8-00136-g9c2540f95729 #4
[ 73.975794] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.1.1 10/07/2015
[ 73.983189] RIP: 0010:null_map_queues (kbuild/src/x86_64/drivers/block/null_blk/main.c:1482) null_blk
[ 73.988680] Code: 01 74 45 83 fb 02 74 31 85 db 74 1e 44 89 6f 0c 44 03 6f 08 e8 1d 3d b8 c0 83 c3 01 39 5d 30 77 d3 5b 31 c0 5d 41 5c 41 5d c3 <49> 8b 04 24 8b 80 2c 01 00 00 89 45 08 eb d3 49 8b 04 24 8b 80 30
All code
========
0: 01 74 45 83 add %esi,-0x7d(%rbp,%rax,2)
4: fb sti
5: 02 74 31 85 add -0x7b(%rcx,%rsi,1),%dh
9: db 74 1e 44 (bad) 0x44(%rsi,%rbx,1)
d: 89 6f 0c mov %ebp,0xc(%rdi)
10: 44 03 6f 08 add 0x8(%rdi),%r13d
14: e8 1d 3d b8 c0 callq 0xffffffffc0b83d36
19: 83 c3 01 add $0x1,%ebx
1c: 39 5d 30 cmp %ebx,0x30(%rbp)
1f: 77 d3 ja 0xfffffffffffffff4
21: 5b pop %rbx
22: 31 c0 xor %eax,%eax
24: 5d pop %rbp
25: 41 5c pop %r12
27: 41 5d pop %r13
29: c3 retq
2a:* 49 8b 04 24 mov (%r12),%rax <-- trapping instruction
2e: 8b 80 2c 01 00 00 mov 0x12c(%rax),%eax
34: 89 45 08 mov %eax,0x8(%rbp)
37: eb d3 jmp 0xc
39: 49 8b 04 24 mov (%r12),%rax
3d: 8b .byte 0x8b
3e: 80 .byte 0x80
3f: 30 .byte 0x30
Code starting with the faulting instruction
===========================================
0: 49 8b 04 24 mov (%r12),%rax
4: 8b 80 2c 01 00 00 mov 0x12c(%rax),%eax
a: 89 45 08 mov %eax,0x8(%rbp)
d: eb d3 jmp 0xffffffffffffffe2
f: 49 8b 04 24 mov (%r12),%rax
13: 8b .byte 0x8b
14: 80 .byte 0x80
15: 30 .byte 0x30
[ 74.007464] RSP: 0018:ffffc900004e7c60 EFLAGS: 00010246
[ 74.012701] RAX: 0000000000000003 RBX: 0000000000000000 RCX: 0000000000000004
[ 74.019837] RDX: ffffffffc09ff140 RSI: 0000000000000000 RDI: ffffffffc0a055a0
[ 74.026974] RBP: ffffffffc0a055a0 R08: 0000000000000000 R09: 0000000000000003
[ 74.034120] R10: 0000000000000000 R11: 0000000000000009 R12: 0000000000000000
[ 74.041268] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 74.048438] FS: 00007ff3bd903480(0000) GS:ffff888871c00000(0000) knlGS:0000000000000000
[ 74.056545] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 74.062289] CR2: 0000000000000000 CR3: 0000000864034001 CR4: 00000000003706f0
[ 74.069429] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 74.076589] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 74.083723] Call Trace:
[ 74.086170] blk_mq_alloc_tag_set (kbuild/src/x86_64/block/blk-mq.c:3464)
[ 74.090527] ? 0xffffffffc06e2000
[ 74.093839] null_init (kbuild/src/x86_64/drivers/block/null_blk/main.c:878) null_blk
[ 74.098285] ? 0xffffffffc06e2000
[ 74.101604] do_one_initcall (kbuild/src/x86_64/init/main.c:1226)
[ 74.105441] ? __cond_resched (kbuild/src/x86_64/kernel/sched/core.c:6988)
[ 74.109279] ? kmem_cache_alloc_trace (kbuild/src/x86_64/mm/slab.h:499 kbuild/src/x86_64/mm/slub.c:2826 kbuild/src/x86_64/mm/slub.c:2915 kbuild/src/x86_64/mm/slub.c:2932)
[ 74.113898] do_init_module (kbuild/src/x86_64/kernel/module.c:3655)
[ 74.117658] load_module (kbuild/src/x86_64/kernel/module.c:4050)
[ 74.121406] ? kernel_read_file (kbuild/src/x86_64/fs/kernel_read_file.c:110)
[ 74.125605] ? __do_sys_finit_module (kbuild/src/x86_64/kernel/module.c:4140)
[ 74.130133] __do_sys_finit_module (kbuild/src/x86_64/kernel/module.c:4140)
[ 74.134491] do_syscall_64 (kbuild/src/x86_64/arch/x86/entry/common.c:46)
[ 74.138065] entry_SYSCALL_64_after_hwframe (kbuild/src/x86_64/arch/x86/entry/entry_64.S:112)
[ 74.143117] RIP: 0033:0x7ff3bda1df59
[ 74.146692] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 07 6f 0c 00 f7 d8 64 89 01 48
All code
========
0: 00 c3 add %al,%bl
2: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1)
9: 00 00 00
c: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
11: 48 89 f8 mov %rdi,%rax
14: 48 89 f7 mov %rsi,%rdi
17: 48 89 d6 mov %rdx,%rsi
1a: 48 89 ca mov %rcx,%rdx
1d: 4d 89 c2 mov %r8,%r10
20: 4d 89 c8 mov %r9,%r8
23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 retq
33: 48 8b 0d 07 6f 0c 00 mov 0xc6f07(%rip),%rcx # 0xc6f41
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 retq
9: 48 8b 0d 07 6f 0c 00 mov 0xc6f07(%rip),%rcx # 0xc6f17
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
[ 74.165461] RSP: 002b:00007ffdcaa3be58 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 74.173030] RAX: ffffffffffffffda RBX: 00005617bbaedea0 RCX: 00007ff3bda1df59
[ 74.180165] RDX: 0000000000000000 RSI: 00005617bbaee080 RDI: 0000000000000004
[ 74.187300] RBP: 00005617bbaee080 R08: 0000000000000000 R09: 00005617bbaedea0
[ 74.194434] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000
[ 74.201568] R13: 00005617bbaeddc0 R14: 0000000000040000 R15: 00005617bbaedea0
[ 74.208703] Modules linked in: null_blk(+) loop xfs libcrc32c dm_multipath dm_mod ipmi_devintf ipmi_msghandler sd_mod t10_pi sg intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp coretemp i915 kvm_intel intel_gtt kvm drm_kms_helper ahci irqbypass libahci crct10dif_pclmul crc32_pclmul syscopyarea mei_wdt sysfillrect crc32c_intel ghash_clmulni_intel sysimgblt wmi_bmof rapl fb_sys_fops intel_cstate libata intel_uncore drm mei_me mei intel_pch_thermal wmi video acpi_pad intel_pmc_core ip_tables [last unloaded: null_blk]
[ 74.256154] CR2: 0000000000000000
[ 74.259468] ---[ end trace cbe508e2b0299d01 ]---
[ 74.264086] RIP: 0010:null_map_queues (kbuild/src/x86_64/drivers/block/null_blk/main.c:1482) null_blk
[ 74.269586] Code: 01 74 45 83 fb 02 74 31 85 db 74 1e 44 89 6f 0c 44 03 6f 08 e8 1d 3d b8 c0 83 c3 01 39 5d 30 77 d3 5b 31 c0 5d 41 5c 41 5d c3 <49> 8b 04 24 8b 80 2c 01 00 00 89 45 08 eb d3 49 8b 04 24 8b 80 30
All code
========
0: 01 74 45 83 add %esi,-0x7d(%rbp,%rax,2)
4: fb sti
5: 02 74 31 85 add -0x7b(%rcx,%rsi,1),%dh
9: db 74 1e 44 (bad) 0x44(%rsi,%rbx,1)
d: 89 6f 0c mov %ebp,0xc(%rdi)
10: 44 03 6f 08 add 0x8(%rdi),%r13d
14: e8 1d 3d b8 c0 callq 0xffffffffc0b83d36
19: 83 c3 01 add $0x1,%ebx
1c: 39 5d 30 cmp %ebx,0x30(%rbp)
1f: 77 d3 ja 0xfffffffffffffff4
21: 5b pop %rbx
22: 31 c0 xor %eax,%eax
24: 5d pop %rbp
25: 41 5c pop %r12
27: 41 5d pop %r13
29: c3 retq
2a:* 49 8b 04 24 mov (%r12),%rax <-- trapping instruction
2e: 8b 80 2c 01 00 00 mov 0x12c(%rax),%eax
34: 89 45 08 mov %eax,0x8(%rbp)
37: eb d3 jmp 0xc
39: 49 8b 04 24 mov (%r12),%rax
3d: 8b .byte 0x8b
3e: 80 .byte 0x80
3f: 30 .byte 0x30
Code starting with the faulting instruction
===========================================
0: 49 8b 04 24 mov (%r12),%rax
4: 8b 80 2c 01 00 00 mov 0x12c(%rax),%eax
a: 89 45 08 mov %eax,0x8(%rbp)
d: eb d3 jmp 0xffffffffffffffe2
f: 49 8b 04 24 mov (%r12),%rax
13: 8b .byte 0x8b
14: 80 .byte 0x80
15: 30 .byte 0x30
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
bin/lkp run generated-yaml-file
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/[email protected] Intel Corporation
Thanks,
Oliver Sang