Re: [PATCH v8 10/12] blk-mq: use hk cpus only when isolcpus=io_queue is enabled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Hello,

kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:

commit: d918b4998cfeebf2116443c533f7e3e593658465 ("[PATCH v8 10/12] blk-mq: use hk cpus only when isolcpus=io_queue is enabled")
url: https://github.com/intel-lab-lkp/linux/commits/Daniel-Wagner/scsi-aacraid-use-block-layer-helpers-to-calculate-num-of-queues/20250905-230949
patch link: https://lore.kernel.org/all/20250905-isolcpus-io-queues-v8-10-885984c5daca@xxxxxxxxxx/
patch subject: [PATCH v8 10/12] blk-mq: use hk cpus only when isolcpus=io_queue is enabled

in testcase: rcutorture
version: 
with following parameters:

	runtime: 300s
	test: cpuhotplug
	torture_type: tasks-rude



config: i386-randconfig-017-20250909
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+---------------------------------------------+------------+------------+
|                                             | 0365b94791 | d918b4998c |
+---------------------------------------------+------------+------------+
| boot_successes                              | 12         | 0          |
| boot_failures                               | 0          | 15         |
| Mem-Info                                    | 0          | 15         |
| BUG:kernel_NULL_pointer_dereference,address | 0          | 15         |
| Oops                                        | 0          | 15         |
| EIP:__blk_mq_all_tag_iter                   | 0          | 15         |
| Kernel_panic-not_syncing:Fatal_exception    | 0          | 15         |
+---------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202509101342.a803ecaa-lkp@xxxxxxxxx


[  874.700557][   T21] BUG: kernel NULL pointer dereference, address: 00000004
[  874.701560][   T21] #PF: supervisor read access in kernel mode
[  874.702264][   T21] #PF: error_code(0x0000) - not-present page
[  874.702940][   T21] *pde = 00000000
[  874.703513][   T21] Oops: Oops: 0000 [#1] SMP
[  874.704091][   T21] CPU: 1 UID: 0 PID: 21 Comm: cpuhp/1 Tainted: G S                  6.17.0-rc4-00010-gd918b4998cfe #1 NONE
[  874.705003][   T21] Tainted: [S]=CPU_OUT_OF_SPEC
[  874.705657][   T21] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 874.706497][ T21] EIP: __blk_mq_all_tag_iter (block/blk-mq-tag.c:399) 
[ 874.707121][ T21] Code: c9 6a 00 e8 d8 4f 94 ff 83 c4 04 89 da 83 e2 01 74 02 0f 0b 8b 5d 08 b8 30 7c 33 45 31 c9 6a 00 e8 bb 4f 94 ff 89 d9 83 c4 04 <83> 7e 04 00 8b 5d 0c 74 2e 89 d8 83 c8 01 89 75 e4 89 7d e8 89 4d
All code
========
   0:	c9                   	leave
   1:	6a 00                	push   $0x0
   3:	e8 d8 4f 94 ff       	call   0xffffffffff944fe0
   8:	83 c4 04             	add    $0x4,%esp
   b:	89 da                	mov    %ebx,%edx
   d:	83 e2 01             	and    $0x1,%edx
  10:	74 02                	je     0x14
  12:	0f 0b                	ud2
  14:	8b 5d 08             	mov    0x8(%rbp),%ebx
  17:	b8 30 7c 33 45       	mov    $0x45337c30,%eax
  1c:	31 c9                	xor    %ecx,%ecx
  1e:	6a 00                	push   $0x0
  20:	e8 bb 4f 94 ff       	call   0xffffffffff944fe0
  25:	89 d9                	mov    %ebx,%ecx
  27:	83 c4 04             	add    $0x4,%esp
  2a:*	83 7e 04 00          	cmpl   $0x0,0x4(%rsi)		<-- trapping instruction
  2e:	8b 5d 0c             	mov    0xc(%rbp),%ebx
  31:	74 2e                	je     0x61
  33:	89 d8                	mov    %ebx,%eax
  35:	83 c8 01             	or     $0x1,%eax
  38:	89 75 e4             	mov    %esi,-0x1c(%rbp)
  3b:	89 7d e8             	mov    %edi,-0x18(%rbp)
  3e:	89                   	.byte 0x89
  3f:	4d                   	rex.WRB

Code starting with the faulting instruction
===========================================
   0:	83 7e 04 00          	cmpl   $0x0,0x4(%rsi)
   4:	8b 5d 0c             	mov    0xc(%rbp),%ebx
   7:	74 2e                	je     0x37
   9:	89 d8                	mov    %ebx,%eax
   b:	83 c8 01             	or     $0x1,%eax
   e:	89 75 e4             	mov    %esi,-0x1c(%rbp)
  11:	89 7d e8             	mov    %edi,-0x18(%rbp)
  14:	89                   	.byte 0x89
  15:	4d                   	rex.WRB
[  874.708716][   T21] EAX: 00000000 EBX: 4632deb8 ECX: 4632deb8 EDX: 00000000
[  874.709385][   T21] ESI: 00000000 EDI: 4192ace0 EBP: 4632de9c ESP: 4632de80
[  874.710046][   T21] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010212
[  874.710741][   T21] CR0: 80050033 CR2: 00000004 CR3: 158ad000 CR4: 00040690
[  874.711424][   T21] Call Trace:
[ 874.711911][ T21] ? blk_mq_all_tag_iter (block/blk-mq-tag.c:420) 
[ 874.712479][ T21] ? blk_mq_hctx_notify_offline (block/blk-mq.c:3736) 
[ 874.713083][ T21] ? blk_mq_hctx_notify_online (block/blk-mq.c:3713) 
[ 874.713672][ T21] ? cpuhp_invoke_callback (kernel/cpu.c:217) 
[ 874.714273][ T21] ? blk_mq_hctx_notify_online (block/blk-mq.c:3713) 
[ 874.714861][ T21] ? cpuhp_thread_fun (kernel/cpu.c:1105) 
[ 874.715433][ T21] ? smpboot_thread_fn (kernel/smpboot.c:?) 
[ 874.716005][ T21] ? kthread (kernel/kthread.c:465) 
[ 874.716528][ T21] ? smpboot_unregister_percpu_thread (kernel/smpboot.c:103) 
[ 874.717144][ T21] ? __do_trace_sched_kthread_stop_ret (kernel/kthread.c:412) 
[ 874.717763][ T21] ? __do_trace_sched_kthread_stop_ret (kernel/kthread.c:412) 
[ 874.718378][ T21] ? ret_from_fork (arch/x86/kernel/process.c:154) 
[ 874.718945][ T21] ? __do_trace_sched_kthread_stop_ret (kernel/kthread.c:412) 
[ 874.719574][ T21] ? ret_from_fork_asm (arch/x86/entry/entry_32.S:737) 
[ 874.720128][ T21] ? entry_INT80_32 (arch/x86/entry/entry_32.S:945) 
[  874.720667][   T21] Modules linked in: rcutorture torture
[  874.721260][   T21] CR2: 0000000000000004
[  874.721773][   T21] ---[ end trace 0000000000000000 ]---
[ 874.722424][ T21] EIP: __blk_mq_all_tag_iter (block/blk-mq-tag.c:399) 
[ 874.723094][ T21] Code: c9 6a 00 e8 d8 4f 94 ff 83 c4 04 89 da 83 e2 01 74 02 0f 0b 8b 5d 08 b8 30 7c 33 45 31 c9 6a 00 e8 bb 4f 94 ff 89 d9 83 c4 04 <83> 7e 04 00 8b 5d 0c 74 2e 89 d8 83 c8 01 89 75 e4 89 7d e8 89 4d
All code
========
   0:	c9                   	leave
   1:	6a 00                	push   $0x0
   3:	e8 d8 4f 94 ff       	call   0xffffffffff944fe0
   8:	83 c4 04             	add    $0x4,%esp
   b:	89 da                	mov    %ebx,%edx
   d:	83 e2 01             	and    $0x1,%edx
  10:	74 02                	je     0x14
  12:	0f 0b                	ud2
  14:	8b 5d 08             	mov    0x8(%rbp),%ebx
  17:	b8 30 7c 33 45       	mov    $0x45337c30,%eax
  1c:	31 c9                	xor    %ecx,%ecx
  1e:	6a 00                	push   $0x0
  20:	e8 bb 4f 94 ff       	call   0xffffffffff944fe0
  25:	89 d9                	mov    %ebx,%ecx
  27:	83 c4 04             	add    $0x4,%esp
  2a:*	83 7e 04 00          	cmpl   $0x0,0x4(%rsi)		<-- trapping instruction
  2e:	8b 5d 0c             	mov    0xc(%rbp),%ebx
  31:	74 2e                	je     0x61
  33:	89 d8                	mov    %ebx,%eax
  35:	83 c8 01             	or     $0x1,%eax
  38:	89 75 e4             	mov    %esi,-0x1c(%rbp)
  3b:	89 7d e8             	mov    %edi,-0x18(%rbp)
  3e:	89                   	.byte 0x89
  3f:	4d                   	rex.WRB

Code starting with the faulting instruction
===========================================
   0:	83 7e 04 00          	cmpl   $0x0,0x4(%rsi)
   4:	8b 5d 0c             	mov    0xc(%rbp),%ebx
   7:	74 2e                	je     0x37
   9:	89 d8                	mov    %ebx,%eax
   b:	83 c8 01             	or     $0x1,%eax
   e:	89 75 e4             	mov    %esi,-0x1c(%rbp)
  11:	89 7d e8             	mov    %edi,-0x18(%rbp)
  14:	89                   	.byte 0x89
  15:	4d                   	rex.WRB


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250910/202509101342.a803ecaa-lkp@xxxxxxxxx



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
[Index of Archives]     [KVM Development]     [Libvirt Development]     [Libvirt Users]     [CentOS Virtualization]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux