Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: d918b4998cfeebf2116443c533f7e3e593658465 ("[PATCH v8 10/12] blk-mq: use
hk cpus only when isolcpus=io_queue is enabled")
url:
https://github.com/intel-lab-lkp/linux/commits/Daniel-Wagner/scsi-aacraid-use-block-layer-helpers-to-calculate-num-of-queues/20250905-230949
patch link:
https://lore.kernel.org/all/[email protected]/
patch subject: [PATCH v8 10/12] blk-mq: use hk cpus only when isolcpus=io_queue
is enabled
in testcase: rcutorture
version:
with following parameters:
runtime: 300s
test: cpuhotplug
torture_type: tasks-rude
config: i386-randconfig-017-20250909
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------+------------+------------+
| | 0365b94791 | d918b4998c |
+---------------------------------------------+------------+------------+
| boot_successes | 12 | 0 |
| boot_failures | 0 | 15 |
| Mem-Info | 0 | 15 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 15 |
| Oops | 0 | 15 |
| EIP:__blk_mq_all_tag_iter | 0 | 15 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 15 |
+---------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <[email protected]>
| Closes: https://lore.kernel.org/oe-lkp/[email protected]
[ 874.700557][ T21] BUG: kernel NULL pointer dereference, address: 00000004
[ 874.701560][ T21] #PF: supervisor read access in kernel mode
[ 874.702264][ T21] #PF: error_code(0x0000) - not-present page
[ 874.702940][ T21] *pde = 00000000
[ 874.703513][ T21] Oops: Oops: 0000 [#1] SMP
[ 874.704091][ T21] CPU: 1 UID: 0 PID: 21 Comm: cpuhp/1 Tainted: G S
6.17.0-rc4-00010-gd918b4998cfe #1 NONE
[ 874.705003][ T21] Tainted: [S]=CPU_OUT_OF_SPEC
[ 874.705657][ T21] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 874.706497][ T21] EIP: __blk_mq_all_tag_iter (block/blk-mq-tag.c:399)
[ 874.707121][ T21] Code: c9 6a 00 e8 d8 4f 94 ff 83 c4 04 89 da 83 e2 01 74 02
0f 0b 8b 5d 08 b8 30 7c 33 45 31 c9 6a 00 e8 bb 4f 94 ff 89 d9 83 c4 04 <83> 7e
04 00 8b 5d 0c 74 2e 89 d8 83 c8 01 89 75 e4 89 7d e8 89 4d
All code
========
0: c9 leave
1: 6a 00 push $0x0
3: e8 d8 4f 94 ff call 0xffffffffff944fe0
8: 83 c4 04 add $0x4,%esp
b: 89 da mov %ebx,%edx
d: 83 e2 01 and $0x1,%edx
10: 74 02 je 0x14
12: 0f 0b ud2
14: 8b 5d 08 mov 0x8(%rbp),%ebx
17: b8 30 7c 33 45 mov $0x45337c30,%eax
1c: 31 c9 xor %ecx,%ecx
1e: 6a 00 push $0x0
20: e8 bb 4f 94 ff call 0xffffffffff944fe0
25: 89 d9 mov %ebx,%ecx
27: 83 c4 04 add $0x4,%esp
2a:* 83 7e 04 00 cmpl $0x0,0x4(%rsi) <-- trapping
instruction
2e: 8b 5d 0c mov 0xc(%rbp),%ebx
31: 74 2e je 0x61
33: 89 d8 mov %ebx,%eax
35: 83 c8 01 or $0x1,%eax
38: 89 75 e4 mov %esi,-0x1c(%rbp)
3b: 89 7d e8 mov %edi,-0x18(%rbp)
3e: 89 .byte 0x89
3f: 4d rex.WRB
Code starting with the faulting instruction
===========================================
0: 83 7e 04 00 cmpl $0x0,0x4(%rsi)
4: 8b 5d 0c mov 0xc(%rbp),%ebx
7: 74 2e je 0x37
9: 89 d8 mov %ebx,%eax
b: 83 c8 01 or $0x1,%eax
e: 89 75 e4 mov %esi,-0x1c(%rbp)
11: 89 7d e8 mov %edi,-0x18(%rbp)
14: 89 .byte 0x89
15: 4d rex.WRB
[ 874.708716][ T21] EAX: 00000000 EBX: 4632deb8 ECX: 4632deb8 EDX: 00000000
[ 874.709385][ T21] ESI: 00000000 EDI: 4192ace0 EBP: 4632de9c ESP: 4632de80
[ 874.710046][ T21] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS:
00010212
[ 874.710741][ T21] CR0: 80050033 CR2: 00000004 CR3: 158ad000 CR4: 00040690
[ 874.711424][ T21] Call Trace:
[ 874.711911][ T21] ? blk_mq_all_tag_iter (block/blk-mq-tag.c:420)
[ 874.712479][ T21] ? blk_mq_hctx_notify_offline (block/blk-mq.c:3736)
[ 874.713083][ T21] ? blk_mq_hctx_notify_online (block/blk-mq.c:3713)
[ 874.713672][ T21] ? cpuhp_invoke_callback (kernel/cpu.c:217)
[ 874.714273][ T21] ? blk_mq_hctx_notify_online (block/blk-mq.c:3713)
[ 874.714861][ T21] ? cpuhp_thread_fun (kernel/cpu.c:1105)
[ 874.715433][ T21] ? smpboot_thread_fn (kernel/smpboot.c:?)
[ 874.716005][ T21] ? kthread (kernel/kthread.c:465)
[ 874.716528][ T21] ? smpboot_unregister_percpu_thread (kernel/smpboot.c:103)
[ 874.717144][ T21] ? __do_trace_sched_kthread_stop_ret (kernel/kthread.c:412)
[ 874.717763][ T21] ? __do_trace_sched_kthread_stop_ret (kernel/kthread.c:412)
[ 874.718378][ T21] ? ret_from_fork (arch/x86/kernel/process.c:154)
[ 874.718945][ T21] ? __do_trace_sched_kthread_stop_ret (kernel/kthread.c:412)
[ 874.719574][ T21] ? ret_from_fork_asm (arch/x86/entry/entry_32.S:737)
[ 874.720128][ T21] ? entry_INT80_32 (arch/x86/entry/entry_32.S:945)
[ 874.720667][ T21] Modules linked in: rcutorture torture
[ 874.721260][ T21] CR2: 0000000000000004
[ 874.721773][ T21] ---[ end trace 0000000000000000 ]---
[ 874.722424][ T21] EIP: __blk_mq_all_tag_iter (block/blk-mq-tag.c:399)
[ 874.723094][ T21] Code: c9 6a 00 e8 d8 4f 94 ff 83 c4 04 89 da 83 e2 01 74 02
0f 0b 8b 5d 08 b8 30 7c 33 45 31 c9 6a 00 e8 bb 4f 94 ff 89 d9 83 c4 04 <83> 7e
04 00 8b 5d 0c 74 2e 89 d8 83 c8 01 89 75 e4 89 7d e8 89 4d
All code
========
0: c9 leave
1: 6a 00 push $0x0
3: e8 d8 4f 94 ff call 0xffffffffff944fe0
8: 83 c4 04 add $0x4,%esp
b: 89 da mov %ebx,%edx
d: 83 e2 01 and $0x1,%edx
10: 74 02 je 0x14
12: 0f 0b ud2
14: 8b 5d 08 mov 0x8(%rbp),%ebx
17: b8 30 7c 33 45 mov $0x45337c30,%eax
1c: 31 c9 xor %ecx,%ecx
1e: 6a 00 push $0x0
20: e8 bb 4f 94 ff call 0xffffffffff944fe0
25: 89 d9 mov %ebx,%ecx
27: 83 c4 04 add $0x4,%esp
2a:* 83 7e 04 00 cmpl $0x0,0x4(%rsi) <-- trapping
instruction
2e: 8b 5d 0c mov 0xc(%rbp),%ebx
31: 74 2e je 0x61
33: 89 d8 mov %ebx,%eax
35: 83 c8 01 or $0x1,%eax
38: 89 75 e4 mov %esi,-0x1c(%rbp)
3b: 89 7d e8 mov %edi,-0x18(%rbp)
3e: 89 .byte 0x89
3f: 4d rex.WRB
Code starting with the faulting instruction
===========================================
0: 83 7e 04 00 cmpl $0x0,0x4(%rsi)
4: 8b 5d 0c mov 0xc(%rbp),%ebx
7: 74 2e je 0x37
9: 89 d8 mov %ebx,%eax
b: 83 c8 01 or $0x1,%eax
e: 89 75 e4 mov %esi,-0x1c(%rbp)
11: 89 7d e8 mov %edi,-0x18(%rbp)
14: 89 .byte 0x89
15: 4d rex.WRB
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250910/[email protected]
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
