Hello,
kernel test robot noticed "BUG:KASAN:null-ptr-deref_in_handle_pmi_common" on:
commit: b16c01fbc96460a72789c04e0e2a8f8437eab05b ("[PATCH v2 5/5] perf: Record
sample last_period before updating")
url:
https://github.com/intel-lab-lkp/linux/commits/mark-barnett-arm-com/perf-Allow-periodic-events-to-alternate-between-two-sample-periods/20250106-203820
base: https://git.kernel.org/cgit/linux/kernel/git/perf/perf-tools-next.git
perf-tools-next
patch link:
https://lore.kernel.org/all/20250106120156.227273-6-mark.barn...@arm.com/
patch subject: [PATCH v2 5/5] perf: Record sample last_period before updating
in testcase: kernel-selftests-bpf
version:
with following parameters:
group: bpf
config: x86_64-rhel-9.4-bpf
compiler: gcc-12
test machine: 8 threads 1 sockets Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz (Kaby
Lake) with 32G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.s...@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202501221114.c06f7c72-...@intel.com
[ 1693.204121][ C3]
==================================================================
[ 1693.204127][ C3] BUG: KASAN: null-ptr-deref in
handle_pmi_common+0x218/0x630
[ 1693.204138][ C3] Read of size 8 at addr 0000000000000200 by task
(udev-worker)/62767
[ 1693.204143][ C3]
[ 1693.204146][ C3] CPU: 3 UID: 0 PID: 62767 Comm: (udev-worker) Tainted: G
S OE 6.13.0-rc2-00267-gb16c01fbc964 #1
[ 1693.204156][ C3] Tainted: [S]=CPU_OUT_OF_SPEC, [O]=OOT_MODULE,
[E]=UNSIGNED_MODULE
[ 1693.204159][ C3] Hardware name: Dell Inc. OptiPlex 7050/062KRH, BIOS
1.2.0 12/22/2016
[ 1693.204163][ C3] Call Trace:
[ 1693.204166][ C3] <NMI>
[ 1693.204169][ C3] dump_stack_lvl+0x62/0x90
[ 1693.204178][ C3] kasan_report+0xb9/0xf0
[ 1693.204189][ C3] ? handle_pmi_common+0x218/0x630
[ 1693.204202][ C3] handle_pmi_common+0x218/0x630
[ 1693.204216][ C3] ? __pfx_handle_pmi_common+0x10/0x10
[ 1693.204239][ C3] ? rcu_is_watching+0x1c/0x50
[ 1693.204245][ C3] ? trace_lock_acquire+0x118/0x150
[ 1693.204255][ C3] ? intel_bts_interrupt+0xcc/0x270
[ 1693.204264][ C3] ? __pfx_intel_bts_interrupt+0x10/0x10
[ 1693.204279][ C3] intel_pmu_handle_irq+0x152/0x320
[ 1693.204290][ C3] perf_event_nmi_handler+0x37/0x60
[ 1693.204299][ C3] nmi_handle+0xb2/0x240
[ 1693.204311][ C3] default_do_nmi+0x45/0x110
[ 1693.204321][ C3] exc_nmi+0x100/0x190
[ 1693.204329][ C3] end_repeat_nmi+0xf/0x53
[ 1693.204335][ C3] RIP: 0010:kasan_check_range+0x38/0x1b0
[ 1693.204344][ C3] Code: 44 0f b6 c2 48 01 f0 55 53 0f 82 d7 00 00 00 eb 0f
cc cc cc 48 b8 00 00 00 00 00 00 00 ff eb 0a 48 b8 00 00 00 00 00 80 ff ff <48>
39 c7 0f 82 b3 00 00 00 4c 8d 54 37 ff 48 89 fd 48 b8 00 00 00
[ 1693.204349][ C3] RSP: 0018:ffff8882c850f9b8 EFLAGS: 00000086
[ 1693.204355][ C3] RAX: ffff800000000000 RBX: 000000000000001b RCX:
ffffffff812458aa
[ 1693.204359][ C3] RDX: 0000000000000000 RSI: 0000000000000008 RDI:
ffffffff86ee1140
[ 1693.204363][ C3] RBP: 0000000000000009 R08: 0000000000000000 R09:
fffffbfff0ddc234
[ 1693.204367][ C3] R10: ffffffff86ee11a7 R11: 0000000000000000 R12:
ffff888107450f08
[ 1693.204371][ C3] R13: 0000000000000200 R14: ffff888107450000 R15:
ffff888107450f28
[ 1693.204381][ C3] ? mark_lock+0x6a/0x530
[ 1693.204393][ C3] ? kasan_check_range+0x38/0x1b0
[ 1693.204403][ C3] ? kasan_check_range+0x38/0x1b0
[ 1693.204413][ C3] </NMI>
[ 1693.204415][ C3] <TASK>
[ 1693.204419][ C3] mark_lock+0x6a/0x530
[ 1693.204430][ C3] mark_usage+0xbb/0x1a0
[ 1693.204439][ C3] __lock_acquire+0x50e/0xf90
[ 1693.204451][ C3] ? rcu_is_watching+0x1c/0x50
[ 1693.204459][ C3] lock_acquire+0x123/0x2e0
[ 1693.204468][ C3] ? bpf_trace_run2+0x115/0x310
[ 1693.204479][ C3] ? __pfx_lock_acquire+0x10/0x10
[ 1693.204491][ C3] ? lock_acquire+0x123/0x2e0
[ 1693.204499][ C3] ? __might_fault+0x74/0xc0
[ 1693.204509][ C3] ? find_held_lock+0x83/0xa0
[ 1693.204519][ C3] bpf_trace_run2+0x129/0x310
[ 1693.204526][ C3] ? bpf_trace_run2+0x115/0x310
[ 1693.204534][ C3] ? __pfx_bpf_trace_run2+0x10/0x10
[ 1693.204541][ C3] ? lock_is_held_type+0x9a/0x110
[ 1693.204551][ C3] ? __might_fault+0x74/0xc0
[ 1693.204562][ C3] __bpf_trace_sys_enter+0x33/0x60
[ 1693.204570][ C3] syscall_trace_enter+0x1b8/0x260
[ 1693.204579][ C3] do_syscall_64+0x139/0x170
[ 1693.204585][ C3] ? __pfx___lock_release+0x10/0x10
[ 1693.204600][ C3] ? __might_fault+0x74/0xc0
[ 1693.204609][ C3] ? rcu_is_watching+0x1c/0x50
[ 1693.204615][ C3] ? trace_rseq_update+0xb9/0xf0
[ 1693.204624][ C3] ? __rseq_handle_notify_resume+0x321/0x3a0
[ 1693.204632][ C3] ? do_epoll_wait+0xd1/0xf0
[ 1693.204642][ C3] ? __pfx___rseq_handle_notify_resume+0x10/0x10
[ 1693.204652][ C3] ? __might_fault+0x74/0xc0
[ 1693.204661][ C3] ? rcu_is_watching+0x1c/0x50
[ 1693.204667][ C3] ? mark_held_locks+0x24/0x90
[ 1693.204677][ C3] ? lockdep_hardirqs_on_prepare+0x131/0x200
[ 1693.204687][ C3] ? syscall_exit_to_user_mode+0xa2/0x2a0
[ 1693.204694][ C3] ? do_syscall_64+0x98/0x170
[ 1693.204699][ C3] ? mark_held_locks+0x24/0x90
[ 1693.204709][ C3] ? lockdep_hardirqs_on_prepare+0x131/0x200
[ 1693.204718][ C3] ? syscall_exit_to_user_mode+0xa2/0x2a0
[ 1693.204723][ C3] ? do_syscall_64+0x98/0x170
[ 1693.204726][ C3] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1693.204731][ C3] RIP: 0033:0x7fcc237cb899
[ 1693.204734][ C3] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00
80 3d 51 fd 0c 00 00 41 89 ca 74 1c 45 31 c9 45 31 c0 b8 2d 00 00 00 0f 05 <48>
3d 00 f0 ff ff 77 67 c3 66 0f 1f 44 00 00 55 48 83 ec 20 48 89
[ 1693.204737][ C3] RSP: 002b:00007ffeb82d1788 EFLAGS: 00000246 ORIG_RAX:
000000000000002d
[ 1693.204741][ C3] RAX: ffffffffffffffda RBX: 000000000000001d RCX:
00007fcc237cb899
[ 1693.204743][ C3] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
000000000000001d
[ 1693.204745][ C3] RBP: 00007ffeb82d1970 R08: 0000000000000000 R09:
0000000000000000
[ 1693.204747][ C3] R10: 0000000000000022 R11: 0000000000000246 R12:
00007ffeb82d1980
[ 1693.204749][ C3] R13: 00007ffeb82d19c8 R14: 000055d5d68d8a50 R15:
0000000000000000
[ 1693.204755][ C3] </TASK>
[ 1693.204757][ C3]
==================================================================
[ 1693.204758][ C3] Disabling lock debugging due to kernel taint
[ 1693.204761][ C3] BUG: kernel NULL pointer dereference, address:
0000000000000200
[ 1693.204762][ C3] #PF: supervisor read access in kernel mode
[ 1693.204764][ C3] #PF: error_code(0x0000) - not-present page
[ 1693.204766][ C3] PGD 0 P4D 0
[ 1693.204769][ C3] Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI
[ 1693.204772][ C3] CPU: 3 UID: 0 PID: 62767 Comm: (udev-worker) Tainted: G
S B OE 6.13.0-rc2-00267-gb16c01fbc964 #1
[ 1693.204778][ C3] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE,
[O]=OOT_MODULE, [E]=UNSIGNED_MODULE
[ 1693.204779][ C3] Hardware name: Dell Inc. OptiPlex 7050/062KRH, BIOS
1.2.0 12/22/2016
[ 1693.204781][ C3] RIP: 0010:handle_pmi_common+0x222/0x630
[ 1693.204785][ C3] Code: 74 24 48 41 83 c5 01 4b 8d 3c f4 e8 e8 02 6a 00 4f
8b 3c f4 49 8d bf 00 02 00 00 e8 d8 02 6a 00 48 8b 54 24 40 be 08 00 00 00 <49>
8b 87 00 02 00 00 48 89 44 24 38 4c 89 f0 48 c1 e8 06 48 8d 3c
[ 1693.204788][ C3] RSP: 0018:fffffe00000e6b80 EFLAGS: 00010086
[ 1693.204790][ C3] RAX: 0000000000000001 RBX: 1fffffc00001cd7c RCX:
ffffffff81144e56
[ 1693.204792][ C3] RDX: ffff8887337a9e80 RSI: 0000000000000008 RDI:
ffffffff867c2f80
[ 1693.204794][ C3] RBP: fffffe00000e6df0 R08: 0000000000000001 R09:
fffffbfff0cf85f0
[ 1693.204796][ C3] R10: ffffffff867c2f87 R11: 0000000000000001 R12:
ffff8887337a9c80
[ 1693.204798][ C3] R13: 0000000000000001 R14: 0000000000000000 R15:
0000000000000000
[ 1693.204800][ C3] FS: 00007fcc230b18c0(0000) GS:ffff888733780000(0000)
knlGS:0000000000000000
[ 1693.204803][ C3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1693.204805][ C3] CR2: 0000000000000200 CR3: 000000034bbd6006 CR4:
00000000003726f0
[ 1693.204807][ C3] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 1693.204808][ C3] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 1693.204810][ C3] Call Trace:
[ 1693.204811][ C3] <NMI>
[ 1693.204813][ C3] ? __die+0x1f/0x60
[ 1693.204817][ C3] ? page_fault_oops+0x8d/0xc0
[ 1693.204822][ C3] ? exc_page_fault+0x57/0xe0
[ 1693.204827][ C3] ? asm_exc_page_fault+0x22/0x30
[ 1693.204834][ C3] ? add_taint+0x26/0x90
[ 1693.204842][ C3] ? handle_pmi_common+0x222/0x630
[ 1693.204856][ C3] ? __pfx_handle_pmi_common+0x10/0x10
[ 1693.204879][ C3] ? rcu_is_watching+0x1c/0x50
[ 1693.204885][ C3] ? trace_lock_acquire+0x118/0x150
[ 1693.204894][ C3] ? intel_bts_interrupt+0xcc/0x270
[ 1693.204904][ C3] ? __pfx_intel_bts_interrupt+0x10/0x10
[ 1693.204918][ C3] intel_pmu_handle_irq+0x152/0x320
[ 1693.204928][ C3] perf_event_nmi_handler+0x37/0x60
[ 1693.204936][ C3] nmi_handle+0xb2/0x240
[ 1693.204947][ C3] default_do_nmi+0x45/0x110
[ 1693.204955][ C3] exc_nmi+0x100/0x190
[ 1693.204964][ C3] end_repeat_nmi+0xf/0x53
[ 1693.204969][ C3] RIP: 0010:kasan_check_range+0x38/0x1b0
[ 1693.204977][ C3] Code: 44 0f b6 c2 48 01 f0 55 53 0f 82 d7 00 00 00 eb 0f
cc cc cc 48 b8 00 00 00 00 00 00 00 ff eb 0a 48 b8 00 00 00 00 00 80 ff ff <48>
39 c7 0f 82 b3 00 00 00 4c 8d 54 37 ff 48 89 fd 48 b8 00 00 00
[ 1693.204982][ C3] RSP: 0018:ffff8882c850f9b8 EFLAGS: 00000086
[ 1693.204987][ C3] RAX: ffff800000000000 RBX: 000000000000001b RCX:
ffffffff812458aa
[ 1693.204991][ C3] RDX: 0000000000000000 RSI: 0000000000000008 RDI:
ffffffff86ee1140
[ 1693.204995][ C3] RBP: 0000000000000009 R08: 0000000000000000 R09:
fffffbfff0ddc234
[ 1693.204999][ C3] R10: ffffffff86ee11a7 R11: 0000000000000000 R12:
ffff888107450f08
[ 1693.205003][ C3] R13: 0000000000000200 R14: ffff888107450000 R15:
ffff888107450f28
[ 1693.205012][ C3] ? mark_lock+0x6a/0x530
[ 1693.205023][ C3] ? kasan_check_range+0x38/0x1b0
[ 1693.205034][ C3] ? kasan_check_range+0x38/0x1b0
[ 1693.205044][ C3] </NMI>
[ 1693.205046][ C3] <TASK>
[ 1693.205049][ C3] mark_lock+0x6a/0x530
[ 1693.205060][ C3] mark_usage+0xbb/0x1a0
[ 1693.205069][ C3] __lock_acquire+0x50e/0xf90
[ 1693.205081][ C3] ? rcu_is_watching+0x1c/0x50
[ 1693.205090][ C3] lock_acquire+0x123/0x2e0
[ 1693.205098][ C3] ? bpf_trace_run2+0x115/0x310
[ 1693.205108][ C3] ? __pfx_lock_acquire+0x10/0x10
[ 1693.205120][ C3] ? lock_acquire+0x123/0x2e0
[ 1693.205128][ C3] ? __might_fault+0x74/0xc0
[ 1693.205137][ C3] ? find_held_lock+0x83/0xa0
[ 1693.205147][ C3] bpf_trace_run2+0x129/0x310
[ 1693.205154][ C3] ? bpf_trace_run2+0x115/0x310
[ 1693.205161][ C3] ? __pfx_bpf_trace_run2+0x10/0x10
[ 1693.205168][ C3] ? lock_is_held_type+0x9a/0x110
[ 1693.205177][ C3] ? __might_fault+0x74/0xc0
[ 1693.205189][ C3] __bpf_trace_sys_enter+0x33/0x60
[ 1693.205196][ C3] syscall_trace_enter+0x1b8/0x260
[ 1693.205205][ C3] do_syscall_64+0x139/0x170
[ 1693.205211][ C3] ? __pfx___lock_release+0x10/0x10
[ 1693.205225][ C3] ? __might_fault+0x74/0xc0
[ 1693.205234][ C3] ? rcu_is_watching+0x1c/0x50
[ 1693.205240][ C3] ? trace_rseq_update+0xb9/0xf0
[ 1693.205248][ C3] ? __rseq_handle_notify_resume+0x321/0x3a0
[ 1693.205255][ C3] ? do_epoll_wait+0xd1/0xf0
[ 1693.205264][ C3] ? __pfx___rseq_handle_notify_resume+0x10/0x10
[ 1693.205273][ C3] ? __might_fault+0x74/0xc0
[ 1693.205281][ C3] ? rcu_is_watching+0x1c/0x50
[ 1693.205287][ C3] ? mark_held_locks+0x24/0x90
[ 1693.205297][ C3] ? lockdep_hardirqs_on_prepare+0x131/0x200
[ 1693.205306][ C3] ? syscall_exit_to_user_mode+0xa2/0x2a0
[ 1693.205313][ C3] ? do_syscall_64+0x98/0x170
[ 1693.205318][ C3] ? mark_held_locks+0x24/0x90
[ 1693.205328][ C3] ? lockdep_hardirqs_on_prepare+0x131/0x200
[ 1693.205336][ C3] ? syscall_exit_to_user_mode+0xa2/0x2a0
[ 1693.205343][ C3] ? do_syscall_64+0x98/0x170
[ 1693.205350][ C3] entry_SYSCALL_64_after_hwframe+0x76/0x7e
[ 1693.205359][ C3] RIP: 0033:0x7fcc237cb899
[ 1693.205363][ C3] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00
80 3d 51 fd 0c 00 00 41 89 ca 74 1c 45 31 c9 45 31 c0 b8 2d 00 00 00 0f 05 <48>
3d 00 f0 ff ff 77 67 c3 66 0f 1f 44 00 00 55 48 83 ec 20 48 89
[ 1693.205369][ C3] RSP: 002b:00007ffeb82d1788 EFLAGS: 00000246 ORIG_RAX:
000000000000002d
[ 1693.205374][ C3] RAX: ffffffffffffffda RBX: 000000000000001d RCX:
00007fcc237cb899
[ 1693.205379][ C3] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
000000000000001d
[ 1693.205382][ C3] RBP: 00007ffeb82d1970 R08: 0000000000000000 R09:
0000000000000000
[ 1693.205386][ C3] R10: 0000000000000022 R11: 0000000000000246 R12:
00007ffeb82d1980
[ 1693.205389][ C3] R13: 00007ffeb82d19c8 R14: 000055d5d68d8a50 R15:
0000000000000000
[ 1693.205402][ C3] </TASK>
[ 1693.205404][ C3] Modules linked in: cls_matchall tls sch_fq 8021q garp
mrp stp llc dummy tun ipip tunnel4 ip_tunnel iptable_raw xt_connmark
bpf_testmod(OE) veth cls_bpf sch_ingress rpcsec_gss_krb5 auth_rpcgss nfsv4
dns_resolver openvswitch nf_conncount nf_nat nf_conntrack nf_defrag_ipv6
nf_defrag_ipv4 psample snd_hda_codec_hdmi snd_ctl_led intel_rapl_msr
intel_rapl_common intel_uncore_frequency intel_uncore_frequency_common
snd_hda_codec_realtek snd_hda_codec_generic snd_hda_scodec_component btrfs
blake2b_generic x86_pkg_temp_thermal xor zstd_compress intel_powerclamp
raid6_pq libcrc32c snd_soc_avs snd_soc_hda_codec snd_hda_ext_core coretemp i915
snd_soc_core sd_mod snd_compress cec kvm_intel sg snd_hda_intel drm_buddy
snd_intel_dspcfg ttm snd_intel_sdw_acpi kvm snd_hda_codec crct10dif_pclmul
drm_display_helper crc32_pclmul crc32c_intel snd_hda_core ghash_clmulni_intel
dell_pc dell_wmi drm_kms_helper snd_hwdep mei_wdt i2c_designware_platform rapl
snd_pcm intel_gtt ipmi_devintf platform_profile i2c_designware_core
[ 1693.205551][ C3] intel_cstate snd_timer dell_wmi_aio agpgart ahci
dell_smbios ipmi_msghandler wmi_bmof dell_wmi_descriptor sparse_keymap dcdbas
libahci mei_me snd video i2c_i801 pcspkr intel_uncore intel_lpss_pci libata
intel_lpss mei i2c_smbus soundcore idma64 intel_pmc_core intel_vsec
pmt_telemetry wmi pinctrl_sunrisepoint pmt_class acpi_pad binfmt_misc drm
dm_mod ip_tables x_tables sch_fq_codel [last unloaded: bpf_test_no_cfi(OE)]
[ 1693.205635][ C3] CR2: 0000000000000200
[ 1693.205638][ C3] ---[ end trace 0000000000000000 ]---
[ 1693.205641][ C3] RIP: 0010:handle_pmi_common+0x222/0x630
[ 1693.205648][ C3] Code: 74 24 48 41 83 c5 01 4b 8d 3c f4 e8 e8 02 6a 00 4f
8b 3c f4 49 8d bf 00 02 00 00 e8 d8 02 6a 00 48 8b 54 24 40 be 08 00 00 00 <49>
8b 87 00 02 00 00 48 89 44 24 38 4c 89 f0 48 c1 e8 06 48 8d 3c
[ 1693.205653][ C3] RSP: 0018:fffffe00000e6b80 EFLAGS: 00010086
[ 1693.205658][ C3] RAX: 0000000000000001 RBX: 1fffffc00001cd7c RCX:
ffffffff81144e56
[ 1693.205662][ C3] RDX: ffff8887337a9e80 RSI: 0000000000000008 RDI:
ffffffff867c2f80
[ 1693.205666][ C3] RBP: fffffe00000e6df0 R08: 0000000000000001 R09:
fffffbfff0cf85f0
[ 1693.205670][ C3] R10: ffffffff867c2f87 R11: 0000000000000001 R12:
ffff8887337a9c80
[ 1693.205673][ C3] R13: 0000000000000001 R14: 0000000000000000 R15:
0000000000000000
[ 1693.205677][ C3] FS: 00007fcc230b18c0(0000) GS:ffff888733780000(0000)
knlGS:0000000000000000
[ 1693.205681][ C3] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1693.205685][ C3] CR2: 0000000000000200 CR3: 000000034bbd6006 CR4:
00000000003726f0
[ 1693.205688][ C3] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 1693.205691][ C3] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 1693.205695][ C3] Kernel panic - not syncing: Fatal exception in interrupt
[ 1693.205723][ C3] Kernel Offset: disabled
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250122/202501221114.c06f7c72-...@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
