BUG: kernel NULL pointer dereference, address: 00000004 - mas_update_gap

BUG: kernel NULL pointer dereference, address: 00000004 - mas_update_gap

[Naresh Kamboju]

While running LTP sched tests on i386 the following kernel BUG noticed on
Linux next-20220513 [1].

Running with 50*40 (== 2000) tasks.
Time: 7.618
Running with 20*40 (== 800) tasks.
[   75.590440] BUG: kernel NULL pointer dereference, address: 00000004
[   75.596710] #PF: supervisor read access in kernel mode
[   75.601842] #PF: error_code(0x0000) - not-present page
[   75.606979] *pde = 00000000
[   75.609858] Oops: 0000 [#1] PREEMPT SMP
[   75.613697] CPU: 1 PID: 2694 Comm: hackbench Not tainted
5.18.0-rc6-next-20220513 #1
[   75.621427] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS
2.0b 07/27/2017
[   75.628898] EIP: mas_update_gap+0xa9/0x290
[   75.632996] Code: 02 89 4d e8 0f 84 ef 01 00 00 89 d6 8b 4d ec 8b
55 f0 81 e6 00 ff ff ff 89 75 e0 21 d1 31 d2 83 f9 06 75 06 8d 96 a8
00 00 00 <3b> 3c 82 0f 84 73 ff ff ff 83 7d e8 01 8b 4d f0 19 d2 83 e2
fc 83
[   75.651735] EAX: 00000001 EBX: e507fd2c ECX: 00000086 EDX: 00000000
[   75.657992] ESI: c6030500 EDI: 40152000 EBP: e507f8ec ESP: e507f8cc
[   75.664248] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010202
[   75.671024] CR0: 80050033 CR2: 00000004 CR3: 25e5f000 CR4: 003506d0
[   75.677283] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[   75.683541] DR6: fffe0ff0 DR7: 00000400
[   75.687372] Call Trace:
[   75.689817]  mas_wr_modify+0x193/0x1c20
[   75.693665]  mas_wr_store_entry.isra.0+0x187/0x4d0
[   75.698465]  mas_store_prealloc+0x44/0xe0
[   75.702477]  vma_mas_store+0x2f/0x80
[   75.706057]  __vma_adjust+0x334/0x8e0
[   75.709724]  __split_vma+0x148/0x160
[   75.713303]  do_mas_align_munmap.constprop.0+0xd3/0x3f0
[   75.718529]  ? find_idlest_group+0xdb/0x7f0
[   75.722714]  do_mas_munmap+0x7d/0xb0
[   75.726294]  mmap_region+0x11e/0x6b0
[   75.729875]  ? selinux_msg_queue_msgctl+0xc0/0xc0
[   75.734579]  ? security_mmap_addr+0x2a/0x40
[   75.738765]  ? get_unmapped_area+0x74/0xe0
[   75.742864]  do_mmap+0x3f8/0x500
[   75.746096]  ? file_map_prot_check+0x190/0x190
[   75.750532]  vm_mmap_pgoff+0xc6/0x160
[   75.754192]  ksys_mmap_pgoff+0x50/0x200
[   75.758032]  __ia32_sys_mmap_pgoff+0x2f/0x40
[   75.762302]  __do_fast_syscall_32+0x4c/0xc0
[   75.766478]  do_fast_syscall_32+0x32/0x70
[   75.770482]  do_SYSENTER_32+0x15/0x20
[   75.774141]  entry_SYSENTER_32+0x98/0xf1
[   75.778068] EIP: 0xb7fcf549
[   75.780868] Code: 03 74 c0 01 10 05 03 74 b8 01 10 06 03 74 b4 01
10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 51 52 55 89 e5 0f
34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90
8d 76
[   75.799613] EAX: ffffffda EBX: 00000000 ECX: 00005000 EDX: 00000000
[   75.805878] ESI: 00020022 EDI: ffffffff EBP: 00000000 ESP: bfeab8ec
[   75.812134] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246
[   75.818915] Modules linked in: x86_pkg_temp_thermal
[   75.823792] CR2: 0000000000000004
[   75.827104] ---[ end trace 0000000000000000 ]---
[   75.827105] EIP: mas_update_gap+0xa9/0x290
[   75.827107] Code: 02 89 4d e8 0f 84 ef 01 00 00 89 d6 8b 4d ec 8b
55 f0 81 e6 00 ff ff ff 89 75 e0 21 d1 31 d2 83 f9 06 75 06 8d 96 a8
00 00 00 <3b> 3c 82 0f 84 73 ff ff ff 83 7d e8 01 8b 4d f0 19 d2 83 e2
fc 83
[   75.827108] EAX: 00000001 EBX: e507fd2c ECX: 00000086 EDX: 00000000
[   75.827109] ESI: c6030500 EDI: 40152000 EBP: e507f8ec ESP: e507f8cc
[   75.827110] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010202
[   75.827111] CR0: 80050033 CR2: 00000004 CR3: 25e5f000 CR4: 003506d0
[   75.827111] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[   75.827112] DR6: fffe0ff0 DR7: 00000400

Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>

metadata:
  git_ref: master
  git_repo: ''
  git_sha: 1e1b28b936aed946122b4e0991e7144fdbbfd77e
  git_describe: next-20220513
  kernel_version: 5.18.0-rc6
  kernel-config: https://builds.tuxbuild.com/296PiI1oM7N6Vk7m9lxuipmXW7B/config
  build-url: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next/-/pipelines/538244935
  artifact-location: https://builds.tuxbuild.com/296PiI1oM7N6Vk7m9lxuipmXW7B
  toolchain: gcc-11

--
Linaro LKFT
https://lkft.linaro.org

[1] https://lkft.validation.linaro.org/scheduler/job/5021335#L1718

Re: BUG: kernel NULL pointer dereference, address: 00000004 - mas_update_gap

[Liam Howlett]

* Naresh Kamboju <naresh.kamboju@linaro.org> [220516 02:35]:
> While running LTP sched tests on i386 the following kernel BUG noticed on
> Linux next-20220513 [1].
> 
...

> Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
> 
> metadata:
>   git_ref: master
>   git_repo: ''
>   git_sha: 1e1b28b936aed946122b4e0991e7144fdbbfd77e
>   git_describe: next-20220513
>   kernel_version: 5.18.0-rc6
>   kernel-config: https://builds.tuxbuild.com/296PiI1oM7N6Vk7m9lxuipmXW7B/config
>   build-url: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next/-/pipelines/538244935
>   artifact-location: https://builds.tuxbuild.com/296PiI1oM7N6Vk7m9lxuipmXW7B
>   toolchain: gcc-11
> 
> --
> Linaro LKFT
> https://lkft.linaro.org
> 
> [1] https://lkft.validation.linaro.org/scheduler/job/5021335#L1718


I was able to reproduce this issue with ltp running:
"./runltp -p -q -f sched"

I have sent a fix out [1] that allows the test to execute on i386 qemu.

Thanks,
Liam

1. https://lore.kernel.org/linux-mm/20220517152209.3486724-1-Liam.Howlett@oracle.com/