Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: 4be66e32070d1e8da72934dbe4dff44a49bd2e5f ("of: reserved_mem: Restructure how the reserved memory regions are processed")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: boot
compiler: clang-18
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------+------------+------------+
| | d2a97be345 | 4be66e3207 |
+---------------------------------------------+------------+------------+
| boot_successes | 15 | 0 |
| boot_failures | 0 | 15 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 15 |
| Oops | 0 | 15 |
| EIP:fdt_ro_probe | 0 | 15 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 15 |
+---------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202408192157.8d8fe8a9-oliver.sang@xxxxxxxxx
[ 0.052331][ T0] BUG: kernel NULL pointer dereference, address: 00000004
[ 0.052785][ T0] #PF: supervisor read access in kernel mode
[ 0.053163][ T0] #PF: error_code(0x0000) - not-present page
[ 0.053541][ T0] *pde = 00000000
[ 0.053774][ T0] Oops: Oops: 0000 [#1] SMP
[ 0.054060][ T0] CPU: 0 UID: 0 PID: 0 Comm: swapper Tainted: G T 6.11.0-rc1-00018-g4be66e32070d #1
[ 0.054748][ T0] Tainted: [T]=RANDSTRUCT
[ 0.055020][ T0] EIP: fdt_ro_probe_ (scripts/dtc/libfdt/libfdt.h:? lib/../scripts/dtc/libfdt/fdt.c:?)
[ 0.055319][ T0] Code: 56 8b 30 03 12 31 c9 39 d6 19 c9 b8 01 00 00 00 39 d6 77 02 89 c8 5e 5d 31 c9 31 d2 c3 b9 ed ff ff ff a8 07 75 5e 55 89 e5 56 <8b> 50 04 8b 30 0f ce 81 fe 12 01 f2 2f 74 28 b9 f7 ff ff ff 81 fe
All code
========
0: 56 push %rsi
1: 8b 30 mov (%rax),%esi
3: 03 12 add (%rdx),%edx
5: 31 c9 xor %ecx,%ecx
7: 39 d6 cmp %edx,%esi
9: 19 c9 sbb %ecx,%ecx
b: b8 01 00 00 00 mov $0x1,%eax
10: 39 d6 cmp %edx,%esi
12: 77 02 ja 0x16
14: 89 c8 mov %ecx,%eax
16: 5e pop %rsi
17: 5d pop %rbp
18: 31 c9 xor %ecx,%ecx
1a: 31 d2 xor %edx,%edx
1c: c3 retq
1d: b9 ed ff ff ff mov $0xffffffed,%ecx
22: a8 07 test $0x7,%al
24: 75 5e jne 0x84
26: 55 push %rbp
27: 89 e5 mov %esp,%ebp
29: 56 push %rsi
2a:* 8b 50 04 mov 0x4(%rax),%edx <-- trapping instruction
2d: 8b 30 mov (%rax),%esi
2f: 0f ce bswap %esi
31: 81 fe 12 01 f2 2f cmp $0x2ff20112,%esi
37: 74 28 je 0x61
39: b9 f7 ff ff ff mov $0xfffffff7,%ecx
3e: 81 .byte 0x81
3f: fe .byte 0xfe
Code starting with the faulting instruction
===========================================
0: 8b 50 04 mov 0x4(%rax),%edx
3: 8b 30 mov (%rax),%esi
5: 0f ce bswap %esi
7: 81 fe 12 01 f2 2f cmp $0x2ff20112,%esi
d: 74 28 je 0x37
f: b9 f7 ff ff ff mov $0xfffffff7,%ecx
14: 81 .byte 0x81
15: fe .byte 0xfe
[ 0.056594][ T0] EAX: 00000000 EBX: c27b018c ECX: ffffffed EDX: c27b018c
[ 0.057045][ T0] ESI: 00000000 EDI: 00000010 EBP: c296bedc ESP: c296bed8
[ 0.057495][ T0] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00210046
[ 0.058060][ T0] CR0: 80050033 CR2: 00000004 CR3: 03032000 CR4: 00000090
[ 0.058716][ T0] Call Trace:
[ 0.059024][ T0] ? __die_body (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)
[ 0.059420][ T0] ? __die (arch/x86/kernel/dumpstack.c:434)
[ 0.059780][ T0] ? page_fault_oops (arch/x86/mm/fault.c:711)
[ 0.060248][ T0] ? is_prefetch (arch/x86/mm/fault.c:119 arch/x86/mm/fault.c:132)
[ 0.060672][ T0] ? kernelmode_fixup_or_oops (arch/x86/mm/fault.c:738)
[ 0.061202][ T0] ? __bad_area_nosemaphore (arch/x86/mm/fault.c:785)
[ 0.061710][ T0] ? bad_area_nosemaphore (arch/x86/mm/fault.c:834)
[ 0.062185][ T0] ? do_user_addr_fault (arch/x86/mm/fault.c:?)
[ 0.062678][ T0] ? trace_irq_disable (include/trace/events/preemptirq.h:36)
[ 0.063149][ T0] ? exc_page_fault (arch/x86/include/asm/irqflags.h:19 arch/x86/include/asm/irqflags.h:87 arch/x86/include/asm/irqflags.h:147 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539)
[ 0.063595][ T0] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 0.064166][ T0] ? handle_exception (init_task.c:?)
[ 0.064622][ T0] ? i2c_hid_irq (include/linux/pm_wakeup.h:213 drivers/hid/i2c-hid/i2c-hid-core.c:542 drivers/hid/i2c-hid/i2c-hid-core.c:556)
[ 0.065042][ T0] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 0.065621][ T0] ? fdt_ro_probe_ (scripts/dtc/libfdt/libfdt.h:? lib/../scripts/dtc/libfdt/fdt.c:?)
[ 0.066043][ T0] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 0.066624][ T0] ? fdt_ro_probe_ (scripts/dtc/libfdt/libfdt.h:? lib/../scripts/dtc/libfdt/fdt.c:?)
[ 0.067049][ T0] fdt_path_offset_namelen (lib/../scripts/dtc/libfdt/fdt_ro.c:256)
[ 0.067561][ T0] ? _raw_spin_unlock_irqrestore (include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194)
[ 0.068095][ T0] fdt_path_offset (lib/../scripts/dtc/libfdt/fdt_ro.c:300)
[ 0.068502][ T0] fdt_scan_reserved_mem_reg_nodes (drivers/of/of_reserved_mem.c:192)
[ 0.069054][ T0] ? copy_device_tree (drivers/of/fdt.c:1127)
[ 0.069489][ T0] unflatten_device_tree (drivers/of/fdt.c:1243)
[ 0.069940][ T0] unflatten_and_copy_device_tree (drivers/of/fdt.c:1262)
[ 0.070441][ T0] x86_flattree_get_config (arch/x86/kernel/devicetree.c:313)
[ 0.070908][ T0] setup_arch (arch/x86/kernel/setup.c:1100)
[ 0.071284][ T0] ? vprintk (kernel/printk/printk_safe.c:?)
[ 0.071632][ T0] ? _printk (kernel/printk/printk.c:2376)
[ 0.071993][ T0] start_kernel (init/main.c:927)
[ 0.072406][ T0] i386_start_kernel (arch/x86/kernel/head32.c:79)
[ 0.072867][ T0] startup_32_smp (??:?)
[ 0.073307][ T0] Modules linked in:
[ 0.073675][ T0] CR2: 0000000000000004
[ 0.074063][ T0] ---[ end trace 0000000000000000 ]---
[ 0.074579][ T0] EIP: fdt_ro_probe_ (scripts/dtc/libfdt/libfdt.h:? lib/../scripts/dtc/libfdt/fdt.c:?)
[ 0.075010][ T0] Code: 56 8b 30 03 12 31 c9 39 d6 19 c9 b8 01 00 00 00 39 d6 77 02 89 c8 5e 5d 31 c9 31 d2 c3 b9 ed ff ff ff a8 07 75 5e 55 89 e5 56 <8b> 50 04 8b 30 0f ce 81 fe 12 01 f2 2f 74 28 b9 f7 ff ff ff 81 fe
All code
========
0: 56 push %rsi
1: 8b 30 mov (%rax),%esi
3: 03 12 add (%rdx),%edx
5: 31 c9 xor %ecx,%ecx
7: 39 d6 cmp %edx,%esi
9: 19 c9 sbb %ecx,%ecx
b: b8 01 00 00 00 mov $0x1,%eax
10: 39 d6 cmp %edx,%esi
12: 77 02 ja 0x16
14: 89 c8 mov %ecx,%eax
16: 5e pop %rsi
17: 5d pop %rbp
18: 31 c9 xor %ecx,%ecx
1a: 31 d2 xor %edx,%edx
1c: c3 retq
1d: b9 ed ff ff ff mov $0xffffffed,%ecx
22: a8 07 test $0x7,%al
24: 75 5e jne 0x84
26: 55 push %rbp
27: 89 e5 mov %esp,%ebp
29: 56 push %rsi
2a:* 8b 50 04 mov 0x4(%rax),%edx <-- trapping instruction
2d: 8b 30 mov (%rax),%esi
2f: 0f ce bswap %esi
31: 81 fe 12 01 f2 2f cmp $0x2ff20112,%esi
37: 74 28 je 0x61
39: b9 f7 ff ff ff mov $0xfffffff7,%ecx
3e: 81 .byte 0x81
3f: fe .byte 0xfe
Code starting with the faulting instruction
===========================================
0: 8b 50 04 mov 0x4(%rax),%edx
3: 8b 30 mov (%rax),%esi
5: 0f ce bswap %esi
7: 81 fe 12 01 f2 2f cmp $0x2ff20112,%esi
d: 74 28 je 0x37
f: b9 f7 ff ff ff mov $0xfffffff7,%ecx
14: 81 .byte 0x81
15: fe .byte 0xfe
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240819/202408192157.8d8fe8a9-oliver.sang@xxxxxxxxx
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
