Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: 855ac3c67d74dadc57431fafcf59497d22879bc0 ("memblock changes")
https://github.com/riteshharjani/linux kfence-fix-patchv3
in testcase: boot
config: x86_64-rhel-8.3
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------+------------+------------+
| | cc6765ead4 | 855ac3c67d |
+---------------------------------------------+------------+------------+
| BUG:kernel_NULL_pointer_dereference,address | 0 | 18 |
| Oops | 0 | 18 |
| RIP:memmap_init | 0 | 18 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 18 |
+---------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202410202212.b63f1e37-oliver.sang@xxxxxxxxx
[ 0.045566][ T0] BUG: kernel NULL pointer dereference, address: 00000000000000a0
[ 0.046381][ T0] #PF: supervisor read access in kernel mode
[ 0.047019][ T0] #PF: error_code(0x0000) - not-present page
[ 0.047675][ T0] PGD 0 P4D 0
[ 0.048035][ T0] Oops: Oops: 0000 [#1] SMP PTI
[ 0.048560][ T0] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.12.0-rc2-00018-g855ac3c67d74 #1
[ 0.049578][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 0.050714][ T0] RIP: 0010:memmap_init (mm/mm_init.c:952)
[ 0.051288][ T0] Code: 63 d2 6a 01 6a 00 e8 62 8a b7 fd 5a 59 4c 39 e5 0f 82 c8 00 00 00 4c 89 f5 41 83 c7 01 48 81 c3 00 06 00 00 41 83 ff 05 74 49 <48> 83 bb a0 00 00 00 00 74 e5 48 8b 93 88 00 00 00 4c 8b 83 98 00
All code
========
0: 63 d2 movslq %edx,%edx
2: 6a 01 pushq $0x1
4: 6a 00 pushq $0x0
6: e8 62 8a b7 fd callq 0xfffffffffdb78a6d
b: 5a pop %rdx
c: 59 pop %rcx
d: 4c 39 e5 cmp %r12,%rbp
10: 0f 82 c8 00 00 00 jb 0xde
16: 4c 89 f5 mov %r14,%rbp
19: 41 83 c7 01 add $0x1,%r15d
1d: 48 81 c3 00 06 00 00 add $0x600,%rbx
24: 41 83 ff 05 cmp $0x5,%r15d
28: 74 49 je 0x73
2a:* 48 83 bb a0 00 00 00 cmpq $0x0,0xa0(%rbx) <-- trapping instruction
31: 00
32: 74 e5 je 0x19
34: 48 8b 93 88 00 00 00 mov 0x88(%rbx),%rdx
3b: 4c rex.WR
3c: 8b .byte 0x8b
3d: 83 .byte 0x83
3e: 98 cwtl
...
Code starting with the faulting instruction
===========================================
0: 48 83 bb a0 00 00 00 cmpq $0x0,0xa0(%rbx)
7: 00
8: 74 e5 je 0xffffffffffffffef
a: 48 8b 93 88 00 00 00 mov 0x88(%rbx),%rdx
11: 4c rex.WR
12: 8b .byte 0x8b
13: 83 .byte 0x83
14: 98 cwtl
...
[ 0.053312][ T0] RSP: 0000:ffffffff97e03db0 EFLAGS: 00010046
[ 0.053951][ T0] RAX: ffffffffffffffff RBX: 0000000000000000 RCX: 000000000000009f
[ 0.054709][ T0] RDX: ffffffff98f78840 RSI: 0000000000000000 RDI: 0000000000000001
[ 0.055337][ T0] RBP: 0000000000000000 R08: ffffffff97e03dbc R09: ffffffff97e03db8
[ 0.056136][ T0] R10: 0000000000000400 R11: ffffffff97e03dc0 R12: ffff9ed3fffc8dc0
[ 0.056982][ T0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 0.057803][ T0] FS: 0000000000000000(0000) GS:ffffffff98981000(0000) knlGS:0000000000000000
[ 0.058701][ T0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 0.059394][ T0] CR2: 00000000000000a0 CR3: 000000006dc1e000 CR4: 00000000000000b0
[ 0.060163][ T0] Call Trace:
[ 0.060450][ T0] <TASK>
[ 0.060723][ T0] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)
[ 0.061134][ T0] ? page_fault_oops (arch/x86/mm/fault.c:715)
[ 0.061646][ T0] ? exc_page_fault (arch/x86/include/asm/irqflags.h:37 arch/x86/include/asm/irqflags.h:92 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539)
[ 0.062151][ T0] ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:623)
[ 0.062699][ T0] ? memmap_init (mm/mm_init.c:952)
[ 0.063176][ T0] ? free_area_init (include/linux/bitmap.h:446 include/linux/nodemask.h:241 include/linux/nodemask.h:438 mm/mm_init.c:646 mm/mm_init.c:1862)
[ 0.063695][ T0] ? zone_sizes_init (arch/x86/mm/init.c:1008)
[ 0.064168][ T0] ? setup_arch (arch/x86/kernel/setup.c:1132)
[ 0.064550][ T0] ? start_kernel (init/main.c:927)
[ 0.064974][ T0] ? x86_64_start_reservations (arch/x86/kernel/head64.c:495)
[ 0.065489][ T0] ? x86_64_start_kernel (arch/x86/kernel/head64.c:437 (discriminator 5))
[ 0.065915][ T0] ? common_startup_64 (arch/x86/kernel/head_64.S:414)
[ 0.066436][ T0] </TASK>
[ 0.066737][ T0] Modules linked in:
[ 0.067130][ T0] CR2: 00000000000000a0
[ 0.067567][ T0] ---[ end trace 0000000000000000 ]---
[ 0.068122][ T0] RIP: 0010:memmap_init (mm/mm_init.c:952)
[ 0.068647][ T0] Code: 63 d2 6a 01 6a 00 e8 62 8a b7 fd 5a 59 4c 39 e5 0f 82 c8 00 00 00 4c 89 f5 41 83 c7 01 48 81 c3 00 06 00 00 41 83 ff 05 74 49 <48> 83 bb a0 00 00 00 00 74 e5 48 8b 93 88 00 00 00 4c 8b 83 98 00
All code
========
0: 63 d2 movslq %edx,%edx
2: 6a 01 pushq $0x1
4: 6a 00 pushq $0x0
6: e8 62 8a b7 fd callq 0xfffffffffdb78a6d
b: 5a pop %rdx
c: 59 pop %rcx
d: 4c 39 e5 cmp %r12,%rbp
10: 0f 82 c8 00 00 00 jb 0xde
16: 4c 89 f5 mov %r14,%rbp
19: 41 83 c7 01 add $0x1,%r15d
1d: 48 81 c3 00 06 00 00 add $0x600,%rbx
24: 41 83 ff 05 cmp $0x5,%r15d
28: 74 49 je 0x73
2a:* 48 83 bb a0 00 00 00 cmpq $0x0,0xa0(%rbx) <-- trapping instruction
31: 00
32: 74 e5 je 0x19
34: 48 8b 93 88 00 00 00 mov 0x88(%rbx),%rdx
3b: 4c rex.WR
3c: 8b .byte 0x8b
3d: 83 .byte 0x83
3e: 98 cwtl
...
Code starting with the faulting instruction
===========================================
0: 48 83 bb a0 00 00 00 cmpq $0x0,0xa0(%rbx)
7: 00
8: 74 e5 je 0xffffffffffffffef
a: 48 8b 93 88 00 00 00 mov 0x88(%rbx),%rdx
11: 4c rex.WR
12: 8b .byte 0x8b
13: 83 .byte 0x83
14: 98 cwtl
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241020/202410202212.b63f1e37-oliver.sang@xxxxxxxxx
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
