Greeting, FYI, we noticed the following commit (built with clang-14): commit: fa5ba4107ce2034e7f02531a64278a0fd8a731cd ("mm/slob: Convert SLOB to use struct slab") https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master in testcase: boot on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 0.449600][ T0] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 0.451148][ T0] #PF: supervisor read access in kernel mode [ 0.452345][ T0] #PF: error_code(0x0000) - not-present page [ 0.453512][ T0] PGD 0 P4D 0 [ 0.454183][ T0] Oops: 0000 [#1] [ 0.454847][ T0] CPU: 0 PID: 0 Comm: swapper Not tainted 5.16.0-rc3-00024-gfa5ba4107ce2 #1 [ 0.456717][ T0] RIP: 0010:slob_alloc (include/linux/page-flags.h:198 include/linux/page-flags.h:431 mm/slob.c:362) [ 0.457839][ T0] Code: 00 00 00 e8 d4 e4 f0 ff 48 89 df e8 0c 0a f1 ff 4c 8b 2b 49 c1 e5 36 49 c1 fd 3f 49 21 dd 49 8d 5d 08 48 89 df e8 f2 09 f1 ff <49> 8b 6d 08 40 f6 c5 01 0f 85 7b 01 00 00 4c 89 ed be 08 00 00 00 All code ======== 0: 00 00 add %al,(%rax) 2: 00 e8 add %ch,%al 4: d4 (bad) 5: e4 f0 in $0xf0,%al 7: ff 48 89 decl -0x77(%rax) a: df e8 fucomip %st(0),%st c: 0c 0a or $0xa,%al e: f1 icebp f: ff 4c 8b 2b decl 0x2b(%rbx,%rcx,4) 13: 49 c1 e5 36 shl $0x36,%r13 17: 49 c1 fd 3f sar $0x3f,%r13 1b: 49 21 dd and %rbx,%r13 1e: 49 8d 5d 08 lea 0x8(%r13),%rbx 22: 48 89 df mov %rbx,%rdi 25: e8 f2 09 f1 ff callq 0xfffffffffff10a1c 2a:* 49 8b 6d 08 mov 0x8(%r13),%rbp <-- trapping instruction 2e: 40 f6 c5 01 test $0x1,%bpl 32: 0f 85 7b 01 00 00 jne 0x1b3 38: 4c 89 ed mov %r13,%rbp 3b: be 08 00 00 00 mov $0x8,%esi Code starting with the faulting instruction =========================================== 0: 49 8b 6d 08 mov 0x8(%r13),%rbp 4: 40 f6 c5 01 test $0x1,%bpl 8: 0f 85 7b 01 00 00 jne 0x189 e: 4c 89 ed mov %r13,%rbp 11: be 08 00 00 00 mov $0x8,%esi [ 0.462094][ T0] RSP: 0000:ffffffff9d203dc8 EFLAGS: 00010046 [ 0.463363][ T0] RAX: ffffffff9d22fe68 RBX: 0000000000000008 RCX: ffffffff9b80c2ce [ 0.465369][ T0] RDX: 0000000000000004 RSI: 0000000000000001 RDI: 0000000000000008 [ 0.467042][ T0] RBP: 0000000004001040 R08: 0001ffffffffffff R09: 0000000000000000 [ 0.468631][ T0] R10: 000000000000000f R11: 0001ba4644001047 R12: ffffffff9d7d7110 [ 0.470141][ T0] R13: 0000000000000000 R14: ffff89a080041000 R15: 0000000000000040 [ 0.471633][ T0] FS: 0000000000000000(0000) GS:ffffffff9d246000(0000) knlGS:0000000000000000 [ 0.473507][ T0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 0.474878][ T0] CR2: 0000000000000008 CR3: 0000000430e26000 CR4: 00000000000406b0 [ 0.476605][ T0] Call Trace: [ 0.477333][ T0] [ 0.477969][ T0] kmem_cache_alloc (mm/slob.c:? mm/slob.c:632) [ 0.478981][ T0] ? _printk (kernel/printk/printk.c:2269) [ 0.479826][ T0] kmem_cache_create_usercopy (mm/slab_common.c:247 mm/slab_common.c:359) [ 0.481036][ T0] kmem_cache_create (mm/slab_common.c:414) [ 0.482024][ T0] vmalloc_init (mm/vmalloc.c:2347) [ 0.483000][ T0] mm_init (init/main.c:851) [ 0.483870][ T0] start_kernel (init/main.c:987) [ 0.484833][ T0] secondary_startup_64_no_verify (??:?) [ 0.486139][ T0] [ 0.486837][ T0] Modules linked in: [ 0.487712][ T0] CR2: 0000000000000008 [ 0.488612][ T0] random: get_random_bytes called from oops_exit+0x39/0xc0 with crng_init=0 [ 0.488646][ T0] ---[ end trace 0000000000000000 ]--- [ 0.494333][ T0] RIP: 0010:slob_alloc (include/linux/page-flags.h:198 include/linux/page-flags.h:431 mm/slob.c:362) [ 0.495462][ T0] Code: 00 00 00 e8 d4 e4 f0 ff 48 89 df e8 0c 0a f1 ff 4c 8b 2b 49 c1 e5 36 49 c1 fd 3f 49 21 dd 49 8d 5d 08 48 89 df e8 f2 09 f1 ff <49> 8b 6d 08 40 f6 c5 01 0f 85 7b 01 00 00 4c 89 ed be 08 00 00 00 All code ======== 0: 00 00 add %al,(%rax) 2: 00 e8 add %ch,%al 4: d4 (bad) 5: e4 f0 in $0xf0,%al 7: ff 48 89 decl -0x77(%rax) a: df e8 fucomip %st(0),%st c: 0c 0a or $0xa,%al e: f1 icebp f: ff 4c 8b 2b decl 0x2b(%rbx,%rcx,4) 13: 49 c1 e5 36 shl $0x36,%r13 17: 49 c1 fd 3f sar $0x3f,%r13 1b: 49 21 dd and %rbx,%r13 1e: 49 8d 5d 08 lea 0x8(%r13),%rbx 22: 48 89 df mov %rbx,%rdi 25: e8 f2 09 f1 ff callq 0xfffffffffff10a1c 2a:* 49 8b 6d 08 mov 0x8(%r13),%rbp <-- trapping instruction 2e: 40 f6 c5 01 test $0x1,%bpl 32: 0f 85 7b 01 00 00 jne 0x1b3 38: 4c 89 ed mov %r13,%rbp 3b: be 08 00 00 00 mov $0x8,%esi Code starting with the faulting instruction =========================================== 0: 49 8b 6d 08 mov 0x8(%r13),%rbp 4: 40 f6 c5 01 test $0x1,%bpl 8: 0f 85 7b 01 00 00 jne 0x189 e: 4c 89 ed mov %r13,%rbp 11: be 08 00 00 00 mov $0x8,%esi To reproduce: # build kernel cd linux cp config-5.16.0-rc3-00024-gfa5ba4107ce2 .config make HOSTCC=clang-14 CC=clang-14 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules make HOSTCC=clang-14 CC=clang-14 ARCH=x86_64 INSTALL_MOD_PATH= modules_install cd find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k -m modules.cgz job-script # job-script is attached in this email # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation Thanks, Oliver Sang