[linux-next:master] [slab] db93cdd664: BUG:kernel_NULL_pointer_dereference,address

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: kernel test robot <oliver.sang@intel.com>
To: Alexei Starovoitov <ast@kernel.org>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>,
	Vlastimil Babka <vbabka@suse.cz>, <kasan-dev@googlegroups.com>,
	<cgroups@vger.kernel.org>, <linux-mm@kvack.org>,
	<oliver.sang@intel.com>
Subject: [linux-next:master] [slab]  db93cdd664: BUG:kernel_NULL_pointer_dereference,address
Date: Wed, 17 Sep 2025 13:01:34 +0800	[thread overview]
Message-ID: <202509171214.912d5ac-lkp@intel.com> (raw)



Hello,

kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:

commit: db93cdd664fa02de9be883dd29343b21d8fc790f ("slab: Introduce kmalloc_nolock() and kfree_nolock().")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master

in testcase: boot

config: i386-randconfig-062-20250913
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)



If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202509171214.912d5ac-lkp@intel.com


[    7.101117][    T0] BUG: kernel NULL pointer dereference, address: 00000010
[    7.102290][    T0] #PF: supervisor read access in kernel mode
[    7.103219][    T0] #PF: error_code(0x0000) - not-present page
[    7.104161][    T0] *pde = 00000000
[    7.104762][    T0] Thread overran stack, or stack corrupted
[    7.105726][    T0] Oops: Oops: 0000 [#1]
[    7.106410][    T0] CPU: 0 UID: 0 PID: 0 Comm: swapper Tainted: G                T   6.17.0-rc3-00014-gdb93cdd664fa #1 NONE  40eff3b43e4f0000b061f2e660abd0b2911f31b1
[    7.108712][    T0] Tainted: [T]=RANDSTRUCT
[    7.109368][    T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 7.110952][ T0] EIP: kmalloc_nolock_noprof (mm/slub.c:5607) 
[ 7.112838][ T0] Code: 90 90 90 90 90 89 45 bc 0f bd 75 bc 75 05 be ff ff ff ff 46 83 fe 0e 0f 83 b6 01 00 00 6b c7 38 8b 84 b0 b4 79 d0 b2 89 45 ec <8b> 40 10 a9 00 00 01 00 75 1b 8b 0d ec 28 db b3 31 f6 a9 87 04 00
All code
========
   0:	90                   	nop
   1:	90                   	nop
   2:	90                   	nop
   3:	90                   	nop
   4:	90                   	nop
   5:	89 45 bc             	mov    %eax,-0x44(%rbp)
   8:	0f bd 75 bc          	bsr    -0x44(%rbp),%esi
   c:	75 05                	jne    0x13
   e:	be ff ff ff ff       	mov    $0xffffffff,%esi
  13:	46 83 fe 0e          	rex.RX cmp $0xe,%esi
  17:	0f 83 b6 01 00 00    	jae    0x1d3
  1d:	6b c7 38             	imul   $0x38,%edi,%eax
  20:	8b 84 b0 b4 79 d0 b2 	mov    -0x4d2f864c(%rax,%rsi,4),%eax
  27:	89 45 ec             	mov    %eax,-0x14(%rbp)
  2a:*	8b 40 10             	mov    0x10(%rax),%eax		<-- trapping instruction
  2d:	a9 00 00 01 00       	test   $0x10000,%eax
  32:	75 1b                	jne    0x4f
  34:	8b 0d ec 28 db b3    	mov    -0x4c24d714(%rip),%ecx        # 0xffffffffb3db2926
  3a:	31 f6                	xor    %esi,%esi
  3c:	a9                   	.byte 0xa9
  3d:	87 04 00             	xchg   %eax,(%rax,%rax,1)

Code starting with the faulting instruction
===========================================
   0:	8b 40 10             	mov    0x10(%rax),%eax
   3:	a9 00 00 01 00       	test   $0x10000,%eax
   8:	75 1b                	jne    0x25
   a:	8b 0d ec 28 db b3    	mov    -0x4c24d714(%rip),%ecx        # 0xffffffffb3db28fc
  10:	31 f6                	xor    %esi,%esi
  12:	a9                   	.byte 0xa9
  13:	87 04 00             	xchg   %eax,(%rax,%rax,1)
[    7.115899][    T0] EAX: 00000000 EBX: 00000101 ECX: 00000200 EDX: 00000000
[    7.116940][    T0] ESI: 00000009 EDI: 0000000e EBP: b2d07d18 ESP: b2d07cd4
[    7.118013][    T0] DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00210002
[    7.119201][    T0] CR0: 80050033 CR2: 00000010 CR3: 03672000 CR4: 00000090
[    7.120263][    T0] Call Trace:
[    7.120791][    T0] Modules linked in:
[    7.121455][    T0] CR2: 0000000000000010
[    7.122145][    T0] ---[ end trace 0000000000000000 ]---
[ 7.123070][ T0] EIP: kmalloc_nolock_noprof (mm/slub.c:5607) 
[ 7.123973][ T0] Code: 90 90 90 90 90 89 45 bc 0f bd 75 bc 75 05 be ff ff ff ff 46 83 fe 0e 0f 83 b6 01 00 00 6b c7 38 8b 84 b0 b4 79 d0 b2 89 45 ec <8b> 40 10 a9 00 00 01 00 75 1b 8b 0d ec 28 db b3 31 f6 a9 87 04 00
All code
========
   0:	90                   	nop
   1:	90                   	nop
   2:	90                   	nop
   3:	90                   	nop
   4:	90                   	nop
   5:	89 45 bc             	mov    %eax,-0x44(%rbp)
   8:	0f bd 75 bc          	bsr    -0x44(%rbp),%esi
   c:	75 05                	jne    0x13
   e:	be ff ff ff ff       	mov    $0xffffffff,%esi
  13:	46 83 fe 0e          	rex.RX cmp $0xe,%esi
  17:	0f 83 b6 01 00 00    	jae    0x1d3
  1d:	6b c7 38             	imul   $0x38,%edi,%eax
  20:	8b 84 b0 b4 79 d0 b2 	mov    -0x4d2f864c(%rax,%rsi,4),%eax
  27:	89 45 ec             	mov    %eax,-0x14(%rbp)
  2a:*	8b 40 10             	mov    0x10(%rax),%eax		<-- trapping instruction
  2d:	a9 00 00 01 00       	test   $0x10000,%eax
  32:	75 1b                	jne    0x4f
  34:	8b 0d ec 28 db b3    	mov    -0x4c24d714(%rip),%ecx        # 0xffffffffb3db2926
  3a:	31 f6                	xor    %esi,%esi
  3c:	a9                   	.byte 0xa9
  3d:	87 04 00             	xchg   %eax,(%rax,%rax,1)

Code starting with the faulting instruction
===========================================
   0:	8b 40 10             	mov    0x10(%rax),%eax
   3:	a9 00 00 01 00       	test   $0x10000,%eax
   8:	75 1b                	jne    0x25
   a:	8b 0d ec 28 db b3    	mov    -0x4c24d714(%rip),%ecx        # 0xffffffffb3db28fc
  10:	31 f6                	xor    %esi,%esi
  12:	a9                   	.byte 0xa9
  13:	87 04 00             	xchg   %eax,(%rax,%rax,1)


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250917/202509171214.912d5ac-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

next             reply	other threads:[~2025-09-17  5:01 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-09-17  5:01 kernel test robot [this message]
2025-09-17  8:03 ` Vlastimil Babka
2025-09-17  9:18   ` Vlastimil Babka
2025-09-17 18:38     ` Alexei Starovoitov
2025-09-18  7:06       ` Vlastimil Babka
2025-09-18 14:49         ` Suren Baghdasaryan
2025-09-19  1:39           ` Alexei Starovoitov
2025-09-19 15:01             ` Suren Baghdasaryan
2025-09-19 18:31               ` Alexei Starovoitov
2025-09-26 12:25                 ` Vlastimil Babka
2025-09-26 15:30                   ` Alexei Starovoitov
2025-09-26 15:38                     ` Suren Baghdasaryan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202509171214.912d5ac-lkp@intel.com \
    --to=oliver.sang@intel.com \
    --cc=ast@kernel.org \
    --cc=cgroups@vger.kernel.org \
    --cc=kasan-dev@googlegroups.com \
    --cc=linux-mm@kvack.org \
    --cc=lkp@intel.com \
    --cc=oe-lkp@lists.linux.dev \
    --cc=vbabka@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox