From: kernel test robot <oliver.sang@intel.com>
To: Luka Bai <lukafocus@icloud.com>, Luka Bai <lukabai@tencent.com>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>, <linux-mm@kvack.org>,
"Jonathan Corbet" <corbet@lwn.net>,
Shuah Khan <skhan@linuxfoundation.org>,
"Andrew Morton" <akpm@linux-foundation.org>,
David Hildenbrand <david@kernel.org>,
Lorenzo Stoakes <ljs@kernel.org>, Zi Yan <ziy@nvidia.com>,
Baolin Wang <baolin.wang@linux.alibaba.com>,
"Liam R. Howlett" <liam@infradead.org>,
"Nico Pache" <npache@redhat.com>,
Ryan Roberts <ryan.roberts@arm.com>, Dev Jain <dev.jain@arm.com>,
Barry Song <baohua@kernel.org>, Lance Yang <lance.yang@linux.dev>,
Vlastimil Babka <vbabka@kernel.org>,
Mike Rapoport <rppt@kernel.org>,
Suren Baghdasaryan <surenb@google.com>,
Michal Hocko <mhocko@suse.com>, Jann Horn <jannh@google.com>,
Arnd Bergmann <arnd@arndb.de>, Kairui Song <kasong@tencent.com>,
<linux-kernel@vger.kernel.org>, <linux-arch@vger.kernel.org>,
<linux-doc@vger.kernel.org>, Luka Bai <lukabai@tencent.com>,
<oliver.sang@intel.com>
Subject: Re: [PATCH 4/5] mm: enable map_anon_folio_pmd_nopf to handle unshare
Date: Sat, 23 May 2026 22:25:50 +0800 [thread overview]
Message-ID: <202605231645.88096ca9-lkp@intel.com> (raw)
In-Reply-To: <20260501-thp_cow-v1-4-005377483738@tencent.com>
Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: 419ac88f7d747a174b48e12d2fd2178a128f54de ("[PATCH 4/5] mm: enable map_anon_folio_pmd_nopf to handle unshare")
url: https://github.com/intel-lab-lkp/linux/commits/Luka-Bai/mm-add-basic-madvise-helpers-and-branch-for-THP-setup/20260502-230731
patch link: https://lore.kernel.org/all/20260501-thp_cow-v1-4-005377483738@tencent.com/
patch subject: [PATCH 4/5] mm: enable map_anon_folio_pmd_nopf to handle unshare
in testcase: boot
config: x86_64-kexec
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202605231645.88096ca9-lkp@intel.com
[ 15.354503][ T37] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 15.355458][ T37] #PF: supervisor write access in kernel mode
[ 15.356077][ T37] #PF: error_code(0x0002) - not-present page
[ 15.356690][ T37] PGD 0 P4D 0
[ 15.357088][ T37] Oops: Oops: 0002 [#1] SMP PTI
[ 15.357612][ T37] CPU: 0 UID: 0 PID: 37 Comm: khugepaged Not tainted 7.1.0-rc1-00099-g419ac88f7d74 #1 PREEMPT(lazy)
[ 15.358688][ T37] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 15.362222][ T37] RIP: 0010:map_anon_folio_pmd_nopf (x86/include/asm/pgtable_64.h:79 x86/include/asm/pgtable.h:1210 huge_memory.c:1448)
[ 15.364849][ T37] Code: e0 ff 48 89 df 4c 89 f6 4c 89 c2 b9 01 00 00 00 e8 b7 a2 fa ff 48 89 df 4c 89 f6 e8 6c 93 f4 ff 4c 89 64 24 20 48 8b 44 24 20 <49> 89 07 48 89 df 31 f6 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d
All code
========
0: e0 ff loopne 0x1
2: 48 89 df mov %rbx,%rdi
5: 4c 89 f6 mov %r14,%rsi
8: 4c 89 c2 mov %r8,%rdx
b: b9 01 00 00 00 mov $0x1,%ecx
10: e8 b7 a2 fa ff call 0xfffffffffffaa2cc
15: 48 89 df mov %rbx,%rdi
18: 4c 89 f6 mov %r14,%rsi
1b: e8 6c 93 f4 ff call 0xfffffffffff4938c
20: 4c 89 64 24 20 mov %r12,0x20(%rsp)
25: 48 8b 44 24 20 mov 0x20(%rsp),%rax
2a:* 49 89 07 mov %rax,(%r15) <-- trapping instruction
2d: 48 89 df mov %rbx,%rdi
30: 31 f6 xor %esi,%esi
32: 48 83 c4 28 add $0x28,%rsp
36: 5b pop %rbx
37: 41 5c pop %r12
39: 41 5d pop %r13
3b: 41 5e pop %r14
3d: 41 5f pop %r15
3f: 5d pop %rbp
Code starting with the faulting instruction
===========================================
0: 49 89 07 mov %rax,(%r15)
3: 48 89 df mov %rbx,%rdi
6: 31 f6 xor %esi,%esi
8: 48 83 c4 28 add $0x28,%rsp
c: 5b pop %rbx
d: 41 5c pop %r12
f: 41 5d pop %r13
11: 41 5e pop %r14
13: 41 5f pop %r15
15: 5d pop %rbp
[ 15.372240][ T37] RSP: 0000:ffffc9000013fb70 EFLAGS: 00010282
[ 15.374712][ T37] RAX: 8000000143a000e7 RBX: ffffea00050e8000 RCX: 0000000000000000
[ 15.377932][ T37] RDX: 000000000000021f RSI: ffff88881fc271b0 RDI: ffff88881fc30640
[ 15.381250][ T37] RBP: 0000000000000000 R08: 0000000000071ce9 R09: 000000000000b2e9
[ 15.384563][ T37] R10: 0000000000000001 R11: 000000000000003f R12: 8000000143a000e7
[ 15.387726][ T37] R13: 8000000000000025 R14: ffff88810e098900 R15: 0000000000000000
[ 15.391175][ T37] FS: 0000000000000000(0000) GS:ffff88889c101000(0000) knlGS:0000000000000000
[ 15.394883][ T37] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 15.397492][ T37] CR2: 0000000000000000 CR3: 0000000163644000 CR4: 00000000000406f0
[ 15.400508][ T37] Call Trace:
[ 15.403414][ T37] <TASK>
[ 15.404723][ T37] ? lruvec_stat_mod_folio (memcontrol.c:993)
[ 15.406687][ T37] collapse_single_pmd (khugepaged.c:1411)
[ 15.408449][ T37] ? __pfx_wq_barrier_func (workqueue.c:1144)
[ 15.410197][ T37] ? __thp_vma_allowable_orders (huge_memory.c:124)
[ 15.412115][ T37] khugepaged (khugepaged.c:2901)
[ 15.413596][ T37] ? __pfx_khugepaged (khugepaged.c:3113)
[ 15.415388][ T37] kthread (kthread.c:436)
[ 15.416719][ T37] ? __pfx_kthread (kthread.c:1738)
[ 15.418155][ T37] ret_from_fork (x86/kernel/process.c:158)
[ 15.419600][ T37] ? __pfx_kthread (kthread.c:1738)
[ 15.421001][ T37] ret_from_fork_asm (x86/entry/entry_64.S:245)
[ 15.422510][ T37] </TASK>
[ 15.423538][ T37] Modules linked in: sr_mod cdrom sg ata_generic fuse
[ 15.425454][ T37] CR2: 0000000000000000
[ 15.426674][ T37] ---[ end trace 0000000000000000 ]---
[ 15.428142][ T37] RIP: 0010:map_anon_folio_pmd_nopf (x86/include/asm/pgtable_64.h:79 x86/include/asm/pgtable.h:1210 huge_memory.c:1448)
[ 15.429793][ T37] Code: e0 ff 48 89 df 4c 89 f6 4c 89 c2 b9 01 00 00 00 e8 b7 a2 fa ff 48 89 df 4c 89 f6 e8 6c 93 f4 ff 4c 89 64 24 20 48 8b 44 24 20 <49> 89 07 48 89 df 31 f6 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d
All code
========
0: e0 ff loopne 0x1
2: 48 89 df mov %rbx,%rdi
5: 4c 89 f6 mov %r14,%rsi
8: 4c 89 c2 mov %r8,%rdx
b: b9 01 00 00 00 mov $0x1,%ecx
10: e8 b7 a2 fa ff call 0xfffffffffffaa2cc
15: 48 89 df mov %rbx,%rdi
18: 4c 89 f6 mov %r14,%rsi
1b: e8 6c 93 f4 ff call 0xfffffffffff4938c
20: 4c 89 64 24 20 mov %r12,0x20(%rsp)
25: 48 8b 44 24 20 mov 0x20(%rsp),%rax
2a:* 49 89 07 mov %rax,(%r15) <-- trapping instruction
2d: 48 89 df mov %rbx,%rdi
30: 31 f6 xor %esi,%esi
32: 48 83 c4 28 add $0x28,%rsp
36: 5b pop %rbx
37: 41 5c pop %r12
39: 41 5d pop %r13
3b: 41 5e pop %r14
3d: 41 5f pop %r15
3f: 5d pop %rbp
Code starting with the faulting instruction
===========================================
0: 49 89 07 mov %rax,(%r15)
3: 48 89 df mov %rbx,%rdi
6: 31 f6 xor %esi,%esi
8: 48 83 c4 28 add $0x28,%rsp
c: 5b pop %rbx
d: 41 5c pop %r12
f: 41 5d pop %r13
11: 41 5e pop %r14
13: 41 5f pop %r15
15: 5d pop %rbp
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260523/202605231645.88096ca9-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next prev parent reply other threads:[~2026-05-23 14:26 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-01 5:55 [PATCH 0/5] mm: Support selecting doing direct COW for anonymous pmd entry Luka Bai
2026-05-01 5:55 ` [PATCH 1/5] mm: add basic madvise helpers and branch for THP setup Luka Bai
2026-05-01 5:55 ` [PATCH 2/5] mm: add pmd level THP COW parameter in sysfs Luka Bai
2026-05-01 5:55 ` [PATCH 3/5] mm: add pmd level THP COW judgement helpers Luka Bai
2026-05-01 5:55 ` [PATCH 4/5] mm: enable map_anon_folio_pmd_nopf to handle unshare Luka Bai
2026-05-23 14:25 ` kernel test robot [this message]
2026-05-01 5:55 ` [PATCH 5/5] mm: support choosing to do THP COW for anonymous pmd entry Luka Bai
2026-05-01 7:11 ` David Hildenbrand (Arm)
2026-05-01 15:01 ` Luka Bai
2026-05-01 7:07 ` [PATCH 0/5] mm: Support selecting doing direct " David Hildenbrand (Arm)
2026-05-01 16:16 ` Luka Bai
2026-05-01 18:30 ` David Hildenbrand (Arm)
2026-05-02 5:06 ` Luka Bai
2026-05-03 7:03 ` [syzbot ci] " syzbot ci
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202605231645.88096ca9-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=baohua@kernel.org \
--cc=baolin.wang@linux.alibaba.com \
--cc=corbet@lwn.net \
--cc=david@kernel.org \
--cc=dev.jain@arm.com \
--cc=jannh@google.com \
--cc=kasong@tencent.com \
--cc=lance.yang@linux.dev \
--cc=liam@infradead.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=ljs@kernel.org \
--cc=lkp@intel.com \
--cc=lukabai@tencent.com \
--cc=lukafocus@icloud.com \
--cc=mhocko@suse.com \
--cc=npache@redhat.com \
--cc=oe-lkp@lists.linux.dev \
--cc=rppt@kernel.org \
--cc=ryan.roberts@arm.com \
--cc=skhan@linuxfoundation.org \
--cc=surenb@google.com \
--cc=vbabka@kernel.org \
--cc=ziy@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.