* [davidhildenbrand:vm_normal_page_pud] [mm/huge_memory] f88b128151: BUG:kernel_NULL_pointer_dereference,address
@ 2025-08-07 8:09 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2025-08-07 8:09 UTC (permalink / raw)
To: David Hildenbrand; +Cc: oe-lkp, lkp, oliver.sang
Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: f88b128151dde0b6ba7d08205332bee9a8c1f6e6 ("mm/huge_memory: mark PMD mappings of the huge zero folio special")
https://github.com/davidhildenbrand/linux vm_normal_page_pud
in testcase: trinity
version: trinity-i386-abe9de86-1_20230429
with following parameters:
runtime: 300s
group: group-04
nr_groups: 5
config: x86_64-kexec
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------+------------+------------+
| | 10dad5703c | f88b128151 |
+---------------------------------------------+------------+------------+
| BUG:kernel_NULL_pointer_dereference,address | 0 | 15 |
| Oops | 0 | 15 |
| RIP:pgtable_trans_huge_withdraw | 0 | 15 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 15 |
+---------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202508071600.24367189-lkp@intel.com
[ 21.150662][ T6837] BUG: kernel NULL pointer dereference, address: 0000000000000008
[ 21.151683][ T6837] #PF: supervisor read access in kernel mode
[ 21.152397][ T6837] #PF: error_code(0x0000) - not-present page
[ 21.153123][ T6837] PGD 0 P4D 0
[ 21.153581][ T6837] Oops: Oops: 0000 [#1] SMP PTI
[ 21.154184][ T6837] CPU: 0 UID: 65534 PID: 6837 Comm: trinity-subchil Not tainted 6.16.0-rc5-00474-gf88b128151dd #1 PREEMPT(voluntary)
[ 21.155572][ T6837] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 21.156778][ T6837] RIP: 0010:pgtable_trans_huge_withdraw (mm/pgtable-generic.c:188)
[ 21.157555][ T6837] Code: 52 01 eb 07 48 2b 3d 73 50 2f 01 48 01 cf 48 c1 ef 0c 48 c1 e7 06 83 7c 3a 28 00 0f 84 81 00 00 00 48 8b 44 3a 10 4c 8d 40 08 <4c> 8b 48 08 4d 8d 51 f8 45 31 db 4d 39 c1 4d 0f 45 da 4c 89 5c 3a
All code
========
0: 52 push %rdx
1: 01 eb add %ebp,%ebx
3: 07 (bad)
4: 48 2b 3d 73 50 2f 01 sub 0x12f5073(%rip),%rdi # 0x12f507e
b: 48 01 cf add %rcx,%rdi
e: 48 c1 ef 0c shr $0xc,%rdi
12: 48 c1 e7 06 shl $0x6,%rdi
16: 83 7c 3a 28 00 cmpl $0x0,0x28(%rdx,%rdi,1)
1b: 0f 84 81 00 00 00 je 0xa2
21: 48 8b 44 3a 10 mov 0x10(%rdx,%rdi,1),%rax
26: 4c 8d 40 08 lea 0x8(%rax),%r8
2a:* 4c 8b 48 08 mov 0x8(%rax),%r9 <-- trapping instruction
2e: 4d 8d 51 f8 lea -0x8(%r9),%r10
32: 45 31 db xor %r11d,%r11d
35: 4d 39 c1 cmp %r8,%r9
38: 4d 0f 45 da cmovne %r10,%r11
3c: 4c rex.WR
3d: 89 .byte 0x89
3e: 5c pop %rsp
3f: 3a .byte 0x3a
Code starting with the faulting instruction
===========================================
0: 4c 8b 48 08 mov 0x8(%rax),%r9
4: 4d 8d 51 f8 lea -0x8(%r9),%r10
8: 45 31 db xor %r11d,%r11d
b: 4d 39 c1 cmp %r8,%r9
e: 4d 0f 45 da cmovne %r10,%r11
12: 4c rex.WR
13: 89 .byte 0x89
14: 5c pop %rsp
15: 3a .byte 0x3a
[ 21.159714][ T6837] RSP: 0000:ffffc900008afad8 EFLAGS: 00010202
[ 21.160436][ T6837] RAX: 0000000000000000 RBX: ffff88816002d400 RCX: ffff8881e3b0d000
[ 21.161394][ T6837] RDX: ffffea0000000000 RSI: ffff888163b0dff0 RDI: 00000000058ec340
[ 21.162349][ T6837] RBP: ffffea00058ec368 R08: 0000000000000008 R09: 00000000ffc00000
[ 21.163306][ T6837] R10: ffffc900008afd98 R11: 0000000000000000 R12: ffff8881638e36c0
[ 21.164254][ T6837] R13: ffff888163b0dff0 R14: ffffffffffffffff R15: 8000000168000285
[ 21.165217][ T6837] FS: 0000000000000000(0000) GS:ffff8884ac421000(0000) knlGS:0000000000000000
[ 21.166267][ T6837] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 21.167042][ T6837] CR2: 0000000000000008 CR3: 0000000002a30000 CR4: 00000000000406f0
[ 21.168005][ T6837] Call Trace:
[ 21.169754][ T6837] <TASK>
[ 21.170186][ T6837] zap_deposited_table (mm/huge_memory.c:2148)
[ 21.170803][ T6837] zap_huge_pmd (include/linux/spinlock.h:391 mm/huge_memory.c:?)
[ 21.171359][ T6837] unmap_page_range (mm/memory.c:1787)
[ 21.171968][ T6837] ? perf_event_set_state (kernel/events/core.c:?)
[ 21.172615][ T6837] unmap_vmas (mm/memory.c:1968)
[ 21.173161][ T6837] exit_mmap (mm/mmap.c:1280)
[ 21.173698][ T6837] __mmput (kernel/fork.c:1125)
[ 21.174859][ T6837] exit_mm (arch/x86/include/asm/bitops.h:206 arch/x86/include/asm/bitops.h:238 include/asm-generic/bitops/instrumented-non-atomic.h:142 include/linux/thread_info.h:126 kernel/exit.c:582)
[ 21.175398][ T6837] do_exit (kernel/exit.c:954)
[ 21.175925][ T6837] do_group_exit (kernel/exit.c:1105)
[ 21.176483][ T6837] __ia32_sys_exit_group (kernel/exit.c:1116)
[ 21.177126][ T6837] ia32_sys_call (??:?)
[ 21.177723][ T6837] do_int80_emulation (arch/x86/entry/syscall_32.c:?)
[ 21.178337][ T6837] ? arch_exit_to_user_mode_prepare (arch/x86/include/asm/entry-common.h:?)
[ 21.179060][ T6837] asm_int80_emulation (arch/x86/include/asm/idtentry.h:626)
[ 21.179668][ T6837] RIP: 0023:0xf7f89092
[ 21.180191][ T6837] Code: Unable to access opcode bytes at 0xf7f89068.
Code starting with the faulting instruction
===========================================
[ 21.180982][ T6837] RSP: 002b:00000000fffe2f18 EFLAGS: 00000292 ORIG_RAX: 00000000000000fc
[ 21.181980][ T6837] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000fffe2ec2
[ 21.182935][ T6837] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000000
[ 21.183884][ T6837] RBP: 00000000f732f000 R08: 0000000000000000 R09: 0000000000000000
[ 21.184854][ T6837] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[ 21.185806][ T6837] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 21.186779][ T6837] </TASK>
[ 21.187196][ T6837] Modules linked in: can_bcm can_raw can cn scsi_transport_iscsi ipmi_msghandler sr_mod cdrom sg ata_generic fuse
[ 21.188570][ T6837] CR2: 0000000000000008
[ 21.189109][ T6837] ---[ end trace 0000000000000000 ]---
[ 21.189767][ T6837] RIP: 0010:pgtable_trans_huge_withdraw (mm/pgtable-generic.c:188)
[ 21.190523][ T6837] Code: 52 01 eb 07 48 2b 3d 73 50 2f 01 48 01 cf 48 c1 ef 0c 48 c1 e7 06 83 7c 3a 28 00 0f 84 81 00 00 00 48 8b 44 3a 10 4c 8d 40 08 <4c> 8b 48 08 4d 8d 51 f8 45 31 db 4d 39 c1 4d 0f 45 da 4c 89 5c 3a
All code
========
0: 52 push %rdx
1: 01 eb add %ebp,%ebx
3: 07 (bad)
4: 48 2b 3d 73 50 2f 01 sub 0x12f5073(%rip),%rdi # 0x12f507e
b: 48 01 cf add %rcx,%rdi
e: 48 c1 ef 0c shr $0xc,%rdi
12: 48 c1 e7 06 shl $0x6,%rdi
16: 83 7c 3a 28 00 cmpl $0x0,0x28(%rdx,%rdi,1)
1b: 0f 84 81 00 00 00 je 0xa2
21: 48 8b 44 3a 10 mov 0x10(%rdx,%rdi,1),%rax
26: 4c 8d 40 08 lea 0x8(%rax),%r8
2a:* 4c 8b 48 08 mov 0x8(%rax),%r9 <-- trapping instruction
2e: 4d 8d 51 f8 lea -0x8(%r9),%r10
32: 45 31 db xor %r11d,%r11d
35: 4d 39 c1 cmp %r8,%r9
38: 4d 0f 45 da cmovne %r10,%r11
3c: 4c rex.WR
3d: 89 .byte 0x89
3e: 5c pop %rsp
3f: 3a .byte 0x3a
Code starting with the faulting instruction
===========================================
0: 4c 8b 48 08 mov 0x8(%rax),%r9
4: 4d 8d 51 f8 lea -0x8(%r9),%r10
8: 45 31 db xor %r11d,%r11d
b: 4d 39 c1 cmp %r8,%r9
e: 4d 0f 45 da cmovne %r10,%r11
12: 4c rex.WR
13: 89 .byte 0x89
14: 5c pop %rsp
15: 3a .byte 0x3a
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250807/202508071600.24367189-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-08-07 8:09 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-08-07 8:09 [davidhildenbrand:vm_normal_page_pud] [mm/huge_memory] f88b128151: BUG:kernel_NULL_pointer_dereference,address kernel test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).