From: kernel test robot <oliver.sang@intel.com>
To: Mike Rapoport <rppt@kernel.org>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>,
Mike Rapoport <rppt@kernel.org>, <oliver.sang@intel.com>
Subject: [rppt:uffd+guestmemfd/v1] [mm] 434b076f19: Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP_KASAN
Date: Thu, 26 Feb 2026 21:33:26 +0800 [thread overview]
Message-ID: <202602262151.7c6def5-lkp@intel.com> (raw)
Hello,
kernel test robot noticed "Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP_KASAN" on:
commit: 434b076f194575bb3b654f784d6c6c4941dd7d7c ("mm: generalize handling of userfaults in __do_fault()")
https://git.kernel.org/cgit/linux/kernel/git/rppt/linux.git uffd+guestmemfd/v1
in testcase: boot
config: x86_64-randconfig-006-20260225
compiler: gcc-14
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202602262151.7c6def5-lkp@intel.com
[ 16.977978][ T1] krb5: Running aes256-cts-hmac-sha384-192 prf
[ 16.979677][ T1] krb5: Running aes128-cts-hmac-sha256-128 key
[ 16.981543][ T1] krb5: Running aes256-cts-hmac-sha384-192 key
[ 16.983376][ T1] krb5: Running camellia128-cts-cmac key
[ 30.544255][ T30] Freeing initrd memory: 131356K
[ 30.549597][ T61] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN
[ 30.550537][ T61] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
[ 30.550537][ T61] CPU: 0 UID: 0 PID: 61 Comm: modprobe Tainted: G T 7.0.0-rc1-00012-g434b076f1945 #1 PREEMPT(lazy) 45cb5da13f758fa7ca78e6625d0b3401df01cbcf
[ 30.550537][ T61] Tainted: [T]=RANDSTRUCT
[ 30.550537][ T61] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 30.550537][ T61] RIP: 0010:__do_fault (kbuild/src/consumer/include/linux/fs.h:1352 kbuild/src/consumer/mm/memory.c:5335 kbuild/src/consumer/mm/memory.c:5401)
[ 30.550537][ T61] Code: c1 ea 03 80 3c 02 00 74 05 e8 f1 9c 0a 00 4c 8b a5 d0 00 00 00 b8 ff ff 37 00 48 c1 e0 2a 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 74 05 e8 ca 9c 0a 00 4d 8b 6c 24 58 4c 8d 65 20 b8 ff
All code
========
0: c1 ea 03 shr $0x3,%edx
3: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
7: 74 05 je 0xe
9: e8 f1 9c 0a 00 call 0xa9cff
e: 4c 8b a5 d0 00 00 00 mov 0xd0(%rbp),%r12
15: b8 ff ff 37 00 mov $0x37ffff,%eax
1a: 48 c1 e0 2a shl $0x2a,%rax
1e: 49 8d 7c 24 58 lea 0x58(%r12),%rdi
23: 48 89 fa mov %rdi,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
2a:* 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 74 05 je 0x35
30: e8 ca 9c 0a 00 call 0xa9cff
35: 4d 8b 6c 24 58 mov 0x58(%r12),%r13
3a: 4c 8d 65 20 lea 0x20(%rbp),%r12
3e: b8 .byte 0xb8
3f: ff .byte 0xff
Code starting with the faulting instruction
===========================================
0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
4: 74 05 je 0xb
6: e8 ca 9c 0a 00 call 0xa9cd5
b: 4d 8b 6c 24 58 mov 0x58(%r12),%r13
10: 4c 8d 65 20 lea 0x20(%rbp),%r12
14: b8 .byte 0xb8
15: ff .byte 0xff
[ 30.550537][ T61] RSP: 0000:ffff8881084f7cc8 EFLAGS: 00010202
[ 30.550537][ T61] RAX: dffffc0000000000 RBX: ffff8881084f7dd8 RCX: ffff8881084f7d2c
[ 30.550537][ T61] RDX: 000000000000000b RSI: ffffffff84fcb2c0 RDI: 0000000000000058
[ 30.550537][ T61] RBP: ffff8881247def00 R08: 0000000000000000 R09: 0000000000000000
[ 30.550537][ T61] R10: 0000000000000000 R11: ffffffff85c4a357 R12: 0000000000000000
[ 30.550537][ T61] R13: 00007f05c18e8000 R14: 0000000000000254 R15: ffff8881247def00
[ 30.550537][ T61] FS: 0000000000000000(0000) GS:ffff888798911000(0000) knlGS:0000000000000000
[ 30.550537][ T61] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 30.550537][ T61] CR2: 00007f05c18e8020 CR3: 000000012af53000 CR4: 00000000000406f0
[ 30.550537][ T61] Call Trace:
[ 30.550537][ T61] <TASK>
[ 30.550537][ T61] do_read_fault (kbuild/src/consumer/mm/memory.c:5840)
[ 30.550537][ T61] do_pte_missing (kbuild/src/consumer/mm/memory.c:5974 kbuild/src/consumer/mm/memory.c:4477)
[ 30.550537][ T61] __handle_mm_fault (kbuild/src/consumer/mm/memory.c:6358 kbuild/src/consumer/mm/memory.c:6496)
[ 30.550537][ T61] ? remap_pfn_range_complete (kbuild/src/consumer/mm/memory.c:6398)
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260226/202602262151.7c6def5-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2026-02-26 13:33 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202602262151.7c6def5-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
--cc=rppt@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox