FYI, we noticed the following commit (built with gcc-7): commit: 6567a02d20732ad1e4f5f193f2dd59c467209a18 ("[RFC PATCH 04/10] pipe: Use head and tail pointers for the ring, not cursor and length [ver #2]") url: https://github.com/0day-ci/linux/commits/David-Howells/pipe-Notification-queue-preparation-ver-2/20191026-015701 in testcase: boot on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +---------------------------------------------+------------+------------+ | | 485a2d006a | 6567a02d20 | +---------------------------------------------+------------+------------+ | boot_successes | 4 | 0 | | boot_failures | 0 | 6 | | BUG:kernel_NULL_pointer_dereference,address | 0 | 6 | | Oops:#[##] | 0 | 6 | | RIP:get_page | 0 | 6 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 6 | +---------------------------------------------+------------+------------+ If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 4.869805] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 4.871685] #PF: supervisor read access in kernel mode [ 4.873154] #PF: error_code(0x0000) - not-present page [ 4.874705] PGD 800000021f014067 P4D 800000021f014067 PUD 21f012067 PMD 0 [ 4.876481] Oops: 0000 [#1] SMP PTI [ 4.877769] CPU: 1 PID: 1793 Comm: cat Not tainted 5.4.0-rc4-00108-g6567a02d20732 #1 [ 4.880212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014 [ 4.882767] RIP: 0010:get_page+0x0/0x2a [ 4.884038] Code: 44 89 28 48 8b 4c 24 48 65 48 33 0c 25 28 00 00 00 48 89 e8 74 05 e8 3e 05 cb ff 48 83 c4 50 5b 5d 41 5c 41 5d 41 5e 41 5f c3 <48> 8b 47 08 a8 01 74 04 48 8d 78 ff 8b 47 34 83 c0 7f 83 f8 7f 77 [ 4.890976] RSP: 0000:ffffc900000d7b70 EFLAGS: 00010286 [ 4.892474] RAX: 0000000000010000 RBX: ffff88821f66d090 RCX: 0000000000000000 [ 4.894293] RDX: ffff88821f6ef828 RSI: 0000000000000000 RDI: 0000000000000000 [ 4.896127] RBP: 000000000000000f R08: ffffc900000d7c48 R09: 0000000000240000 [ 4.898021] R10: ffffc900000d7b84 R11: 0000000000000000 R12: 000000000000e000 [ 4.899905] R13: ffff88821f45b240 R14: ffffc900000d7c40 R15: 0000000000010000 [ 4.901779] FS: 0000000000000000(0000) GS:ffff88823fd00000(0063) knlGS:00000000f7fd3de4 [ 4.904331] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 4.905912] CR2: 0000000000000008 CR3: 000000021f366000 CR4: 00000000000406e0 [ 4.907765] Call Trace: [ 4.908816] __pipe_get_pages+0x6a/0x86 [ 4.910087] iov_iter_get_pages_alloc+0xdc/0x380 [ 4.911484] ? ___might_sleep+0x3b/0x144 [ 4.912728] default_file_splice_read+0xa5/0x28a [ 4.914178] ? ___might_sleep+0x3b/0x144 [ 4.915467] ? ___might_sleep+0x3b/0x144 [ 4.916747] ? _cond_resched+0x25/0x29 [ 4.917990] ? get_page_from_freelist+0x864/0xb3d [ 4.919411] ? fast_dput+0x25/0x82 [ 4.920601] ? ___might_sleep+0x3b/0x144 [ 4.921877] ? _cond_resched+0x25/0x29 [ 4.923159] ? slab_pre_alloc_hook+0x35/0x61 [ 4.924493] ? __kmalloc+0x132/0x141 [ 4.925680] ? alloc_pipe_info+0xd7/0x15c [ 4.926983] ? splice_direct_to_actor+0xef/0x1c8 [ 4.928380] splice_direct_to_actor+0xef/0x1c8 [ 4.929740] ? generic_file_splice_read+0x171/0x171 [ 4.931236] do_splice_direct+0x99/0xc2 [ 4.932507] do_sendfile+0x175/0x23f [ 4.933727] __do_sys_sendfile64+0x8e/0xb2 [ 4.935044] do_int80_syscall_32+0x50/0x5d [ 4.936342] entry_INT80_compat+0x82/0x90 [ 4.937612] Modules linked in: [ 4.938739] CR2: 0000000000000008 [ 4.939973] ---[ end trace a2dd9b34228ecd09 ]--- To reproduce: # build kernel cd linux cp config-5.4.0-rc4-00108-g6567a02d20732 .config make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k job-script # job-script is attached in this email Thanks, lkp