Greeting, FYI, we noticed the following commit (built with clang-13): commit: e14497b88f9919aeedd47efb2762dfa5fc6b640e ("[PATCH 7/9] iomem: remove the iomem file system") url: https://github.com/0day-ci/linux/commits/Christoph-Hellwig/fs-rename-alloc_anon_inode-to-alloc_anon_inode_sb/20210310-005356 base: https://git.kernel.org/cgit/linux/kernel/git/gregkh/char-misc.git 080951f99de1e483a9a48f34c079b634f2912a54 in testcase: boot on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +----------------------------------------------+------------+------------+ | | 0befbcb842 | e14497b88f | +----------------------------------------------+------------+------------+ | BUG:KASAN:null-ptr-deref_in_alloc_anon_inode | 0 | 12 | | RIP:alloc_anon_inode | 0 | 12 | +----------------------------------------------+------------+------------+ If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 3.359173] BUG: KASAN: null-ptr-deref in alloc_anon_inode (kbuild/src/consumer/fs/anon_inodes.c:235) [ 3.359395] Read of size 8 at addr 0000000000000008 by task swapper/0/1 [ 3.359395] [ 3.359395] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.12.0-rc2-00012-ge14497b88f99 #2 [ 3.359395] Call Trace: [ 3.359395] dump_stack (kbuild/src/consumer/include/linux/instrumented.h:86 kbuild/src/consumer/include/asm-generic/atomic-instrumented.h:45 kbuild/src/consumer/lib/dump_stack.c:123) [ 3.359395] kasan_report (kbuild/src/consumer/mm/kasan/report.c:403 kbuild/src/consumer/mm/kasan/report.c:416) [ 3.359395] ? amd_cache_northbridges (kbuild/src/consumer/arch/x86/kernel/amd_nb.c:240) [ 3.359395] ? alloc_anon_inode (kbuild/src/consumer/fs/anon_inodes.c:235) [ 3.359395] ? reserve_setup (kbuild/src/consumer/kernel/resource.c:1843) [ 3.359395] __asan_load8 (kbuild/src/consumer/mm/kasan/generic.c:253) [ 3.359395] alloc_anon_inode (kbuild/src/consumer/fs/anon_inodes.c:235) [ 3.359395] iomem_init_inode (kbuild/src/consumer/kernel/resource.c:1846) [ 3.359395] do_one_initcall (kbuild/src/consumer/init/main.c:1226) [ 3.359395] ? next_arg (kbuild/src/consumer/lib/cmdline.c:257) [ 3.359395] ? parse_args (kbuild/src/consumer/kernel/params.c:179) [ 3.359395] do_initcall_level (kbuild/src/consumer/init/main.c:1298) [ 3.359395] do_initcalls (kbuild/src/consumer/init/main.c:1312) [ 3.359395] do_basic_setup (kbuild/src/consumer/init/main.c:1336) [ 3.359395] kernel_init_freeable (kbuild/src/consumer/init/main.c:1541) [ 3.359395] ? rest_init (kbuild/src/consumer/init/main.c:1421) [ 3.359395] kernel_init (kbuild/src/consumer/init/main.c:1426) [ 3.359395] ? rest_init (kbuild/src/consumer/init/main.c:1421) [ 3.359395] ret_from_fork (kbuild/src/consumer/arch/x86/entry/entry_64.S:300) [ 3.359395] ================================================================== [ 3.359395] Disabling lock debugging due to kernel taint [ 3.359437] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 3.360918] #PF: supervisor read access in kernel mode [ 3.361918] #PF: error_code(0x0000) - not-present page [ 3.362728] PGD 0 P4D 0 [ 3.362728] Oops: 0000 [#1] SMP KASAN [ 3.362728] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B 5.12.0-rc2-00012-ge14497b88f99 #2 [ 3.362728] RIP: 0010:alloc_anon_inode (kbuild/src/consumer/fs/anon_inodes.c:235) [ 3.362728] Code: 71 fe ff ff 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 53 48 8b 1d 54 45 cc 02 48 8d 7b 08 e8 4b 8e f4 ff <48> 8b 7b 08 e8 c2 a5 fc ff 5b 5d c3 66 66 2e 0f 1f 84 00 00 00 00 All code ======== 0: 71 fe jno 0x0 2: ff (bad) 3: ff 5d c3 lcall *-0x3d(%rbp) 6: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1) d: 00 00 00 00 11: 0f 1f 40 00 nopl 0x0(%rax) 15: 55 push %rbp 16: 48 89 e5 mov %rsp,%rbp 19: 53 push %rbx 1a: 48 8b 1d 54 45 cc 02 mov 0x2cc4554(%rip),%rbx # 0x2cc4575 21: 48 8d 7b 08 lea 0x8(%rbx),%rdi 25: e8 4b 8e f4 ff callq 0xfffffffffff48e75 2a:* 48 8b 7b 08 mov 0x8(%rbx),%rdi <-- trapping instruction 2e: e8 c2 a5 fc ff callq 0xfffffffffffca5f5 33: 5b pop %rbx 34: 5d pop %rbp 35: c3 retq 36: 66 data16 37: 66 data16 38: 2e cs 39: 0f .byte 0xf 3a: 1f (bad) 3b: 84 00 test %al,(%rax) 3d: 00 00 add %al,(%rax) ... Code starting with the faulting instruction =========================================== 0: 48 8b 7b 08 mov 0x8(%rbx),%rdi 4: e8 c2 a5 fc ff callq 0xfffffffffffca5cb 9: 5b pop %rbx a: 5d pop %rbp b: c3 retq c: 66 data16 d: 66 data16 e: 2e cs f: 0f .byte 0xf 10: 1f (bad) 11: 84 00 test %al,(%rax) 13: 00 00 add %al,(%rax) ... [ 3.362728] RSP: 0000:ffff8881001afd10 EFLAGS: 00010282 [ 3.362728] RAX: ffff8881001a0001 RBX: 0000000000000000 RCX: ffffffff811b7d0f [ 3.362728] RDX: dffffc0000000000 RSI: 0000000000000000 RDI: ffffffff83c11c58 [ 3.362728] RBP: ffff8881001afd18 R08: dffffc0000000000 R09: fffffbfff078238c [ 3.362728] R10: fffffbfff078238c R11: 0000000000000000 R12: 0000000000000000 [ 3.362728] R13: 0000000000000000 R14: ffffffff8435b9c0 R15: ffffffff8361c400 [ 3.362728] FS: 0000000000000000(0000) GS:ffff8881e8600000(0000) knlGS:0000000000000000 [ 3.362728] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.362728] CR2: 0000000000000008 CR3: 0000000003616000 CR4: 00000000000006b0 [ 3.362728] Call Trace: [ 3.362728] iomem_init_inode (kbuild/src/consumer/kernel/resource.c:1846) [ 3.362728] do_one_initcall (kbuild/src/consumer/init/main.c:1226) [ 3.362728] ? next_arg (kbuild/src/consumer/lib/cmdline.c:257) [ 3.362728] ? parse_args (kbuild/src/consumer/kernel/params.c:179) [ 3.362728] do_initcall_level (kbuild/src/consumer/init/main.c:1298) [ 3.362728] do_initcalls (kbuild/src/consumer/init/main.c:1312) [ 3.362728] do_basic_setup (kbuild/src/consumer/init/main.c:1336) [ 3.362728] kernel_init_freeable (kbuild/src/consumer/init/main.c:1541) [ 3.362728] ? rest_init (kbuild/src/consumer/init/main.c:1421) [ 3.362728] kernel_init (kbuild/src/consumer/init/main.c:1426) [ 3.362728] ? rest_init (kbuild/src/consumer/init/main.c:1421) [ 3.362728] ret_from_fork (kbuild/src/consumer/arch/x86/entry/entry_64.S:300) [ 3.362728] Modules linked in: [ 3.362728] CR2: 0000000000000008 [ 3.362728] ---[ end trace e17c94a42475f8e5 ]--- [ 3.362728] RIP: 0010:alloc_anon_inode (kbuild/src/consumer/fs/anon_inodes.c:235) [ 3.362728] Code: 71 fe ff ff 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 53 48 8b 1d 54 45 cc 02 48 8d 7b 08 e8 4b 8e f4 ff <48> 8b 7b 08 e8 c2 a5 fc ff 5b 5d c3 66 66 2e 0f 1f 84 00 00 00 00 All code ======== 0: 71 fe jno 0x0 2: ff (bad) 3: ff 5d c3 lcall *-0x3d(%rbp) 6: 66 66 2e 0f 1f 84 00 data16 nopw %cs:0x0(%rax,%rax,1) d: 00 00 00 00 11: 0f 1f 40 00 nopl 0x0(%rax) 15: 55 push %rbp 16: 48 89 e5 mov %rsp,%rbp 19: 53 push %rbx 1a: 48 8b 1d 54 45 cc 02 mov 0x2cc4554(%rip),%rbx # 0x2cc4575 21: 48 8d 7b 08 lea 0x8(%rbx),%rdi 25: e8 4b 8e f4 ff callq 0xfffffffffff48e75 2a:* 48 8b 7b 08 mov 0x8(%rbx),%rdi <-- trapping instruction 2e: e8 c2 a5 fc ff callq 0xfffffffffffca5f5 33: 5b pop %rbx 34: 5d pop %rbp 35: c3 retq 36: 66 data16 37: 66 data16 38: 2e cs 39: 0f .byte 0xf 3a: 1f (bad) 3b: 84 00 test %al,(%rax) 3d: 00 00 add %al,(%rax) ... Code starting with the faulting instruction =========================================== 0: 48 8b 7b 08 mov 0x8(%rbx),%rdi 4: e8 c2 a5 fc ff callq 0xfffffffffffca5cb 9: 5b pop %rbx a: 5d pop %rbp b: c3 retq c: 66 data16 d: 66 data16 e: 2e cs f: 0f .byte 0xf 10: 1f (bad) 11: 84 00 test %al,(%rax) 13: 00 00 add %al,(%rax) To reproduce: # build kernel cd linux cp config-5.12.0-rc2-00012-ge14497b88f99 .config make HOSTCC=clang-13 CC=clang-13 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k job-script # job-script is attached in this email --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation Thanks, Oliver Sang