Greeting, FYI, we noticed the following commit (built with gcc-9): commit: 803f54ef52fc0eec23aa58fa64f2b6fcf67dd466 ("[PATCH v8] bio: limit bio max size") url: https://github.com/0day-ci/linux/commits/Changheun-Lee/bio-limit-bio-max-size/20210421-180805 base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git 1fe5501ba1abf2b7e78295df73675423bd6899a0 in testcase: kernel-builtin version: with following parameters: sleep: 10 on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +---------------------------------------------+------------+------------+ | | 1fe5501ba1 | 803f54ef52 | +---------------------------------------------+------------+------------+ | boot_successes | 7 | 0 | | boot_failures | 0 | 10 | | BUG:kernel_NULL_pointer_dereference,address | 0 | 10 | | Oops:#[##] | 0 | 10 | | RIP:bio_add_hw_page | 0 | 10 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 10 | +---------------------------------------------+------------+------------+ If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 7.411064] BUG: kernel NULL pointer dereference, address: 0000000000000368 [ 7.411687] #PF: supervisor read access in kernel mode [ 7.412167] #PF: error_code(0x0000) - not-present page [ 7.412649] PGD 0 P4D 0 [ 7.412930] Oops: 0000 [#1] SMP PTI [ 7.413278] CPU: 0 PID: 173 Comm: kworker/u4:2 Not tainted 5.12.0-rc8-00005-g803f54ef52fc #1 [ 7.414041] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 7.414791] Workqueue: events_unbound async_run_entry_fn [ 7.415280] RIP: 0010:bio_add_hw_page (kbuild/src/consumer/block/bio.c:260 kbuild/src/consumer/include/linux/bio.h:124 kbuild/src/consumer/include/linux/bio.h:119 kbuild/src/consumer/block/bio.c:778 kbuild/src/consumer/block/bio.c:753) [ 7.415717] Code: 09 44 39 c8 0f 87 f5 00 00 00 0f b7 46 60 49 89 fc 49 89 d6 45 89 c5 66 85 c0 75 60 66 39 43 62 0f 86 d9 00 00 00 48 8b 53 08 <48> 8b 92 68 03 00 00 48 8b 52 50 8b 92 08 04 00 00 29 ea 39 53 28 All code ======== 0: 09 44 39 c8 or %eax,-0x38(%rcx,%rdi,1) 4: 0f 87 f5 00 00 00 ja 0xff a: 0f b7 46 60 movzwl 0x60(%rsi),%eax e: 49 89 fc mov %rdi,%r12 11: 49 89 d6 mov %rdx,%r14 14: 45 89 c5 mov %r8d,%r13d 17: 66 85 c0 test %ax,%ax 1a: 75 60 jne 0x7c 1c: 66 39 43 62 cmp %ax,0x62(%rbx) 20: 0f 86 d9 00 00 00 jbe 0xff 26: 48 8b 53 08 mov 0x8(%rbx),%rdx 2a:* 48 8b 92 68 03 00 00 mov 0x368(%rdx),%rdx <-- trapping instruction 31: 48 8b 52 50 mov 0x50(%rdx),%rdx 35: 8b 92 08 04 00 00 mov 0x408(%rdx),%edx 3b: 29 ea sub %ebp,%edx 3d: 39 53 28 cmp %edx,0x28(%rbx) Code starting with the faulting instruction =========================================== 0: 48 8b 92 68 03 00 00 mov 0x368(%rdx),%rdx 7: 48 8b 52 50 mov 0x50(%rdx),%rdx b: 8b 92 08 04 00 00 mov 0x408(%rdx),%edx 11: 29 ea sub %ebp,%edx 13: 39 53 28 cmp %edx,0x28(%rbx) [ 7.417280] RSP: 0000:ffffaef600247c00 EFLAGS: 00010202 [ 7.417757] RAX: 0000000000000000 RBX: ffff9144f8624cc0 RCX: 0000000000000024 [ 7.418378] RDX: 0000000000000000 RSI: ffff9144f8624cc0 RDI: ffff9144af936d60 [ 7.418998] RBP: 0000000000000024 R08: 0000000000000200 R09: 0000000000000200 [ 7.419615] R10: 0000000000000002 R11: ffff9144f8619c77 R12: ffff9144af936d60 [ 7.420233] R13: 0000000000000200 R14: ffffdf6144d7ab40 R15: 0000000000000024 [ 7.420861] FS: 0000000000000000(0000) GS:ffff9147afc00000(0000) knlGS:0000000000000000 [ 7.421595] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7.422108] CR2: 0000000000000368 CR3: 0000000135e8a000 CR4: 00000000000406f0 [ 7.422728] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 7.423350] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 7.423971] Call Trace: [ 7.424256] bio_add_pc_page (kbuild/src/consumer/block/bio.c:812) [ 7.424633] blk_rq_map_kern (kbuild/src/consumer/block/blk-map.c:414 kbuild/src/consumer/block/blk-map.c:698) [ 7.425017] __scsi_execute (kbuild/src/consumer/drivers/scsi/scsi_lib.c:258 (discriminator 1)) [ 7.425395] scsi_probe_and_add_lun (kbuild/src/consumer/include/scsi/scsi_device.h:461 kbuild/src/consumer/drivers/scsi/scsi_scan.c:592 kbuild/src/consumer/drivers/scsi/scsi_scan.c:1086) [ 7.425821] ? __pm_runtime_resume (kbuild/src/consumer/drivers/base/power/runtime.c:1114) [ 7.426229] __scsi_add_device (kbuild/src/consumer/drivers/scsi/scsi_scan.c:1480) [ 7.426619] ata_scsi_scan_host (kbuild/src/consumer/drivers/ata/libata-scsi.c:4336) libata [ 7.427087] async_run_entry_fn (kbuild/src/consumer/kernel/async.c:124) [ 7.427485] process_one_work (kbuild/src/consumer/arch/x86/include/asm/jump_label.h:25 kbuild/src/consumer/include/linux/jump_label.h:200 kbuild/src/consumer/include/trace/events/workqueue.h:108 kbuild/src/consumer/kernel/workqueue.c:2280) [ 7.427872] ? process_one_work (kbuild/src/consumer/kernel/workqueue.c:2364) [ 7.428274] worker_thread (kbuild/src/consumer/include/linux/list.h:282 kbuild/src/consumer/kernel/workqueue.c:2422) [ 7.428644] ? process_one_work (kbuild/src/consumer/kernel/workqueue.c:2364) [ 7.429047] kthread (kbuild/src/consumer/kernel/kthread.c:292) [ 7.429376] ? kthread_park (kbuild/src/consumer/kernel/kthread.c:245) [ 7.429738] ret_from_fork (kbuild/src/consumer/arch/x86/entry/entry_64.S:300) [ 7.430097] Modules linked in: syscopyarea sysfillrect sysimgblt fb_sys_fops drm intel_rapl_msr ppdev intel_rapl_common crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel rapl joydev ata_piix libata serio_raw i2c_piix4 ipmi_devintf ipmi_msghandler parport_pc parport ip_tables [ 7.432217] CR2: 0000000000000368 [ 7.432563] ---[ end trace da8ba044c8e60dc6 ]--- [ 7.432992] RIP: 0010:bio_add_hw_page (kbuild/src/consumer/block/bio.c:260 kbuild/src/consumer/include/linux/bio.h:124 kbuild/src/consumer/include/linux/bio.h:119 kbuild/src/consumer/block/bio.c:778 kbuild/src/consumer/block/bio.c:753) [ 7.433424] Code: 09 44 39 c8 0f 87 f5 00 00 00 0f b7 46 60 49 89 fc 49 89 d6 45 89 c5 66 85 c0 75 60 66 39 43 62 0f 86 d9 00 00 00 48 8b 53 08 <48> 8b 92 68 03 00 00 48 8b 52 50 8b 92 08 04 00 00 29 ea 39 53 28 All code ======== 0: 09 44 39 c8 or %eax,-0x38(%rcx,%rdi,1) 4: 0f 87 f5 00 00 00 ja 0xff a: 0f b7 46 60 movzwl 0x60(%rsi),%eax e: 49 89 fc mov %rdi,%r12 11: 49 89 d6 mov %rdx,%r14 14: 45 89 c5 mov %r8d,%r13d 17: 66 85 c0 test %ax,%ax 1a: 75 60 jne 0x7c 1c: 66 39 43 62 cmp %ax,0x62(%rbx) 20: 0f 86 d9 00 00 00 jbe 0xff 26: 48 8b 53 08 mov 0x8(%rbx),%rdx 2a:* 48 8b 92 68 03 00 00 mov 0x368(%rdx),%rdx <-- trapping instruction 31: 48 8b 52 50 mov 0x50(%rdx),%rdx 35: 8b 92 08 04 00 00 mov 0x408(%rdx),%edx 3b: 29 ea sub %ebp,%edx 3d: 39 53 28 cmp %edx,0x28(%rbx) Code starting with the faulting instruction =========================================== 0: 48 8b 92 68 03 00 00 mov 0x368(%rdx),%rdx 7: 48 8b 52 50 mov 0x50(%rdx),%rdx b: 8b 92 08 04 00 00 mov 0x408(%rdx),%edx 11: 29 ea sub %ebp,%edx 13: 39 53 28 cmp %edx,0x28(%rbx) To reproduce: # build kernel cd linux cp config-5.12.0-rc8-00005-g803f54ef52fc .config make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k job-script # job-script is attached in this email --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation Thanks, Oliver Sang