Greeting, FYI, we noticed the following commit (built with gcc-9): commit: becdd56786002a908afd8a62f68976ed78572413 ("[net-next, v5, 02/11] ptp: support ptp physical/virtual clocks conversion") url: https://github.com/0day-ci/linux/commits/Yangbo-Lu/ptp-support-virtual-clocks-and-timestamping/20210630-160348 in testcase: trinity version: trinity-i386 with following parameters: number: 99999 group: group-03 test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 139.958903] BUG: kernel NULL pointer dereference, address: 00000304 [ 139.960977] #PF: supervisor read access in kernel mode [ 139.962097] #PF: error_code(0x0000) - not-present page [ 139.962097] *pde = 00000000 [ 139.962097] Oops: 0000 [#1] SMP [ 139.962097] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G S 5.13.0-rc6-02622-gbecdd5678600 #1 [ 139.962097] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 139.962097] EIP: ptp_clock_register (drivers/ptp/ptp_clock.c:237) [ 139.962097] Code: 6a 00 e8 1f 1d 83 fc 89 83 44 15 00 00 83 c4 14 3d 00 f0 ff ff 0f 87 03 4f 9b 01 8b 83 f4 03 00 00 89 98 e0 00 00 00 8b 45 9c <8b> 80 04 03 00 00 85 c0 74 18 8b 00 85 c0 74 12 ba 7a e3 19 da e8 All code ======== 0: 6a 00 pushq $0x0 2: e8 1f 1d 83 fc callq 0xfffffffffc831d26 7: 89 83 44 15 00 00 mov %eax,0x1544(%rbx) d: 83 c4 14 add $0x14,%esp 10: 3d 00 f0 ff ff cmp $0xfffff000,%eax 15: 0f 87 03 4f 9b 01 ja 0x19b4f1e 1b: 8b 83 f4 03 00 00 mov 0x3f4(%rbx),%eax 21: 89 98 e0 00 00 00 mov %ebx,0xe0(%rax) 27: 8b 45 9c mov -0x64(%rbp),%eax 2a:* 8b 80 04 03 00 00 mov 0x304(%rax),%eax <-- trapping instruction 30: 85 c0 test %eax,%eax 32: 74 18 je 0x4c 34: 8b 00 mov (%rax),%eax 36: 85 c0 test %eax,%eax 38: 74 12 je 0x4c 3a: ba 7a e3 19 da mov $0xda19e37a,%edx 3f: e8 .byte 0xe8 Code starting with the faulting instruction =========================================== 0: 8b 80 04 03 00 00 mov 0x304(%rax),%eax 6: 85 c0 test %eax,%eax 8: 74 18 je 0x22 a: 8b 00 mov (%rax),%eax c: 85 c0 test %eax,%eax e: 74 12 je 0x22 10: ba 7a e3 19 da mov $0xda19e37a,%edx 15: e8 .byte 0xe8 [ 139.962097] EAX: 00000000 EBX: c98ba000 ECX: 00000002 EDX: da436e01 [ 139.962097] ESI: dc3727a4 EDI: 00000000 EBP: c1c71f14 ESP: c1c71ea0 [ 139.962097] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010246 [ 139.962097] CR0: 80050033 CR2: 00000304 CR3: 1b9ef000 CR4: 000406d0 [ 139.962097] Call Trace: [ 139.962097] ? kobject_uevent_env (lib/kobject_uevent.c:628) [ 139.962097] ? ptp_pch_init (drivers/ptp/ptp_kvm_common.c:136) [ 139.962097] ? slow_virt_to_phys (arch/x86/mm/pat/set_memory.c:704) [ 139.962097] ptp_kvm_init (include/linux/err.h:31 include/linux/err.h:60 drivers/ptp/ptp_kvm_common.c:150) [ 139.962097] ? ptp_pch_init (drivers/ptp/ptp_kvm_common.c:136) [ 139.962097] do_one_initcall (init/main.c:1249) [ 139.962097] ? kernel_init_freeable (include/linux/compiler.h:234 include/linux/init.h:124 init/main.c:1322 init/main.c:1338 init/main.c:1358 init/main.c:1560) [ 139.962097] kernel_init_freeable (init/main.c:1321 init/main.c:1338 init/main.c:1358 init/main.c:1560) [ 139.962097] ? rest_init (init/main.c:1444) [ 140.005239] kernel_init (init/main.c:1449) [ 140.005239] ret_from_fork (arch/x86/entry/entry_32.S:775) [ 140.005239] Modules linked in: [ 140.005239] CR2: 0000000000000304 [ 140.005239] _warn_unseeded_randomness: 9 callbacks suppressed [ 140.005239] random: get_random_bytes called from init_oops_id+0x42/0x60 with crng_init=0 [ 140.005239] ---[ end trace 739df3099651fd35 ]--- [ 140.005239] EIP: ptp_clock_register (drivers/ptp/ptp_clock.c:237) [ 140.005239] Code: 6a 00 e8 1f 1d 83 fc 89 83 44 15 00 00 83 c4 14 3d 00 f0 ff ff 0f 87 03 4f 9b 01 8b 83 f4 03 00 00 89 98 e0 00 00 00 8b 45 9c <8b> 80 04 03 00 00 85 c0 74 18 8b 00 85 c0 74 12 ba 7a e3 19 da e8 All code ======== 0: 6a 00 pushq $0x0 2: e8 1f 1d 83 fc callq 0xfffffffffc831d26 7: 89 83 44 15 00 00 mov %eax,0x1544(%rbx) d: 83 c4 14 add $0x14,%esp 10: 3d 00 f0 ff ff cmp $0xfffff000,%eax 15: 0f 87 03 4f 9b 01 ja 0x19b4f1e 1b: 8b 83 f4 03 00 00 mov 0x3f4(%rbx),%eax 21: 89 98 e0 00 00 00 mov %ebx,0xe0(%rax) 27: 8b 45 9c mov -0x64(%rbp),%eax 2a:* 8b 80 04 03 00 00 mov 0x304(%rax),%eax <-- trapping instruction 30: 85 c0 test %eax,%eax 32: 74 18 je 0x4c 34: 8b 00 mov (%rax),%eax 36: 85 c0 test %eax,%eax 38: 74 12 je 0x4c 3a: ba 7a e3 19 da mov $0xda19e37a,%edx 3f: e8 .byte 0xe8 Code starting with the faulting instruction =========================================== 0: 8b 80 04 03 00 00 mov 0x304(%rax),%eax 6: 85 c0 test %eax,%eax 8: 74 18 je 0x22 a: 8b 00 mov (%rax),%eax c: 85 c0 test %eax,%eax e: 74 12 je 0x22 10: ba 7a e3 19 da mov $0xda19e37a,%edx 15: e8 .byte 0xe8 To reproduce: # build kernel cd linux cp config-5.13.0-rc6-02622-gbecdd5678600 .config make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k job-script # job-script is attached in this email --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation Thanks, Oliver Sang