Greeting,

FYI, we noticed BUG:kernel_NULL_pointer_dereference,address due to commit (built with gcc-11):

commit: c12879206e47730ff5ab255bbf625b28ade4028f ("x86/mm: Populate KASAN shadow for per-CPU DS buffers in CPU entry area")
https://github.com/sean-jc/linux x86/kasan_ds_buffer

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Link: https://lore.kernel.org/oe-lkp/202211092215.948a1cf3-oliver.sang@intel.com


[    0.393625][    T0] BUG: kernel NULL pointer dereference, address: 00000000
[    0.394409][    T0] #PF: supervisor read access in kernel mode
[    0.395080][    T0] #PF: error_code(0x0000) - not-present page
[    0.395754][    T0] *pdpt = 0000000000000000 *pde = f000ff53f000ff53
[    0.396492][    T0] Oops: 0000 [#1] SMP
[    0.396934][    T0] CPU: 0 PID: 0 Comm: swapper Not tainted 6.1.0-rc3-00026-gc12879206e47 #1 b77cd08af3ba623e5cfd4322a824090e2c932177
[    0.398259][    T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[ 0.399354][ T0] EIP: per_cpu_ptr_to_phys (??:?) 
[ 0.399957][ T0] Code: 01 89 da b8 a0 6e 80 84 e8 11 27 7a 00 8b 1d f0 6f 80 84 89 c1 39 c3 77 c5 89 f0 81 e6 ff 0f 00 00 e8 08 41 03 00 31 d2 31 c9 <8b> 38 6a 01 89 c3 b8 d0 67 64 84 c1 ef 19 e8 11 a9 f2 ff c1 e7 04
All code
========
   0:	01 89 da b8 a0 6e    	add    %ecx,0x6ea0b8da(%rcx)
   6:	80 84 e8 11 27 7a 00 	addb   $0x8b,0x7a2711(%rax,%rbp,8)
   d:	8b 
   e:	1d f0 6f 80 84       	sbb    $0x84806ff0,%eax
  13:	89 c1                	mov    %eax,%ecx
  15:	39 c3                	cmp    %eax,%ebx
  17:	77 c5                	ja     0xffffffffffffffde
  19:	89 f0                	mov    %esi,%eax
  1b:	81 e6 ff 0f 00 00    	and    $0xfff,%esi
  21:	e8 08 41 03 00       	callq  0x3412e
  26:	31 d2                	xor    %edx,%edx
  28:	31 c9                	xor    %ecx,%ecx
  2a:*	8b 38                	mov    (%rax),%edi		<-- trapping instruction
  2c:	6a 01                	pushq  $0x1
  2e:	89 c3                	mov    %eax,%ebx
  30:	b8 d0 67 64 84       	mov    $0x846467d0,%eax
  35:	c1 ef 19             	shr    $0x19,%edi
  38:	e8 11 a9 f2 ff       	callq  0xfffffffffff2a94e
  3d:	c1 e7 04             	shl    $0x4,%edi

Code starting with the faulting instruction
===========================================
   0:	8b 38                	mov    (%rax),%edi
   2:	6a 01                	pushq  $0x1
   4:	89 c3                	mov    %eax,%ebx
   6:	b8 d0 67 64 84       	mov    $0x846467d0,%eax
   b:	c1 ef 19             	shr    $0x19,%edi
   e:	e8 11 a9 f2 ff       	callq  0xfffffffffff2a924
  13:	c1 e7 04             	shl    $0x4,%edi
[    0.402060][    T0] EAX: 00000000 EBX: 00000001 ECX: 00000000 EDX: 00000000
[    0.402864][    T0] ESI: 00000000 EDI: ff20d000 EBP: 83f89f10 ESP: 83f89f00
[    0.403654][    T0] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00210046
[    0.404477][    T0] CR0: 80050033 CR2: 00000000 CR3: 049fc000 CR4: 000406b0
[    0.405280][    T0] Call Trace:
[ 0.405622][ T0] cea_map_percpu_pages (cpu_entry_area.c:?) 
[ 0.406169][ T0] setup_cpu_entry_area (cpu_entry_area.c:?) 
[ 0.406746][ T0] setup_cpu_entry_areas (??:?) 
[ 0.407298][ T0] trap_init (??:?) 
[ 0.407746][ T0] start_kernel (??:?) 
[ 0.408241][ T0] i386_start_kernel (??:?) 
[ 0.408764][ T0] startup_32_smp (??:?) 
[    0.409295][    T0] Modules linked in:
[    0.409691][    T0] CR2: 0000000000000000
[    0.410138][    T0] ---[ end trace 0000000000000000 ]---
[ 0.410704][ T0] EIP: per_cpu_ptr_to_phys (??:?) 
[ 0.411279][ T0] Code: 01 89 da b8 a0 6e 80 84 e8 11 27 7a 00 8b 1d f0 6f 80 84 89 c1 39 c3 77 c5 89 f0 81 e6 ff 0f 00 00 e8 08 41 03 00 31 d2 31 c9 <8b> 38 6a 01 89 c3 b8 d0 67 64 84 c1 ef 19 e8 11 a9 f2 ff c1 e7 04
All code
========
   0:	01 89 da b8 a0 6e    	add    %ecx,0x6ea0b8da(%rcx)
   6:	80 84 e8 11 27 7a 00 	addb   $0x8b,0x7a2711(%rax,%rbp,8)
   d:	8b 
   e:	1d f0 6f 80 84       	sbb    $0x84806ff0,%eax
  13:	89 c1                	mov    %eax,%ecx
  15:	39 c3                	cmp    %eax,%ebx
  17:	77 c5                	ja     0xffffffffffffffde
  19:	89 f0                	mov    %esi,%eax
  1b:	81 e6 ff 0f 00 00    	and    $0xfff,%esi
  21:	e8 08 41 03 00       	callq  0x3412e
  26:	31 d2                	xor    %edx,%edx
  28:	31 c9                	xor    %ecx,%ecx
  2a:*	8b 38                	mov    (%rax),%edi		<-- trapping instruction
  2c:	6a 01                	pushq  $0x1
  2e:	89 c3                	mov    %eax,%ebx
  30:	b8 d0 67 64 84       	mov    $0x846467d0,%eax
  35:	c1 ef 19             	shr    $0x19,%edi
  38:	e8 11 a9 f2 ff       	callq  0xfffffffffff2a94e
  3d:	c1 e7 04             	shl    $0x4,%edi

Code starting with the faulting instruction
===========================================
   0:	8b 38                	mov    (%rax),%edi
   2:	6a 01                	pushq  $0x1
   4:	89 c3                	mov    %eax,%ebx
   6:	b8 d0 67 64 84       	mov    $0x846467d0,%eax
   b:	c1 ef 19             	shr    $0x19,%edi
   e:	e8 11 a9 f2 ff       	callq  0xfffffffffff2a924
  13:	c1 e7 04             	shl    $0x4,%edi


To reproduce:

        # build kernel
	cd linux
	cp config-6.1.0-rc3-00026-gc12879206e47 .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



-- 
0-DAY CI Kernel Test Service
https://01.org/lkp