Greeting, FYI, we noticed the following commit (built with gcc-9): commit: a31246115b33b3c3ab456e3f689174a076f09bbf ("[RFC PATCH 5/8] drm: start using drm_gem_trace_gpu_mem_instance") url: https://github.com/0day-ci/linux/commits/Gurchetan-Singh/GPU-memory-trace... base: git://anongit.freedesktop.org/drm-intel for-linux-next patch link: https://lore.kernel.org/dri-devel/20211021031027.537-6-gurchetansingh@chr... in testcase: boot on test machine: qemu-system-x86_64 -enable-kvm -cpu Icelake-Server -smp 4 -m 16G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +---------------------------------------------+------------+------------+ | | 4f27e9667d | a31246115b | +---------------------------------------------+------------+------------+ | boot_successes | 16 | 0 | | boot_failures | 0 | 16 | | BUG:kernel_NULL_pointer_dereference,address | 0 | 16 | | Oops:#[##] | 0 | 16 | | RIP:drm_gem_trace_gpu_mem_instance | 0 | 16 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 16 | +---------------------------------------------+------------+------------+ If you fix the issue, kindly add following tag Reported-by: kernel test robot <oliver.sang(a)intel.com&gt; [ 23.584758][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000020 [ 23.586495][ T1] #PF: supervisor read access in kernel mode [ 23.587820][ T1] #PF: error_code(0x0000) - not-present page [ 23.589173][ T1] PGD 0 P4D 0 [ 23.589661][ T1] Oops: 0000 [#1] SMP [ 23.589661][ T1] CPU: 2 PID: 1 Comm: swapper/0 Not tainted 5.15.0-rc2-01062-ga31246115b33 #1 [ 23.589661][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 23.589661][ T1] RIP: 0010:drm_gem_trace_gpu_mem_instance (drivers/gpu/drm/drm_gem.c:184) [ 23.589661][ T1] Code: 48 83 05 2c 56 e0 05 01 e8 c7 c1 0b ff 48 8b 83 d0 01 00 00 4c 8b ab 78 04 00 00 4c 8b a3 70 04 00 00 48 83 05 7a 54 e0 05 01 <48> 8b 40 20 48 8b 58 40 48 8b 85 80 00 00 00 8b 28 66 90 e8 92 c1 All code ======== 0: 48 83 05 2c 56 e0 05 addq $0x1,0x5e0562c(%rip) # 0x5e05634 7: 01 8: e8 c7 c1 0b ff callq 0xffffffffff0bc1d4 d: 48 8b 83 d0 01 00 00 mov 0x1d0(%rbx),%rax 14: 4c 8b ab 78 04 00 00 mov 0x478(%rbx),%r13 1b: 4c 8b a3 70 04 00 00 mov 0x470(%rbx),%r12 22: 48 83 05 7a 54 e0 05 addq $0x1,0x5e0547a(%rip) # 0x5e054a4 29: 01 2a:* 48 8b 40 20 mov 0x20(%rax),%rax <-- trapping instruction 2e: 48 8b 58 40 mov 0x40(%rax),%rbx 32: 48 8b 85 80 00 00 00 mov 0x80(%rbp),%rax 39: 8b 28 mov (%rax),%ebp 3b: 66 90 xchg %ax,%ax 3d: e8 .byte 0xe8 3e: 92 xchg %eax,%edx 3f: c1 .byte 0xc1 Code starting with the faulting instruction =========================================== 0: 48 8b 40 20 mov 0x20(%rax),%rax 4: 48 8b 58 40 mov 0x40(%rax),%rbx 8: 48 8b 85 80 00 00 00 mov 0x80(%rbp),%rax f: 8b 28 mov (%rax),%ebp 11: 66 90 xchg %ax,%ax 13: e8 .byte 0xe8 14: 92 xchg %eax,%edx 15: c1 .byte 0xc1 [ 23.589661][ T1] RSP: 0000:ffffc900000138f8 EFLAGS: 00010202 [ 23.589661][ T1] RAX: 0000000000000000 RBX: ffff888114cd4800 RCX: 0000000000000000 [ 23.589661][ T1] RDX: ffff8881002d8000 RSI: ffffffff8221ce49 RDI: ffff88810f9c6000 [ 23.589661][ T1] RBP: ffff88810f9c6000 R08: 0000000000000000 R09: 0000000000000001 [ 23.589661][ T1] R10: 00000000e4a45f4b R11: 000000000000007f R12: 0000000000300000 [ 23.589661][ T1] R13: 0000000000000000 R14: ffff888114cd48e0 R15: ffff88810f985418 [ 23.589661][ T1] FS: 0000000000000000(0000) GS:ffff88842fa00000(0000) knlGS:0000000000000000 [ 23.589661][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 23.589661][ T1] CR2: 0000000000000020 CR3: 0000000004e6a000 CR4: 0000000000000ea0 [ 23.589661][ T1] Call Trace: [ 23.589661][ T1] drm_gem_handle_create_tail (drivers/gpu/drm/drm_gem.c:452) [ 23.589661][ T1] drm_gem_handle_create (drivers/gpu/drm/drm_gem.c:486) [ 23.589661][ T1] drm_gem_vram_fill_create_dumb (drivers/gpu/drm/drm_gem_vram_helper.c:527) [ 23.589661][ T1] drm_gem_vram_driver_dumb_create (drivers/gpu/drm/drm_gem_vram_helper.c:624) [ 23.589661][ T1] drm_mode_create_dumb (drivers/gpu/drm/drm_dumb_buffers.c:96) [ 23.589661][ T1] drm_client_framebuffer_create (drivers/gpu/drm/drm_client.c:268 drivers/gpu/drm/drm_client.c:418) [ 23.589661][ T1] drm_fb_helper_generic_probe (drivers/gpu/drm/drm_fb_helper.c:2321 (discriminator 4)) [ 23.589661][ T1] drm_fb_helper_single_fb_probe (drivers/gpu/drm/drm_fb_helper.c:1668) [ 23.589661][ T1] __drm_fb_helper_initial_config_and_unlock (drivers/gpu/drm/drm_fb_helper.c:1827) [ 23.589661][ T1] drm_fb_helper_initial_config (drivers/gpu/drm/drm_fb_helper.c:1921) [ 23.589661][ T1] drm_fbdev_client_hotplug (drivers/gpu/drm/drm_fb_helper.c:2423) [ 23.589661][ T1] drm_fbdev_generic_setup (drivers/gpu/drm/drm_fb_helper.c:2510) [ 23.589661][ T1] bochs_pci_probe (drivers/gpu/drm/tiny/bochs.c:667) [ 23.589661][ T1] local_pci_probe (drivers/pci/pci-driver.c:323) [ 23.589661][ T1] pci_device_probe (drivers/pci/pci-driver.c:380 drivers/pci/pci-driver.c:405 drivers/pci/pci-driver.c:448) [ 23.589661][ T1] ? pci_device_remove (drivers/pci/pci-driver.c:433) [ 23.589661][ T1] really_probe (drivers/base/dd.c:515 drivers/base/dd.c:596) [ 23.589661][ T1] __driver_probe_device (drivers/base/dd.c:751) [ 23.589661][ T1] driver_probe_device (drivers/base/dd.c:781) [ 23.589661][ T1] __driver_attach (drivers/base/dd.c:1141) [ 23.589661][ T1] ? driver_allows_async_probing (drivers/base/dd.c:1093) [ 23.589661][ T1] bus_for_each_dev (drivers/base/bus.c:301) [ 23.589661][ T1] driver_attach (drivers/base/dd.c:1157) [ 23.589661][ T1] bus_add_driver (drivers/base/bus.c:618) [ 23.589661][ T1] driver_register (drivers/base/driver.c:171) [ 23.589661][ T1] __pci_register_driver (drivers/pci/pci-driver.c:1407) [ 23.589661][ T1] ? ch7006_init (drivers/gpu/drm/tiny/bochs.c:721) [ 23.589661][ T1] bochs_init (drivers/gpu/drm/tiny/bochs.c:728) [ 23.589661][ T1] do_one_initcall (init/main.c:1303) [ 23.589661][ T1] ? rcu_read_lock_sched_held (include/linux/lockdep.h:283 kernel/rcu/update.c:125) [ 23.589661][ T1] do_initcalls (init/main.c:1376 init/main.c:1392) [ 23.589661][ T1] kernel_init_freeable (init/main.c:1411 init/main.c:1614) [ 23.589661][ T1] ? rest_init (init/main.c:1497) [ 23.589661][ T1] kernel_init (init/main.c:1505) [ 23.589661][ T1] ret_from_fork (arch/x86/entry/entry_64.S:301) [ 23.589661][ T1] Modules linked in: [ 23.589661][ T1] CR2: 0000000000000020 [ 23.589661][ T1] ---[ end trace 2603038b65df9faf ]--- [ 23.589661][ T1] RIP: 0010:drm_gem_trace_gpu_mem_instance (drivers/gpu/drm/drm_gem.c:184) [ 23.589661][ T1] Code: 48 83 05 2c 56 e0 05 01 e8 c7 c1 0b ff 48 8b 83 d0 01 00 00 4c 8b ab 78 04 00 00 4c 8b a3 70 04 00 00 48 83 05 7a 54 e0 05 01 <48> 8b 40 20 48 8b 58 40 48 8b 85 80 00 00 00 8b 28 66 90 e8 92 c1 All code ======== 0: 48 83 05 2c 56 e0 05 addq $0x1,0x5e0562c(%rip) # 0x5e05634 7: 01 8: e8 c7 c1 0b ff callq 0xffffffffff0bc1d4 d: 48 8b 83 d0 01 00 00 mov 0x1d0(%rbx),%rax 14: 4c 8b ab 78 04 00 00 mov 0x478(%rbx),%r13 1b: 4c 8b a3 70 04 00 00 mov 0x470(%rbx),%r12 22: 48 83 05 7a 54 e0 05 addq $0x1,0x5e0547a(%rip) # 0x5e054a4 29: 01 2a:* 48 8b 40 20 mov 0x20(%rax),%rax <-- trapping instruction 2e: 48 8b 58 40 mov 0x40(%rax),%rbx 32: 48 8b 85 80 00 00 00 mov 0x80(%rbp),%rax 39: 8b 28 mov (%rax),%ebp 3b: 66 90 xchg %ax,%ax 3d: e8 .byte 0xe8 3e: 92 xchg %eax,%edx 3f: c1 .byte 0xc1 Code starting with the faulting instruction =========================================== 0: 48 8b 40 20 mov 0x20(%rax),%rax 4: 48 8b 58 40 mov 0x40(%rax),%rbx 8: 48 8b 85 80 00 00 00 mov 0x80(%rbp),%rax f: 8b 28 mov (%rax),%ebp 11: 66 90 xchg %ax,%ax 13: e8 .byte 0xe8 14: 92 xchg %eax,%edx 15: c1 .byte 0xc1 To reproduce: # build kernel cd linux cp config-5.15.0-rc2-01062-ga31246115b33 .config make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. --- 0DAY/LKP+ Test Infrastructure Open Source Technology Center https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation Thanks, Oliver Sang