[linus:master] [usb] 56a512a9b4: Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP

All of lore.kernel.org
 help / color / mirror / Atom feed

* [linus:master] [usb]  56a512a9b4: Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP_KASAN
@ 2026-02-18  9:10 kernel test robot
  0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2026-02-18  9:10 UTC (permalink / raw)
  To: Kuen-Han Tsai
  Cc: oe-lkp, lkp, linux-kernel, Greg Kroah-Hartman, linux-usb,
	oliver.sang



Hello,

kernel test robot noticed "Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP_KASAN" on:

commit: 56a512a9b4107079f68701e7d55da8507eb963d9 ("usb: gadget: f_ncm: align net_device lifecycle with bind/unbind")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master


in testcase: boot

config: x86_64-randconfig-002-20260217
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G

(please refer to attached dmesg/kmsg for entire log/backtrace)


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202602181727.fd76c561-lkp@intel.com



[    8.960483][    T1] usb usb1: SerialNumber: dummy_hcd.0
[    8.962200][    T1] hub 1-0:1.0: USB hub found
[    8.963048][    T1] hub 1-0:1.0: 1 port detected
[    8.967283][    T1] file system registered
[    8.968024][    T1] udc dummy_udc.0: binding gadget driver [g_ncm]
[    8.968851][    T1] Oops: general protection fault, probably for non-canonical address 0xdffffc00000001a3: 0000 [#1] SMP KASAN
[    8.970049][    T1] KASAN: null-ptr-deref in range [0x0000000000000d18-0x0000000000000d1f]
[    8.970973][    T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G                T   6.19.0-rc3-00025-g56a512a9b410 #1 PREEMPTLAZY
[    8.971938][    T1] Tainted: [T]=RANDSTRUCT
[    8.971938][    T1] RIP: 0010:gether_set_qmult (kbuild/src/consumer/drivers/usb/gadget/function/u_ether.c:988)
[    8.971938][    T1] Code: 00 00 f3 0f 1e fa 0f 1f 44 00 00 55 48 89 e5 41 56 53 48 81 c7 18 0d 00 00 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 75 07 89 37 5b 41 5e 5d c3 89 f9 80 e1 07 80 c1
All code
========
   0:	00 00                	add    %al,(%rax)
   2:	f3 0f 1e fa          	endbr64
   6:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
   b:	55                   	push   %rbp
   c:	48 89 e5             	mov    %rsp,%rbp
   f:	41 56                	push   %r14
  11:	53                   	push   %rbx
  12:	48 81 c7 18 0d 00 00 	add    $0xd18,%rdi
  19:	48 89 f8             	mov    %rdi,%rax
  1c:	48 c1 e8 03          	shr    $0x3,%rax
  20:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  27:	fc ff df 
  2a:*	0f b6 04 08          	movzbl (%rax,%rcx,1),%eax		<-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	75 07                	jne    0x39
  32:	89 37                	mov    %esi,(%rdi)
  34:	5b                   	pop    %rbx
  35:	41 5e                	pop    %r14
  37:	5d                   	pop    %rbp
  38:	c3                   	ret
  39:	89 f9                	mov    %edi,%ecx
  3b:	80 e1 07             	and    $0x7,%cl
  3e:	80                   	.byte 0x80
  3f:	c1                   	.byte 0xc1

Code starting with the faulting instruction
===========================================
   0:	0f b6 04 08          	movzbl (%rax,%rcx,1),%eax
   4:	84 c0                	test   %al,%al
   6:	75 07                	jne    0xf
   8:	89 37                	mov    %esi,(%rdi)
   a:	5b                   	pop    %rbx
   b:	41 5e                	pop    %r14
   d:	5d                   	pop    %rbp
   e:	c3                   	ret
   f:	89 f9                	mov    %edi,%ecx
  11:	80 e1 07             	and    $0x7,%cl
  14:	80                   	.byte 0x80
  15:	c1                   	.byte 0xc1
[    8.971938][    T1] RSP: 0018:ffff8881009df660 EFLAGS: 00010206
[    8.971938][    T1] RAX: 00000000000001a3 RBX: ffff8881020fd400 RCX: dffffc0000000000
[    8.971938][    T1] RDX: 0000000000000001 RSI: 0000000000000005 RDI: 0000000000000d18
[    8.971938][    T1] RBP: ffff8881009df670 R08: ffff8881009df5ef R09: 1ffff1102013bebd
[    8.971938][    T1] R10: dffffc0000000000 R11: ffffed102013bebe R12: dffffc0000000000
[    8.971938][    T1] R13: 1ffff11020105216 R14: ffff8881296b4c00 R15: ffff8881008290b0
[    8.971938][    T1] FS:  0000000000000000(0000) GS:ffff88879974e000(0000) knlGS:0000000000000000
[    8.971938][    T1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    8.971938][    T1] CR2: 00007f70208af0ac CR3: 0000000004a7c000 CR4: 00000000000406f0
[    8.971938][    T1] Call Trace:
[    8.971938][    T1]  <TASK>
[    8.971938][    T1]  gncm_bind (kbuild/src/consumer/drivers/usb/gadget/legacy/ncm.c:140)
[    8.971938][    T1]  ? gadget_bind_driver (kbuild/src/consumer/drivers/usb/gadget/udc/core.c:1629 (discriminator 1024))
[    8.971938][    T1]  composite_bind (kbuild/src/consumer/drivers/usb/gadget/composite.c:2553)
[    8.971938][    T1]  ? suspended_show (kbuild/src/consumer/drivers/usb/gadget/composite.c:2529)


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260218/202602181727.fd76c561-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-02-18  9:11 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-18  9:10 [linus:master] [usb] 56a512a9b4: Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP_KASAN kernel test robot

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.