* [jimc:jump-batch] [drm] a3facbf7db: BUG:kernel_NULL_pointer_dereference,address
@ 2026-04-28 13:20 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2026-04-28 13:20 UTC (permalink / raw)
To: Jim Cromie, Łukasz Bartosik; +Cc: oe-lkp, lkp, oliver.sang
Hello,
this report is just FYI.
the randconfig we used in this test has the expected difference.
==================== PARENT FIRST_BAD KCONFIGS bc7cb75552bb5191e9ac9f20e310d9b1858bc4aa ====================
--- /pkg/linux/i386-randconfig-015-20260120/gcc-14/bc7cb75552bb5191e9ac9f20e310d9b1858bc4aa/.config 2026-04-25 03:39:53.302787330 +0800
+++ /pkg/linux/i386-randconfig-015-20260120/gcc-14/a3facbf7db65b559049a9e91ad6fc70a62e99311/.config 2026-04-25 04:18:41.893668590 +0800
@@ -4210,7 +4210,7 @@ CONFIG_DRM=y
#
# DRM debugging options
#
-# CONFIG_DRM_USE_DYNAMIC_DEBUG is not set
+CONFIG_DRM_USE_DYNAMIC_DEBUG=y
# CONFIG_DRM_WERROR is not set
CONFIG_DRM_DEBUG_MM=y
CONFIG_DRM_KUNIT_TEST_HELPERS=m
after CONFIG_DRM_USE_DYNAMIC_DEBUG enabled, we noticed crash mentioned in below
report.
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: a3facbf7db65b559049a9e91ad6fc70a62e99311 ("drm-dyndbg: set CONFIG_DRM_USE_DYNAMIC_DEBUG=y")
https://github.com/jimc/linux.git jump-batch
in testcase: boot
config: i386-randconfig-015-20260120
compiler: gcc-14
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202604282018.c2caa8e7-lkp@intel.com
[ 0.362826][ T1] BUG: kernel NULL pointer dereference, address: 00000000
[ 0.363389][ T1] #PF: supervisor read access in kernel mode
[ 0.363855][ T1] #PF: error_code(0x0000) - not-present page
[ 0.364322][ T1] *pdpt = 0000000000000000 *pde = f000ff53f000ff53
[ 0.364864][ T1] Oops: Oops: 0000 [#1] SMP
[ 0.365217][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G T 7.0.0-rc5-00065-ga3facbf7db65 #1 PREEMPT(lazy) d5dc0e24f12a8efb7de0b5a998078c56d56aaad7
[ 0.365732][ T1] Tainted: [T]=RANDSTRUCT
[ 0.365732][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 0.365732][ T1] EIP: strcmp (arch/x86/lib/string_32.c:97)
[ 0.365732][ T1] Code: 84 c0 75 f7 31 c0 aa 89 d8 5b 5e 5f 5d 31 d2 31 c9 c3 8d 76 00 2e 8d b4 26 00 00 00 00 8d 74 26 00 55 89 e5 57 89 d7 56 89 c6 <ac> ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 5e 5f 5d 31 d2 c3
All code
========
0: 84 c0 test %al,%al
2: 75 f7 jne 0xfffffffffffffffb
4: 31 c0 xor %eax,%eax
6: aa stos %al,%es:(%rdi)
7: 89 d8 mov %ebx,%eax
9: 5b pop %rbx
a: 5e pop %rsi
b: 5f pop %rdi
c: 5d pop %rbp
d: 31 d2 xor %edx,%edx
f: 31 c9 xor %ecx,%ecx
11: c3 ret
12: 8d 76 00 lea 0x0(%rsi),%esi
15: 2e 8d b4 26 00 00 00 cs lea 0x0(%rsi,%riz,1),%esi
1c: 00
1d: 8d 74 26 00 lea 0x0(%rsi,%riz,1),%esi
21: 55 push %rbp
22: 89 e5 mov %esp,%ebp
24: 57 push %rdi
25: 89 d7 mov %edx,%edi
27: 56 push %rsi
28: 89 c6 mov %eax,%esi
2a:* ac lods %ds:(%rsi),%al <-- trapping instruction
2b: ae scas %es:(%rdi),%al
2c: 75 08 jne 0x36
2e: 84 c0 test %al,%al
30: 75 f8 jne 0x2a
32: 31 c0 xor %eax,%eax
34: eb 04 jmp 0x3a
36: 19 c0 sbb %eax,%eax
38: 0c 01 or $0x1,%al
3a: 5e pop %rsi
3b: 5f pop %rdi
3c: 5d pop %rbp
3d: 31 d2 xor %edx,%edx
3f: c3 ret
Code starting with the faulting instruction
===========================================
0: ac lods %ds:(%rsi),%al
1: ae scas %es:(%rdi),%al
2: 75 08 jne 0xc
4: 84 c0 test %al,%al
6: 75 f8 jne 0x0
8: 31 c0 xor %eax,%eax
a: eb 04 jmp 0x10
c: 19 c0 sbb %eax,%eax
e: 0c 01 or $0x1,%al
10: 5e pop %rsi
11: 5f pop %rdi
12: 5d pop %rbp
13: 31 d2 xor %edx,%edx
15: c3 ret
[ 0.365732][ T1] EAX: 00000000 EBX: 467dad14 ECX: 00000015 EDX: 45b9de29
[ 0.365732][ T1] ESI: 00000000 EDI: 45b9de29 EBP: 4762de70 ESP: 4762de68
[ 0.365732][ T1] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010293
[ 0.365732][ T1] CR0: 80050033 CR2: 00000000 CR3: 06999000 CR4: 000406b0
[ 0.365732][ T1] Call Trace:
[ 0.365732][ T1] ? ddebug_add_module (lib/dynamic_debug.c:1473 (discriminator 8))
[ 0.365732][ T1] ? __lock_release+0x43/0x140
[ 0.365732][ T1] ? blocking_notifier_chain_register (kernel/notifier.c:265 kernel/notifier.c:282)
[ 0.365732][ T1] ? up_write (kernel/locking/rwsem.c:1643)
[ 0.365732][ T1] ? blocking_notifier_chain_register (kernel/notifier.c:265 kernel/notifier.c:282)
[ 0.365732][ T1] ? dynamic_debug_init_control (lib/dynamic_debug.c:1669)
[ 0.365732][ T1] ? dynamic_debug_init (lib/dynamic_debug.c:1716)
[ 0.365732][ T1] ? dynamic_debug_init_control (lib/dynamic_debug.c:1669)
[ 0.365732][ T1] ? do_one_initcall (init/main.c:1382)
[ 0.365732][ T1] ? __register_sysctl_table (include/linux/spinlock.h:389 fs/proc/proc_sysctl.c:1403)
[ 0.365732][ T1] ? __register_sysctl_init (fs/proc/proc_sysctl.c:1436 fs/proc/proc_sysctl.c:1465)
[ 0.365732][ T1] ? init_mm_internals (mm/vmstat.c:2295)
[ 0.365732][ T1] ? rest_init (init/main.c:760)
[ 0.365732][ T1] ? kernel_init_freeable (init/main.c:1488 (discriminator 1) init/main.c:1681 (discriminator 1))
[ 0.365732][ T1] ? kernel_init (init/main.c:1582)
[ 0.365732][ T1] ? ret_from_fork (arch/x86/kernel/process.c:158)
[ 0.365732][ T1] ? rest_init (init/main.c:760)
[ 0.365732][ T1] ? ret_from_fork_asm (arch/x86/entry/entry_32.S:736)
[ 0.365732][ T1] ? entry_INT80_32 (arch/x86/entry/entry_32.S:940)
[ 0.365732][ T1] Modules linked in:
[ 0.365732][ T1] CR2: 0000000000000000
[ 0.365732][ T1] ---[ end trace 0000000000000000 ]---
[ 0.365732][ T1] EIP: strcmp (arch/x86/lib/string_32.c:97)
[ 0.365732][ T1] Code: 84 c0 75 f7 31 c0 aa 89 d8 5b 5e 5f 5d 31 d2 31 c9 c3 8d 76 00 2e 8d b4 26 00 00 00 00 8d 74 26 00 55 89 e5 57 89 d7 56 89 c6 <ac> ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 5e 5f 5d 31 d2 c3
All code
========
0: 84 c0 test %al,%al
2: 75 f7 jne 0xfffffffffffffffb
4: 31 c0 xor %eax,%eax
6: aa stos %al,%es:(%rdi)
7: 89 d8 mov %ebx,%eax
9: 5b pop %rbx
a: 5e pop %rsi
b: 5f pop %rdi
c: 5d pop %rbp
d: 31 d2 xor %edx,%edx
f: 31 c9 xor %ecx,%ecx
11: c3 ret
12: 8d 76 00 lea 0x0(%rsi),%esi
15: 2e 8d b4 26 00 00 00 cs lea 0x0(%rsi,%riz,1),%esi
1c: 00
1d: 8d 74 26 00 lea 0x0(%rsi,%riz,1),%esi
21: 55 push %rbp
22: 89 e5 mov %esp,%ebp
24: 57 push %rdi
25: 89 d7 mov %edx,%edi
27: 56 push %rsi
28: 89 c6 mov %eax,%esi
2a:* ac lods %ds:(%rsi),%al <-- trapping instruction
2b: ae scas %es:(%rdi),%al
2c: 75 08 jne 0x36
2e: 84 c0 test %al,%al
30: 75 f8 jne 0x2a
32: 31 c0 xor %eax,%eax
34: eb 04 jmp 0x3a
36: 19 c0 sbb %eax,%eax
38: 0c 01 or $0x1,%al
3a: 5e pop %rsi
3b: 5f pop %rdi
3c: 5d pop %rbp
3d: 31 d2 xor %edx,%edx
3f: c3 ret
Code starting with the faulting instruction
===========================================
0: ac lods %ds:(%rsi),%al
1: ae scas %es:(%rdi),%al
2: 75 08 jne 0xc
4: 84 c0 test %al,%al
6: 75 f8 jne 0x0
8: 31 c0 xor %eax,%eax
a: eb 04 jmp 0x10
c: 19 c0 sbb %eax,%eax
e: 0c 01 or $0x1,%al
10: 5e pop %rsi
11: 5f pop %rdi
12: 5d pop %rbp
13: 31 d2 xor %edx,%edx
15: c3 ret
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260428/202604282018.c2caa8e7-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-04-28 13:20 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-28 13:20 [jimc:jump-batch] [drm] a3facbf7db: BUG:kernel_NULL_pointer_dereference,address kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.