From: kernel test robot <oliver.sang@intel.com>
To: "Jim Cromie" <jim.cromie@gmail.com>,
"Łukasz Bartosik" <ukaszb@chromium.org>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>, <oliver.sang@intel.com>
Subject: [jimc:dd-rust-parse-2b] [dynamic_debug] f9ffb9cd4c: BUG:kernel_NULL_pointer_dereference,address
Date: Fri, 26 Jun 2026 17:21:17 +0800 [thread overview]
Message-ID: <202606261624.8bb81239-lkp@intel.com> (raw)
hi, Jim Cromie,
we just reported
"[jimc:jb-fix] [dynamic_debug] d405145208: Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP_KASAN"
in
https://lore.kernel.org/all/202606261437.36507000-lkp@intel.com/
two hours ago.
where I assumed the patch is a fix for i386, but maybe caused regression in
our x86_64 boot tests.
however, later, I found our bot happened to test i386 boot in another branch
and capture this change cause regression on i386 boot tests - parent can boot
successfully, but this change will break the i386 boot, too.
so report again FYI.
Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: f9ffb9cd4ce0b19f39fd6dd5361e9d067c9be714 ("dynamic_debug: Simplify classmap macros by removing redundant aligned(8) attributes")
https://github.com/jimc/linux.git dd-rust-parse-2b
in testcase: boot
config: i386-randconfig-003-20260623
compiler: gcc-14
test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202606261624.8bb81239-lkp@intel.com
[ 0.756103][ T1] BUG: kernel NULL pointer dereference, address: 00000000
[ 0.758285][ T1] #PF: supervisor read access in kernel mode
[ 0.759534][ T1] #PF: error_code(0x0000) - not-present page
[ 0.759534][ T1] *pde = 00000000
[ 0.759534][ T1] Oops: Oops: 0000 [#1] SMP
[ 0.759534][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G T 7.1.0-00050-gf9ffb9cd4ce0 #1 PREEMPT(lazy)
[ 0.759534][ T1] Tainted: [T]=RANDSTRUCT
[ 0.759534][ T1] EIP: strcmp (x86/lib/string_32.c:94)
[ 0.759534][ T1] Code: 49 78 06 ac aa 84 c0 75 f7 31 c0 aa 83 c4 04 89 d8 5b 5e 5f 5d e9 b7 aa 01 00 8d b4 26 00 00 00 00 55 89 e5 57 89 d7 56 89 c6 <ac> ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 5e 5f 5d e9 8f aa
All code
========
0: 49 78 06 rex.WB js 0x9
3: ac lods %ds:(%rsi),%al
4: aa stos %al,%es:(%rdi)
5: 84 c0 test %al,%al
7: 75 f7 jne 0x0
9: 31 c0 xor %eax,%eax
b: aa stos %al,%es:(%rdi)
c: 83 c4 04 add $0x4,%esp
f: 89 d8 mov %ebx,%eax
11: 5b pop %rbx
12: 5e pop %rsi
13: 5f pop %rdi
14: 5d pop %rbp
15: e9 b7 aa 01 00 jmp 0x1aad1
1a: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
21: 55 push %rbp
22: 89 e5 mov %esp,%ebp
24: 57 push %rdi
25: 89 d7 mov %edx,%edi
27: 56 push %rsi
28: 89 c6 mov %eax,%esi
2a:* ac lods %ds:(%rsi),%al <-- trapping instruction
2b: ae scas %es:(%rdi),%al
2c: 75 08 jne 0x36
2e: 84 c0 test %al,%al
30: 75 f8 jne 0x2a
32: 31 c0 xor %eax,%eax
34: eb 04 jmp 0x3a
36: 19 c0 sbb %eax,%eax
38: 0c 01 or $0x1,%al
3a: 5e pop %rsi
3b: 5f pop %rdi
3c: 5d pop %rbp
3d: e9 .byte 0xe9
3e: 8f .byte 0x8f
3f: aa stos %al,%es:(%rdi)
Code starting with the faulting instruction
===========================================
0: ac lods %ds:(%rsi),%al
1: ae scas %es:(%rdi),%al
2: 75 08 jne 0xc
4: 84 c0 test %al,%al
6: 75 f8 jne 0x0
8: 31 c0 xor %eax,%eax
a: eb 04 jmp 0x10
c: 19 c0 sbb %eax,%eax
e: 0c 01 or $0x1,%al
10: 5e pop %rsi
11: 5f pop %rdi
12: 5d pop %rbp
13: e9 .byte 0xe9
14: 8f .byte 0x8f
15: aa stos %al,%es:(%rdi)
[ 0.759534][ T1] EAX: 00000000 EBX: 00000000 ECX: 85c8fd00 EDX: 83d2281a
[ 0.759534][ T1] ESI: 00000000 EDI: 83d2281a EBP: 85cc9e6c ESP: 85cc9e64
[ 0.759534][ T1] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010246
[ 0.759534][ T1] CR0: 80050033 CR2: 00000000 CR3: 0488f000 CR4: 00040690
[ 0.759534][ T1] Call Trace:
[ 0.759534][ T1] ddebug_add_module (dynamic_debug.c:1572 (discriminator 8))
[ 0.759534][ T1] ? __lock_release+0x115/0x300
[ 0.759534][ T1] ? blocking_notifier_chain_register (notifier.c:265 notifier.c:282)
[ 0.759534][ T1] ? up_write (locking/rwsem.c:1682)
[ 0.759534][ T1] ? blocking_notifier_chain_register (notifier.c:265 notifier.c:282)
[ 0.759534][ T1] ? dynamic_debug_init_control (dynamic_debug.c:1768)
[ 0.759534][ T1] dynamic_debug_init (dynamic_debug.c:1815)
[ 0.759534][ T1] ? dynamic_debug_init_control (dynamic_debug.c:1768)
[ 0.759534][ T1] do_one_initcall (main.c:1392)
[ 0.759534][ T1] ? __register_sysctl_table (linux/spinlock.h:390 proc/proc_sysctl.c:1403)
[ 0.759534][ T1] kernel_init_freeable (main.c:1499 (discriminator 1) main.c:1692 (discriminator 1))
[ 0.759534][ T1] ? rest_init (main.c:762)
[ 0.759534][ T1] kernel_init (main.c:1593)
[ 0.759534][ T1] ret_from_fork (x86/kernel/process.c:158)
[ 0.759534][ T1] ? rest_init (main.c:762)
[ 0.759534][ T1] ret_from_fork_asm (x86/entry/entry_32.S:736)
[ 0.759534][ T1] entry_INT80_32 (x86/entry/entry_32.S:940)
[ 0.759534][ T1] Modules linked in:
[ 0.759534][ T1] CR2: 0000000000000000
[ 0.759534][ T1] ---[ end trace 0000000000000000 ]---
[ 0.759534][ T1] EIP: strcmp (x86/lib/string_32.c:94)
[ 0.759534][ T1] Code: 49 78 06 ac aa 84 c0 75 f7 31 c0 aa 83 c4 04 89 d8 5b 5e 5f 5d e9 b7 aa 01 00 8d b4 26 00 00 00 00 55 89 e5 57 89 d7 56 89 c6 <ac> ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 5e 5f 5d e9 8f aa
All code
========
0: 49 78 06 rex.WB js 0x9
3: ac lods %ds:(%rsi),%al
4: aa stos %al,%es:(%rdi)
5: 84 c0 test %al,%al
7: 75 f7 jne 0x0
9: 31 c0 xor %eax,%eax
b: aa stos %al,%es:(%rdi)
c: 83 c4 04 add $0x4,%esp
f: 89 d8 mov %ebx,%eax
11: 5b pop %rbx
12: 5e pop %rsi
13: 5f pop %rdi
14: 5d pop %rbp
15: e9 b7 aa 01 00 jmp 0x1aad1
1a: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
21: 55 push %rbp
22: 89 e5 mov %esp,%ebp
24: 57 push %rdi
25: 89 d7 mov %edx,%edi
27: 56 push %rsi
28: 89 c6 mov %eax,%esi
2a:* ac lods %ds:(%rsi),%al <-- trapping instruction
2b: ae scas %es:(%rdi),%al
2c: 75 08 jne 0x36
2e: 84 c0 test %al,%al
30: 75 f8 jne 0x2a
32: 31 c0 xor %eax,%eax
34: eb 04 jmp 0x3a
36: 19 c0 sbb %eax,%eax
38: 0c 01 or $0x1,%al
3a: 5e pop %rsi
3b: 5f pop %rdi
3c: 5d pop %rbp
3d: e9 .byte 0xe9
3e: 8f .byte 0x8f
3f: aa stos %al,%es:(%rdi)
Code starting with the faulting instruction
===========================================
0: ac lods %ds:(%rsi),%al
1: ae scas %es:(%rdi),%al
2: 75 08 jne 0xc
4: 84 c0 test %al,%al
6: 75 f8 jne 0x0
8: 31 c0 xor %eax,%eax
a: eb 04 jmp 0x10
c: 19 c0 sbb %eax,%eax
e: 0c 01 or $0x1,%al
10: 5e pop %rsi
11: 5f pop %rdi
12: 5d pop %rbp
13: e9 .byte 0xe9
14: 8f .byte 0x8f
15: aa stos %al,%es:(%rdi)
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260626/202606261624.8bb81239-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2026-06-26 9:21 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202606261624.8bb81239-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=jim.cromie@gmail.com \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
--cc=ukaszb@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.