[linus:master] [usb] 56a512a9b4: Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [linus:master] [usb]  56a512a9b4: Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP_KASAN
@ 2026-02-18  9:10 kernel test robot
  0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2026-02-18  9:10 UTC (permalink / raw)
  To: Kuen-Han Tsai
  Cc: oe-lkp, lkp, linux-kernel, Greg Kroah-Hartman, linux-usb,
	oliver.sang



Hello,

kernel test robot noticed "Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP_KASAN" on:

commit: 56a512a9b4107079f68701e7d55da8507eb963d9 ("usb: gadget: f_ncm: align net_device lifecycle with bind/unbind")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master


in testcase: boot

config: x86_64-randconfig-002-20260217
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G

(please refer to attached dmesg/kmsg for entire log/backtrace)


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202602181727.fd76c561-lkp@intel.com



[    8.960483][    T1] usb usb1: SerialNumber: dummy_hcd.0
[    8.962200][    T1] hub 1-0:1.0: USB hub found
[    8.963048][    T1] hub 1-0:1.0: 1 port detected
[    8.967283][    T1] file system registered
[    8.968024][    T1] udc dummy_udc.0: binding gadget driver [g_ncm]
[    8.968851][    T1] Oops: general protection fault, probably for non-canonical address 0xdffffc00000001a3: 0000 [#1] SMP KASAN
[    8.970049][    T1] KASAN: null-ptr-deref in range [0x0000000000000d18-0x0000000000000d1f]
[    8.970973][    T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G                T   6.19.0-rc3-00025-g56a512a9b410 #1 PREEMPTLAZY
[    8.971938][    T1] Tainted: [T]=RANDSTRUCT
[    8.971938][    T1] RIP: 0010:gether_set_qmult (kbuild/src/consumer/drivers/usb/gadget/function/u_ether.c:988)
[    8.971938][    T1] Code: 00 00 f3 0f 1e fa 0f 1f 44 00 00 55 48 89 e5 41 56 53 48 81 c7 18 0d 00 00 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <0f> b6 04 08 84 c0 75 07 89 37 5b 41 5e 5d c3 89 f9 80 e1 07 80 c1
All code
========
   0:	00 00                	add    %al,(%rax)
   2:	f3 0f 1e fa          	endbr64
   6:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
   b:	55                   	push   %rbp
   c:	48 89 e5             	mov    %rsp,%rbp
   f:	41 56                	push   %r14
  11:	53                   	push   %rbx
  12:	48 81 c7 18 0d 00 00 	add    $0xd18,%rdi
  19:	48 89 f8             	mov    %rdi,%rax
  1c:	48 c1 e8 03          	shr    $0x3,%rax
  20:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  27:	fc ff df 
  2a:*	0f b6 04 08          	movzbl (%rax,%rcx,1),%eax		<-- trapping instruction
  2e:	84 c0                	test   %al,%al
  30:	75 07                	jne    0x39
  32:	89 37                	mov    %esi,(%rdi)
  34:	5b                   	pop    %rbx
  35:	41 5e                	pop    %r14
  37:	5d                   	pop    %rbp
  38:	c3                   	ret
  39:	89 f9                	mov    %edi,%ecx
  3b:	80 e1 07             	and    $0x7,%cl
  3e:	80                   	.byte 0x80
  3f:	c1                   	.byte 0xc1

Code starting with the faulting instruction
===========================================
   0:	0f b6 04 08          	movzbl (%rax,%rcx,1),%eax
   4:	84 c0                	test   %al,%al
   6:	75 07                	jne    0xf
   8:	89 37                	mov    %esi,(%rdi)
   a:	5b                   	pop    %rbx
   b:	41 5e                	pop    %r14
   d:	5d                   	pop    %rbp
   e:	c3                   	ret
   f:	89 f9                	mov    %edi,%ecx
  11:	80 e1 07             	and    $0x7,%cl
  14:	80                   	.byte 0x80
  15:	c1                   	.byte 0xc1
[    8.971938][    T1] RSP: 0018:ffff8881009df660 EFLAGS: 00010206
[    8.971938][    T1] RAX: 00000000000001a3 RBX: ffff8881020fd400 RCX: dffffc0000000000
[    8.971938][    T1] RDX: 0000000000000001 RSI: 0000000000000005 RDI: 0000000000000d18
[    8.971938][    T1] RBP: ffff8881009df670 R08: ffff8881009df5ef R09: 1ffff1102013bebd
[    8.971938][    T1] R10: dffffc0000000000 R11: ffffed102013bebe R12: dffffc0000000000
[    8.971938][    T1] R13: 1ffff11020105216 R14: ffff8881296b4c00 R15: ffff8881008290b0
[    8.971938][    T1] FS:  0000000000000000(0000) GS:ffff88879974e000(0000) knlGS:0000000000000000
[    8.971938][    T1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    8.971938][    T1] CR2: 00007f70208af0ac CR3: 0000000004a7c000 CR4: 00000000000406f0
[    8.971938][    T1] Call Trace:
[    8.971938][    T1]  <TASK>
[    8.971938][    T1]  gncm_bind (kbuild/src/consumer/drivers/usb/gadget/legacy/ncm.c:140)
[    8.971938][    T1]  ? gadget_bind_driver (kbuild/src/consumer/drivers/usb/gadget/udc/core.c:1629 (discriminator 1024))
[    8.971938][    T1]  composite_bind (kbuild/src/consumer/drivers/usb/gadget/composite.c:2553)
[    8.971938][    T1]  ? suspended_show (kbuild/src/consumer/drivers/usb/gadget/composite.c:2529)


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260218/202602181727.fd76c561-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-02-18  9:11 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-18  9:10 [linus:master] [usb] 56a512a9b4: Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]SMP_KASAN kernel test robot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox