From: kernel test robot <oliver.sang@intel.com>
To: Pavel Begunkov <asml.silence@gmail.com>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>, <oliver.sang@intel.com>
Subject: [isilence:zcrx/large-buffers-v8-test] [net] 8177b4e8d2: BUG:kernel_NULL_pointer_dereference,address
Date: Fri, 9 Jan 2026 14:43:35 +0800 [thread overview]
Message-ID: <202601091437.636c7d12-lkp@intel.com> (raw)
Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: 8177b4e8d28dafa6ddb07f09d2968ce812567410 ("net: add qcfg init")
https://github.com/isilence/linux zcrx/large-buffers-v8-test
in testcase: boot
config: x86_64-kexec
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------+------------+------------+
| | 41c5f52fb5 | 8177b4e8d2 |
+---------------------------------------------+------------+------------+
| boot_successes | 15 | 0 |
| boot_failures | 0 | 15 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 15 |
| Oops | 0 | 15 |
| RIP:register_netdevice | 0 | 15 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 15 |
+---------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202601091437.636c7d12-lkp@intel.com
[ 8.916973][ T1] BUG: kernel NULL pointer dereference, address: 0000000000000028
[ 8.920203][ T1] #PF: supervisor read access in kernel mode
[ 8.920275][ T1] #PF: error_code(0x0000) - not-present page
[ 8.920275][ T1] PGD 0 P4D 0
[ 8.920275][ T1] Oops: Oops: 0000 [#1] SMP PTI
[ 8.920275][ T1] CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.19.0-rc3-00127-g8177b4e8d28d #1 PREEMPT(voluntary)
[ 8.920275][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 8.920275][ T1] RIP: 0010:register_netdevice (net/core/dev.c:11279 net/core/dev.c:11333)
[ 8.920275][ T1] Code: 48 08 48 89 08 48 89 58 20 4c 89 78 28 48 89 c2 48 83 c2 10 48 89 50 10 48 89 50 18 48 89 83 20 01 00 00 4c 8b b3 c8 07 00 00 <49> 39 4e 28 74 3e 83 bb c0 03 00 00 00 74 35 41 bc a8 00 00 00 45
All code
========
0: 48 08 48 89 rex.W or %cl,-0x77(%rax)
4: 08 48 89 or %cl,-0x77(%rax)
7: 58 pop %rax
8: 20 4c 89 78 and %cl,0x78(%rcx,%rcx,4)
c: 28 48 89 sub %cl,-0x77(%rax)
f: c2 48 83 ret $0x8348
12: c2 10 48 ret $0x4810
15: 89 50 10 mov %edx,0x10(%rax)
18: 48 89 50 18 mov %rdx,0x18(%rax)
1c: 48 89 83 20 01 00 00 mov %rax,0x120(%rbx)
23: 4c 8b b3 c8 07 00 00 mov 0x7c8(%rbx),%r14
2a:* 49 39 4e 28 cmp %rcx,0x28(%r14) <-- trapping instruction
2e: 74 3e je 0x6e
30: 83 bb c0 03 00 00 00 cmpl $0x0,0x3c0(%rbx)
37: 74 35 je 0x6e
39: 41 bc a8 00 00 00 mov $0xa8,%r12d
3f: 45 rex.RB
Code starting with the faulting instruction
===========================================
0: 49 39 4e 28 cmp %rcx,0x28(%r14)
4: 74 3e je 0x44
6: 83 bb c0 03 00 00 00 cmpl $0x0,0x3c0(%rbx)
d: 74 35 je 0x44
f: 41 bc a8 00 00 00 mov $0xa8,%r12d
15: 45 rex.RB
[ 8.920275][ T1] RSP: 0000:ffffc90000013a00 EFLAGS: 00010282
[ 8.920275][ T1] RAX: ffff88810d3531c0 RBX: ffff88810d380000 RCX: 0000000000000000
[ 8.920275][ T1] RDX: ffff88810d3531d0 RSI: ffffffff838304f0 RDI: ffffffff826e1e01
[ 8.920275][ T1] RBP: ffff88889c4ff000 R08: 0000000000000040 R09: 0000000000000000
[ 8.920275][ T1] R10: 00000000ffffffff R11: 0000000000000000 R12: 0000000000000000
[ 8.920275][ T1] R13: 0000000000000001 R14: 0000000000000000 R15: ffff88810d380110
[ 8.920275][ T1] FS: 0000000000000000(0000) GS:ffff88889c4ff000(0000) knlGS:0000000000000000
[ 8.920275][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8.920275][ T1] CR2: 0000000000000028 CR3: 0000000002a30000 CR4: 00000000000406f0
[ 8.920275][ T1] Call Trace:
[ 8.920275][ T1] <TASK>
[ 8.920275][ T1] register_netdev (net/core/dev.c:11526)
[ 8.920275][ T1] loopback_net_init (drivers/net/loopback.c:219)
[ 8.920275][ T1] ops_init (net/core/net_namespace.c:138)
[ 8.920275][ T1] register_pernet_operations (net/core/net_namespace.c:1390)
[ 8.920275][ T1] register_pernet_device (net/core/net_namespace.c:1476)
[ 8.920275][ T1] net_dev_init (net/core/dev.c:13261)
[ 8.920275][ T1] ? __pfx_net_dev_init (net/core/dev.c:13191)
[ 8.920275][ T1] do_one_initcall (init/main.c:1378)
[ 8.920275][ T1] ? __alloc_frozen_pages_noprof (mm/page_alloc.c:5210)
[ 8.920275][ T1] ? asm_sysvec_apic_timer_interrupt (arch/x86/include/asm/idtentry.h:697)
[ 8.920275][ T1] ? __pfx_ignore_unknown_bootoption (init/main.c:1424)
[ 8.920275][ T1] ? parameq (kernel/params.c:81 kernel/params.c:91 kernel/params.c:99)
[ 8.920275][ T1] ? parameq (kernel/params.c:90 kernel/params.c:99)
[ 8.920275][ T1] ? __pfx_ignore_unknown_bootoption (init/main.c:1424)
[ 8.920275][ T1] ? parse_args (kernel/params.c:153 kernel/params.c:186)
[ 8.920275][ T1] do_initcall_level (init/main.c:1439)
[ 8.920275][ T1] do_initcalls (init/main.c:1453)
[ 8.920275][ T1] kernel_init_freeable (init/main.c:1692)
[ 8.920275][ T1] ? __pfx_kernel_init (init/main.c:1570)
[ 8.920275][ T1] kernel_init (init/main.c:1580)
[ 8.920275][ T1] ret_from_fork (arch/x86/kernel/process.c:164)
[ 8.920275][ T1] ? __pfx_kernel_init (init/main.c:1570)
[ 8.920275][ T1] ret_from_fork_asm (arch/x86/entry/entry_64.S:256)
[ 8.920275][ T1] </TASK>
[ 8.920275][ T1] Modules linked in:
[ 8.920275][ T1] CR2: 0000000000000028
[ 8.920275][ T1] ---[ end trace 0000000000000000 ]---
[ 8.920275][ T1] RIP: 0010:register_netdevice (net/core/dev.c:11279 net/core/dev.c:11333)
[ 8.920275][ T1] Code: 48 08 48 89 08 48 89 58 20 4c 89 78 28 48 89 c2 48 83 c2 10 48 89 50 10 48 89 50 18 48 89 83 20 01 00 00 4c 8b b3 c8 07 00 00 <49> 39 4e 28 74 3e 83 bb c0 03 00 00 00 74 35 41 bc a8 00 00 00 45
All code
========
0: 48 08 48 89 rex.W or %cl,-0x77(%rax)
4: 08 48 89 or %cl,-0x77(%rax)
7: 58 pop %rax
8: 20 4c 89 78 and %cl,0x78(%rcx,%rcx,4)
c: 28 48 89 sub %cl,-0x77(%rax)
f: c2 48 83 ret $0x8348
12: c2 10 48 ret $0x4810
15: 89 50 10 mov %edx,0x10(%rax)
18: 48 89 50 18 mov %rdx,0x18(%rax)
1c: 48 89 83 20 01 00 00 mov %rax,0x120(%rbx)
23: 4c 8b b3 c8 07 00 00 mov 0x7c8(%rbx),%r14
2a:* 49 39 4e 28 cmp %rcx,0x28(%r14) <-- trapping instruction
2e: 74 3e je 0x6e
30: 83 bb c0 03 00 00 00 cmpl $0x0,0x3c0(%rbx)
37: 74 35 je 0x6e
39: 41 bc a8 00 00 00 mov $0xa8,%r12d
3f: 45 rex.RB
Code starting with the faulting instruction
===========================================
0: 49 39 4e 28 cmp %rcx,0x28(%r14)
4: 74 3e je 0x44
6: 83 bb c0 03 00 00 00 cmpl $0x0,0x3c0(%rbx)
d: 74 35 je 0x44
f: 41 bc a8 00 00 00 mov $0xa8,%r12d
15: 45 rex.RB
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260109/202601091437.636c7d12-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2026-01-09 6:43 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202601091437.636c7d12-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=asml.silence@gmail.com \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox