From: kernel test robot <oliver.sang@intel.com>
To: "Jim Cromie" <jim.cromie@gmail.com>,
"Łukasz Bartosik" <ukaszb@chromium.org>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>, <oliver.sang@intel.com>
Subject: [jimc:dd-shrink] [dyndbg] 1663ffb9c1: BUG:kernel_NULL_pointer_dereference,address
Date: Wed, 21 Jan 2026 14:08:14 +0800 [thread overview]
Message-ID: <202601211325.7e1f336-lkp@intel.com> (raw)
Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: 1663ffb9c19cba56a091fac48e06e248f009be26 ("dyndbg: resolve "protection" of class'd pr_debug")
https://github.com/jimc/linux.git dd-shrink
in testcase: boot
config: i386-randconfig-015-20260120
compiler: clang-20
test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------+------------+------------+
| | 9d6b17ecee | 1663ffb9c1 |
+---------------------------------------------+------------+------------+
| boot_successes | 12 | 0 |
| boot_failures | 0 | 12 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 12 |
| Oops | 0 | 12 |
| EIP:strcmp | 0 | 12 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 12 |
+---------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202601211325.7e1f336-lkp@intel.com
[ 1.266156][ T1] BUG: kernel NULL pointer dereference, address: 00000000
[ 1.267870][ T1] #PF: supervisor read access in kernel mode
[ 1.269056][ T1] #PF: error_code(0x0000) - not-present page
[ 1.269056][ T1] *pdpt = 0000000000000000 *pde = f000ff53f000ff53
[ 1.269056][ T1] Oops: Oops: 0000 [#1] SMP
[ 1.269056][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G T 6.19.0-rc6-00029-g1663ffb9c19c #1 PREEMPT(lazy) d32193f03a93c27f95904822137a3e5139e15ea4
[ 1.269056][ T1] Tainted: [T]=RANDSTRUCT
[ 1.269056][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 1.269056][ T1] EIP: strcmp (arch/x86/lib/string_32.c:97)
[ 1.269056][ T1] Code: 06 ac aa 84 c0 75 f7 31 c0 aa 89 d8 83 c4 04 5e 5f 5b 5d 31 c9 31 d2 c3 90 90 90 90 90 90 90 90 90 55 89 e5 57 56 89 d7 89 c6 <ac> ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 5e 5f 5d 31 d2 c3
All code
========
0: 06 (bad)
1: ac lods %ds:(%rsi),%al
2: aa stos %al,%es:(%rdi)
3: 84 c0 test %al,%al
5: 75 f7 jne 0xfffffffffffffffe
7: 31 c0 xor %eax,%eax
9: aa stos %al,%es:(%rdi)
a: 89 d8 mov %ebx,%eax
c: 83 c4 04 add $0x4,%esp
f: 5e pop %rsi
10: 5f pop %rdi
11: 5b pop %rbx
12: 5d pop %rbp
13: 31 c9 xor %ecx,%ecx
15: 31 d2 xor %edx,%edx
17: c3 ret
18: 90 nop
19: 90 nop
1a: 90 nop
1b: 90 nop
1c: 90 nop
1d: 90 nop
1e: 90 nop
1f: 90 nop
20: 90 nop
21: 55 push %rbp
22: 89 e5 mov %esp,%ebp
24: 57 push %rdi
25: 56 push %rsi
26: 89 d7 mov %edx,%edi
28: 89 c6 mov %eax,%esi
2a:* ac lods %ds:(%rsi),%al <-- trapping instruction
2b: ae scas %es:(%rdi),%al
2c: 75 08 jne 0x36
2e: 84 c0 test %al,%al
30: 75 f8 jne 0x2a
32: 31 c0 xor %eax,%eax
34: eb 04 jmp 0x3a
36: 19 c0 sbb %eax,%eax
38: 0c 01 or $0x1,%al
3a: 5e pop %rsi
3b: 5f pop %rdi
3c: 5d pop %rbp
3d: 31 d2 xor %edx,%edx
3f: c3 ret
Code starting with the faulting instruction
===========================================
0: ac lods %ds:(%rsi),%al
1: ae scas %es:(%rdi),%al
2: 75 08 jne 0xc
4: 84 c0 test %al,%al
6: 75 f8 jne 0x0
8: 31 c0 xor %eax,%eax
a: eb 04 jmp 0x10
c: 19 c0 sbb %eax,%eax
e: 0c 01 or $0x1,%al
10: 5e pop %rsi
11: 5f pop %rdi
12: 5d pop %rbp
13: 31 d2 xor %edx,%edx
15: c3 ret
[ 1.269056][ T1] EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000
[ 1.269056][ T1] ESI: 00000000 EDI: 00000000 EBP: 46981c84 ESP: 46981c7c
[ 1.269056][ T1] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010246
[ 1.269056][ T1] CR0: 80050033 CR2: 00000000 CR3: 05e58000 CR4: 000406b0
[ 1.269056][ T1] Call Trace:
[ 1.269056][ T1] ? dynamic_debug_init (lib/dynamic_debug.c:1651)
[ 1.269056][ T1] ? rest_init (init/main.c:1570)
[ 1.269056][ T1] ? do_one_initcall (init/main.c:1378)
[ 1.269056][ T1] ? __lock_acquire (kernel/locking/lockdep.c:4674)
[ 1.269056][ T1] ? xas_create (include/linux/xarray.h:1217 (discriminator 2))
[ 1.269056][ T1] ? lock_acquire (kernel/locking/lockdep.c:5868)
[ 1.269056][ T1] ? __register_sysctl_table (fs/proc/proc_sysctl.c:1399)
[ 1.269056][ T1] ? __register_sysctl_table (fs/proc/proc_sysctl.c:1399)
[ 1.269056][ T1] ? _raw_spin_unlock (arch/x86/include/asm/preempt.h:95 include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186)
[ 1.269056][ T1] ? __register_sysctl_table (fs/proc/proc_sysctl.c:1399)
[ 1.269056][ T1] ? rest_init (init/main.c:1570)
[ 1.269056][ T1] ? dyndbg_setup (lib/dynamic_debug.c:1612)
[ 1.269056][ T1] ? rest_init (init/main.c:1570)
[ 1.269056][ T1] ? do_pre_smp_initcalls (init/main.c:1483 (discriminator 2))
[ 1.269056][ T1] ? rest_init (init/main.c:1570)
[ 1.269056][ T1] ? kernel_init_freeable (init/main.c:1678)
[ 1.269056][ T1] ? kernel_init (init/main.c:1580)
[ 1.269056][ T1] ? ret_from_fork (arch/x86/kernel/process.c:164)
[ 1.269056][ T1] ? rest_init (init/main.c:1570)
[ 1.269056][ T1] ? ret_from_fork_asm (arch/x86/entry/entry_32.S:737)
[ 1.269056][ T1] ? entry_INT80_32 (arch/x86/entry/entry_32.S:945)
[ 1.269056][ T1] Modules linked in:
[ 1.269056][ T1] CR2: 0000000000000000
[ 1.269056][ T1] ---[ end trace 0000000000000000 ]---
[ 1.269056][ T1] EIP: strcmp (arch/x86/lib/string_32.c:97)
[ 1.269056][ T1] Code: 06 ac aa 84 c0 75 f7 31 c0 aa 89 d8 83 c4 04 5e 5f 5b 5d 31 c9 31 d2 c3 90 90 90 90 90 90 90 90 90 55 89 e5 57 56 89 d7 89 c6 <ac> ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 5e 5f 5d 31 d2 c3
All code
========
0: 06 (bad)
1: ac lods %ds:(%rsi),%al
2: aa stos %al,%es:(%rdi)
3: 84 c0 test %al,%al
5: 75 f7 jne 0xfffffffffffffffe
7: 31 c0 xor %eax,%eax
9: aa stos %al,%es:(%rdi)
a: 89 d8 mov %ebx,%eax
c: 83 c4 04 add $0x4,%esp
f: 5e pop %rsi
10: 5f pop %rdi
11: 5b pop %rbx
12: 5d pop %rbp
13: 31 c9 xor %ecx,%ecx
15: 31 d2 xor %edx,%edx
17: c3 ret
18: 90 nop
19: 90 nop
1a: 90 nop
1b: 90 nop
1c: 90 nop
1d: 90 nop
1e: 90 nop
1f: 90 nop
20: 90 nop
21: 55 push %rbp
22: 89 e5 mov %esp,%ebp
24: 57 push %rdi
25: 56 push %rsi
26: 89 d7 mov %edx,%edi
28: 89 c6 mov %eax,%esi
2a:* ac lods %ds:(%rsi),%al <-- trapping instruction
2b: ae scas %es:(%rdi),%al
2c: 75 08 jne 0x36
2e: 84 c0 test %al,%al
30: 75 f8 jne 0x2a
32: 31 c0 xor %eax,%eax
34: eb 04 jmp 0x3a
36: 19 c0 sbb %eax,%eax
38: 0c 01 or $0x1,%al
3a: 5e pop %rsi
3b: 5f pop %rdi
3c: 5d pop %rbp
3d: 31 d2 xor %edx,%edx
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260121/202601211325.7e1f336-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
next reply other threads:[~2026-01-21 6:08 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-21 6:08 kernel test robot [this message]
2026-01-23 19:45 ` [jimc:dd-shrink] [dyndbg] 1663ffb9c1: BUG:kernel_NULL_pointer_dereference,address jim.cromie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202601211325.7e1f336-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=jim.cromie@gmail.com \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
--cc=ukaszb@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox