* [jimc:dd-shrink] [dyndbg] 1663ffb9c1: BUG:kernel_NULL_pointer_dereference,address
@ 2026-01-21 6:08 kernel test robot
2026-01-23 19:45 ` jim.cromie
0 siblings, 1 reply; 2+ messages in thread
From: kernel test robot @ 2026-01-21 6:08 UTC (permalink / raw)
To: Jim Cromie, Łukasz Bartosik; +Cc: oe-lkp, lkp, oliver.sang
Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: 1663ffb9c19cba56a091fac48e06e248f009be26 ("dyndbg: resolve "protection" of class'd pr_debug")
https://github.com/jimc/linux.git dd-shrink
in testcase: boot
config: i386-randconfig-015-20260120
compiler: clang-20
test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------+------------+------------+
| | 9d6b17ecee | 1663ffb9c1 |
+---------------------------------------------+------------+------------+
| boot_successes | 12 | 0 |
| boot_failures | 0 | 12 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 12 |
| Oops | 0 | 12 |
| EIP:strcmp | 0 | 12 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 12 |
+---------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202601211325.7e1f336-lkp@intel.com
[ 1.266156][ T1] BUG: kernel NULL pointer dereference, address: 00000000
[ 1.267870][ T1] #PF: supervisor read access in kernel mode
[ 1.269056][ T1] #PF: error_code(0x0000) - not-present page
[ 1.269056][ T1] *pdpt = 0000000000000000 *pde = f000ff53f000ff53
[ 1.269056][ T1] Oops: Oops: 0000 [#1] SMP
[ 1.269056][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G T 6.19.0-rc6-00029-g1663ffb9c19c #1 PREEMPT(lazy) d32193f03a93c27f95904822137a3e5139e15ea4
[ 1.269056][ T1] Tainted: [T]=RANDSTRUCT
[ 1.269056][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 1.269056][ T1] EIP: strcmp (arch/x86/lib/string_32.c:97)
[ 1.269056][ T1] Code: 06 ac aa 84 c0 75 f7 31 c0 aa 89 d8 83 c4 04 5e 5f 5b 5d 31 c9 31 d2 c3 90 90 90 90 90 90 90 90 90 55 89 e5 57 56 89 d7 89 c6 <ac> ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 5e 5f 5d 31 d2 c3
All code
========
0: 06 (bad)
1: ac lods %ds:(%rsi),%al
2: aa stos %al,%es:(%rdi)
3: 84 c0 test %al,%al
5: 75 f7 jne 0xfffffffffffffffe
7: 31 c0 xor %eax,%eax
9: aa stos %al,%es:(%rdi)
a: 89 d8 mov %ebx,%eax
c: 83 c4 04 add $0x4,%esp
f: 5e pop %rsi
10: 5f pop %rdi
11: 5b pop %rbx
12: 5d pop %rbp
13: 31 c9 xor %ecx,%ecx
15: 31 d2 xor %edx,%edx
17: c3 ret
18: 90 nop
19: 90 nop
1a: 90 nop
1b: 90 nop
1c: 90 nop
1d: 90 nop
1e: 90 nop
1f: 90 nop
20: 90 nop
21: 55 push %rbp
22: 89 e5 mov %esp,%ebp
24: 57 push %rdi
25: 56 push %rsi
26: 89 d7 mov %edx,%edi
28: 89 c6 mov %eax,%esi
2a:* ac lods %ds:(%rsi),%al <-- trapping instruction
2b: ae scas %es:(%rdi),%al
2c: 75 08 jne 0x36
2e: 84 c0 test %al,%al
30: 75 f8 jne 0x2a
32: 31 c0 xor %eax,%eax
34: eb 04 jmp 0x3a
36: 19 c0 sbb %eax,%eax
38: 0c 01 or $0x1,%al
3a: 5e pop %rsi
3b: 5f pop %rdi
3c: 5d pop %rbp
3d: 31 d2 xor %edx,%edx
3f: c3 ret
Code starting with the faulting instruction
===========================================
0: ac lods %ds:(%rsi),%al
1: ae scas %es:(%rdi),%al
2: 75 08 jne 0xc
4: 84 c0 test %al,%al
6: 75 f8 jne 0x0
8: 31 c0 xor %eax,%eax
a: eb 04 jmp 0x10
c: 19 c0 sbb %eax,%eax
e: 0c 01 or $0x1,%al
10: 5e pop %rsi
11: 5f pop %rdi
12: 5d pop %rbp
13: 31 d2 xor %edx,%edx
15: c3 ret
[ 1.269056][ T1] EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000
[ 1.269056][ T1] ESI: 00000000 EDI: 00000000 EBP: 46981c84 ESP: 46981c7c
[ 1.269056][ T1] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010246
[ 1.269056][ T1] CR0: 80050033 CR2: 00000000 CR3: 05e58000 CR4: 000406b0
[ 1.269056][ T1] Call Trace:
[ 1.269056][ T1] ? dynamic_debug_init (lib/dynamic_debug.c:1651)
[ 1.269056][ T1] ? rest_init (init/main.c:1570)
[ 1.269056][ T1] ? do_one_initcall (init/main.c:1378)
[ 1.269056][ T1] ? __lock_acquire (kernel/locking/lockdep.c:4674)
[ 1.269056][ T1] ? xas_create (include/linux/xarray.h:1217 (discriminator 2))
[ 1.269056][ T1] ? lock_acquire (kernel/locking/lockdep.c:5868)
[ 1.269056][ T1] ? __register_sysctl_table (fs/proc/proc_sysctl.c:1399)
[ 1.269056][ T1] ? __register_sysctl_table (fs/proc/proc_sysctl.c:1399)
[ 1.269056][ T1] ? _raw_spin_unlock (arch/x86/include/asm/preempt.h:95 include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186)
[ 1.269056][ T1] ? __register_sysctl_table (fs/proc/proc_sysctl.c:1399)
[ 1.269056][ T1] ? rest_init (init/main.c:1570)
[ 1.269056][ T1] ? dyndbg_setup (lib/dynamic_debug.c:1612)
[ 1.269056][ T1] ? rest_init (init/main.c:1570)
[ 1.269056][ T1] ? do_pre_smp_initcalls (init/main.c:1483 (discriminator 2))
[ 1.269056][ T1] ? rest_init (init/main.c:1570)
[ 1.269056][ T1] ? kernel_init_freeable (init/main.c:1678)
[ 1.269056][ T1] ? kernel_init (init/main.c:1580)
[ 1.269056][ T1] ? ret_from_fork (arch/x86/kernel/process.c:164)
[ 1.269056][ T1] ? rest_init (init/main.c:1570)
[ 1.269056][ T1] ? ret_from_fork_asm (arch/x86/entry/entry_32.S:737)
[ 1.269056][ T1] ? entry_INT80_32 (arch/x86/entry/entry_32.S:945)
[ 1.269056][ T1] Modules linked in:
[ 1.269056][ T1] CR2: 0000000000000000
[ 1.269056][ T1] ---[ end trace 0000000000000000 ]---
[ 1.269056][ T1] EIP: strcmp (arch/x86/lib/string_32.c:97)
[ 1.269056][ T1] Code: 06 ac aa 84 c0 75 f7 31 c0 aa 89 d8 83 c4 04 5e 5f 5b 5d 31 c9 31 d2 c3 90 90 90 90 90 90 90 90 90 55 89 e5 57 56 89 d7 89 c6 <ac> ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 5e 5f 5d 31 d2 c3
All code
========
0: 06 (bad)
1: ac lods %ds:(%rsi),%al
2: aa stos %al,%es:(%rdi)
3: 84 c0 test %al,%al
5: 75 f7 jne 0xfffffffffffffffe
7: 31 c0 xor %eax,%eax
9: aa stos %al,%es:(%rdi)
a: 89 d8 mov %ebx,%eax
c: 83 c4 04 add $0x4,%esp
f: 5e pop %rsi
10: 5f pop %rdi
11: 5b pop %rbx
12: 5d pop %rbp
13: 31 c9 xor %ecx,%ecx
15: 31 d2 xor %edx,%edx
17: c3 ret
18: 90 nop
19: 90 nop
1a: 90 nop
1b: 90 nop
1c: 90 nop
1d: 90 nop
1e: 90 nop
1f: 90 nop
20: 90 nop
21: 55 push %rbp
22: 89 e5 mov %esp,%ebp
24: 57 push %rdi
25: 56 push %rsi
26: 89 d7 mov %edx,%edi
28: 89 c6 mov %eax,%esi
2a:* ac lods %ds:(%rsi),%al <-- trapping instruction
2b: ae scas %es:(%rdi),%al
2c: 75 08 jne 0x36
2e: 84 c0 test %al,%al
30: 75 f8 jne 0x2a
32: 31 c0 xor %eax,%eax
34: eb 04 jmp 0x3a
36: 19 c0 sbb %eax,%eax
38: 0c 01 or $0x1,%al
3a: 5e pop %rsi
3b: 5f pop %rdi
3c: 5d pop %rbp
3d: 31 d2 xor %edx,%edx
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260121/202601211325.7e1f336-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [jimc:dd-shrink] [dyndbg] 1663ffb9c1: BUG:kernel_NULL_pointer_dereference,address
2026-01-21 6:08 [jimc:dd-shrink] [dyndbg] 1663ffb9c1: BUG:kernel_NULL_pointer_dereference,address kernel test robot
@ 2026-01-23 19:45 ` jim.cromie
0 siblings, 0 replies; 2+ messages in thread
From: jim.cromie @ 2026-01-23 19:45 UTC (permalink / raw)
To: kernel test robot; +Cc: Łukasz Bartosik, oe-lkp, lkp
thanks for this report.
I tracked it down to a section alignment issue on i386, fixed in vmlinux.lds.h
Since the bug is present in master, Ive fixed it in a separate patch,
with the reported-by and closes tags.
thanks.
On Tue, Jan 20, 2026 at 11:08 PM kernel test robot
<oliver.sang@intel.com> wrote:
>
>
>
> Hello,
>
> kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
>
> commit: 1663ffb9c19cba56a091fac48e06e248f009be26 ("dyndbg: resolve "protection" of class'd pr_debug")
> https://github.com/jimc/linux.git dd-shrink
>
> in testcase: boot
>
> config: i386-randconfig-015-20260120
> compiler: clang-20
> test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
>
> (please refer to attached dmesg/kmsg for entire log/backtrace)
>
>
> +---------------------------------------------+------------+------------+
> | | 9d6b17ecee | 1663ffb9c1 |
> +---------------------------------------------+------------+------------+
> | boot_successes | 12 | 0 |
> | boot_failures | 0 | 12 |
> | BUG:kernel_NULL_pointer_dereference,address | 0 | 12 |
> | Oops | 0 | 12 |
> | EIP:strcmp | 0 | 12 |
> | Kernel_panic-not_syncing:Fatal_exception | 0 | 12 |
> +---------------------------------------------+------------+------------+
>
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang@intel.com>
> | Closes: https://lore.kernel.org/oe-lkp/202601211325.7e1f336-lkp@intel.com
>
>
>
> [ 1.266156][ T1] BUG: kernel NULL pointer dereference, address: 00000000
> [ 1.267870][ T1] #PF: supervisor read access in kernel mode
> [ 1.269056][ T1] #PF: error_code(0x0000) - not-present page
> [ 1.269056][ T1] *pdpt = 0000000000000000 *pde = f000ff53f000ff53
> [ 1.269056][ T1] Oops: Oops: 0000 [#1] SMP
> [ 1.269056][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G T 6.19.0-rc6-00029-g1663ffb9c19c #1 PREEMPT(lazy) d32193f03a93c27f95904822137a3e5139e15ea4
> [ 1.269056][ T1] Tainted: [T]=RANDSTRUCT
> [ 1.269056][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
> [ 1.269056][ T1] EIP: strcmp (arch/x86/lib/string_32.c:97)
> [ 1.269056][ T1] Code: 06 ac aa 84 c0 75 f7 31 c0 aa 89 d8 83 c4 04 5e 5f 5b 5d 31 c9 31 d2 c3 90 90 90 90 90 90 90 90 90 55 89 e5 57 56 89 d7 89 c6 <ac> ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 5e 5f 5d 31 d2 c3
> All code
> ========
> 0: 06 (bad)
> 1: ac lods %ds:(%rsi),%al
> 2: aa stos %al,%es:(%rdi)
> 3: 84 c0 test %al,%al
> 5: 75 f7 jne 0xfffffffffffffffe
> 7: 31 c0 xor %eax,%eax
> 9: aa stos %al,%es:(%rdi)
> a: 89 d8 mov %ebx,%eax
> c: 83 c4 04 add $0x4,%esp
> f: 5e pop %rsi
> 10: 5f pop %rdi
> 11: 5b pop %rbx
> 12: 5d pop %rbp
> 13: 31 c9 xor %ecx,%ecx
> 15: 31 d2 xor %edx,%edx
> 17: c3 ret
> 18: 90 nop
> 19: 90 nop
> 1a: 90 nop
> 1b: 90 nop
> 1c: 90 nop
> 1d: 90 nop
> 1e: 90 nop
> 1f: 90 nop
> 20: 90 nop
> 21: 55 push %rbp
> 22: 89 e5 mov %esp,%ebp
> 24: 57 push %rdi
> 25: 56 push %rsi
> 26: 89 d7 mov %edx,%edi
> 28: 89 c6 mov %eax,%esi
> 2a:* ac lods %ds:(%rsi),%al <-- trapping instruction
> 2b: ae scas %es:(%rdi),%al
> 2c: 75 08 jne 0x36
> 2e: 84 c0 test %al,%al
> 30: 75 f8 jne 0x2a
> 32: 31 c0 xor %eax,%eax
> 34: eb 04 jmp 0x3a
> 36: 19 c0 sbb %eax,%eax
> 38: 0c 01 or $0x1,%al
> 3a: 5e pop %rsi
> 3b: 5f pop %rdi
> 3c: 5d pop %rbp
> 3d: 31 d2 xor %edx,%edx
> 3f: c3 ret
>
> Code starting with the faulting instruction
> ===========================================
> 0: ac lods %ds:(%rsi),%al
> 1: ae scas %es:(%rdi),%al
> 2: 75 08 jne 0xc
> 4: 84 c0 test %al,%al
> 6: 75 f8 jne 0x0
> 8: 31 c0 xor %eax,%eax
> a: eb 04 jmp 0x10
> c: 19 c0 sbb %eax,%eax
> e: 0c 01 or $0x1,%al
> 10: 5e pop %rsi
> 11: 5f pop %rdi
> 12: 5d pop %rbp
> 13: 31 d2 xor %edx,%edx
> 15: c3 ret
> [ 1.269056][ T1] EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000
> [ 1.269056][ T1] ESI: 00000000 EDI: 00000000 EBP: 46981c84 ESP: 46981c7c
> [ 1.269056][ T1] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010246
> [ 1.269056][ T1] CR0: 80050033 CR2: 00000000 CR3: 05e58000 CR4: 000406b0
> [ 1.269056][ T1] Call Trace:
> [ 1.269056][ T1] ? dynamic_debug_init (lib/dynamic_debug.c:1651)
> [ 1.269056][ T1] ? rest_init (init/main.c:1570)
> [ 1.269056][ T1] ? do_one_initcall (init/main.c:1378)
> [ 1.269056][ T1] ? __lock_acquire (kernel/locking/lockdep.c:4674)
> [ 1.269056][ T1] ? xas_create (include/linux/xarray.h:1217 (discriminator 2))
> [ 1.269056][ T1] ? lock_acquire (kernel/locking/lockdep.c:5868)
> [ 1.269056][ T1] ? __register_sysctl_table (fs/proc/proc_sysctl.c:1399)
> [ 1.269056][ T1] ? __register_sysctl_table (fs/proc/proc_sysctl.c:1399)
> [ 1.269056][ T1] ? _raw_spin_unlock (arch/x86/include/asm/preempt.h:95 include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186)
> [ 1.269056][ T1] ? __register_sysctl_table (fs/proc/proc_sysctl.c:1399)
> [ 1.269056][ T1] ? rest_init (init/main.c:1570)
> [ 1.269056][ T1] ? dyndbg_setup (lib/dynamic_debug.c:1612)
> [ 1.269056][ T1] ? rest_init (init/main.c:1570)
> [ 1.269056][ T1] ? do_pre_smp_initcalls (init/main.c:1483 (discriminator 2))
> [ 1.269056][ T1] ? rest_init (init/main.c:1570)
> [ 1.269056][ T1] ? kernel_init_freeable (init/main.c:1678)
> [ 1.269056][ T1] ? kernel_init (init/main.c:1580)
> [ 1.269056][ T1] ? ret_from_fork (arch/x86/kernel/process.c:164)
> [ 1.269056][ T1] ? rest_init (init/main.c:1570)
> [ 1.269056][ T1] ? ret_from_fork_asm (arch/x86/entry/entry_32.S:737)
> [ 1.269056][ T1] ? entry_INT80_32 (arch/x86/entry/entry_32.S:945)
> [ 1.269056][ T1] Modules linked in:
> [ 1.269056][ T1] CR2: 0000000000000000
> [ 1.269056][ T1] ---[ end trace 0000000000000000 ]---
> [ 1.269056][ T1] EIP: strcmp (arch/x86/lib/string_32.c:97)
> [ 1.269056][ T1] Code: 06 ac aa 84 c0 75 f7 31 c0 aa 89 d8 83 c4 04 5e 5f 5b 5d 31 c9 31 d2 c3 90 90 90 90 90 90 90 90 90 55 89 e5 57 56 89 d7 89 c6 <ac> ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 5e 5f 5d 31 d2 c3
> All code
> ========
> 0: 06 (bad)
> 1: ac lods %ds:(%rsi),%al
> 2: aa stos %al,%es:(%rdi)
> 3: 84 c0 test %al,%al
> 5: 75 f7 jne 0xfffffffffffffffe
> 7: 31 c0 xor %eax,%eax
> 9: aa stos %al,%es:(%rdi)
> a: 89 d8 mov %ebx,%eax
> c: 83 c4 04 add $0x4,%esp
> f: 5e pop %rsi
> 10: 5f pop %rdi
> 11: 5b pop %rbx
> 12: 5d pop %rbp
> 13: 31 c9 xor %ecx,%ecx
> 15: 31 d2 xor %edx,%edx
> 17: c3 ret
> 18: 90 nop
> 19: 90 nop
> 1a: 90 nop
> 1b: 90 nop
> 1c: 90 nop
> 1d: 90 nop
> 1e: 90 nop
> 1f: 90 nop
> 20: 90 nop
> 21: 55 push %rbp
> 22: 89 e5 mov %esp,%ebp
> 24: 57 push %rdi
> 25: 56 push %rsi
> 26: 89 d7 mov %edx,%edi
> 28: 89 c6 mov %eax,%esi
> 2a:* ac lods %ds:(%rsi),%al <-- trapping instruction
> 2b: ae scas %es:(%rdi),%al
> 2c: 75 08 jne 0x36
> 2e: 84 c0 test %al,%al
> 30: 75 f8 jne 0x2a
> 32: 31 c0 xor %eax,%eax
> 34: eb 04 jmp 0x3a
> 36: 19 c0 sbb %eax,%eax
> 38: 0c 01 or $0x1,%al
> 3a: 5e pop %rsi
> 3b: 5f pop %rdi
> 3c: 5d pop %rbp
> 3d: 31 d2 xor %edx,%edx
>
>
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20260121/202601211325.7e1f336-lkp@intel.com
>
>
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-01-23 19:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-21 6:08 [jimc:dd-shrink] [dyndbg] 1663ffb9c1: BUG:kernel_NULL_pointer_dereference,address kernel test robot
2026-01-23 19:45 ` jim.cromie
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox