From: kernel test robot <oliver.sang@intel.com>
To: "Jim Cromie" <jim.cromie@gmail.com>,
"Łukasz Bartosik" <ukaszb@chromium.org>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>, <oliver.sang@intel.com>
Subject: [jimc:dd-shrink-4] [dyndbg] d635e975dc: BUG:kernel_NULL_pointer_dereference,address
Date: Tue, 30 Apr 2024 23:36:56 +0800 [thread overview]
Message-ID: <202404302341.c696afcb-lkp@intel.com> (raw)
Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: d635e975dc33c767a5b59144ce3993f569b42397 ("dyndbg: prep to avoid using _ddebug.site with site_*() macros")
https://github.com/jimc/linux.git dd-shrink-4
in testcase: boot
compiler: gcc-13
test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------------+------------+------------+
| | 4d0c4b32ef | d635e975dc |
+---------------------------------------------------+------------+------------+
| BUG:kernel_NULL_pointer_dereference,address | 0 | 6 |
| Oops:#[##] | 0 | 6 |
| EIP:strcmp | 0 | 6 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 6 |
+---------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202404302341.c696afcb-lkp@intel.com
[ 238.612271][ T359] BUG: kernel NULL pointer dereference, address: 00000000
[ 238.612843][ T359] #PF: supervisor read access in kernel mode
[ 238.613306][ T359] #PF: error_code(0x0000) - not-present page
[ 238.613771][ T359] *pde = 00000000
[ 238.614093][ T359] Oops: 0000 [#1] SMP
[ 238.614428][ T359] CPU: 0 PID: 359 Comm: modprobe Tainted: G W N 6.9.0-rc5-00045-gd635e975dc33 #1 cd26bf5796f45b52d1744ef978c49e829efea625
[ 238.615432][ T359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 238.616214][ T359] EIP: strcmp (arch/x86/lib/string_32.c:100)
[ 238.616582][ T359] Code: 31 c0 f2 ae 4f 89 d1 49 78 06 ac aa 84 c0 75 f7 31 c0 aa 89 d8 5b 5e 5f 5d 31 d2 31 c9 c3 8d 76 00 55 89 e5 57 89 d7 56 89 c6 <ac> ae 75 08 84 c0 75 f8 31 c0 eb 04 19 c0 0c 01 5e 5f 5d 31 d2 c3
All code
========
0: 31 c0 xor %eax,%eax
2: f2 ae repnz scas %es:(%rdi),%al
4: 4f 89 d1 rex.WRXB mov %r10,%r9
7: 49 78 06 rex.WB js 0x10
a: ac lods %ds:(%rsi),%al
b: aa stos %al,%es:(%rdi)
c: 84 c0 test %al,%al
e: 75 f7 jne 0x7
10: 31 c0 xor %eax,%eax
12: aa stos %al,%es:(%rdi)
13: 89 d8 mov %ebx,%eax
15: 5b pop %rbx
16: 5e pop %rsi
17: 5f pop %rdi
18: 5d pop %rbp
19: 31 d2 xor %edx,%edx
1b: 31 c9 xor %ecx,%ecx
1d: c3 ret
1e: 8d 76 00 lea 0x0(%rsi),%esi
21: 55 push %rbp
22: 89 e5 mov %esp,%ebp
24: 57 push %rdi
25: 89 d7 mov %edx,%edi
27: 56 push %rsi
28: 89 c6 mov %eax,%esi
2a:* ac lods %ds:(%rsi),%al <-- trapping instruction
2b: ae scas %es:(%rdi),%al
2c: 75 08 jne 0x36
2e: 84 c0 test %al,%al
30: 75 f8 jne 0x2a
32: 31 c0 xor %eax,%eax
34: eb 04 jmp 0x3a
36: 19 c0 sbb %eax,%eax
38: 0c 01 or $0x1,%al
3a: 5e pop %rsi
3b: 5f pop %rdi
3c: 5d pop %rbp
3d: 31 d2 xor %edx,%edx
3f: c3 ret
Code starting with the faulting instruction
===========================================
0: ac lods %ds:(%rsi),%al
1: ae scas %es:(%rdi),%al
2: 75 08 jne 0xc
4: 84 c0 test %al,%al
6: 75 f8 jne 0x0
8: 31 c0 xor %eax,%eax
a: eb 04 jmp 0x10
c: 19 c0 sbb %eax,%eax
e: 0c 01 or $0x1,%al
10: 5e pop %rsi
11: 5f pop %rdi
12: 5d pop %rbp
13: 31 d2 xor %edx,%edx
15: c3 ret
[ 238.617972][ T359] EAX: 00000000 EBX: ef4a6a04 ECX: 00000000 EDX: ef4ec465
[ 238.618505][ T359] ESI: 00000000 EDI: ef4ec465 EBP: e9953dac ESP: e9953da4
[ 238.619034][ T359] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00210246
[ 238.619642][ T359] CR0: 80050033 CR2: 00000000 CR3: 27071000 CR4: 00040690
[ 238.620169][ T359] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 238.620695][ T359] DR6: fffe0ff0 DR7: 00000400
[ 238.621071][ T359] Call Trace:
[ 238.621364][ T359] ? show_regs (arch/x86/kernel/dumpstack.c:479)
[ 238.621725][ T359] ? __die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434)
[ 238.622053][ T359] ? page_fault_oops (arch/x86/mm/fault.c:713)
[ 238.622445][ T359] ? kernelmode_fixup_or_oops+0x88/0xe8
[ 238.622946][ T359] ? __bad_area_nosemaphore+0x136/0x22c
[ 238.623444][ T359] ? up_read (kernel/locking/rwsem.c:1623)
[ 238.623788][ T359] ? lock_mm_and_find_vma (mm/memory.c:5706)
[ 238.624218][ T359] ? bad_area_nosemaphore (arch/x86/mm/fault.c:864)
[ 238.624623][ T359] ? do_user_addr_fault (arch/x86/mm/fault.c:1476)
[ 238.625036][ T359] ? exc_page_fault (arch/x86/include/asm/irqflags.h:26 arch/x86/include/asm/irqflags.h:67 arch/x86/include/asm/irqflags.h:127 arch/x86/mm/fault.c:1513 arch/x86/mm/fault.c:1563)
[ 238.625422][ T359] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1518)
[ 238.625891][ T359] ? handle_exception (arch/x86/entry/entry_32.S:1047)
[ 238.626306][ T359] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1518)
[ 238.626781][ T359] ? strcmp (arch/x86/lib/string_32.c:100)
[ 238.627112][ T359] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1518)
[ 238.627581][ T359] ? strcmp (arch/x86/lib/string_32.c:100)
[ 238.627909][ T359] ddebug_condense_sites (lib/dynamic_debug.c:1448 (discriminator 1))
[ 238.628326][ T359] ddebug_add_module (lib/dynamic_debug.c:1492)
[ 238.628714][ T359] ddebug_module_notify (lib/dynamic_debug.c:1589)
[ 238.629116][ T359] notifier_call_chain (kernel/notifier.c:95)
[ 238.629530][ T359] blocking_notifier_call_chain_robust (kernel/notifier.c:129 kernel/notifier.c:353 kernel/notifier.c:341)
[ 238.630017][ T359] load_module (include/linux/notifier.h:208 kernel/module/main.c:2791 kernel/module/main.c:2972)
[ 238.630383][ T359] init_module_from_file (kernel/module/main.c:3175)
[ 238.630796][ T359] __ia32_sys_finit_module (kernel/module/main.c:3191 kernel/module/main.c:3212 kernel/module/main.c:3195 kernel/module/main.c:3195)
[ 238.631225][ T359] ia32_sys_call (arch/x86/entry/syscall_32.c:42)
[ 238.631601][ T359] __do_fast_syscall_32 (arch/x86/entry/common.c:165 (discriminator 1) arch/x86/entry/common.c:386 (discriminator 1))
[ 238.632021][ T359] do_fast_syscall_32 (arch/x86/entry/common.c:411 (discriminator 1))
[ 238.632411][ T359] do_SYSENTER_32 (arch/x86/entry/common.c:450)
[ 238.632781][ T359] entry_SYSENTER_32 (arch/x86/entry/entry_32.S:836)
[ 238.633177][ T359] EIP: 0xb7eee579
[ 238.633489][ T359] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d 76 00 58 b8 77 00 00 00 cd 80 90 8d 76
All code
========
0: b8 01 10 06 03 mov $0x3061001,%eax
5: 74 b4 je 0xffffffffffffffbb
7: 01 10 add %edx,(%rax)
9: 07 (bad)
a: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
e: 10 08 adc %cl,(%rax)
10: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24:* 89 e5 mov %esp,%ebp <-- trapping instruction
26: 0f 34 sysenter
28: cd 80 int $0x80
2a: 5d pop %rbp
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 8d 76 00 lea 0x0(%rsi),%esi
35: 58 pop %rax
36: b8 77 00 00 00 mov $0x77,%eax
3b: cd 80 int $0x80
3d: 90 nop
3e: 8d .byte 0x8d
3f: 76 .byte 0x76
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 ret
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 8d 76 00 lea 0x0(%rsi),%esi
b: 58 pop %rax
c: b8 77 00 00 00 mov $0x77,%eax
11: cd 80 int $0x80
13: 90 nop
14: 8d .byte 0x8d
15: 76 .byte 0x76
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240430/202404302341.c696afcb-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2024-04-30 15:37 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202404302341.c696afcb-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=jim.cromie@gmail.com \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
--cc=ukaszb@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).