Hello,
kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:
commit: 448a5b20c8ee3fb8ae739b0553d9cb923b9b73a0 ("media: v4l: Acquire a reference to the media device for every video device")
git://linuxtv.org/sailus/media_tree.git media-ref
in testcase: boot
compiler: clang-18
test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+---------------------------------------------+------------+------------+
| | c3e54bf550 | 448a5b20c8 |
+---------------------------------------------+------------+------------+
| boot_successes | 21 | 0 |
| boot_failures | 0 | 21 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 21 |
| Oops | 0 | 21 |
| EIP:kobject_get | 0 | 21 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 21 |
+---------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202405301650.8d02c0c8-lkp@xxxxxxxxx
[ 12.522155][ T1] BUG: kernel NULL pointer dereference, address: 00000028
[ 12.523843][ T1] #PF: supervisor read access in kernel mode
[ 12.525285][ T1] #PF: error_code(0x0000) - not-present page
[ 12.525787][ T1] *pde = 00000000
[ 12.525787][ T1] Oops: Oops: 0000 [#1] SMP
[ 12.525787][ T1] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G T 6.10.0-rc1-00018-g448a5b20c8ee #1
[ 12.525787][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 12.525787][ T1] EIP: kobject_get (lib/kobject.c:639)
[ 12.525787][ T1] Code: 64 a1 38 65 b3 c4 3b 45 f0 75 0a 89 f8 83 c4 1c 5e 5f 5b 5d c3 e8 9c f0 02 00 90 90 90 90 90 90 90 90 85 c0 74 3c 55 89 e5 56 <f6> 40 20 01 75 16 50 ff 30 68 33 12 09 c4 89 c6 e8 03 a8 43 fe 89
All code
========
0: 64 a1 38 65 b3 c4 3b movabs %fs:0x75f0453bc4b36538,%eax
7: 45 f0 75
a: 0a 89 f8 83 c4 1c or 0x1cc483f8(%rcx),%cl
10: 5e pop %rsi
11: 5f pop %rdi
12: 5b pop %rbx
13: 5d pop %rbp
14: c3 ret
15: e8 9c f0 02 00 call 0x2f0b6
1a: 90 nop
1b: 90 nop
1c: 90 nop
1d: 90 nop
1e: 90 nop
1f: 90 nop
20: 90 nop
21: 90 nop
22: 85 c0 test %eax,%eax
24: 74 3c je 0x62
26: 55 push %rbp
27: 89 e5 mov %esp,%ebp
29: 56 push %rsi
2a:* f6 40 20 01 testb $0x1,0x20(%rax) <-- trapping instruction
2e: 75 16 jne 0x46
30: 50 push %rax
31: ff 30 push (%rax)
33: 68 33 12 09 c4 push $0xffffffffc4091233
38: 89 c6 mov %eax,%esi
3a: e8 03 a8 43 fe call 0xfffffffffe43a842
3f: 89 .byte 0x89
Code starting with the faulting instruction
===========================================
0: f6 40 20 01 testb $0x1,0x20(%rax)
4: 75 16 jne 0x1c
6: 50 push %rax
7: ff 30 push (%rax)
9: 68 33 12 09 c4 push $0xffffffffc4091233
e: 89 c6 mov %eax,%esi
10: e8 03 a8 43 fe call 0xfffffffffe43a818
15: 89 .byte 0x89
[ 12.525787][ T1] EAX: 00000008 EBX: c572756c ECX: ec69d004 EDX: 00000001
[ 12.525787][ T1] ESI: 00000003 EDI: c5727504 EBP: c5b41bd4 ESP: c5b41bd0
[ 12.525787][ T1] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010202
[ 12.525787][ T1] CR0: 80050033 CR2: 00000028 CR3: 04c94000 CR4: 00040690
[ 12.525787][ T1] Call Trace:
[ 12.525787][ T1] ? __die_body (arch/x86/kernel/dumpstack.c:478 arch/x86/kernel/dumpstack.c:420)
[ 12.525787][ T1] ? __die (arch/x86/kernel/dumpstack.c:434)
[ 12.525787][ T1] ? page_fault_oops (arch/x86/mm/fault.c:711)
[ 12.525787][ T1] ? kernelmode_fixup_or_oops (arch/x86/mm/fault.c:738)
[ 12.525787][ T1] ? __bad_area_nosemaphore (arch/x86/mm/fault.c:785)
[ 12.525787][ T1] ? bad_area_nosemaphore (arch/x86/mm/fault.c:834)
[ 12.525787][ T1] ? do_user_addr_fault (arch/x86/mm/fault.c:?)
[ 12.525787][ T1] ? exc_page_fault (arch/x86/include/asm/irqflags.h:19 arch/x86/include/asm/irqflags.h:67 arch/x86/include/asm/irqflags.h:127 arch/x86/mm/fault.c:1489 arch/x86/mm/fault.c:1539)
[ 12.525787][ T1] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 12.525787][ T1] ? handle_exception (arch/x86/entry/entry_32.S:1047)
[ 12.525787][ T1] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 12.525787][ T1] ? kobject_get (lib/kobject.c:639)
[ 12.525787][ T1] ? pvclock_clocksource_read_nowd (arch/x86/mm/fault.c:1494)
[ 12.525787][ T1] ? kobject_get (lib/kobject.c:639)
[ 12.525787][ T1] get_device (drivers/base/core.c:?)
[ 12.525787][ T1] __video_register_device (include/media/media-device.h:234 include/asm-generic/bitops/instrumented-atomic.h:29 drivers/media/v4l2-core/v4l2-dev.c:1078)
[ 12.525787][ T1] fm_v4l2_init_video_device (include/media/v4l2-dev.h:383 drivers/media/radio/wl128x/fmdrv_v4l2.c:539)
[ 12.525787][ T1] fm_drv_init (drivers/media/radio/wl128x/fmdrv_common.c:1638)
[ 12.525787][ T1] do_one_initcall (init/main.c:1267)
[ 12.525787][ T1] ? timbradio_platform_driver_init (drivers/media/radio/wl128x/fmdrv_common.c:1620)
[ 12.525787][ T1] ? __lock_acquire (kernel/locking/lockdep.c:4797)
[ 12.525787][ T1] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91)
[ 12.525787][ T1] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:266)
[ 12.525787][ T1] ? local_clock_noinstr (kernel/sched/build_utility.c:269 kernel/sched/clock.c:306)
[ 12.525787][ T1] ? local_clock (arch/x86/include/asm/preempt.h:84 kernel/sched/clock.c:316)
[ 12.525787][ T1] ? ktime_get (kernel/time/timekeeping.c:848 kernel/time/timekeeping.c:848)
[ 12.525787][ T1] ? ktime_get (kernel/time/timekeeping.c:195 kernel/time/timekeeping.c:395 kernel/time/timekeeping.c:403 kernel/time/timekeeping.c:850)
[ 12.525787][ T1] ? sched_balance_trigger (kernel/sched/fair.c:11840)
[ 12.525787][ T1] ? clockevents_program_event (kernel/time/clockevents.c:336)
[ 12.525787][ T1] ? update_process_times (kernel/time/timer.c:2493)
[ 12.525787][ T1] ? tick_handle_periodic (kernel/time/tick-common.c:120)
[ 12.525787][ T1] ? trace_hardirqs_on (kernel/trace/trace_preemptirq.c:63)
[ 12.525787][ T1] ? irqentry_exit (kernel/entry/common.c:?)
[ 12.525787][ T1] ? sysvec_call_function_single (arch/x86/kernel/apic/apic.c:1043)
[ 12.525787][ T1] ? sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1043)
[ 12.525787][ T1] ? handle_exception (arch/x86/entry/entry_32.S:1047)
[ 12.525787][ T1] ? rq_offline_rt (kernel/sched/rt.c:756 kernel/sched/rt.c:2444)
[ 12.525787][ T1] ? strlen (arch/x86/lib/string_32.c:?)
[ 12.525787][ T1] ? next_arg (lib/cmdline.c:273)
[ 12.525787][ T1] ? do_initcall_level (init/main.c:1313)
[ 12.525787][ T1] ? parse_args (kernel/params.c:153)
[ 12.525787][ T1] do_initcall_level (init/main.c:1328)
[ 12.525787][ T1] ? rest_init (init/main.c:1459)
[ 12.525787][ T1] do_initcalls (init/main.c:1342)
[ 12.525787][ T1] ? rest_init (init/main.c:1459)
[ 12.525787][ T1] do_basic_setup (init/main.c:1365)
[ 12.525787][ T1] kernel_init_freeable (init/main.c:1580)
[ 12.525787][ T1] kernel_init (init/main.c:1469)
[ 12.525787][ T1] ret_from_fork (arch/x86/kernel/process.c:153)
[ 12.525787][ T1] ret_from_fork_asm (arch/x86/entry/entry_32.S:737)
[ 12.525787][ T1] entry_INT80_32 (arch/x86/entry/entry_32.S:944)
[ 12.525787][ T1] Modules linked in:
[ 12.525787][ T1] CR2: 0000000000000028
[ 12.525787][ T1] ---[ end trace 0000000000000000 ]---
[ 12.525787][ T1] EIP: kobject_get (lib/kobject.c:639)
[ 12.525787][ T1] Code: 64 a1 38 65 b3 c4 3b 45 f0 75 0a 89 f8 83 c4 1c 5e 5f 5b 5d c3 e8 9c f0 02 00 90 90 90 90 90 90 90 90 85 c0 74 3c 55 89 e5 56 <f6> 40 20 01 75 16 50 ff 30 68 33 12 09 c4 89 c6 e8 03 a8 43 fe 89
All code
========
0: 64 a1 38 65 b3 c4 3b movabs %fs:0x75f0453bc4b36538,%eax
7: 45 f0 75
a: 0a 89 f8 83 c4 1c or 0x1cc483f8(%rcx),%cl
10: 5e pop %rsi
11: 5f pop %rdi
12: 5b pop %rbx
13: 5d pop %rbp
14: c3 ret
15: e8 9c f0 02 00 call 0x2f0b6
1a: 90 nop
1b: 90 nop
1c: 90 nop
1d: 90 nop
1e: 90 nop
1f: 90 nop
20: 90 nop
21: 90 nop
22: 85 c0 test %eax,%eax
24: 74 3c je 0x62
26: 55 push %rbp
27: 89 e5 mov %esp,%ebp
29: 56 push %rsi
2a:* f6 40 20 01 testb $0x1,0x20(%rax) <-- trapping instruction
2e: 75 16 jne 0x46
30: 50 push %rax
31: ff 30 push (%rax)
33: 68 33 12 09 c4 push $0xffffffffc4091233
38: 89 c6 mov %eax,%esi
3a: e8 03 a8 43 fe call 0xfffffffffe43a842
3f: 89 .byte 0x89
Code starting with the faulting instruction
===========================================
0: f6 40 20 01 testb $0x1,0x20(%rax)
4: 75 16 jne 0x1c
6: 50 push %rax
7: ff 30 push (%rax)
9: 68 33 12 09 c4 push $0xffffffffc4091233
e: 89 c6 mov %eax,%esi
10: e8 03 a8 43 fe call 0xfffffffffe43a818
15: 89 .byte 0x89
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240530/202405301650.8d02c0c8-lkp@xxxxxxxxx
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
