[linus:master] [tracing] a46023d561: EIP:do_user_addr_fault

Sun, 15 Feb 2026 18:09:28 -0800 


Hello,

kernel test robot noticed "EIP:do_user_addr_fault" on:

commit: a46023d5616ed3ed781e56ca93400eb9490e3646 ("tracing: Guard 
__DECLARE_TRACE() use of __DO_TRACE_CALL() with SRCU-fast")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master

[test failed on linus/master      ca4ee40bf13dbd3a4be3b40a00c33a1153d487e5]
[test failed on linux-next/master 635c467cc14ebdffab3f77610217c1dacaf88e8c]

in testcase: boot

config: i386-randconfig-001-20260215
compiler: clang-20
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+---------------------------------------------+------------+------------+
|                                             | a77cb6a867 | a46023d561 |
+---------------------------------------------+------------+------------+
| EIP:do_user_addr_fault                      | 0          | 18         |
| EIP:do_int80_syscall_32                     | 0          | 18         |
| BUG:kernel_NULL_pointer_dereference,address | 0          | 15         |
| Oops                                        | 0          | 18         |
| Kernel_panic-not_syncing:Fatal_exception    | 0          | 18         |
| BUG:unable_to_handle_page_fault_for_address | 0          | 3          |
+---------------------------------------------+------------+------------+

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <[email protected]>
| Closes: https://lore.kernel.org/oe-lkp/[email protected]



[    3.833434][   T59] ------------[ cut here ]------------
[    3.834088][   T59] WARNING: arch/x86/mm/fault.c:1274 at 
do_user_addr_fault+0x387/0x480, CPU#1: modprobe/59
[    3.835108][   T59] Modules linked in:
[    3.835140][   T59] CPU: 1 UID: 0 PID: 59 Comm: modprobe Tainted: G          
      T   6.19.0-rc7-00020-ga46023d5616e #1 PREEMPT(lazy)
[    3.835140][   T59] Tainted: [T]=RANDSTRUCT
[    3.835140][   T59] EIP: do_user_addr_fault (ld-temp.o:?)
[    3.835140][   T59] Code: ff ff 89 f9 89 da ff 75 f0 e8 15 01 00 00 83 c4 04 
e9 03 fe ff ff 89 f9 89 da ff 75 f0 e8 01 49 f6 ff 83 c4 04 e9 f7 fc ff ff <0f> 
0b 89 f9 89 da ff 75 f0 e8 eb 03 00 00 83 c4 04 e9 d9 fd ff ff
All code
========
   0:   ff                      (bad)
   1:   ff 89 f9 89 da ff       decl   -0x257607(%rcx)
   7:   75 f0                   jne    0xfffffffffffffff9
   9:   e8 15 01 00 00          call   0x123
   e:   83 c4 04                add    $0x4,%esp
  11:   e9 03 fe ff ff          jmp    0xfffffffffffffe19
  16:   89 f9                   mov    %edi,%ecx
  18:   89 da                   mov    %ebx,%edx
  1a:   ff 75 f0                push   -0x10(%rbp)
  1d:   e8 01 49 f6 ff          call   0xfffffffffff64923
  22:   83 c4 04                add    $0x4,%esp
  25:   e9 f7 fc ff ff          jmp    0xfffffffffffffd21
  2a:*  0f 0b                   ud2             <-- trapping instruction
  2c:   89 f9                   mov    %edi,%ecx
  2e:   89 da                   mov    %ebx,%edx
  30:   ff 75 f0                push   -0x10(%rbp)
  33:   e8 eb 03 00 00          call   0x423
  38:   83 c4 04                add    $0x4,%esp
  3b:   e9 d9 fd ff ff          jmp    0xfffffffffffffe19

Code starting with the faulting instruction
===========================================
   0:   0f 0b                   ud2
   2:   89 f9                   mov    %edi,%ecx
   4:   89 da                   mov    %ebx,%edx
   6:   ff 75 f0                push   -0x10(%rbp)
   9:   e8 eb 03 00 00          call   0x3f9
   e:   83 c4 04                add    $0x4,%esp
  11:   e9 d9 fd ff ff          jmp    0xfffffffffffffdef
[    3.835140][   T59] EAX: 80000000 EBX: 00000000 ECX: 4324aef7 EDX: 431f7ada
[    3.835140][   T59] ESI: 52cb2000 EDI: 52cb5f34 EBP: 52cb5f14 ESP: 52cb5ef0
[    3.835140][   T59] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 
00210046
[    3.835140][   T59] CR0: 80050033 CR2: 00000004 CR3: 1275e000 CR4: 000406b0
[    3.835140][   T59] Call Trace:
[    3.835140][   T59]  ? debug_smp_processor_id (ld-temp.o:?)
[    3.835140][   T59]  ? trace_page_fault_kernel (ld-temp.o:?)
[    3.835140][   T59]  ? exc_page_fault (ld-temp.o:?)
[    3.835140][   T59]  ? pvclock_clocksource_read_nowd (ld-temp.o:?)
[    3.835140][   T59]  ? entry_INT80_32 (arch/x86/entry/entry_32.S:945)
[    3.835140][   T59]  ? handle_exception (arch/x86/entry/entry_32.S:1048)
[    3.835140][   T59]  ? entry_INT80_32 (arch/x86/entry/entry_32.S:945)
[    3.835140][   T59]  ? xas_find_conflict (ld-temp.o:?)
[    3.835140][   T59]  ? pvclock_clocksource_read_nowd (ld-temp.o:?)
[    3.835140][   T59]  ? do_int80_syscall_32 (ld-temp.o:?)
[    3.835140][   T59]  ? pvclock_clocksource_read_nowd (ld-temp.o:?)
[    3.835140][   T59]  ? do_int80_syscall_32 (ld-temp.o:?)
[    3.835140][   T59]  ? entry_INT80_32 (arch/x86/entry/entry_32.S:945)
[    3.835140][   T59] irq event stamp: 5220
[    3.835140][   T59] hardirqs last  enabled at (5219): free_to_partial_list 
(ld-temp.o:?)
[    3.835140][   T59] hardirqs last disabled at (5220): do_int80_syscall_32 
(ld-temp.o:?)
[    3.835140][   T59] softirqs last  enabled at (2722): __do_softirq 
(ld-temp.o:?)
[    3.835140][   T59] softirqs last disabled at (2713): __do_softirq 
(ld-temp.o:?)
[    3.835140][   T59] ---[ end trace 0000000000000000 ]---


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20260216/[email protected]



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
















    











					Reply via email to