lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aFFN7RlXkaK_loQb@mail-itl>
Date: Tue, 17 Jun 2025 13:13:49 +0200
From: Marek Marczykowski-Górecki <marmarek@...isiblethingslab.com>
To: Tony Luck <tony.luck@...el.com>, Borislav Petkov <bp@...en8.de>,
	Qiuxu Zhuo <qiuxu.zhuo@...el.com>
Cc: "open list:EDAC-IGEN6" <linux-edac@...r.kernel.org>,
	open list <linux-kernel@...r.kernel.org>
Subject: NULL pointer dereference in igen6_probe - 6.16-rc2

Hi,

Environment:
- Novacustom V540TU laptop with Intel Core 5 Ultra 125H
- Dasharo firmware (coreboot+EDK2)
- Linux running as Xen PV dom0

I hit the following crash on boot:

[   13.562085] intel_pmc_core INT33A1:00: Assuming a default substate order for this platform
[   13.562682] intel_pmc_core INT33A1:00:  initialized
[   13.565035] EDAC MC0: Giving out device to module igen6_edac controller Intel_client_SoC MC#0: DEV 0000:00:00.0 (INTERRUPT)
[   13.565746] EDAC igen6: Expected 2 mcs, but only 1 detected.
[   13.565859] BUG: unable to handle page fault for address: 000000000000d570
[   13.566623] #PF: supervisor read access in kernel mode
[   13.566956] #PF: error_code(0x0000) - not-present page
[   13.567276] PGD 0 P4D 0 
[   13.567460] Oops: Oops: 0000 [#1] SMP NOPTI
[   13.567742] CPU: 8 UID: 0 PID: 1090 Comm: (udev-worker) Not tainted 6.16.0-0.rc2.1.qubes.1.fc41.x86_64 #1 PREEMPT(full) 
[   13.568432] Hardware name: Notebook V54x_6x_TU/V54x_6x_TU, BIOS Dasharo (coreboot+UEFI) v0.9.0 07/17/2024
[   13.569049] RIP: e030:ecclog_handler+0x7e/0xf0 [igen6_edac]
[   13.569440] Code: 66 4d 63 ee 48 8b 15 21 c7 01 00 49 83 fd 03 73 6b 4d 69 ed 50 03 00 00 41 8b 47 1c 41 03 47 18 4c 01 ea 48 03 82 08 03 00 00 <48> 8b 30 4a 8d 04 26 48 39 c5 72 ba 48 8b 0d f7 c6 01 00 8b 41 1c
[   13.570602] RSP: e02b:ffffc900428979c8 EFLAGS: 00010202
[   13.570951] RAX: 000000000000d570 RBX: 0000000000000000 RCX: 00000000000000ca
[   13.571403] RDX: ffff888101dcab50 RSI: ffffffffffffffff RDI: ffffffff83484238
[   13.571895] RBP: bffffffffffffffe R08: 0000000000000002 R09: 00000000000000c0
[   13.572358] R10: 0000000000000000 R11: ffffffff81612e60 R12: c000000000000000
[   13.572820] R13: 0000000000000350 R14: 0000000000000001 R15: ffffffffc11b9c00
[   13.573302] FS:  0000706cbfc6fbc0(0000) GS:ffff8882133db000(0000) knlGS:0000000000000000
[   13.573812] CS:  e030 DS: 0000 ES: 0000 CR0: 0000000080050033
[   13.574199] CR2: 000000000000d570 CR3: 0000000104a0a000 CR4: 0000000000050660
[   13.574658] Call Trace:
[   13.574836]  <TASK>
[   13.574985]  igen6_probe+0x2a0/0x343 [igen6_edac]
[   13.575332]  local_pci_probe+0x42/0x90
[   13.575599]  pci_call_probe+0x5b/0x180
[   13.575863]  pci_device_probe+0x95/0x140
[   13.576133]  ? driver_sysfs_add+0x57/0xc0
[   13.576415]  really_probe+0xdb/0x340
[   13.576664]  ? pm_runtime_barrier+0x54/0x90
[   13.576940]  ? __pfx___driver_attach+0x10/0x10
[   13.577234]  __driver_probe_device+0x78/0x110
[   13.577569]  driver_probe_device+0x1f/0xa0
[   13.577833]  __driver_attach+0xba/0x1c0
[   13.578080]  bus_for_each_dev+0x8b/0xe0
[   13.578328]  bus_add_driver+0x142/0x220
[   13.578571]  driver_register+0x72/0xd0
[   13.578823]  igen6_init+0xc5/0xff0 [igen6_edac]
[   13.579122]  ? __pfx_igen6_init+0x10/0x10 [igen6_edac]
[   13.579479]  do_one_initcall+0x57/0x310
[   13.579503]  do_init_module+0x90/0x250
[   13.579969]  init_module_from_file+0x88/0xd0
[   13.579991]  idempotent_init_module+0x114/0x310
[   13.579997]  __x64_sys_finit_module+0x6d/0xd0
[   13.580773]  do_syscall_64+0x84/0x2c0
[   13.581011]  ? count_memcg_events+0x167/0x1d0
[   13.581314]  ? handle_mm_fault+0x220/0x340
[   13.581576]  ? do_user_addr_fault+0x2c3/0x7f0
[   13.581876]  ? clear_bhb_loop+0x50/0xa0
[   13.582125]  ? clear_bhb_loop+0x50/0xa0
[   13.582377]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[   13.582724] RIP: 0033:0x706cc04ffd9d
[   13.582967] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 43 60 0f 00 f7 d8 64 89 01 48
[   13.584097] RSP: 002b:00007ffceaf1b958 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[   13.584595] RAX: ffffffffffffffda RBX: 00005aaee2a15d20 RCX: 0000706cc04ffd9d
[   13.585029] RDX: 0000000000000000 RSI: 0000706cbeff93bd RDI: 000000000000002b
[   13.585458] RBP: 00007ffceaf1ba10 R08: 0000000000000001 R09: 00007ffceaf1b9c0
[   13.585885] R10: 0000000000000040 R11: 0000000000000246 R12: 0000706cbeff93bd
[   13.586316] R13: 0000000000020000 R14: 00005aaee2a85900 R15: 00005aaee2a84c30
[   13.586753]  </TASK>
[   13.586899] Modules linked in: processor_thermal_power_floor processor_thermal_mbox int340x_thermal_zone intel_pmc_core igen6_edac(+) fjes(-) pmt_telemetry pmt_class intel_pmc_ssram_telemetry intel_hid intel_scu_pltdrv sparse_keymap joydev fuse loop xenfs nfnetlink vsock_loopback vmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock zram vmw_vmci lz4hc_compress lz4_compress dm_thin_pool dm_persistent_data dm_bio_prison dm_crypt xe drm_ttm_helper drm_suballoc_helper gpu_sched drm_gpuvm drm_exec drm_gpusvm i915 i2c_algo_bit sdhci_pci drm_buddy nvme sdhci_uhs2 ttm polyval_clmulni intel_pmc_mux nvme_core sdhci ghash_clmulni_intel drm_display_helper typec sha512_ssse3 cqhci nvme_keyring xhci_pci hid_multitouch sha1_ssse3 mmc_core xhci_hcd intel_vpu nvme_auth intel_vsec cec i2c_hid_acpi i2c_hid video thunderbolt wmi pinctrl_meteorlake serio_raw xen_acpi_processor xen_privcmd xen_pciback xen_blkback xen_gntalloc xen_gntdev xen_evtchn scsi_dh_rdac scsi_dh_emc scsi_dh_alua uinput
[   13.589346] Adding 3986428k swap on /dev/zram0.  Priority:100 extents:1 across:3986428k SSDsc
[   13.592314] CR2: 000000000000d570
[   13.592473] ---[ end trace 0000000000000000 ]---
[   13.593400] RIP: e030:ecclog_handler+0x7e/0xf0 [igen6_edac]
[   13.593831] Code: 66 4d 63 ee 48 8b 15 21 c7 01 00 49 83 fd 03 73 6b 4d 69 ed 50 03 00 00 41 8b 47 1c 41 03 47 18 4c 01 ea 48 03 82 08 03 00 00 <48> 8b 30 4a 8d 04 26 48 39 c5 72 ba 48 8b 0d f7 c6 01 00 8b 41 1c
[   13.595067] RSP: e02b:ffffc900428979c8 EFLAGS: 00010202
[   13.595077] RAX: 000000000000d570 RBX: 0000000000000000 RCX: 00000000000000ca
[   13.595078] RDX: ffff888101dcab50 RSI: ffffffffffffffff RDI: ffffffff83484238
[   13.595080] RBP: bffffffffffffffe R08: 0000000000000002 R09: 00000000000000c0
[   13.595083] R10: 0000000000000000 R11: ffffffff81612e60 R12: c000000000000000
[   13.595084] R13: 0000000000000350 R14: 0000000000000001 R15: ffffffffc11b9c00
[   13.595100] FS:  0000706cbfc6fbc0(0000) GS:ffff8882133db000(0000) knlGS:0000000000000000
[   13.598301] CS:  e030 DS: 0000 ES: 0000 CR0: 0000000080050033
[   13.598308] CR2: 000000000000d570 CR3: 0000000104a0a000 CR4: 0000000000050660
[   13.598319] Kernel panic - not syncing: Fatal exception
[   13.598384] Kernel Offset: disabled

Full console log: https://openqa.qubes-os.org/tests/143433/logfile?filename=serial0.txt

Other observations:
- Linux 6.15 works fine
- the same Linux 6.16-rc2 boots fine on several other systems, for
  example on Intel i5 14600K (also with Dasharo firmware)

-- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ