lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <202509081409.2daadf50-lkp@intel.com>
Date: Mon, 8 Sep 2025 14:52:22 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Joey Pabalinas <joeypabalinas@...il.com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-kernel@...r.kernel.org>,
	<linux-mm@...ck.org>, Kees Cook <kees@...nel.org>, Joey Pabalinas
	<joeypabalinas@...il.com>, <oliver.sang@...el.com>
Subject: Re: [PATCH] fork: simplify overcomplicated if conditions



Hello,

kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:

commit: 62b2846e29a8bec933d0dd7a3a4ccc7af409d8d0 ("[PATCH] fork: simplify overcomplicated if conditions")
url: https://github.com/intel-lab-lkp/linux/commits/Joey-Pabalinas/fork-simplify-overcomplicated-if-conditions/20250904-144729
base: https://git.kernel.org/cgit/linux/kernel/git/kees/linux.git for-next/execve
patch link: https://lore.kernel.org/all/357638f71edc7f1d9814b1851a64e09a8895bffc.1756968204.git.joeypabalinas@gmail.com/
patch subject: [PATCH] fork: simplify overcomplicated if conditions

in testcase: boot

config: i386-randconfig-004-20250906
compiler: gcc-13
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+---------------------------------------------+------------+------------+
|                                             | 8c94db0ae9 | 62b2846e29 |
+---------------------------------------------+------------+------------+
| boot_successes                              | 6          | 0          |
| boot_failures                               | 0          | 6          |
| BUG:kernel_NULL_pointer_dereference,address | 0          | 6          |
| Oops                                        | 0          | 6          |
| EIP:rest_init                               | 0          | 6          |
| Kernel_panic-not_syncing:Fatal_exception    | 0          | 6          |
+---------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202509081409.2daadf50-lkp@intel.com


[    3.204615][    T0] BUG: kernel NULL pointer dereference, address: 00000020
[    3.205081][    T0] #PF: supervisor write access in kernel mode
[    3.205081][    T0] #PF: error_code(0x0002) - not-present page
[    3.205081][    T0] *pde = 00000000
[    3.205081][    T0] Oops: Oops: 0002 [#1] SMP
[    3.205081][    T0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.17.0-rc2-00004-g62b2846e29a8 #1 PREEMPT(full)  cdac75d461890a0b0673a9c64f8f62c890a06589
[    3.205081][    T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 3.205081][ T0] EIP: rest_init (init/main.c:717) 
[ 3.205081][ T0] Code: 00 75 1b b9 b4 d6 a7 83 ba 4a 03 00 00 b8 9b d6 a7 83 c6 05 25 19 68 84 01 e8 80 c8 7f fe 89 d8 ba c0 ab f6 83 e8 e0 aa 7c fe <81> 48 20 00 00 00 04 64 8b 3d 18 20 8d 84 89 c6 89 fb 83 e3 1f 43
All code
========
   0:	00 75 1b             	add    %dh,0x1b(%rbp)
   3:	b9 b4 d6 a7 83       	mov    $0x83a7d6b4,%ecx
   8:	ba 4a 03 00 00       	mov    $0x34a,%edx
   d:	b8 9b d6 a7 83       	mov    $0x83a7d69b,%eax
  12:	c6 05 25 19 68 84 01 	movb   $0x1,-0x7b97e6db(%rip)        # 0xffffffff8468193e
  19:	e8 80 c8 7f fe       	call   0xfffffffffe7fc89e
  1e:	89 d8                	mov    %ebx,%eax
  20:	ba c0 ab f6 83       	mov    $0x83f6abc0,%edx
  25:	e8 e0 aa 7c fe       	call   0xfffffffffe7cab0a
  2a:*	81 48 20 00 00 00 04 	orl    $0x4000000,0x20(%rax)		<-- trapping instruction
  31:	64 8b 3d 18 20 8d 84 	mov    %fs:-0x7b72dfe8(%rip),%edi        # 0xffffffff848d2050
  38:	89 c6                	mov    %eax,%esi
  3a:	89 fb                	mov    %edi,%ebx
  3c:	83 e3 1f             	and    $0x1f,%ebx
  3f:	43                   	rex.XB

Code starting with the faulting instruction
===========================================
   0:	81 48 20 00 00 00 04 	orl    $0x4000000,0x20(%rax)
   7:	64 8b 3d 18 20 8d 84 	mov    %fs:-0x7b72dfe8(%rip),%edi        # 0xffffffff848d2026
   e:	89 c6                	mov    %eax,%esi
  10:	89 fb                	mov    %edi,%ebx
  12:	83 e3 1f             	and    $0x1f,%ebx
  15:	43                   	rex.XB
[    3.205081][    T0] EAX: 00000000 EBX: ffffffea ECX: 00000000 EDX: 00000000
[    3.205081][    T0] ESI: ee7fd750 EDI: ee7fd740 EBP: 83eebf80 ESP: 83eebf74
[    3.205081][    T0] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00210246
[    3.205081][    T0] CR0: 80050033 CR2: 00000020 CR3: 04910000 CR4: 00040690
[    3.205081][    T0] Call Trace:
[ 3.205081][ T0] start_kernel (init/main.c:1335) 
[ 3.205081][ T0] i386_start_kernel (arch/x86/kernel/head32.c:129) 
[ 3.205081][ T0] startup_32_smp (arch/x86/kernel/head_32.S:290) 
[    3.205081][    T0] Modules linked in:
[    3.205081][    T0] CR2: 0000000000000020
[    3.205081][    T0] ---[ end trace 0000000000000000 ]---
[ 3.205081][ T0] EIP: rest_init (init/main.c:717) 
[ 3.205081][ T0] Code: 00 75 1b b9 b4 d6 a7 83 ba 4a 03 00 00 b8 9b d6 a7 83 c6 05 25 19 68 84 01 e8 80 c8 7f fe 89 d8 ba c0 ab f6 83 e8 e0 aa 7c fe <81> 48 20 00 00 00 04 64 8b 3d 18 20 8d 84 89 c6 89 fb 83 e3 1f 43
All code
========
   0:	00 75 1b             	add    %dh,0x1b(%rbp)
   3:	b9 b4 d6 a7 83       	mov    $0x83a7d6b4,%ecx
   8:	ba 4a 03 00 00       	mov    $0x34a,%edx
   d:	b8 9b d6 a7 83       	mov    $0x83a7d69b,%eax
  12:	c6 05 25 19 68 84 01 	movb   $0x1,-0x7b97e6db(%rip)        # 0xffffffff8468193e
  19:	e8 80 c8 7f fe       	call   0xfffffffffe7fc89e
  1e:	89 d8                	mov    %ebx,%eax
  20:	ba c0 ab f6 83       	mov    $0x83f6abc0,%edx
  25:	e8 e0 aa 7c fe       	call   0xfffffffffe7cab0a
  2a:*	81 48 20 00 00 00 04 	orl    $0x4000000,0x20(%rax)		<-- trapping instruction
  31:	64 8b 3d 18 20 8d 84 	mov    %fs:-0x7b72dfe8(%rip),%edi        # 0xffffffff848d2050
  38:	89 c6                	mov    %eax,%esi
  3a:	89 fb                	mov    %edi,%ebx
  3c:	83 e3 1f             	and    $0x1f,%ebx
  3f:	43                   	rex.XB

Code starting with the faulting instruction
===========================================
   0:	81 48 20 00 00 00 04 	orl    $0x4000000,0x20(%rax)
   7:	64 8b 3d 18 20 8d 84 	mov    %fs:-0x7b72dfe8(%rip),%edi        # 0xffffffff848d2026
   e:	89 c6                	mov    %eax,%esi
  10:	89 fb                	mov    %edi,%ebx
  12:	83 e3 1f             	and    $0x1f,%ebx
  15:	43                   	rex.XB


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250908/202509081409.2daadf50-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ