| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6ba903ad-9897-42bb-8c2d-337385cc3746@molgen.mpg.de>
Date: Thu, 27 Nov 2025 19:51:15 +0100
From: Paul Menzel <pmenzel@...gen.mpg.de>
To: Sudip Mukherjee <sudipm.mukherjee@...il.com>,
Sudip Mukherjee <sudip.mukherjee@...ethink.co.uk>
Cc: LKML <linux-kernel@...r.kernel.org>,
Andrew Morton <akpm@...ux-foundation.org>, linux-mm@...ck.org
Subject: BUG: kernel NULL pointer dereference, address: 0000000000000000
Dear Linux folks,
Unfortunately, not reproducible, but starting with Linux 6.18-rc7, I got
the oops below *once*:
```
Linux version 6.18.0-rc7 (build@...emianrhapsody.molgen.mpg.de) (gcc
(Debian 15.2.0-8) 15.2.0, GNU ld (GNU Binutils for Debian) 2.45) #162
SMP PREEMPT_DYNAMIC Mon Nov 24 09:54:29 CET 2025
Command line: BOOT_IMAGE=/vmlinuz-6.18.0-rc7
root=UUID=32e29882-d94d-4a92-9ee4-4d03002bfa29 ro quiet pci=noaer
mem_sleep_default=deep log_buf_len=16M cryptomgr.notests
usbcore.quirks=0cf3:e300:e,04f3:2234:e,0c45:670c:e
[…]
ACPI: bus type drm_connector registered
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 0 P4D 0
Oops: Oops: 0010 [#1] SMP
CPU: 2 UID: 0 PID: 352 Comm: systemd-modules Not tainted 6.18.0-rc7 #162
PREEMPT(voluntary)
Hardware name: Dell Inc. XPS 13 9360/0596KF, BIOS 2.21.0 06/02/2022
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffad3fc09039b0 EFLAGS: 00010286
RAX: ffff96f5c4cce3c0 RBX: ffff96f610558000 RCX: 0000000000000007
RDX: ffffffffc07935c0 RSI: ffff96f5c4d77d60 RDI: ffff96f61095cc00
RBP: ffffad3fc0903a00 R08: 00000000fffffff3 R09: 0000000000000000
R10: 0000000000000000 R11: ffffffff977c1300 R12: ffff96f610558040
R13: ffff96f61095cc50 R14: ffff96f61095cc00 R15: ffff96f5c1f149e8
FS: 00007ffb00dff6c0(0000) GS:ffff96f995987000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000103aa8005 CR4: 00000000003706f0
Call Trace:
<TASK>
parport_register_dev_model+0x273/0x3c0 [parport]
lp_register+0x6f/0x100 [lp]
? parport_default_proc_unregister+0x490/0x490 [parport]
? parport_irq_handler+0x50/0x50 [parport]
lp_attach+0x99/0xc0 [lp]
port_check+0x1d/0x20 [parport]
bus_for_each_dev+0x82/0xd0
? dell_wmi_exit+0x580/0x580 [dell_wmi]
__parport_register_driver+0x7e/0xb0 [parport]
lp_init_module+0x1e2/0x1000 [lp]
do_one_initcall+0x58/0x2f0
do_init_module+0x67/0x2a0
init_module_from_file+0x85/0xc0
__x64_sys_finit_module+0x163/0x3d0
do_syscall_64+0x82/0x9b0
? vfs_read+0x15e/0x380
? vfs_read+0x15e/0x380
? __rseq_handle_notify_resume+0xa6/0x480
? restore_fpregs_from_fpstate+0x46/0xa0
? switch_fpu_return+0x5b/0xd0
? do_syscall_64+0x21d/0x9b0
? exc_page_fault+0x7e/0x1a0
entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7ffb01718779
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89
f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d 4f 86 0d 00 f7 d8 64 89 01 48
RSP: 002b:00007ffb00dfdbe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 00007ffaf8002380 RCX: 00007ffb01718779
RDX: 0000000000000000 RSI: 00007ffb01e8444d RDI: 0000000000000009
RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffaf80039d0
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb01e8444d
R13: 0000000000020000 R14: 00007ffaf80024a0 R15: 0000000000000000
</TASK>
Modules linked in: ppdev(+) parport_pc(+) lp(+) msr(+) parport drm
efi_pstore configfs nfnetlink efivarfs autofs4 ext4 crc16 mbcache jbd2
dm_crypt dm_mod dell_wmi dell_smbios dell_wmi_descriptor evdev dcdbas
serio_raw pcspkr nvme nvme_core video wmi intel_hid sparse_keymap
aesni_intel
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
RIP: 0010:0x0
Code: Unable to access opcode bytes at 0xffffffffffffffd6.
RSP: 0018:ffffad3fc09039b0 EFLAGS: 00010286
RAX: ffff96f5c4cce3c0 RBX: ffff96f610558000 RCX: 0000000000000007
RDX: ffffffffc07935c0 RSI: ffff96f5c4d77d60 RDI: ffff96f61095cc00
RBP: ffffad3fc0903a00 R08: 00000000fffffff3 R09: 0000000000000000
R10: 0000000000000000 R11: ffffffff977c1300 R12: ffff96f610558040
R13: ffff96f61095cc50 R14: ffff96f61095cc00 R15: ffff96f5c1f149e8
FS: 00007ffb00dff6c0(0000) GS:ffff96f995987000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 0000000103aa8005 CR4: 00000000003706f0
```
Please find the output of `journalctl -o short-monotonic -b -1
_TRANSPORT=kernel` with the systemd entries and systemd messages removed
attached.
I guess parport is a red hering, but I am not sure, but I am adding the
memory folks just in case.
Kind regards,
Paul
PS: Result of
$ scripts/decode_stacktrace.sh arch/x86_64/boot/bzImage auto
./debian/linux-image-6.18.0-rc7-dbg/usr/lib/debug/lib/modules/6.18.0-rc7/
< 20251126--linux-6.18-rc7--messages--oops-parport_register_dev_model.txt
in the build directory on the build host:
```
[ 27.085475] BUG: kernel NULL pointer dereference, address:
0000000000000000
[ 27.085491] #PF: supervisor instruction fetch in kernel mode
[ 27.085505] #PF: error_code(0x0010) - not-present page
[ 27.085519] PGD 0 P4D 0
[ 27.085534] Oops: Oops: 0010 [#1] SMP
[ 27.085547] CPU: 2 UID: 0 PID: 352 Comm: systemd-modules Not tainted
6.18.0-rc7 #162 PREEMPT(voluntary)
[ 27.085563] Hardware name: Dell Inc. XPS 13 9360/0596KF, BIOS 2.21.0
06/02/2022
[ 27.085576] RIP: 0010:0x0
[ 27.085589] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
Code starting with the faulting instruction
===========================================
[ 27.085604] RSP: 0018:ffffad3fc09039b0 EFLAGS: 00010286
[ 27.085621] RAX: ffff96f5c4cce3c0 RBX: ffff96f610558000 RCX:
0000000000000007
[ 27.085635] RDX: ffffffffc07935c0 RSI: ffff96f5c4d77d60 RDI:
ffff96f61095cc00
[ 27.085649] RBP: ffffad3fc0903a00 R08: 00000000fffffff3 R09:
0000000000000000
[ 27.085662] R10: 0000000000000000 R11: ffffffff977c1300 R12:
ffff96f610558040
[ 27.085676] R13: ffff96f61095cc50 R14: ffff96f61095cc00 R15:
ffff96f5c1f149e8
[ 27.085692] FS: 00007ffb00dff6c0(0000) GS:ffff96f995987000(0000)
knlGS:0000000000000000
[ 27.085706] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 27.085720] CR2: ffffffffffffffd6 CR3: 0000000103aa8005 CR4:
00000000003706f0
[ 27.085733] Call Trace:
[ 27.085746] <TASK>
[ 27.085759] parport_register_dev_model
(/home/build/src/linux/./arch/x86/include/asm/bitops.h:136
(discriminator 1)
/home/build/src/linux/./include/asm-generic/bitops/instrumented-atomic.h:72
(discriminator 1) /home/build/src/linux/drivers/parport/share.c:790
(discriminator 1)) parport
[ 27.085773] lp_register (/home/build/src/linux/drivers/char/lp.c:928
(discriminator 1)) lp
[ 27.085787] ? parport_default_proc_unregister
(/home/build/src/linux/drivers/parport/share.c:1003) parport
[ 27.085802] ? parport_irq_handler
(/home/build/src/linux/drivers/parport/share.c:215) parport
[ 27.085818] lp_attach (/home/build/src/linux/drivers/char/lp.c:977
(discriminator 1)) lp
[ 27.085831] port_check
(/home/build/src/linux/drivers/parport/share.c:222) parport
[ 27.085845] bus_for_each_dev+0x82/0xd0
[ 27.085858] ? dell_wmi_exit
(/home/build/src/linux/drivers/platform/x86/dell/dell-wmi-base.c:696
/home/build/src/linux/drivers/platform/x86/dell/dell-wmi-base.c:810
/home/build/src/linux/drivers/platform/x86/dell/dell-wmi-base.c:792)
dell_wmi
[ 27.085872] __parport_register_driver
(/home/build/src/linux/drivers/parport/share.c:297
/home/build/src/linux/drivers/parport/share.c:269) parport
[ 27.085886] lp_init_module
(/home/build/src/linux/drivers/char/lp.c:213) lp
[ 27.085900] do_one_initcall+0x58/0x2f0
[ 27.085913] do_init_module+0x67/0x2a0
[ 27.085927] init_module_from_file+0x85/0xc0
[ 27.085943] __x64_sys_finit_module+0x163/0x3d0
[ 27.085957] do_syscall_64+0x82/0x9b0
[ 27.085970] ? vfs_read+0x15e/0x380
[ 27.085984] ? vfs_read+0x15e/0x380
[ 27.085998] ? __rseq_handle_notify_resume+0xa6/0x480
[ 27.086012] ? restore_fpregs_from_fpstate+0x46/0xa0
[ 27.086025] ? switch_fpu_return+0x5b/0xd0
[ 27.086038] ? do_syscall_64+0x21d/0x9b0
[ 27.086054] ? exc_page_fault+0x7e/0x1a0
[ 27.086068] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 27.086081] RIP: 0033:0x7ffb01718779
[ 27.086095] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00
48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 4f 86 0d 00 f7 d8 64 89 01 48
All code
========
0: ff c3 inc %ebx
2: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
9: 00 00 00
c: 0f 1f 44 00 00 nopl 0x0(%rax,%rax,1)
11: 48 89 f8 mov %rdi,%rax
14: 48 89 f7 mov %rsi,%rdi
17: 48 89 d6 mov %rdx,%rsi
1a: 48 89 ca mov %rcx,%rdx
1d: 4d 89 c2 mov %r8,%r10
20: 4d 89 c8 mov %r9,%r8
23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <--
trapping instruction
30: 73 01 jae 0x33
32: c3 ret
33: 48 8b 0d 4f 86 0d 00 mov 0xd864f(%rip),%rcx # 0xd8689
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 ret
9: 48 8b 0d 4f 86 0d 00 mov 0xd864f(%rip),%rcx # 0xd865f
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
[ 27.086108] RSP: 002b:00007ffb00dfdbe8 EFLAGS: 00000246 ORIG_RAX:
0000000000000139
[ 27.086123] RAX: ffffffffffffffda RBX: 00007ffaf8002380 RCX:
00007ffb01718779
[ 27.086137] RDX: 0000000000000000 RSI: 00007ffb01e8444d RDI:
0000000000000009
[ 27.086151] RBP: 0000000000000000 R08: 0000000000000000 R09:
00007ffaf80039d0
[ 27.086164] R10: 0000000000000000 R11: 0000000000000246 R12:
00007ffb01e8444d
[ 27.086180] R13: 0000000000020000 R14: 00007ffaf80024a0 R15:
0000000000000000
[ 27.086194] </TASK>
[ 27.086209] Modules linked in: ppdev(+) parport_pc(+) lp(+) msr(+)
parport drm efi_pstore configfs nfnetlink efivarfs autofs4 ext4 crc16
mbcache jbd2 dm_crypt dm_mod dell_wmi dell_smbios dell_wmi_descriptor
evdev dcdbas serio_raw pcspkr nvme nvme_core video wmi intel_hid
sparse_keymap aesni_intel
[ 27.086239] CR2: 0000000000000000
[ 27.086253] ---[ end trace 0000000000000000 ]---
[ 27.086281] RIP: 0010:0x0
[ 27.086296] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
Code starting with the faulting instruction
===========================================
[ 27.086311] RSP: 0018:ffffad3fc09039b0 EFLAGS: 00010286
[ 27.086324] RAX: ffff96f5c4cce3c0 RBX: ffff96f610558000 RCX:
0000000000000007
[ 27.086337] RDX: ffffffffc07935c0 RSI: ffff96f5c4d77d60 RDI:
ffff96f61095cc00
[ 27.086353] RBP: ffffad3fc0903a00 R08: 00000000fffffff3 R09:
0000000000000000
[ 27.086366] R10: 0000000000000000 R11: ffffffff977c1300 R12:
ffff96f610558040
[ 27.086379] R13: ffff96f61095cc50 R14: ffff96f61095cc00 R15:
ffff96f5c1f149e8
[ 27.086392] FS: 00007ffb00dff6c0(0000) GS:ffff96f995987000(0000)
knlGS:0000000000000000
[ 27.086405] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 27.086418] CR2: ffffffffffffffd6 CR3: 0000000103aa8005 CR4:
00000000003706f0
[ 27.086431] note: systemd-modules[352] exited with irqs disabled
[ 27.086464] EXT4-fs (dm-0): re-mounted
32e29882-d94d-4a92-9ee4-4d03002bfa29 r/w.
```
View attachment "20251126--linux-6.18-rc7--messages--oops-parport_register_dev_model.txt" of type "text/plain" (49809 bytes)
Powered by blists - more mailing lists