lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <db387081-345f-423a-a0ff-e13f3bec2d51@molgen.mpg.de>
Date: Thu, 27 Nov 2025 23:55:23 +0100
From: Paul Menzel <pmenzel@...gen.mpg.de>
To: Sudip Mukherjee <sudipm.mukherjee@...il.com>,
 Sudip Mukherjee <sudip.mukherjee@...ethink.co.uk>
Cc: linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>,
 linux-mm@...ck.org
Subject: Re: BUG: kernel NULL pointer dereference, address: 0000000000000000

Dear Linux folks,


Am 27.11.25 um 19:51 schrieb Paul Menzel:

> Unfortunately, not reproducible, but starting with Linux 6.18-rc7, I got 
> the oops below *once*:
> 
> ```
> Linux version 6.18.0-rc7 (build@...emianrhapsody.molgen.mpg.de) (gcc (Debian 15.2.0-8) 15.2.0, GNU ld (GNU Binutils for Debian) 2.45) #162 SMP PREEMPT_DYNAMIC Mon Nov 24 09:54:29 CET 2025
> Command line: BOOT_IMAGE=/vmlinuz-6.18.0-rc7 root=UUID=32e29882-d94d-4a92-9ee4-4d03002bfa29 ro quiet pci=noaer mem_sleep_default=deep log_buf_len=16M cryptomgr.notests usbcore.quirks=0cf3:e300:e,04f3:2234:e,0c45:670c:e
> […]
> ACPI: bus type drm_connector registered
> BUG: kernel NULL pointer dereference, address: 0000000000000000
> #PF: supervisor instruction fetch in kernel mode
> #PF: error_code(0x0010) - not-present page
> PGD 0 P4D 0
> Oops: Oops: 0010 [#1] SMP
> CPU: 2 UID: 0 PID: 352 Comm: systemd-modules Not tainted 6.18.0-rc7 #162 
> PREEMPT(voluntary)
> Hardware name: Dell Inc. XPS 13 9360/0596KF, BIOS 2.21.0 06/02/2022
> RIP: 0010:0x0
> Code: Unable to access opcode bytes at 0xffffffffffffffd6.
> RSP: 0018:ffffad3fc09039b0 EFLAGS: 00010286
> RAX: ffff96f5c4cce3c0 RBX: ffff96f610558000 RCX: 0000000000000007
> RDX: ffffffffc07935c0 RSI: ffff96f5c4d77d60 RDI: ffff96f61095cc00
> RBP: ffffad3fc0903a00 R08: 00000000fffffff3 R09: 0000000000000000
> R10: 0000000000000000 R11: ffffffff977c1300 R12: ffff96f610558040
> R13: ffff96f61095cc50 R14: ffff96f61095cc00 R15: ffff96f5c1f149e8
> FS:  00007ffb00dff6c0(0000) GS:ffff96f995987000(0000) 
> knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: ffffffffffffffd6 CR3: 0000000103aa8005 CR4: 00000000003706f0
> Call Trace:
>   <TASK>
>   parport_register_dev_model+0x273/0x3c0 [parport]
>   lp_register+0x6f/0x100 [lp]
>   ? parport_default_proc_unregister+0x490/0x490 [parport]
>   ? parport_irq_handler+0x50/0x50 [parport]
>   lp_attach+0x99/0xc0 [lp]
>   port_check+0x1d/0x20 [parport]
>   bus_for_each_dev+0x82/0xd0
>   ? dell_wmi_exit+0x580/0x580 [dell_wmi]
>   __parport_register_driver+0x7e/0xb0 [parport]
>   lp_init_module+0x1e2/0x1000 [lp]
>   do_one_initcall+0x58/0x2f0
>   do_init_module+0x67/0x2a0
>   init_module_from_file+0x85/0xc0
>   __x64_sys_finit_module+0x163/0x3d0
>   do_syscall_64+0x82/0x9b0
>   ? vfs_read+0x15e/0x380
>   ? vfs_read+0x15e/0x380
>   ? __rseq_handle_notify_resume+0xa6/0x480
>   ? restore_fpregs_from_fpstate+0x46/0xa0
>   ? switch_fpu_return+0x5b/0xd0
>   ? do_syscall_64+0x21d/0x9b0
>   ? exc_page_fault+0x7e/0x1a0
>   entry_SYSCALL_64_after_hwframe+0x4b/0x53
> RIP: 0033:0x7ffb01718779
> Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 4f 86 0d 00 f7 d8 64 89 01 48
> RSP: 002b:00007ffb00dfdbe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
> RAX: ffffffffffffffda RBX: 00007ffaf8002380 RCX: 00007ffb01718779
> RDX: 0000000000000000 RSI: 00007ffb01e8444d RDI: 0000000000000009
> RBP: 0000000000000000 R08: 0000000000000000 R09: 00007ffaf80039d0
> R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffb01e8444d
> R13: 0000000000020000 R14: 00007ffaf80024a0 R15: 0000000000000000
>   </TASK>
> Modules linked in: ppdev(+) parport_pc(+) lp(+) msr(+) parport drm efi_pstore configfs nfnetlink efivarfs autofs4 ext4 crc16 mbcache jbd2 dm_crypt dm_mod dell_wmi dell_smbios dell_wmi_descriptor evdev dcdbas serio_raw pcspkr nvme nvme_core video wmi intel_hid sparse_keymap aesni_intel
> CR2: 0000000000000000
> ---[ end trace 0000000000000000 ]---
> RIP: 0010:0x0
> Code: Unable to access opcode bytes at 0xffffffffffffffd6.
> RSP: 0018:ffffad3fc09039b0 EFLAGS: 00010286
> RAX: ffff96f5c4cce3c0 RBX: ffff96f610558000 RCX: 0000000000000007
> RDX: ffffffffc07935c0 RSI: ffff96f5c4d77d60 RDI: ffff96f61095cc00
> RBP: ffffad3fc0903a00 R08: 00000000fffffff3 R09: 0000000000000000
> R10: 0000000000000000 R11: ffffffff977c1300 R12: ffff96f610558040
> R13: ffff96f61095cc50 R14: ffff96f61095cc00 R15: ffff96f5c1f149e8
> FS:  00007ffb00dff6c0(0000) GS:ffff96f995987000(0000) 
> knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: ffffffffffffffd6 CR3: 0000000103aa8005 CR4: 00000000003706f0
> ```
> 
> Please find the output of `journalctl -o short-monotonic -b -1 
> _TRANSPORT=kernel` with the systemd entries and systemd messages removed 
> attached.
> 
> I guess parport is a red hering, but I am not sure, but I am adding the 
> memory folks just in case.

Building and booting Linux 6.18.0-rc7-00041-g765e56e41a5a, I got another 
oops.

     [   15.234799] ppdev lp.0: really_probe: driver_sysfs_add failed
     [   15.234852] ------------[ cut here ]------------
     [   15.234854] refcount_t: addition on 0; use-after-free.
     [   15.234864] WARNING: CPU: 0 PID: 353 at lib/refcount.c:25 
refcount_warn_saturate+0xcd/0xf0

Please find the output of `dmesg` attached.

(It might be related to booting with an USB-C mini-dock connected, but I 
do not know yet.)


> PS: Result of
> 
>      $ scripts/decode_stacktrace.sh arch/x86_64/boot/bzImage auto ./debian/linux-image-6.18.0-rc7-dbg/usr/lib/debug/lib/modules/6.18.0-rc7/ < 20251126--linux-6.18-rc7--messages--oops-parport_register_dev_model.txt
> 
> in the build directory on the build host:
> 
> ```
> [   27.085475] BUG: kernel NULL pointer dereference, address: 0000000000000000

[…]
View attachment "20251127--dell-xps-13-9360--linux-6.18.0-rc7-00041-g765e56e41a5a--messages.txt" of type "text/plain" (81266 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ