lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20250829074415.06723b1d@hermes.local>
Date: Fri, 29 Aug 2025 07:44:15 -0700
From: Stephen Hemminger <stephen@...workplumber.org>
To: netdev@...r.kernel.org
Subject: Fw: [Bug 220513] New: [6.12.44 regression] kernel NULL pointer
 dereference on `pppoe` (or `bridge`)



Begin forwarded message:

Date: Fri, 29 Aug 2025 13:20:21 +0000
From: bugzilla-daemon@...nel.org
To: stephen@...workplumber.org
Subject: [Bug 220513] New: [6.12.44 regression] kernel NULL pointer dereference on `pppoe` (or `bridge`)


https://bugzilla.kernel.org/show_bug.cgi?id=220513

            Bug ID: 220513
           Summary: [6.12.44 regression] kernel NULL pointer dereference
                    on `pppoe` (or `bridge`)
           Product: Networking
           Version: 2.5
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: high
          Priority: P3
         Component: IPV4
          Assignee: stephen@...workplumber.org
          Reporter: nanericwang@...il.com
        Regression: No

Having upgraded from 6.12.43 to 6.12.44, my kernel crashed at early boot. The
root cause is most likely related to the commit
94731cc551e29511d85aa8dec61a6c071b1f2430 (Fixes: f6efc675c9dd ("net: ppp:
resolve forwarding path for bridge pppoe devices")). 

```
Aug 29 20:36:16 localhost kernel: NET: Registered PF_PPPOX protocol family
Aug 29 20:36:17 localhost systemd-networkd[266]: Failed to parse hostname,
ignoring: Invalid argument
Aug 29 20:36:17 localhost systemd-networkd[266]: br0: DHCPv4 server: DISCOVER
(0xebeec00c)
Aug 29 20:36:17 localhost kernel: BUG: kernel NULL pointer dereference,
address: 0000000000000058
Aug 29 20:36:17 localhost kernel: #PF: supervisor read access in kernel mode
Aug 29 20:36:17 localhost kernel: #PF: error_code(0x0000) - not-present page
Aug 29 20:36:17 localhost kernel: PGD 0 P4D 0 
Aug 29 20:36:17 localhost kernel: Oops: Oops: 0000 [#1] PREEMPT_RT SMP
Aug 29 20:36:17 localhost kernel: CPU: 1 UID: 981 PID: 266 Comm:
systemd-network Not tainted 6.12.44-xanmod1-1-lts #1
Aug 29 20:36:17 localhost kernel: Hardware name: Default string Default
string/Default string, BIOS 5.19 03/30/2021
Aug 29 20:36:17 localhost kernel: RIP: 0010:0xffffffffb32b2f6c
Aug 29 20:36:17 localhost kernel: Code: 85 8e 01 00 00 48 8b 44 24 08 48 8b 40
30 65 48 03 05 48 26 d6 4c e9 f0 fd ff ff e8 5e 9c c1 ff e9 ca fc ff ff 49 8b
44 24 18 <48> 8b 40 58 48 3d 00 e3 65 b3 0f 84 0f 01 00 00 48 89 c2 48 8d 78
Aug 29 20:36:17 localhost kernel: RSP: 0018:ffff9bd080c778d8 EFLAGS: 00010246
Aug 29 20:36:17 localhost kernel: RAX: 0000000000000000 RBX: ffff9bd080c77a00
RCX: 0000000000000001
Aug 29 20:36:17 localhost kernel: RDX: 0000000000000000 RSI: 000000000002a424
RDI: ffffffffb38b6040
Aug 29 20:36:17 localhost kernel: RBP: ffff999345ad1000 R08: 0000000000000003
R09: 0000000000000000
Aug 29 20:36:17 localhost kernel: R10: ffff999342eb7900 R11: 0000000000000000
R12: ffff9bd080c77948
Aug 29 20:36:17 localhost kernel: R13: 0000000000000008 R14: 0000000000000000
R15: 0000000090000000
Aug 29 20:36:17 localhost kernel: FS:  00007fc0bab148c0(0000)
GS:ffff9994b7d00000(0000) knlGS:0000000000000000
Aug 29 20:36:17 localhost kernel: CS:  0010 DS: 0000 ES: 0000 CR0:
0000000080050033
Aug 29 20:36:17 localhost kernel: CR2: 0000000000000058 CR3: 000000010b438006
CR4: 0000000000b70ef0
Aug 29 20:36:17 localhost kernel: Call Trace:
Aug 29 20:36:17 localhost kernel:  <TASK>
Aug 29 20:36:17 localhost kernel:  ? 0xffffffffb321d725
Aug 29 20:36:17 localhost kernel:  0xffffffffb32b4197
Aug 29 20:36:17 localhost kernel:  0xffffffffb32f5d6c
Aug 29 20:36:17 localhost kernel:  ? 0xffffffffb32b8c40
Aug 29 20:36:17 localhost kernel:  ? 0xffffffffb3212da5
Aug 29 20:36:17 localhost kernel:  0xffffffffb3212da5
Aug 29 20:36:17 localhost kernel:  0xffffffffb32131ea
Aug 29 20:36:17 localhost kernel:  0xffffffffb32152ea
Aug 29 20:36:17 localhost kernel:  0xffffffffb3364479
Aug 29 20:36:17 localhost kernel:  ? 0xffffffffb3364485
Aug 29 20:36:17 localhost kernel:  ? 0xffffffffb3215617
Aug 29 20:36:17 localhost kernel:  ? 0xffffffffb2f2cd31
Aug 29 20:36:17 localhost kernel:  ? 0xffffffffb33684f7
Aug 29 20:36:17 localhost kernel:  0xffffffffb34000b0
Aug 29 20:36:17 localhost kernel: RIP: 0033:0x00007fc0bb35e1ce
Aug 29 20:36:17 localhost kernel: Code: 4d 89 d8 e8 64 be 00 00 4c 8b 5d f8 41
8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45
10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa
Aug 29 20:36:17 localhost kernel: RSP: 002b:00007ffe7f2ef730 EFLAGS: 00000202
ORIG_RAX: 000000000000002e
Aug 29 20:36:17 localhost kernel: RAX: ffffffffffffffda RBX: 000005b3d81d1b00
RCX: 00007fc0bb35e1ce
Aug 29 20:36:17 localhost kernel: RDX: 0000000000000000 RSI: 00007ffe7f2ef7a0
RDI: 0000000000000017
Aug 29 20:36:17 localhost kernel: RBP: 00007ffe7f2ef740 R08: 0000000000000000
R09: 0000000000000000
Aug 29 20:36:17 localhost kernel: R10: 0000000000000000 R11: 0000000000000202
R12: 000005b3d81d1b00
Aug 29 20:36:17 localhost kernel: R13: 000005b3d81d0480 R14: 000005b3d8034800
R15: 000005b3d803481c
Aug 29 20:36:17 localhost kernel:  </TASK>
Aug 29 20:36:17 localhost kernel: Modules linked in: pppoe pppox af_packet
sch_cake bridge stp llc xt_DSCP xt_set xt_TCPMSS xt_tcpudp iptable_mangle
xt_connlimit nf_conncount xt_conntrack iptable_filter xt_MASQUERADE iptable_nat
nf_nat msr ip_set_hash_net ip_set nls_ascii nls_cp437 vfat fat intel_rapl_msr
hid_generic evdev coretemp intel_tcc_cooling x86_pkg_temp_thermal
intel_powerclamp rapl intel_cstate intel_uncore
processor_thermal_device_pci_legacy intel_soc_dts_iosf processor_thermal_device
processor_thermal_wt_hint processor_thermal_rfim processor_thermal_rapl igb
spi_intel_pci usbhid intel_rapl_common spi_intel ptp iosf_mbi pps_core i2c_i801
hid i2c_smbus i2c_algo_bit processor_thermal_wt_req fan hwmon
processor_thermal_power_floor processor_thermal_mbox i2c_core thermal
int340x_thermal_zone acpi_pad button ppp_generic slhc nf_conntrack
nf_defrag_ipv6 nf_defrag_ipv4 nfnetlink ip_tables x_tables ipv6 xhci_pci
xhci_hcd usbcore usb_common btrfs sha256_ssse3 sha256_generic libsha256
zstd_compress raid6_pq zlib_deflate lzo_decompress
Aug 29 20:36:17 localhost kernel:  lzo_compress zlib_inflate xor libcrc32c
crc32c_generic
Aug 29 20:36:17 localhost kernel: CR2: 0000000000000058
Aug 29 20:36:17 localhost kernel: ---[ end trace 0000000000000000 ]---
Aug 29 20:36:17 localhost kernel: RIP: 0010:0xffffffffb32b2f6c
Aug 29 20:36:17 localhost kernel: Code: 85 8e 01 00 00 48 8b 44 24 08 48 8b 40
30 65 48 03 05 48 26 d6 4c e9 f0 fd ff ff e8 5e 9c c1 ff e9 ca fc ff ff 49 8b
44 24 18 <48> 8b 40 58 48 3d 00 e3 65 b3 0f 84 0f 01 00 00 48 89 c2 48 8d 78
Aug 29 20:36:17 localhost kernel: RSP: 0018:ffff9bd080c778d8 EFLAGS: 00010246
Aug 29 20:36:17 localhost kernel: RAX: 0000000000000000 RBX: ffff9bd080c77a00
RCX: 0000000000000001
Aug 29 20:36:17 localhost kernel: RDX: 0000000000000000 RSI: 000000000002a424
RDI: ffffffffb38b6040
Aug 29 20:36:17 localhost kernel: RBP: ffff999345ad1000 R08: 0000000000000003
R09: 0000000000000000
Aug 29 20:36:17 localhost kernel: R10: ffff999342eb7900 R11: 0000000000000000
R12: ffff9bd080c77948
Aug 29 20:36:17 localhost kernel: R13: 0000000000000008 R14: 0000000000000000
R15: 0000000090000000
Aug 29 20:36:17 localhost kernel: FS:  00007fc0bab148c0(0000)
GS:ffff9994b7d00000(0000) knlGS:0000000000000000
Aug 29 20:36:17 localhost kernel: CS:  0010 DS: 0000 ES: 0000 CR0:
0000000080050033
Aug 29 20:36:17 localhost kernel: CR2: 0000000000000058 CR3: 000000010b438006
CR4: 0000000000b70ef0
Aug 29 20:36:17 localhost kernel: note: systemd-network[266] exited with irqs
disabled
Aug 29 20:36:17 localhost kernel: ------------[ cut here ]------------
Aug 29 20:36:17 localhost kernel: Voluntary context switch within RCU read-side
critical section!
Aug 29 20:36:17 localhost kernel: WARNING: CPU: 1 PID: 266 at
0xffffffffb2ed1cc7
Aug 29 20:36:17 localhost kernel: Modules linked in: pppoe pppox af_packet
sch_cake bridge stp llc xt_DSCP xt_set xt_TCPMSS xt_tcpudp iptable_mangle
xt_connlimit nf_conncount xt_conntrack iptable_filter xt_MASQUERADE iptable_nat
nf_nat msr ip_set_hash_net ip_set nls_ascii nls_cp437 vfat fat intel_rapl_msr
hid_generic evdev coretemp intel_tcc_cooling x86_pkg_temp_thermal
intel_powerclamp rapl intel_cstate intel_uncore
processor_thermal_device_pci_legacy intel_soc_dts_iosf processor_thermal_device
processor_thermal_wt_hint processor_thermal_rfim processor_thermal_rapl igb
spi_intel_pci usbhid intel_rapl_common spi_intel ptp iosf_mbi pps_core i2c_i801
hid i2c_smbus i2c_algo_bit processor_thermal_wt_req fan hwmon
processor_thermal_power_floor processor_thermal_mbox i2c_core thermal
int340x_thermal_zone acpi_pad button ppp_generic slhc nf_conntrack
nf_defrag_ipv6 nf_defrag_ipv4 nfnetlink ip_tables x_tables ipv6 xhci_pci
xhci_hcd usbcore usb_common btrfs sha256_ssse3 sha256_generic libsha256
zstd_compress raid6_pq zlib_deflate lzo_decompress
Aug 29 20:36:17 localhost kernel:  lzo_compress zlib_inflate xor libcrc32c
crc32c_generic
Aug 29 20:36:17 localhost kernel: CPU: 1 UID: 981 PID: 266 Comm:
systemd-network Tainted: G      D            6.12.44-xanmod1-1-lts #1
Aug 29 20:36:17 localhost kernel: Tainted: [D]=DIE
Aug 29 20:36:17 localhost kernel: Hardware name: Default string Default
string/Default string, BIOS 5.19 03/30/2021
Aug 29 20:36:17 localhost kernel: RIP: 0010:0xffffffffb2ed1cc7
Aug 29 20:36:17 localhost kernel: Code: ff ff 45 85 c9 0f 84 17 fd ff ff 48 89
b9 a8 00 00 00 e9 0b fd ff ff 48 c7 c7 28 4d 6a b3 c6 05 7c a5 9e 00 01 e8 b9
5a f8 ff <0f> 0b e9 61 fc ff ff 44 89 4c 24 14 44 89 44 24 10 48 89 4c 24 08
Aug 29 20:36:17 localhost kernel: RSP: 0018:ffff9bd080c77bf8 EFLAGS: 00010046
Aug 29 20:36:17 localhost kernel: RAX: 0000000000000000 RBX: ffff9994b7d258c0
RCX: 0000000000000027
Aug 29 20:36:17 localhost kernel: RDX: ffff9994b7d1c748 RSI: 0000000000000001
RDI: ffff9994b7d1c740
Aug 29 20:36:17 localhost kernel: RBP: ffff99934a2ca900 R08: 0000000000000e28
R09: ffffffffb36a4d66
Aug 29 20:36:17 localhost kernel: R10: ffffffffb36a4d67 R11: 00000000ffffe4b8
R12: ffff9994b7d24b80
Aug 29 20:36:17 localhost kernel: R13: 0000000000000000 R14: ffff99934a2ca900
R15: ffff9bd080c77cf8
Aug 29 20:36:17 localhost kernel: FS:  0000000000000000(0000)
GS:ffff9994b7d00000(0000) knlGS:0000000000000000
Aug 29 20:36:17 localhost kernel: CS:  0010 DS: 0000 ES: 0000 CR0:
0000000080050033
Aug 29 20:36:17 localhost kernel: CR2: 0000000000000058 CR3: 000000023ae18001
CR4: 0000000000b70ef0
Aug 29 20:36:17 localhost kernel: Call Trace:
Aug 29 20:36:17 localhost kernel:  <TASK>
Aug 29 20:36:17 localhost kernel:  0xffffffffb336b943
Aug 29 20:36:17 localhost kernel:  0xffffffffb336c012
Aug 29 20:36:17 localhost kernel:  0xffffffffb337492f
Aug 29 20:36:17 localhost kernel:  0xffffffffb336d874
Aug 29 20:36:17 localhost kernel:  0xffffffffb2ec39d1
Aug 29 20:36:17 localhost kernel:  0xffffffffb2ec787b
Aug 29 20:36:17 localhost kernel:  ? 0xffffffffb2ecfe50
Aug 29 20:36:17 localhost kernel:  ? 0xffffffffb2ec38a0
Aug 29 20:36:17 localhost kernel:  0xffffffffb2ecb196
Aug 29 20:36:17 localhost kernel:  0xffffffffb2ecbfa7
Aug 29 20:36:17 localhost kernel:  ? 0xffffffffb2fd71aa
Aug 29 20:36:17 localhost kernel:  ? 0xffffffffb2fe77f1
Aug 29 20:36:17 localhost kernel:  0xffffffffb2fd77f1
Aug 29 20:36:17 localhost kernel:  0xffffffffb2fddd87
Aug 29 20:36:17 localhost kernel:  0xffffffffb2e7f9b6
Aug 29 20:36:17 localhost kernel:  0xffffffffb2e5bfc6
Aug 29 20:36:17 localhost kernel:  0xffffffffb2e5c7b4
Aug 29 20:36:17 localhost kernel:  0xffffffffb2e01a86
Aug 29 20:36:17 localhost kernel: RIP: 0033:0x00007fc0bb35e1ce
Aug 29 20:36:17 localhost kernel: Code: Unable to access opcode bytes at
0x7fc0bb35e1a4.
Aug 29 20:36:17 localhost kernel: RSP: 002b:00007ffe7f2ef730 EFLAGS: 00000202
ORIG_RAX: 000000000000002e
Aug 29 20:36:17 localhost kernel: RAX: ffffffffffffffda RBX: 000005b3d81d1b00
RCX: 00007fc0bb35e1ce
Aug 29 20:36:17 localhost kernel: RDX: 0000000000000000 RSI: 00007ffe7f2ef7a0
RDI: 0000000000000017
Aug 29 20:36:17 localhost kernel: RBP: 00007ffe7f2ef740 R08: 0000000000000000
R09: 0000000000000000
Aug 29 20:36:17 localhost kernel: R10: 0000000000000000 R11: 0000000000000202
R12: 000005b3d81d1b00
Aug 29 20:36:17 localhost kernel: R13: 000005b3d81d0480 R14: 000005b3d8034800
R15: 000005b3d803481c
Aug 29 20:36:17 localhost kernel:  </TASK>
Aug 29 20:36:17 localhost kernel: ---[ end trace 0000000000000000 ]---
```

-- 
You may reply to this email to add a comment.

You are receiving this mail because:
You are the assignee for the bug.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ