lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <202509171502.9b679aa8-lkp@intel.com>
Date: Wed, 17 Sep 2025 15:39:58 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Christian Brauner <brauner@...nel.org>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <netdev@...r.kernel.org>,
	<oliver.sang@...el.com>
Subject: [linux-next:master] [net]  ec016f0a7d:
 BUG:kernel_NULL_pointer_dereference,address



Hello,

kernel test robot noticed "BUG:kernel_NULL_pointer_dereference,address" on:

commit: ec016f0a7d8dd03ecdb19906da9ec617981aab93 ("net: support ns lookup")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master

[test failed on linux-next/master c3067c2c38316c3ef013636c93daa285ee6aaa2e]

in testcase: boot

config: x86_64-randconfig-073-20250916
compiler: gcc-14
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+---------------------------------------------------+------------+------------+
|                                                   | 29ff7e9e30 | ec016f0a7d |
+---------------------------------------------------+------------+------------+
| boot_successes                                    | 10         | 0          |
| BUG:kernel_NULL_pointer_dereference,address       | 0          | 10         |
| Oops                                              | 0          | 10         |
| RIP:__ns_tree_add_raw                             | 0          | 10         |
| Kernel_panic-not_syncing:Fatal_exception          | 0          | 10         |
+---------------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202509171502.9b679aa8-lkp@intel.com


[    1.560130][    T0] BUG: kernel NULL pointer dereference, address: 0000000000000028
[    1.560931][    T0] #PF: supervisor read access in kernel mode
[    1.560931][    T0] #PF: error_code(0x0000) - not-present page
[    1.560931][    T0] PGD 0 P4D 0
[    1.560931][    T0] Oops: Oops: 0000 [#1] SMP
[    1.560931][    T0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G                T   6.17.0-rc1-00021-gec016f0a7d8d #1 PREEMPTLAZY
[    1.560931][    T0] Tainted: [T]=RANDSTRUCT
[ 1.560931][ T0] RIP: 0010:__ns_tree_add_raw (kernel/nstree.c:95 (discriminator 1)) 
[ 1.560931][ T0] Code: 89 f4 53 48 89 fb 48 83 7f 18 00 75 04 90 0f 0b 90 4d 8d 74 24 18 4c 89 f7 e8 05 ff ff ff 48 8b 43 08 41 8b 94 24 a0 00 00 00 <39> 50 28 74 04 90 0f 0b 90 49 89 df ba 00 00 00 00 4c 89 e0 49 83
All code
========
   0:	89 f4                	mov    %esi,%esp
   2:	53                   	push   %rbx
   3:	48 89 fb             	mov    %rdi,%rbx
   6:	48 83 7f 18 00       	cmpq   $0x0,0x18(%rdi)
   b:	75 04                	jne    0x11
   d:	90                   	nop
   e:	0f 0b                	ud2
  10:	90                   	nop
  11:	4d 8d 74 24 18       	lea    0x18(%r12),%r14
  16:	4c 89 f7             	mov    %r14,%rdi
  19:	e8 05 ff ff ff       	call   0xffffffffffffff23
  1e:	48 8b 43 08          	mov    0x8(%rbx),%rax
  22:	41 8b 94 24 a0 00 00 	mov    0xa0(%r12),%edx
  29:	00 
  2a:*	39 50 28             	cmp    %edx,0x28(%rax)		<-- trapping instruction
  2d:	74 04                	je     0x33
  2f:	90                   	nop
  30:	0f 0b                	ud2
  32:	90                   	nop
  33:	49 89 df             	mov    %rbx,%r15
  36:	ba 00 00 00 00       	mov    $0x0,%edx
  3b:	4c 89 e0             	mov    %r12,%rax
  3e:	49                   	rex.WB
  3f:	83                   	.byte 0x83

Code starting with the faulting instruction
===========================================
   0:	39 50 28             	cmp    %edx,0x28(%rax)
   3:	74 04                	je     0x9
   5:	90                   	nop
   6:	0f 0b                	ud2
   8:	90                   	nop
   9:	49 89 df             	mov    %rbx,%r15
   c:	ba 00 00 00 00       	mov    $0x0,%edx
  11:	4c 89 e0             	mov    %r12,%rax
  14:	49                   	rex.WB
  15:	83                   	.byte 0x83
[    1.560931][    T0] RSP: 0000:ffffffff83a03e70 EFLAGS: 00010202
[    1.560931][    T0] RAX: 0000000000000000 RBX: ffffffff85498f40 RCX: ffffffff84bee420
[    1.560931][    T0] RDX: 0000000040000000 RSI: 0000000000000002 RDI: ffffffff8503bbe8
[    1.560931][    T0] RBP: ffffffff83a03e98 R08: 0000000000000008 R09: ffffffff84bee420
[    1.560931][    T0] R10: ffffffff84bdd7f0 R11: 0000000000400000 R12: ffffffff83a89ac0
[    1.560931][    T0] R13: ffffffff83a03ea8 R14: ffffffff83a89ad8 R15: 71f2107931861b27
[    1.560931][    T0] FS:  0000000000000000(0000) GS:ffff8884ab11b000(0000) knlGS:0000000000000000
[    1.560931][    T0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.560931][    T0] CR2: 0000000000000028 CR3: 0000000003a40000 CR4: 00000000000406b0
[    1.560931][    T0] Call Trace:
[    1.560931][    T0]  <TASK>
[ 1.560931][ T0] net_ns_init (net/core/net_namespace.c:1312 (discriminator 1)) 
[ 1.560931][ T0] start_kernel (init/main.c:1079) 
[ 1.560931][ T0] x86_64_start_reservations (arch/x86/kernel/head64.c:307) 
[ 1.560931][ T0] x86_64_start_kernel (??:?) 
[ 1.560931][ T0] common_startup_64 (arch/x86/kernel/head_64.S:419) 
[    1.560931][    T0]  </TASK>
[    1.560931][    T0] Modules linked in:
[    1.560931][    T0] CR2: 0000000000000028
[    1.560931][    T0] ---[ end trace 0000000000000000 ]---
[ 1.560931][ T0] RIP: 0010:__ns_tree_add_raw (kernel/nstree.c:95 (discriminator 1)) 
[ 1.560931][ T0] Code: 89 f4 53 48 89 fb 48 83 7f 18 00 75 04 90 0f 0b 90 4d 8d 74 24 18 4c 89 f7 e8 05 ff ff ff 48 8b 43 08 41 8b 94 24 a0 00 00 00 <39> 50 28 74 04 90 0f 0b 90 49 89 df ba 00 00 00 00 4c 89 e0 49 83
All code
========
   0:	89 f4                	mov    %esi,%esp
   2:	53                   	push   %rbx
   3:	48 89 fb             	mov    %rdi,%rbx
   6:	48 83 7f 18 00       	cmpq   $0x0,0x18(%rdi)
   b:	75 04                	jne    0x11
   d:	90                   	nop
   e:	0f 0b                	ud2
  10:	90                   	nop
  11:	4d 8d 74 24 18       	lea    0x18(%r12),%r14
  16:	4c 89 f7             	mov    %r14,%rdi
  19:	e8 05 ff ff ff       	call   0xffffffffffffff23
  1e:	48 8b 43 08          	mov    0x8(%rbx),%rax
  22:	41 8b 94 24 a0 00 00 	mov    0xa0(%r12),%edx
  29:	00 
  2a:*	39 50 28             	cmp    %edx,0x28(%rax)		<-- trapping instruction
  2d:	74 04                	je     0x33
  2f:	90                   	nop
  30:	0f 0b                	ud2
  32:	90                   	nop
  33:	49 89 df             	mov    %rbx,%r15
  36:	ba 00 00 00 00       	mov    $0x0,%edx
  3b:	4c 89 e0             	mov    %r12,%rax
  3e:	49                   	rex.WB
  3f:	83                   	.byte 0x83

Code starting with the faulting instruction
===========================================
   0:	39 50 28             	cmp    %edx,0x28(%rax)
   3:	74 04                	je     0x9
   5:	90                   	nop
   6:	0f 0b                	ud2
   8:	90                   	nop
   9:	49 89 df             	mov    %rbx,%r15
   c:	ba 00 00 00 00       	mov    $0x0,%edx
  11:	4c 89 e0             	mov    %r12,%rax
  14:	49                   	rex.WB
  15:	83                   	.byte 0x83


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250917/202509171502.9b679aa8-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ