From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 51D2184039 for ; Fri, 2 Jan 2026 21:49:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.50 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767390560; cv=none; b=fS4LucqjtM6IvpfEhh3x4ECSpwJKzbREd1lGhR/ymdIG4Mcy6fZkimvBgToW2FguZbJjRkpzdlWEI+yCRHuFXW/RUCAc5mutfAV4ETO+GQOANiH1kv+N1n63+VFVdolkAkHxEI1EsX4ViSbcxASwW7ODdVDRimF6hg9OdTx7cQ4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767390560; c=relaxed/simple; bh=W0Cy7eXE4F60nrPN3Vhhh5DjZUF7aLSZ7m0eTeGRSf0=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=CdZSsW422+rbuCSP8y54Vj/NVmJJPmdbB7l3thlxkkkShWE6qsEPZHeb+HrBOl1kbywMm2u1rrnu9GFrfxn+27Gf9HHDuK9eC+Q0gvbjiwYSkejiST91xHR7L20WSt3a3JlFauPVeBSqwiDgwctGhqy2JwHn6k5wgBSkK3DbSmE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=debian.org; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=WVRqpesV; arc=none smtp.client-ip=209.85.208.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=debian.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="WVRqpesV" Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-64b791b5584so17918016a12.0 for ; Fri, 02 Jan 2026 13:49:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767390557; x=1767995357; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:sender:from:to:cc:subject:date:message-id :reply-to; bh=ixPej4sAy5a/rs1F6wmPPPDs+sy/vDVBIuic0yKAeBk=; b=WVRqpesVp0gX0uhe0973GrztbUIC/VD195H1RHWozQcU8svnVH7TdKBTl5QPWDgqUB etTTuCGOnmxxZn7xwm6AVHqiD6yDepbX55inGs/zb3D/AEuge15mB3UWFTWDg19WcwH4 IOHVTrzj+H3W61ohmSak2DQoCoNCbl12uqD4k16MiCABCzp5METKUXVBGEIL1RN+rHc+ 0rn8H9tKRF1S5z0deoux0eSPvNKn3C9Ah0FsuLlKr39N5AMsN5UwnvZ2LtpshFFKMgKr YSgeq2Mz2aQ7O/fzENbewGOqyPQNJDoj+rg4+BhQUCIlx2Jfepy+bECL4UzbP6OGOvON rzMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767390557; x=1767995357; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:sender:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ixPej4sAy5a/rs1F6wmPPPDs+sy/vDVBIuic0yKAeBk=; b=f5n8kzuLnl9V4siz4Hzs72CuvknSjm3EufWydtvshov+ar6FZJ704euTVzQfERINpd 3BYus/pL7n5akOsj7LdxQCMCNuMK/ER3/09MG2c8ynYRQklicXAv9masFC9Ir9hYpLVw um9flAreJBPp6zjWvonsApqoM1mrZ4/IETeuNNJBVdwcozRDhQ4agzD+ftmDNqN78dk9 GzKlk0oUcbA+7srii9EEaiaBrpIBkXI52/nmxAYgA8zUMbIK0jyDDmbYg9C47WEe/Xzm WEhFe2Sfhhq0ZxNYkIcsXtFAKM+bsdmQEvQzdJ8+Y/CT2xZ/Q+EPbeF0pNeN9XwHoKAK sAOg== X-Forwarded-Encrypted: i=1; AJvYcCVD/B7w6DA14TdfXpX8Ow89/A2K5O0PObzrz1t4FmIKdeU755djP1+qtu0lhi+JTeEzm8VAWNeK7OAQQF4=@vger.kernel.org X-Gm-Message-State: AOJu0YxlBvkoT1eC5HCnLlVBsASqRR095G6PdVma1/QJK0n297AJAl6x yhkxgbqVDNYV8xj53Ix8aXtIn1hGAfcUucJGp8UaKj4QGwN9fJZEU57qURkmHaiz X-Gm-Gg: AY/fxX5mmrqHiiRESKk9dsnrXOAIwMu4lUbq84fZthg1YOkoxbFg7Ntrfpk+bJxTQ/z D4RCHLVwwTaOHwRQlgisM/AFqGrxZ7oG6PTcSJUi9S7XVkG9spsp4pRDL0W4NidPAy5eoeY/Af+ dSXRXgGGmepGZVVDmcvngPpv9gCgVe1/3KSo8dbyZOmvA4aqff1VW5GbaaS7S4IZaV1gQD4eV39 zqCB6+UmlQiCOP20n/0UvX5WPJXTkyX8N0ZViYgNg+qlmPEoSBzNbjsYPb2GniyJyg4DhchZcsY 3MjIQCDh9s7DQpP0K/Li3/+CQkBENdMHdkmpbwOFkBTIe+rj5nb5VlGomp9tW/+GX1oBJrmGwJr KkzNoFak/0d78QS6+97ekFHdDotLGSJOylvQWtCTxyFOupt3W5mYJqYmJB5sV/2EoWPC/1/kFDD RxE/qcEPgHuE1Zpej3O+saPCxR8U5xJPkyB/VJCdwK+NPC X-Google-Smtp-Source: AGHT+IFsZER8SIv/i5hzj9D7egZU9V3f26RNmw7cZoMkr0y/OfsSEPpH1BGTZ/+Oym2YtT3Lej2X5Q== X-Received: by 2002:a05:6000:40ce:b0:430:f2ee:b220 with SMTP id ffacd0b85a97d-4324e4cb94dmr55491373f8f.19.1767383976331; Fri, 02 Jan 2026 11:59:36 -0800 (PST) Received: from eldamar.lan (c-82-192-244-13.customer.ggaweb.ch. [82.192.244.13]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4324eaa08d9sm86241782f8f.30.2026.01.02.11.59.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 02 Jan 2026 11:59:34 -0800 (PST) Sender: Salvatore Bonaccorso Received: by eldamar.lan (Postfix, from userid 1000) id E0E39BE2EE7; Fri, 02 Jan 2026 20:59:33 +0100 (CET) Date: Fri, 2 Jan 2026 20:59:33 +0100 From: Salvatore Bonaccorso To: Paul Menzel Cc: Sudip Mukherjee , Sudip Mukherjee , linux-kernel@vger.kernel.org, Andrew Morton , linux-mm@kvack.org Subject: Re: BUG: kernel NULL pointer dereference, address: 0000000000000000 Message-ID: References: <6ba903ad-9897-42bb-8c2d-337385cc3746@molgen.mpg.de> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Hi Paul, hi Sudip, On Mon, Dec 01, 2025 at 05:05:59PM +0100, Paul Menzel wrote: > Dear Sudip, > > > Thank you very much for looking into this. > > > Am 01.12.25 um 14:25 schrieb Sudip Mukherjee: > > On Thu, 27 Nov 2025 at 22:55, Paul Menzel wrote: > > > > Am 27.11.25 um 19:51 schrieb Paul Menzel: > > > > > > > Unfortunately, not reproducible, but starting with Linux 6.18-rc7, I got > > > > the oops below *once*: > > > > > > > > ``` > > > > > > > > > Building and booting Linux 6.18.0-rc7-00041-g765e56e41a5a, I got another > > > oops. > > > > > > [ 15.234799] ppdev lp.0: really_probe: driver_sysfs_add failed > > > [ 15.234852] ------------[ cut here ]------------ > > > [ 15.234854] refcount_t: addition on 0; use-after-free. > > > [ 15.234864] WARNING: CPU: 0 PID: 353 at lib/refcount.c:25 refcount_warn_saturate+0xcd/0xf0 > > > > > > Please find the output of `dmesg` attached. > > > > > > (It might be related to booting with an USB-C mini-dock connected, but I > > > do not know yet.) > > At least today, I am also only able to reproduce this with *no* power cable > plugged in, and the USB-C mini-dock connected. > > > In both cases, it seems the underlying hardware was removed or the > > module was unloaded while it was still registering. > > > > In the first case, 'parport_default_proc_unregister' has been called > > while parport driver is still checking for all the connected devices > > and was executing 'lp_attach'. > > 'parport_default_proc_unregister' will only be called when the parport > > module is exiting. > > > > Same in the second case, 'lp_attach' was still executing and > > 'ppdev_cleanup' was called. > > Please find the output of `dmesg` attached with the Oops for Linux 6.18. > > ``` > [ 14.696290] ppdev: user-space parallel port driver > [ 14.696974] lp lp.0: really_probe: driver_sysfs_add failed > [ 14.697015] kernel tried to execute NX-protected page - exploit attempt? > (uid: 0) > [ 14.697189] BUG: unable to handle page fault for address: > ffff991d07830708 > [ 14.697223] #PF: supervisor instruction fetch in kernel mode > [ 14.697249] #PF: error_code(0x0011) - permissions violation > [ 14.697277] PGD 388401067 P4D 388401067 PUD 101338063 PMD 10785c063 PTE > 8000000107830163 > [ 14.697313] Oops: Oops: 0011 [#1] SMP > [ 14.697334] CPU: 2 UID: 0 PID: 357 Comm: systemd-modules Not tainted > 6.18.0 #165 PREEMPT(voluntary) > [ 14.697386] Hardware name: Dell Inc. XPS 13 9360/0596KF, BIOS 2.21.0 > 06/02/2022 > [ 14.697423] RIP: 0010:0xffff991d07830708 > [ 14.697445] Code: ff ff 20 a1 10 01 1d 99 ff ff 80 3a 50 93 ff ff ff ff > 40 54 3c 06 1d 99 ff ff 01 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 <08> > 07 83 07 1d 99 ff ff 08 07 83 07 1d 99 ff ff 00 00 00 00 00 00 > [ 14.697530] RSP: 0000:ffffa8c040a27a30 EFLAGS: 00010286 > [ 14.697561] RAX: ffff991d078306c0 RBX: ffff991d0722a000 RCX: > 0000000000000007 > [ 14.697593] RDX: ffffffffc078d5c0 RSI: ffff991d01fa7ce0 RDI: > ffff991d03cc0000 > [ 14.697618] RBP: ffffa8c040a27a80 R08: 00000000fffffff3 R09: > 00000000fff7ffff > [ 14.697639] R10: ffffffff9482b180 R11: ffffa8c040a27620 R12: > ffff991d0722a040 > [ 14.697659] R13: ffff991d03cc0050 R14: ffff991d03cc0000 R15: > ffff991d00dfe8e8 > [ 14.697679] FS: 00007f09cb7fd6c0(0000) GS:ffff9920d8587000(0000) > knlGS:0000000000000000 > [ 14.697711] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 14.697728] CR2: ffff991d07830708 CR3: 0000000102019003 CR4: > 00000000003706f0 > [ 14.697749] Call Trace: > [ 14.697759] > [ 14.697768] ? parport_register_dev_model+0x273/0x3c0 [parport] > [ 14.697792] ? lp_register+0x6f/0x100 [lp] > [ 14.697806] ? msr_init+0x1000/0x1000 [msr] > [ 14.697822] ? parport_irq_handler+0x50/0x50 [parport] > [ 14.697841] ? lp_attach+0x99/0xc0 [lp] > [ 14.697854] ? port_check+0x1d/0x20 [parport] > [ 14.697879] ? bus_for_each_dev+0x82/0xd0 > [ 14.697894] ? ppdev_cleanup+0xb40/0xb40 [ppdev] > [ 14.697910] ? __parport_register_driver+0x7e/0xb0 [parport] > [ 14.697930] ? lp_init_module+0x1e2/0x1000 [lp] > [ 14.697945] ? do_one_initcall+0x58/0x2f0 > [ 14.697960] ? do_init_module+0x67/0x2a0 > [ 14.697974] ? init_module_from_file+0x85/0xc0 > [ 14.697989] ? __x64_sys_finit_module+0x163/0x3d0 > [ 14.698005] ? do_syscall_64+0x82/0x9b0 > [ 14.698020] ? vfs_read+0x15e/0x380 > [ 14.698035] ? vfs_read+0x15e/0x380 > [ 14.698056] ? __rseq_handle_notify_resume+0xa6/0x480 > [ 14.698080] ? restore_fpregs_from_fpstate+0x46/0xa0 > [ 14.698098] ? switch_fpu_return+0x5b/0xd0 > [ 14.698113] ? do_syscall_64+0x21d/0x9b0 > [ 14.698134] ? restore_fpregs_from_fpstate+0x46/0xa0 > [ 14.698158] ? switch_fpu_return+0x5b/0xd0 > [ 14.698179] ? do_syscall_64+0x21d/0x9b0 > [ 14.698203] ? do_user_addr_fault+0x216/0x690 > [ 14.698230] ? exc_page_fault+0x7e/0x1a0 > [ 14.698254] ? entry_SYSCALL_64_after_hwframe+0x4b/0x53 > [ 14.698286] > ``` > > > Are you seeing the crash only from v6.18-rc7 onwards? Was v6.18-rc6 or > > v6.17 ok for you? > Going through some Linux kernels, I hit the same issue with > 6.18.0-rc3-00256-gba36dd5ee6fd, but with that the graphics environment did > not load, and I only have the journal entry. > > ``` > Dez 01 14:33:41 abreu kernel: kernel tried to execute NX-protected page - > exploit attempt? (uid: 0) > Dez 01 14:33:41 abreu kernel: BUG: unable to handle page fault for address: > ffff97fec6b9c588 > Dez 01 14:33:41 abreu kernel: #PF: supervisor instruction fetch in kernel > mode > Dez 01 14:33:41 abreu kernel: #PF: error_code(0x0011) - permissions > violation > Dez 01 14:33:41 abreu kernel: PGD 3fda01067 P4D 3fda01067 PUD 101338063 PMD > 106b74063 PTE 8000000106b9c163 > Dez 01 14:33:41 abreu kernel: Oops: Oops: 0011 [#1] SMP > Dez 01 14:33:41 abreu kernel: CPU: 2 UID: 0 PID: 432 Comm: systemd-modules > Not tainted 6.18.0-rc3-00256-gba36dd5ee6fd #154 PREEMPT(voluntary) > Dez 01 14:33:41 abreu kernel: Hardware name: Dell Inc. XPS 13 9360/0596KF, > BIOS 2.21.0 06/02/2022 > Dez 01 14:33:41 abreu kernel: RIP: 0010:0xffff97fec6b9c588 > Dez 01 14:33:41 abreu kernel: Code: ff ff 20 ed 23 c7 fe 97 ff ff a0 3a f0 > 9a ff ff ff ff f8 37 58 c3 fe 97 ff ff 01 00 00 00 03 00 00 00 00 00 00 00 > 00 00 00 00 <88> c5 b9 c6 fe 97 ff ff 88 c5 b9 c6 fe 97 ff ff 00 00 00 00 00 > 00 > Dez 01 14:33:41 abreu kernel: RSP: 0000:ffffaaba0095bb00 EFLAGS: 00010286 > Dez 01 14:33:41 abreu kernel: RAX: ffff97fec6b9c540 RBX: ffff97fec48c7800 > RCX: 0000000000000007 > Dez 01 14:33:41 abreu kernel: RDX: ffffffffc077b5c0 RSI: ffff97fec71a58b0 > RDI: ffff97fed8514800 > Dez 01 14:33:41 abreu kernel: RBP: ffffaaba0095bb50 R08: ffff97fec77ec243 > R09: ffff98022cd3f4c0 > Dez 01 14:33:41 abreu kernel: R10: 0000000000000001 R11: 0000000006f6b9e9 > R12: ffff97fec48c7840 > Dez 01 14:33:41 abreu kernel: R13: ffff97fed8514850 R14: ffff97fed8514800 > R15: ffff97fec7349b08 > Dez 01 14:33:41 abreu kernel: FS: 00007f4b0c2fcc80(0000) > GS:ffff980290b87000(0000) knlGS:0000000000000000 > Dez 01 14:33:41 abreu kernel: CS: 0010 DS: 0000 ES: 0000 CR0: > 0000000080050033 > Dez 01 14:33:41 abreu kernel: CR2: ffff97fec6b9c588 CR3: 0000000106a5f004 > CR4: 00000000003706f0 > Dez 01 14:33:41 abreu kernel: Call Trace: > Dez 01 14:33:41 abreu kernel: > Dez 01 14:33:41 abreu kernel: ? parport_register_dev_model+0x273/0x3c0 > [parport] > Dez 01 14:33:41 abreu kernel: ? lp_register+0x6f/0x100 [lp] > Dez 01 14:33:41 abreu kernel: ? parport_pc_init+0xf20/0xf20 [parport_pc] > Dez 01 14:33:41 abreu kernel: ? parport_irq_handler+0x50/0x50 [parport] > Dez 01 14:33:41 abreu kernel: ? lp_attach+0x99/0xc0 [lp] > Dez 01 14:33:41 abreu kernel: ? port_check+0x1d/0x20 [parport] > Dez 01 14:33:41 abreu kernel: ? bus_for_each_dev+0x82/0xd0 > Dez 01 14:33:41 abreu kernel: ? lp_open.cold+0xaf5/0xaf5 [lp] > Dez 01 14:33:41 abreu kernel: ? __parport_register_driver+0x7e/0xb0 > [parport] > Dez 01 14:33:41 abreu kernel: ? lp_init_module+0x1e2/0x1000 [lp] > Dez 01 14:33:41 abreu kernel: ? do_one_initcall+0x58/0x2f0 > Dez 01 14:33:41 abreu kernel: ? do_init_module+0x67/0x2a0 > Dez 01 14:33:41 abreu kernel: ? init_module_from_file+0x85/0xc0 > Dez 01 14:33:41 abreu kernel: ? __x64_sys_finit_module+0x163/0x3d0 > Dez 01 14:33:41 abreu kernel: ? do_syscall_64+0x82/0x9b0 > Dez 01 14:33:41 abreu kernel: ? do_syscall_64+0xbb/0x9b0 > Dez 01 14:33:41 abreu kernel: ? do_sys_openat2+0xa2/0xe0 > Dez 01 14:33:41 abreu kernel: ? __x64_sys_openat+0x61/0xa0 > Dez 01 14:33:41 abreu kernel: ? do_syscall_64+0xbb/0x9b0 > Dez 01 14:33:41 abreu kernel: ? do_syscall_64+0xbb/0x9b0 > Dez 01 14:33:41 abreu kernel: ? exc_page_fault+0x7e/0x1a0 > Dez 01 14:33:41 abreu kernel: ? entry_SYSCALL_64_after_hwframe+0x4b/0x53 > Dez 01 14:33:41 abreu kernel: > Dez 01 14:33:41 abreu kernel: Modules linked in: ppdev(+) lp(+) parport_pc > msr(+) parport drm efi_pstore configfs nfnetlink efivarfs autofs4 ext4 crc16 > mbcache jbd2 dm_crypt dm_mod dell_wmi dell_smbios dell_wmi_descriptor dcdbas > evdev nvme serio_raw pcspkr nvme_core video intel_hid sparse_keymap wmi > aesni_intel > Dez 01 14:33:41 abreu kernel: CR2: ffff97fec6b9c588 > Dez 01 14:33:41 abreu kernel: ---[ end trace 0000000000000000 ]--- > ``` > > I was forced to hard reset the machine by pressing the power button for more > than ten seconds. FWIW, we have two bugs in Debian as well reported, but they were once for 6.17.12 and 6.17.13 already. See: https://bugs.debian.org/1124075 https://bugs.debian.org/1124463 Does it make a difference to cold-boot or reboot into the system? Regards, Salvatore