Re: BUG: kernel NULL pointer dereference, address: 0000000000000000

From: Paul Menzel
Date: Sat Jan 03 2026 - 01:03:51 EST

Dear Salvatore,


Thank you for the follow-up.

Am 03.01.26 um 01:59 schrieb Salvatore Bonaccorso:

On Mon, Dec 01, 2025 at 05:05:59PM +0100, Paul Menzel wrote:

Am 01.12.25 um 14:25 schrieb Sudip Mukherjee:
On Thu, 27 Nov 2025 at 22:55, Paul Menzel wrote:

Am 27.11.25 um 19:51 schrieb Paul Menzel:

Unfortunately, not reproducible, but starting with Linux 6.18-rc7, I got
the oops below *once*:

```

<snip>

Building and booting Linux 6.18.0-rc7-00041-g765e56e41a5a, I got another
oops.

[ 15.234799] ppdev lp.0: really_probe: driver_sysfs_add failed
[ 15.234852] ------------[ cut here ]------------
[ 15.234854] refcount_t: addition on 0; use-after-free.
[ 15.234864] WARNING: CPU: 0 PID: 353 at lib/refcount.c:25 refcount_warn_saturate+0xcd/0xf0

Please find the output of `dmesg` attached.

(It might be related to booting with an USB-C mini-dock connected, but I
do not know yet.)

At least today, I am also only able to reproduce this with *no* power cable
plugged in, and the USB-C mini-dock connected.

In both cases, it seems the underlying hardware was removed or the
module was unloaded while it was still registering.

In the first case, 'parport_default_proc_unregister' has been called
while parport driver is still checking for all the connected devices
and was executing 'lp_attach'.
'parport_default_proc_unregister' will only be called when the parport
module is exiting.

Same in the second case, 'lp_attach' was still executing and
'ppdev_cleanup' was called.

Please find the output of `dmesg` attached with the Oops for Linux 6.18.

```
[ 14.696290] ppdev: user-space parallel port driver
[ 14.696974] lp lp.0: really_probe: driver_sysfs_add failed
[ 14.697015] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
[ 14.697189] BUG: unable to handle page fault for address: ffff991d07830708
[ 14.697223] #PF: supervisor instruction fetch in kernel mode
[ 14.697249] #PF: error_code(0x0011) - permissions violation
[ 14.697277] PGD 388401067 P4D 388401067 PUD 101338063 PMD 10785c063 PTE 8000000107830163
[ 14.697313] Oops: Oops: 0011 [#1] SMP
[ 14.697334] CPU: 2 UID: 0 PID: 357 Comm: systemd-modules Not tainted 6.18.0 #165 PREEMPT(voluntary)
[ 14.697386] Hardware name: Dell Inc. XPS 13 9360/0596KF, BIOS 2.21.0 06/02/2022
[ 14.697423] RIP: 0010:0xffff991d07830708
[ 14.697445] Code: ff ff 20 a1 10 01 1d 99 ff ff 80 3a 50 93 ff ff ff ff 40 54 3c 06 1d 99 ff ff 01 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 <08> 07 83 07 1d 99 ff ff 08 07 83 07 1d 99 ff ff 00 00 00 00 00 00
[ 14.697530] RSP: 0000:ffffa8c040a27a30 EFLAGS: 00010286
[ 14.697561] RAX: ffff991d078306c0 RBX: ffff991d0722a000 RCX: 0000000000000007
[ 14.697593] RDX: ffffffffc078d5c0 RSI: ffff991d01fa7ce0 RDI: ffff991d03cc0000
[ 14.697618] RBP: ffffa8c040a27a80 R08: 00000000fffffff3 R09: 00000000fff7ffff
[ 14.697639] R10: ffffffff9482b180 R11: ffffa8c040a27620 R12: ffff991d0722a040
[ 14.697659] R13: ffff991d03cc0050 R14: ffff991d03cc0000 R15: ffff991d00dfe8e8
[ 14.697679] FS: 00007f09cb7fd6c0(0000) GS:ffff9920d8587000(0000) knlGS:0000000000000000
[ 14.697711] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 14.697728] CR2: ffff991d07830708 CR3: 0000000102019003 CR4: 00000000003706f0
[ 14.697749] Call Trace:
[ 14.697759] <TASK>
[ 14.697768] ? parport_register_dev_model+0x273/0x3c0 [parport]
[ 14.697792] ? lp_register+0x6f/0x100 [lp]
[ 14.697806] ? msr_init+0x1000/0x1000 [msr]
[ 14.697822] ? parport_irq_handler+0x50/0x50 [parport]
[ 14.697841] ? lp_attach+0x99/0xc0 [lp]
[ 14.697854] ? port_check+0x1d/0x20 [parport]
[ 14.697879] ? bus_for_each_dev+0x82/0xd0
[ 14.697894] ? ppdev_cleanup+0xb40/0xb40 [ppdev]
[ 14.697910] ? __parport_register_driver+0x7e/0xb0 [parport]
[ 14.697930] ? lp_init_module+0x1e2/0x1000 [lp]
[ 14.697945] ? do_one_initcall+0x58/0x2f0
[ 14.697960] ? do_init_module+0x67/0x2a0
[ 14.697974] ? init_module_from_file+0x85/0xc0
[ 14.697989] ? __x64_sys_finit_module+0x163/0x3d0
[ 14.698005] ? do_syscall_64+0x82/0x9b0
[ 14.698020] ? vfs_read+0x15e/0x380
[ 14.698035] ? vfs_read+0x15e/0x380
[ 14.698056] ? __rseq_handle_notify_resume+0xa6/0x480
[ 14.698080] ? restore_fpregs_from_fpstate+0x46/0xa0
[ 14.698098] ? switch_fpu_return+0x5b/0xd0
[ 14.698113] ? do_syscall_64+0x21d/0x9b0
[ 14.698134] ? restore_fpregs_from_fpstate+0x46/0xa0
[ 14.698158] ? switch_fpu_return+0x5b/0xd0
[ 14.698179] ? do_syscall_64+0x21d/0x9b0
[ 14.698203] ? do_user_addr_fault+0x216/0x690
[ 14.698230] ? exc_page_fault+0x7e/0x1a0
[ 14.698254] ? entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 14.698286] </TASK>
```

Are you seeing the crash only from v6.18-rc7 onwards? Was v6.18-rc6 or
v6.17 ok for you?
Going through some Linux kernels, I hit the same issue with
6.18.0-rc3-00256-gba36dd5ee6fd, but with that the graphics environment did
not load, and I only have the journal entry.

```
Dez 01 14:33:41 abreu kernel: kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
Dez 01 14:33:41 abreu kernel: BUG: unable to handle page fault for address: ffff97fec6b9c588
Dez 01 14:33:41 abreu kernel: #PF: supervisor instruction fetch in kernel mode
Dez 01 14:33:41 abreu kernel: #PF: error_code(0x0011) - permissions violation
Dez 01 14:33:41 abreu kernel: PGD 3fda01067 P4D 3fda01067 PUD 101338063 PMD 106b74063 PTE 8000000106b9c163
Dez 01 14:33:41 abreu kernel: Oops: Oops: 0011 [#1] SMP
Dez 01 14:33:41 abreu kernel: CPU: 2 UID: 0 PID: 432 Comm: systemd-modules Not tainted 6.18.0-rc3-00256-gba36dd5ee6fd #154 PREEMPT(voluntary)
Dez 01 14:33:41 abreu kernel: Hardware name: Dell Inc. XPS 13 9360/0596KF, BIOS 2.21.0 06/02/2022
Dez 01 14:33:41 abreu kernel: RIP: 0010:0xffff97fec6b9c588
Dez 01 14:33:41 abreu kernel: Code: ff ff 20 ed 23 c7 fe 97 ff ff a0 3a f0 9a ff ff ff ff f8 37 58 c3 fe 97 ff ff 01 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 <88> c5 b9 c6 fe 97 ff ff 88 c5 b9 c6 fe 97 ff ff 00 00 00 00 00 00
Dez 01 14:33:41 abreu kernel: RSP: 0000:ffffaaba0095bb00 EFLAGS: 00010286
Dez 01 14:33:41 abreu kernel: RAX: ffff97fec6b9c540 RBX: ffff97fec48c7800 RCX: 0000000000000007
Dez 01 14:33:41 abreu kernel: RDX: ffffffffc077b5c0 RSI: ffff97fec71a58b0 RDI: ffff97fed8514800
Dez 01 14:33:41 abreu kernel: RBP: ffffaaba0095bb50 R08: ffff97fec77ec243 R09: ffff98022cd3f4c0
Dez 01 14:33:41 abreu kernel: R10: 0000000000000001 R11: 0000000006f6b9e9 R12: ffff97fec48c7840
Dez 01 14:33:41 abreu kernel: R13: ffff97fed8514850 R14: ffff97fed8514800 R15: ffff97fec7349b08
Dez 01 14:33:41 abreu kernel: FS: 00007f4b0c2fcc80(0000) GS:ffff980290b87000(0000) knlGS:0000000000000000
Dez 01 14:33:41 abreu kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Dez 01 14:33:41 abreu kernel: CR2: ffff97fec6b9c588 CR3: 0000000106a5f004 CR4: 00000000003706f0
Dez 01 14:33:41 abreu kernel: Call Trace:
Dez 01 14:33:41 abreu kernel: <TASK>
Dez 01 14:33:41 abreu kernel: ? parport_register_dev_model+0x273/0x3c0 [parport]
Dez 01 14:33:41 abreu kernel: ? lp_register+0x6f/0x100 [lp]
Dez 01 14:33:41 abreu kernel: ? parport_pc_init+0xf20/0xf20 [parport_pc]
Dez 01 14:33:41 abreu kernel: ? parport_irq_handler+0x50/0x50 [parport]
Dez 01 14:33:41 abreu kernel: ? lp_attach+0x99/0xc0 [lp]
Dez 01 14:33:41 abreu kernel: ? port_check+0x1d/0x20 [parport]
Dez 01 14:33:41 abreu kernel: ? bus_for_each_dev+0x82/0xd0
Dez 01 14:33:41 abreu kernel: ? lp_open.cold+0xaf5/0xaf5 [lp]
Dez 01 14:33:41 abreu kernel: ? __parport_register_driver+0x7e/0xb0 [parport]
Dez 01 14:33:41 abreu kernel: ? lp_init_module+0x1e2/0x1000 [lp]
Dez 01 14:33:41 abreu kernel: ? do_one_initcall+0x58/0x2f0
Dez 01 14:33:41 abreu kernel: ? do_init_module+0x67/0x2a0
Dez 01 14:33:41 abreu kernel: ? init_module_from_file+0x85/0xc0
Dez 01 14:33:41 abreu kernel: ? __x64_sys_finit_module+0x163/0x3d0
Dez 01 14:33:41 abreu kernel: ? do_syscall_64+0x82/0x9b0
Dez 01 14:33:41 abreu kernel: ? do_syscall_64+0xbb/0x9b0
Dez 01 14:33:41 abreu kernel: ? do_sys_openat2+0xa2/0xe0
Dez 01 14:33:41 abreu kernel: ? __x64_sys_openat+0x61/0xa0
Dez 01 14:33:41 abreu kernel: ? do_syscall_64+0xbb/0x9b0
Dez 01 14:33:41 abreu kernel: ? do_syscall_64+0xbb/0x9b0
Dez 01 14:33:41 abreu kernel: ? exc_page_fault+0x7e/0x1a0
Dez 01 14:33:41 abreu kernel: ? entry_SYSCALL_64_after_hwframe+0x4b/0x53
Dez 01 14:33:41 abreu kernel: </TASK>
Dez 01 14:33:41 abreu kernel: Modules linked in: ppdev(+) lp(+) parport_pc msr(+) parport drm efi_pstore configfs nfnetlink efivarfs autofs4 ext4 crc16 mbcache jbd2 dm_crypt dm_mod dell_wmi dell_smbios dell_wmi_descriptor dcdbas evdev nvme serio_raw pcspkr nvme_core video intel_hid sparse_keymap wmi aesni_intel
Dez 01 14:33:41 abreu kernel: CR2: ffff97fec6b9c588
Dez 01 14:33:41 abreu kernel: ---[ end trace 0000000000000000 ]---
```

I was forced to hard reset the machine by pressing the power button for more
than ten seconds.

FWIW, we have two bugs in Debian as well reported, but they were once
for 6.17.12 and 6.17.13 already. See:

https://bugs.debian.org/1124075

This is

AMD AM5 ASUS ROG STRIX B650-A GAMING WIFI, BIOS 3067 12/10/2024

https://bugs.debian.org/1124463

This is

Dell Latitude E5470/0VHKV0, BIOS 1.34.3 11/20/2022

Does it make a difference to cold-boot or reboot into the system?

I only did cold boots, and I am not able to reproduce it anymore, and wrote it off to some hardware issue – despite the system working fine otherwise.

I am adding the x86 folks, and regression lists.


Kind regards,

Paul