On Mon, 2024-09-23 at 23:33 +0100, David Howells wrote: > Eduard Zingerman <eddyz87@xxxxxxxxx> wrote: > > > - null-ptr-deref is triggered by access to page->pcp_list.next > > when list_del() is called from page_alloc.c:__rmqueue_pcplist(), > > Can you tell me what the upstream commit ID of your kernel is? (before any > patches are stacked on it)
I used bpf-next tree, but could be reproduced with [1] as well, commit ID [2]. Decoded dmesg for this commit ID in [3].
[1] git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git [2] abf2050f51fd ("Merge tag 'media/v6.12-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media")[3] https://gist.github.com/eddyz87/af39e04069c6ca30e66c3032c0384b8e
> If you can modify your kernel, can you find the following in fs/netfs/: > > buffered_read.c:127: new = kmalloc(sizeof(*new), GFP_NOFS); > buffered_read.c:353: folioq = kmalloc(sizeof(*folioq), GFP_KERNEL); > buffered_read.c:458: folioq = kmalloc(sizeof(*folioq), GFP_KERNEL); > misc.c:25: tail = kmalloc(sizeof(*tail), GFP_NOFS); > > and change the kmalloc to kzalloc?
No changes in behaviour.
| 