Description of problem: NULL pointer dereference in hugetlbs_fill_super. call trace: ``` [ 39.654819] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 39.654821] #PF: supervisor read access in kernel mode [ 39.654822] #PF: error_code(0x0000) - not-present page [ 39.654823] PGD 5e6d067 P4D 5e6d067 PUD 5e6c067 PMD 0 [ 39.654825] Oops: 0000 [#1] SMP NOPTI [ 39.654827] CPU: 0 PID: 2100 Comm: a.out Kdump: loaded Tainted: G W 5.10.134-14.t22.1.15.zncgsl6.x86_64 #1 [ 39.654828] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/22/2020 [ 39.654831] RIP: 0010:hugetlbfs_fill_super+0xbd/0x1c0 [ 39.654832] Code: 48 8b 3b e8 b5 76 e7 ff 49 89 44 24 20 48 85 c0 0f 84 eb 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 ef 49 89 45 20 48 8b 03 <8b> 48 08 b8 00 10 00 00 48 d3 e0 49 89 45 18 48 8b 03 8b 40 08 49 [ 39.654833] RSP: 0018:ffffa94401567e30 EFLAGS: 00010246 [ 39.654834] RAX: 0000000000000000 RBX: ffff948cc5cae360 RCX: 0000000000013226 [ 39.654835] RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff948cc7951800 [ 39.654835] RBP: ffffa94401567e50 R08: 0000000000000040 R09: 00000000ffffffff [ 39.654836] R10: ffff948cc14021a0 R11: ffffffff951df270 R12: ffff948d1ad44900 [ 39.654837] R13: ffff948cc7951800 R14: 0000000000000000 R15: 0000000000000000 [ 39.654838] FS: 00007f05a8158500(0000) GS:ffff948d2f000000(0000) knlGS:0000000000000000 [ 39.654855] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 39.654859] CR2: 0000000000000008 CR3: 00000000031dc003 CR4: 00000000003706f0 [ 39.654869] Call Trace: [ 39.654887] ? hugetlbfs_init_fs_context+0xa0/0xa0 [ 39.654890] vfs_get_super+0x7c/0x110 [ 39.654892] vfs_get_tree+0x22/0xc0 [ 39.654894] vfs_fsconfig_locked+0x79/0x160 [ 39.654896] __x64_sys_fsconfig+0x390/0x400 [ 39.654899] do_syscall_64+0x30/0x40 [ 39.654917] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 39.654919] RIP: 0033:0x7f05a7af766d [ 39.654920] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d eb 77 2c 00 f7 d8 64 89 01 48 [ 39.654921] RSP: 002b:00007ffdf9f6fb68 EFLAGS: 00000202 ORIG_RAX: 00000000000001af [ 39.654922] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f05a7af766d [ 39.654923] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 39.654923] RBP: 00007ffdf9f6fb90 R08: 0000000000000000 R09: 0000000000000001 [ 39.654924] R10: 0000000000000000 R11: 0000000000000202 R12: 00000000004004f0 [ 39.654924] R13: 00007ffdf9f6fc90 R14: 0000000000000000 R15: 0000000000000000 [ 39.654925] Modules linked in: isofs rfcomm bnep snd_seq_midi snd_seq_midi_event intel_rapl_msr intel_rapl_common snd_ens1371 intel_pmc_core_pltdrv intel_pmc_core snd_ac97_codec ac97_bus snd_rawmidi crct10dif_pclmul snd_seq snd_seq_device snd_pcm crc32_pclmul btusb btrtl btbcm btintel snd_timer snd bluetooth soundcore joydev ghash_clmulni_intel psmouse rapl ecdh_generic ecc vmw_balloon rfkill mousedev pcspkr vmw_vmci i2c_piix4 xfs libcrc32c sd_mod t10_pi sr_mod cdrom sg vmwgfx drm_kms_helper ata_generic crc32c_intel syscopyarea serio_raw sysfillrect sysimgblt fb_sys_fops ttm ata_piix drm e1000 libata mptspi scsi_transport_spi mptscsih mptbase i2c_core mds [ 39.654953] CR2: 0000000000000008 [ 39.654955] ---[ end trace d4e1839bd0824780 ]--- ``` How reproducible: Test with fsconfig syscall: """ int fs_fd; fs_fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC); if (fs_fd == -1) { printf("cannot open hugetlbfs, ret: %d", fs_fd); return -1; } fsconfig(fs_fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0); fsconfig(fs_fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0); return 0; """ Steps to Reproduce: 1. build the test code above with gcc 2. a.out Actual results: kernel panic
The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/3126
(In reply to 小龙 from comment #1) > The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/3126 merged
The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/3152