From nobody Sun Feb 8 08:13:49 2026 Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B48ED30F815 for ; Tue, 23 Dec 2025 21:51:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766526710; cv=none; b=rBWPr6CydLMw7WAhM66hUmp77pKRNXD0d/8D9pTKdnWm1pRsFnDxtGBGaKSzEDzcVX1rC/hfGp1ldgCAB0WgYqaG/Mzkg7XTZZjzS3EWHWmOSKXkVBCideOmyDTmAxy1+FHNnWdZck5svFMvPen5l9dFbilA/OtAyHTMUV6oJB0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1766526710; c=relaxed/simple; bh=VrpR8IvKFy0Y426lVQ+tBQs0X1mwucTtOqjnEksmT3A=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=kQF1rMky8LYnZtTTIuImQL3D8xEXaZL2AkvqxwlBQSB+4Tlb9X8wGmSznyPs47j1WVauehh0SVMZUlOzwDrf7kQ2Azp6KMz6qCGD6y825wRCzAFSXarXlx51PwvQj+wOcSR8Jsj6wMbu+2Ks0GATw9k+Y2x4Z+TmrnaYBHsUiqQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Dqgdsk6F; arc=none smtp.client-ip=209.85.210.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Dqgdsk6F" Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-7bc248dc16aso4427031b3a.0 for ; Tue, 23 Dec 2025 13:51:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1766526706; x=1767131506; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=ZdouqKdtiI2VbbA5O0FMaqFzUohOL3KwUWri6nzAUwo=; b=Dqgdsk6FQT2LFrxKHT+j2ps1I1J8qU3SLBZQ3iG7w6ZymHasuydUpr5T0WjYgBfH7I 0z84JBIUMZXh2f9PgDdDMsGi6bKIVhgKyaApuPrnrJExZzYYtcMh+01z8XIe0pHwQw/u QY1w8dn2RFkMBEXHfh7rC/f2zPVYPYIRjeSMFeSr9X7efo0OiZe5qOqK/o5YYHx2PDnf 9qWPVPMnTFZzDra4YdosLFY8NdiCWePxv2Abg29rPlWJ4gb4/NFm8P9U3YclgX8p88VQ 9UgDcHk7W9/Mhh6CRkLiQhfQm7Eg2gGWYqEiFXFH3VSwHQmyRyFNhNRH+udYeIcidmcx pjXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766526706; x=1767131506; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ZdouqKdtiI2VbbA5O0FMaqFzUohOL3KwUWri6nzAUwo=; b=CX9rD8oWPXyAEBGK3MAqsUFyiWATzQkrKolVqeT0ghByvUel5IosfYmK1vnt7zeXw6 A0Ywp2E2HZKVEtOKi0d2q9uY/Ad3m/mtujQBGwiTS7WGwdQGsOGezJ6fFB9H0jldGEVe 4ET8daC/SFOXUXtLZAYIrDs3V7lvl7ceNyeOlfTgVIrmZ1mRTZZMhfnMpADTSLRULUtk dFQzXMLgNZeb+9Rmx1pDBwHwezzWJwE4OZusjb5U+q42/NaaOkljBOzPr0Gn8LLHpHMV 7w7D/8nZoasy9y8JUb+HYml72Y/ML6qVBMx/NeIxd2f+NINYw7f2wbpQWVUVKBkEN+rl kh3g== X-Gm-Message-State: AOJu0Yx116eqES6yx0sevk9/NzphIlNa7eru/Pp9Ol6b5O1ogTsveGMg 0tfjFrgWouIZRnQ61GBDr2KnIG/GD7ieBcBfy7jG1ueN+XRUITsNEQB132mRlA== X-Gm-Gg: AY/fxX7WdeAJgBe4O50d+LUMzWsqa97Q9cCbLa0mFI/TmrioblNzvP47HNjZd8zorGH lAh6DgEJsvQrU/yaW+LDUBMWgGkobVZfa3f+xswQe4fFaoXI78djhN61EgvoMO563aAXrv9y1el Fr8qBRYweb3Yf+goX3fGcyQhb5SlEWZJXAlVCuSD+mCcbXAxbLaTAAHx0YSEW3VfWYHK63MR1qI OPOISknRTwHTdgTVjfErkTpcqHRvoa3zsay47Z/fL7qjOlcWM3p+ap1KwnQdhRKfleRdN5KCInA 8l6GFytyaIU8T+RupJ1ukTlL++IGzxY1PBjgf7InstPcZXnFOqpwdTbfdNAIQsPeP7aZvg3ZunE QGiQvI4xTQa+Mm25kF7ODR2oYcgsVRw/FvH4H1K8OlLKBjQ9qjW6wVFKUa6+4rJ+KbRBLHD17PI rgCfBzWLrF5BgztYzU X-Google-Smtp-Source: AGHT+IER+U2Hf9uYy8zOozn6lm8FRwUDm4N3M+S7Bp7th9BhPmzmAotf4KeRN8t8E1i73h55x2H8oA== X-Received: by 2002:a05:6a00:1f03:b0:7ae:8821:96dd with SMTP id d2e1a72fcca58-7ff648e6113mr14119282b3a.24.1766526705765; Tue, 23 Dec 2025 13:51:45 -0800 (PST) Received: from pop-os.. ([2601:647:6802:dbc0:dd8e:5a6a:34ab:fbe3]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7ff7aa328basm14694146b3a.11.2025.12.23.13.51.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Dec 2025 13:51:45 -0800 (PST) From: Cong Wang To: linux-kernel@vger.kernel.org Cc: peterz@infradead.org, mathieu.desnoyers@efficios.com, Cong Wang , Thomas Gleixner Subject: [PATCH] sched: Fix NULL mm dereference in sched_mm_cid_after_execve() Date: Tue, 23 Dec 2025 13:51:13 -0800 Message-Id: <20251223215113.639686-1-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Cong Wang sched_mm_cid_after_execve() is called in bprm_execve()'s cleanup path even when exec_binprm() fails. For the init task's first execve, this causes a problem: 1. current->mm is NULL (kernel threads don't have an mm) 2. sched_mm_cid_before_execve() exits early because mm is NULL 3. exec_binprm() fails (e.g., ENOENT for missing script interpreter) 4. sched_mm_cid_after_execve() is called with mm still NULL 5. sched_mm_cid_fork() is called unconditionally, triggering WARN_ON This is easily reproduced by booting with an init that is a shell script (#!/bin/sh) where the interpreter doesn't exist in the initramfs. Fix this by checking if t->mm is NULL before calling sched_mm_cid_fork(), matching the behavior of sched_mm_cid_before_execve() which already handles this case via sched_mm_cid_exit()'s early return. Fixes: b0c3d51b54f8 ("sched/mmcid: Provide precomputed maximal value") Cc: Thomas Gleixner Signed-off-by: Cong Wang Acked-by: Will Deacon Reviewed-by: Mathieu Desnoyers --- kernel/sched/core.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 41ba0be16911..60afadb6eede 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -10694,10 +10694,11 @@ void sched_mm_cid_before_execve(struct task_struc= t *t) sched_mm_cid_exit(t); } =20 -/* Reactivate MM CID after successful execve() */ +/* Reactivate MM CID after execve() */ void sched_mm_cid_after_execve(struct task_struct *t) { - sched_mm_cid_fork(t); + if (t->mm) + sched_mm_cid_fork(t); } =20 static void mm_cid_work_fn(struct work_struct *work) --=20 2.34.1