In the Linux kernel, following vulnerability has been resolved: net: mana: cleanup mana struct after debugfs_remove() When on a MANA VM hibernation is triggered, as part of hibernate_snapshot(), mana_gd_suspend() and mana_gd_resume() are called. If during this mana_gd_resume(), failure occurs with HWC creation, mana_port_debugfs pointer does not get reinitialized ends up pointing to older, cleaned-up dentry. Further in path, power_down(), mana_gd_shutdown() is triggered. This call, unaware failures resume, tries cleanup the already cleaned mana_port_debugfs value hits bug: [ 191.359296] 7870:00:00.0: Shutdown was called [ 191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098 [ 191.360584] #PF: supervisor write access mode [ 191.361125] error_code(0x0002) - not-present page [ 191.361727] PGD 1080ea067 P4D 0 [ 191.362172] Oops: 0002 [#1] SMP NOPTI [ 191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2 [ 191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024 [ 191.364124] RIP: 0010:down_write+0x19/0x50 [ 191.364537] Code: 90 0f 1f 44 00 55 48 89 e5 53 fb e8 de cd ff 31 c0 ba 01 b1 13 75 16 65 8b 05 88 24 4c 6a 43 08 5d [ 191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246 [ 191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000 [ 191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 191.367600] RBP: ff45fbe0c1c037c0 R08: R09: 0000000000000001 [ 191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000 [ 191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020 [ 191.369549] FS: 00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000 [ 191.370213] CS: 0010 DS: 0000 ES: CR0: 0000000080050033 [ 191.370830] CR2: CR3: 0000000168e8e002 CR4: 0000000000b73ef0 [ 191.371557] DR0: DR1: DR2: 191.372192] DR3: DR6: 00000000fffe07f0 DR7: 0000000000000400 [ 191.372906] Call Trace: [ 191.373262] [ 191.373621] ? show_regs+0x64/0x70 [ 191.374040] __die+0x24/0x70 [ 191.374468] page_fault_oops+0x290/0x5b0 [ 191.374875] do_user_addr_fault+0x448/0x800 [ 191.375357] exc_page_fault+0x7a/0x160 [ 191.375971] asm_exc_page_fault+0x27/0x30 [ 191.376416] down_write+0x19/0x50 [ 191.376832] down_write+0x12/0x50 [ 191.377232] simple_recursive_removal+0x4a/0x2a0 [ 191.377679] __pfx_remove_one+0x10/0x10 [ 191.378088] debugfs_remove+0x44/0x70 [ 191.378530] mana_detach+0x17c/0x4f0 [ 191.378950] __flush_work+0x1e2/0x3b0 [ 191.379362] __cond_resched+0x1a/0x50 [ 191.379787] mana_remove+0xf2/0x1a0 [ 191.380193] mana_gd_shutdown+0x3b/0x70 [ 191.380642] pci_device_shutdown+0x3a/0x80 [ 191.381063] device_shutdown+0x13e/0x230 [ 191.381480] kernel_power_off+0x35/0x80 [ 191.381890] hibernate+0x3c6/0x470 [ 191.382312] state_store+0xcb/0xd0 [ 191.382734] kobj_attr_store+0x12/0x30 [ 191.383211] sysfs_kf_write+0x3e/0x50 [ 191.383640] kernfs_fop_write_iter+0x140/0x1d0 [ 191.384106] vfs_write+0x271/0x440 [ 191.384521] ksys_write+0x72/0xf0 [ 191.384924] __x64_sys_write+0x19/0x20 [ 191.385313] x64_sys_call+0x2b0/0x20b0 [ 191.385736] do_syscall_64+0x79/0x150 [ 191.386146] __mod_memcg_lruvec_state+0xe7/0x240 [ 191.386676] __lruvec_stat_mod_folio+0x79/0xb0 [ 191.387124] __pfx_lru_add+0x10/0x10 [ 191.387515] queued_spin_unlock+0x9/0x10 [ 191.387937] do_anonymous_page+0x33c/0xa00 [ 191.388374] __handle_mm_fault+0xcf3/0x1210 [ 191.388805] __count_memcg_events+0xbe/0x180 [ 191.389235] handle_mm_fault+0xae/0x300 [ 19 ---truncated---

https://git.kernel.org/stable/c/3e64bb2ae7d9f2b3a8259d4d6b86ed1984d5460a

https://git.kernel.org/stable/c/a1466112fb6e819261272ad75e7db750a43b78bf