syzbot

 sign-in | mailing list | source | docs
🐞 Open [717]
🐞 Fixed [181]
🐞 Invalid [640]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: unable to handle kernel NULL pointer dereference in rxrpc_send_data_packet

Status: upstream: reported C repro on 2019/08/12 16:27
Reported-by: syzbot+52f0215f1f2c895cd985@syzkaller.appspotmail.com
First crash: 1915d, last: 1619d
Fix bisection: failed (error log, bisect log)
  
Last patch testing requests (10)
Created Duration User Patch Repo Result
2023/01/20 10:32 12m retest repro linux-4.14.y report log
2023/01/20 07:32 14m retest repro linux-4.14.y report log
2023/01/20 06:32 9m retest repro linux-4.14.y report log
2023/01/20 05:32 9m retest repro linux-4.14.y report log
2023/01/20 04:32 11m retest repro linux-4.14.y report log
2023/01/20 03:32 9m retest repro linux-4.14.y report log
2023/01/20 02:32 9m retest repro linux-4.14.y report log
2022/09/04 23:27 10m retest repro linux-4.14.y report log
2022/09/04 22:27 10m retest repro linux-4.14.y report log
2022/09/04 21:27 9m retest repro linux-4.14.y report log
Fix bisection attempts (6)
Created Duration User Patch Repo Result
2020/07/03 15:30 0m bisect fix linux-4.14.y error job log
2020/06/03 13:15 23m bisect fix linux-4.14.y OK (0) job log log
2020/05/04 11:55 25m bisect fix linux-4.14.y OK (0) job log log
2020/04/04 11:31 24m bisect fix linux-4.14.y OK (0) job log log
2020/03/05 11:05 25m bisect fix linux-4.14.y OK (0) job log log
2020/01/06 01:15 24m bisect fix linux-4.14.y OK (0) job log log

Sample crash report:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000268
IP: atomic_add_return arch/x86/include/asm/atomic.h:157 [inline]
IP: rxrpc_send_data_packet+0xc8/0x13f0 net/rxrpc/output.c:281
PGD 932e1067 P4D 932e1067 PUD 91ddc067 PMD 0 
Oops: 0002 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 1 PID: 6971 Comm: kworker/1:4 Not tainted 4.14.153 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: krxrpcd rxrpc_process_call
task: ffff88809516c280 task.stack: ffff88808f878000
RIP: 0010:atomic_add_return arch/x86/include/asm/atomic.h:157 [inline]
RIP: 0010:rxrpc_send_data_packet+0xc8/0x13f0 net/rxrpc/output.c:281
RSP: 0018:ffff88808f87fab0 EFLAGS: 00010246
RAX: 0000000000000001 RBX: 0000000000000000 RCX: 1ffff11012a2d969
RDX: 0000000000000000 RSI: ffff88809f800a80 RDI: ffff88807b870010
RBP: ffff88808f87fc60 R08: 0000000000000001 R09: ffff88809516cb48
R10: ffff88808f87fc78 R11: 0000000000000000 R12: ffff88809f800a80
R13: ffff88807b870118 R14: ffff88807b870000 R15: ffff88809f800a80
FS:  0000000000000000(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000268 CR3: 00000000a85e4000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 rxrpc_resend net/rxrpc/call_event.c:322 [inline]
 rxrpc_process_call+0x56f/0x1169 net/rxrpc/call_event.c:407
 process_one_work+0x863/0x1600 kernel/workqueue.c:2114
 worker_thread+0x5d9/0x1050 kernel/workqueue.c:2248
 kthread+0x319/0x430 kernel/kthread.c:232
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404
Code: f3 c7 40 24 f3 f3 f3 f3 e8 c6 35 c6 fb 49 8d 7e 10 48 89 f8 48 c1 e8 03 80 3c 18 00 0f 85 31 11 00 00 49 8b 5e 10 b8 01 00 00 00 <f0> 0f c1 83 68 02 00 00 83 c0 01 48 89 da 48 c1 ea 03 89 85 8c 
RIP: atomic_add_return arch/x86/include/asm/atomic.h:157 [inline] RSP: ffff88808f87fab0
RIP: rxrpc_send_data_packet+0xc8/0x13f0 net/rxrpc/output.c:281 RSP: ffff88808f87fab0
CR2: 0000000000000268
---[ end trace fa595818958639c0 ]---

Crashes (13):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/11/12 14:56 linux-4.14.y 4762bcd451a9 048f2d49 .config console log report syz C ci2-linux-4-14
2019/10/19 21:12 linux-4.14.y b98aebd29824 8c88c9c1 .config console log report syz C ci2-linux-4-14
2019/08/20 17:07 linux-4.14.y 45f092f9e9cb cfc9868f .config console log report syz C ci2-linux-4-14
2019/08/12 15:26 linux-4.14.y 3ffe1e79c174 8620c2c2 .config console log report syz C ci2-linux-4-14
2019/10/26 10:15 linux-4.14.y b98aebd29824 413926c5 .config console log report syz ci2-linux-4-14
2019/10/13 01:56 linux-4.14.y e132c8d7b58d 426631dd .config console log report syz ci2-linux-4-14
2019/08/23 04:37 linux-4.14.y 45f092f9e9cb ca6f3cfa .config console log report syz ci2-linux-4-14
2020/02/04 11:01 linux-4.14.y 9fa690a2a016 93e5e335 .config console log report ci2-linux-4-14
2020/02/02 18:38 linux-4.14.y 9fa690a2a016 93e5e335 .config console log report ci2-linux-4-14
2020/01/13 10:10 linux-4.14.y 6d0c334a400d 53faa9fe .config console log report ci2-linux-4-14
2019/12/07 01:15 linux-4.14.y a844dc4c5442 85f26751 .config console log report ci2-linux-4-14
2019/10/13 08:54 linux-4.14.y e132c8d7b58d 2f661ec4 .config console log report ci2-linux-4-14
2019/10/13 07:34 linux-4.14.y e132c8d7b58d 426631dd .config console log report ci2-linux-4-14
* Struck through repros no longer work on HEAD.