KASAN: null-ptr-deref Read in futex

Kernel	Title	Repro	Cause bisect	Fix bisect	Count	Last	Reported	Patched	Status
upstream	general protection fault in futex_wake (2) kernel				2	1009d	1013d	0/26	auto-closed as invalid on 2021/10/21 19:26
linux-4.19	general protection fault in futex_wake (2)				1	1127d	1127d	0/1	auto-closed as invalid on 2021/07/25 11:26

================================================================== BUG: KASAN: null-ptr-deref in futex_wake+0x1ce/0x2f4 kernel/futex/waitwake.c:166 Read of size 8 at addr 0000000000000000 by task syz-executor.1/3292 CPU: 1 PID: 3292 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113 [<ffffffff831668cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119 [<ffffffff831756ba>] __dump_stack lib/dump_stack.c:88 [inline] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106 [<ffffffff80474da6>] __kasan_report mm/kasan/report.c:446 [inline] [<ffffffff80474da6>] kasan_report+0x1de/0x1e0 mm/kasan/report.c:459 [<ffffffff80475b20>] check_region_inline mm/kasan/generic.c:183 [inline] [<ffffffff80475b20>] __asan_load8+0x6e/0x96 mm/kasan/generic.c:256 [<ffffffff80198b2e>] futex_wake+0x1ce/0x2f4 kernel/futex/waitwake.c:166 [<ffffffff80194dbc>] do_futex+0x21a/0x284 kernel/futex/syscalls.c:111 [<ffffffff80194f1e>] __do_sys_futex kernel/futex/syscalls.c:183 [inline] [<ffffffff80194f1e>] sys_futex+0xf8/0x310 kernel/futex/syscalls.c:164 [<ffffffff80005716>] ret_from_syscall+0x0/0x2 ================================================================== Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Oops [#1] Modules linked in: CPU: 1 PID: 3292 Comm: syz-executor.1 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) epc : futex_wake+0x1ce/0x2f4 kernel/futex/waitwake.c:166 ra : futex_wake+0x1ce/0x2f4 kernel/futex/waitwake.c:166 epc : ffffffff80198b2e ra : ffffffff80198b2e sp : ffffaf800734fb70 gp : ffffffff85863ac0 tp : ffffaf8009c0e100 t0 : ffffffff86bcb657 t1 : fffff5ef0b53c90c t2 : 0000000000000000 s0 : ffffaf800734fcc0 s1 : ffffaf801063bd48 a0 : 0000000000000001 a1 : 0000000000000003 a2 : 1ffff5f001381c21 a3 : ffffffff831afd3a a4 : 0000000000000000 a5 : ffffaf8009c0f100 a6 : 0000000000f00000 a7 : ffffaf805a9e4863 s2 : ffffffffffffffe8 s3 : ffffaf800734fc40 s4 : 0000000000000000 s5 : 0000000000000000 s6 : ffffffffffffffff s7 : ffffaf80093fc5c8 s8 : 00000000000f4240 s9 : ffffaf800734fbc0 s10: 000000000011b000 s11: ffffaf800db0d3c8 t3 : 0000000061736944 t4 : fffff5ef0b53c90c t5 : fffff5ef0b53c90d t6 : ffffaf800734f5b8 status: 0000000000000120 badaddr: 0000000000000000 cause: 000000000000000d [<ffffffff80194dbc>] do_futex+0x21a/0x284 kernel/futex/syscalls.c:111 [<ffffffff80194f1e>] __do_sys_futex kernel/futex/syscalls.c:183 [inline] [<ffffffff80194f1e>] sys_futex+0xf8/0x310 kernel/futex/syscalls.c:164 [<ffffffff80005716>] ret_from_syscall+0x0/0x2 ---[ end trace 0000000000000000 ]---

Crashes (1):
Time	Kernel	Commit	Syzkaller	Config	Log	Report	Syz repro	C repro	VM info	Assets (help?)	Manager	Title
2022/08/10 08:41	git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes	0966d385830d	aaa9eaa0	.config	console log	report			info		ci-qemu2-riscv64	KASAN: null-ptr-deref Read in futex_wake

Crashes (1):

Assets (help?)