syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [1163] ≡ Subsystems 🐞 Fixed [4400] 🐞 Invalid [9892] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
================================================================== BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:101 [inline] BUG: KASAN: null-ptr-deref in atomic_fetch_add_relaxed include/linux/atomic/atomic-instrumented.h:116 [inline] BUG: KASAN: null-ptr-deref in __refcount_add include/linux/refcount.h:193 [inline] BUG: KASAN: null-ptr-deref in __refcount_inc include/linux/refcount.h:250 [inline] BUG: KASAN: null-ptr-deref in refcount_inc include/linux/refcount.h:267 [inline] BUG: KASAN: null-ptr-deref in sctp_chunk_hold+0x26/0xb4 net/sctp/sm_make_chunk.c:1523 Write of size 4 at addr 0000000000000010 by task kworker/1:3/3399 CPU: 1 PID: 3399 Comm: kworker/1:3 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) Workqueue: events_power_efficient wg_ratelimiter_gc_entries Call Trace: [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113 [<ffffffff831668cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119 [<ffffffff831756ba>] __dump_stack lib/dump_stack.c:88 [inline] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106 [<ffffffff80474da6>] __kasan_report mm/kasan/report.c:446 [inline] [<ffffffff80474da6>] kasan_report+0x1de/0x1e0 mm/kasan/report.c:459 [<ffffffff80475ea2>] check_region_inline mm/kasan/generic.c:173 [inline] [<ffffffff80475ea2>] kasan_check_range+0x2a/0x136 mm/kasan/generic.c:189 [<ffffffff8047658a>] __kasan_check_write+0x14/0x1c mm/kasan/shadow.c:37 [<ffffffff82f40416>] instrument_atomic_read_write include/linux/instrumented.h:101 [inline] [<ffffffff82f40416>] atomic_fetch_add_relaxed include/linux/atomic/atomic-instrumented.h:116 [inline] [<ffffffff82f40416>] __refcount_add include/linux/refcount.h:193 [inline] [<ffffffff82f40416>] __refcount_inc include/linux/refcount.h:250 [inline] [<ffffffff82f40416>] refcount_inc include/linux/refcount.h:267 [inline] [<ffffffff82f40416>] sctp_chunk_hold+0x26/0xb4 net/sctp/sm_make_chunk.c:1523 [<ffffffff82f1dd7c>] sctp_sf_send_reconf+0x78/0x2c4 net/sctp/sm_statefuns.c:1105 [<ffffffff82f2a2fa>] sctp_do_sm+0x15c/0x2ef4 net/sctp/sm_sideeffect.c:1163 [<ffffffff82f2d95c>] sctp_generate_reconf_event+0x196/0x23e net/sctp/sm_sideeffect.c:461 [<ffffffff8016988e>] call_timer_fn+0x164/0x698 kernel/time/timer.c:1421 [<ffffffff8016a246>] expire_timers kernel/time/timer.c:1466 [inline] [<ffffffff8016a246>] __run_timers.part.0+0x484/0x4e6 kernel/time/timer.c:1734 [<ffffffff8016a32e>] __run_timers kernel/time/timer.c:1715 [inline] [<ffffffff8016a32e>] run_timer_softirq+0x86/0x100 kernel/time/timer.c:1747 [<ffffffff831b082c>] __do_softirq+0x274/0x8fc kernel/softirq.c:558 [<ffffffff80061288>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] [<ffffffff80061288>] invoke_softirq kernel/softirq.c:439 [inline] [<ffffffff80061288>] __irq_exit_rcu+0x142/0x1f8 kernel/softirq.c:637 [<ffffffff80061596>] irq_exit+0x10/0x7a kernel/softirq.c:661 [<ffffffff831a1a2c>] generic_handle_arch_irq+0x48/0x54 kernel/irq/handle.c:240 [<ffffffff80005724>] ret_from_exception+0x0/0x10 [<ffffffff801165c2>] lockdep_recursion_finish kernel/locking/lockdep.c:438 [inline] [<ffffffff801165c2>] lock_acquire.part.0+0x210/0x424 kernel/locking/lockdep.c:5641 ================================================================== Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 Oops [#1] Modules linked in: CPU: 1 PID: 3399 Comm: kworker/1:3 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) Workqueue: events_power_efficient wg_ratelimiter_gc_entries epc : arch_atomic_fetch_add_relaxed arch/riscv/include/asm/atomic.h:138 [inline] epc : atomic_fetch_add_relaxed include/linux/atomic/atomic-instrumented.h:117 [inline] epc : __refcount_add include/linux/refcount.h:193 [inline] epc : __refcount_inc include/linux/refcount.h:250 [inline] epc : refcount_inc include/linux/refcount.h:267 [inline] epc : sctp_chunk_hold+0x28/0xb4 net/sctp/sm_make_chunk.c:1523 ra : instrument_atomic_read_write include/linux/instrumented.h:101 [inline] ra : atomic_fetch_add_relaxed include/linux/atomic/atomic-instrumented.h:116 [inline] ra : __refcount_add include/linux/refcount.h:193 [inline] ra : __refcount_inc include/linux/refcount.h:250 [inline] ra : refcount_inc include/linux/refcount.h:267 [inline] ra : sctp_chunk_hold+0x26/0xb4 net/sctp/sm_make_chunk.c:1523 epc : ffffffff82f40418 ra : ffffffff82f40416 sp : ffffaf800f00f160 gp : ffffffff85863ac0 tp : ffffaf8009af1840 t0 : ffffffff86bcb657 t1 : fffff5ef0b53c90c t2 : 0000000000000000 s0 : ffffaf800f00f190 s1 : ffffaf8011507000 a0 : 0000000000000000 a1 : 0000000000000001 a2 : 1ffff5f00135e309 a3 : ffffffff831afd3a a4 : 0000000000000000 a5 : ffffaf8009af2840 a6 : 0000000000f00000 a7 : ffffaf805a9e4863 s2 : ffffaf800f00f2b0 s3 : 0000000000000010 s4 : ffffaf80114b3000 s5 : 0000000000001000 s6 : 0000000000000000 s7 : ffffaf80114f0000 s8 : 0000000000000002 s9 : 0000000000000101 s10: ffffaf8011506000 s11: ffffaf80114b3000 t3 : 0000000061736944 t4 : fffff5ef0b53c90c t5 : fffff5ef0b53c90d t6 : ffffaf800f00eb98 status: 0000000000000120 badaddr: 0000000000000010 cause: 000000000000000f [<ffffffff82f1dd7c>] sctp_sf_send_reconf+0x78/0x2c4 net/sctp/sm_statefuns.c:1105 [<ffffffff82f2a2fa>] sctp_do_sm+0x15c/0x2ef4 net/sctp/sm_sideeffect.c:1163 [<ffffffff82f2d95c>] sctp_generate_reconf_event+0x196/0x23e net/sctp/sm_sideeffect.c:461 [<ffffffff8016988e>] call_timer_fn+0x164/0x698 kernel/time/timer.c:1421 [<ffffffff8016a246>] expire_timers kernel/time/timer.c:1466 [inline] [<ffffffff8016a246>] __run_timers.part.0+0x484/0x4e6 kernel/time/timer.c:1734 [<ffffffff8016a32e>] __run_timers kernel/time/timer.c:1715 [inline] [<ffffffff8016a32e>] run_timer_softirq+0x86/0x100 kernel/time/timer.c:1747 [<ffffffff831b082c>] __do_softirq+0x274/0x8fc kernel/softirq.c:558 [<ffffffff80061288>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] [<ffffffff80061288>] invoke_softirq kernel/softirq.c:439 [inline] [<ffffffff80061288>] __irq_exit_rcu+0x142/0x1f8 kernel/softirq.c:637 [<ffffffff80061596>] irq_exit+0x10/0x7a kernel/softirq.c:661 [<ffffffff831a1a2c>] generic_handle_arch_irq+0x48/0x54 kernel/irq/handle.c:240 [<ffffffff80005724>] ret_from_exception+0x0/0x10 [<ffffffff801165c2>] lockdep_recursion_finish kernel/locking/lockdep.c:438 [inline] [<ffffffff801165c2>] lock_acquire.part.0+0x210/0x424 kernel/locking/lockdep.c:5641 ---[ end trace 0000000000000000 ]---
| Manager | Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ci-qemu2-riscv64 | 2023/01/15 09:32 | git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes | 0966d385830d | a63719e7 | .config | console log | report | info | KASAN: null-ptr-deref Write in sctp_chunk_hold | |||
| ci-qemu2-riscv64 | 2023/01/14 19:58 | git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes | 0966d385830d | a63719e7 | .config | console log | report | info | KASAN: null-ptr-deref Write in sctp_chunk_hold |