syzbot

 sign-in | mailing list | source | docs
🐞 Open [976] 🐞 Fixed [3872] 🐞 Invalid [8356] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

BUG: unable to handle kernel NULL pointer dereference in corrupted (5)

Status: upstream: reported C repro on 2020/03/14 06:37
Reported-by: syzbot+8b0e78e390d1715b0f4e@syzkaller.appspotmail.com
First crash: 844d, last: 834d

Cause bisection: introduced by (bisect log) :
commit 271213ef4d0d3a3b80d4cf95c5f2bebb5643e666
Author: Takashi Iwai <tiwai@suse.de>
Date: Tue Dec 10 06:34:50 2019 +0000

  ALSA: pcxhr: Support PCM sync_stop

Crash: KASAN: vmalloc-out-of-bounds Read in srcu_invoke_callbacks (log)
Repro: C syz .config

Fix bisection: failed (bisect log)
similar bugs (7):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-54 BUG: unable to handle kernel NULL pointer dereference in corrupted C 183 7d22h 572d 0/2 upstream: reported C repro on 2020/12/07 19:36
linux-4.19 BUG: unable to handle kernel NULL pointer dereference in corrupted C done 6 403d 985d 1/1 fixed on 2021/06/24 20:09
upstream BUG: unable to handle kernel NULL pointer dereference in corrupted (4) syz done done 1 1104d 1103d 13/22 fixed on 2019/08/27 17:15
upstream BUG: unable to handle kernel NULL pointer dereference in corrupted (3) C 1 1272d 1272d 12/22 fixed on 2019/03/06 07:43
linux-4.14 BUG: unable to handle kernel NULL pointer dereference in corrupted C inconclusive 3 752d 992d 0/1 upstream: reported C repro on 2019/10/14 10:06
upstream BUG: unable to handle kernel NULL pointer dereference in corrupted (2) C 1 1446d 1446d 9/22 fixed on 2018/08/07 13:43
upstream BUG: unable to handle kernel NULL pointer dereference in corrupted C 5 1485d 1485d 9/22 fixed on 2018/07/09 18:05

Sample crash report:
BUG: kernel NULL pointer dereference, address: 0000000000000086
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 913ae067 P4D 913ae067 PUD 92f95067 PMD 0 
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8742 Comm: syz-executor543 Not tainted 5.6.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:0x86
Code: Bad RIP value.
RSP: 0018:ffffc900021d7998 EFLAGS: 00010086
RAX: ffffc900021d79c8 RBX: fffffe0000000000 RCX: ffff88809d522500
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000ec0 R08: ffffffff83987263 R09: ffffffff811c7eca
R10: ffff88809d522500 R11: 0000000000000002 R12: dffffc0000000000
R13: fffffe0000000ec8 R14: ffffffff880016f0 R15: fffffe0000000ecb
FS:  00000000021c0880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000005c CR3: 0000000095b79000 CR4: 00000000001426e0
Call Trace:
Modules linked in:
CR2: 0000000000000086
---[ end trace 88183239d3f1335b ]---
RIP: 0010:0x86
Code: Bad RIP value.
RSP: 0018:ffffc900021d7998 EFLAGS: 00010086
RAX: ffffc900021d79c8 RBX: fffffe0000000000 RCX: ffff88809d522500
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
RBP: 0000000000000ec0 R08: ffffffff83987263 R09: ffffffff811c7eca
R10: ffff88809d522500 R11: 0000000000000002 R12: dffffc0000000000
R13: fffffe0000000ec8 R14: ffffffff880016f0 R15: fffffe0000000ecb
FS:  00000000021c0880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000000005c CR3: 0000000095b79000 CR4: 00000000001426e0

Crashes (3):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-smack-root 2020/03/20 09:58 upstream cd607737f3b8 2c31c529 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/03/20 01:55 upstream cd607737f3b8 2c31c529 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/03/10 06:26 upstream 30bb5572ce7a 35f53e45 .config log report syz C