BUG: unable to handle kernel NULL pointer dereference in write_port

reported before (https://lkml.org/lkml/2018/5/12/91) Crash log = BUG: unable to handle kernel NULL pointer dereference at 00af PGD 800092c1a067 P4D 800092c1a067 PUD 93a74067 PMD 0 Oops: 0002 [#1] SMP PTI CPU: 0 PID: 6651 Comm: syz

Re: BUG: unable to handle kernel NULL pointer dereference in __do_page_cache_readahead

Opts: dax,,errors=continue > EXT4-fs (sda1): DAX enabled. Warning: EXPERIMENTAL, use at your own risk > EXT4-fs (sda1): warning: refusing change of dax flag with busy inodes while > remounting > EXT4-fs (sda1): re-mounted. Opts: dax,,errors=continue > BUG: unable to handle kernel NULL p

Re: BUG: unable to handle kernel NULL pointer dereference in __do_page_cache_readahead

Opts: dax,,errors=continue > EXT4-fs (sda1): DAX enabled. Warning: EXPERIMENTAL, use at your own risk > EXT4-fs (sda1): warning: refusing change of dax flag with busy inodes while > remounting > EXT4-fs (sda1): re-mounted. Opts: dax,,errors=continue > BUG: unable to handle kernel NULL p

BUG: unable to handle kernel NULL pointer dereference in __do_page_cache_readahead

of dax flag with busy inodes while remounting EXT4-fs (sda1): re-mounted. Opts: dax,,errors=continue BUG: unable to handle kernel NULL pointer dereference at PGD 1cf0bc067 P4D 1cf0bc067 PUD 1c8d95067 PMD 0 Oops: 0010 [#1] PREEMPT SMP KASAN CPU: 1 PID: 9112 Comm: syz-executor2

BUG: unable to handle kernel NULL pointer dereference in __do_page_cache_readahead

of dax flag with busy inodes while remounting EXT4-fs (sda1): re-mounted. Opts: dax,,errors=continue BUG: unable to handle kernel NULL pointer dereference at PGD 1cf0bc067 P4D 1cf0bc067 PUD 1c8d95067 PMD 0 Oops: 0010 [#1] PREEMPT SMP KASAN CPU: 1 PID: 9112 Comm: syz-executor2

[lkp-robot] [confidence: ] e181ae0c5d [ 0.000000] BUG: unable to handle kernel NULL pointer dereference at 00000000

00] node 0: [mem 0x1000-0x0009efff] [0.00] node 0: [mem 0x0010-0x0ffd1fff] [0.000000] BUG: unable to handle kernel NULL pointer dereference at [0.00] *pde = [0.00] Oops: 0002 [#1] [0.00] CPU: 0 PID: 0 Comm:

[lkp-robot] [confidence: ] e181ae0c5d [ 0.000000] BUG: unable to handle kernel NULL pointer dereference at 00000000

00] node 0: [mem 0x1000-0x0009efff] [0.00] node 0: [mem 0x0010-0x0ffd1fff] [0.000000] BUG: unable to handle kernel NULL pointer dereference at [0.00] *pde = [0.00] Oops: 0002 [#1] [0.00] CPU: 0 PID: 0 Comm:

Re: BUG: unable to handle kernel NULL pointer dereference in corrupted (2)

te in parallel > random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read (32 bytes read) > IPVS: ftp: loaded support

Re: BUG: unable to handle kernel NULL pointer dereference in corrupted (2)

te in parallel > random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read (32 bytes read) > IPVS: ftp: loaded support

BUG: unable to handle kernel NULL pointer dereference in corrupted (2)

) random: sshd: uninitialized urandom read (32 bytes read) IPVS: ftp: loaded support on port[0] = 21 BUG: unable to handle kernel NULL pointer dereference at 0072 == PGD 1acfe1067 BUG: KASAN: stack-out-of-bounds

BUG: unable to handle kernel NULL pointer dereference in corrupted (2)

) random: sshd: uninitialized urandom read (32 bytes read) IPVS: ftp: loaded support on port[0] = 21 BUG: unable to handle kernel NULL pointer dereference at 0072 == PGD 1acfe1067 BUG: KASAN: stack-out-of-bounds

Re: BUG: unable to handle kernel NULL pointer dereference in ep_item_poll

bytes read) random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) BUG: unable to handle kernel NULL pointer dereference at PGD 1ab51a067 P4D 1ab51a067 PUD 1ab510067 PMD 0 Oops: 0010 [#1] SMP KASAN CPU: 0 PID: 4552 Comm: syz

Re: BUG: unable to handle kernel NULL pointer dereference in ep_item_poll

bytes read) random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) BUG: unable to handle kernel NULL pointer dereference at PGD 1ab51a067 P4D 1ab51a067 PUD 1ab510067 PMD 0 Oops: 0010 [#1] SMP KASAN CPU: 0 PID: 4552 Comm: syz

BUG: unable to handle kernel NULL pointer dereference in ep_item_poll

+57727883dbad76db2...@syzkaller.appspotmail.com device lo entered promiscuous mode device lo left promiscuous mode BUG: unable to handle kernel NULL pointer dereference at PGD 1ccf13067 P4D 1ccf13067 PUD 1bc558067 PMD 0 Oops: 0010 [#1] SMP KASAN CPU: 1 PID: 13288 Comm: syz-executor0

BUG: unable to handle kernel NULL pointer dereference in ep_item_poll

+57727883dbad76db2...@syzkaller.appspotmail.com device lo entered promiscuous mode device lo left promiscuous mode BUG: unable to handle kernel NULL pointer dereference at PGD 1ccf13067 P4D 1ccf13067 PUD 1bc558067 PMD 0 Oops: 0010 [#1] SMP KASAN CPU: 1 PID: 13288 Comm: syz-executor0

BUG: unable to handle kernel NULL pointer dereference in do_select

+cdb0d3176b53d35ad...@syzkaller.appspotmail.com netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'. kvm [7726]: vcpu0, guest rIP: 0x9166 disabled perfctr wrmsr: 0xc1 data 0xb8 BUG: unable to handle kernel NULL pointer dereference at PGD 1b10e9067 P4D 1b10e9067

BUG: unable to handle kernel NULL pointer dereference in do_sys_poll

) random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) BUG: unable to handle kernel NULL pointer dereference at PGD 1aec04067 P4D 1aec04067 PUD 1aed28067 PMD 0 Oops: 0010 [#1] SMP KASAN CPU: 0 PID: 4522 Comm: syz-executor146

BUG: unable to handle kernel NULL pointer dereference in do_sys_poll

) random: sshd: uninitialized urandom read (32 bytes read) random: sshd: uninitialized urandom read (32 bytes read) BUG: unable to handle kernel NULL pointer dereference at PGD 1aec04067 P4D 1aec04067 PUD 1aed28067 PMD 0 Oops: 0010 [#1] SMP KASAN CPU: 0 PID: 4522 Comm: syz-executor146

BUG: unable to handle kernel NULL pointer dereference in do_select

+cdb0d3176b53d35ad...@syzkaller.appspotmail.com netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'. kvm [7726]: vcpu0, guest rIP: 0x9166 disabled perfctr wrmsr: 0xc1 data 0xb8 BUG: unable to handle kernel NULL pointer dereference at PGD 1b10e9067 P4D 1b10e9067

Re: [lkp-robot] [bisect done] ef1433f717 [ 7.049860] BUG: unable to handle kernel NULL pointer dereference at 0000004c

On Wednesday 27 June 2018 03:56 PM, Lorenzo Pieralisi wrote: > On Tue, Jun 26, 2018 at 04:15:01PM -0500, Bjorn Helgaas wrote: >> On Tue, Jun 26, 2018 at 09:10:07AM +0800, kernel test robot wrote: >>> >>> Greetings, >>> >>> 0day kernel testing robot got the below dmesg and the first bad commit

Re: [lkp-robot] [bisect done] ef1433f717 [ 7.049860] BUG: unable to handle kernel NULL pointer dereference at 0000004c

On Wednesday 27 June 2018 03:56 PM, Lorenzo Pieralisi wrote: > On Tue, Jun 26, 2018 at 04:15:01PM -0500, Bjorn Helgaas wrote: >> On Tue, Jun 26, 2018 at 09:10:07AM +0800, kernel test robot wrote: >>> >>> Greetings, >>> >>> 0day kernel testing robot got the below dmesg and the first bad commit

Re: [lkp-robot] [bisect done] ef1433f717 [ 7.049860] BUG: unable to handle kernel NULL pointer dereference at 0000004c

On Tue, Jun 26, 2018 at 04:15:01PM -0500, Bjorn Helgaas wrote: > On Tue, Jun 26, 2018 at 09:10:07AM +0800, kernel test robot wrote: > > > > Greetings, > > > > 0day kernel testing robot got the below dmesg and the first bad commit is > > > >

Re: [lkp-robot] [bisect done] ef1433f717 [ 7.049860] BUG: unable to handle kernel NULL pointer dereference at 0000004c

On Tue, Jun 26, 2018 at 04:15:01PM -0500, Bjorn Helgaas wrote: > On Tue, Jun 26, 2018 at 09:10:07AM +0800, kernel test robot wrote: > > > > Greetings, > > > > 0day kernel testing robot got the below dmesg and the first bad commit is > > > >

Re: [lkp-robot] [bisect done] ef1433f717 [ 7.049860] BUG: unable to handle kernel NULL pointer dereference at 0000004c

On Tue, Jun 26, 2018 at 09:10:07AM +0800, kernel test robot wrote: > > Greetings, > > 0day kernel testing robot got the below dmesg and the first bad commit is > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master > > commit ef1433f717a2c63747a519d86965d73ff9bd08b3 >

Re: [lkp-robot] [bisect done] ef1433f717 [ 7.049860] BUG: unable to handle kernel NULL pointer dereference at 0000004c

On Tue, Jun 26, 2018 at 09:10:07AM +0800, kernel test robot wrote: > > Greetings, > > 0day kernel testing robot got the below dmesg and the first bad commit is > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master > > commit ef1433f717a2c63747a519d86965d73ff9bd08b3 >

[lkp-robot] [bisect done] ef1433f717 [ 7.049860] BUG: unable to handle kernel NULL pointer dereference at 0000004c

2c_combine: 8373 self tests passed [7.038731] cpqphp: Compaq Hot Plug PCI Controller Driver version: 0.9.8 [7.039375] switchtec: loaded. [7.049860] BUG: unable to handle kernel NULL pointer dereference at 004c [7.050604] *pdpt = *pde = f000ff53f000ff53 [7.05

[lkp-robot] [bisect done] ef1433f717 [ 7.049860] BUG: unable to handle kernel NULL pointer dereference at 0000004c

2c_combine: 8373 self tests passed [7.038731] cpqphp: Compaq Hot Plug PCI Controller Driver version: 0.9.8 [7.039375] switchtec: loaded. [7.049860] BUG: unable to handle kernel NULL pointer dereference at 004c [7.050604] *pdpt = *pde = f000ff53f000ff53 [7.05

BUG: unable to handle kernel NULL pointer dereference in vmx_set_msr

+405a50b23dd790f60...@syzkaller.appspotmail.com BUG: unable to handle kernel NULL pointer dereference at PGD 1890f1067 P4D 1890f1067 PUD 1890f2067 PMD 0 netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. Oops: 0010 [#1] SMP KASAN CPU: 0 PID: 12381 Comm: syz

BUG: unable to handle kernel NULL pointer dereference in vmx_set_msr

+405a50b23dd790f60...@syzkaller.appspotmail.com BUG: unable to handle kernel NULL pointer dereference at PGD 1890f1067 P4D 1890f1067 PUD 1890f2067 PMD 0 netlink: 8 bytes leftover after parsing attributes in process `syz-executor0'. Oops: 0010 [#1] SMP KASAN CPU: 0 PID: 12381 Comm: syz

Re: BUG: unable to handle kernel NULL pointer dereference in corrupted

gt; random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read

Re: BUG: unable to handle kernel NULL pointer dereference in corrupted

gt; random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read (32 bytes read) > random: sshd: uninitialized urandom read

Re: [lustre_init] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004

45c5ca4d1d45b1de2541fe34b8f100 (staging: lustre: libcfs: use dynamic minors for /dev/{lnet, obd}) from the staging-test branch to see if it resolves your problems? > [ 54.236561] BUG: unable to handle kernel NULL pointer dereference at > 0004 > [ 54.237836] PGD 0 P4D 0 >

Re: [lustre_init] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004

45c5ca4d1d45b1de2541fe34b8f100 (staging: lustre: libcfs: use dynamic minors for /dev/{lnet, obd}) from the staging-test branch to see if it resolves your problems? > [ 54.236561] BUG: unable to handle kernel NULL pointer dereference at > 0004 > [ 54.237836] PGD 0 P4D 0 >

Re: [llc_ui_release] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004

082415] BUG: unable to handle kernel NULL pointer dereference at 0004 I think this is fixed by commit 3a04ce7130a7 ("llc: fix NULL pointer deref for SOCK_ZAPPED") Confirmed. Sorry for the late report! Regards, Fengguang

Re: [llc_ui_release] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004

kernel NULL pointer dereference at 0004 I think this is fixed by commit 3a04ce7130a7 ("llc: fix NULL pointer deref for SOCK_ZAPPED") Confirmed. Sorry for the late report! Regards, Fengguang

Re: [llc_ui_release] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004

main] Generating file descriptors > [main] Added 83 filenames from /dev > udevd[507]: failed to execute '/sbin/modprobe' '/sbin/modprobe -bv platform:regulatory': No such file or directory > [ 372.057947] caif:caif_disconnect_client(): nothing to disconnect > [ 372.082415] BUG: unable to handl

Re: [llc_ui_release] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004

t; [main] Added 83 filenames from /dev > udevd[507]: failed to execute '/sbin/modprobe' '/sbin/modprobe -bv platform:regulatory': No such file or directory > [ 372.057947] caif:caif_disconnect_client(): nothing to disconnect > [ 372.082415] BUG: unable to handle kernel NULL pointer derefer

Re: [cfs_trace_lock_tcd] BUG: unable to handle kernel NULL pointer dereference at 00000050

Hi James, On Wed, Apr 18, 2018 at 02:59:15PM +0100, James Simmons wrote: Hello, FYI this happens in mainline kernel 4.17.0-rc1. It looks like a new regression. [7.587002] lnet_selftest_init+0x2c4/0x5d9: lnet_selftest_init at

Re: [cfs_trace_lock_tcd] BUG: unable to handle kernel NULL pointer dereference at 00000050

Hi James, On Wed, Apr 18, 2018 at 02:59:15PM +0100, James Simmons wrote: Hello, FYI this happens in mainline kernel 4.17.0-rc1. It looks like a new regression. [7.587002] lnet_selftest_init+0x2c4/0x5d9: lnet_selftest_init at

Re: [cfs_trace_lock_tcd] BUG: unable to handle kernel NULL pointer dereference at 00000050

> Hello, > > FYI this happens in mainline kernel 4.17.0-rc1. > It looks like a new regression. > > [7.587002] lnet_selftest_init+0x2c4/0x5d9: > lnet_selftest_init at > drivers/staging/lustre/lnet/selftest/module.c:134 > [7.587002] ?

Re: [cfs_trace_lock_tcd] BUG: unable to handle kernel NULL pointer dereference at 00000050

> Hello, > > FYI this happens in mainline kernel 4.17.0-rc1. > It looks like a new regression. > > [7.587002] lnet_selftest_init+0x2c4/0x5d9: > lnet_selftest_init at > drivers/staging/lustre/lnet/selftest/module.c:134 > [7.587002] ?

[per_cpu_ptr_to_phys] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000

earlyprintk=ttyS0,115200 co [0.00] sysrq: sysrq always enabled. [0.00] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes) [0.00] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes) [0.00] BUG: unable to handle kernel NULL pointer dereference

[per_cpu_ptr_to_phys] BUG: unable to handle kernel NULL pointer dereference at 0000000000000000

earlyprintk=ttyS0,115200 co [0.00] sysrq: sysrq always enabled. [0.00] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes) [0.00] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes) [0.00] BUG: unable to handle kernel NULL pointer dereference

[cfs_trace_lock_tcd] BUG: unable to handle kernel NULL pointer dereference at 00000050

://www.comedi.org [6.528851] LNetError: 1:0:(module.c:546:libcfs_init()) misc_register: error -16 [7.220272] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input3 [7.586283] BUG: unable to handle kernel NULL pointer dereference at 0050 [7.586962] *pdpt

[cfs_trace_lock_tcd] BUG: unable to handle kernel NULL pointer dereference at 00000050

://www.comedi.org [6.528851] LNetError: 1:0:(module.c:546:libcfs_init()) misc_register: error -16 [7.220272] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input3 [7.586283] BUG: unable to handle kernel NULL pointer dereference at 0050 [7.586962] *pdpt

Re: BUG: unable to handle kernel NULL pointer dereference in sha512_mb_mgr_get_comp_job_avx2

output is attached. > > syzkaller reproducer is attached. See https://goo.gl/kgGztJ > for information about syzkaller reproducers > > > BUG: unable to handle kernel NULL pointer dereference at c58b0b19 > IP: sha512_mb_mgr_get_comp_job_avx2+0x6e/0xee > arch/x86/crypt

Re: BUG: unable to handle kernel NULL pointer dereference in sha512_mb_mgr_get_comp_job_avx2

output is attached. > > syzkaller reproducer is attached. See https://goo.gl/kgGztJ > for information about syzkaller reproducers > > > BUG: unable to handle kernel NULL pointer dereference at c58b0b19 > IP: sha512_mb_mgr_get_comp_job_avx2+0x6e/0xee > arch/x86/crypt

Re: BUG: unable to handle kernel NULL pointer dereference in __crypto_register_alg

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > netlink: 'syz-executor4': attribute type 29 has an invalid length. > BUG: unable to handle kernel NULL pointer dereference at 0020 > IP: __crypt

Re: BUG: unable to handle kernel NULL pointer dereference in __crypto_register_alg

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > netlink: 'syz-executor4': attribute type 29 has an invalid length. > BUG: unable to handle kernel NULL pointer dereference at 0020 > IP: __crypt

Re: BUG: unable to handle kernel NULL pointer dereference in page_mapping

zkaller713832" path="/root/syzkaller713832919" dev="sda1" > ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 > tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 > BUG: unable to handle kernel NULL pointer dereference a

Re: BUG: unable to handle kernel NULL pointer dereference in page_mapping

zkaller713832" path="/root/syzkaller713832919" dev="sda1" > ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 > tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 > BUG: unable to handle kernel NULL pointer dereference a

Re: BUG: unable to handle kernel NULL pointer dereference in sctp_stream_free

t;free(stream); > > > kfree(stream->out); > > > stream->out = NULL; > > > + stream->outcnt = 0; > > > out: > > > return ret; > > > } > > > > In case it can't be verified due to no reprod

Re: BUG: unable to handle kernel NULL pointer dereference in sctp_stream_free

kfree(stream->out); > > > stream->out = NULL; > > > + stream->outcnt = 0; > > > out: > > > return ret; > > > } > > > > In case it can't be verified due to no reproducer yet, I modified some > > code

Re: BUG: unable to handle kernel NULL pointer dereference in binder_poll

4 RSI: 0001 RDI: 0003 > RBP: 0005 R08: 0001 R09: 0032 > R10: 207a6000 R11: 0246 R12: 00401e60 > R13: 00401ef0 R14: 00000000 R15: 0000 > BUG: unable to handle kernel NULL point

Re: BUG: unable to handle kernel NULL pointer dereference in binder_poll

4 RSI: 0001 RDI: 0003 > RBP: 0005 R08: 0001 R09: 0032 > R10: 207a6000 R11: 0246 R12: 00401e60 > R13: 00401ef0 R14: 00000000 R15: 0000 > BUG: unable to handle kernel NULL point

Re: BUG: unable to handle kernel NULL pointer dereference in free_pipe_info

; >> 6084b576dca2e898f5c101baef151f7bfdbb606d > >> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master > >> compiler: gcc (GCC) 7.1.1 20170620 > >> .config is attached > >> Raw console output is attached. > >> > >> Unfo

Re: BUG: unable to handle kernel NULL pointer dereference in free_pipe_info

; >> 6084b576dca2e898f5c101baef151f7bfdbb606d > >> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master > >> compiler: gcc (GCC) 7.1.1 20170620 > >> .config is attached > >> Raw console output is attached. > >> > >> Unfo

Re: BUG: unable to handle kernel NULL pointer dereference in free_pipe_info

.git/master >> compiler: gcc (GCC) 7.1.1 20170620 >> .config is attached >> Raw console output is attached. >> >> Unfortunately, I don't have any reproducer for this bug yet. >> >> >> BUG: unable to handle kernel NULL pointer dereference at

Re: BUG: unable to handle kernel NULL pointer dereference in free_pipe_info

.git/master >> compiler: gcc (GCC) 7.1.1 20170620 >> .config is attached >> Raw console output is attached. >> >> Unfortunately, I don't have any reproducer for this bug yet. >> >> >> BUG: unable to handle kernel NULL pointer dereference at

Re: BUG: unable to handle kernel NULL pointer dereference in crypto_destroy_tfm

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > BUG: unable to handle kernel NULL pointer dereference at 0188 > IP: crypto_destroy_tfm+0x9f/0xf0 crypto/api.c:577 > PGD 0 P4D 0 > Oops: [#1]

Re: BUG: unable to handle kernel NULL pointer dereference in crypto_destroy_tfm

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > BUG: unable to handle kernel NULL pointer dereference at 0188 > IP: crypto_destroy_tfm+0x9f/0xf0 crypto/api.c:577 > PGD 0 P4D 0 > Oops: [#1]

Re: BUG: unable to handle kernel NULL pointer dereference in sctp_stream_free

ucer yet, I modified some > code in sctp_stream_init() to confirm Marcelo's deduction: > - i = sctp_stream_alloc_in(stream, incnt, gfp); > + i = 1; > if (i) { > ret = -ENOMEM; > goto free; > > And got the same call trace as the

Re: BUG: unable to handle kernel NULL pointer dereference in sctp_stream_free

sctp_stream_init() to confirm Marcelo's deduction: > - i = sctp_stream_alloc_in(stream, incnt, gfp); > + i = 1; > if (i) { > ret = -ENOMEM; > goto free; > > And got the same call trace as the mail: > > [ 301.

Re: BUG: unable to handle kernel NULL pointer dereference in sctp_cmp_addr_exact

:23660 DecRefs 0 refcount change on invalid ref 4 ret -22 > > binder: 23647:23660 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 > > binder: 23647:23660 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 > > binder: 23647:23660 got reply transaction with no transaction stack > > binder: 23647:23660 tra

Re: BUG: unable to handle kernel NULL pointer dereference in sctp_cmp_addr_exact

:23660 DecRefs 0 refcount change on invalid ref 4 ret -22 > > binder: 23647:23660 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0 > > binder: 23647:23660 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 > > binder: 23647:23660 got reply transaction with no transaction stack > > binder: 23647:23660 tra

Re: [rds-devel] BUG: unable to handle kernel NULL pointer dereference in rds_send_xmit

On (01/30/18 14:22), Eric Biggers wrote: > > I assume you weren't able to reproduce this? This crash hasn't been > seen again, : > I am invalidating the bug for syzbot so it will report the same crash > signature > again if it occurs, but if you think there is a real bug feel free to keep >

Re: [rds-devel] BUG: unable to handle kernel NULL pointer dereference in rds_send_xmit

On (01/30/18 14:22), Eric Biggers wrote: > > I assume you weren't able to reproduce this? This crash hasn't been > seen again, : > I am invalidating the bug for syzbot so it will report the same crash > signature > again if it occurs, but if you think there is a real bug feel free to keep >

Re: [rds-devel] BUG: unable to handle kernel NULL pointer dereference in rds_send_xmit

On Mon, Dec 18, 2017 at 12:22:51PM -0500, Sowmini Varadhan wrote: > > From: Santosh Shilimkar > > Date: Mon, 18 Dec 2017 08:28:05 -0800 > : > > > Looks like another one tripping on empty transport. Mostly below > > > should > > > address it but we will test it if

Re: [rds-devel] BUG: unable to handle kernel NULL pointer dereference in rds_send_xmit

On Mon, Dec 18, 2017 at 12:22:51PM -0500, Sowmini Varadhan wrote: > > From: Santosh Shilimkar > > Date: Mon, 18 Dec 2017 08:28:05 -0800 > : > > > Looks like another one tripping on empty transport. Mostly below > > > should > > > address it but we will test it if it does. > > that was my first

Re: BUG: unable to handle kernel NULL pointer dereference in inet6_fill_ifinfo

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > BUG: unable to handle kernel NULL pointer dereference at 022c > IP: inet6_fill_ifinfo+0x8e/0x2c0 net/ipv6/addrconf.c:5357 > PGD 1dffd8067 P4D 1dffd8

Re: BUG: unable to handle kernel NULL pointer dereference in inet6_fill_ifinfo

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > BUG: unable to handle kernel NULL pointer dereference at 022c > IP: inet6_fill_ifinfo+0x8e/0x2c0 net/ipv6/addrconf.c:5357 > PGD 1dffd8067 P4D 1dffd8

Re: BUG: unable to handle kernel NULL pointer dereference in snmp6_unregister_dev

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > BUG: unable to handle kernel NULL pointer dereference at 0578 > IP: read_pnet include/net/net_namespace.h:270 [inline] > IP: dev_net

Re: BUG: unable to handle kernel NULL pointer dereference in snmp6_unregister_dev

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > BUG: unable to handle kernel NULL pointer dereference at 0578 > IP: read_pnet include/net/net_namespace.h:270 [inline] > IP: dev_net

Re: BUG: unable to handle kernel NULL pointer dereference in free_pipe_info

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > BUG: unable to handle kernel NULL pointer dereference at 002f > IP: pipe_buf_release include/linux/pipe_fs_i.h:136 [inline] > IP: free_pipe_inf

Re: BUG: unable to handle kernel NULL pointer dereference in free_pipe_info

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > BUG: unable to handle kernel NULL pointer dereference at 002f > IP: pipe_buf_release include/linux/pipe_fs_i.h:136 [inline] > IP: free_pipe_inf

Re: BUG: unable to handle kernel NULL pointer dereference in ip_mc_up

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > netlink: 29 bytes leftover after parsing attributes in process > `syz-executor2'. > device eql entered promiscuous mode > BUG: unable to handle kernel N

Re: BUG: unable to handle kernel NULL pointer dereference in ip_mc_up

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > netlink: 29 bytes leftover after parsing attributes in process > `syz-executor2'. > device eql entered promiscuous mode > BUG: unable to handle kernel N

Re: BUG: unable to handle kernel NULL pointer dereference in tc_fill_qdisc

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > BUG: unable to handle kernel NULL pointer dereference at (null) > IP: qdisc_dev include/net/sch_generic.h:379 [inline] > IP: tc_fill_qdisc+0xc8/0x4b

Re: BUG: unable to handle kernel NULL pointer dereference in tc_fill_qdisc

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > BUG: unable to handle kernel NULL pointer dereference at (null) > IP: qdisc_dev include/net/sch_generic.h:379 [inline] > IP: tc_fill_qdisc+0xc8/0x4b

Re: BUG: unable to handle kernel NULL pointer dereference in qdisc_match_from_root

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > netlink: 1 bytes leftover after parsing attributes in process > `syz-executor6'. > BUG: unable to handle kernel NULL pointer dereference at (null)

Re: BUG: unable to handle kernel NULL pointer dereference in qdisc_match_from_root

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > netlink: 1 bytes leftover after parsing attributes in process > `syz-executor6'. > BUG: unable to handle kernel NULL pointer dereference at (null)

Re: BUG: unable to handle kernel NULL pointer dereference in blk_throtl_update_limit_valid

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > netlink: 14 bytes leftover after parsing attributes in process > `syz-executor6'. > BUG: unable to handle kernel NULL pointer dereference at 0098 >

Re: BUG: unable to handle kernel NULL pointer dereference in blk_throtl_update_limit_valid

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > netlink: 14 bytes leftover after parsing attributes in process > `syz-executor6'. > BUG: unable to handle kernel NULL pointer dereference at 0098 >

Re: BUG: unable to handle kernel NULL pointer dereference in binder_deferred_func

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > binder: 5029:5034 got transaction to invalid handle > binder: 5029:5034 transaction failed 29201/-22, size 0-56 line 2832 > binder: undelivered TRANSACTION_ERR

Re: BUG: unable to handle kernel NULL pointer dereference in binder_deferred_func

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > binder: 5029:5034 got transaction to invalid handle > binder: 5029:5034 transaction failed 29201/-22, size 0-56 line 2832 > binder: undelivered TRANSACTION_ERR

Re: BUG: unable to handle kernel NULL pointer dereference in ipv6_get_lladdr

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > device lo entered promiscuous mode > device lo left promiscuous mode > BUG: unable to handle kernel NULL pointer dereference at 0328 > IP: __rea

Re: BUG: unable to handle kernel NULL pointer dereference in ipv6_get_lladdr

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > device lo entered promiscuous mode > device lo left promiscuous mode > BUG: unable to handle kernel NULL pointer dereference at 0328 > IP: __rea

Re: BUG: unable to handle kernel NULL pointer dereference in neigh_fill_info

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > netlink: 3 bytes leftover after parsing attributes in process > `syz-executor5'. > netlink: 3 bytes leftover after parsing attributes in process > `syz

Re: BUG: unable to handle kernel NULL pointer dereference in neigh_fill_info

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > netlink: 3 bytes leftover after parsing attributes in process > `syz-executor5'. > netlink: 3 bytes leftover after parsing attributes in process > `syz

Re: BUG: unable to handle kernel NULL pointer dereference in addrconf_notify

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > ALSA: seq fatal error: cannot create timer (-22) > device syz2 entered promiscuous mode > BUG: unable to handle kernel NULL pointer dereference at

Re: BUG: unable to handle kernel NULL pointer dereference in addrconf_notify

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > ALSA: seq fatal error: cannot create timer (-22) > device syz2 entered promiscuous mode > BUG: unable to handle kernel NULL pointer dereference at

Re: BUG: unable to handle kernel NULL pointer dereference in af_alg_alloc_tsgl

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > device gre0 entered promiscuous mode > BUG: unable to handle kernel NULL pointer dereference at 0010 > IP: af_alg_alloc_tsgl+0x3f/0x140 crypto/a

Re: BUG: unable to handle kernel NULL pointer dereference in af_alg_alloc_tsgl

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > device gre0 entered promiscuous mode > BUG: unable to handle kernel NULL pointer dereference at 0010 > IP: af_alg_alloc_tsgl+0x3f/0x140 crypto/a

Re: BUG: unable to handle kernel NULL pointer dereference in sctp_cmp_addr_exact

0 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 > binder: 23647:23660 got reply transaction with no transaction stack > binder: 23647:23660 transaction failed 29201/-71, size 24-16 line 2747 > BUG: unable to handle kernel NULL pointer dereference at 0078 > IP: sctp_cmp_addr_exa

Re: BUG: unable to handle kernel NULL pointer dereference in sctp_cmp_addr_exact

0 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3 > binder: 23647:23660 got reply transaction with no transaction stack > binder: 23647:23660 transaction failed 29201/-71, size 24-16 line 2747 > BUG: unable to handle kernel NULL pointer dereference at 0078 > IP: sctp_cmp_addr_exa

Re: BUG: unable to handle kernel NULL pointer dereference in addrconf_ifdown

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > BUG: unable to handle kernel NULL pointer dereference at (null) > IP: addrconf_ifdown+0x3a2/0x780 net/ipv6/addrconf.c:3674 > PGD 1df99c067 P4D 1df99c

Re: BUG: unable to handle kernel NULL pointer dereference in addrconf_ifdown

ttached > Raw console output is attached. > > Unfortunately, I don't have any reproducer for this bug yet. > > > BUG: unable to handle kernel NULL pointer dereference at (null) > IP: addrconf_ifdown+0x3a2/0x780 net/ipv6/addrconf.c:3674 > PGD 1df99c067 P4D 1df99c

Re: BUG: unable to handle kernel NULL pointer dereference in rb_insert_color

On Wed, Dec 20, 2017 at 09:05:39AM +0100, Dmitry Vyukov wrote: > On Wed, Dec 20, 2017 at 8:59 AM, Eric Biggers wrote: > > On Wed, Dec 20, 2017 at 08:50:40AM +0100, Dmitry Vyukov wrote: > >> > > >> > The line number in lib/rbtree.c seems to be slightly off. Looking at the >

Re: BUG: unable to handle kernel NULL pointer dereference in rb_insert_color

On Wed, Dec 20, 2017 at 09:05:39AM +0100, Dmitry Vyukov wrote: > On Wed, Dec 20, 2017 at 8:59 AM, Eric Biggers wrote: > > On Wed, Dec 20, 2017 at 08:50:40AM +0100, Dmitry Vyukov wrote: > >> > > >> > The line number in lib/rbtree.c seems to be slightly off. Looking at the > >> > disassembly: > >>

Re: BUG: unable to handle kernel NULL pointer dereference in proc_flush_task

ttached > Raw console output is attached. > > syzkaller reproducer is attached. See https://goo.gl/kgGztJ > for information about syzkaller reproducers > > > BUG: unable to handle kernel NULL pointer dereference at (null) > IP: proc_flush_task_mnt fs/proc/base.c:3

<    1   2   3   4   5   6   7   8   9   10   >