reported before
(https://lkml.org/lkml/2018/5/12/91)
Crash log
=
BUG: unable to handle kernel NULL pointer dereference at 00af
PGD 800092c1a067 P4D 800092c1a067 PUD 93a74067 PMD 0
Oops: 0002 [#1] SMP PTI
CPU: 0 PID: 6651 Comm: syz
Opts: dax,,errors=continue
> EXT4-fs (sda1): DAX enabled. Warning: EXPERIMENTAL, use at your own risk
> EXT4-fs (sda1): warning: refusing change of dax flag with busy inodes while
> remounting
> EXT4-fs (sda1): re-mounted. Opts: dax,,errors=continue
> BUG: unable to handle kernel NULL p
Opts: dax,,errors=continue
> EXT4-fs (sda1): DAX enabled. Warning: EXPERIMENTAL, use at your own risk
> EXT4-fs (sda1): warning: refusing change of dax flag with busy inodes while
> remounting
> EXT4-fs (sda1): re-mounted. Opts: dax,,errors=continue
> BUG: unable to handle kernel NULL p
of dax flag with busy inodes while
remounting
EXT4-fs (sda1): re-mounted. Opts: dax,,errors=continue
BUG: unable to handle kernel NULL pointer dereference at
PGD 1cf0bc067 P4D 1cf0bc067 PUD 1c8d95067 PMD 0
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 9112 Comm: syz-executor2
of dax flag with busy inodes while
remounting
EXT4-fs (sda1): re-mounted. Opts: dax,,errors=continue
BUG: unable to handle kernel NULL pointer dereference at
PGD 1cf0bc067 P4D 1cf0bc067 PUD 1c8d95067 PMD 0
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 9112 Comm: syz-executor2
00] node 0: [mem 0x1000-0x0009efff]
[0.00] node 0: [mem 0x0010-0x0ffd1fff]
[0.000000] BUG: unable to handle kernel NULL pointer dereference at
[0.00] *pde =
[0.00] Oops: 0002 [#1]
[0.00] CPU: 0 PID: 0 Comm:
00] node 0: [mem 0x1000-0x0009efff]
[0.00] node 0: [mem 0x0010-0x0ffd1fff]
[0.000000] BUG: unable to handle kernel NULL pointer dereference at
[0.00] *pde =
[0.00] Oops: 0002 [#1]
[0.00] CPU: 0 PID: 0 Comm:
te in parallel
> random: sshd: uninitialized urandom read (32 bytes read)
> random: sshd: uninitialized urandom read (32 bytes read)
> random: sshd: uninitialized urandom read (32 bytes read)
> random: sshd: uninitialized urandom read (32 bytes read)
> IPVS: ftp: loaded support
te in parallel
> random: sshd: uninitialized urandom read (32 bytes read)
> random: sshd: uninitialized urandom read (32 bytes read)
> random: sshd: uninitialized urandom read (32 bytes read)
> random: sshd: uninitialized urandom read (32 bytes read)
> IPVS: ftp: loaded support
)
random: sshd: uninitialized urandom read (32 bytes read)
IPVS: ftp: loaded support on port[0] = 21
BUG: unable to handle kernel NULL pointer dereference at 0072
==
PGD 1acfe1067
BUG: KASAN: stack-out-of-bounds
)
random: sshd: uninitialized urandom read (32 bytes read)
IPVS: ftp: loaded support on port[0] = 21
BUG: unable to handle kernel NULL pointer dereference at 0072
==
PGD 1acfe1067
BUG: KASAN: stack-out-of-bounds
bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
BUG: unable to handle kernel NULL pointer dereference at
PGD 1ab51a067 P4D 1ab51a067 PUD 1ab510067 PMD 0
Oops: 0010 [#1] SMP KASAN
CPU: 0 PID: 4552 Comm: syz
bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
BUG: unable to handle kernel NULL pointer dereference at
PGD 1ab51a067 P4D 1ab51a067 PUD 1ab510067 PMD 0
Oops: 0010 [#1] SMP KASAN
CPU: 0 PID: 4552 Comm: syz
+57727883dbad76db2...@syzkaller.appspotmail.com
device lo entered promiscuous mode
device lo left promiscuous mode
BUG: unable to handle kernel NULL pointer dereference at
PGD 1ccf13067 P4D 1ccf13067 PUD 1bc558067 PMD 0
Oops: 0010 [#1] SMP KASAN
CPU: 1 PID: 13288 Comm: syz-executor0
+57727883dbad76db2...@syzkaller.appspotmail.com
device lo entered promiscuous mode
device lo left promiscuous mode
BUG: unable to handle kernel NULL pointer dereference at
PGD 1ccf13067 P4D 1ccf13067 PUD 1bc558067 PMD 0
Oops: 0010 [#1] SMP KASAN
CPU: 1 PID: 13288 Comm: syz-executor0
+cdb0d3176b53d35ad...@syzkaller.appspotmail.com
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor4'.
kvm [7726]: vcpu0, guest rIP: 0x9166 disabled perfctr wrmsr: 0xc1 data 0xb8
BUG: unable to handle kernel NULL pointer dereference at
PGD 1b10e9067 P4D 1b10e9067
)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
BUG: unable to handle kernel NULL pointer dereference at
PGD 1aec04067 P4D 1aec04067 PUD 1aed28067 PMD 0
Oops: 0010 [#1] SMP KASAN
CPU: 0 PID: 4522 Comm: syz-executor146
)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
BUG: unable to handle kernel NULL pointer dereference at
PGD 1aec04067 P4D 1aec04067 PUD 1aed28067 PMD 0
Oops: 0010 [#1] SMP KASAN
CPU: 0 PID: 4522 Comm: syz-executor146
+cdb0d3176b53d35ad...@syzkaller.appspotmail.com
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor4'.
kvm [7726]: vcpu0, guest rIP: 0x9166 disabled perfctr wrmsr: 0xc1 data 0xb8
BUG: unable to handle kernel NULL pointer dereference at
PGD 1b10e9067 P4D 1b10e9067
On Wednesday 27 June 2018 03:56 PM, Lorenzo Pieralisi wrote:
> On Tue, Jun 26, 2018 at 04:15:01PM -0500, Bjorn Helgaas wrote:
>> On Tue, Jun 26, 2018 at 09:10:07AM +0800, kernel test robot wrote:
>>>
>>> Greetings,
>>>
>>> 0day kernel testing robot got the below dmesg and the first bad commit
On Wednesday 27 June 2018 03:56 PM, Lorenzo Pieralisi wrote:
> On Tue, Jun 26, 2018 at 04:15:01PM -0500, Bjorn Helgaas wrote:
>> On Tue, Jun 26, 2018 at 09:10:07AM +0800, kernel test robot wrote:
>>>
>>> Greetings,
>>>
>>> 0day kernel testing robot got the below dmesg and the first bad commit
On Tue, Jun 26, 2018 at 04:15:01PM -0500, Bjorn Helgaas wrote:
> On Tue, Jun 26, 2018 at 09:10:07AM +0800, kernel test robot wrote:
> >
> > Greetings,
> >
> > 0day kernel testing robot got the below dmesg and the first bad commit is
> >
> >
On Tue, Jun 26, 2018 at 04:15:01PM -0500, Bjorn Helgaas wrote:
> On Tue, Jun 26, 2018 at 09:10:07AM +0800, kernel test robot wrote:
> >
> > Greetings,
> >
> > 0day kernel testing robot got the below dmesg and the first bad commit is
> >
> >
On Tue, Jun 26, 2018 at 09:10:07AM +0800, kernel test robot wrote:
>
> Greetings,
>
> 0day kernel testing robot got the below dmesg and the first bad commit is
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
>
> commit ef1433f717a2c63747a519d86965d73ff9bd08b3
>
On Tue, Jun 26, 2018 at 09:10:07AM +0800, kernel test robot wrote:
>
> Greetings,
>
> 0day kernel testing robot got the below dmesg and the first bad commit is
>
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
>
> commit ef1433f717a2c63747a519d86965d73ff9bd08b3
>
2c_combine: 8373 self tests passed
[7.038731] cpqphp: Compaq Hot Plug PCI Controller Driver version: 0.9.8
[7.039375] switchtec: loaded.
[7.049860] BUG: unable to handle kernel NULL pointer dereference at 004c
[7.050604] *pdpt = *pde = f000ff53f000ff53
[7.05
2c_combine: 8373 self tests passed
[7.038731] cpqphp: Compaq Hot Plug PCI Controller Driver version: 0.9.8
[7.039375] switchtec: loaded.
[7.049860] BUG: unable to handle kernel NULL pointer dereference at 004c
[7.050604] *pdpt = *pde = f000ff53f000ff53
[7.05
+405a50b23dd790f60...@syzkaller.appspotmail.com
BUG: unable to handle kernel NULL pointer dereference at
PGD 1890f1067 P4D 1890f1067 PUD 1890f2067 PMD 0
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor0'.
Oops: 0010 [#1] SMP KASAN
CPU: 0 PID: 12381 Comm: syz
+405a50b23dd790f60...@syzkaller.appspotmail.com
BUG: unable to handle kernel NULL pointer dereference at
PGD 1890f1067 P4D 1890f1067 PUD 1890f2067 PMD 0
netlink: 8 bytes leftover after parsing attributes in process
`syz-executor0'.
Oops: 0010 [#1] SMP KASAN
CPU: 0 PID: 12381 Comm: syz
gt; random: sshd: uninitialized urandom read (32 bytes read)
> random: sshd: uninitialized urandom read (32 bytes read)
> random: sshd: uninitialized urandom read (32 bytes read)
> random: sshd: uninitialized urandom read (32 bytes read)
> random: sshd: uninitialized urandom read
gt; random: sshd: uninitialized urandom read (32 bytes read)
> random: sshd: uninitialized urandom read (32 bytes read)
> random: sshd: uninitialized urandom read (32 bytes read)
> random: sshd: uninitialized urandom read (32 bytes read)
> random: sshd: uninitialized urandom read
45c5ca4d1d45b1de2541fe34b8f100 (staging: lustre:
libcfs: use dynamic minors for /dev/{lnet, obd})
from the staging-test branch to see if it resolves your problems?
> [ 54.236561] BUG: unable to handle kernel NULL pointer dereference at
> 0004
> [ 54.237836] PGD 0 P4D 0
>
45c5ca4d1d45b1de2541fe34b8f100 (staging: lustre:
libcfs: use dynamic minors for /dev/{lnet, obd})
from the staging-test branch to see if it resolves your problems?
> [ 54.236561] BUG: unable to handle kernel NULL pointer dereference at
> 0004
> [ 54.237836] PGD 0 P4D 0
>
082415] BUG: unable to handle kernel NULL pointer dereference at
0004
I think this is fixed by commit 3a04ce7130a7 ("llc: fix NULL pointer deref
for SOCK_ZAPPED")
Confirmed. Sorry for the late report!
Regards,
Fengguang
kernel NULL pointer dereference at
0004
I think this is fixed by commit 3a04ce7130a7 ("llc: fix NULL pointer deref
for SOCK_ZAPPED")
Confirmed. Sorry for the late report!
Regards,
Fengguang
main] Generating file descriptors
> [main] Added 83 filenames from /dev
> udevd[507]: failed to execute '/sbin/modprobe' '/sbin/modprobe -bv
platform:regulatory': No such file or directory
> [ 372.057947] caif:caif_disconnect_client(): nothing to disconnect
> [ 372.082415] BUG: unable to handl
t; [main] Added 83 filenames from /dev
> udevd[507]: failed to execute '/sbin/modprobe' '/sbin/modprobe -bv
platform:regulatory': No such file or directory
> [ 372.057947] caif:caif_disconnect_client(): nothing to disconnect
> [ 372.082415] BUG: unable to handle kernel NULL pointer derefer
Hi James,
On Wed, Apr 18, 2018 at 02:59:15PM +0100, James Simmons wrote:
Hello,
FYI this happens in mainline kernel 4.17.0-rc1.
It looks like a new regression.
[7.587002] lnet_selftest_init+0x2c4/0x5d9:
lnet_selftest_init at
Hi James,
On Wed, Apr 18, 2018 at 02:59:15PM +0100, James Simmons wrote:
Hello,
FYI this happens in mainline kernel 4.17.0-rc1.
It looks like a new regression.
[7.587002] lnet_selftest_init+0x2c4/0x5d9:
lnet_selftest_init at
> Hello,
>
> FYI this happens in mainline kernel 4.17.0-rc1.
> It looks like a new regression.
>
> [7.587002] lnet_selftest_init+0x2c4/0x5d9:
> lnet_selftest_init at
> drivers/staging/lustre/lnet/selftest/module.c:134
> [7.587002] ?
> Hello,
>
> FYI this happens in mainline kernel 4.17.0-rc1.
> It looks like a new regression.
>
> [7.587002] lnet_selftest_init+0x2c4/0x5d9:
> lnet_selftest_init at
> drivers/staging/lustre/lnet/selftest/module.c:134
> [7.587002] ?
earlyprintk=ttyS0,115200 co
[0.00] sysrq: sysrq always enabled.
[0.00] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
[0.00] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes)
[0.00] BUG: unable to handle kernel NULL pointer dereference
earlyprintk=ttyS0,115200 co
[0.00] sysrq: sysrq always enabled.
[0.00] Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
[0.00] Inode-cache hash table entries: 32768 (order: 6, 262144 bytes)
[0.00] BUG: unable to handle kernel NULL pointer dereference
://www.comedi.org
[6.528851] LNetError: 1:0:(module.c:546:libcfs_init()) misc_register: error
-16
[7.220272] input: ImExPS/2 Generic Explorer Mouse as
/devices/platform/i8042/serio1/input/input3
[7.586283] BUG: unable to handle kernel NULL pointer dereference at 0050
[7.586962] *pdpt
://www.comedi.org
[6.528851] LNetError: 1:0:(module.c:546:libcfs_init()) misc_register: error
-16
[7.220272] input: ImExPS/2 Generic Explorer Mouse as
/devices/platform/i8042/serio1/input/input3
[7.586283] BUG: unable to handle kernel NULL pointer dereference at 0050
[7.586962] *pdpt
output is attached.
>
> syzkaller reproducer is attached. See https://goo.gl/kgGztJ
> for information about syzkaller reproducers
>
>
> BUG: unable to handle kernel NULL pointer dereference at c58b0b19
> IP: sha512_mb_mgr_get_comp_job_avx2+0x6e/0xee
> arch/x86/crypt
output is attached.
>
> syzkaller reproducer is attached. See https://goo.gl/kgGztJ
> for information about syzkaller reproducers
>
>
> BUG: unable to handle kernel NULL pointer dereference at c58b0b19
> IP: sha512_mb_mgr_get_comp_job_avx2+0x6e/0xee
> arch/x86/crypt
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> netlink: 'syz-executor4': attribute type 29 has an invalid length.
> BUG: unable to handle kernel NULL pointer dereference at 0020
> IP: __crypt
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> netlink: 'syz-executor4': attribute type 29 has an invalid length.
> BUG: unable to handle kernel NULL pointer dereference at 0020
> IP: __crypt
zkaller713832" path="/root/syzkaller713832919" dev="sda1"
> ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
> BUG: unable to handle kernel NULL pointer dereference a
zkaller713832" path="/root/syzkaller713832919" dev="sda1"
> ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
> BUG: unable to handle kernel NULL pointer dereference a
t;free(stream);
> > > kfree(stream->out);
> > > stream->out = NULL;
> > > + stream->outcnt = 0;
> > > out:
> > > return ret;
> > > }
> >
> > In case it can't be verified due to no reprod
kfree(stream->out);
> > > stream->out = NULL;
> > > + stream->outcnt = 0;
> > > out:
> > > return ret;
> > > }
> >
> > In case it can't be verified due to no reproducer yet, I modified some
> > code
4 RSI: 0001 RDI: 0003
> RBP: 0005 R08: 0001 R09: 0032
> R10: 207a6000 R11: 0246 R12: 00401e60
> R13: 00401ef0 R14: 00000000 R15: 0000
> BUG: unable to handle kernel NULL point
4 RSI: 0001 RDI: 0003
> RBP: 0005 R08: 0001 R09: 0032
> R10: 207a6000 R11: 0246 R12: 00401e60
> R13: 00401ef0 R14: 00000000 R15: 0000
> BUG: unable to handle kernel NULL point
; >> 6084b576dca2e898f5c101baef151f7bfdbb606d
> >> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> >> compiler: gcc (GCC) 7.1.1 20170620
> >> .config is attached
> >> Raw console output is attached.
> >>
> >> Unfo
; >> 6084b576dca2e898f5c101baef151f7bfdbb606d
> >> git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/master
> >> compiler: gcc (GCC) 7.1.1 20170620
> >> .config is attached
> >> Raw console output is attached.
> >>
> >> Unfo
.git/master
>> compiler: gcc (GCC) 7.1.1 20170620
>> .config is attached
>> Raw console output is attached.
>>
>> Unfortunately, I don't have any reproducer for this bug yet.
>>
>>
>> BUG: unable to handle kernel NULL pointer dereference at
.git/master
>> compiler: gcc (GCC) 7.1.1 20170620
>> .config is attached
>> Raw console output is attached.
>>
>> Unfortunately, I don't have any reproducer for this bug yet.
>>
>>
>> BUG: unable to handle kernel NULL pointer dereference at
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> BUG: unable to handle kernel NULL pointer dereference at 0188
> IP: crypto_destroy_tfm+0x9f/0xf0 crypto/api.c:577
> PGD 0 P4D 0
> Oops: [#1]
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> BUG: unable to handle kernel NULL pointer dereference at 0188
> IP: crypto_destroy_tfm+0x9f/0xf0 crypto/api.c:577
> PGD 0 P4D 0
> Oops: [#1]
ucer yet, I modified some
> code in sctp_stream_init() to confirm Marcelo's deduction:
> - i = sctp_stream_alloc_in(stream, incnt, gfp);
> + i = 1;
> if (i) {
> ret = -ENOMEM;
> goto free;
>
> And got the same call trace as the
sctp_stream_init() to confirm Marcelo's deduction:
> - i = sctp_stream_alloc_in(stream, incnt, gfp);
> + i = 1;
> if (i) {
> ret = -ENOMEM;
> goto free;
>
> And got the same call trace as the mail:
>
> [ 301.
:23660 DecRefs 0 refcount change on invalid ref 4 ret -22
> > binder: 23647:23660 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
> > binder: 23647:23660 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
> > binder: 23647:23660 got reply transaction with no transaction stack
> > binder: 23647:23660 tra
:23660 DecRefs 0 refcount change on invalid ref 4 ret -22
> > binder: 23647:23660 BC_CLEAR_DEATH_NOTIFICATION invalid ref 0
> > binder: 23647:23660 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
> > binder: 23647:23660 got reply transaction with no transaction stack
> > binder: 23647:23660 tra
On (01/30/18 14:22), Eric Biggers wrote:
>
> I assume you weren't able to reproduce this? This crash hasn't been
> seen again,
:
> I am invalidating the bug for syzbot so it will report the same crash
> signature
> again if it occurs, but if you think there is a real bug feel free to keep
>
On (01/30/18 14:22), Eric Biggers wrote:
>
> I assume you weren't able to reproduce this? This crash hasn't been
> seen again,
:
> I am invalidating the bug for syzbot so it will report the same crash
> signature
> again if it occurs, but if you think there is a real bug feel free to keep
>
On Mon, Dec 18, 2017 at 12:22:51PM -0500, Sowmini Varadhan wrote:
> > From: Santosh Shilimkar
> > Date: Mon, 18 Dec 2017 08:28:05 -0800
> :
> > > Looks like another one tripping on empty transport. Mostly below
> > > should
> > > address it but we will test it if
On Mon, Dec 18, 2017 at 12:22:51PM -0500, Sowmini Varadhan wrote:
> > From: Santosh Shilimkar
> > Date: Mon, 18 Dec 2017 08:28:05 -0800
> :
> > > Looks like another one tripping on empty transport. Mostly below
> > > should
> > > address it but we will test it if it does.
>
> that was my first
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> BUG: unable to handle kernel NULL pointer dereference at 022c
> IP: inet6_fill_ifinfo+0x8e/0x2c0 net/ipv6/addrconf.c:5357
> PGD 1dffd8067 P4D 1dffd8
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> BUG: unable to handle kernel NULL pointer dereference at 022c
> IP: inet6_fill_ifinfo+0x8e/0x2c0 net/ipv6/addrconf.c:5357
> PGD 1dffd8067 P4D 1dffd8
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> BUG: unable to handle kernel NULL pointer dereference at 0578
> IP: read_pnet include/net/net_namespace.h:270 [inline]
> IP: dev_net
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> BUG: unable to handle kernel NULL pointer dereference at 0578
> IP: read_pnet include/net/net_namespace.h:270 [inline]
> IP: dev_net
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> BUG: unable to handle kernel NULL pointer dereference at 002f
> IP: pipe_buf_release include/linux/pipe_fs_i.h:136 [inline]
> IP: free_pipe_inf
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> BUG: unable to handle kernel NULL pointer dereference at 002f
> IP: pipe_buf_release include/linux/pipe_fs_i.h:136 [inline]
> IP: free_pipe_inf
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> netlink: 29 bytes leftover after parsing attributes in process
> `syz-executor2'.
> device eql entered promiscuous mode
> BUG: unable to handle kernel N
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> netlink: 29 bytes leftover after parsing attributes in process
> `syz-executor2'.
> device eql entered promiscuous mode
> BUG: unable to handle kernel N
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> BUG: unable to handle kernel NULL pointer dereference at (null)
> IP: qdisc_dev include/net/sch_generic.h:379 [inline]
> IP: tc_fill_qdisc+0xc8/0x4b
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> BUG: unable to handle kernel NULL pointer dereference at (null)
> IP: qdisc_dev include/net/sch_generic.h:379 [inline]
> IP: tc_fill_qdisc+0xc8/0x4b
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> netlink: 1 bytes leftover after parsing attributes in process
> `syz-executor6'.
> BUG: unable to handle kernel NULL pointer dereference at (null)
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> netlink: 1 bytes leftover after parsing attributes in process
> `syz-executor6'.
> BUG: unable to handle kernel NULL pointer dereference at (null)
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> netlink: 14 bytes leftover after parsing attributes in process
> `syz-executor6'.
> BUG: unable to handle kernel NULL pointer dereference at 0098
>
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> netlink: 14 bytes leftover after parsing attributes in process
> `syz-executor6'.
> BUG: unable to handle kernel NULL pointer dereference at 0098
>
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> binder: 5029:5034 got transaction to invalid handle
> binder: 5029:5034 transaction failed 29201/-22, size 0-56 line 2832
> binder: undelivered TRANSACTION_ERR
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> binder: 5029:5034 got transaction to invalid handle
> binder: 5029:5034 transaction failed 29201/-22, size 0-56 line 2832
> binder: undelivered TRANSACTION_ERR
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> device lo entered promiscuous mode
> device lo left promiscuous mode
> BUG: unable to handle kernel NULL pointer dereference at 0328
> IP: __rea
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> device lo entered promiscuous mode
> device lo left promiscuous mode
> BUG: unable to handle kernel NULL pointer dereference at 0328
> IP: __rea
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> netlink: 3 bytes leftover after parsing attributes in process
> `syz-executor5'.
> netlink: 3 bytes leftover after parsing attributes in process
> `syz
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> netlink: 3 bytes leftover after parsing attributes in process
> `syz-executor5'.
> netlink: 3 bytes leftover after parsing attributes in process
> `syz
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> ALSA: seq fatal error: cannot create timer (-22)
> device syz2 entered promiscuous mode
> BUG: unable to handle kernel NULL pointer dereference at
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> ALSA: seq fatal error: cannot create timer (-22)
> device syz2 entered promiscuous mode
> BUG: unable to handle kernel NULL pointer dereference at
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> device gre0 entered promiscuous mode
> BUG: unable to handle kernel NULL pointer dereference at 0010
> IP: af_alg_alloc_tsgl+0x3f/0x140 crypto/a
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> device gre0 entered promiscuous mode
> BUG: unable to handle kernel NULL pointer dereference at 0010
> IP: af_alg_alloc_tsgl+0x3f/0x140 crypto/a
0 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
> binder: 23647:23660 got reply transaction with no transaction stack
> binder: 23647:23660 transaction failed 29201/-71, size 24-16 line 2747
> BUG: unable to handle kernel NULL pointer dereference at 0078
> IP: sctp_cmp_addr_exa
0 BC_REQUEST_DEATH_NOTIFICATION invalid ref 3
> binder: 23647:23660 got reply transaction with no transaction stack
> binder: 23647:23660 transaction failed 29201/-71, size 24-16 line 2747
> BUG: unable to handle kernel NULL pointer dereference at 0078
> IP: sctp_cmp_addr_exa
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> BUG: unable to handle kernel NULL pointer dereference at (null)
> IP: addrconf_ifdown+0x3a2/0x780 net/ipv6/addrconf.c:3674
> PGD 1df99c067 P4D 1df99c
ttached
> Raw console output is attached.
>
> Unfortunately, I don't have any reproducer for this bug yet.
>
>
> BUG: unable to handle kernel NULL pointer dereference at (null)
> IP: addrconf_ifdown+0x3a2/0x780 net/ipv6/addrconf.c:3674
> PGD 1df99c067 P4D 1df99c
On Wed, Dec 20, 2017 at 09:05:39AM +0100, Dmitry Vyukov wrote:
> On Wed, Dec 20, 2017 at 8:59 AM, Eric Biggers wrote:
> > On Wed, Dec 20, 2017 at 08:50:40AM +0100, Dmitry Vyukov wrote:
> >> >
> >> > The line number in lib/rbtree.c seems to be slightly off. Looking at the
>
On Wed, Dec 20, 2017 at 09:05:39AM +0100, Dmitry Vyukov wrote:
> On Wed, Dec 20, 2017 at 8:59 AM, Eric Biggers wrote:
> > On Wed, Dec 20, 2017 at 08:50:40AM +0100, Dmitry Vyukov wrote:
> >> >
> >> > The line number in lib/rbtree.c seems to be slightly off. Looking at the
> >> > disassembly:
> >>
ttached
> Raw console output is attached.
>
> syzkaller reproducer is attached. See https://goo.gl/kgGztJ
> for information about syzkaller reproducers
>
>
> BUG: unable to handle kernel NULL pointer dereference at (null)
> IP: proc_flush_task_mnt fs/proc/base.c:3
101 - 200 of 1433 matches
Mail list logo