From: syzbot <syzbot+12f4d5520532d623ba3c@syzkaller.appspotmail.com>
To: alexanderduyck@fb.com, atenart@kernel.org, davem@davemloft.net,
kuba@kernel.org, linux-kernel@vger.kernel.org,
netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com,
weiwan@google.com
Subject: [syzbot] riscv/fixes test error: BUG: unable to handle kernel NULL pointer dereference in corrupted
Date: Tue, 14 Sep 2021 03:39:21 -0700 [thread overview]
Message-ID: <000000000000c4ae8805cbf23125@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 7d2a07b76933 Linux 5.14
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes
console output: https://syzkaller.appspot.com/x/log.txt?x=16d900c3300000
kernel config: https://syzkaller.appspot.com/x/.config?x=f8211b06020972e8
dashboard link: https://syzkaller.appspot.com/bug?extid=12f4d5520532d623ba3c
compiler: riscv64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1
userspace arch: riscv64
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+12f4d5520532d623ba3c@syzkaller.appspotmail.com
bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000dc0
Oops [#1]
Modules linked in:
CPU: 0 PID: 3090 Comm: syz-executor.0 Not tainted 5.14.0-syzkaller #0
Hardware name: riscv-virtio,qemu (DT)
epc : slab_alloc_node mm/slub.c:2900 [inline]
epc : slab_alloc mm/slub.c:2967 [inline]
epc : __kmalloc+0xce/0x388 mm/slub.c:4111
ra : slab_pre_alloc_hook mm/slab.h:494 [inline]
ra : slab_alloc_node mm/slub.c:2880 [inline]
ra : slab_alloc mm/slub.c:2967 [inline]
ra : __kmalloc+0x6e/0x388 mm/slub.c:4111
epc : ffffffff803e3568 ra : ffffffff803e3508 sp : ffffffe00924f1e0
gp : ffffffff83f967d8 tp : ffffffe00db98000 t0 : ffffffc402a0e200
t1 : 0000000000000001 t2 : 000000005784fdac s0 : ffffffe00924f280
s1 : ffffffe005601640 a0 : 0000000000000000 a1 : ffffffe00924f5cc
a2 : 1ffffffff07aa51f a3 : 0000000000000dc0 a4 : 0000000000000000
a5 : ffffffff82e4b2b0 a6 : 0000000000f00000 a7 : ffffffff8038ca52
s2 : ffffffff83f96adc s3 : 0000000000000dc0 s4 : 0000000000000026
s5 : ffffffff80acc382 s6 : ffffffff83f9a0d0 s7 : 0000000000000000
s8 : 0000000000000dc0 s9 : 0000000000000001 s10: ffffffe006bcbb00
s11: ffffffff8365bbd8 t3 : 69ec673486bf2000 t4 : ffffffc1e04a9392
t5 : ffffffc1e04a9393 t6 : ffffffe014ff375d
status: 0000000000000120 badaddr: 0000000000000dc0 cause: 000000000000000d
[<ffffffff803e3568>] slab_alloc_node mm/slub.c:2900 [inline]
[<ffffffff803e3568>] slab_alloc mm/slub.c:2967 [inline]
[<ffffffff803e3568>] __kmalloc+0xce/0x388 mm/slub.c:4111
[<ffffffff80acc382>] kmalloc include/linux/slab.h:596 [inline]
[<ffffffff80acc382>] kzalloc include/linux/slab.h:721 [inline]
[<ffffffff80acc382>] kobject_get_path+0xac/0x16a lib/kobject.c:179
[<ffffffff80ace5d0>] kobject_uevent_env+0x1d8/0xde4 lib/kobject_uevent.c:529
[<ffffffff80acf1fe>] kobject_uevent+0x22/0x2e lib/kobject_uevent.c:642
[<ffffffff8226afec>] rx_queue_add_kobject net/core/net-sysfs.c:1020 [inline]
[<ffffffff8226afec>] net_rx_queue_update_kobjects+0xcc/0x372 net/core/net-sysfs.c:1060
[<ffffffff8226b7f4>] register_queue_kobjects net/core/net-sysfs.c:1711 [inline]
[<ffffffff8226b7f4>] netdev_register_kobject+0x166/0x208 net/core/net-sysfs.c:1959
[<ffffffff821ffac6>] register_netdevice+0x872/0xbe0 net/core/dev.c:10349
[<ffffffff82b10ce2>] hsr_dev_finalize+0x346/0x45e net/hsr/hsr_device.c:535
[<ffffffff82b1122e>] hsr_newlink+0x1ca/0x37c net/hsr/hsr_netlink.c:102
[<ffffffff82221fc2>] __rtnl_newlink+0xb04/0xe90 net/core/rtnetlink.c:3461
[<ffffffff8222239e>] rtnl_newlink+0x50/0x7c net/core/rtnetlink.c:3509
[<ffffffff82222a12>] rtnetlink_rcv_msg+0x2ce/0x90e net/core/rtnetlink.c:5575
[<ffffffff82400cc4>] netlink_rcv_skb+0x9c/0x248 net/netlink/af_netlink.c:2504
[<ffffffff8221a5da>] rtnetlink_rcv+0x26/0x30 net/core/rtnetlink.c:5593
[<ffffffff823ffb92>] netlink_unicast_kernel net/netlink/af_netlink.c:1314 [inline]
[<ffffffff823ffb92>] netlink_unicast+0x398/0x584 net/netlink/af_netlink.c:1340
[<ffffffff824001c8>] netlink_sendmsg+0x44a/0x894 net/netlink/af_netlink.c:1929
[<ffffffff821908cc>] sock_sendmsg_nosec net/socket.c:703 [inline]
[<ffffffff821908cc>] sock_sendmsg+0xa0/0xc4 net/socket.c:723
[<ffffffff8219428a>] __sys_sendto+0x170/0x230 net/socket.c:2019
[<ffffffff82194388>] __do_sys_sendto net/socket.c:2031 [inline]
[<ffffffff82194388>] sys_sendto+0x3e/0x52 net/socket.c:2027
[<ffffffff80005150>] ret_from_syscall+0x0/0x2
---[ end trace 6a349b32cfb17483 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
next reply other threads:[~2021-09-14 10:39 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-14 10:39 syzbot [this message]
2021-09-14 11:08 ` [syzbot] riscv/fixes test error: BUG: unable to handle kernel NULL pointer dereference in corrupted Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000c4ae8805cbf23125@google.com \
--to=syzbot+12f4d5520532d623ba3c@syzkaller.appspotmail.com \
--cc=alexanderduyck@fb.com \
--cc=atenart@kernel.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=syzkaller-bugs@googlegroups.com \
--cc=weiwan@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.