Greeting, FYI, we noticed the following commit (built with gcc-9): commit: 45a86681844e375bef6f6add272ccc309bb6a08d ("xsk: Add support for recvmsg()") https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master in testcase: trinity version: trinity-static-x86_64-x86_64-1c734c75-1_2020-01-06 with following parameters: runtime: 300s test-description: Trinity is a linux system call fuzz tester. test-url: http://codemonkey.org.uk/projects/trinity/ on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +---------------------------------------------+------------+------------+ | | 7c951cafc0 | 45a8668184 | +---------------------------------------------+------------+------------+ | boot_failures | 0 | 3 | | BUG:KASAN:null-ptr-deref_in_xsk_recvmsg | 0 | 3 | | BUG:kernel_NULL_pointer_dereference,address | 0 | 3 | | Oops:#[##] | 0 | 3 | | RIP:xsk_recvmsg | 0 | 3 | | Kernel_panic-not_syncing:Fatal_exception | 0 | 3 | +---------------------------------------------+------------+------------+ If you fix the issue, kindly add following tag Reported-by: kernel test robot [ 145.239948] BUG: KASAN: null-ptr-deref in xsk_recvmsg+0x36/0x11c [ 145.240502] Read of size 4 at addr 0000000000000208 by task trinity-c4/1071 [ 145.241071] [ 145.241265] CPU: 0 PID: 1071 Comm: trinity-c4 Not tainted 5.10.0-rc3-00857-g45a86681844e #1 [ 145.241946] Call Trace: [ 145.242196] ? dump_stack+0x116/0x179 [ 145.242563] ? xsk_recvmsg+0x36/0x11c [ 145.242916] ? kasan_report+0x1e5/0x21d [ 145.243305] ? xsk_recvmsg+0x36/0x11c [ 145.243651] ? __asan_load4+0x4e/0x102 [ 145.243981] ? xsk_recvmsg+0x36/0x11c [ 145.244336] ? xsk_wakeup+0x10a/0x10a [ 145.244685] ? sock_recvmsg_nosec+0x50/0x5e [ 145.245098] ? sock_recvmsg+0x4f/0x5c [ 145.245469] ? ____sys_recvmsg+0x16d/0x2bb [ 145.245892] ? sock_recvmsg+0x5c/0x5c [ 145.246267] ? copy_msghdr_from_user+0xb5/0x108 [ 145.246806] ? __copy_msghdr_from_user+0x256/0x256 [ 145.247269] ? timekeeping_get_ns+0x25/0x137 [ 145.247672] ? rcu_read_lock_sched_held+0x85/0xf3 [ 145.248102] ? rcu_read_lock_held+0xb8/0xb8 [ 145.248508] ? find_held_lock+0xbc/0xcb [ 145.248907] ? ___sys_recvmsg+0xe7/0x14b [ 145.249282] ? recvmsg_copy_msghdr+0x45/0x45 [ 145.249695] ? reacquire_held_locks+0x251/0x251 [ 145.250123] ? timespec64_add_safe+0xd5/0x161 [ 145.250523] ? nsec_to_clock_t+0x15/0x15 [ 145.250933] ? kvm_clock_read+0x29/0x3f [ 145.251290] ? kvm_clock_get_cycles+0xc/0x14 [ 145.251676] ? timekeeping_get_ns+0xc7/0x137 [ 145.252060] ? __fcheck_files+0x64/0x6c [ 145.252410] ? __fget_light+0x79/0xcf [ 145.252786] ? __fdget+0x11/0x19 [ 145.253173] ? do_recvmmsg+0x27b/0x4ae [ 145.253552] ? reacquire_held_locks+0x251/0x251 [ 145.253971] ? ___sys_recvmsg+0x14b/0x14b [ 145.254406] ? should_fail+0x7b/0x395 [ 145.254864] ? get_old_timespec32+0x8a/0x8a [ 145.255252] ? find_held_lock+0xbc/0xcb [ 145.255635] ? rcu_read_unlock+0x6b/0xbc [ 145.256016] ? __sys_recvmmsg+0xfb/0x1e3 [ 145.256395] ? __x64_sys_recvmsg+0x5f/0x5f [ 145.256774] ? lock_is_held+0xf/0x17 [ 145.257115] ? rcu_read_lock_held+0xb8/0xb8 [ 145.257579] ? __x64_sys_recvmmsg+0x85/0x9d [ 145.257995] ? do_syscall_64+0x42/0xb5 [ 145.258339] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 145.259035] ================================================================== [ 145.259976] Disabling lock debugging due to kernel taint [ 145.269001] BUG: kernel NULL pointer dereference, address: 0000000000000208 [ 145.270370] #PF: supervisor read access in kernel mode [ 145.271597] #PF: error_code(0x0000) - not-present page [ 145.272620] PGD 8000000107201067 P4D 8000000107201067 PUD 10625e067 PMD 0 [ 145.273958] Oops: 0000 [#1] SMP KASAN PTI [ 145.274778] CPU: 0 PID: 1071 Comm: trinity-c4 Tainted: G B 5.10.0-rc3-00857-g45a86681844e #1 [ 145.276624] RIP: 0010:xsk_recvmsg+0x36/0x11c [ 145.277492] Code: cb e8 54 90 f6 fe 48 8b 6d 18 48 8d bd c8 04 00 00 e8 44 90 f6 fe 4c 8b a5 c8 04 00 00 49 8d bc 24 08 02 00 00 e8 3c 92 f6 fe <41> f6 84 24 08 02 00 00 01 75 11 48 ff 05 de 8a 90 06 b8 9c ff ff [ 145.280142] RSP: 0018:ffff8881230079b8 EFLAGS: 00010202 [ 145.280574] RAX: ffff8881069d3001 RBX: 0000000000000004 RCX: ffffffff8116b7fb [ 145.281147] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffffffff8249daff [ 145.281706] RBP: ffff888101c8f000 R08: fffffbfff08f85d5 R09: fffffbfff08f85d5 [ 145.282264] R10: ffffffff847c2ea3 R11: 0000000000000000 R12: 0000000000000000 [ 145.282867] R13: 0000000000000004 R14: ffff88812ae8cfc0 R15: 00007f0299223008 [ 145.283430] FS: 000000000109a880(0000) GS:ffff8881e8200000(0000) knlGS:0000000000000000 [ 145.284068] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.284533] CR2: 0000000000000208 CR3: 0000000106c10000 CR4: 00000000000406b0 [ 145.285140] DR0: 00007f0298a23000 DR1: 0000000000000000 DR2: 0000000000000000 [ 145.285871] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000030602 [ 145.286775] Call Trace: [ 145.287129] ? xsk_wakeup+0x10a/0x10a [ 145.287621] sock_recvmsg_nosec+0x50/0x5e [ 145.288147] sock_recvmsg+0x4f/0x5c [ 145.288610] ____sys_recvmsg+0x16d/0x2bb [ 145.288965] ? sock_recvmsg+0x5c/0x5c [ 145.289275] ? copy_msghdr_from_user+0xb5/0x108 [ 145.289649] ? __copy_msghdr_from_user+0x256/0x256 [ 145.290046] ? timekeeping_get_ns+0x25/0x137 [ 145.290405] ? rcu_read_lock_sched_held+0x85/0xf3 [ 145.290803] ? rcu_read_lock_held+0xb8/0xb8 [ 145.291161] ? find_held_lock+0xbc/0xcb [ 145.291494] ___sys_recvmsg+0xe7/0x14b [ 145.291814] ? recvmsg_copy_msghdr+0x45/0x45 [ 145.292173] ? reacquire_held_locks+0x251/0x251 [ 145.292549] ? timespec64_add_safe+0xd5/0x161 [ 145.292910] ? nsec_to_clock_t+0x15/0x15 [ 145.293242] ? kvm_clock_read+0x29/0x3f [ 145.293568] ? kvm_clock_get_cycles+0xc/0x14 [ 145.293930] ? timekeeping_get_ns+0xc7/0x137 [ 145.294285] ? __fcheck_files+0x64/0x6c [ 145.294626] ? __fget_light+0x79/0xcf [ 145.294949] ? __fdget+0x11/0x19 [ 145.295235] do_recvmmsg+0x27b/0x4ae [ 145.295542] ? reacquire_held_locks+0x251/0x251 [ 145.295912] ? ___sys_recvmsg+0x14b/0x14b [ 145.296243] ? should_fail+0x7b/0x395 [ 145.296569] ? get_old_timespec32+0x8a/0x8a [ 145.296917] ? find_held_lock+0xbc/0xcb [ 145.297250] ? rcu_read_unlock+0x6b/0xbc [ 145.297583] __sys_recvmmsg+0xfb/0x1e3 [ 145.297898] ? __x64_sys_recvmsg+0x5f/0x5f [ 145.298236] ? lock_is_held+0xf/0x17 [ 145.298602] ? rcu_read_lock_held+0xb8/0xb8 [ 145.299052] __x64_sys_recvmmsg+0x85/0x9d [ 145.299385] do_syscall_64+0x42/0xb5 [ 145.299685] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 145.300090] RIP: 0033:0x463519 [ 145.300342] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 59 00 00 c3 66 2e 0f 1f 84 00 00 00 00 [ 145.301758] RSP: 002b:00007ffc73400c98 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 145.302368] RAX: ffffffffffffffda RBX: 000000000000012b RCX: 0000000000463519 [ 145.302941] RDX: 0000000031372000 RSI: 00007f0299223000 RDI: 0000000000000187 [ 145.303511] RBP: 00007f029933b000 R08: 00007f0299223008 R09: 000000000000a000 [ 145.304070] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000002 [ 145.304625] R13: 00007f029933b058 R14: 000000000109a850 R15: 00007f029933b000 [ 145.305215] Modules linked in: [ 145.305483] CR2: 0000000000000208 [ 145.306012] ---[ end trace 0293a8e653ed46bd ]--- To reproduce: # build kernel cd linux cp config-5.10.0-rc3-00857-g45a86681844e .config make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage git clone https://github.com/intel/lkp-tests.git cd lkp-tests bin/lkp qemu -k job-script # job-script is attached in this email Thanks, Oliver Sang