| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | KASAN: use-after-free Read in io_poll_remove_entries io-uring | C | done | done | 751 | 595d | 975d | 0/28 | auto-obsoleted due to no activity on 2023/07/04 23:32 |
syzbot |
sign-in | mailing list | source | docs |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | KASAN: use-after-free Read in io_poll_remove_entries io-uring | C | done | done | 751 | 595d | 975d | 0/28 | auto-obsoleted due to no activity on 2023/07/04 23:32 |
general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 3628 Comm: syz-executor916 Not tainted 6.1.19-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023 RIP: 0010:io_poll_remove_entry io_uring/poll.c:180 [inline] RIP: 0010:io_poll_remove_entries+0x39a/0x5f0 io_uring/poll.c:218 Code: c4 40 4c 89 e0 48 c1 e8 03 4d 89 fd 42 80 3c 38 00 74 08 4c 89 e7 e8 15 ff ab fd 49 8b 1c 24 4c 8d 7b 08 4d 89 fe 49 c1 ee 03 <43> 80 3c 2e 00 74 08 4c 89 ff e8 f7 fe ab fd 49 8b 2f 48 85 ed 0f RSP: 0018:ffffc90003bdf9d0 EFLAGS: 00010202 RAX: 1ffff110039d2ca8 RBX: 0000000000000000 RCX: ffff88807ca1ba80 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000006 RBP: 0000000001000000 R08: ffffffff8434c5e5 R09: fffffbfff204cc31 R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88801ce96540 R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000008 FS: 0000555555749300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f64e4f17b20 CR3: 000000007cdfc000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __io_arm_poll_handler+0x5df/0x920 io_uring/poll.c:619 io_arm_poll_handler+0x75d/0xd20 io_uring/poll.c:750 io_queue_async+0xa6/0x640 io_uring/io_uring.c:1877 handle_tw_list+0x2aa/0x480 io_uring/io_uring.c:1035 tctx_task_work+0x11b/0x720 io_uring/io_uring.c:1087 task_work_run+0x246/0x300 kernel/task_work.c:179 resume_user_mode_work include/linux/resume_user_mode.h:49 [inline] exit_to_user_mode_loop+0xd9/0x100 kernel/entry/common.c:171 exit_to_user_mode_prepare+0xb1/0x140 kernel/entry/common.c:203 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x60/0x2d0 kernel/entry/common.c:296 do_syscall_64+0x49/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f64e4eaa5c3 Code: c7 c2 c0 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb ba 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 75 14 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 RSP: 002b:00007ffffcc52f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f64e4eaa5c3 RDX: 0000000000000000 RSI: 000000000000561c RDI: 0000000000000003 RBP: 00007ffffcc52f90 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffffcc52f88 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:io_poll_remove_entry io_uring/poll.c:180 [inline] RIP: 0010:io_poll_remove_entries+0x39a/0x5f0 io_uring/poll.c:218 Code: c4 40 4c 89 e0 48 c1 e8 03 4d 89 fd 42 80 3c 38 00 74 08 4c 89 e7 e8 15 ff ab fd 49 8b 1c 24 4c 8d 7b 08 4d 89 fe 49 c1 ee 03 <43> 80 3c 2e 00 74 08 4c 89 ff e8 f7 fe ab fd 49 8b 2f 48 85 ed 0f RSP: 0018:ffffc90003bdf9d0 EFLAGS: 00010202 RAX: 1ffff110039d2ca8 RBX: 0000000000000000 RCX: ffff88807ca1ba80 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000006 RBP: 0000000001000000 R08: ffffffff8434c5e5 R09: fffffbfff204cc31 R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88801ce96540 R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000008 FS: 0000555555749300(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffffcc52f48 CR3: 000000007cdfc000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 40 rex 1: 4c 89 e0 mov %r12,%rax 4: 48 c1 e8 03 shr $0x3,%rax 8: 4d 89 fd mov %r15,%r13 b: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1) 10: 74 08 je 0x1a 12: 4c 89 e7 mov %r12,%rdi 15: e8 15 ff ab fd callq 0xfdabff2f 1a: 49 8b 1c 24 mov (%r12),%rbx 1e: 4c 8d 7b 08 lea 0x8(%rbx),%r15 22: 4d 89 fe mov %r15,%r14 25: 49 c1 ee 03 shr $0x3,%r14 * 29: 43 80 3c 2e 00 cmpb $0x0,(%r14,%r13,1) <-- trapping instruction 2e: 74 08 je 0x38 30: 4c 89 ff mov %r15,%rdi 33: e8 f7 fe ab fd callq 0xfdabff2f 38: 49 8b 2f mov (%r15),%rbp 3b: 48 85 ed test %rbp,%rbp 3e: 0f .byte 0xf
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023/03/15 00:44 | linux-6.1.y | 6449a0ba6843 | 0d5c4377 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in io_poll_remove_entries | |
| 2023/03/15 01:18 | linux-6.1.y | 6449a0ba6843 | 0d5c4377 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: null-ptr-deref Read in io_poll_remove_entries | |
| 2023/04/01 17:27 | linux-6.1.y | 3b29299e5f60 | f325deb0 | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in io_poll_remove_entries | |
| 2023/04/02 09:53 | linux-6.1.y | 3b29299e5f60 | f325deb0 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in io_poll_remove_entries | ||
| 2023/03/30 05:57 | linux-6.1.y | e3a87a10f259 | f325deb0 | .config | console log | report | info | ci2-linux-6-1-kasan | general protection fault in io_poll_remove_entries | |||
| 2023/03/27 07:04 | linux-6.1.y | e3a87a10f259 | fbf0499a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in io_poll_remove_entries | ||
| 2023/03/26 16:33 | linux-6.1.y | e3a87a10f259 | fbf0499a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in io_poll_remove_entries | ||
| 2023/03/23 13:59 | linux-6.1.y | e3a87a10f259 | f94b4a29 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in io_poll_remove_entries | ||
| 2023/03/23 13:14 | linux-6.1.y | e3a87a10f259 | f94b4a29 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in io_poll_remove_entries | ||
| 2023/03/17 05:57 | linux-6.1.y | 6449a0ba6843 | 18b58603 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in io_poll_remove_entries | ||
| 2023/03/15 08:57 | linux-6.1.y | 6449a0ba6843 | 18b58603 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in io_poll_remove_entries | ||
| 2023/03/14 22:35 | linux-6.1.y | 6449a0ba6843 | 0d5c4377 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in io_poll_remove_entries | ||
| 2023/03/14 18:33 | linux-6.1.y | 6449a0ba6843 | 0d5c4377 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in io_poll_remove_entries | ||
| 2023/03/14 18:32 | linux-6.1.y | 6449a0ba6843 | 0d5c4377 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan | general protection fault in io_poll_remove_entries | ||
| 2023/03/30 05:51 | linux-6.1.y | e3a87a10f259 | f325deb0 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: null-ptr-deref Read in io_poll_remove_entries | ||
| 2023/03/26 16:28 | linux-6.1.y | e3a87a10f259 | fbf0499a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: null-ptr-deref Read in io_poll_remove_entries | ||
| 2023/03/26 16:28 | linux-6.1.y | e3a87a10f259 | fbf0499a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: null-ptr-deref Read in io_poll_remove_entries | ||
| 2023/03/26 16:27 | linux-6.1.y | e3a87a10f259 | fbf0499a | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: null-ptr-deref Read in io_poll_remove_entries | ||
| 2023/03/24 19:29 | linux-6.1.y | e3a87a10f259 | 9700afae | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: null-ptr-deref Read in io_poll_remove_entries | ||
| 2023/03/22 23:05 | linux-6.1.y | e3a87a10f259 | f94b4a29 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: null-ptr-deref Read in io_poll_remove_entries | ||
| 2023/03/15 02:37 | linux-6.1.y | 6449a0ba6843 | 0d5c4377 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci2-linux-6-1-kasan-arm64 | KASAN: null-ptr-deref Read in io_poll_remove_entries |