Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
---|---|---|---|---|---|---|---|---|
kernel BUG in process_one_work net | C | done | 3 | 294d | 297d | 0/25 | closed as dup on 2023/02/07 15:09 |
syzbot |
sign-in | mailing list | source | docs |
🐞 Open [873] ≡ Subsystems 🐞 Fixed [4873] 🐞 Invalid [11634] ⬇ Missing Backports [68] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
---|---|---|---|---|---|---|---|---|
kernel BUG in process_one_work net | C | done | 3 | 294d | 297d | 0/25 | closed as dup on 2023/02/07 15:09 |
Title | Replies (including bot) | Last reply |
---|---|---|
[PATCH v14 00/17] iov_iter: Improve page extraction (pin or just list) | 48 (48) | 2023/02/18 09:25 |
[PATCH 00/17] smb3: Use iov_iters down to the network transport and fix DIO page pinning | 25 (25) | 2023/02/17 17:48 |
[PATCH v13 00/12] iov_iter: Improve page extraction (pin or just list) | 35 (35) | 2023/02/15 15:56 |
[PATCH v12 00/10] iov_iter: Improve page extraction (pin or just list) | 19 (19) | 2023/02/09 10:50 |
[PATCH 0/2] iomap, splice: Fix DIO/splice_read race memory corruptor and kill off ITER_PIPE | 5 (5) | 2023/02/07 15:22 |
[syzbot] general protection fault in skb_dequeue (3) | 12 (14) | 2023/02/07 12:29 |
Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
---|---|---|---|---|---|---|---|---|---|
upstream | general protection fault in skb_dequeue (2) bluetooth | C | inconclusive | done | 9 | 781d | 866d | 0/25 | auto-closed as invalid on 2022/10/03 17:36 |
upstream | general protection fault in skb_dequeue net | 1 | 1228d | 1228d | 0/25 | auto-closed as invalid on 2020/09/18 07:31 | |||
android-54 | KASAN: use-after-free Read in skb_dequeue | syz | 1 | 836d | 836d | 0/2 | auto-obsoleted due to no activity on 2023/04/23 02:47 | ||
linux-4.19 | KASAN: use-after-free Read in skb_dequeue (2) | C | done | 2 | 806d | 836d | 1/1 | fixed on 2021/10/15 14:38 |
Created | Duration | User | Patch | Repo | Result |
---|---|---|---|---|---|
2023/02/07 11:22 | 22m | dhowells@redhat.com | https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/ iov-fixes | OK log | |
2023/02/07 09:58 | 21m | hdanton@sina.com | patch | https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 4fafd96910ad | OK log |
2023/02/01 23:39 | 23m | hdanton@sina.com | patch | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master | OK log |
2023/02/01 11:53 | 14m | hdanton@sina.com | patch | https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 80bd9028feca | report log |
general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 2838 Comm: kworker/u4:6 Not tainted 6.2.0-rc6-next-20230131-syzkaller-09515-g80bd9028feca #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023 Workqueue: phy4 ieee80211_iface_work RIP: 0010:__skb_unlink include/linux/skbuff.h:2321 [inline] RIP: 0010:__skb_dequeue include/linux/skbuff.h:2337 [inline] RIP: 0010:skb_dequeue+0xf5/0x180 net/core/skbuff.c:3511 Code: 8d 7e 08 49 8b 5c 24 08 48 b8 00 00 00 00 00 fc ff df 49 c7 44 24 08 00 00 00 00 48 89 fa 49 c7 04 24 00 00 00 00 48 c1 ea 03 <80> 3c 02 00 75 6d 48 89 da 49 89 5e 08 48 b8 00 00 00 00 00 fc ff RSP: 0018:ffffc9000ca2fc80 EFLAGS: 00010002 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffffffff8808951d RDI: 0000000000000008 RBP: 0000000000000293 R08: 0000000000000001 R09: 0000000000000003 R10: fffff52001945f7e R11: 0000000000000000 R12: ffff88801d8f63c0 R13: ffff888075675880 R14: 0000000000000000 R15: ffff888075675868 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4a51f6d150 CR3: 0000000072a78000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ieee80211_iface_work+0x369/0xd70 net/mac80211/iface.c:1631 process_one_work+0x9bf/0x1820 kernel/workqueue.c:2390 worker_thread+0x669/0x1090 kernel/workqueue.c:2537 kthread+0x2e8/0x3a0 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:308 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:__skb_unlink include/linux/skbuff.h:2321 [inline] RIP: 0010:__skb_dequeue include/linux/skbuff.h:2337 [inline] RIP: 0010:skb_dequeue+0xf5/0x180 net/core/skbuff.c:3511 Code: 8d 7e 08 49 8b 5c 24 08 48 b8 00 00 00 00 00 fc ff df 49 c7 44 24 08 00 00 00 00 48 89 fa 49 c7 04 24 00 00 00 00 48 c1 ea 03 <80> 3c 02 00 75 6d 48 89 da 49 89 5e 08 48 b8 00 00 00 00 00 fc ff RSP: 0018:ffffc9000ca2fc80 EFLAGS: 00010002 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000001 RSI: ffffffff8808951d RDI: 0000000000000008 RBP: 0000000000000293 R08: 0000000000000001 R09: 0000000000000003 R10: fffff52001945f7e R11: 0000000000000000 R12: ffff88801d8f63c0 R13: ffff888075675880 R14: 0000000000000000 R15: ffff888075675868 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4a51f6d150 CR3: 0000000072a78000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 8d 7e 08 lea 0x8(%rsi),%edi 3: 49 8b 5c 24 08 mov 0x8(%r12),%rbx 8: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax f: fc ff df 12: 49 c7 44 24 08 00 00 movq $0x0,0x8(%r12) 19: 00 00 1b: 48 89 fa mov %rdi,%rdx 1e: 49 c7 04 24 00 00 00 movq $0x0,(%r12) 25: 00 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction 2e: 75 6d jne 0x9d 30: 48 89 da mov %rbx,%rdx 33: 49 89 5e 08 mov %rbx,0x8(%r14) 37: 48 rex.W 38: b8 00 00 00 00 mov $0x0,%eax 3d: 00 fc add %bh,%ah 3f: ff .byte 0xff
Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2023/01/31 18:30 | linux-next | 80bd9028feca | 9dfcf09c | .config | console log | report | syz | C | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | general protection fault in skb_dequeue | |
2023/02/10 21:06 | linux-next | 38d2b86a665b | 95871dcc | .config | console log | report | info | ci-upstream-linux-next-kasan-gce-root | general protection fault in skb_dequeue | |||
2023/02/09 10:30 | linux-next | 38d2b86a665b | 14a312c8 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | general protection fault in skb_dequeue | ||
2023/02/08 18:38 | linux-next | 38d2b86a665b | fc9c934e | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | general protection fault in skb_dequeue | ||
2023/02/06 09:57 | linux-next | 129af7708234 | be607b78 | .config | console log | report | info | ci-upstream-linux-next-kasan-gce-root | general protection fault in skb_dequeue | |||
2023/02/03 10:12 | linux-next | 4fafd96910ad | 16d19e30 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-linux-next-kasan-gce-root | general protection fault in skb_dequeue |