syzbot


general protection fault in io_uring_show_cred
Status: fixed on 2020/11/20 14:54
Reported-by: syzbot+a6d494688cdb797bdfce@syzkaller.appspotmail.com
Fix commit: 6b47ab81c9a9 io_uring: use correct pointer for io_uring_show_cred()
First crash: 398d, last: 398d

Cause bisection: introduced by (bisect log) :
commit 1e6fa5216a0e59ef02e8b6b40d553238a3b81d49
Author: Jens Axboe <axboe@kernel.dk>
Date: Thu Oct 15 14:46:24 2020 +0000

  io_uring: COW io_identity on mismatch

Crash: BUG: unable to handle kernel paging request in io_uring_show_cred (log)
Repro: C syz .config
duplicates (2):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
KASAN: use-after-free Read in io_uring_show_cred C done 6 398d 398d 0/22 closed as dup on 2020/11/05 16:50
KASAN: slab-out-of-bounds Read in io_uring_show_cred 1 398d 394d 0/22 closed as dup on 2020/11/09 18:08

Sample crash report:

Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-root 2020/11/05 06:20 upstream 4ef8451b3326 64069d48 .config log report syz C
ci-upstream-kasan-gce-smack-root 2020/11/05 05:57 upstream 4ef8451b3326 64069d48 .config log report info
ci-upstream-kasan-gce-root 2020/11/05 05:55 upstream 4ef8451b3326 64069d48 .config log report info
ci-upstream-kasan-gce-root 2020/11/05 05:55 upstream 4ef8451b3326 64069d48 .config log report info