syzbot


BUG: unable to handle kernel paging request in corrupted (3)

Status: fixed on 2021/11/10 00:50
Reported-by: syzbot+a84b8783366ecb1c65d0@syzkaller.appspotmail.com
Fix commit: 7a274727702c io_uring: don't modify req->poll for rw
First crash: 507d, last: 334d

Cause bisection: introduced by (bisect log) :
commit ea6a693d862d4f0edd748a1fa3fc6faf2c39afb2
Author: Jens Axboe <axboe@kernel.dk>
Date: Thu Apr 15 15:47:13 2021 +0000

  io_uring: disable multishot poll for double poll add cases

Crash: BUG: unable to handle kernel paging request in corrupted (log)
Repro: C syz .config
similar bugs (10):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream BUG: unable to handle kernel paging request in corrupted C 10 1369d 1631d 0/24 closed as invalid on 2019/06/11 06:50
android-54 BUG: unable to handle kernel paging request in corrupted C 1 903d 903d 0/2 closed as invalid on 2021/10/13 14:32
upstream KASAN: use-after-free Read in corrupted (4) C done error 9 88d 782d 0/24 upstream: reported C repro on 2020/08/11 12:47
upstream BUG: unable to handle kernel paging request in corrupted (2) syz done 1 1171d 1171d 0/24 closed as dup on 2019/07/23 07:35
upstream KMSAN: uninit-value in corrupted syz 2 324d 324d 0/24 closed as invalid on 2021/11/18 13:55
android-54 BUG: unable to handle kernel NULL pointer dereference in corrupted C 202 4d03h 663d 0/2 upstream: reported C repro on 2020/12/07 19:36
linux-4.19 BUG: corrupted list in corrupted C error 4 96d 735d 0/1 upstream: reported C repro on 2020/09/27 07:51
upstream general protection fault in corrupted (2) C 2 1363d 1366d 12/24 fixed on 2019/03/06 07:43
upstream general protection fault in corrupted syz 1 1527d 1527d 0/24 closed as invalid on 2018/07/29 11:55
android-54 general protection fault in corrupted C 1 937d 937d 0/2 closed as invalid on 2021/10/13 11:17
Patch testing requests:
Created Duration User Patch Repo Result
2021/05/17 11:21 17m asml.silence@gmail.com https://github.com/isilence/linux.git syz_test10 OK

Sample crash report:
BUG: unable to handle page fault for address: ffffffffc1defce0
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD bc8f067 P4D bc8f067 PUD bc91067 PMD 0 
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 8479 Comm: iou-wrk-8440 Not tainted 5.13.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:0xffffffffc1defce0
Code: Unable to access opcode bytes at RIP 0xffffffffc1defcb6.
RSP: 0018:ffffc9000161f8f8 EFLAGS: 00010246
RAX: ffffffffc1defce0 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880187eb8c0
RBP: ffff8880187eb8c0 R08: 0000000000000000 R09: 0000000000002000
R10: ffffffff81df1723 R11: 0000000000004000 R12: 0000000000000000
R13: ffff8880187eb918 R14: ffff8880187eb900 R15: ffffffffc1defce0
FS:  0000000001212300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffc1defcb6 CR3: 00000000139d9000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
Modules linked in:
CR2: ffffffffc1defce0
---[ end trace a41da77ef833bc79 ]---
RIP: 0010:0xffffffffc1defce0
Code: Unable to access opcode bytes at RIP 0xffffffffc1defcb6.
RSP: 0018:ffffc9000161f8f8 EFLAGS: 00010246
RAX: ffffffffc1defce0 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880187eb8c0
RBP: ffff8880187eb8c0 R08: 0000000000000000 R09: 0000000000002000
R10: ffffffff81df1723 R11: 0000000000004000 R12: 0000000000000000
R13: ffff8880187eb918 R14: ffff8880187eb900 R15: ffffffffc1defce0
FS:  0000000001212300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffc1defcb6 CR3: 00000000139d9000 CR4: 00000000001506e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (45):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce 2021/05/12 16:54 upstream 88b06399c9c7 da958a4d .config log report syz C BUG: unable to handle kernel paging request in corrupted
ci-upstream-kasan-gce 2021/05/12 16:19 upstream 88b06399c9c7 da958a4d .config log report syz C BUG: unable to handle kernel paging request in corrupted
ci-upstream-kasan-gce-selinux-root 2021/08/14 18:41 upstream dfa377c35d70 2489ab88 .config log report syz C general protection fault in corrupted
ci-upstream-kmsan-gce 2021/10/20 21:36 https://github.com/google/kmsan.git master d6493d2046c4 418a00eb .config log report syz C KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/18 10:39 https://github.com/google/kmsan.git master d6493d2046c4 0c5d9412 .config log report syz C KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/15 17:12 https://github.com/google/kmsan.git master 8bdd014d5dc7 0c5d9412 .config log report syz C KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/06 15:04 https://github.com/google/kmsan.git master c7f84f4e1147 0a63fd36 .config log report syz C KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/09/06 21:17 https://github.com/google/kmsan.git master 43b4682e8b8e 6ca60148 .config log report syz C KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/08/20 06:33 https://github.com/google/kmsan.git master 40b1d724c752 b599f2fc .config log report syz C KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/08/12 02:01 https://github.com/google/kmsan.git master 40b1d724c752 6972b106 .config log report syz C KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/08/10 16:12 https://github.com/google/kmsan.git master 40b1d724c752 6972b106 .config log report syz C KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/30 23:50 https://github.com/google/kmsan.git master 59bd88c25ffc 098b5d53 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/29 14:50 https://github.com/google/kmsan.git master 45859661869b 2353a3ec .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/26 22:25 https://github.com/google/kmsan.git master 0f36cda66082 d50eb50a .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/25 11:02 https://github.com/google/kmsan.git master 82e66ad2e586 4f0000ee .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/24 02:08 https://github.com/google/kmsan.git master 82e66ad2e586 282f03fb .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/23 19:57 https://github.com/google/kmsan.git master 82e66ad2e586 282f03fb .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/23 12:43 https://github.com/google/kmsan.git master 82e66ad2e586 282f03fb .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/23 05:32 https://github.com/google/kmsan.git master 82e66ad2e586 282f03fb .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/21 11:11 https://github.com/google/kmsan.git master d6493d2046c4 f111d03b .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/20 18:24 https://github.com/google/kmsan.git master d6493d2046c4 418a00eb .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/20 16:56 https://github.com/google/kmsan.git master d6493d2046c4 418a00eb .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/19 08:27 https://github.com/google/kmsan.git master d6493d2046c4 24dc29db .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/18 19:54 https://github.com/google/kmsan.git master d6493d2046c4 0c5d9412 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/12 10:11 https://github.com/google/kmsan.git master c7f84f4e1147 838e7e2c .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/11 16:52 https://github.com/google/kmsan.git master c7f84f4e1147 838e7e2c .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/11 08:56 https://github.com/google/kmsan.git master c7f84f4e1147 838e7e2c .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/09 01:56 https://github.com/google/kmsan.git master c7f84f4e1147 efe0f24d .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/06 09:01 https://github.com/google/kmsan.git master c7f84f4e1147 0a63fd36 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/06 08:27 https://github.com/google/kmsan.git master c7f84f4e1147 0a63fd36 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/05 13:09 https://github.com/google/kmsan.git master 90f502f5d016 ce697b49 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/05 07:40 https://github.com/google/kmsan.git master 90f502f5d016 ce697b49 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/04 12:35 https://github.com/google/kmsan.git master 90f502f5d016 ce697b49 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/10/01 14:22 https://github.com/google/kmsan.git master 90f502f5d016 1d849ab4 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/09/30 07:14 https://github.com/google/kmsan.git master 90f502f5d016 be530f6c .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/09/28 12:11 https://github.com/google/kmsan.git master cd2c05533838 78494d16 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce 2021/09/01 17:18 https://github.com/google/kmsan.git master e306aba466ec 7eb7e152 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce-386 2021/11/01 17:44 https://github.com/google/kmsan.git master 59bd88c25ffc 098b5d53 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce-386 2021/10/31 04:54 https://github.com/google/kmsan.git master 59bd88c25ffc 098b5d53 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce-386 2021/10/25 01:50 https://github.com/google/kmsan.git master 82e66ad2e586 282f03fb .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce-386 2021/10/18 11:12 https://github.com/google/kmsan.git master d6493d2046c4 0c5d9412 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce-386 2021/10/18 07:07 https://github.com/google/kmsan.git master d6493d2046c4 0c5d9412 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce-386 2021/10/12 00:19 https://github.com/google/kmsan.git master c7f84f4e1147 838e7e2c .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce-386 2021/10/04 03:30 https://github.com/google/kmsan.git master 90f502f5d016 db0f5787 .config log report syz KMSAN: uninit-value in corrupted
ci-upstream-kmsan-gce-386 2021/10/03 17:30 https://github.com/google/kmsan.git master 90f502f5d016 db0f5787 .config log report syz KMSAN: uninit-value in corrupted
* Struck through repros no longer work on HEAD.