syzbot |
sign-in | mailing list | source | docs |
| 🐞 Open [993] ≡ Subsystems 🐞 Fixed [5244] 🐞 Invalid [12525] ⬇ Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | KMSAN: uninit-value in __netif_receive_skb_core wireguard wireless | C | done | 353 | 238d | 2207d | 23/26 | fixed on 2023/10/12 12:47 | |
| linux-4.19 | KASAN: use-after-free Read in __netif_receive_skb_core | syz | error | 20 | 757d | 1298d | 0/1 | upstream: reported syz repro on 2020/10/08 04:31 | |
| linux-4.14 | KASAN: use-after-free Read in __netif_receive_skb_core | syz | error | 19 | 1025d | 1442d | 0/1 | upstream: reported syz repro on 2020/05/16 19:24 |
================================================================== BUG: KASAN: null-ptr-deref in skb_end_pointer include/linux/skbuff.h:1471 [inline] BUG: KASAN: null-ptr-deref in skb_is_gso include/linux/skbuff.h:4623 [inline] BUG: KASAN: null-ptr-deref in bstats_update include/net/sch_generic.h:863 [inline] BUG: KASAN: null-ptr-deref in mini_qdisc_bstats_cpu_update include/net/sch_generic.h:1314 [inline] BUG: KASAN: null-ptr-deref in sch_handle_ingress net/core/dev.c:4995 [inline] BUG: KASAN: null-ptr-deref in __netif_receive_skb_core+0x111e/0x2730 net/core/dev.c:5211 Read of size 8 at addr 0000000000000002 by task kworker/0:5/2742 CPU: 0 PID: 2742 Comm: kworker/0:5 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) Workqueue: wg-crypt-wg0 wg_packet_tx_worker Call Trace: [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113 [<ffffffff831668cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119 [<ffffffff831756ba>] __dump_stack lib/dump_stack.c:88 [inline] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106 [<ffffffff80474da6>] __kasan_report mm/kasan/report.c:446 [inline] [<ffffffff80474da6>] kasan_report+0x1de/0x1e0 mm/kasan/report.c:459 [<ffffffff80475b20>] check_region_inline mm/kasan/generic.c:183 [inline] [<ffffffff80475b20>] __asan_load8+0x6e/0x96 mm/kasan/generic.c:256 [<ffffffff8273bc06>] skb_end_pointer include/linux/skbuff.h:1471 [inline] [<ffffffff8273bc06>] skb_is_gso include/linux/skbuff.h:4623 [inline] [<ffffffff8273bc06>] bstats_update include/net/sch_generic.h:863 [inline] [<ffffffff8273bc06>] mini_qdisc_bstats_cpu_update include/net/sch_generic.h:1314 [inline] [<ffffffff8273bc06>] sch_handle_ingress net/core/dev.c:4995 [inline] [<ffffffff8273bc06>] __netif_receive_skb_core+0x111e/0x2730 net/core/dev.c:5211 [<ffffffff8273d2cc>] __netif_receive_skb_one_core+0xb4/0x13a net/core/dev.c:5349 [<ffffffff8273d534>] __netif_receive_skb+0x36/0xd8 net/core/dev.c:5465 [<ffffffff8273e15e>] process_backlog+0x206/0x4bc net/core/dev.c:5797 [<ffffffff82740c14>] __napi_poll+0x7c/0x358 net/core/dev.c:6365 [<ffffffff827418a0>] napi_poll net/core/dev.c:6432 [inline] [<ffffffff827418a0>] net_rx_action+0x5d0/0x702 net/core/dev.c:6519 [<ffffffff831b082c>] __do_softirq+0x274/0x8fc kernel/softirq.c:558 [<ffffffff80060ea0>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] [<ffffffff80060ea0>] do_softirq kernel/softirq.c:459 [inline] [<ffffffff80060ea0>] do_softirq+0x158/0x15a kernel/softirq.c:446 [<ffffffff80061124>] __local_bh_enable_ip+0x282/0x2a4 kernel/softirq.c:383 [<ffffffff831b02e0>] __raw_read_unlock_bh include/linux/rwlock_api_smp.h:257 [inline] [<ffffffff831b02e0>] _raw_read_unlock_bh+0x34/0x40 kernel/locking/spinlock.c:284 [<ffffffff81766032>] wg_socket_send_skb_to_peer+0xf4/0x14c drivers/net/wireguard/socket.c:183 [<ffffffff8175f3b2>] wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline] [<ffffffff8175f3b2>] wg_packet_tx_worker+0x14a/0x5ca drivers/net/wireguard/send.c:276 [<ffffffff80093b44>] process_one_work+0x654/0xffe kernel/workqueue.c:2307 [<ffffffff8009484e>] worker_thread+0x360/0x8fa kernel/workqueue.c:2454 [<ffffffff800a7f58>] kthread+0x19e/0x1fa kernel/kthread.c:377 [<ffffffff80005724>] ret_from_exception+0x0/0x10 ================================================================== Unable to handle kernel paging request at virtual address fffff5ef1aeb1800 Oops [#1] Modules linked in: CPU: 0 PID: 2742 Comm: kworker/0:5 Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) Workqueue: wg-crypt-wg0 wg_packet_tx_worker epc : bytes_is_nonzero mm/kasan/generic.c:85 [inline] epc : memory_is_nonzero mm/kasan/generic.c:102 [inline] epc : memory_is_poisoned_n mm/kasan/generic.c:128 [inline] epc : memory_is_poisoned mm/kasan/generic.c:159 [inline] epc : check_region_inline mm/kasan/generic.c:180 [inline] epc : kasan_check_range+0x102/0x136 mm/kasan/generic.c:189 ra : __kasan_check_write+0x14/0x1c mm/kasan/shadow.c:37 epc : ffffffff80475f7a ra : ffffffff8047658a sp : ffffaf800f9eb4e0 gp : ffffffff85863ac0 tp : ffffaf800d3f48c0 t0 : ffffffff86bcb657 t1 : fffff5ef1aeb1800 t2 : 0000000000000000 s0 : ffffaf800f9eb4f0 s1 : ffffaf802597b140 a0 : fffff5ef1aeb1801 a1 : 0000000000000008 a2 : 0000000000000001 a3 : ffffffff8273bc6e a4 : 0000000000000010 a5 : fffff5ef1aeb1800 a6 : ffffaf80d758c000 a7 : ffffaf80d758c007 s2 : ffffaf800fec94c0 s3 : ffffaf80d758c000 s4 : ffffaf800f9eb6a0 s5 : ffffffff85889780 s6 : ffffaf800c460000 s7 : ffffaf805a9d9c90 s8 : ffffffff8273e0b0 s9 : ffffaf800f9eb760 s10: 0000000000000000 s11: ffffaf800f9eb760 t3 : 0000000061736944 t4 : fffff5ef1aeb1800 t5 : fffff5ef1aeb1801 t6 : ffffaf800f9eaf38 status: 0000000000000120 badaddr: fffff5ef1aeb1800 cause: 000000000000000d [<ffffffff8273bc6e>] instrument_atomic_read_write include/linux/instrumented.h:101 [inline] [<ffffffff8273bc6e>] atomic_long_add include/linux/atomic/atomic-instrumented.h:1294 [inline] [<ffffffff8273bc6e>] u64_stats_add include/linux/u64_stats_sync.h:93 [inline] [<ffffffff8273bc6e>] _bstats_update include/net/sch_generic.h:853 [inline] [<ffffffff8273bc6e>] bstats_update include/net/sch_generic.h:861 [inline] [<ffffffff8273bc6e>] mini_qdisc_bstats_cpu_update include/net/sch_generic.h:1314 [inline] [<ffffffff8273bc6e>] sch_handle_ingress net/core/dev.c:4995 [inline] [<ffffffff8273bc6e>] __netif_receive_skb_core+0x1186/0x2730 net/core/dev.c:5211 [<ffffffff8273d2cc>] __netif_receive_skb_one_core+0xb4/0x13a net/core/dev.c:5349 [<ffffffff8273d534>] __netif_receive_skb+0x36/0xd8 net/core/dev.c:5465 [<ffffffff8273e15e>] process_backlog+0x206/0x4bc net/core/dev.c:5797 [<ffffffff82740c14>] __napi_poll+0x7c/0x358 net/core/dev.c:6365 [<ffffffff827418a0>] napi_poll net/core/dev.c:6432 [inline] [<ffffffff827418a0>] net_rx_action+0x5d0/0x702 net/core/dev.c:6519 [<ffffffff831b082c>] __do_softirq+0x274/0x8fc kernel/softirq.c:558 [<ffffffff80060ea0>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] [<ffffffff80060ea0>] do_softirq kernel/softirq.c:459 [inline] [<ffffffff80060ea0>] do_softirq+0x158/0x15a kernel/softirq.c:446 [<ffffffff80061124>] __local_bh_enable_ip+0x282/0x2a4 kernel/softirq.c:383 [<ffffffff831b02e0>] __raw_read_unlock_bh include/linux/rwlock_api_smp.h:257 [inline] [<ffffffff831b02e0>] _raw_read_unlock_bh+0x34/0x40 kernel/locking/spinlock.c:284 [<ffffffff81766032>] wg_socket_send_skb_to_peer+0xf4/0x14c drivers/net/wireguard/socket.c:183 [<ffffffff8175f3b2>] wg_packet_create_data_done drivers/net/wireguard/send.c:251 [inline] [<ffffffff8175f3b2>] wg_packet_tx_worker+0x14a/0x5ca drivers/net/wireguard/send.c:276 [<ffffffff80093b44>] process_one_work+0x654/0xffe kernel/workqueue.c:2307 [<ffffffff8009484e>] worker_thread+0x360/0x8fa kernel/workqueue.c:2454 [<ffffffff800a7f58>] kthread+0x19e/0x1fa kernel/kthread.c:377 [<ffffffff80005724>] ret_from_exception+0x0/0x10 ---[ end trace 0000000000000000 ]---
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2023/01/30 13:25 | git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes | 0966d385830d | 7374c4e5 | .config | console log | report | info | ci-qemu2-riscv64 | KASAN: null-ptr-deref Read in __netif_receive_skb_core | |||
| 2023/01/19 10:57 | git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes | 0966d385830d | 7374c4e5 | .config | console log | report | info | ci-qemu2-riscv64 | KASAN: null-ptr-deref Read in __netif_receive_skb_core | |||
| 2022/10/01 18:40 | git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes | 0966d385830d | feb56351 | .config | console log | report | info | ci-qemu2-riscv64 | KASAN: null-ptr-deref Read in __netif_receive_skb_core | |||
| 2022/09/15 11:08 | git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes | 0966d385830d | dd9a85ff | .config | console log | report | info | ci-qemu2-riscv64 | KASAN: null-ptr-deref Read in __netif_receive_skb_core | |||
| 2022/07/04 00:51 | git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes | 0966d385830d | 1434eec0 | .config | console log | report | info | ci-qemu2-riscv64 | KASAN: null-ptr-deref Read in __netif_receive_skb_core | |||
| 2022/05/03 23:38 | git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes | 0966d385830d | dc9e5259 | .config | console log | report | info | ci-qemu2-riscv64 | KASAN: null-ptr-deref Read in __netif_receive_skb_core | |||
| 2023/02/06 07:48 | linux-next | 129af7708234 | be607b78 | .config | console log | report | info | ci-upstream-linux-next-kasan-gce-root | general protection fault in __netif_receive_skb_core | |||
| 2022/11/09 23:30 | git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci | 56751c56c2a2 | 5fa28208 | .config | console log | report | info | [disk image] [vmlinux] [kernel image] | ci-upstream-gce-arm64 | BUG: unable to handle kernel paging request in __netif_receive_skb_core |