syzbot |
sign-in | mailing list | source | docs |
🐞 Open [49] 🐞 Fixed [59] 🐞 Invalid [85] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes | 💬 Send us feedback |
Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
---|---|---|---|---|---|---|---|---|---|
upstream | KASAN: stack-out-of-bounds Read in iov_iter_revert io-uring | C | error | 14 | 580d | 597d | 22/24 | fixed on 2021/11/10 00:50 | |
linux-4.19 | KASAN: stack-out-of-bounds Read in iov_iter_revert | C | error | 26 | 64d | 624d | 0/1 | upstream: reported C repro on 2021/07/16 11:05 | |
android-54 | KASAN: stack-out-of-bounds Read in iov_iter_revert | C | 37 | 906d | 955d | 0/2 | upstream: reported C repro on 2020/08/19 17:37 | ||
linux-4.14 | KASAN: stack-out-of-bounds Read in iov_iter_revert xfs | C | error | 8 | 63d | 566d | 0/1 | upstream: reported C repro on 2021/09/12 17:39 |
================================================================== BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x269/0xa30 lib/iov_iter.c:1144 Read of size 8 at addr ffffc9000022ef38 by task syz-executor921/366 CPU: 0 PID: 366 Comm: syz-executor921 Not tainted 5.10.75-syzkaller-01082-g234d53d2bb60 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack_lvl+0x1e2/0x24b lib/dump_stack.c:118 print_address_description+0x8d/0x3d0 mm/kasan/report.c:233 __kasan_report+0x142/0x220 mm/kasan/report.c:419 kasan_report+0x51/0x70 mm/kasan/report.c:436 __asan_report_load8_noabort+0x14/0x20 mm/kasan/report_generic.c:309 iov_iter_revert+0x269/0xa30 lib/iov_iter.c:1144 io_write+0xaf1/0xf80 fs/io_uring.c:3615 io_issue_sqe+0x1397/0xfc10 fs/io_uring.c:6030 __io_queue_sqe+0x2cf/0x2fa0 fs/io_uring.c:6352 io_queue_sqe+0x295/0x1180 fs/io_uring.c:6418 io_submit_sqe+0x385/0xfd0 fs/io_uring.c:6487 io_submit_sqes+0x1050/0x2da0 fs/io_uring.c:6715 __do_sys_io_uring_enter fs/io_uring.c:9110 [inline] __se_sys_io_uring_enter+0x322/0x12b0 fs/io_uring.c:9052 __x64_sys_io_uring_enter+0xe5/0x100 fs/io_uring.c:9052 do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7fad2a468a59 Code: 28 c3 e8 1a 15 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffcb1010af8 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fad2a468a59 RDX: 0000000000000000 RSI: 0000000000007cdc RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcb1010b20 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 addr ffffc9000022ef38 is located in stack of task syz-executor921/366 at offset 24 in frame: io_write+0x0/0xf80 include/trace/events/io_uring.h:360 this frame has 3 objects: [32, 160) 'inline_vecs' [192, 200) 'iovec' [224, 264) '__iter' Memory state around the buggy address: ffffc9000022ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc9000022ee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc9000022ef00: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00
Manager | Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
ci2-android-5-10 | 2022/03/27 11:22 | android12-5.10-lts | ab2d1d40a128 | d50eb50a | .config | console log | report | syz | C | |||
ci2-android-5-10 | 2022/02/25 05:44 | android12-5.10-lts | cbfab5c59cf6 | d50eb50a | .config | console log | report | syz | C | |||
ci2-android-5-10 | 2022/01/26 03:07 | android12-5.10-lts | 0347b1658399 | d50eb50a | .config | console log | report | syz | C | |||
ci2-android-5-10 | 2021/12/27 02:34 | android12-5.10-lts | c4d08791d941 | d50eb50a | .config | console log | report | syz | C |
Manager | Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets | Title |
---|---|---|---|---|---|---|---|---|---|---|---|---|
ci2-android-5-10 | 2021/10/26 19:43 | android12-5.10-lts | 234d53d2bb60 | d50eb50a | .config | console log | report | syz | C | KASAN: stack-out-of-bounds Read in iov_iter_revert | ||
ci2-android-5-10 | 2021/10/25 22:24 | android12-5.10-lts | 234d53d2bb60 | c1132b49 | .config | console log | report | syz | C | KASAN: stack-out-of-bounds Read in iov_iter_revert | ||
ci2-android-5-10 | 2021/11/27 01:38 | android12-5.10-lts | 76698ea35fd3 | 63eeac02 | .config | console log | report | info | KASAN: stack-out-of-bounds Read in iov_iter_revert | |||
ci2-android-5-10 | 2021/11/24 17:05 | android12-5.10-lts | 76698ea35fd3 | 545ab074 | .config | console log | report | info | KASAN: stack-out-of-bounds Read in iov_iter_revert | |||
ci2-android-5-10 | 2021/11/16 07:44 | android12-5.10-lts | 76698ea35fd3 | 75b04091 | .config | console log | report | info | KASAN: stack-out-of-bounds Read in iov_iter_revert | |||
ci2-android-5-10 | 2021/11/06 07:23 | android12-5.10-lts | 76698ea35fd3 | 4c1be0be | .config | console log | report | info | KASAN: stack-out-of-bounds Read in iov_iter_revert | |||
ci2-android-5-10 | 2021/11/05 05:08 | android12-5.10-lts | 76698ea35fd3 | 4c1be0be | .config | console log | report | info | KASAN: stack-out-of-bounds Read in iov_iter_revert | |||
ci2-android-5-10 | 2021/11/04 21:06 | android12-5.10-lts | 76698ea35fd3 | 4c1be0be | .config | console log | report | info | KASAN: stack-out-of-bounds Read in iov_iter_revert | |||
ci2-android-5-10 | 2021/10/29 22:55 | android12-5.10-lts | 4944ec82ebb9 | 2353a3ec | .config | console log | report | info | KASAN: stack-out-of-bounds Read in iov_iter_revert | |||
ci2-android-5-10 | 2021/10/25 22:09 | android12-5.10-lts | 234d53d2bb60 | c1132b49 | .config | console log | report | info | KASAN: stack-out-of-bounds Read in iov_iter_revert |