| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | general protection fault in ep_poll_callback ext4 | C | done | unreliable | 1 | 439d | 602d | 0/28 | auto-obsoleted due to no activity on 2024/04/09 00:26 |
syzbot |
sign-in | mailing list | source | docs |
| Kernel | Title | Repro | Cause bisect | Fix bisect | Count | Last | Reported | Patched | Status |
|---|---|---|---|---|---|---|---|---|---|
| upstream | general protection fault in ep_poll_callback ext4 | C | done | unreliable | 1 | 439d | 602d | 0/28 | auto-obsoleted due to no activity on 2024/04/09 00:26 |
================================================================== BUG: KASAN: wild-memory-access in __wake_up_common+0x108/0x236 kernel/sched/wait.c:101 Read of size 8 at addr 3120382032332033 by task sshd/2015 CPU: 1 PID: 2015 Comm: sshd Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) Call Trace: [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:113 [<ffffffff831668cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:119 [<ffffffff831756ba>] __dump_stack lib/dump_stack.c:88 [inline] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150 lib/dump_stack.c:106 [<ffffffff80474da6>] __kasan_report mm/kasan/report.c:446 [inline] [<ffffffff80474da6>] kasan_report+0x1de/0x1e0 mm/kasan/report.c:459 [<ffffffff80475b20>] check_region_inline mm/kasan/generic.c:183 [inline] [<ffffffff80475b20>] __asan_load8+0x6e/0x96 mm/kasan/generic.c:256 [<ffffffff800f76ca>] __wake_up_common+0x108/0x236 kernel/sched/wait.c:101 [<ffffffff800f78ce>] __wake_up_common_lock+0xd6/0x136 kernel/sched/wait.c:138 [<ffffffff800f793e>] __wake_up+0x10/0x18 kernel/sched/wait.c:157 [<ffffffff80587a32>] ep_poll_callback+0x194/0xa40 fs/eventpoll.c:1201 [<ffffffff800f7678>] __wake_up_common+0xb6/0x236 kernel/sched/wait.c:108 [<ffffffff800f78ce>] __wake_up_common_lock+0xd6/0x136 kernel/sched/wait.c:138 [<ffffffff800f795a>] __wake_up_sync_key+0x14/0x1e kernel/sched/wait.c:205 [<ffffffff826e2060>] sock_def_readable+0xe4/0x50e net/core/sock.c:3147 [<ffffffff82b406b6>] tcp_data_ready+0xa6/0x2e0 net/ipv4/tcp_input.c:4977 [<ffffffff82b44240>] tcp_rcv_established+0x146a/0x15e6 net/ipv4/tcp_input.c:5916 [<ffffffff82b6c712>] tcp_v4_do_rcv+0x4b4/0x66e net/ipv4/tcp_ipv4.c:1719 [<ffffffff82b710c2>] tcp_v4_rcv+0x1d22/0x1f46 net/ipv4/tcp_ipv4.c:2119 [<ffffffff82aeb282>] ip_protocol_deliver_rcu+0x9c/0x8c0 net/ipv4/ip_input.c:204 [<ffffffff82aebbd2>] ip_local_deliver_finish+0x12c/0x278 net/ipv4/ip_input.c:231 [<ffffffff82aebe7e>] NF_HOOK include/linux/netfilter.h:307 [inline] [<ffffffff82aebe7e>] NF_HOOK include/linux/netfilter.h:301 [inline] [<ffffffff82aebe7e>] ip_local_deliver+0x160/0x464 net/ipv4/ip_input.c:252 [<ffffffff82aead94>] dst_input include/net/dst.h:461 [inline] [<ffffffff82aead94>] ip_rcv_finish+0x162/0x1f6 net/ipv4/ip_input.c:429 [<ffffffff82aec256>] NF_HOOK include/linux/netfilter.h:307 [inline] [<ffffffff82aec256>] NF_HOOK include/linux/netfilter.h:301 [inline] [<ffffffff82aec256>] ip_rcv+0xd4/0x3be net/ipv4/ip_input.c:540 [<ffffffff8273d308>] __netif_receive_skb_one_core+0xf0/0x13a net/core/dev.c:5351 [<ffffffff8273d534>] __netif_receive_skb+0x36/0xd8 net/core/dev.c:5465 [<ffffffff8273e15e>] process_backlog+0x206/0x4bc net/core/dev.c:5797 [<ffffffff82740c14>] __napi_poll+0x7c/0x358 net/core/dev.c:6365 [<ffffffff827418a0>] napi_poll net/core/dev.c:6432 [inline] [<ffffffff827418a0>] net_rx_action+0x5d0/0x702 net/core/dev.c:6519 [<ffffffff831b082c>] __do_softirq+0x274/0x8fc kernel/softirq.c:558 [<ffffffff80060ea0>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] [<ffffffff80060ea0>] do_softirq kernel/softirq.c:459 [inline] [<ffffffff80060ea0>] do_softirq+0x158/0x15a kernel/softirq.c:446 [<ffffffff80061124>] __local_bh_enable_ip+0x282/0x2a4 kernel/softirq.c:383 [<ffffffff82af5eaa>] local_bh_enable include/linux/bottom_half.h:33 [inline] [<ffffffff82af5eaa>] rcu_read_unlock_bh include/linux/rcupdate.h:764 [inline] [<ffffffff82af5eaa>] ip_finish_output2+0x57c/0x1720 net/ipv4/ip_output.c:222 [<ffffffff82af8978>] __ip_finish_output net/ipv4/ip_output.c:299 [inline] [<ffffffff82af8978>] __ip_finish_output+0x25a/0x3ee net/ipv4/ip_output.c:281 [<ffffffff82af8b4a>] ip_finish_output+0x3e/0x176 net/ipv4/ip_output.c:309 [<ffffffff82af8e52>] NF_HOOK_COND include/linux/netfilter.h:296 [inline] [<ffffffff82af8e52>] ip_output+0x1d0/0x2d0 net/ipv4/ip_output.c:423 [<ffffffff82afbbce>] dst_output include/net/dst.h:451 [inline] [<ffffffff82afbbce>] ip_local_out net/ipv4/ip_output.c:126 [inline] [<ffffffff82afbbce>] __ip_queue_xmit+0x4a0/0xeb2 net/ipv4/ip_output.c:525 [<ffffffff82afc616>] ip_queue_xmit+0x36/0x44 net/ipv4/ip_output.c:539 [<ffffffff82b4fd54>] __tcp_transmit_skb+0xce4/0x1f5e net/ipv4/tcp_output.c:1402 [<ffffffff82b54b90>] tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline] [<ffffffff82b54b90>] tcp_write_xmit+0xd40/0x3344 net/ipv4/tcp_output.c:2680 [<ffffffff82b5720e>] __tcp_push_pending_frames+0x7a/0x22c net/ipv4/tcp_output.c:2864 [<ffffffff82b192c2>] tcp_push+0x19c/0x3b4 net/ipv4/tcp.c:725 [<ffffffff82b1b71e>] tcp_sendmsg_locked+0x5fc/0x1d9e net/ipv4/tcp.c:1412 [<ffffffff82b1cef2>] tcp_sendmsg+0x32/0x4e net/ipv4/tcp.c:1440 [<ffffffff82bbe3e6>] inet_sendmsg+0x74/0x94 net/ipv4/af_inet.c:819 [<ffffffff826d264e>] sock_sendmsg_nosec net/socket.c:705 [inline] [<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4 net/socket.c:725 [<ffffffff826d2832>] sock_write_iter+0x1c0/0x272 net/socket.c:1061 [<ffffffff804c4ce0>] call_write_iter include/linux/fs.h:2074 [inline] [<ffffffff804c4ce0>] new_sync_write+0x296/0x3aa fs/read_write.c:503 [<ffffffff804c86f4>] vfs_write+0x2de/0x334 fs/read_write.c:590 [<ffffffff804c8b68>] ksys_write+0x1c4/0x224 fs/read_write.c:643 [<ffffffff804c8bf0>] __do_sys_write fs/read_write.c:655 [inline] [<ffffffff804c8bf0>] sys_write+0x28/0x36 fs/read_write.c:652 [<ffffffff80005716>] ret_from_syscall+0x0/0x2 ================================================================== Unable to handle kernel paging request at virtual address 3120382032332033 Oops [#1] Modules linked in: CPU: 1 PID: 2015 Comm: sshd Tainted: G B 5.17.0-rc1-syzkaller-00002-g0966d385830d #0 Hardware name: riscv-virtio,qemu (DT) epc : __wake_up_common+0x108/0x236 kernel/sched/wait.c:101 ra : __wake_up_common+0x108/0x236 kernel/sched/wait.c:101 epc : ffffffff800f76ca ra : ffffffff800f76ca sp : ffffaf800c456200 gp : ffffffff85863ac0 tp : ffffaf800ba88000 t0 : ffffffff86bd9f98 t1 : fffff5ef0b53c90c t2 : 0000000000000000 s0 : ffffaf800c456270 s1 : ffffffff8451f618 a0 : 0000000000000001 a1 : 0000000000000003 a2 : 1ffff5f001751001 a3 : ffffffff831afd3a a4 : 0000000000000000 a5 : ffffaf800ba89000 a6 : 0000000000f00000 a7 : ffffaf805a9e4863 s2 : 312038203233201b s3 : 3120382032332033 s4 : 0000000000000000 s5 : ffffaf800b7568d0 s6 : ffffaf800c4562b0 s7 : 0000000000000001 s8 : 0000000000000003 s9 : 0000000000000000 s10: 0000000000000000 s11: 0000000032203634 t3 : 00000000746e6961 t4 : fffff5ef0b53c90c t5 : fffff5ef0b53c90d t6 : ffffffff86bd9fc7 status: 0000000000000100 badaddr: 3120382032332033 cause: 000000000000000d [<ffffffff800f78ce>] __wake_up_common_lock+0xd6/0x136 kernel/sched/wait.c:138 [<ffffffff800f793e>] __wake_up+0x10/0x18 kernel/sched/wait.c:157 [<ffffffff80587a32>] ep_poll_callback+0x194/0xa40 fs/eventpoll.c:1201 [<ffffffff800f7678>] __wake_up_common+0xb6/0x236 kernel/sched/wait.c:108 [<ffffffff800f78ce>] __wake_up_common_lock+0xd6/0x136 kernel/sched/wait.c:138 [<ffffffff800f795a>] __wake_up_sync_key+0x14/0x1e kernel/sched/wait.c:205 [<ffffffff826e2060>] sock_def_readable+0xe4/0x50e net/core/sock.c:3147 [<ffffffff82b406b6>] tcp_data_ready+0xa6/0x2e0 net/ipv4/tcp_input.c:4977 [<ffffffff82b44240>] tcp_rcv_established+0x146a/0x15e6 net/ipv4/tcp_input.c:5916 [<ffffffff82b6c712>] tcp_v4_do_rcv+0x4b4/0x66e net/ipv4/tcp_ipv4.c:1719 [<ffffffff82b710c2>] tcp_v4_rcv+0x1d22/0x1f46 net/ipv4/tcp_ipv4.c:2119 [<ffffffff82aeb282>] ip_protocol_deliver_rcu+0x9c/0x8c0 net/ipv4/ip_input.c:204 [<ffffffff82aebbd2>] ip_local_deliver_finish+0x12c/0x278 net/ipv4/ip_input.c:231 [<ffffffff82aebe7e>] NF_HOOK include/linux/netfilter.h:307 [inline] [<ffffffff82aebe7e>] NF_HOOK include/linux/netfilter.h:301 [inline] [<ffffffff82aebe7e>] ip_local_deliver+0x160/0x464 net/ipv4/ip_input.c:252 [<ffffffff82aead94>] dst_input include/net/dst.h:461 [inline] [<ffffffff82aead94>] ip_rcv_finish+0x162/0x1f6 net/ipv4/ip_input.c:429 [<ffffffff82aec256>] NF_HOOK include/linux/netfilter.h:307 [inline] [<ffffffff82aec256>] NF_HOOK include/linux/netfilter.h:301 [inline] [<ffffffff82aec256>] ip_rcv+0xd4/0x3be net/ipv4/ip_input.c:540 [<ffffffff8273d308>] __netif_receive_skb_one_core+0xf0/0x13a net/core/dev.c:5351 [<ffffffff8273d534>] __netif_receive_skb+0x36/0xd8 net/core/dev.c:5465 [<ffffffff8273e15e>] process_backlog+0x206/0x4bc net/core/dev.c:5797 [<ffffffff82740c14>] __napi_poll+0x7c/0x358 net/core/dev.c:6365 [<ffffffff827418a0>] napi_poll net/core/dev.c:6432 [inline] [<ffffffff827418a0>] net_rx_action+0x5d0/0x702 net/core/dev.c:6519 [<ffffffff831b082c>] __do_softirq+0x274/0x8fc kernel/softirq.c:558 [<ffffffff80060ea0>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline] [<ffffffff80060ea0>] do_softirq kernel/softirq.c:459 [inline] [<ffffffff80060ea0>] do_softirq+0x158/0x15a kernel/softirq.c:446 [<ffffffff80061124>] __local_bh_enable_ip+0x282/0x2a4 kernel/softirq.c:383 [<ffffffff82af5eaa>] local_bh_enable include/linux/bottom_half.h:33 [inline] [<ffffffff82af5eaa>] rcu_read_unlock_bh include/linux/rcupdate.h:764 [inline] [<ffffffff82af5eaa>] ip_finish_output2+0x57c/0x1720 net/ipv4/ip_output.c:222 [<ffffffff82af8978>] __ip_finish_output net/ipv4/ip_output.c:299 [inline] [<ffffffff82af8978>] __ip_finish_output+0x25a/0x3ee net/ipv4/ip_output.c:281 [<ffffffff82af8b4a>] ip_finish_output+0x3e/0x176 net/ipv4/ip_output.c:309 [<ffffffff82af8e52>] NF_HOOK_COND include/linux/netfilter.h:296 [inline] [<ffffffff82af8e52>] ip_output+0x1d0/0x2d0 net/ipv4/ip_output.c:423 [<ffffffff82afbbce>] dst_output include/net/dst.h:451 [inline] [<ffffffff82afbbce>] ip_local_out net/ipv4/ip_output.c:126 [inline] [<ffffffff82afbbce>] __ip_queue_xmit+0x4a0/0xeb2 net/ipv4/ip_output.c:525 [<ffffffff82afc616>] ip_queue_xmit+0x36/0x44 net/ipv4/ip_output.c:539 [<ffffffff82b4fd54>] __tcp_transmit_skb+0xce4/0x1f5e net/ipv4/tcp_output.c:1402 [<ffffffff82b54b90>] tcp_transmit_skb net/ipv4/tcp_output.c:1420 [inline] [<ffffffff82b54b90>] tcp_write_xmit+0xd40/0x3344 net/ipv4/tcp_output.c:2680 [<ffffffff82b5720e>] __tcp_push_pending_frames+0x7a/0x22c net/ipv4/tcp_output.c:2864 [<ffffffff82b192c2>] tcp_push+0x19c/0x3b4 net/ipv4/tcp.c:725 [<ffffffff82b1b71e>] tcp_sendmsg_locked+0x5fc/0x1d9e net/ipv4/tcp.c:1412 [<ffffffff82b1cef2>] tcp_sendmsg+0x32/0x4e net/ipv4/tcp.c:1440 [<ffffffff82bbe3e6>] inet_sendmsg+0x74/0x94 net/ipv4/af_inet.c:819 [<ffffffff826d264e>] sock_sendmsg_nosec net/socket.c:705 [inline] [<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4 net/socket.c:725 [<ffffffff826d2832>] sock_write_iter+0x1c0/0x272 net/socket.c:1061 [<ffffffff804c4ce0>] call_write_iter include/linux/fs.h:2074 [inline] [<ffffffff804c4ce0>] new_sync_write+0x296/0x3aa fs/read_write.c:503 [<ffffffff804c86f4>] vfs_write+0x2de/0x334 fs/read_write.c:590 [<ffffffff804c8b68>] ksys_write+0x1c4/0x224 fs/read_write.c:643 [<ffffffff804c8bf0>] __do_sys_write fs/read_write.c:655 [inline] [<ffffffff804c8bf0>] sys_write+0x28/0x36 fs/read_write.c:652 [<ffffffff80005716>] ret_from_syscall+0x0/0x2
| Time | Kernel | Commit | Syzkaller | Config | Log | Report | Syz repro | C repro | VM info | Assets (help?) | Manager | Title |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2022/11/22 11:22 | git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes | 0966d385830d | 1c8e10bc | .config | console log | report | info | ci-qemu2-riscv64 | KASAN: wild-memory-access Read in ep_poll_callback | |||
| 2022/12/10 02:57 | git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes | 0966d385830d | 67be1ae7 | .config | console log | report | info | ci-qemu2-riscv64 | KASAN: null-ptr-deref Read in ep_poll_callback |