syzbot

 sign-in | mailing list | source | docs
🐞 Open [1641]
Subsystems
🐞 Fixed [6108]
🐞 Invalid [15307]
Missing Backports [171]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
Total Repo Heatmap Subsystems Heatmap
💬 Send us feedback

kernel BUG in iov_iter_revert (2)

Status: upstream: reported C repro on 2024/10/31 13:07
Subsystems: fuse netfs
[Documentation on labels]
Reported-by: syzbot+404b4b745080b6210c6c@syzkaller.appspotmail.com
Fix commit: 105549d09a53 netfs: Fix enomem handling in buffered reads
Patched on: [ci-qemu-gce-upstream-auto ci-qemu-native-arm64-kvm ci-qemu-upstream ci-qemu-upstream-386 ci-qemu2-arm64 ci-qemu2-arm64-compat ci-qemu2-arm64-mte ci-qemu2-riscv64 ci-snapshot-upstream-root ci-upstream-bpf-kasan-gce ci-upstream-bpf-next-kasan-gce ci-upstream-gce-arm64 ci-upstream-gce-leak ci-upstream-kasan-badwrites-root ci-upstream-kasan-gce ci-upstream-kasan-gce-386 ci-upstream-kasan-gce-root ci-upstream-kasan-gce-selinux-root ci-upstream-kasan-gce-smack-root ci-upstream-kmsan-gce-386-root ci-upstream-kmsan-gce-root ci-upstream-linux-next-kasan-gce-root ci-upstream-net-kasan-gce ci-upstream-net-this-kasan-gce ci2-upstream-fs ci2-upstream-kcsan-gce ci2-upstream-usb], missing on: [ci-qemu2-arm32]
First crash: 151d, last: 76d
Cause bisection: introduced by (bisect log) :
commit 3b97c3652d9128ab7f8c9b8adec6108611fdb153
Author: Joanne Koong <joannelkoong@gmail.com>
Date: Thu Oct 24 17:18:08 2024 +0000

  fuse: convert direct io to use folios

Crash: kernel BUG in iov_iter_revert (log)
Repro: C syz .config
  
Duplicate bugs (3)
duplicates (3):
Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
BUG: unable to handle kernel NULL pointer dereference in fuse_copy_one fuse 9 78d 86d 0/28 closed as dup on 2025/01/06 09:21
KASAN: null-ptr-deref Read in fuse_copy_args fuse 11 84d 116d 0/28 closed as dup on 2025/01/06 09:20
KASAN: out-of-bounds Read in proc_pid_stack fuse syz 3 81d 81d 0/28 closed as dup on 2025/01/06 10:20
Discussions (9)
Title Replies (including bot) Last reply
[PATCH 6.12 009/189] netfs: Fix enomem handling in buffered reads 1 (1) 2025/01/15 10:35
[syzbot] Monthly netfs report (Dec 2024) 0 (1) 2024/12/27 23:25
[PATCH v2] netfs: fix kernel BUG in iov_iter_revert() 8 (8) 2024/12/13 16:13
[PATCH 03/10] netfs: Fix enomem handling in buffered reads 1 (1) 2024/12/13 13:50
Re: Possible locking bug in the block layer [was syzbot: Re: [syzbot] [netfs?] kernel BUG in iov_iter_revert (2)] 3 (3) 2024/12/05 11:19
[syzbot] [netfs?] kernel BUG in iov_iter_revert (2) 4 (11) 2024/12/05 09:59
Re: Possible locking bug in the block layer [was syzbot: Re: [syzbot] [netfs?] kernel BUG in iov_iter_revert (2)] 1 (1) 2024/12/05 04:48
[syzbot] Monthly netfs report (Nov 2024) 0 (1) 2024/11/21 09:50
[PATCH] netfs: fix kernel BUG in iov_iter_revert() 1 (1) 2024/11/01 16:15
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG in iov_iter_revert exfat C done 5 417d 436d 25/28 fixed on 2024/03/28 13:35
Last patch testing requests (8)
Created Duration User Patch Repo Result
2024/12/05 09:39 19m dhowells@redhat.com patch https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git for-6.14/block OK log
2024/12/04 14:11 19m dhowells@redhat.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v6.13-rc1 report log
2024/12/04 13:59 19m dhowells@redhat.com patch git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git v6.13-rc1 OK log
2024/12/02 09:01 19m dmantipov@yandex.ru patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git e70140ba0d2b1a30467d4af6bcfe761327b9ec95 OK log
2024/11/10 15:38 13m retest repro upstream report log
2024/11/10 15:38 13m retest repro upstream report log
2024/11/10 15:38 13m retest repro upstream report log
2024/11/01 14:37 19m dmantipov@yandex.ru patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 6c52d4da1c742cd01a797a4d0a2d3c5a60dc9bfe OK log

Sample crash report:
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc64a4a1064
R13: 00007fc64a403210 R14: 0000000000000001 R15: 0030656c69662f2e
 </TASK>
------------[ cut here ]------------
kernel BUG at lib/iov_iter.c:626!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 5822 Comm: syz-executor370 Not tainted 6.13.0-rc1-syzkaller-00316-gb5f217084ab3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:iov_iter_revert+0x420/0x590 lib/iov_iter.c:626
Code: 42 80 3c 20 00 48 8b 1c 24 74 08 48 89 df e8 47 f2 46 fd 4c 89 2b e9 04 01 00 00 45 85 ed 48 8b 3c 24 75 16 e8 01 30 df fc 90 <0f> 0b 41 83 fd 05 48 8b 3c 24 0f 84 58 01 00 00 48 89 f8 48 c1 e8
RSP: 0018:ffffc900037c7890 EFLAGS: 00010293
RAX: ffffffff84c041bf RBX: 0000000000000010 RCX: ffff888035405a00
RDX: 0000000000000000 RSI: ffffffff8f076430 RDI: ffffc900037c7da0
RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff84c03ea4
R10: 0000000000000004 R11: ffff888035405a00 R12: dffffc0000000000
R13: 0000000000000000 R14: ffffc900037c7d90 R15: fffffffffffffff0
FS:  00007fc64a4036c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020005000 CR3: 0000000033c16000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 fuse_direct_io+0x30b3/0x31f0 fs/fuse/file.c:1667
 fuse_direct_write_iter fs/fuse/file.c:1742 [inline]
 fuse_file_write_iter+0xae2/0xf70 fs/fuse/file.c:1787
 new_sync_write fs/read_write.c:586 [inline]
 vfs_write+0xaeb/0xd30 fs/read_write.c:679
 ksys_write+0x18f/0x2b0 fs/read_write.c:731
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc64a44f279
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 a1 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc64a403208 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007fc64a4d4408 RCX: 00007fc64a44f279
RDX: 0000000000000010 RSI: 0000000020000380 RDI: 0000000000000006
RBP: 00007fc64a4d4400 R08: 00007fc64a402fa7 R09: 0000000000000033
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc64a4a1064
R13: 00007fc64a403210 R14: 0000000000000001 R15: 0030656c69662f2e
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:iov_iter_revert+0x420/0x590 lib/iov_iter.c:626
Code: 42 80 3c 20 00 48 8b 1c 24 74 08 48 89 df e8 47 f2 46 fd 4c 89 2b e9 04 01 00 00 45 85 ed 48 8b 3c 24 75 16 e8 01 30 df fc 90 <0f> 0b 41 83 fd 05 48 8b 3c 24 0f 84 58 01 00 00 48 89 f8 48 c1 e8
RSP: 0018:ffffc900037c7890 EFLAGS: 00010293
RAX: ffffffff84c041bf RBX: 0000000000000010 RCX: ffff888035405a00
RDX: 0000000000000000 RSI: ffffffff8f076430 RDI: ffffc900037c7da0
RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffff84c03ea4
R10: 0000000000000004 R11: ffff888035405a00 R12: dffffc0000000000
R13: 0000000000000000 R14: ffffc900037c7d90 R15: fffffffffffffff0
FS:  00007fc64a4036c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020005000 CR3: 0000000033c16000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (61):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/12/07 15:36 upstream b5f217084ab3 9ac0fdc6 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root kernel BUG in iov_iter_revert
2024/10/27 15:34 upstream 850925a8133c 65e8686b .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in iov_iter_revert
2024/10/27 14:49 upstream 850925a8133c 65e8686b .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in iov_iter_revert
2024/10/27 13:52 upstream 850925a8133c 65e8686b .config console log report syz / log C [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in iov_iter_revert
2024/11/28 09:33 linux-next f486c8aa16b8 5df23865 .config strace log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in iov_iter_revert
2024/12/13 00:22 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 2e7aff49b5da 941924eb .config console log report syz / log C [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 kernel BUG in iov_iter_revert
2025/01/10 12:04 upstream 2144da25584e 67d7ec0a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce kernel BUG in iov_iter_revert
2025/01/10 04:27 upstream 643e2e259c2b 40f46913 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root kernel BUG in iov_iter_revert
2025/01/09 12:33 upstream eea6e4b4dfb8 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce kernel BUG in iov_iter_revert
2025/01/09 09:07 upstream 0b7958fa05d5 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce kernel BUG in iov_iter_revert
2025/01/09 04:20 upstream 0b7958fa05d5 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root kernel BUG in iov_iter_revert
2025/01/07 13:49 upstream fbfd64d25c7a f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce kernel BUG in iov_iter_revert
2025/01/05 08:29 upstream ab75170520d4 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce kernel BUG in iov_iter_revert
2025/01/03 23:16 upstream 0bc21e701a6f f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root kernel BUG in iov_iter_revert
2024/12/31 05:05 upstream ccb98ccef0e5 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root kernel BUG in iov_iter_revert
2024/12/30 03:47 upstream 4099a71718b0 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root kernel BUG in iov_iter_revert
2024/12/29 10:57 upstream 059dd502b263 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root kernel BUG in iov_iter_revert
2024/12/27 16:06 upstream d6ef8b40d075 d3ccff63 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root kernel BUG in iov_iter_revert
2024/12/24 08:36 upstream f07044dd0df0 444551c4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root kernel BUG in iov_iter_revert
2024/12/18 14:53 upstream aef25be35d23 a0626d3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root kernel BUG in iov_iter_revert
2024/12/15 20:15 upstream 2d8308bf5b67 7cbfbb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-smack-root kernel BUG in iov_iter_revert
2024/12/12 17:41 upstream 231825b2e1ff 941924eb .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root kernel BUG in iov_iter_revert
2024/12/09 06:16 upstream 62b5a46999c7 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root kernel BUG in iov_iter_revert
2024/12/06 22:30 upstream b8f52214c61a 9ac0fdc6 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce kernel BUG in iov_iter_revert
2024/12/06 09:23 upstream 5076001689e4 946d28f0 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root kernel BUG in iov_iter_revert
2024/11/28 18:23 upstream b86545e02e8c 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-root kernel BUG in iov_iter_revert
2024/11/28 17:25 upstream b86545e02e8c 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root kernel BUG in iov_iter_revert
2024/11/28 12:40 upstream b86545e02e8c 5df23865 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-selinux-root kernel BUG in iov_iter_revert
2024/12/15 21:01 upstream 2d8308bf5b67 7cbfbb3a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-kasan-gce-386 kernel BUG in iov_iter_revert
2025/01/08 21:45 upstream 0b7958fa05d5 f3558dbf .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in iov_iter_revert
2025/01/07 05:14 upstream fbfd64d25c7a f3558dbf .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in iov_iter_revert
2025/01/04 20:51 upstream ab75170520d4 f3558dbf .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in iov_iter_revert
2025/01/02 20:18 upstream 0bc21e701a6f d3ccff63 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in iov_iter_revert
2025/01/01 09:28 upstream ccb98ccef0e5 d3ccff63 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in iov_iter_revert
2024/12/28 12:26 upstream fd0584d220fe d3ccff63 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in iov_iter_revert
2024/12/24 05:14 upstream f07044dd0df0 444551c4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in iov_iter_revert
2024/12/24 02:19 upstream f07044dd0df0 444551c4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in iov_iter_revert
2024/12/23 13:21 upstream 4bbf9020becb 444551c4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in iov_iter_revert
2024/12/18 01:47 upstream 59dbb9d81adf a0626d3a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream kernel BUG in iov_iter_revert
2024/10/27 13:02 upstream 850925a8133c 65e8686b .config console log report [disk image (non-bootable)] [vmlinux] [kernel image] ci-snapshot-upstream-root kernel BUG in iov_iter_revert
2025/01/10 06:21 upstream 643e2e259c2b 67d7ec0a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2025/01/09 21:23 upstream eea6e4b4dfb8 9220929f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2025/01/09 00:02 upstream 0b7958fa05d5 f3558dbf .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2025/01/08 16:47 upstream 09a0fa92e5b4 f3558dbf .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2024/12/30 18:54 upstream fc033cf25e61 d3ccff63 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2024/12/30 18:52 upstream fc033cf25e61 d3ccff63 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2024/12/18 13:00 upstream aef25be35d23 a0626d3a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2024/12/14 13:51 upstream a446e965a188 7cbfbb3a .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2024/12/10 22:35 upstream 7cb1b4663150 cfc402b4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2024/12/10 14:18 upstream 7cb1b4663150 cfc402b4 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2024/12/02 19:25 upstream e70140ba0d2b b499ea68 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2024/12/01 00:06 upstream d8b78066f4c9 68914665 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2024/12/01 00:03 upstream d8b78066f4c9 68914665 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2024/11/29 00:28 upstream 65ae975e97d5 5df23865 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2024/11/28 17:43 upstream b86545e02e8c 5df23865 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2024/11/27 21:33 upstream aaf20f870da0 5df23865 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 kernel BUG in iov_iter_revert
2024/11/26 20:50 linux-next ed9a4ad6e5bd 11dbc254 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in iov_iter_revert
2024/11/22 00:01 linux-next ac24e26aa08f 4b25d554 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root kernel BUG in iov_iter_revert
2025/01/06 21:36 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 573067a5a685 f3558dbf .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 kernel BUG in iov_iter_revert
2024/12/11 06:25 git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-kernelci 146ff2c261f3 cfc402b4 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-gce-arm64 kernel BUG in iov_iter_revert
* Struck through repros no longer work on HEAD.