syzbot


kernel BUG at fs/pipe.c:LINE!

Status: fixed on 2020/01/08 01:06
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+d37abaade33a934f16f2@syzkaller.appspotmail.com
Fix commit: 8c7b8c34ae95 pipe: Remove assertion from pipe_poll()
First crash: 1579d, last: 1572d
Cause bisection: introduced by (bisect log) :
commit 8cefc107ca54c8b06438b7dc9cc08bc0a11d5b98
Author: David Howells <dhowells@redhat.com>
Date: Fri Nov 15 13:30:32 2019 +0000

  pipe: Use head and tail pointers for the ring, not cursor and length

Crash: kernel BUG at fs/pipe.c:LINE! (log)
Repro: C syz .config
  
Discussions (3)
Title Replies (including bot) Last reply
[PATCH 0/2] pipe: Fixes [ver #2] 41 (41) 2019/12/19 16:35
[PATCH 0/2] pipe: Fixes 5 (5) 2019/12/05 17:42
kernel BUG at fs/pipe.c:LINE! 3 (4) 2019/12/05 13:06

Sample crash report:
------------[ cut here ]------------
kernel BUG at fs/pipe.c:582!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 9748 Comm: syz-executor888 Not tainted 5.4.0-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:pipe_poll+0x37f/0x400 fs/pipe.c:582
Code: ff 85 db 75 09 e8 b1 ee b5 ff 41 83 ce 08 e8 a8 ee b5 ff 44 89 f0 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 91 ee b5 ff <0f> 0b e8 ca 40 f3 ff e9 ed fc ff ff e8 c0 40 f3 ff e9 b3 fd ff ff
RSP: 0018:ffff8880a7d97698 EFLAGS: 00010293
RAX: ffff88808da96300 RBX: ffff8880a116b000 RCX: ffffffff81bef79a
RDX: 0000000000000000 RSI: ffffffff81bef9bf RDI: 0000000000000004
RBP: ffff8880a7d976d0 R08: ffff88808da96300 R09: ffff88808da96b90
R10: fffffbfff146e190 R11: ffffffff8a370c87 R12: ffff88809b986d40
R13: 00000000ffffffff R14: 0000000000000001 R15: 000000000000071b
FS:  00007f6eec84c700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000021000000 CR3: 0000000093a9e000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 vfs_poll include/linux/poll.h:90 [inline]
 do_select+0x922/0x16f0 fs/select.c:534
 core_sys_select+0x53c/0x8c0 fs/select.c:677
 do_pselect.constprop.0+0x199/0x1e0 fs/select.c:759
 __do_sys_pselect6 fs/select.c:784 [inline]
 __se_sys_pselect6 fs/select.c:769 [inline]
 __x64_sys_pselect6+0x1fc/0x2e0 fs/select.c:769
 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x44af59
Code: e8 2c ce 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab cc fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f6eec84bda8 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
RAX: ffffffffffffffda RBX: 00000000006dcc88 RCX: 000000000044af59
RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000040
RBP: 00000000006dcc80 R08: 0000000020000200 R09: 0000000000000000
R10: 0000000020000040 R11: 0000000000000246 R12: 00000000006dcc8c
R13: 00007fffa2f4373f R14: 00007f6eec84c9c0 R15: 0000000000000007
Modules linked in:
---[ end trace b125e60b63a3d289 ]---
RIP: 0010:pipe_poll+0x37f/0x400 fs/pipe.c:582
Code: ff 85 db 75 09 e8 b1 ee b5 ff 41 83 ce 08 e8 a8 ee b5 ff 44 89 f0 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 91 ee b5 ff <0f> 0b e8 ca 40 f3 ff e9 ed fc ff ff e8 c0 40 f3 ff e9 b3 fd ff ff
RSP: 0018:ffff8880a7d97698 EFLAGS: 00010293
RAX: ffff88808da96300 RBX: ffff8880a116b000 RCX: ffffffff81bef79a
RDX: 0000000000000000 RSI: ffffffff81bef9bf RDI: 0000000000000004
RBP: ffff8880a7d976d0 R08: ffff88808da96300 R09: ffff88808da96b90
R10: fffffbfff146e190 R11: ffffffff8a370c87 R12: ffff88809b986d40
R13: 00000000ffffffff R14: 0000000000000001 R15: 000000000000071b
FS:  00007f6eec84c700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020e00000 CR3: 0000000093a9e000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (693):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2019/12/02 15:59 upstream ceb307474506 f879db37 .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/12/02 03:43 upstream b94ae8ad9fe7 f879db37 .config console log report syz C ci-upstream-kasan-gce-root
2019/12/01 18:24 upstream b94ae8ad9fe7 a76bf83f .config console log report syz C ci-upstream-kasan-gce-smack-root
2019/12/01 17:12 upstream b94ae8ad9fe7 a76bf83f .config console log report syz C ci-upstream-kasan-gce-selinux-root
2019/12/01 16:45 upstream b94ae8ad9fe7 a76bf83f .config console log report syz C ci-upstream-kasan-gce-root
2019/12/02 14:10 upstream ceb307474506 f879db37 .config console log report syz ci-upstream-kasan-gce-selinux-root
2019/12/06 01:49 upstream 2f13437b8917 4fb74474 .config console log report ci-upstream-kasan-gce-root
2019/12/05 21:44 upstream 2f13437b8917 4fb74474 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/05 19:38 upstream 2f13437b8917 4fb74474 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/05 18:17 upstream 2f13437b8917 4fb74474 .config console log report ci-upstream-kasan-gce
2019/12/05 16:06 upstream 2f13437b8917 4fb74474 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/05 14:37 upstream 2f13437b8917 4fb74474 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/05 13:29 upstream aedc0650f913 b2088328 .config console log report ci-upstream-kasan-gce
2019/12/05 07:18 upstream aedc0650f913 b2088328 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/05 05:47 upstream 63de37476ebd b2088328 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/05 05:20 upstream 63de37476ebd b2088328 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/05 04:04 upstream 63de37476ebd b2088328 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/05 00:31 upstream 63de37476ebd b2088328 .config console log report ci-upstream-kasan-gce-root
2019/12/04 23:59 upstream 63de37476ebd b2088328 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/04 22:55 upstream aedc0650f913 b2088328 .config console log report ci-qemu-upstream
2019/12/04 21:06 upstream 63de37476ebd b2088328 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/04 19:11 upstream 63de37476ebd b2088328 .config console log report ci-upstream-kasan-gce-root
2019/12/04 18:58 upstream 63de37476ebd b2088328 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/04 17:26 upstream 63de37476ebd b2088328 .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/02 18:05 upstream ceb307474506 f879db37 .config console log report ci-upstream-kasan-gce-smack-root
2019/12/01 13:52 upstream b94ae8ad9fe7 a76bf83f .config console log report ci-upstream-kasan-gce-selinux-root
2019/12/08 22:11 net-old 0fc75219fe9a 1508f453 .config console log report ci-upstream-net-this-kasan-gce
2019/12/06 19:01 bpf ae72555b4104 85f26751 .config console log report ci-upstream-bpf-kasan-gce
2019/12/06 16:57 bpf ae72555b4104 85f26751 .config console log report ci-upstream-bpf-kasan-gce
2019/12/05 10:43 bpf ef8c84effce3 b2088328 .config console log report ci-upstream-bpf-kasan-gce
2019/12/03 18:06 net-next-old 596cf45cbf6e ae13a849 .config console log report ci-upstream-net-kasan-gce
2019/12/07 10:02 linux-next 838333c80c4f 85f26751 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/07 09:01 linux-next 838333c80c4f 85f26751 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/07 07:02 linux-next 838333c80c4f 85f26751 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/07 06:01 linux-next 838333c80c4f 85f26751 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/07 02:39 linux-next 838333c80c4f 85f26751 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/07 02:35 linux-next 838333c80c4f 85f26751 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/07 01:23 linux-next 838333c80c4f 85f26751 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/06 23:24 linux-next 838333c80c4f 85f26751 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/06 21:09 linux-next 838333c80c4f 85f26751 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/06 19:17 linux-next 838333c80c4f 85f26751 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/06 17:58 linux-next 838333c80c4f 85f26751 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/06 15:51 linux-next 838333c80c4f 98b4ef2d .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/06 14:36 linux-next 838333c80c4f 98b4ef2d .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/06 13:07 linux-next 838333c80c4f 98b4ef2d .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/06 12:18 linux-next 838333c80c4f 98b4ef2d .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/06 10:10 linux-next 838333c80c4f 98b4ef2d .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/06 08:34 linux-next 838333c80c4f 98b4ef2d .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/06 05:32 linux-next 282ffdf30a3e 98b4ef2d .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/06 04:14 linux-next 282ffdf30a3e 98b4ef2d .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/05 22:51 linux-next 282ffdf30a3e 4fb74474 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/05 20:42 linux-next 282ffdf30a3e 4fb74474 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/05 15:46 linux-next 282ffdf30a3e 4fb74474 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/05 12:20 linux-next 282ffdf30a3e b2088328 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/05 09:25 linux-next 282ffdf30a3e b2088328 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/05 08:18 linux-next 282ffdf30a3e b2088328 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/05 03:43 linux-next c7c32c43e831 b2088328 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/05 02:38 linux-next c7c32c43e831 b2088328 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/05 01:32 linux-next c7c32c43e831 b2088328 .config console log report ci-upstream-linux-next-kasan-gce-root
2019/12/04 17:33 linux-next c7c32c43e831 b2088328 .config console log report ci-upstream-linux-next-kasan-gce-root
* Struck through repros no longer work on HEAD.