syzbot


WARNING in iov_iter_revert

Status: fixed on 2018/08/07 13:43
Subsystems: net
[Documentation on labels]
Reported-by: syzbot+c226690f7b3126c5ee04@syzkaller.appspotmail.com
Fix commit: 32da12216e46 tls: Stricter error checking in zerocopy sendmsg path
First crash: 2204d, last: 2137d
Discussions (5)
Title Replies (including bot) Last reply
[PATCH 4.17 000/101] 4.17.9-stable review 100 (101) 2018/07/22 11:42
[PATCH 4.14 00/92] 4.14.57-stable review 91 (92) 2018/07/21 13:41
[PATCH net] tls: Stricter error checking in zerocopy sendmsg path 2 (2) 2018/07/16 20:32
WARNING in iov_iter_revert 1 (1) 2018/05/30 04:58
WARNING in iov_iter_revert 0 (1) 2018/05/13 16:28
Similar bugs (5)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in iov_iter_revert (2) serial C done 9 1192d 1193d 20/26 fixed on 2021/04/09 19:46
linux-6.1 WARNING in iov_iter_revert origin:lts-only C done 1 230d 285d 0/3 upstream: reported C repro on 2023/08/13 18:12
upstream WARNING in iov_iter_revert (4) ntfs3 C done error 4 299d 351d 0/26 auto-obsoleted due to no activity on 2023/11/08 23:39
upstream WARNING in iov_iter_revert (3) ntfs3 C error error 26 488d 546d 0/26 auto-obsoleted due to no activity on 2023/05/23 03:07
linux-5.15 WARNING in iov_iter_revert origin:lts-only C done 1 315d 331d 0/3 upstream: reported C repro on 2023/06/28 09:07

Sample crash report:
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
random: sshd: uninitialized urandom read (32 bytes read)
tls_set_device_offload: netdev not found
WARNING: CPU: 0 PID: 4534 at lib/iov_iter.c:918 iov_iter_revert+0x2ee/0xaa0 lib/iov_iter.c:918
Kernel panic - not syncing: panic_on_warn set ...

CPU: 0 PID: 4534 Comm: syz-executor979 Not tainted 4.17.0+ #94
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1b9/0x294 lib/dump_stack.c:113
 panic+0x22f/0x4de kernel/panic.c:184
 __warn.cold.8+0x163/0x1b3 kernel/panic.c:536
 report_bug+0x252/0x2d0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:iov_iter_revert+0x2ee/0xaa0 lib/iov_iter.c:918
Code: 74 24 08 4d 89 7d 20 48 89 de 49 83 c7 01 4c 89 f7 e8 76 50 24 fe 49 39 de 72 b7 e8 bc 4f 24 fe e9 3b ff ff ff e8 b2 4f 24 fe <0f> 0b e9 3a ff ff ff e8 a6 4f 24 fe 49 8d 7d 18 48 b8 00 00 00 00 
RSP: 0018:ffff8801aff4f788 EFLAGS: 00010293
RAX: ffff8801af8263c0 RBX: 00000000fffffeed RCX: ffffffff8355eb01
RDX: 0000000000000000 RSI: ffffffff8355edae RDI: 0000000000000007
RBP: ffff8801aff4f7e8 R08: ffff8801af8263c0 R09: ffffed003b5c46d6
R10: 0000000000000003 R11: 0000000000000001 R12: 0000000000000113
R13: ffff8801aff4fad0 R14: 0000000000000478 R15: ffff8801b2890040
 tls_sw_sendmsg+0xefc/0x12b0 net/tls/tls_sw.c:448
 inet_sendmsg+0x19f/0x690 net/ipv4/af_inet.c:798
 sock_sendmsg_nosec net/socket.c:633 [inline]
 sock_sendmsg+0xd5/0x120 net/socket.c:643
 sock_write_iter+0x35a/0x5a0 net/socket.c:912
 call_write_iter include/linux/fs.h:1793 [inline]
 new_sync_write fs/read_write.c:474 [inline]
 __vfs_write+0x6ae/0x9d0 fs/read_write.c:487
 vfs_write+0x1f8/0x560 fs/read_write.c:549
 ksys_write+0xf9/0x250 fs/read_write.c:598
 __do_sys_write fs/read_write.c:610 [inline]
 __se_sys_write fs/read_write.c:607 [inline]
 __x64_sys_write+0x73/0xb0 fs/read_write.c:607
 do_syscall_64+0x1b1/0x800 arch/x86/entry/common.c:287
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x440a69
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00 
RSP: 002b:00007fff3d7337b8 EFLAGS: 00000207 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440a69
RDX: 0000000000000478 RSI: 0000000020000740 RDI: 0000000000000003
RBP: 00000000006cb018 R08: 65732f636f72702f R09: 65732f636f72702f
R10: 000000000000000f R11: 0000000000000207 R12: 00000000004022f0
R13: 0000000000402380 R14: 0000000000000000 R15: 0000000000000000
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (74):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/06/10 22:04 upstream 3ca24ce9ff76 866118af .config console log report syz C ci-upstream-kasan-gce-root
2018/06/10 19:49 upstream 3ca24ce9ff76 866118af .config console log report syz C ci-upstream-kasan-gce
2018/05/12 23:44 upstream 427fbe89261d e726f42b .config console log report syz C ci-upstream-kasan-gce-root
2018/05/12 21:44 net-next-old b2d6cee117f7 e726f42b .config console log report syz C ci-upstream-net-kasan-gce
2018/06/10 19:44 https://github.com/google/kmsan.git master d6c351f832e3 866118af .config console log report syz C ci-upstream-kmsan-gce
2018/07/19 01:05 upstream 04a132065175 49f35839 .config console log report ci-upstream-kasan-gce-root
2018/07/15 08:31 upstream c31496dbacc2 92a49505 .config console log report ci-upstream-kasan-gce
2018/07/07 00:20 upstream b4d0562137c9 9636bc93 .config console log report ci-upstream-kasan-gce
2018/07/03 05:18 upstream d0fbad0aec1d 317fc8ea .config console log report ci-upstream-kasan-gce-root
2018/06/25 00:34 upstream 7daf201d7fe8 2064fc5c .config console log report ci-upstream-kasan-gce
2018/06/24 01:52 upstream 5e2204832b20 2064fc5c .config console log report ci-upstream-kasan-gce
2018/06/21 01:03 upstream 1abd8a8f39cd 095ef806 .config console log report ci-upstream-kasan-gce-root
2018/06/19 22:09 upstream ba4dbdedd3ed 732e4256 .config console log report ci-upstream-kasan-gce
2018/06/14 04:35 upstream be779f03d563 27c5f59f .config console log report ci-upstream-kasan-gce
2018/06/10 23:21 upstream 3ca24ce9ff76 866118af .config console log report ci-upstream-kasan-gce-root
2018/06/07 03:17 upstream 0ad39cb3d70f e0e534c6 .config console log report ci-upstream-kasan-gce
2018/06/07 02:11 upstream 0ad39cb3d70f e0e534c6 .config console log report ci-upstream-kasan-gce
2018/06/05 04:35 upstream 910470e03f34 a50d873b .config console log report ci-upstream-kasan-gce
2018/06/04 22:23 upstream 910470e03f34 a50d873b .config console log report ci-upstream-kasan-gce
2018/06/04 18:33 upstream 29dcea88779c 6cbe7c26 .config console log report ci-upstream-kasan-gce
2018/06/04 00:29 upstream 325e14f97e0c 2f93b54f .config console log report ci-upstream-kasan-gce
2018/06/03 16:48 upstream 918fe1b31579 2f93b54f .config console log report ci-upstream-kasan-gce
2018/06/03 10:42 upstream 918fe1b31579 2f93b54f .config console log report ci-upstream-kasan-gce
2018/06/02 13:23 upstream 0512e0134582 2f93b54f .config console log report ci-upstream-kasan-gce
2018/05/12 15:54 upstream f0ab773f5c96 e726f42b .config console log report ci-upstream-kasan-gce-root
2018/07/15 03:20 net-old 6bed5e260709 92a49505 .config console log report ci-upstream-net-this-kasan-gce
2018/07/09 15:02 net-old 6508b6781be0 f25e5770 .config console log report ci-upstream-net-this-kasan-gce
2018/07/07 07:42 net-old 70ba5b6db96f 6c0c0099 .config console log report ci-upstream-net-this-kasan-gce
2018/07/16 05:40 net-next-old 2aa4a3378ad0 92a49505 .config console log report ci-upstream-net-kasan-gce
2018/07/06 01:04 net-next-old 2cc0608e42ac d3b2a0e2 .config console log report ci-upstream-net-kasan-gce
2018/07/04 22:15 net-next-old 211c41c8c46b e1b966c6 .config console log report ci-upstream-net-kasan-gce
2018/07/03 23:19 net-next-old 44a4c4698ee8 317fc8ea .config console log report ci-upstream-net-kasan-gce
2018/07/03 02:35 net-next-old f6779e4e53b6 574780b0 .config console log report ci-upstream-net-kasan-gce
2018/06/26 18:54 net-next-old 651b4513bdd2 b0294c53 .config console log report ci-upstream-net-kasan-gce
2018/06/26 04:51 net-next-old 9ff3b40e411c 2064fc5c .config console log report ci-upstream-net-kasan-gce
2018/06/25 07:45 net-next-old 0ef8b4567d08 2064fc5c .config console log report ci-upstream-net-kasan-gce
2018/06/22 19:22 net-next-old a99790bf5c7f c97f0d7a .config console log report ci-upstream-net-kasan-gce
2018/06/21 20:18 net-next-old f0dc7f9c6dd9 095ef806 .config console log report ci-upstream-net-kasan-gce
2018/06/20 23:18 net-next-old f0dc7f9c6dd9 095ef806 .config console log report ci-upstream-net-kasan-gce
2018/06/18 22:36 net-next-old f0dc7f9c6dd9 45c54f75 .config console log report ci-upstream-net-kasan-gce
2018/06/16 20:12 net-next-old f0dc7f9c6dd9 27c5f59f .config console log report ci-upstream-net-kasan-gce
2018/06/11 05:17 net-next-old f0dc7f9c6dd9 866118af .config console log report ci-upstream-net-kasan-gce
2018/06/06 11:47 net-next-old 75d4e704fa8d 41f9540d .config console log report ci-upstream-net-kasan-gce
2018/06/05 06:55 net-next-old 4cd328f83916 a50d873b .config console log report ci-upstream-net-kasan-gce
2018/06/05 00:38 net-next-old 4cd328f83916 a50d873b .config console log report ci-upstream-net-kasan-gce
2018/06/03 17:35 net-next-old eaf47b17a77f 2f93b54f .config console log report ci-upstream-net-kasan-gce
2018/06/13 10:47 https://github.com/google/kmsan.git master 5cdf0501ac1b 27c5f59f .config console log report ci-upstream-kmsan-gce
2018/06/09 22:16 https://github.com/google/kmsan.git master d6c351f832e3 866118af .config console log report ci-upstream-kmsan-gce
* Struck through repros no longer work on HEAD.