syzbot


WARNING in request_end

Status: fixed on 2019/11/11 16:48
Reported-by: syzbot+ef054c4d3f64cd7f7cec@syzkaller.appspotmail.com
Fix commit: 4c316f2f3ff3 fuse: set FR_SENT while locked
First crash: 1416d, last: 1379d

Cause bisection: introduced by (bisect log) :
commit 4ad769f3c346ec3d458e255548dec26ca5284cf6
Author: Eric W. Biederman <ebiederm@xmission.com>
Date: Tue May 29 14:04:46 2018 +0000

  fuse: Allow fully unprivileged mounts

Crash: KASAN: use-after-free Read in fuse_dev_do_read (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) :
commit 4c316f2f3ff315cb48efb7435621e5bfb81df96d
Author: Miklos Szeredi <mszeredi@redhat.com>
Date: Fri Sep 28 14:43:22 2018 +0000

  fuse: set FR_SENT while locked

similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
android-49 WARNING in request_end 1 1407d 1407d 0/3 auto-closed as invalid on 2019/04/01 20:43
Patch testing requests:
Created Duration User Patch Repo Result
2019/03/23 19:48 18m mszeredi@redhat.com git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git bc78abbd55dd report log

Sample crash report:
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
WARNING: CPU: 1 PID: 7459 at fs/fuse/dev.c:390 request_end+0x82e/0xaa0 fs/fuse/dev.c:390
Kernel panic - not syncing: panic_on_warn set ...

CPU: 1 PID: 7459 Comm: syz-executor659 Not tainted 4.19.0-rc7+ #176
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
 panic+0x238/0x4e7 kernel/panic.c:184
 __warn.cold.8+0x163/0x1ba kernel/panic.c:536
 report_bug+0x254/0x2d0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:993
RIP: 0010:request_end+0x82e/0xaa0 fs/fuse/dev.c:390
Code: 3c 03 0f 8f 6f fe ff ff 48 8b bd f0 fe ff ff e8 78 63 3b ff e9 5e fe ff ff e8 1e f3 f7 fe 0f 0b e9 b0 fa ff ff e8 12 f3 f7 fe <0f> 0b e9 f0 fa ff ff e8 16 ca c1 fe e8 71 63 3b ff e9 5b fb ff ff
RSP: 0018:ffff8801c65e7328 EFLAGS: 00010293
RAX: ffff8801cd3362c0 RBX: ffff8801cba17000 RCX: ffffffff8286dd65
RDX: 0000000000000000 RSI: ffffffff8286e27e RDI: 0000000000000007
RBP: ffff8801c65e7458 R08: ffff8801cd3362c0 R09: ffffed00391cd5bf
R10: ffffed00391cd5bf R11: ffff8801c8e6adfb R12: 1ffff10038cbce6a
R13: ffff8801c8e6ad80 R14: ffff8801cba17030 R15: ffff8801c65e7430
 fuse_dev_do_write+0x192e/0x36e0 fs/fuse/dev.c:1915
 fuse_dev_write+0x19a/0x240 fs/fuse/dev.c:1939
 call_write_iter include/linux/fs.h:1808 [inline]
 new_sync_write fs/read_write.c:474 [inline]
 __vfs_write+0x6b8/0x9f0 fs/read_write.c:487
 vfs_write+0x1fc/0x560 fs/read_write.c:549
 ksys_write+0x101/0x260 fs/read_write.c:598
 __do_sys_write fs/read_write.c:610 [inline]
 __se_sys_write fs/read_write.c:607 [inline]
 __ia32_sys_write+0x71/0xb0 fs/read_write.c:607
 do_syscall_32_irqs_on arch/x86/entry/common.c:326 [inline]
 do_fast_syscall_32+0x34d/0xfb2 arch/x86/entry/common.c:397
 entry_SYSENTER_compat+0x70/0x7f arch/x86/entry/entry_64_compat.S:139
RIP: 0023:0xf7f43ca9
Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90
RSP: 002b:00000000f7efd1fc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200002c0
RDX: 0000000000000050 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00000000003d0f00 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (14):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-386 2018/10/08 09:37 upstream 0238df646e62 8b311eaf .config log report syz C
ci-upstream-kasan-gce-smack-root 2018/10/31 06:55 upstream 310c7585e830 4ccf7bb4 .config log report
ci-upstream-kasan-gce-root 2018/10/23 04:48 upstream ca9eb48fe01f ecb386fe .config log report
ci-upstream-kasan-gce 2018/10/15 05:37 upstream 3a27203102eb caf12900 .config log report
ci-upstream-kasan-gce-root 2018/10/14 02:04 upstream 7ec21823634d caf12900 .config log report
ci-upstream-kasan-gce 2018/10/11 15:17 upstream 9dcd936c5312 5f818b4b .config log report
ci-upstream-kasan-gce 2018/10/11 12:43 upstream 9dcd936c5312 5f818b4b .config log report
ci-upstream-kasan-gce 2018/10/10 23:16 upstream b8db9e69dba9 5f818b4b .config log report
ci-upstream-kasan-gce-smack-root 2018/10/08 13:39 upstream 0238df646e62 8b311eaf .config log report
ci-upstream-kasan-gce-root 2018/09/24 11:11 upstream 6bf4ca7fbc85 2f485cdf .config log report
ci-upstream-kasan-gce-386 2018/10/08 14:21 upstream 0238df646e62 8b311eaf .config log report
ci-upstream-kasan-gce-386 2018/10/08 08:50 upstream 0238df646e62 8b311eaf .config log report
ci-upstream-kasan-gce-386 2018/10/07 18:20 upstream fb1c592cf4c9 8b311eaf .config log report
ci-upstream-linux-next-kasan-gce-root 2018/09/25 13:03 linux-next 8b7a6ebdd4a5 0e7547d7 .config log report