syzbot


WARNING in iov_iter_pipe

Status: fixed on 2019/12/13 00:31
Reported-by: syzbot+991400e8eba7e00a26e1@syzkaller.appspotmail.com
Fix commit: 419e9c38aa07 iomap: Fix pipe page leakage during splicing
First crash: 1055d, last: 1037d

Cause bisection: introduced by (bisect log) :
commit b1b4705d54abedfd69dcdf42779c521aa1e0fbd3
Author: Matthew Bobrowski <mbobrowski@mbobrowski.org>
Date: Tue Nov 5 12:01:37 2019 +0000

  ext4: introduce direct I/O read using iomap infrastructure

Crash: WARNING in iov_iter_pipe (log)
Repro: C syz .config
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in iov_iter_pipe (2) 4 341d 418d 0/24 auto-closed as invalid on 2022/02/17 17:42

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 1 PID: 8715 at lib/iov_iter.c:1162 iov_iter_pipe+0x25b/0x2f0 lib/iov_iter.c:1162
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 8715 Comm: syz-executor719 Not tainted 5.4.0-rc6-next-20191107 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x197/0x210 lib/dump_stack.c:118
 panic+0x2e3/0x75c kernel/panic.c:221
 __warn.cold+0x2f/0x35 kernel/panic.c:582
 report_bug+0x289/0x300 lib/bug.c:195
 fixup_bug arch/x86/kernel/traps.c:174 [inline]
 fixup_bug arch/x86/kernel/traps.c:169 [inline]
 do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267
 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286
 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
RIP: 0010:iov_iter_pipe+0x25b/0x2f0 lib/iov_iter.c:1162
Code: 83 c0 03 38 d0 7c 04 84 d2 75 33 44 89 63 24 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 ac ba 2e fe 0f 0b e8 a5 ba 2e fe <0f> 0b e9 53 fe ff ff 4c 89 f7 e8 46 e5 6a fe e9 f5 fd ff ff e8 dc
RSP: 0018:ffff8880a0b4f988 EFLAGS: 00010293
RAX: ffff88808f1602c0 RBX: ffff8880a0b4fa18 RCX: ffffffff8344ac89
RDX: 0000000000000000 RSI: ffffffff8344ae3b RDI: 0000000000000004
RBP: ffff8880a0b4f9c0 R08: ffff88808f1602c0 R09: 0000000000000000
R10: fffffbfff1390168 R11: ffffffff89c80b47 R12: ffff88808f121c00
R13: 0000000000000010 R14: ffff88808f121cc8 R15: ffff88808f121cd0
 generic_file_splice_read+0xa7/0x800 fs/splice.c:303
 do_splice_to+0x127/0x180 fs/splice.c:877
 splice_direct_to_actor+0x2d3/0x970 fs/splice.c:955
 do_splice_direct+0x1da/0x2a0 fs/splice.c:1064
 do_sendfile+0x597/0xd00 fs/read_write.c:1464
 __do_sys_sendfile64 fs/read_write.c:1525 [inline]
 __se_sys_sendfile64 fs/read_write.c:1511 [inline]
 __x64_sys_sendfile64+0x1dd/0x220 fs/read_write.c:1511
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x446969
Code: e8 4c b4 02 00 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 0b 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f05c41b8ce8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
RAX: ffffffffffffffda RBX: 00000000006dbc58 RCX: 0000000000446969
RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000005
RBP: 00000000006dbc50 R08: 0000000000000000 R09: 0000000000000000
R10: 00000000ffffffff R11: 0000000000000246 R12: 00000000006dbc5c
R13: 00007fffb77353df R14: 00007f05c41b99c0 R15: 20c49ba5e353f7cf
Kernel Offset: disabled
Rebooting in 86400 seconds..

Crashes (1117):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-linux-next-kasan-gce-root 2019/11/07 13:16 linux-next c68c5373c504 d797d201 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2019/11/25 06:53 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/25 00:52 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 23:40 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 22:14 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 20:23 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 19:15 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 17:29 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 16:27 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 15:26 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 12:51 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 11:34 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 10:05 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 08:33 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 06:54 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 05:43 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 03:59 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 02:48 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 01:47 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/24 01:45 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/23 22:49 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/23 20:24 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/23 17:40 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/23 15:34 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/23 14:08 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/23 11:24 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/23 10:16 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/23 08:23 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/23 07:22 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/23 06:00 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/23 03:48 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/23 02:12 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/23 00:20 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/23 00:09 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/22 23:07 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/22 21:01 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/22 19:33 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/22 18:05 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/22 17:21 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/22 17:11 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/22 17:11 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/22 15:40 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/22 15:00 linux-next b9d3d0140506 598ca6c8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/22 11:42 linux-next b9d3d0140506 8098ea0f .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/22 06:32 linux-next 1fef9976397f 8098ea0f .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/22 03:21 linux-next 1fef9976397f 8098ea0f .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/22 00:09 linux-next 1fef9976397f 8098ea0f .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/21 22:34 linux-next 1fef9976397f 8098ea0f .config log report
ci-upstream-linux-next-kasan-gce-root 2019/11/07 09:28 linux-next c68c5373c504 d797d201 .config log report
* Struck through repros no longer work on HEAD.