WARNING in csum_and_copy_to_iter

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+ce18da013d76d837144d@syzkaller.appspotmail.com>
To: davem@davemloft.net, gregkh@linuxfoundation.org,
	kgraul@linux.ibm.com, linux-kernel@vger.kernel.org,
	netdev@vger.kernel.org, stranche@codeaurora.org,
	syzkaller-bugs@googlegroups.com, viro@zeniv.linux.org.uk
Subject: WARNING in csum_and_copy_to_iter
Date: Sat, 24 Nov 2018 11:40:03 -0800	[thread overview]
Message-ID: <0000000000001ecaa1057b6e4489@google.com> (raw)

Hello,

syzbot found the following crash on:

HEAD commit:    edeca3a769ad Merge tag 'sound-4.20-rc4' of git://git.kerne..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12bee26d400000
kernel config:  https://syzkaller.appspot.com/x/.config?x=73e2bc0cb6463446
dashboard link: https://syzkaller.appspot.com/bug?extid=ce18da013d76d837144d
compiler:       gcc (GCC) 8.0.1 20180413 (experimental)
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=15ccd1f5400000

IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ce18da013d76d837144d@syzkaller.appspotmail.com

8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
8021q: adding VLAN 0 to HW filter on device team0
WARNING: CPU: 1 PID: 7440 at lib/iov_iter.c:1443  
csum_and_copy_to_iter+0x73a/0x14f0 lib/iov_iter.c:1443
Kernel panic - not syncing: panic_on_warn set ...
CPU: 1 PID: 7440 Comm: syz-executor2 Not tainted 4.20.0-rc3+ #345
kobject: 'loop0' (00000000da2348da): kobject_uevent_env
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Call Trace:
  __dump_stack lib/dump_stack.c:77 [inline]
  dump_stack+0x244/0x39d lib/dump_stack.c:113
  panic+0x2ad/0x55c kernel/panic.c:188
kobject: 'loop0' (00000000da2348da): fill_kobj_path: path  
= '/devices/virtual/block/loop0'
  __warn.cold.8+0x20/0x45 kernel/panic.c:540
  report_bug+0x254/0x2d0 lib/bug.c:186
  fixup_bug arch/x86/kernel/traps.c:178 [inline]
  do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:271
  do_invalid_op+0x36/0x40 arch/x86/kernel/traps.c:290
WARNING: CPU: 0 PID: 7446 at lib/iov_iter.c:1443  
csum_and_copy_to_iter+0x73a/0x14f0 lib/iov_iter.c:1443
Modules linked in:
  invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:969
CPU: 0 PID: 7446 Comm: syz-executor0 Not tainted 4.20.0-rc3+ #345
RIP: 0010:csum_and_copy_to_iter+0x73a/0x14f0 lib/iov_iter.c:1443
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS  
Google 01/01/2011
Code: ee fd 48 83 bd b0 fe ff ff 00 0f 84 48 fc ff ff e9 91 fe ff ff e8 e6  
6d ee fd 49 83 c4 10 31 db e9 70 fc ff ff e8 d6 6d ee fd <0f> 0b 48 c7 85  
e8 fe ff ff 00 00 00 00 e9 70 fd ff ff 4c 89 f7 e8
RIP: 0010:csum_and_copy_to_iter+0x73a/0x14f0 lib/iov_iter.c:1443
RSP: 0018:ffff8881bc80f368 EFLAGS: 00010293
Code: ee fd 48 83 bd b0 fe ff ff 00 0f 84 48 fc ff ff e9 91 fe ff ff e8 e6  
6d ee fd 49 83 c4 10 31 db e9 70 fc ff ff e8 d6 6d ee fd <0f> 0b 48 c7 85  
e8 fe ff ff 00 00 00 00 e9 70 fd ff ff 4c 89 f7 e8
RAX: ffff8881c87ca080 RBX: 000000000000038a RCX: ffffffff839116c2
RSP: 0018:ffff8881bbabf368 EFLAGS: 00010293
RDX: 0000000000000000 RSI: ffffffff83911d1a RDI: 0000000000000005
RAX: ffff8881caf18080 RBX: 000000000000038a RCX: ffffffff839116c2
RBP: ffff8881bc80f4f8 R08: ffff8881c87ca080 R09: 0000000000000006
RDX: 0000000000000000 RSI: ffffffff83911d1a RDI: 0000000000000005
R10: 0000000000000000 R11: ffff8881c87ca080 R12: 0000000000000000
RBP: ffff8881bbabf4f8 R08: ffff8881caf18080 R09: 0000000000000006
R13: 0000000000000008 R14: ffff8881bc80fa50 R15: 000000000000038a
R10: 0000000000000000 R11: ffff8881caf18080 R12: 0000000000000000
R13: 0000000000000008 R14: ffff8881bbabfa50 R15: 000000000000038a
FS:  00007fed2599c700(0000) GS:ffff8881dae00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004cce48 CR3: 00000001cf367000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
  skb_copy_and_csum_datagram+0x1ab/0xae0 net/core/datagram.c:662
  skb_copy_and_csum_datagram+0x1ab/0xae0 net/core/datagram.c:662
  skb_copy_and_csum_datagram_msg+0x246/0x420 net/core/datagram.c:802
  udpv6_recvmsg+0xd62/0x1d80 net/ipv6/udp.c:376
  skb_copy_and_csum_datagram_msg+0x246/0x420 net/core/datagram.c:802
  udpv6_recvmsg+0xd62/0x1d80 net/ipv6/udp.c:376
  inet_recvmsg+0x181/0x6d0 net/ipv4/af_inet.c:830
  inet_recvmsg+0x181/0x6d0 net/ipv4/af_inet.c:830
  sock_recvmsg_nosec net/socket.c:794 [inline]
  sock_recvmsg+0xd0/0x110 net/socket.c:801
  sock_read_iter+0x39b/0x570 net/socket.c:878
  call_read_iter include/linux/fs.h:1851 [inline]
  generic_file_splice_read+0x5a2/0x9a0 fs/splice.c:308
  sock_recvmsg_nosec net/socket.c:794 [inline]
  sock_recvmsg+0xd0/0x110 net/socket.c:801
  sock_read_iter+0x39b/0x570 net/socket.c:878
  sock_splice_read+0xef/0x110 net/socket.c:856
  do_splice_to+0x12e/0x190 fs/splice.c:880
  call_read_iter include/linux/fs.h:1851 [inline]
  generic_file_splice_read+0x5a2/0x9a0 fs/splice.c:308
  do_splice+0x1014/0x1430 fs/splice.c:1173
  sock_splice_read+0xef/0x110 net/socket.c:856
  __do_sys_splice fs/splice.c:1414 [inline]
  __se_sys_splice fs/splice.c:1394 [inline]
  __x64_sys_splice+0x2c1/0x330 fs/splice.c:1394
  do_splice_to+0x12e/0x190 fs/splice.c:880
  do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
  do_splice+0x1014/0x1430 fs/splice.c:1173
  __do_sys_splice fs/splice.c:1414 [inline]
  __se_sys_splice fs/splice.c:1394 [inline]
  __x64_sys_splice+0x2c1/0x330 fs/splice.c:1394
  do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
  entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457569
Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7  
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff  
ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f6517086c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
  entry_SYSCALL_64_after_hwframe+0x49/0xbe
RBP: 000000000072bfa0 R08: 0000000010000200 R09: 0000000000000000
RIP: 0033:0x457569
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f65170876d4
Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7  
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff  
ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
R13: 00000000004c5719 R14: 00000000004d8c08 R15: 00000000ffffffff
RSP: 002b:00007fed2599bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457569
RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003
RBP: 000000000072bfa0 R08: 0000000010000200 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fed2599c6d4
R13: 00000000004c5719 R14: 00000000004d8c08 R15: 00000000ffffffff
irq event stamp: 352
hardirqs last  enabled at (351): [<ffffffff814ad030>]  
__local_bh_enable_ip+0x160/0x260 kernel/softirq.c:194
hardirqs last disabled at (352): [<ffffffff81007ced>]  
trace_hardirqs_off_thunk+0x1a/0x1c
softirqs last  enabled at (350): [<ffffffff86aef3ab>] spin_unlock_bh  
include/linux/spinlock.h:374 [inline]
softirqs last  enabled at (350): [<ffffffff86aef3ab>]  
__skb_recv_udp+0x4ab/0xaf0 net/ipv4/udp.c:1611
softirqs last disabled at (348): [<ffffffff86aef190>] spin_lock_bh  
include/linux/spinlock.h:334 [inline]
softirqs last disabled at (348): [<ffffffff86aef190>]  
__skb_recv_udp+0x290/0xaf0 net/ipv4/udp.c:1583
---[ end trace fcfb475d82d5a575 ]---
Kernel Offset: disabled
Rebooting in 86400 seconds..


---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with  
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches

next             reply	other threads:[~2018-11-24 19:40 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-24 19:40 syzbot [this message]
2018-11-24 20:03 ` WARNING in csum_and_copy_to_iter Al Viro
2018-11-24 21:20   ` Slavomir Kaslev
2018-11-24 21:44     ` Al Viro
2018-11-25  1:51       ` Al Viro
2018-11-26 11:46         ` Slavomir Kaslev
2023-11-24 10:30 ` [syzbot] syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=0000000000001ecaa1057b6e4489@google.com \
    --to=syzbot+ce18da013d76d837144d@syzkaller.appspotmail.com \
    --cc=davem@davemloft.net \
    --cc=gregkh@linuxfoundation.org \
    --cc=kgraul@linux.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=stranche@codeaurora.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.