Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1562253rwb; Thu, 8 Dec 2022 12:14:43 -0800 (PST) X-Google-Smtp-Source: AA0mqf6hqWutvE5tgfiFlgrUej5V0H0IOEvhz2OyeR9r8SA/KXQfm1dmD/Zd3IqXDYnPjGDVVIWw X-Received: by 2002:a05:6402:1f87:b0:468:7df:c38c with SMTP id c7-20020a0564021f8700b0046807dfc38cmr18910401edc.150.1670530483232; Thu, 08 Dec 2022 12:14:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1670530483; cv=none; d=google.com; s=arc-20160816; b=rFSEE2m9ZkbRFsEy1TGOtNNFG0urx1xV7FKsPwL+4RVOvM9gbRDT66I+YyoEiFnaH3 A19sRvRRxEhKzt764qmbQ5/gl8VVYt8L/9PsF0ChAGCXMrVmYqloJglIbzyjhAHfu1wo 0ZwQt70ESozRCj3vhi2Rb69HPrgreMv55NLEh0uKo66XtaYCTyEBTaVmpqYWbh0BJxgN 7Q4FfqkBRFtYKXD/pVgAStmwatAdnOAK/9YigQ0PbdJI9KCuOvJQQ5Mf9/cEdzrQU2Ou rfYZUR3MkXrXdLjw/ewFmnUdMivn4WPDMhEIpAzmpaVkFu/oUqksuyW9h7naFxH1R24Y C0ew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=+uP+XpFfkKZXzZgEzXmIxGEZ3g7OKDET45/mYYRaIrE=; b=TQ9ubQ8waD93NyUq0DjuyzPp0lQXP3L2bwykCISE1Py7+6flKELesY8PrzdpslGFwX STrOkt4RtEurwl59ifjeD7fmvQssbVQBRMyMimpFSI83Jm//L+d6Jak0ZzIytaUSGeUO izGQh/7KshF2DWjwf9dFYN1SQelkd6MQBmktiPDghkL+JXtyMIVeiuJUhXlruQlrwtbL mRpECQwS/XN3Z62GlLWxXaMeLDF6lXOpjZgGQcXRJN7RFh3lRh550Rr1td8ghQuuI3Im Obbd2f7jDWEeBpz+sXOOmOV5GXTLjsIMXNGR26zVCdaKserWCRD06n9CWhS9h2xAOM6Q aokw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=QZGMYcHu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cr21-20020a170906d55500b0078d49f0df9csi20502075ejc.453.2022.12.08.12.14.25; Thu, 08 Dec 2022 12:14:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=QZGMYcHu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229680AbiLHTia (ORCPT + 73 others); Thu, 8 Dec 2022 14:38:30 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56298 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229468AbiLHTi2 (ORCPT ); Thu, 8 Dec 2022 14:38:28 -0500 Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 51EAA7683B for ; Thu, 8 Dec 2022 11:38:27 -0800 (PST) Received: by mail-yb1-xb2d.google.com with SMTP id d128so2902179ybf.10 for ; Thu, 08 Dec 2022 11:38:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+uP+XpFfkKZXzZgEzXmIxGEZ3g7OKDET45/mYYRaIrE=; b=QZGMYcHuPS3gWnEBHmoupMR1nNRjm1qzDkVuF1ZHAmxS9pMTo5rQCSGhOtU3NVOgN6 GpAj8wGqOWlBOEzDC6TIplSaIhEKGIJskShSsqzN3CAT2jOaJFqXwv0a65LaXOCE0zY3 AelMN30B4HiNzoiIgmxgkW46mv1amJvelxAU+8JrKMdO4PMQlYeHbAtVv8lTHp1qnKIl LWWiGeWC0HtgoTymoVypFgYgZ+EulxLNC0A+TN7O/evf31p0Rw6Us2VPgiARwLJYawgX 1r9vHMXxlvWXRUoJpvFCNX6XYLsjhlXd5OvnDcT+CqGz/bbG+Ek6GCsofz98ftz+Uy4u 9eGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+uP+XpFfkKZXzZgEzXmIxGEZ3g7OKDET45/mYYRaIrE=; b=OYUWPShqFruOx+tZl5Tddq65L1gGFtTyfbU15DibK6w9ABTY7axfE7j8HGgc18Yyz3 wR1itJkTA0ZAgebkr7GL2E5sqFcggBwmraJLBgVwI1gX2GGJfHWJ4P7+rxEDx+QrvmFN p1VsGXNsMwBZoMRH98fn5VNNkpFijOeaBsclM7y4G4T80JlzsSE9OgmsShXBmn3Fq/G4 VTF2DQC5OFH1STkP904ZprRKqidfTFt0sVD3wrelCpsl0ee7IRW9GQDvJQqU6PebcAY8 ywLg51E1rHwGIgWdg9NFLd6FnI8aYyEFSKhRkmL7ivHyuEJSZg4gk8T/fy/c2kIbtDio 0wZg== X-Gm-Message-State: ANoB5pm+0OMZTCJ4mAC+RBCimBfx2KmlX/M66Jn5tPTTDfGatxgVIwEz pAYg6Y5IqYAqpdIuen5snEyOyb8m0xSJ9YWEeT9fcA== X-Received: by 2002:a25:941:0:b0:706:bafd:6f95 with SMTP id u1-20020a250941000000b00706bafd6f95mr8792231ybm.55.1670528306221; Thu, 08 Dec 2022 11:38:26 -0800 (PST) MIME-Version: 1.0 References: <000000000000bc5b5a05ef56276d@google.com> In-Reply-To: <000000000000bc5b5a05ef56276d@google.com> From: Eric Dumazet Date: Thu, 8 Dec 2022 20:38:14 +0100 Message-ID: Subject: Re: [syzbot] WARNING in _copy_from_iter To: syzbot , Al Viro Cc: davem@davemloft.net, jmaloy@redhat.com, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, pabeni@redhat.com, syzkaller-bugs@googlegroups.com, tipc-discussion@lists.sourceforge.net, ying.xue@windriver.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Dec 8, 2022 at 8:36 PM syzbot wrote: > > Hello, > > syzbot found the following issue on: > > HEAD commit: 591cd61541b9 Add linux-next specific files for 20221207 > git tree: linux-next > console+strace: https://syzkaller.appspot.com/x/log.txt?x=15d12929880000 > kernel config: https://syzkaller.appspot.com/x/.config?x=8b2d3e63e054c24f > dashboard link: https://syzkaller.appspot.com/bug?extid=d43608d061e8847ec9f3 > compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=172536fb880000 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12d00a7d880000 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/bc862c01ec56/disk-591cd615.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/8f9b93f8ed2f/vmlinux-591cd615.xz > kernel image: https://storage.googleapis.com/syzbot-assets/9d5cb636d548/bzImage-591cd615.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+d43608d061e8847ec9f3@syzkaller.appspotmail.com > > ------------[ cut here ]------------ > WARNING: CPU: 0 PID: 5086 at lib/iov_iter.c:629 _copy_from_iter+0x2ed/0xf70 lib/iov_iter.c:629 > Modules linked in: > CPU: 0 PID: 5086 Comm: syz-executor371 Not tainted 6.1.0-rc8-next-20221207-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 > RIP: 0010:_copy_from_iter+0x2ed/0xf70 lib/iov_iter.c:629 > Code: 77 fd 44 89 fb e9 33 ff ff ff e8 be 34 77 fd be 79 02 00 00 48 c7 c7 e0 59 a6 8a e8 fd 6f b0 fd e9 17 fe ff ff e8 a3 34 77 fd <0f> 0b 45 31 ff e9 7b ff ff ff e8 94 34 77 fd 31 ff 89 ee e8 fb 30 > RSP: 0018:ffffc90003e1f828 EFLAGS: 00010293 > RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 > RDX: ffff888026548000 RSI: ffffffff840a6e5d RDI: 0000000000000001 > RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000000 R12: ffffc90003e1fd00 > R13: ffff888079c498f8 R14: ffffc90003e1fd00 R15: 0000000000000000 > FS: 0000555557073300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 000000000045b630 CR3: 000000007d92a000 CR4: 00000000003506f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > > copy_from_iter include/linux/uio.h:187 [inline] > copy_from_iter_full include/linux/uio.h:194 [inline] > tipc_msg_build+0x2d4/0x10a0 net/tipc/msg.c:404 > __tipc_sendmsg+0xada/0x1870 net/tipc/socket.c:1505 > tipc_connect+0x57b/0x6b0 net/tipc/socket.c:2624 > __sys_connect_file+0x153/0x1a0 net/socket.c:1976 > __sys_connect+0x165/0x1a0 net/socket.c:1993 > __do_sys_connect net/socket.c:2003 [inline] > __se_sys_connect net/socket.c:2000 [inline] > __x64_sys_connect+0x73/0xb0 net/socket.c:2000 > do_syscall_x64 arch/x86/entry/common.c:50 [inline] > do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80 > entry_SYSCALL_64_after_hwframe+0x63/0xcd > RIP: 0033:0x7fac68eeeb19 > Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 > RSP: 002b:00007ffe4214d778 EFLAGS: 00000246 ORIG_RAX: 000000000000002a > RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fac68eeeb19 > RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000003 > RBP: 00007fac68eb2cc0 R08: 0000000000000000 R09: 0000000000000000 > R10: 0000000000000000 R11: 0000000000000246 R12: 00007fac68eb2d50 > R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 > > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > syzbot can test patches for this issue, for details see: > https://goo.gl/tpsmEJ#testing-patches Exposes an old bug in tipc ? Seems a new check added by Al in : Author: Al Viro Date: Thu Sep 15 20:11:15 2022 -0400 iov_iter: saner checks for attempt to copy to/from iterator instead of "don't do it to ITER_PIPE" check for ->data_source being false on copying from iterator. Check for !->data_source for copying to iterator, while we are at it. Signed-off-by: Al Viro