kernel BUG at fs/direct-io.c:211! in next-20160930
47 views
Skip to first unread message
Joseph Bisch
Oct 5, 2016, 5:03:24 PM10/5/16
to linux-...@vger.kernel.org, aja...@hpe.com, syzk...@googlegroups.com, lk...@vger.kernel.org
While fuzzing next-20160930 with syzkaller I encountered the following:
kernel BUG at fs/direct-io.c:211!
invalid opcode: 0000 [#1] SMP
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 2488 Comm: syz-executor Not tainted 4.8.0-rc8-next-20160930 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
task: ffff880436b9d440 task.stack: ffffc90005d70000
RIP: 0010:[<ffffffff812433e1>] [< inline >] dio_get_page fs/direct-io.c:211
RIP: 0010:[<ffffffff812433e1>] [< inline >] do_direct_IO fs/direct-io.c:930
RIP: 0010:[<ffffffff812433e1>] [<ffffffff812433e1>] do_blockdev_direct_IO+0x2481/0x3b70 fs/direct-io.c:1270
RSP: 0018:ffffc90005d73930 EFLAGS: 00010283
RAX: ffffffff812433e1 RBX: 0000000000000000 RCX: ffffc9000b157000
RDX: 00000000000009ba RSI: 0000000000000000 RDI: ffffc90005d73c90
RBP: ffffc90005d73b48 R08: ffffc90005d73b10 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: 000000000007ffff R14: dead000000000100 R15: ffff880234528040
FS: 00007f4b22781700(0000) GS:ffff880237d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006d0000 CR3: 00000004359dd000 CR4: 00000000000006e0
Stack:
ffffc90005d73968 000000000000000c ffff880436b9d440 ffff880233d29000
ffff880436b9d440 0000000000001000 ffff880436b9d440 0000000000001000
00001000000044e3 000000000001e211 ffff880436b9d440 fffffffffffff000
Call Trace:
[<ffffffff81244b39>] __blockdev_direct_IO+0x69/0x80 fs/direct-io.c:1356
[< inline >] ext4_direct_IO_read fs/ext4/inode.c:3553
[<ffffffff812a7906>] ext4_direct_IO+0x366/0x8f0 fs/ext4/inode.c:3588
[<ffffffff8117d786>] generic_file_read_iter+0x946/0xa90 mm/filemap.c:1922
[<ffffffff81231a6b>] generic_file_splice_read+0xeb/0x1f0 fs/splice.c:313
[<ffffffff812311d5>] do_splice_to+0x95/0xc0 fs/splice.c:908
[<ffffffff812312c5>] splice_direct_to_actor+0xc5/0x280 fs/splice.c:980
[<ffffffff81231530>] do_splice_direct+0xb0/0xf0 fs/splice.c:1089
[<ffffffff811f4043>] do_sendfile+0x213/0x440 fs/read_write.c:1372
[< inline >] SYSC_sendfile64 fs/read_write.c:1427
[<ffffffff811f504e>] SyS_sendfile64+0x6e/0xd0 fs/read_write.c:1419
[<ffffffff81bc7da0>] entry_SYSCALL_64_fastpath+0x13/0x94
Code: 00 48 8d 43 ff 31 db 25 ff 0f 00 00 48 83 c0 01 48 89 84 24 e8 01 00 00 e8 dd 81 ee ff 41 39 dc 0f 85 52 df ff ff e8 cf 81 ee ff <0f> 0b e8 c8 81 ee ff be 0f 00 00 00 48 c7 c7 6c 07 da 81 e8 e7
RIP [< inline >] dio_get_page fs/direct-io.c:211
RIP [< inline >] do_direct_IO fs/direct-io.c:930
RIP [<ffffffff812433e1>] do_blockdev_direct_IO+0x2481/0x3b70 fs/direct-io.c:1270
RSP <ffffc90005d73930>
---[ end trace 8d37bff5680e79fa ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
The following program was generated by syz-repro and reproduces the crash:
http://pastebin.com/vE6cXzEg
--
Joe Bisch
HPE Linux, Hewlett Packard Enterprise
kernel BUG at fs/direct-io.c:211!
invalid opcode: 0000 [#1] SMP
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 2488 Comm: syz-executor Not tainted 4.8.0-rc8-next-20160930 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
task: ffff880436b9d440 task.stack: ffffc90005d70000
RIP: 0010:[<ffffffff812433e1>] [< inline >] dio_get_page fs/direct-io.c:211
RIP: 0010:[<ffffffff812433e1>] [< inline >] do_direct_IO fs/direct-io.c:930
RIP: 0010:[<ffffffff812433e1>] [<ffffffff812433e1>] do_blockdev_direct_IO+0x2481/0x3b70 fs/direct-io.c:1270
RSP: 0018:ffffc90005d73930 EFLAGS: 00010283
RAX: ffffffff812433e1 RBX: 0000000000000000 RCX: ffffc9000b157000
RDX: 00000000000009ba RSI: 0000000000000000 RDI: ffffc90005d73c90
RBP: ffffc90005d73b48 R08: ffffc90005d73b10 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: 000000000007ffff R14: dead000000000100 R15: ffff880234528040
FS: 00007f4b22781700(0000) GS:ffff880237d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006d0000 CR3: 00000004359dd000 CR4: 00000000000006e0
Stack:
ffffc90005d73968 000000000000000c ffff880436b9d440 ffff880233d29000
ffff880436b9d440 0000000000001000 ffff880436b9d440 0000000000001000
00001000000044e3 000000000001e211 ffff880436b9d440 fffffffffffff000
Call Trace:
[<ffffffff81244b39>] __blockdev_direct_IO+0x69/0x80 fs/direct-io.c:1356
[< inline >] ext4_direct_IO_read fs/ext4/inode.c:3553
[<ffffffff812a7906>] ext4_direct_IO+0x366/0x8f0 fs/ext4/inode.c:3588
[<ffffffff8117d786>] generic_file_read_iter+0x946/0xa90 mm/filemap.c:1922
[<ffffffff81231a6b>] generic_file_splice_read+0xeb/0x1f0 fs/splice.c:313
[<ffffffff812311d5>] do_splice_to+0x95/0xc0 fs/splice.c:908
[<ffffffff812312c5>] splice_direct_to_actor+0xc5/0x280 fs/splice.c:980
[<ffffffff81231530>] do_splice_direct+0xb0/0xf0 fs/splice.c:1089
[<ffffffff811f4043>] do_sendfile+0x213/0x440 fs/read_write.c:1372
[< inline >] SYSC_sendfile64 fs/read_write.c:1427
[<ffffffff811f504e>] SyS_sendfile64+0x6e/0xd0 fs/read_write.c:1419
[<ffffffff81bc7da0>] entry_SYSCALL_64_fastpath+0x13/0x94
Code: 00 48 8d 43 ff 31 db 25 ff 0f 00 00 48 83 c0 01 48 89 84 24 e8 01 00 00 e8 dd 81 ee ff 41 39 dc 0f 85 52 df ff ff e8 cf 81 ee ff <0f> 0b e8 c8 81 ee ff be 0f 00 00 00 48 c7 c7 6c 07 da 81 e8 e7
RIP [< inline >] dio_get_page fs/direct-io.c:211
RIP [< inline >] do_direct_IO fs/direct-io.c:930
RIP [<ffffffff812433e1>] do_blockdev_direct_IO+0x2481/0x3b70 fs/direct-io.c:1270
RSP <ffffc90005d73930>
---[ end trace 8d37bff5680e79fa ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
The following program was generated by syz-repro and reproduces the crash:
http://pastebin.com/vE6cXzEg
--
Joe Bisch
HPE Linux, Hewlett Packard Enterprise
Al Viro
Oct 5, 2016, 6:04:09 PM10/5/16
to Joseph Bisch, linux-...@vger.kernel.org, aja...@hpe.com, syzk...@googlegroups.com, lk...@vger.kernel.org
On Wed, Oct 05, 2016 at 03:03:46PM -0600, Joseph Bisch wrote:
> While fuzzing next-20160930 with syzkaller I encountered the following:
>
> kernel BUG at fs/direct-io.c:211!
> invalid opcode: 0000 [#1] SMP
Should've been fixed in current -next - it's handling of iov_iter_get_pages()
> While fuzzing next-20160930 with syzkaller I encountered the following:
>
> kernel BUG at fs/direct-io.c:211!
> invalid opcode: 0000 [#1] SMP
n ITER_PIPE iterators when they get full; the things to watch for are
a) __pipe_get_pages() containing
size_t n = push_pipe(i, maxsize, &idx, start);
if (!n)
return -EFAULT;
and
b) "consistent treatment of EFAULT on O_DIRECT read/write" applied in
fs/direct-io.c
Reply all
Reply to author
Forward
0 new messages