kernel BUG at fs/direct-io.c:211! in next-20160930

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joseph Bisch <joseph.bisch@hpe.com>
To: linux-fsdevel@vger.kernel.org
Cc: ajames@hpe.com, syzkaller@googlegroups.com, lkml@vger.kernel.org
Subject: kernel BUG at fs/direct-io.c:211! in next-20160930
Date: Wed, 5 Oct 2016 15:03:46 -0600	[thread overview]
Message-ID: <20161005210345.GA3192@hpe.com> (raw)

While fuzzing next-20160930 with syzkaller I encountered the following:

kernel BUG at fs/direct-io.c:211!
invalid opcode: 0000 [#1] SMP
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 2488 Comm: syz-executor Not tainted 4.8.0-rc8-next-20160930 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
task: ffff880436b9d440 task.stack: ffffc90005d70000
RIP: 0010:[<ffffffff812433e1>]  [<     inline     >] dio_get_page fs/direct-io.c:211
RIP: 0010:[<ffffffff812433e1>]  [<     inline     >] do_direct_IO fs/direct-io.c:930
RIP: 0010:[<ffffffff812433e1>]  [<ffffffff812433e1>] do_blockdev_direct_IO+0x2481/0x3b70 fs/direct-io.c:1270
RSP: 0018:ffffc90005d73930  EFLAGS: 00010283
RAX: ffffffff812433e1 RBX: 0000000000000000 RCX: ffffc9000b157000
RDX: 00000000000009ba RSI: 0000000000000000 RDI: ffffc90005d73c90
RBP: ffffc90005d73b48 R08: ffffc90005d73b10 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000000
R13: 000000000007ffff R14: dead000000000100 R15: ffff880234528040
FS:  00007f4b22781700(0000) GS:ffff880237d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000006d0000 CR3: 00000004359dd000 CR4: 00000000000006e0
Stack:
 ffffc90005d73968 000000000000000c ffff880436b9d440 ffff880233d29000
 ffff880436b9d440 0000000000001000 ffff880436b9d440 0000000000001000
 00001000000044e3 000000000001e211 ffff880436b9d440 fffffffffffff000
Call Trace:
 [<ffffffff81244b39>] __blockdev_direct_IO+0x69/0x80 fs/direct-io.c:1356
 [<     inline     >] ext4_direct_IO_read fs/ext4/inode.c:3553
 [<ffffffff812a7906>] ext4_direct_IO+0x366/0x8f0 fs/ext4/inode.c:3588
 [<ffffffff8117d786>] generic_file_read_iter+0x946/0xa90 mm/filemap.c:1922
 [<ffffffff81231a6b>] generic_file_splice_read+0xeb/0x1f0 fs/splice.c:313
 [<ffffffff812311d5>] do_splice_to+0x95/0xc0 fs/splice.c:908
 [<ffffffff812312c5>] splice_direct_to_actor+0xc5/0x280 fs/splice.c:980
 [<ffffffff81231530>] do_splice_direct+0xb0/0xf0 fs/splice.c:1089
 [<ffffffff811f4043>] do_sendfile+0x213/0x440 fs/read_write.c:1372
 [<     inline     >] SYSC_sendfile64 fs/read_write.c:1427
 [<ffffffff811f504e>] SyS_sendfile64+0x6e/0xd0 fs/read_write.c:1419
 [<ffffffff81bc7da0>] entry_SYSCALL_64_fastpath+0x13/0x94
Code: 00 48 8d 43 ff 31 db 25 ff 0f 00 00 48 83 c0 01 48 89 84 24 e8 01 00 00 e8 dd 81 ee ff 41 39 dc 0f 85 52 df ff ff e8 cf 81 ee ff <0f> 0b e8 c8 81 ee ff be 0f 00 00 00 48 c7 c7 6c 07 da 81 e8 e7 
RIP  [<     inline     >] dio_get_page fs/direct-io.c:211
RIP  [<     inline     >] do_direct_IO fs/direct-io.c:930
RIP  [<ffffffff812433e1>] do_blockdev_direct_IO+0x2481/0x3b70 fs/direct-io.c:1270
 RSP <ffffc90005d73930>
---[ end trace 8d37bff5680e79fa ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled

The following program was generated by syz-repro and reproduces the crash:

http://pastebin.com/vE6cXzEg

-- 
Joe Bisch
HPE Linux, Hewlett Packard Enterprise

next             reply	other threads:[~2016-10-05 21:03 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-10-05 21:03 Joseph Bisch [this message]
2016-10-05 22:04 ` kernel BUG at fs/direct-io.c:211! in next-20160930 Al Viro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20161005210345.GA3192@hpe.com \
    --to=joseph.bisch@hpe.com \
    --cc=ajames@hpe.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=lkml@vger.kernel.org \
    --cc=syzkaller@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.