From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from zeniv.linux.org.uk ([195.92.253.2]:44186 "EHLO
        ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S934621AbcJEWEF (ORCPT
        <rfc822;linux-fsdevel@vger.kernel.org>);
        Wed, 5 Oct 2016 18:04:05 -0400
Date: Wed, 5 Oct 2016 23:04:02 +0100
From: Al Viro <viro@ZenIV.linux.org.uk>
To: Joseph Bisch <joseph.bisch@hpe.com>
Cc: linux-fsdevel@vger.kernel.org, ajames@hpe.com,
        syzkaller@googlegroups.com, lkml@vger.kernel.org
Subject: Re: kernel BUG at fs/direct-io.c:211! in next-20160930
Message-ID: <20161005220401.GG19539@ZenIV.linux.org.uk>
References: <20161005210345.GA3192@hpe.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20161005210345.GA3192@hpe.com>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Wed, Oct 05, 2016 at 03:03:46PM -0600, Joseph Bisch wrote:
> While fuzzing next-20160930 with syzkaller I encountered the following:
> 
> kernel BUG at fs/direct-io.c:211!
> invalid opcode: 0000 [#1] SMP

Should've been fixed in current -next - it's handling of iov_iter_get_pages()
n ITER_PIPE iterators when they get full; the things to watch for are
a) __pipe_get_pages() containing
        size_t n = push_pipe(i, maxsize, &idx, start);
        if (!n)
                return -EFAULT;
and
b) "consistent treatment of EFAULT on O_DIRECT read/write" applied in
fs/direct-io.c