From: Sasha Levin <sasha.levin@oracle.com>
To: linux-fsdevel@vger.kernel.org
Cc: LKML <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
slava@dubeyko.com, Kent Overstreet <kmo@daterainc.com>,
Al Viro <viro@ZenIV.linux.org.uk>
Subject: hfsplus: kernel panic in hfsplus_brec_lenoff
Date: Thu, 09 Jan 2014 18:12:44 -0500 [thread overview]
Message-ID: <52CF2CEC.3010003@oracle.com> (raw)
Hi all,
While fuzzing with trinity inside a KVM tools guest running latest -next kernel
I've stumbled on the following spew:
[ 5835.181300] BUG: unable to handle kernel paging request at ffff880055a3cffa
[ 5835.182211] IP: [<ffffffff81adbb42>] memcpy+0x12/0x110
[ 5835.182723] PGD 8d98067 PUD 22fc82067 PMD 22fbd4067 PTE 8000000055a3c060
[ 5835.183547] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
[ 5835.184143] Dumping ftrace buffer:
[ 5835.184561] (ftrace buffer empty)
[ 5835.184914] Modules linked in:
[ 5835.185338] CPU: 2 PID: 29032 Comm: trinity-main Tainted: G W
3.13.0-rc7-next-20140108-sasha-00011-g249c5bb-dirty #51
[ 5835.186436] task: ffff88005fe23000 ti: ffff88005d2da000 task.ti: ffff88005d2da000
[ 5835.190087] RIP: 0010:[<ffffffff81adbb42>] [<ffffffff81adbb42>] memcpy+0x12/0x110
[ 5835.190087] RSP: 0018:ffff88005d2db9c0 EFLAGS: 00010202
[ 5835.190087] RAX: ffff88005d2dba28 RBX: ffff88005d2dba28 RCX: 0000000000000004
[ 5835.190868] RDX: 0000000000000004 RSI: ffff880055a3cffa RDI: ffff88005d2dba28
[ 5835.190868] RBP: ffff88005d2dba18 R08: 0000000000000012 R09: ffff880000000000
[ 5835.190868] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000004
[ 5835.190868] R13: 0000000000000004 R14: 0000000000000004 R15: ffff88005d1c9860
[ 5835.190868] FS: 00007fa01dd66700(0000) GS:ffff88005f000000(0000) knlGS:0000000000000000
[ 5835.190868] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 5835.190868] CR2: ffff880055a3cffa CR3: 0000000058f2c000 CR4: 00000000000006e0
[ 5835.190868] DR0: 0000000000697000 DR1: 0000000000000000 DR2: 0000000000000000
[ 5835.190868] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[ 5835.190868] Stack:
[ 5835.190868] ffffffff8149dbf0 ffff880000000000 0000160000000000 0000000000000012
[ 5835.190868] ffffea0001568f00 ffff88005d1c9888 ffff88005d2dba76 ffff88005d1c9860
[ 5835.190868] 0000000000000001 ffffffff8149fcd0 ffff88005d2dba76 ffff88005d2dba48
[ 5835.190868] Call Trace:
[ 5835.190868] [<ffffffff8149dbf0>] ? hfsplus_bnode_read+0xb0/0x140
[ 5835.190868] [<ffffffff8149fcd0>] ? hfsplus_brec_keylen+0xc0/0xc0
[ 5835.190868] [<ffffffff8149ee73>] hfsplus_brec_lenoff+0x33/0x50
[ 5835.190868] [<ffffffff8149e0cc>] ? hfsplus_bnode_find+0x5c/0x2b0
[ 5835.190868] [<ffffffff8149fdb7>] __hfsplus_brec_find+0x67/0x150
[ 5835.190868] [<ffffffff811a24cd>] ? trace_hardirqs_on+0xd/0x10
[ 5835.190868] [<ffffffff814a02fd>] ? hfsplus_find_init+0x6d/0xb0
[ 5835.190868] [<ffffffff814a00cc>] hfsplus_brec_find+0xac/0x140
[ 5835.190868] [<ffffffff81183e05>] ? sched_clock_local+0x25/0x90
[ 5835.190868] [<ffffffff8149fcd0>] ? hfsplus_brec_keylen+0xc0/0xc0
[ 5835.190868] [<ffffffff8149baff>] hfsplus_readdir+0x9f/0x480
[ 5835.190868] [<ffffffff811e68e6>] ? __module_text_address+0x16/0x70
[ 5835.190868] [<ffffffff811e6970>] ? is_module_text_address+0x30/0x60
[ 5835.190868] [<ffffffff810b7214>] ? kvm_clock_read+0x24/0x50
[ 5835.190868] [<ffffffff81077eed>] ? sched_clock+0x1d/0x30
[ 5835.190868] [<ffffffff81183e05>] ? sched_clock_local+0x25/0x90
[ 5835.190868] [<ffffffff810b7214>] ? kvm_clock_read+0x24/0x50
[ 5835.190868] [<ffffffff81077eed>] ? sched_clock+0x1d/0x30
[ 5835.190868] [<ffffffff810b7214>] ? kvm_clock_read+0x24/0x50
[ 5835.190868] [<ffffffff81077eed>] ? sched_clock+0x1d/0x30
[ 5835.190868] [<ffffffff81183e05>] ? sched_clock_local+0x25/0x90
[ 5835.190868] [<ffffffff81183f78>] ? sched_clock_cpu+0x108/0x120
[ 5835.190868] [<ffffffff811a3b2a>] ? __lock_acquire+0x4ca/0x580
[ 5835.190868] [<ffffffff8119cf3a>] ? get_lock_stats+0x2a/0x60
[ 5835.190868] [<ffffffff811a1ef9>] ? mark_held_locks+0x109/0x140
[ 5835.190868] [<ffffffff846231d8>] ? mutex_lock_killable_nested+0x4b8/0x620
[ 5835.190868] [<ffffffff811a24cd>] ? trace_hardirqs_on+0xd/0x10
[ 5835.190868] [<ffffffff8462320f>] ? mutex_lock_killable_nested+0x4ef/0x620
[ 5835.190868] [<ffffffff812fc83b>] ? iterate_dir+0x5b/0xe0
[ 5835.190868] [<ffffffff812fc83b>] ? iterate_dir+0x5b/0xe0
[ 5835.190868] [<ffffffff812fc864>] iterate_dir+0x84/0xe0
[ 5835.190868] [<ffffffff812fca40>] SyS_getdents+0x90/0x100
[ 5835.190868] [<ffffffff812fcb40>] ? SyS_old_readdir+0x90/0x90
[ 5835.190868] [<ffffffff84630610>] tracesys+0xdd/0xe2
[ 5835.190868] Code: b6 c0 eb 07 0f 1f 44 00 00 31 c0 48 83 c4 08 5b c9 c3 90 90 90 90 90 90 90 48
89 f8 48 89 d1 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 <f3> a4 c3 20 4c 8b 06 4c 8b 4e 08 4c 8b 56 10 4c
8b 5e 18 48 8d
[ 5835.190868] RIP [<ffffffff81adbb42>] memcpy+0x12/0x110
[ 5835.190868] RSP <ffff88005d2db9c0>
[ 5835.190868] CR2: ffff880055a3cffa
Thanks,
Sasha
next reply other threads:[~2014-01-09 23:12 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-09 23:12 Sasha Levin [this message]
2014-01-10 7:11 ` hfsplus: kernel panic in hfsplus_brec_lenoff Vyacheslav Dubeyko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52CF2CEC.3010003@oracle.com \
--to=sasha.levin@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=kmo@daterainc.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=slava@dubeyko.com \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.