From: Eric Biggers <ebiggers3@gmail.com>
To: Kaipeng Zeng <kaipeng94@gmail.com>
Cc: viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org,
syzkaller@googlegroups.com,
"Darrick J. Wong" <darrick.wong@oracle.com>
Subject: Re: Kernel WARNING in dio_complete found by syzkaller
Date: Sun, 11 Mar 2018 21:17:18 -0700 [thread overview]
Message-ID: <20180312041718.GB25480@zzz.localdomain> (raw)
In-Reply-To: <CAHk8ZdtCHeYYHkDKfUi0_2__YyNACT5snHOTHhYawrMLS1+mrA@mail.gmail.com>
Hi Kaipeng,
On Mon, Mar 12, 2018 at 12:02:12PM +0800, Kaipeng Zeng wrote:
> Kernel version: 4.14.0
> Kernel configure: defconfig
> syzkaller crepro:
> // autogenerated by syzkaller (http://github.com/google/syzkaller)
>
[...]
> ------------[ cut here ]------------
> WARNING: CPU: 0 PID: 6473 at
> /root/linux-source-4.14/fs/direct-io.c:293 dio_complete+0x58e/0x840
> Kernel panic - not syncing: panic_on_warn set ...
>
> CPU: 0 PID: 6473 Comm: syz-executor0 Not tainted 4.14.7 #1
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
> Call Trace:
> dump_stack+0x83/0xb8
> panic+0x1bc/0x3b1
> __warn+0x1c9/0x1e0
> report_bug+0x213/0x2d0
> fixup_bug.part.12+0x3c/0x90
> do_error_trap+0x65/0xb0
> do_invalid_op+0x20/0x30
> invalid_op+0x18/0x20
> RIP: 0010:dio_complete+0x58e/0x840
> RSP: 0018:ffff880065e1f5c8 EFLAGS: 00010287
> RAX: 0000000000010000 RBX: ffff880037e14340 RCX: ffffc90000576000
> RDX: 0000000000002359 RSI: ffffffff8176382e RDI: ffff880062e4166c
> RBP: ffff880065e1f610 R08: ffff880065e1f430 R09: ffff88003d8013c0
> R10: ffff880065e1f117 R11: ffffed000cbc3e23 R12: ffff880062e417d8
> R13: 0000000000001000 R14: 0000000000000000 R15: 0000000000001000
> do_blockdev_direct_IO+0x6239/0x7f90
> __blockdev_direct_IO+0xa2/0xd0
> ext4_direct_IO+0x7b5/0x1290 [ext4]
> generic_file_direct_write+0x22a/0x420
> __generic_file_write_iter+0x227/0x5b0
> ext4_file_write_iter+0x2d5/0xf00 [ext4]
> new_sync_write+0x3d5/0x5f0
> __vfs_write+0xe8/0x120
> vfs_write+0x18c/0x500
> SyS_write+0xd8/0x1b0
> system_call_fast_compare_end+0xc/0x97
> RIP: 0033:0x452f39
> RSP: 002b:00007fda76cb7c68 EFLAGS: 00000216 ORIG_RAX: 0000000000000001
> RAX: ffffffffffffffda RBX: 000000000070bea0 RCX: 0000000000452f39
> RDX: 0000000000001000 RSI: 0000000020000000 RDI: 0000000000000013
> RBP: 0000000000000652 R08: 0000000000000000 R09: 0000000000000000
> R10: 0000000000000000 R11: 0000000000000216 R12: 00000000006de850
> R13: 00000000ffffffff R14: 00007fda76cb86d4 R15: 000000000049f371
> Dumping ftrace buffer:
> (ftrace buffer empty)
> Kernel Offset: disabled
This WARN was already removed by commit 5a9d929d6e132 ("iomap: report collisions
between directio and buffered writes to userspace").
As a side note, you generally shouldn't waste time testing v4.14.0. The current
version in the 4.14-stable series is already v4.14.26, so by fuzzing v4.14.0 you
will find bugs that were already fixed.
That being said, this particular fix wasn't Cc'ed to stable so it isn't in
4.14-stable yet. Unless there are objections I suggest sending a request to
stable@vger.kernel.org to have it applied.
Thanks,
Eric
prev parent reply other threads:[~2018-03-12 4:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-12 4:02 Kernel WARNING in dio_complete found by syzkaller Kaipeng Zeng
2018-03-12 4:17 ` Eric Biggers [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180312041718.GB25480@zzz.localdomain \
--to=ebiggers3@gmail.com \
--cc=darrick.wong@oracle.com \
--cc=kaipeng94@gmail.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).