Hello, The following program trigger GPF in logfs_init_inode: // autogenerated by syzkaller (http://github.com/google/syzkaller) #include <unistd.h> #include <fcntl.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/mount.h> int main() { mknodat(AT_FDCWD, "./bus", S_IFBLK, makedev(1, 0)); mount("./bus", "./bus", "logfs", MS_RELATIME, 0); return 0; } general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN Modules linked in: CPU: 3 PID: 14978 Comm: syz-executor Not tainted 4.8.0-rc3-next-20160825+ #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff88006a6c2180 task.stack: ffff880062f08000 RIP: 0010:[<ffffffff8213c531>] [< inline >] i_uid_write include/linux/fs.h:1464 RIP: 0010:[<ffffffff8213c531>] [<ffffffff8213c531>] logfs_init_inode.isra.6+0x111/0x470 fs/logfs/inode.c:212 RSP: 0018:ffff880062f0fae8 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffff880050bab9d0 RCX: ffffc900021d0000 RDX: 000000000000011b RSI: ffff88006a6c29c0 RDI: 00000000000008d8 RBP: ffff880062f0fb10 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffff880050babde8 R13: 0000000000000000 R14: ffff8800681fb400 R15: ffff88006bea29c0 FS: 00007f008ad88700(0000) GS:ffff88006d300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000000 CR3: 00000000387a3000 CR4: 00000000000006e0 DR0: 000000000000001e DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Stack: ffff8800667fca00 ffffffff8213c890 ffff880050bab9d0 ffffffff8213c890 ffff88006bea2a00 ffff880062f0fb28 ffffffff8213c8c0 ffff8800667fca00 ffff880062f0fb48 ffffffff818bc211 ffff8800667fca00 0000000000000000 Call Trace: [<ffffffff8213c8c0>] logfs_alloc_inode+0x30/0x40 fs/logfs/inode.c:234 [<ffffffff818bc211>] alloc_inode+0x61/0x180 fs/inode.c:205 [<ffffffff818c29e7>] new_inode_pseudo+0x17/0xe0 fs/inode.c:887 [<ffffffff818c2acc>] new_inode+0x1c/0x40 fs/inode.c:916 [<ffffffff8213d0f1>] logfs_new_meta_inode+0x21/0x120 fs/logfs/inode.c:267 [<ffffffff82156ac2>] logfs_init_mapping+0x42/0x150 fs/logfs/segment.c:912 [< inline >] logfs_read_sb fs/logfs/super.c:446 [< inline >] logfs_get_sb_device fs/logfs/super.c:546 [<ffffffff82159859>] logfs_mount+0x549/0x1b40 fs/logfs/super.c:600 [<ffffffff8186e8cb>] mount_fs+0x9b/0x2f0 fs/super.c:1177 [<ffffffff818ce5da>] vfs_kern_mount+0x7a/0x3e0 fs/namespace.c:948 [< inline >] do_new_mount fs/namespace.c:2393 [<ffffffff818d63e5>] do_mount+0x3d5/0x26b0 fs/namespace.c:2715 [< inline >] SYSC_mount fs/namespace.c:2907 [<ffffffff818d90fb>] SyS_mount+0xab/0x120 fs/namespace.c:2884 [<ffffffff810088ff>] do_syscall_64+0x1df/0x640 arch/x86/entry/common.c:288 [<ffffffff86e107c3>] entry_SYSCALL64_slow_path+0x25/0x25 On commit 0f98f121e1670eaa2a2fbb675e07d6ba7f0e146f of linux-next. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html