logfs: GPF in logfs_init_inode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

The following program trigger GPF in logfs_init_inode:

// autogenerated by syzkaller (http://github.com/google/syzkaller)
#include <unistd.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/mount.h>

int main()
{
  mknodat(AT_FDCWD, "./bus", S_IFBLK, makedev(1, 0));
  mount("./bus", "./bus", "logfs", MS_RELATIME, 0);
  return 0;
}


general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN
Modules linked in:
CPU: 3 PID: 14978 Comm: syz-executor Not tainted 4.8.0-rc3-next-20160825+ #8
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88006a6c2180 task.stack: ffff880062f08000
RIP: 0010:[<ffffffff8213c531>]  [<     inline     >] i_uid_write
include/linux/fs.h:1464
RIP: 0010:[<ffffffff8213c531>]  [<ffffffff8213c531>]
logfs_init_inode.isra.6+0x111/0x470 fs/logfs/inode.c:212
RSP: 0018:ffff880062f0fae8  EFLAGS: 00010206
RAX: dffffc0000000000 RBX: ffff880050bab9d0 RCX: ffffc900021d0000
RDX: 000000000000011b RSI: ffff88006a6c29c0 RDI: 00000000000008d8
RBP: ffff880062f0fb10 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff880050babde8
R13: 0000000000000000 R14: ffff8800681fb400 R15: ffff88006bea29c0
FS:  00007f008ad88700(0000) GS:ffff88006d300000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000000 CR3: 00000000387a3000 CR4: 00000000000006e0
DR0: 000000000000001e DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Stack:
 ffff8800667fca00 ffffffff8213c890 ffff880050bab9d0 ffffffff8213c890
 ffff88006bea2a00 ffff880062f0fb28 ffffffff8213c8c0 ffff8800667fca00
 ffff880062f0fb48 ffffffff818bc211 ffff8800667fca00 0000000000000000
Call Trace:
 [<ffffffff8213c8c0>] logfs_alloc_inode+0x30/0x40 fs/logfs/inode.c:234
 [<ffffffff818bc211>] alloc_inode+0x61/0x180 fs/inode.c:205
 [<ffffffff818c29e7>] new_inode_pseudo+0x17/0xe0 fs/inode.c:887
 [<ffffffff818c2acc>] new_inode+0x1c/0x40 fs/inode.c:916
 [<ffffffff8213d0f1>] logfs_new_meta_inode+0x21/0x120 fs/logfs/inode.c:267
 [<ffffffff82156ac2>] logfs_init_mapping+0x42/0x150 fs/logfs/segment.c:912
 [<     inline     >] logfs_read_sb fs/logfs/super.c:446
 [<     inline     >] logfs_get_sb_device fs/logfs/super.c:546
 [<ffffffff82159859>] logfs_mount+0x549/0x1b40 fs/logfs/super.c:600
 [<ffffffff8186e8cb>] mount_fs+0x9b/0x2f0 fs/super.c:1177
 [<ffffffff818ce5da>] vfs_kern_mount+0x7a/0x3e0 fs/namespace.c:948
 [<     inline     >] do_new_mount fs/namespace.c:2393
 [<ffffffff818d63e5>] do_mount+0x3d5/0x26b0 fs/namespace.c:2715
 [<     inline     >] SYSC_mount fs/namespace.c:2907
 [<ffffffff818d90fb>] SyS_mount+0xab/0x120 fs/namespace.c:2884
 [<ffffffff810088ff>] do_syscall_64+0x1df/0x640 arch/x86/entry/common.c:288
 [<ffffffff86e107c3>] entry_SYSCALL64_slow_path+0x25/0x25

On commit 0f98f121e1670eaa2a2fbb675e07d6ba7f0e146f of linux-next.
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux