On Mon, Aug 17, 2015 at 12:18:12PM +0300, Andrey Ryabinin wrote: > This bug is similar to recently found bug in 9p: http://thread.gmane.org/gmane.linux.kernel/1931799/focus=1936542 Ow. For those who'd missed that fun: the bug in question had turned out to be caused by improper reuse of request ids, _not_ in the call chain of the triggering syscall. > if (!retval) { > struct iov_iter data = *iter; > retval = mapping->a_ops->direct_IO(iocb, &data, pos); > } > > if (retval > 0) { > *ppos = pos + retval; > iov_iter_advance(iter, retval); > > > So either filemap_write_and_wait_range() Shouldn't - it's supposed to return 0 or -E... > or mapping->a_ops->direct_IO() returned more > than 'count'. Was there DAX involved? ->direct_IO() in there is blkdev_direct_IO(), which takes rather different paths in those cases... > > Also too the file and line number > > (lib/iov_iter.c:511) are completely useless because of inlining, > > though that's not kasan's fault. Might make sense to slap if (WARN_ON(size > iov_iter_count(i))) print size and *i and see if it triggers... -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
