xfs integer overflow in kernel >=4.4.8

From: OM
Date: Mon Oct 24 2016 - 22:46:08 EST


Hello, I have attached the output of my findings, with the help of
others. Initially reported on Gentoo Bugzilla here:
https://bugs.gentoo.org/show_bug.cgi?id=584332

Thanks in advance, be well.

emese, sorry for the multiple CC's, also spender's bouncing my mail for
not having a valid hostname set.
[ 177.145398] PAX: end: ffffffffffffffff index: 0
[ 177.145400] PAX: size overflow detected in function invalidate_inode_pages2_range mm/truncate.c:609 cicus.121_227 max, count: 5, decl: un
map_mapping_range; num: 3; context: fndecl;
[ 177.145532] CPU: 2 PID: 3672 Comm: xfs_fsr Not tainted 4.7.10-hardened #2
[ 177.145533] Hardware name: FUJITSU D3417-B1/D3417-B1, BIOS V5.0.0.11 R1.15.0.SR.1 for D3417-B1x 07/19/2016
[ 177.145534] ffffffff8113abcf 44c84602ff0d519d 0000000000000000 ffffc9001227bb40
[ 177.145535] ffffffff814e8245 0000000000000261 44c84602ff0d519d ffffffff81e07e6e
[ 177.145536] ffffffff81e07e98 ffffc9001227bb70 ffffffff81222869 ffffea0040b887c0
[ 177.145538] Call Trace:
[ 177.145542] [<ffffffff8113abcf>] ? dump_stack_print_info+0x94/0xab
[ 177.145545] [<ffffffff814e8245>] dump_stack+0x74/0xbb
[ 177.145546] [<ffffffff81222869>] report_size_overflow+0x3d/0x80
[ 177.145549] [<ffffffff811b36ef>] invalidate_inode_pages2_range+0x2ac/0x559
[ 177.145550] [<ffffffff811b39b4>] invalidate_inode_pages2+0x18/0x28
[ 177.145551] [<ffffffff811b39b4>] ? invalidate_inode_pages2+0x18/0x28
[ 177.145552] [<ffffffff813ea690>] xfs_file_read_iter+0x181/0x232
[ 177.145554] [<ffffffff812199d6>] __vfs_read+0x12b/0x173
[ 177.145556] [<ffffffff8121aa7b>] vfs_read+0x14c/0x210
[ 177.145557] [<ffffffff8121c26e>] sys_read+0x61/0xc0
[ 177.145558] [<ffffffff8121c26e>] ? sys_read+0x61/0xc0
[ 177.145561] [<ffffffff81a4a2d0>] entry_SYSCALL_64_fastpath+0x1a/0xbd
[ 177.145563] [<ffffffff81a4a303>] ? entry_SYSCALL_64_fastpath+0x4d/0xbd
[ 177.185050] PAX: end: ffffffffffffffff index: 54
[ 177.185052] PAX: size overflow detected in function invalidate_inode_pages2_range mm/truncate.c:609 cicus.121_227 max, count: 5, decl: un
map_mapping_range; num: 3; context: fndecl;
[ 177.185210] CPU: 0 PID: 3672 Comm: xfs_fsr Not tainted 4.7.10-hardened #2
[ 177.185210] Hardware name: FUJITSU D3417-B1/D3417-B1, BIOS V5.0.0.11 R1.15.0.SR.1 for D3417-B1x 07/19/2016
[ 177.185211] ffffffff8113abcf 44c84602ff0d519d 0000000000000000 ffffc9001227bb40
[ 177.185213] ffffffff814e8245 0000000000000261 44c84602ff0d519d ffffffff81e07e6e
[ 177.185214] ffffffff81e07e98 ffffc9001227bb70 ffffffff81222869 ffffea0002cfcb00
[ 177.185216] Call Trace:
[ 177.185220] [<ffffffff8113abcf>] ? dump_stack_print_info+0x94/0xab
[ 177.185222] [<ffffffff814e8245>] dump_stack+0x74/0xbb
[ 177.185225] [<ffffffff81222869>] report_size_overflow+0x3d/0x80
[ 177.185227] [<ffffffff811b36ef>] invalidate_inode_pages2_range+0x2ac/0x559
[ 177.185228] [<ffffffff811b39b4>] invalidate_inode_pages2+0x18/0x28
[ 177.185229] [<ffffffff811b39b4>] ? invalidate_inode_pages2+0x18/0x28
[ 177.185231] [<ffffffff813ea690>] xfs_file_read_iter+0x181/0x232
[ 177.185232] [<ffffffff812199d6>] __vfs_read+0x12b/0x173
[ 177.185234] [<ffffffff8121aa7b>] vfs_read+0x14c/0x210
[ 177.185235] [<ffffffff8121c26e>] sys_read+0x61/0xc0
[ 177.185236] [<ffffffff8121c26e>] ? sys_read+0x61/0xc0
[ 177.185239] [<ffffffff81a4a2d0>] entry_SYSCALL_64_fastpath+0x1a/0xbd
[ 177.187000] PAX: end: ffffffffffffffff index: 4a
[ 177.187001] PAX: size overflow detected in function invalidate_inode_pages2_range mm/truncate.c:609 cicus.121_227 max, count: 5, decl: un
map_mapping_range; num: 3; context: fndecl;
[ 177.187193] CPU: 0 PID: 3672 Comm: xfs_fsr Not tainted 4.7.10-hardened #2
[ 177.187193] Hardware name: FUJITSU D3417-B1/D3417-B1, BIOS V5.0.0.11 R1.15.0.SR.1 for D3417-B1x 07/19/2016
[ 177.187194] ffffffff8113abcf 44c84602ff0d519d 0000000000000000 ffffc9001227bae0
[ 177.187195] ffffffff814e8245 0000000000000261 44c84602ff0d519d ffffffff81e07e6e
[ 177.187197] ffffffff81e07e98 ffffc9001227bb10 ffffffff81222869 ffffea0002cb6bc0
[ 177.187212] Call Trace:
[ 177.187215] [<ffffffff8113abcf>] ? dump_stack_print_info+0x94/0xab
[ 177.187217] [<ffffffff814e8245>] dump_stack+0x74/0xbb
[ 177.187220] [<ffffffff81222869>] report_size_overflow+0x3d/0x80
[ 177.187221] [<ffffffff811b36ef>] invalidate_inode_pages2_range+0x2ac/0x559
[ 177.187223] [<ffffffff811b39b4>] invalidate_inode_pages2+0x18/0x28
[ 177.187224] [<ffffffff811b39b4>] ? invalidate_inode_pages2+0x18/0x28
[ 177.187225] [<ffffffff813ea690>] xfs_file_read_iter+0x181/0x232
[ 177.187227] [<ffffffff812199d6>] __vfs_read+0x12b/0x173
[ 177.187228] [<ffffffff8121aa7b>] vfs_read+0x14c/0x210
[ 177.187230] [<ffffffff8121c26e>] sys_read+0x61/0xc0
[ 177.187231] [<ffffffff8121c26e>] ? sys_read+0x61/0xc0
[ 177.187233] [<ffffffff81a4a2d0>] entry_SYSCALL_64_fastpath+0x1a/0xbd
[ 177.187235] [<ffffffff81a4a303>] ? entry_SYSCALL_64_fastpath+0x4d/0xbd
[ 177.188987] PAX: end: ffffffffffffffff index: 51
[ 177.191533] PAX: end: ffffffffffffffff index: 51
[ 177.192782] PAX: end: ffffffffffffffff index: 51