Re: [PATCH] block-dev: enable writeback cgroup support
From: Sasha Levin
Date: Fri Jun 24 2016 - 22:33:26 EST
On 02/01/2016 08:50 PM, Shaohua Li wrote:
> block_dev's .writepages/.writepage already handles
> wbc_init_bio/wbc_account_io. We only set the SB_I_CGROUPWB bit to
> suppport writeback cgroup support.
>
> Signed-off-by: Shaohua Li <shli@xxxxxx>
Hey Shaohua,
I'm seeing the following while fuzzing:
[ 496.950320] kasan: CONFIG_KASAN_INLINE enabled
[ 496.950952] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 496.950954] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[ 496.950978] Modules linked in:
[ 496.951026] CPU: 4 PID: 8535 Comm: syz-executor Tainted: G W 4.7.0-rc4-next-20160624-sasha-00024-gdee1616 #3132
[ 496.951051] task: ffff8801bb0a9000 ti: ffff8801b5b70000 task.ti: ffff8801b5b70000
[ 496.951406] RIP: bd_mount (fs/block_dev.c:663)
[ 496.951423] RSP: 0018:ffff8801b5b77c48 EFLAGS: 00010207
[ 496.951437] RAX: dffffc0000000000 RBX: ffffffffffffffff RCX: 0000000000000000
[ 496.951452] RDX: 000000000000000c RSI: ffffffffaa2dc3e0 RDI: 0000000000000067
[ 496.951466] RBP: ffff8801b5b77c58 R08: ffff8801c45b8008 R09: 0000000000000000
[ 496.951522] R10: ffffed00190c9c00 R11: 0000000000000000 R12: ffffffffabba6360
[ 496.951533] R13: ffff8800c79c92b8 R14: ffff8800c864e000 R15: 0000000000008011
[ 496.951545] FS: 00007fc253974700(0000) GS:ffff8801d4100000(0000) knlGS:0000000000000000
[ 496.951553] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 496.951561] CR2: 00000000006f0000 CR3: 00000001b876c000 CR4: 00000000000406a0
[ 496.951577] Stack:
[ 496.951593] ffff8801d0af1160 ffffffffabba6360 ffff8801b5b77c98 ffffffff9d831a20
[ 496.951607] 00000000000024ee ffff8800c1b1b040 ffffffffabba6360 ffff8800c79c92b8
[ 496.951622] 0000000000008011 fffffffffffffff4 ffff8801b5b77cd8 ffffffff9d88bf7a
[ 496.951625] Call Trace:
[ 496.951660] mount_fs (fs/super.c:1178)
[ 496.951682] vfs_kern_mount (fs/namespace.c:949)
[ 496.951701] do_mount (fs/namespace.c:2393 fs/namespace.c:2714)
[ 496.951733] ? ___slab_alloc (mm/slub.c:2576)
[ 496.951751] ? copy_mount_string (fs/namespace.c:2645)
[ 496.953177] ? preempt_schedule_irq (./arch/x86/include/asm/bitops.h:311 include/linux/thread_info.h:92 include/linux/sched.h:3269 kernel/sched/core.c:3535)
[ 496.953447] ? __sanitizer_cov_trace_pc (kernel/kcov.c:72)
[ 496.953469] ? copy_mount_options (fs/namespace.c:2622)
[ 496.953486] SyS_mount (fs/namespace.c:2908 fs/namespace.c:2883)
[ 496.953501] ? copy_mnt_ns (fs/namespace.c:2883)
[ 496.953542] do_syscall_64 (arch/x86/entry/common.c:284)
[ 496.953560] entry_SYSCALL64_slow_path (arch/x86/entry/entry_64.S:251)
[ 496.953700] Code: a0 d9 73 a7 e8 43 e8 fc ff 48 85 c0 48 89 c3 74 63 e8 86 54 cf ff 48 8d 7b 68 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 74 05 e8 c6 9b ed ff 4c 8b 63 68 4d 85 e4 75 0e 31
All code
========
0: a0 d9 73 a7 e8 43 e8 movabs 0xfffce843e8a773d9,%al
7: fc ff
9: 48 85 c0 test %rax,%rax
c: 48 89 c3 mov %rax,%rbx
f: 74 63 je 0x74
11: e8 86 54 cf ff callq 0xffffffffffcf549c
16: 48 8d 7b 68 lea 0x68(%rbx),%rdi
1a: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
21: fc ff df
24: 48 89 fa mov %rdi,%rdx
27: 48 c1 ea 03 shr $0x3,%rdx
2b:* 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2f: 74 05 je 0x36
31: e8 c6 9b ed ff callq 0xffffffffffed9bfc
36: 4c 8b 63 68 mov 0x68(%rbx),%r12
3a: 4d 85 e4 test %r12,%r12
3d: 75 0e jne 0x4d
3f: 31 00 xor %eax,(%rax)
Code starting with the faulting instruction
===========================================
0: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1)
4: 74 05 je 0xb
6: e8 c6 9b ed ff callq 0xffffffffffed9bd1
b: 4c 8b 63 68 mov 0x68(%rbx),%r12
f: 4d 85 e4 test %r12,%r12
12: 75 0e jne 0x22
14: 31 00 xor %eax,(%rax)
[ 496.953718] RIP bd_mount (fs/block_dev.c:663)
[ 496.953723] RSP <ffff8801b5b77c48>