lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 02 Dec 2015 14:58:21 -0800
From:	James Bottomley <James.Bottomley@...senPartnership.com>
To:	Andrea Gelmini <andrea.gelmini@...ma.net>
Cc:	linux-kernel@...r.kernel.org, linux-scsi@...r.kernel.org
Subject: Re: BUG: KASAN: slab-out-of-bounds in
 ses_enclosure_data_process+0x900/0xe50

On Tue, 2015-12-01 at 21:20 +0100, Andrea Gelmini wrote:
> Hi everybody,
>    and thanks a lot for your work.
> 
>    As soon as I plugged an external WD USB hard drive (details in the attached file)
>    into USB3 port, I've got this (much more info in the attached files).
>    Using commit 2255702db4014d1c69d6037ed7bdad2d2e271985
> 
> Thanks again,
> Andrea
> 
> [  542.582204] ==================================================================
> [  542.582220] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50 [ses] at addr ffff88038c421c12
> [  542.582223] Read of size 1 by task systemd-udevd/4017
> [  542.582225] =============================================================================
> [  542.582227] BUG kmalloc-8 (Not tainted): kasan: bad access detected
> [  542.582228] -----------------------------------------------------------------------------
> 
> [  542.582229] Disabling lock debugging due to kernel taint
> [  542.582236] INFO: Allocated in ses_enclosure_data_process+0x1e6/0xe50 [ses] age=1 cpu=2 pid=4017
> [  542.582243]  ___slab_alloc.constprop.27+0x379/0x3a0
> [  542.582246]  __slab_alloc.isra.24.constprop.26+0x26/0x40
> [  542.582249]  __kmalloc+0x19b/0x1e0
> [  542.582253]  ses_enclosure_data_process+0x1e6/0xe50 [ses]
> [  542.582256]  ses_intf_add+0x9d6/0xe00 [ses]
> [  542.582261]  class_interface_register+0x213/0x350
> [  542.582264]  scsi_register_interface+0x33/0x40
> [  542.582268]  ses_init+0x13/0x1000 [ses]
> [  542.582272]  do_one_initcall+0x13c/0x2f0
> [  542.582277]  do_init_module+0x1d9/0x5bc
> [  542.582280]  load_module+0x6029/0x9230
> [  542.582283]  SyS_finit_module+0x103/0x130
> [  542.582288]  entry_SYSCALL_64_fastpath+0x16/0x75
> [  542.582293] INFO: Freed in sg_clean+0x12e/0x200 age=1 cpu=3 pid=4009
> [  542.582296]  __slab_free+0x292/0x3d0
> [  542.582298]  kfree+0x108/0x120
> [  542.582300]  sg_clean+0x12e/0x200
> [  542.582302]  usb_sg_wait+0x2ad/0x3d0
> [  542.582307]  usb_stor_bulk_transfer_sglist.part.3+0xc4/0x200 [usb_storage]
> [  542.582311]  usb_stor_bulk_srb+0x184/0x280 [usb_storage]
> [  542.582315]  usb_stor_Bulk_transport+0x53e/0xf80 [usb_storage]
> [  542.582319]  usb_stor_invoke_transport+0xf2/0x1430 [usb_storage]
> [  542.582323]  usb_stor_transparent_scsi_command+0x9/0x10 [usb_storage]
> [  542.582327]  usb_stor_control_thread+0x530/0xac0 [usb_storage]
> [  542.582332]  kthread+0x1c0/0x260
> [  542.582335]  ret_from_fork+0x3f/0x70
> [  542.582339] INFO: Slab 0xffffea000e310800 objects=26 used=25 fp=0xffff88038c421e78 flags=0x8000000000004080
> [  542.582341] INFO: Object 0xffff88038c421c08 @offset=7176 fp=0x0000000000000008
> 
> [  542.582345] Bytes b4 ffff88038c421bf8: 01 00 00 00 01 00 00 00 74 97 fd ff 00 00 00 00  ........t.......
> [  542.582348] Object ffff88038c421c08: 08 00 00 00 00 00 00 00                          ........
> [  542.582354] CPU: 2 PID: 4017 Comm: systemd-udevd Tainted: G    B           4.4.0-rc3KASan-00005-g2255702 #5
> [  542.582356] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA3WW (2.63 ) 04/16/2015
> [  542.582361]  ffff88038c420000 ffff8800ac3ff6c0 ffffffff819c3387 ffff88038e404240
> [  542.582365]  ffff8800ac3ff6f0 ffffffff813e22f4 ffff88038e404240 ffffea000e310800
> [  542.582368]  ffff88038c421c08 0000000000000000 ffff8800ac3ff718 ffffffff813e69bf
> [  542.582369] Call Trace:
> [  542.582375]  [<ffffffff819c3387>] dump_stack+0x4b/0x74
> [  542.582378]  [<ffffffff813e22f4>] print_trailer+0xf4/0x150
> [  542.582382]  [<ffffffff813e69bf>] object_err+0x2f/0x40
> [  542.582387]  [<ffffffff813e85fc>] kasan_report_error+0x21c/0x540
> [  542.582392]  [<ffffffffc130842c>] ? ses_recv_diag+0xac/0xe0 [ses]
> [  542.582397]  [<ffffffff813e895e>] __asan_report_load1_noabort+0x3e/0x40
> [  542.582401]  [<ffffffffc1309490>] ? ses_enclosure_data_process+0x900/0xe50 [ses]
> [  542.582406]  [<ffffffffc1309490>] ses_enclosure_data_process+0x900/0xe50 [ses]
> [  542.582412]  [<ffffffff81d5d454>] ? pm_runtime_init+0x364/0x410
> [  542.582417]  [<ffffffffc130a806>] ses_intf_add+0x9d6/0xe00 [ses]
> [  542.582421]  [<ffffffff81d45183>] class_interface_register+0x213/0x350
> [  542.582425]  [<ffffffff81d44f70>] ? class_dev_iter_exit+0x10/0x10
> [  542.582429]  [<ffffffff819f44a0>] ? kvasprintf+0xf0/0xf0
> [  542.582432]  [<ffffffffc1130000>] ? 0xffffffffc1130000
> [  542.582435]  [<ffffffff81dff163>] scsi_register_interface+0x33/0x40
> [  542.582439]  [<ffffffffc1130013>] ses_init+0x13/0x1000 [ses]
> [  542.582443]  [<ffffffff810021ac>] do_one_initcall+0x13c/0x2f0
> [  542.582446]  [<ffffffff81002070>] ? try_to_run_init_process+0x40/0x40
> [  542.582450]  [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [  542.582454]  [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [  542.582458]  [<ffffffff813e7e17>] ? __asan_register_globals+0x87/0xa0
> [  542.582463]  [<ffffffff813199fd>] do_init_module+0x1d9/0x5bc
> [  542.582466]  [<ffffffff8124d669>] load_module+0x6029/0x9230
> [  542.582469]  [<ffffffff81245430>] ? symbol_put_addr+0x50/0x50
> [  542.582475]  [<ffffffff81247640>] ? module_frob_arch_sections+0x20/0x20
> [  542.582479]  [<ffffffff8142de90>] ? open_exec+0x50/0x50
> [  542.582486]  [<ffffffff8111b9ff>] ? ns_capable+0x4f/0xd0
> [  542.582489]  [<ffffffff81250b43>] SyS_finit_module+0x103/0x130
> [  542.582492]  [<ffffffff81250a40>] ? SyS_init_module+0x1d0/0x1d0
> [  542.582497]  [<ffffffff824c6df6>] entry_SYSCALL_64_fastpath+0x16/0x75
> [  542.582498] Memory state around the buggy address:
> [  542.582501]  ffff88038c421b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.582503]  ffff88038c421b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.582506] >ffff88038c421c00: fc 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.582507]                          ^
> [  542.582509]  ffff88038c421c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.582512]  ffff88038c421d00: fc fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
> [  542.582513] ==================================================================
> [  542.582514] ==================================================================
> [  542.582519] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0xe3b/0xe50 [ses] at addr ffff88038c421c13
> [  542.582521] Read of size 1 by task systemd-udevd/4017
> [  542.582521] Read of size 1 by task systemd-udevd/4017
> [  542.582522] =============================================================================
> [  542.582524] BUG kmalloc-8 (Tainted: G    B          ): kasan: bad access detected
> [  542.582525] -----------------------------------------------------------------------------
> 
> [  542.582530] INFO: Allocated in ses_enclosure_data_process+0x1e6/0xe50 [ses] age=1 cpu=2 pid=4017
> [  542.582533]  ___slab_alloc.constprop.27+0x379/0x3a0
> [  542.582536]  __slab_alloc.isra.24.constprop.26+0x26/0x40
> [  542.582539]  __kmalloc+0x19b/0x1e0
> [  542.582542]  ses_enclosure_data_process+0x1e6/0xe50 [ses]
> [  542.582546]  ses_intf_add+0x9d6/0xe00 [ses]
> [  542.582549]  class_interface_register+0x213/0x350
> [  542.582551]  scsi_register_interface+0x33/0x40
> [  542.582555]  ses_init+0x13/0x1000 [ses]
> [  542.582557]  do_one_initcall+0x13c/0x2f0
> [  542.582560]  do_init_module+0x1d9/0x5bc
> [  542.582562]  load_module+0x6029/0x9230
> [  542.582564]  SyS_finit_module+0x103/0x130
> [  542.582568]  entry_SYSCALL_64_fastpath+0x16/0x75
> [  542.582571] INFO: Freed in sg_clean+0x12e/0x200 age=1 cpu=3 pid=4009
> [  542.582574]  __slab_free+0x292/0x3d0
> [  542.582577]  kfree+0x108/0x120
> [  542.582578]  sg_clean+0x12e/0x200
> [  542.582580]  usb_sg_wait+0x2ad/0x3d0
> [  542.582585]  usb_stor_bulk_transfer_sglist.part.3+0xc4/0x200 [usb_storage]
> [  542.582588]  usb_stor_bulk_srb+0x184/0x280 [usb_storage]
> [  542.582592]  usb_stor_Bulk_transport+0x53e/0xf80 [usb_storage]
> [  542.582596]  usb_stor_invoke_transport+0xf2/0x1430 [usb_storage]
> [  542.582599]  usb_stor_transparent_scsi_command+0x9/0x10 [usb_storage]
> [  542.582603]  usb_stor_control_thread+0x530/0xac0 [usb_storage]
> [  542.582606]  kthread+0x1c0/0x260
> [  542.582610]  ret_from_fork+0x3f/0x70
> [  542.582612] INFO: Slab 0xffffea000e310800 objects=26 used=25 fp=0xffff88038c421e78 flags=0x8000000000004080
> [  542.582614] INFO: Object 0xffff88038c421c08 @offset=7176 fp=0x0000000000000008
> 
> [  542.582617] Bytes b4 ffff88038c421bf8: 01 00 00 00 01 00 00 00 74 97 fd ff 00 00 00 00  ........t.......
> [  542.582620] Object ffff88038c421c08: 08 00 00 00 00 00 00 00                          ........
> [  542.582623] CPU: 2 PID: 4017 Comm: systemd-udevd Tainted: G    B           4.4.0-rc3KASan-00005-g2255702 #5
> [  542.582625] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA3WW (2.63 ) 04/16/2015
> [  542.582628]  ffff88038c420000 ffff8800ac3ff6c0 ffffffff819c3387 ffff88038e404240
> [  542.582632]  ffff8800ac3ff6f0 ffffffff813e22f4 ffff88038e404240 ffffea000e310800
> [  542.582635]  ffff88038c421c08 0000000000000000 ffff8800ac3ff718 ffffffff813e69bf
> [  542.582636] Call Trace:
> [  542.582639]  [<ffffffff819c3387>] dump_stack+0x4b/0x74
> [  542.582642]  [<ffffffff813e22f4>] print_trailer+0xf4/0x150
> [  542.582645]  [<ffffffff813e69bf>] object_err+0x2f/0x40
> [  542.582649]  [<ffffffff813e85fc>] kasan_report_error+0x21c/0x540
> [  542.582654]  [<ffffffff813e895e>] __asan_report_load1_noabort+0x3e/0x40
> [  542.582659]  [<ffffffffc13099cb>] ? ses_enclosure_data_process+0xe3b/0xe50 [ses]
> [  542.582663]  [<ffffffffc13099cb>] ses_enclosure_data_process+0xe3b/0xe50 [ses]
> [  542.582667]  [<ffffffff81d5d454>] ? pm_runtime_init+0x364/0x410
> [  542.582672]  [<ffffffffc130a806>] ses_intf_add+0x9d6/0xe00 [ses]
> [  542.582676]  [<ffffffff81d45183>] class_interface_register+0x213/0x350
> [  542.582680]  [<ffffffff81d44f70>] ? class_dev_iter_exit+0x10/0x10
> [  542.582683]  [<ffffffff819f44a0>] ? kvasprintf+0xf0/0xf0
> [  542.582686]  [<ffffffffc1130000>] ? 0xffffffffc1130000
> [  542.582689]  [<ffffffff81dff163>] scsi_register_interface+0x33/0x40
> [  542.582693]  [<ffffffffc1130013>] ses_init+0x13/0x1000 [ses]
> [  542.582696]  [<ffffffff810021ac>] do_one_initcall+0x13c/0x2f0
> [  542.582699]  [<ffffffff81002070>] ? try_to_run_init_process+0x40/0x40
> [  542.582703]  [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [  542.582707]  [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [  542.582711]  [<ffffffff813e7e17>] ? __asan_register_globals+0x87/0xa0
> [  542.582715]  [<ffffffff813199fd>] do_init_module+0x1d9/0x5bc
> [  542.582718]  [<ffffffff8124d669>] load_module+0x6029/0x9230
> [  542.582721]  [<ffffffff81245430>] ? symbol_put_addr+0x50/0x50
> [  542.582727]  [<ffffffff81247640>] ? module_frob_arch_sections+0x20/0x20
> [  542.582730]  [<ffffffff8142de90>] ? open_exec+0x50/0x50
> [  542.582735]  [<ffffffff8111b9ff>] ? ns_capable+0x4f/0xd0
> [  542.582738]  [<ffffffff81250b43>] SyS_finit_module+0x103/0x130
> [  542.582741]  [<ffffffff81250a40>] ? SyS_init_module+0x1d0/0x1d0
> [  542.582746]  [<ffffffff824c6df6>] entry_SYSCALL_64_fastpath+0x16/0x75
> [  542.582747] Memory state around the buggy address:
> [  542.582750]  ffff88038c421b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.582752]  ffff88038c421b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.582754] >ffff88038c421c00: fc 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.582755]                          ^
> [  542.582757]  ffff88038c421c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.582759]  ffff88038c421d00: fc fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
> [  542.582760] ==================================================================
> [  542.584193] ==================================================================
> [  542.584206] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50 [ses] at addr ffff88038c421c12
> [  542.584209] Read of size 1 by task systemd-udevd/4017
> [  542.584210] =============================================================================
> [  542.584212] BUG kmalloc-8 (Tainted: G    B          ): kasan: bad access detected
> [  542.584213] -----------------------------------------------------------------------------
> 
> [  542.584219] INFO: Allocated in ses_enclosure_data_process+0x1e6/0xe50 [ses] age=1 cpu=2 pid=4017
> [  542.584223]  ___slab_alloc.constprop.27+0x379/0x3a0
> [  542.584226]  __slab_alloc.isra.24.constprop.26+0x26/0x40
> [  542.584229]  __kmalloc+0x19b/0x1e0
> [  542.584232]  ses_enclosure_data_process+0x1e6/0xe50 [ses]
> [  542.584236]  ses_match_to_enclosure+0xb5/0x450 [ses]
> [  542.584239]  ses_intf_add+0xaa0/0xe00 [ses]
> [  542.584243]  class_interface_register+0x213/0x350
> [  542.584245]  scsi_register_interface+0x33/0x40
> [  542.584249]  ses_init+0x13/0x1000 [ses]
> [  542.584252]  do_one_initcall+0x13c/0x2f0
> [  542.584255]  do_init_module+0x1d9/0x5bc
> [  542.584258]  load_module+0x6029/0x9230
> [  542.584260]  SyS_finit_module+0x103/0x130
> [  542.584264]  entry_SYSCALL_64_fastpath+0x16/0x75
> [  542.584267] INFO: Freed in sg_clean+0x12e/0x200 age=1 cpu=3 pid=4009
> [  542.584270]  __slab_free+0x292/0x3d0
> [  542.584273]  kfree+0x108/0x120
> [  542.584275]  sg_clean+0x12e/0x200
> [  542.584277]  usb_sg_wait+0x2ad/0x3d0
> [  542.584281]  usb_stor_bulk_transfer_sglist.part.3+0xc4/0x200 [usb_storage]
> [  542.584285]  usb_stor_bulk_srb+0x184/0x280 [usb_storage]
> [  542.584288]  usb_stor_Bulk_transport+0x53e/0xf80 [usb_storage]
> [  542.584292]  usb_stor_invoke_transport+0xf2/0x1430 [usb_storage]
> [  542.584296]  usb_stor_transparent_scsi_command+0x9/0x10 [usb_storage]
> [  542.584300]  usb_stor_control_thread+0x530/0xac0 [usb_storage]
> [  542.584303]  kthread+0x1c0/0x260
> [  542.584307]  ret_from_fork+0x3f/0x70
> [  542.584310] INFO: Slab 0xffffea000e310800 objects=26 used=25 fp=0xffff88038c421e78 flags=0x8000000000004080
> [  542.584311] INFO: Object 0xffff88038c421c08 @offset=7176 fp=0x0000000000000008
> 
> [  542.584315] Bytes b4 ffff88038c421bf8: 01 00 00 00 01 00 00 00 74 97 fd ff 00 00 00 00  ........t.......
> [  542.584317] Object ffff88038c421c08: 08 00 00 00 00 00 00 00                          ........
> [  542.584321] CPU: 2 PID: 4017 Comm: systemd-udevd Tainted: G    B           4.4.0-rc3KASan-00005-g2255702 #5
> [  542.584323] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA3WW (2.63 ) 04/16/2015
> [  542.584327]  ffff88038c420000 ffff8800ac3ff5f8 ffffffff819c3387 ffff88038e404240
> [  542.584331]  ffff8800ac3ff628 ffffffff813e22f4 ffff88038e404240 ffffea000e310800
> [  542.584334]  ffff88038c421c08 0000000000000000 ffff8800ac3ff650 ffffffff813e69bf
> [  542.584335] Call Trace:
> [  542.584338]  [<ffffffff819c3387>] dump_stack+0x4b/0x74
> [  542.584342]  [<ffffffff813e22f4>] print_trailer+0xf4/0x150
> [  542.584345]  [<ffffffff813e69bf>] object_err+0x2f/0x40
> [  542.584349]  [<ffffffff813e85fc>] kasan_report_error+0x21c/0x540
> [  542.584354]  [<ffffffffc130842c>] ? ses_recv_diag+0xac/0xe0 [ses]
> [  542.584358]  [<ffffffff813e895e>] __asan_report_load1_noabort+0x3e/0x40
> [  542.584363]  [<ffffffffc1309490>] ? ses_enclosure_data_process+0x900/0xe50 [ses]
> [  542.584367]  [<ffffffffc1309490>] ses_enclosure_data_process+0x900/0xe50 [ses]
> [  542.584371]  [<ffffffff813e884a>] ? kasan_report_error+0x46a/0x540
> [  542.584376]  [<ffffffffc1309a95>] ses_match_to_enclosure+0xb5/0x450 [ses]
> [  542.584380]  [<ffffffffc13093b0>] ? ses_enclosure_data_process+0x820/0xe50 [ses]
> [  542.584385]  [<ffffffffc13099e0>] ? ses_enclosure_data_process+0xe50/0xe50 [ses]
> [  542.584389]  [<ffffffff81dd1a13>] ? __scsi_iterate_devices+0xf3/0x240
> [  542.584394]  [<ffffffffc130a8d0>] ses_intf_add+0xaa0/0xe00 [ses]
> [  542.584398]  [<ffffffff81d45183>] class_interface_register+0x213/0x350
> [  542.584402]  [<ffffffff81d44f70>] ? class_dev_iter_exit+0x10/0x10
> [  542.584405]  [<ffffffff819f44a0>] ? kvasprintf+0xf0/0xf0
> [  542.584408]  [<ffffffffc1130000>] ? 0xffffffffc1130000
> [  542.584411]  [<ffffffff81dff163>] scsi_register_interface+0x33/0x40
> [  542.584415]  [<ffffffffc1130013>] ses_init+0x13/0x1000 [ses]
> [  542.584418]  [<ffffffff810021ac>] do_one_initcall+0x13c/0x2f0
> [  542.584421]  [<ffffffff81002070>] ? try_to_run_init_process+0x40/0x40
> [  542.584425]  [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [  542.584429]  [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [  542.584433]  [<ffffffff813e7e17>] ? __asan_register_globals+0x87/0xa0
> [  542.584438]  [<ffffffff813199fd>] do_init_module+0x1d9/0x5bc
> [  542.584441]  [<ffffffff8124d669>] load_module+0x6029/0x9230
> [  542.584444]  [<ffffffff81245430>] ? symbol_put_addr+0x50/0x50
> [  542.584450]  [<ffffffff81247640>] ? module_frob_arch_sections+0x20/0x20
> [  542.584453]  [<ffffffff8142de90>] ? open_exec+0x50/0x50
> [  542.584458]  [<ffffffff8111b9ff>] ? ns_capable+0x4f/0xd0
> [  542.584461]  [<ffffffff81250b43>] SyS_finit_module+0x103/0x130
> [  542.584464]  [<ffffffff81250a40>] ? SyS_init_module+0x1d0/0x1d0
> [  542.584469]  [<ffffffff824c6df6>] entry_SYSCALL_64_fastpath+0x16/0x75
> [  542.584470] Memory state around the buggy address:
> [  542.584473]  ffff88038c421b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.584475]  ffff88038c421b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.584478] >ffff88038c421c00: fc 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.584479]                          ^
> [  542.584481]  ffff88038c421c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.584483]  ffff88038c421d00: fc fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
> [  542.584484] ==================================================================
> [  542.584485] ==================================================================
> [  542.584490] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0xe3b/0xe50 [ses] at addr ffff88038c421c13
> [  542.584492] Read of size 1 by task systemd-udevd/4017
> [  542.584493] =============================================================================
> [  542.584495] BUG kmalloc-8 (Tainted: G    B          ): kasan: bad access detected
> [  542.584496] -----------------------------------------------------------------------------
> 
> [  542.584501] INFO: Allocated in ses_enclosure_data_process+0x1e6/0xe50 [ses] age=1 cpu=2 pid=4017
> [  542.584504]  ___slab_alloc.constprop.27+0x379/0x3a0
> [  542.584507]  __slab_alloc.isra.24.constprop.26+0x26/0x40
> [  542.584510]  __kmalloc+0x19b/0x1e0
> [  542.584513]  ses_enclosure_data_process+0x1e6/0xe50 [ses]
> [  542.584517]  ses_match_to_enclosure+0xb5/0x450 [ses]
> [  542.584520]  ses_intf_add+0xaa0/0xe00 [ses]
> [  542.584523]  class_interface_register+0x213/0x350
> [  542.584525]  scsi_register_interface+0x33/0x40
> [  542.584529]  ses_init+0x13/0x1000 [ses]
> [  542.584531]  do_one_initcall+0x13c/0x2f0
> [  542.584534]  do_init_module+0x1d9/0x5bc
> [  542.584536]  load_module+0x6029/0x9230
> [  542.584538]  SyS_finit_module+0x103/0x130
> [  542.584542]  entry_SYSCALL_64_fastpath+0x16/0x75
> [  542.584545] INFO: Freed in sg_clean+0x12e/0x200 age=1 cpu=3 pid=4009
> [  542.584548]  __slab_free+0x292/0x3d0
> [  542.584550]  kfree+0x108/0x120
> [  542.584552]  sg_clean+0x12e/0x200
> [  542.584554]  usb_sg_wait+0x2ad/0x3d0
> [  542.584558]  usb_stor_bulk_transfer_sglist.part.3+0xc4/0x200 [usb_storage]
> [  542.584562]  usb_stor_bulk_srb+0x184/0x280 [usb_storage]
> [  542.584565]  usb_stor_Bulk_transport+0x53e/0xf80 [usb_storage]
> [  542.584569]  usb_stor_invoke_transport+0xf2/0x1430 [usb_storage]
> [  542.584573]  usb_stor_transparent_scsi_command+0x9/0x10 [usb_storage]
> [  542.584577]  usb_stor_control_thread+0x530/0xac0 [usb_storage]
> [  542.584580]  kthread+0x1c0/0x260
> [  542.584583]  ret_from_fork+0x3f/0x70
> [  542.584585] INFO: Slab 0xffffea000e310800 objects=26 used=25 fp=0xffff88038c421e78 flags=0x8000000000004080
> [  542.584587] INFO: Object 0xffff88038c421c08 @offset=7176 fp=0x0000000000000008
> 
> [  542.584590] Bytes b4 ffff88038c421bf8: 01 00 00 00 01 00 00 00 74 97 fd ff 00 00 00 00  ........t.......
> [  542.584592] Object ffff88038c421c08: 08 00 00 00 00 00 00 00                          ........
> [  542.584596] CPU: 2 PID: 4017 Comm: systemd-udevd Tainted: G    B           4.4.0-rc3KASan-00005-g2255702 #5
> [  542.584597] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA3WW (2.63 ) 04/16/2015
> [  542.584601]  ffff88038c420000 ffff8800ac3ff5f8 ffffffff819c3387 ffff88038e404240
> [  542.584604]  ffff8800ac3ff628 ffffffff813e22f4 ffff88038e404240 ffffea000e310800
> [  542.584607]  ffff88038c421c08 0000000000000000 ffff8800ac3ff650 ffffffff813e69bf
> [  542.584608] Call Trace:
> [  542.584611]  [<ffffffff819c3387>] dump_stack+0x4b/0x74
> [  542.584614]  [<ffffffff813e22f4>] print_trailer+0xf4/0x150
> [  542.584617]  [<ffffffff813e69bf>] object_err+0x2f/0x40
> [  542.584621]  [<ffffffff813e85fc>] kasan_report_error+0x21c/0x540
> [  542.584626]  [<ffffffff813e895e>] __asan_report_load1_noabort+0x3e/0x40
> [  542.584630]  [<ffffffffc13099cb>] ? ses_enclosure_data_process+0xe3b/0xe50 [ses]
> [  542.584635]  [<ffffffffc13099cb>] ses_enclosure_data_process+0xe3b/0xe50 [ses]
> [  542.584638]  [<ffffffff813e884a>] ? kasan_report_error+0x46a/0x540
> [  542.584643]  [<ffffffffc1309a95>] ses_match_to_enclosure+0xb5/0x450 [ses]
> [  542.584647]  [<ffffffffc13093b0>] ? ses_enclosure_data_process+0x820/0xe50 [ses]
> [  542.584652]  [<ffffffffc13099e0>] ? ses_enclosure_data_process+0xe50/0xe50 [ses]
> [  542.584655]  [<ffffffff81dd1a13>] ? __scsi_iterate_devices+0xf3/0x240
> [  542.584660]  [<ffffffffc130a8d0>] ses_intf_add+0xaa0/0xe00 [ses]
> [  542.584664]  [<ffffffff81d45183>] class_interface_register+0x213/0x350
> [  542.584668]  [<ffffffff81d44f70>] ? class_dev_iter_exit+0x10/0x10
> [  542.584671]  [<ffffffff819f44a0>] ? kvasprintf+0xf0/0xf0
> [  542.584674]  [<ffffffffc1130000>] ? 0xffffffffc1130000
> [  542.584677]  [<ffffffff81dff163>] scsi_register_interface+0x33/0x40
> [  542.584681]  [<ffffffffc1130013>] ses_init+0x13/0x1000 [ses]
> [  542.584684]  [<ffffffff810021ac>] do_one_initcall+0x13c/0x2f0
> [  542.584687]  [<ffffffff81002070>] ? try_to_run_init_process+0x40/0x40
> [  542.584691]  [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [  542.584694]  [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [  542.584698]  [<ffffffff813e7e17>] ? __asan_register_globals+0x87/0xa0
> [  542.584703]  [<ffffffff813199fd>] do_init_module+0x1d9/0x5bc
> [  542.584706]  [<ffffffff8124d669>] load_module+0x6029/0x9230
> [  542.584709]  [<ffffffff81245430>] ? symbol_put_addr+0x50/0x50
> [  542.584715]  [<ffffffff81247640>] ? module_frob_arch_sections+0x20/0x20
> [  542.584718]  [<ffffffff8142de90>] ? open_exec+0x50/0x50
> [  542.584723]  [<ffffffff8111b9ff>] ? ns_capable+0x4f/0xd0
> [  542.584726]  [<ffffffff81250b43>] SyS_finit_module+0x103/0x130
> [  542.584728]  [<ffffffff81250a40>] ? SyS_init_module+0x1d0/0x1d0
> [  542.584733]  [<ffffffff824c6df6>] entry_SYSCALL_64_fastpath+0x16/0x75
> [  542.584735] Memory state around the buggy address:
> [  542.584737]  ffff88038c421b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.584739]  ffff88038c421b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.584741] >ffff88038c421c00: fc 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.584742]                          ^
> [  542.584744]  ffff88038c421c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [  542.584747]  ffff88038c421d00: fc fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
> [  542.584748] ==================================================================
> [  542.585112] ses 6:0:0:1: Attached Enclosure device
> [  542.897281] sd 6:0:0:0: [sdb] Assuming drive cache: write through
> [  542.975864] sd 6:0:0:0: [sdb] Attached SCSI disk


OK, this looks like some type of problem with a USB enclosure.  It's
probably misreporting something in the mode pages.  can you run sg_ses
on whatever /dev/sg<n> the enclosure turns up as?

Thanks,

James


Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ