| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <bug-199333-13602@https.bugzilla.kernel.org/>
Date: Tue, 10 Apr 2018 03:30:53 +0000
From: bugzilla-daemon@...zilla.kernel.org
To: linux-ext4@...nel.org
Subject: [Bug 199333] New: use-after-free in ext4_group_desc_csum() when
mounting and operating on a crafted ext4 image
https://bugzilla.kernel.org/show_bug.cgi?id=199333
Bug ID: 199333
Summary: use-after-free in ext4_group_desc_csum() when mounting
and operating on a crafted ext4 image
Product: File System
Version: 2.5
Kernel Version: 4.15.x
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: ext4
Assignee: fs_ext4@...nel-bugs.osdl.org
Reporter: wen.xu@...ech.edu
Regression: No
Created attachment 275253
--> https://bugzilla.kernel.org/attachment.cgi?id=275253&action=edit
The crafted image which causes kernel panic
- Overview
Use-After-Free triggered in crc16() at ext4_group_desc_csum() when mounting and
operating on a crafted ext4 image
- Reproduce (multiple cores)
# mkdir mnt
# mount -t ext4 269.img mnt
# gcc -o poc poc.c
# ./poc ./mnt
- Kernel Log (KASAN report)
Note that this log is generated on the kernel after applying patch in
https://bugzilla.kernel.org/show_bug.cgi?id=199181
[ 345.549928]
==================================================================
[ 345.550011] BUG: KASAN: use-after-free in crc16+0x26/0x60
[ 345.550072] Read of size 1 at addr ffff8800b85fc000 by task poc/1231
[ 345.550161] CPU: 1 PID: 1231 Comm: poc Tainted: G W 4.15.15 #4
[ 345.550162] Hardware name: VMware, Inc. VMware Virtual Platform/440BX
Desktop Reference Platform, BIOS 6.00 07/02/2015
[ 345.550163] Call Trace:
[ 345.550169] dump_stack+0xaf/0x121
[ 345.550173] ? _atomic_dec_and_lock+0xff/0xff
[ 345.550176] print_address_description+0x6a/0x270
[ 345.550179] kasan_report+0x277/0x360
[ 345.550181] ? crc16+0x26/0x60
[ 345.550183] crc16+0x26/0x60
[ 345.550187] ext4_group_desc_csum+0x514/0x5f0
[ 345.550190] ? rcu_sched_qs.part.64+0x50/0x50
[ 345.550194] ?
trace_event_raw_event_ext4_ext_convert_to_initialized_fastpath+0x2c0/0x2c0
[ 345.550196] ? __kernel_text_address+0xe/0x30
[ 345.550199] ? unwind_get_return_address+0x2f/0x50
[ 345.550202] ? _cond_resched+0x16/0x50
[ 345.550205] ? invalid_op+0x1b/0x40
[ 345.550209] ? ext4_block_bitmap_csum_set+0xb1/0x200
[ 345.550212] ? ext4_block_bitmap_csum_set+0x1f3/0x200
[ 345.550216] ? generic_perform_write+0x1d8/0x3b0
[ 345.550218] ? __generic_file_write_iter+0x264/0x2a0
[ 345.550220] ? ext4_file_write_iter+0x2a3/0x820
[ 345.550223] ? ext4_block_bitmap_csum_verify+0x230/0x230
[ 345.550225] ? _raw_write_lock_irqsave+0x30/0x30
[ 345.550228] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 345.550231] ext4_group_desc_csum_set+0x70/0x90
[ 345.550235] ext4_read_block_bitmap_nowait+0x83e/0xc30
[ 345.550239] ? ext4_free_clusters_after_init+0x450/0x450
[ 345.550242] ? memcg_kmem_put_cache+0x6c/0x130
[ 345.550245] ? kasan_unpoison_shadow+0x30/0x40
[ 345.550248] ? kasan_kmalloc+0xa0/0xd0
[ 345.550250] ? __kmalloc+0x104/0x210
[ 345.550253] ext4_mb_init_cache+0x338/0xda0
[ 345.550257] ? ext4_mb_generate_from_pa+0x200/0x200
[ 345.550261] ? pagecache_get_page+0x258/0x560
[ 345.550264] ? add_to_page_cache_lru+0x2d0/0x2d0
[ 345.550267] ? deref_stack_reg+0xa1/0xe0
[ 345.550270] ? __read_once_size_nocheck.constprop.6+0x10/0x10
[ 345.550273] ? __orc_find+0x6b/0xc0
[ 345.550276] ? unwind_next_frame+0x38e/0x9b0
[ 345.550279] ? __save_stack_trace+0x5e/0x100
[ 345.550283] ? trace_raw_output_xdp_redirect_map_err+0x170/0x170
[ 345.550285] ? deref_stack_reg+0xa1/0xe0
[ 345.550288] ? __read_once_size_nocheck.constprop.6+0x10/0x10
[ 345.550291] ? rcu_sched_qs.part.64+0x50/0x50
[ 345.550293] ? wake_up_page_bit+0x2a0/0x2a0
[ 345.550296] ? __is_insn_slot_addr+0x9a/0x150
[ 345.550299] ? __free_insn_slot+0x240/0x240
[ 345.550301] ext4_mb_init_group+0x436/0x5c0
[ 345.550305] ? ext4_mb_init_cache+0xda0/0xda0
[ 345.550307] ? __kernel_text_address+0xe/0x30
[ 345.550310] ? unwind_get_return_address+0x2f/0x50
[ 345.550312] ? __save_stack_trace+0x92/0x100
[ 345.550315] ? ext4_mb_find_by_goal+0x17a/0x7f0
[ 345.550318] ? ext4_mb_use_best_found+0x340/0x340
[ 345.550320] ? save_stack+0x89/0xb0
[ 345.550323] ? kasan_kmalloc+0xa0/0xd0
[ 345.550325] ? kmem_cache_alloc+0xb6/0x1c0
[ 345.550327] ? ext4_mb_new_blocks+0x37a/0x1ab0
[ 345.550329] ? ext4_ext_map_blocks+0xfc5/0x1a70
[ 345.550332] ? ext4_map_blocks+0x63f/0xa10
[ 345.550334] ? _ext4_get_block+0x128/0x2a0
[ 345.550336] ? ext4_block_write_begin+0x2df/0x840
[ 345.550339] ext4_mb_good_group+0x234/0x250
[ 345.550342] ext4_mb_regular_allocator+0x469/0x820
[ 345.550346] ? ext4_mb_complex_scan_group+0x4e0/0x4e0
[ 345.550349] ? __dquot_alloc_space+0x206/0x3e0
[ 345.550352] ? memcg_kmem_put_cache+0x6c/0x130
[ 345.550355] ? kasan_unpoison_shadow+0x30/0x40
[ 345.550358] ? kasan_kmalloc+0xa0/0xd0
[ 345.550361] ext4_mb_new_blocks+0x1013/0x1ab0
[ 345.550364] ? ftrace_ops_trampoline+0xf1/0x170
[ 345.550367] ? __is_insn_slot_addr+0x9a/0x150
[ 345.550370] ? __free_insn_slot+0x240/0x240
[ 345.550373] ? unwind_next_frame+0x38e/0x9b0
[ 345.550375] ? rcu_is_watching+0x81/0xc0
[ 345.550377] ? ext4_discard_preallocations+0xa90/0xa90
[ 345.550380] ? is_bpf_text_address+0xa/0x20
[ 345.550382] ? kernel_text_address+0xec/0x100
[ 345.550384] ? rcu_is_watching+0x81/0xc0
[ 345.550386] ? __kernel_text_address+0xe/0x30
[ 345.550389] ? unwind_get_return_address+0x2f/0x50
[ 345.550391] ? __save_stack_trace+0x92/0x100
[ 345.550394] ? depot_save_stack+0x3b7/0x480
[ 345.550398] ? save_stack+0x89/0xb0
[ 345.550400] ? kasan_kmalloc+0xa0/0xd0
[ 345.550402] ? __kmalloc+0x104/0x210
[ 345.550404] ? ext4_find_extent+0x36b/0x400
[ 345.550406] ? ext4_ext_map_blocks+0x16e/0x1a70
[ 345.550409] ? ext4_map_blocks+0x63f/0xa10
[ 345.550411] ? _ext4_get_block+0x128/0x2a0
[ 345.550413] ? ext4_block_write_begin+0x2df/0x840
[ 345.550416] ? ext4_write_begin+0x33a/0x930
[ 345.550419] ? generic_perform_write+0x1d8/0x3b0
[ 345.550421] ? __generic_file_write_iter+0x264/0x2a0
[ 345.550423] ? ext4_file_write_iter+0x2a3/0x820
[ 345.550425] ? __vfs_write+0x2ac/0x3d0
[ 345.550427] ? vfs_write+0xe9/0x240
[ 345.550429] ? SyS_write+0xb0/0x140
[ 345.550431] ? do_syscall_64+0x17a/0x330
[ 345.550434] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 345.550437] ? kasan_slab_free+0x71/0xc0
[ 345.550439] ? kfree+0x8d/0x190
[ 345.550441] ? ext4_ext_map_blocks+0xac5/0x1a70
[ 345.550443] ? ext4_map_blocks+0x6ac/0xa10
[ 345.550445] ? _ext4_get_block+0x128/0x2a0
[ 345.550448] ? ext4_block_write_begin+0x2df/0x840
[ 345.550450] ? ext4_write_begin+0x33a/0x930
[ 345.550453] ? generic_perform_write+0x1d8/0x3b0
[ 345.550455] ? __generic_file_write_iter+0x264/0x2a0
[ 345.550457] ? ext4_file_write_iter+0x2a3/0x820
[ 345.550459] ? __vfs_write+0x2ac/0x3d0
[ 345.550461] ? vfs_write+0xe9/0x240
[ 345.550463] ? SyS_write+0xb0/0x140
[ 345.550465] ? do_syscall_64+0x17a/0x330
[ 345.550467] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 345.550470] ? ext4_es_find_delayed_extent_range+0x380/0x380
[ 345.550472] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 345.550475] ? __es_tree_search+0x14/0xb0
[ 345.550477] ? ext4_es_find_delayed_extent_range+0x137/0x380
[ 345.550479] ? ext4_es_init_tree+0x30/0x30
[ 345.550481] ? is_bpf_text_address+0xa/0x20
[ 345.550483] ? kernel_text_address+0xe0/0x100
[ 345.550486] ? memcg_kmem_put_cache+0x6c/0x130
[ 345.550489] ? kasan_unpoison_shadow+0x30/0x40
[ 345.550492] ? kasan_kmalloc+0xa0/0xd0
[ 345.550494] ? __kmalloc+0x104/0x210
[ 345.550496] ? ext4_find_extent+0x36b/0x400
[ 345.550499] ? ext4_ext_search_right+0x66/0x480
[ 345.550502] ext4_ext_map_blocks+0xfc5/0x1a70
[ 345.550506] ? ext4_find_delalloc_cluster+0x60/0x60
[ 345.550509] ? unwind_next_frame+0x38e/0x9b0
[ 345.550511] ? __save_stack_trace+0x5e/0x100
[ 345.550515] ? trace_raw_output_xdp_redirect_map_err+0x170/0x170
[ 345.550517] ? deref_stack_reg+0xa1/0xe0
[ 345.550520] ? __read_once_size_nocheck.constprop.6+0x10/0x10
[ 345.550523] ? memcg_kmem_put_cache+0x6c/0x130
[ 345.550525] ? memcg_kmem_get_cache+0x4c0/0x4c0
[ 345.550528] ? kasan_unpoison_shadow+0x30/0x40
[ 345.550531] ? rcu_sched_qs.part.64+0x50/0x50
[ 345.550534] ? ext4_es_lookup_extent+0x168/0x3e0
[ 345.550536] ? ext4_es_cache_extent+0x260/0x260
[ 345.550538] ? _cond_resched+0x16/0x50
[ 345.550540] ? down_write+0x9d/0xd0
[ 345.550542] ? down_read+0xe0/0xe0
[ 345.550545] ? alloc_page_buffers+0x75/0x120
[ 345.550548] ext4_map_blocks+0x63f/0xa10
[ 345.550552] ? ext4_issue_zeroout+0xb0/0xb0
[ 345.550554] ? jbd2_journal_free_reserved+0x60/0x60
[ 345.550556] ? ext4_write_begin+0x256/0x930
[ 345.550559] ? generic_perform_write+0x1d8/0x3b0
[ 345.550561] ? __generic_file_write_iter+0x264/0x2a0
[ 345.550563] ? vfs_write+0xe9/0x240
[ 345.550565] ? SyS_write+0xb0/0x140
[ 345.550568] ? do_syscall_64+0x17a/0x330
[ 345.550570] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 345.550573] _ext4_get_block+0x128/0x2a0
[ 345.550577] ? ext4_map_blocks+0xa10/0xa10
[ 345.550580] ? try_to_release_page+0x1b0/0x1b0
[ 345.550583] ext4_block_write_begin+0x2df/0x840
[ 345.550587] ? _ext4_get_block+0x2a0/0x2a0
[ 345.550590] ? __check_block_validity.constprop.77+0xd0/0xd0
[ 345.550593] ? jbd2__journal_start+0x128/0x3b0
[ 345.550595] ? jbd2__journal_start+0x252/0x3b0
[ 345.550598] ? rcu_sched_qs.part.64+0x50/0x50
[ 345.550600] ? jbd2_write_access_granted.part.9+0x130/0x130
[ 345.550603] ? fsnotify+0x158/0xae0
[ 345.550607] ? __ext4_journal_start_sb+0xdc/0x210
[ 345.550610] ? ext4_write_begin+0x256/0x930
[ 345.550613] ? wait_for_stable_page+0xc7/0x190
[ 345.550615] ? wb_domain_writeout_inc.part.27+0x50/0x50
[ 345.550619] ext4_write_begin+0x33a/0x930
[ 345.550624] ? ext4_truncate+0x860/0x860
[ 345.550626] ? rcu_sched_qs.part.64+0x50/0x50
[ 345.550629] ? rcu_sched_qs.part.64+0x50/0x50
[ 345.550631] ? ext4_xattr_ibody_get+0x91/0x2d0
[ 345.550633] ? ext4_xattr_block_set+0x1c80/0x1c80
[ 345.550635] ? _cond_resched+0x16/0x50
[ 345.550637] ? down_read+0x7a/0xe0
[ 345.550639] ? __down_interruptible+0x3a0/0x3a0
[ 345.550642] ? iov_iter_fault_in_readable+0xb7/0x220
[ 345.550645] ? copy_page_to_iter+0x690/0x690
[ 345.550647] ? ext4_xattr_get+0x10e/0x4b0
[ 345.550650] ? ext4_xattr_ibody_get+0x2d0/0x2d0
[ 345.550653] generic_perform_write+0x1d8/0x3b0
[ 345.550658] ? generic_write_checks+0x2b0/0x2b0
[ 345.550660] ? timespec_trunc+0x5c/0x90
[ 345.550663] ? file_update_time+0x210/0x240
[ 345.550666] ? current_time+0x70/0x70
[ 345.550669] ? __read_once_size_nocheck.constprop.6+0x10/0x10
[ 345.550672] ? page_endio+0x200/0x200
[ 345.550674] ? __is_insn_slot_addr+0x9a/0x150
[ 345.550677] __generic_file_write_iter+0x264/0x2a0
[ 345.550680] ext4_file_write_iter+0x2a3/0x820
[ 345.550683] ? is_bpf_text_address+0xa/0x20
[ 345.550685] ? ext4_file_mmap+0x150/0x150
[ 345.550688] ? unwind_get_return_address+0x2f/0x50
[ 345.550691] ? __save_stack_trace+0x92/0x100
[ 345.550693] ? memcmp+0x45/0x70
[ 345.550695] ? depot_save_stack+0x12d/0x480
[ 345.550699] ? save_stack+0x89/0xb0
[ 345.550702] ? kasan_slab_free+0x71/0xc0
[ 345.550704] ? kmem_cache_free+0x75/0x1e0
[ 345.550706] ? do_sys_open+0x1f0/0x380
[ 345.550708] ? do_syscall_64+0x17a/0x330
[ 345.550711] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 345.550713] ? __alloc_fd+0x2e0/0x380
[ 345.550716] __vfs_write+0x2ac/0x3d0
[ 345.550719] ? kernel_read+0xa0/0xa0
[ 345.550721] ? __fd_install+0x13a/0x260
[ 345.550723] ? get_unused_fd_flags+0x100/0x100
[ 345.550727] ? __fdget_pos+0xa7/0x100
[ 345.550730] vfs_write+0xe9/0x240
[ 345.550733] SyS_write+0xb0/0x140
[ 345.550736] ? SyS_read+0x140/0x140
[ 345.550739] ? SyS_read+0x140/0x140
[ 345.550741] do_syscall_64+0x17a/0x330
[ 345.550744] ? syscall_return_slowpath+0x1e0/0x1e0
[ 345.550747] ? page_fault+0x2f/0x50
[ 345.550749] ? do_page_fault+0x90/0x210
[ 345.550751] ? __do_page_fault+0x6d0/0x6d0
[ 345.550754] ? prepare_exit_to_usermode+0xe8/0x150
[ 345.550757] ? perf_trace_sys_enter+0x4e0/0x4e0
[ 345.550759] ? __put_user_4+0x1c/0x30
[ 345.550762] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 345.550764] RIP: 0033:0x7fbed5e940c4
[ 345.550765] RSP: 002b:00007ffcded713a8 EFLAGS: 00000246 ORIG_RAX:
0000000000000001
[ 345.550768] RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
00007fbed5e940c4
[ 345.550769] RDX: 0000000000000205 RSI: 000056047ca3f040 RDI:
0000000000000003
[ 345.550770] RBP: 00007ffcded71510 R08: 0000000000000003 R09:
0000000000000000
[ 345.550771] R10: 0000000000000000 R11: 0000000000000246 R12:
000056047c83dd30
[ 345.550772] R13: 00007ffcded71610 R14: 0000000000000000 R15:
0000000000000000
[ 345.550796] Allocated by task 1167:
[ 345.550839] kasan_kmalloc+0xa0/0xd0
[ 345.550841] kmem_cache_alloc+0xb6/0x1c0
[ 345.550844] get_empty_filp+0xd9/0x370
[ 345.550846] alloc_file+0x26/0x1c0
[ 345.550849] create_pipe_files+0x327/0x460
[ 345.550851] __do_pipe_flags+0x2c/0x100
[ 345.550853] SyS_pipe+0x7e/0x190
[ 345.550855] do_syscall_64+0x17a/0x330
[ 345.550857] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 345.550878] Freed by task 0:
[ 345.550913] kasan_slab_free+0x71/0xc0
[ 345.550916] kmem_cache_free+0x75/0x1e0
[ 345.550918] rcu_process_callbacks+0x57d/0x950
[ 345.550921] __do_softirq+0x196/0x495
[ 345.550943] The buggy address belongs to the object at ffff8800b85fc000
which belongs to the cache filp(154:user.slice) of size 256
[ 345.551080] The buggy address is located 0 bytes inside of
256-byte region [ffff8800b85fc000, ffff8800b85fc100)
[ 345.551199] The buggy address belongs to the page:
[ 345.551253] page:ffffea0002e17f00 count:1 mapcount:0
mapping:0000000000000000 index:0x0 compound_mapcount: 0
[ 345.551358] flags: 0xfffffc0008100(slab|head)
[ 345.551409] raw: 000fffffc0008100 0000000000000000 0000000000000000
0000000100330033
[ 345.551492] raw: dead000000000100 dead000000000200 ffff8800b1a96bc0
ffff88010482cc80
[ 345.553461] page dumped because: kasan: bad access detected
[ 345.555362] page->mem_cgroup:ffff88010482cc80
[ 345.559625] Memory state around the buggy address:
[ 345.561724] ffff8800b85fbf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
[ 345.564092] ffff8800b85fbf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
[ 345.566783] >ffff8800b85fc000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fb
[ 345.569544] ^
[ 345.572283] ffff8800b85fc080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
fb
[ 345.575072] ffff8800b85fc100: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb
fb
[ 345.578299]
==================================================================
[ 345.579614] Disabling lock debugging due to kernel taint
[ 345.580365] WARNING: CPU: 1 PID: 1231 at fs/ext4/ext4.h:2692
ext4_block_bitmap_csum_verify+0x200/0x230
[ 345.580366] Modules linked in: snd_ens1371 coretemp snd_ac97_codec ac97_bus
intel_rapl_perf vmw_balloon snd_pcm snd_timer btusb snd_rawmidi btrtl uvcvideo
btbcm snd btintel joydev input_leds bluetooth videobuf2_vmalloc
videobuf2_memops videobuf2_v4l2 videobuf2_core serio_raw videodev soundcore
ecdh_generic gameport media shpchp i2c_piix4 mac_hid vmw_vsock_vmci_transport
vsock vmw_vmci ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp
libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_decompress
zstd_compress xxhash raid10 raid456 async_raid6_recov async_memcpy async_pq
async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear vmwgfx
drm_kms_helper crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc
syscopyarea sysfillrect sysimgblt fb_sys_fops ttm aesni_intel
[ 345.580416] aes_x86_64 crypto_simd drm cryptd psmouse glue_helper ahci
libahci e1000 mptspi scsi_transport_spi mptscsih mptbase pata_acpi hid_generic
usbhid hid
[ 345.580429] CPU: 1 PID: 1231 Comm: poc Tainted: G B W 4.15.15 #4
[ 345.580430] Hardware name: VMware, Inc. VMware Virtual Platform/440BX
Desktop Reference Platform, BIOS 6.00 07/02/2015
[ 345.580433] RIP: 0010:ext4_block_bitmap_csum_verify+0x200/0x230
[ 345.580434] RSP: 0018:ffff8800ba46df48 EFLAGS: 00010246
[ 345.580436] RAX: 0000000000000000 RBX: ffff8800b7378000 RCX:
ffffffff8d19019f
[ 345.580437] RDX: dffffc0000000000 RSI: dffffc0000000000 RDI:
ffff8800b73783a8
[ 345.580438] RBP: 1ffff1001748dbec R08: ffffed001748dc10 R09:
ffffed001748dc10
[ 345.580439] R10: 0000000000000002 R11: ffffed001748dc0f R12:
ffff8800b28e6d20
[ 345.580440] R13: dffffc0000000000 R14: ffff8800b85fb800 R15:
ffff8800b73783a8
[ 345.580442] FS: 00007fbed638d500(0000) GS:ffff88010d240000(0000)
knlGS:0000000000000000
[ 345.580443] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 345.580444] CR2: 0000000001d7cda4 CR3: 00000000b82c2002 CR4:
00000000001606e0
[ 345.580476] Call Trace:
[ 345.580481] ? unwind_get_return_address+0x2f/0x50
[ 345.580484] ? ext4_inode_bitmap_csum_set+0x1f0/0x1f0
[ 345.580488] ? _raw_write_lock_irqsave+0x30/0x30
[ 345.580490] ? _cond_resched+0x16/0x50
[ 345.580493] ext4_validate_block_bitmap+0x23d/0x780
[ 345.580496] ? __wake_up_bit+0xdb/0x150
[ 345.580498] ? ext4_has_free_clusters+0x2c0/0x2c0
[ 345.580501] ? ext4_file_write_iter+0x2a3/0x820
[ 345.580503] ? ext4_block_bitmap_csum_verify+0x230/0x230
[ 345.580504] ? _raw_write_lock_irqsave+0x30/0x30
[ 345.580508] ext4_read_block_bitmap_nowait+0x6e5/0xc30
[ 345.580511] ? ext4_free_clusters_after_init+0x450/0x450
[ 345.580515] ? memcg_kmem_put_cache+0x6c/0x130
[ 345.580518] ? kasan_unpoison_shadow+0x30/0x40
[ 345.580520] ? kasan_kmalloc+0xa0/0xd0
[ 345.580522] ? __kmalloc+0x104/0x210
[ 345.580525] ext4_mb_init_cache+0x338/0xda0
[ 345.580528] ? ext4_mb_generate_from_pa+0x200/0x200
[ 345.580532] ? pagecache_get_page+0x258/0x560
[ 345.580534] ? add_to_page_cache_lru+0x2d0/0x2d0
[ 345.580536] ? deref_stack_reg+0xa1/0xe0
[ 345.580538] ? __read_once_size_nocheck.constprop.6+0x10/0x10
[ 345.580540] ? __orc_find+0x6b/0xc0
[ 345.580543] ? unwind_next_frame+0x38e/0x9b0
[ 345.580545] ? __save_stack_trace+0x5e/0x100
[ 345.580549] ? trace_raw_output_xdp_redirect_map_err+0x170/0x170
[ 345.580551] ? deref_stack_reg+0xa1/0xe0
[ 345.580553] ? __read_once_size_nocheck.constprop.6+0x10/0x10
[ 345.580556] ? rcu_sched_qs.part.64+0x50/0x50
[ 345.580558] ? wake_up_page_bit+0x2a0/0x2a0
[ 345.580562] ? __is_insn_slot_addr+0x9a/0x150
[ 345.580564] ? __free_insn_slot+0x240/0x240
[ 345.580565] ext4_mb_init_group+0x436/0x5c0
[ 345.580568] ? ext4_mb_init_cache+0xda0/0xda0
[ 345.580571] ? __kernel_text_address+0xe/0x30
[ 345.580573] ? unwind_get_return_address+0x2f/0x50
[ 345.580575] ? __save_stack_trace+0x92/0x100
[ 345.580576] ? ext4_mb_find_by_goal+0x17a/0x7f0
[ 345.580578] ? ext4_mb_use_best_found+0x340/0x340
[ 345.580580] ? save_stack+0x89/0xb0
[ 345.580582] ? kasan_kmalloc+0xa0/0xd0
[ 345.580584] ? kmem_cache_alloc+0xb6/0x1c0
[ 345.580585] ? ext4_mb_new_blocks+0x37a/0x1ab0
[ 345.580587] ? ext4_ext_map_blocks+0xfc5/0x1a70
[ 345.580589] ? ext4_map_blocks+0x63f/0xa10
[ 345.580591] ? _ext4_get_block+0x128/0x2a0
[ 345.580593] ? ext4_block_write_begin+0x2df/0x840
[ 345.580595] ext4_mb_good_group+0x234/0x250
[ 345.580597] ext4_mb_regular_allocator+0x469/0x820
[ 345.580600] ? ext4_mb_complex_scan_group+0x4e0/0x4e0
[ 345.580603] ? __dquot_alloc_space+0x206/0x3e0
[ 345.580605] ? memcg_kmem_put_cache+0x6c/0x130
[ 345.580607] ? kasan_unpoison_shadow+0x30/0x40
[ 345.580611] ? kasan_kmalloc+0xa0/0xd0
[ 345.580613] ext4_mb_new_blocks+0x1013/0x1ab0
[ 345.580617] ? ftrace_ops_trampoline+0xf1/0x170
[ 345.580618] ? __is_insn_slot_addr+0x9a/0x150
[ 345.580620] ? __free_insn_slot+0x240/0x240
[ 345.580622] ? unwind_next_frame+0x38e/0x9b0
[ 345.580624] ? rcu_is_watching+0x81/0xc0
[ 345.580626] ? ext4_discard_preallocations+0xa90/0xa90
[ 345.580628] ? is_bpf_text_address+0xa/0x20
[ 345.580630] ? kernel_text_address+0xec/0x100
[ 345.580631] ? rcu_is_watching+0x81/0xc0
[ 345.580633] ? __kernel_text_address+0xe/0x30
[ 345.580635] ? unwind_get_return_address+0x2f/0x50
[ 345.580636] ? __save_stack_trace+0x92/0x100
[ 345.580639] ? depot_save_stack+0x3b7/0x480
[ 345.580642] ? save_stack+0x89/0xb0
[ 345.580644] ? kasan_kmalloc+0xa0/0xd0
[ 345.580645] ? __kmalloc+0x104/0x210
[ 345.580647] ? ext4_find_extent+0x36b/0x400
[ 345.580648] ? ext4_ext_map_blocks+0x16e/0x1a70
[ 345.580650] ? ext4_map_blocks+0x63f/0xa10
[ 345.580651] ? _ext4_get_block+0x128/0x2a0
[ 345.580653] ? ext4_block_write_begin+0x2df/0x840
[ 345.580655] ? ext4_write_begin+0x33a/0x930
[ 345.580657] ? generic_perform_write+0x1d8/0x3b0
[ 345.580658] ? __generic_file_write_iter+0x264/0x2a0
[ 345.580660] ? ext4_file_write_iter+0x2a3/0x820
[ 345.580662] ? __vfs_write+0x2ac/0x3d0
[ 345.580664] ? vfs_write+0xe9/0x240
[ 345.580665] ? SyS_write+0xb0/0x140
[ 345.580668] ? do_syscall_64+0x17a/0x330
[ 345.580670] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 345.580672] ? kasan_slab_free+0x71/0xc0
[ 345.580673] ? kfree+0x8d/0x190
[ 345.580674] ? ext4_ext_map_blocks+0xac5/0x1a70
[ 345.580676] ? ext4_map_blocks+0x6ac/0xa10
[ 345.580678] ? _ext4_get_block+0x128/0x2a0
[ 345.580679] ? ext4_block_write_begin+0x2df/0x840
[ 345.580681] ? ext4_write_begin+0x33a/0x930
[ 345.580683] ? generic_perform_write+0x1d8/0x3b0
[ 345.580684] ? __generic_file_write_iter+0x264/0x2a0
[ 345.580686] ? ext4_file_write_iter+0x2a3/0x820
[ 345.580687] ? __vfs_write+0x2ac/0x3d0
[ 345.580688] ? vfs_write+0xe9/0x240
[ 345.580690] ? SyS_write+0xb0/0x140
[ 345.580691] ? do_syscall_64+0x17a/0x330
[ 345.580693] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 345.580695] ? ext4_es_find_delayed_extent_range+0x380/0x380
[ 345.580697] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 345.580698] ? __es_tree_search+0x14/0xb0
[ 345.580700] ? ext4_es_find_delayed_extent_range+0x137/0x380
[ 345.580702] ? ext4_es_init_tree+0x30/0x30
[ 345.580703] ? is_bpf_text_address+0xa/0x20
[ 345.580704] ? kernel_text_address+0xe0/0x100
[ 345.580706] ? memcg_kmem_put_cache+0x6c/0x130
[ 345.580719] ? kasan_unpoison_shadow+0x30/0x40
[ 345.580722] ? kasan_kmalloc+0xa0/0xd0
[ 345.580725] ? __kmalloc+0x104/0x210
[ 345.580727] ? ext4_find_extent+0x36b/0x400
[ 345.580730] ? ext4_ext_search_right+0x66/0x480
[ 345.580733] ext4_ext_map_blocks+0xfc5/0x1a70
[ 345.580739] ? ext4_find_delalloc_cluster+0x60/0x60
[ 345.580742] ? unwind_next_frame+0x38e/0x9b0
[ 345.580745] ? __save_stack_trace+0x5e/0x100
[ 345.580748] ? trace_raw_output_xdp_redirect_map_err+0x170/0x170
[ 345.580751] ? deref_stack_reg+0xa1/0xe0
[ 345.580754] ? __read_once_size_nocheck.constprop.6+0x10/0x10
[ 345.580757] ? memcg_kmem_put_cache+0x6c/0x130
[ 345.580760] ? memcg_kmem_get_cache+0x4c0/0x4c0
[ 345.580763] ? kasan_unpoison_shadow+0x30/0x40
[ 345.580797] ? rcu_sched_qs.part.64+0x50/0x50
[ 345.580801] ? ext4_es_lookup_extent+0x168/0x3e0
[ 345.580803] ? ext4_es_cache_extent+0x260/0x260
[ 345.580806] ? _cond_resched+0x16/0x50
[ 345.580808] ? down_write+0x9d/0xd0
[ 345.580810] ? down_read+0xe0/0xe0
[ 345.580814] ? alloc_page_buffers+0x75/0x120
[ 345.580818] ext4_map_blocks+0x63f/0xa10
[ 345.580822] ? ext4_issue_zeroout+0xb0/0xb0
[ 345.580826] ? jbd2_journal_free_reserved+0x60/0x60
[ 345.580829] ? ext4_write_begin+0x256/0x930
[ 345.580832] ? generic_perform_write+0x1d8/0x3b0
[ 345.580834] ? __generic_file_write_iter+0x264/0x2a0
[ 345.580837] ? vfs_write+0xe9/0x240
[ 345.580839] ? SyS_write+0xb0/0x140
[ 345.580842] ? do_syscall_64+0x17a/0x330
[ 345.580845] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 345.580849] _ext4_get_block+0x128/0x2a0
[ 345.580853] ? ext4_map_blocks+0xa10/0xa10
[ 345.580857] ? try_to_release_page+0x1b0/0x1b0
[ 345.580860] ext4_block_write_begin+0x2df/0x840
[ 345.580865] ? _ext4_get_block+0x2a0/0x2a0
[ 345.580869] ? __check_block_validity.constprop.77+0xd0/0xd0
[ 345.580872] ? jbd2__journal_start+0x128/0x3b0
[ 345.580875] ? jbd2__journal_start+0x252/0x3b0
[ 345.580878] ? rcu_sched_qs.part.64+0x50/0x50
[ 345.580881] ? jbd2_write_access_granted.part.9+0x130/0x130
[ 345.580884] ? fsnotify+0x158/0xae0
[ 345.580889] ? __ext4_journal_start_sb+0xdc/0x210
[ 345.580892] ? ext4_write_begin+0x256/0x930
[ 345.580895] ? wait_for_stable_page+0xc7/0x190
[ 345.580898] ? wb_domain_writeout_inc.part.27+0x50/0x50
[ 345.580903] ext4_write_begin+0x33a/0x930
[ 345.580909] ? ext4_truncate+0x860/0x860
[ 345.580912] ? rcu_sched_qs.part.64+0x50/0x50
[ 345.580914] ? rcu_sched_qs.part.64+0x50/0x50
[ 345.580917] ? ext4_xattr_ibody_get+0x91/0x2d0
[ 345.580920] ? ext4_xattr_block_set+0x1c80/0x1c80
[ 345.580923] ? _cond_resched+0x16/0x50
[ 345.580925] ? down_read+0x7a/0xe0
[ 345.580928] ? __down_interruptible+0x3a0/0x3a0
[ 345.580933] ? iov_iter_fault_in_readable+0xb7/0x220
[ 345.580935] ? copy_page_to_iter+0x690/0x690
[ 345.580938] ? ext4_xattr_get+0x10e/0x4b0
[ 345.580942] ? ext4_xattr_ibody_get+0x2d0/0x2d0
[ 345.580945] generic_perform_write+0x1d8/0x3b0
[ 345.580952] ? generic_write_checks+0x2b0/0x2b0
[ 345.580955] ? timespec_trunc+0x5c/0x90
[ 345.580959] ? file_update_time+0x210/0x240
[ 345.580962] ? current_time+0x70/0x70
[ 345.580965] ? __read_once_size_nocheck.constprop.6+0x10/0x10
[ 345.580969] ? page_endio+0x200/0x200
[ 345.580972] ? __is_insn_slot_addr+0x9a/0x150
[ 345.580975] __generic_file_write_iter+0x264/0x2a0
[ 345.580979] ext4_file_write_iter+0x2a3/0x820
[ 345.580982] ? is_bpf_text_address+0xa/0x20
[ 345.580985] ? ext4_file_mmap+0x150/0x150
[ 345.580988] ? unwind_get_return_address+0x2f/0x50
[ 345.580991] ? __save_stack_trace+0x92/0x100
[ 345.580995] ? memcmp+0x45/0x70
[ 345.580998] ? depot_save_stack+0x12d/0x480
[ 345.581002] ? save_stack+0x89/0xb0
[ 345.581005] ? kasan_slab_free+0x71/0xc0
[ 345.581007] ? kmem_cache_free+0x75/0x1e0
[ 345.581010] ? do_sys_open+0x1f0/0x380
[ 345.581012] ? do_syscall_64+0x17a/0x330
[ 345.581016] ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 345.581019] ? __alloc_fd+0x2e0/0x380
[ 345.581023] __vfs_write+0x2ac/0x3d0
[ 345.581026] ? kernel_read+0xa0/0xa0
[ 345.581027] ? __fd_install+0x13a/0x260
[ 345.581029] ? get_unused_fd_flags+0x100/0x100
[ 345.581032] ? __fdget_pos+0xa7/0x100
[ 345.581034] vfs_write+0xe9/0x240
[ 345.581036] SyS_write+0xb0/0x140
[ 345.581038] ? SyS_read+0x140/0x140
[ 345.581040] ? SyS_read+0x140/0x140
[ 345.581042] do_syscall_64+0x17a/0x330
[ 345.581045] ? syscall_return_slowpath+0x1e0/0x1e0
[ 345.581047] ? page_fault+0x2f/0x50
[ 345.581049] ? do_page_fault+0x90/0x210
[ 345.581050] ? __do_page_fault+0x6d0/0x6d0
[ 345.581053] ? prepare_exit_to_usermode+0xe8/0x150
[ 345.581054] ? perf_trace_sys_enter+0x4e0/0x4e0
[ 345.581056] ? __put_user_4+0x1c/0x30
[ 345.581059] entry_SYSCALL_64_after_hwframe+0x3d/0xa2
[ 345.581061] RIP: 0033:0x7fbed5e940c4
[ 345.581062] RSP: 002b:00007ffcded713a8 EFLAGS: 00000246 ORIG_RAX:
0000000000000001
[ 345.581064] RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
00007fbed5e940c4
[ 345.581065] RDX: 0000000000000205 RSI: 000056047ca3f040 RDI:
0000000000000003
[ 345.581066] RBP: 00007ffcded71510 R08: 0000000000000003 R09:
0000000000000000
[ 345.581066] R10: 0000000000000000 R11: 0000000000000246 R12:
000056047c83dd30
[ 345.581067] R13: 00007ffcded71610 R14: 0000000000000000 R15:
0000000000000000
[ 345.581069] Code: fc ff df 48 c7 44 15 00 00 00 00 00 48 8b 74 24 70 65 48
33 34 25 28 00 00 00 75 33 48 83 c4 78 5b 5d 41 5c 41 5d 41 5e 41 5f c3 <0f> 0b
b8 01 00 00 00 eb c5 49 8d 7e 38 e8 9e 45 e9 ff 41 0f b7
[ 345.581095] ---[ end trace b1414c96bc917095 ]---
Reported by Wen Xu from SSLab, Gatech
--
You are receiving this mail because:
You are watching the assignee of the bug.
Powered by blists - more mailing lists