| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Dec 2015 09:59:08 -0500
From: Dave Jones <davej@...emonkey.org.uk>
To: Linux Kernel <linux-kernel@...r.kernel.org>
Cc: "J. Bruce Fields" <bfields@...ldses.org>,
Jeff Layton <jlayton@...chiereds.net>,
Chris Mason <clm@...com>, Josef Bacik <jbacik@...com>,
David Sterba <dsterba@...e.com>
Subject: 4.4rc3 nfsd/btrfs kasan warning.
Got a few of these in the logs this morning after an overnight rsync over nfs
to an exported btrfs volume.
Dave
==================================================================
BUG: KASAN: stack-out-of-bounds in setup_cluster_bitmap+0xc4/0x5a0 at addr ffff88039bef6828
Read of size 8 by task nfsd/1009
page:ffffea000e6fbd80 count:0 mapcount:0 mapping: (null) index:0x0
flags: 0x8000000000000000()
page dumped because: kasan: bad access detected
CPU: 1 PID: 1009 Comm: nfsd Tainted: G W 4.4.0-rc3-backup-debug+ #1
ffff880065647b50 000000006bb712c2 ffff88039bef6640 ffffffffa680a43e
0000004559c00000 ffff88039bef66c8 ffffffffa62638d1 ffffffffa61121c0
ffff8803a5769de8 0000000000000296 ffff8803a5769df0 0000000000046280
Call Trace:
[<ffffffffa680a43e>] dump_stack+0x4b/0x6d
[<ffffffffa62638d1>] kasan_report_error+0x501/0x520
[<ffffffffa61121c0>] ? debug_show_all_locks+0x1e0/0x1e0
[<ffffffffa6263948>] kasan_report+0x58/0x60
[<ffffffffa6814b00>] ? rb_last+0x10/0x40
[<ffffffffa66f8af4>] ? setup_cluster_bitmap+0xc4/0x5a0
[<ffffffffa6262ead>] __asan_load8+0x5d/0x70
[<ffffffffa66f8af4>] setup_cluster_bitmap+0xc4/0x5a0
[<ffffffffa66f675a>] ? setup_cluster_no_bitmap+0x6a/0x400
[<ffffffffa66fcd16>] btrfs_find_space_cluster+0x4b6/0x640
[<ffffffffa66fc860>] ? btrfs_alloc_from_cluster+0x4e0/0x4e0
[<ffffffffa66fc36e>] ? btrfs_return_cluster_to_free_space+0x9e/0xb0
[<ffffffffa702dc37>] ? _raw_spin_unlock+0x27/0x40
[<ffffffffa666a1a1>] find_free_extent+0xba1/0x1520
[<ffffffffa6669600>] ? btrfs_delalloc_reserve_space+0x70/0x70
[<ffffffffa6119276>] ? do_raw_spin_lock+0x116/0x1a0
[<ffffffffa6119407>] ? do_raw_spin_unlock+0x97/0x130
[<ffffffffa702dc37>] ? _raw_spin_unlock+0x27/0x40
[<ffffffffa6651555>] ? get_alloc_profile+0x1c5/0x320
[<ffffffffa666ab90>] ? btrfs_reserve_extent+0x70/0x1d0
[<ffffffffa666abe0>] btrfs_reserve_extent+0xc0/0x1d0
[<ffffffffa666b0af>] btrfs_alloc_tree_block+0x3bf/0x680
[<ffffffffa61121c0>] ? debug_show_all_locks+0x1e0/0x1e0
[<ffffffffa666acf0>] ? btrfs_reserve_extent+0x1d0/0x1d0
[<ffffffffa62633b6>] ? memcpy+0x36/0x40
[<ffffffffa66c3337>] ? read_extent_buffer+0xe7/0x160
[<ffffffffa6642c0f>] __btrfs_cow_block+0x28f/0x9b0
[<ffffffffa6208a28>] ? mark_page_accessed+0x18/0xd0
[<ffffffffa6642980>] ? update_ref_for_cow+0x540/0x540
[<ffffffffa6133335>] ? debug_lockdep_rcu_enabled+0x35/0x40
[<ffffffffa66e96af>] ? btrfs_try_tree_write_lock+0x5f/0xe0
[<ffffffffa66e90f0>] ? btrfs_set_lock_blocking_rw+0x110/0x160
[<ffffffffa66435cf>] btrfs_cow_block+0x1cf/0x380
[<ffffffffa6649773>] btrfs_search_slot+0x413/0x11e0
[<ffffffffa6649360>] ? split_leaf+0xc50/0xc50
[<ffffffffa6641686>] ? btrfs_alloc_path+0x26/0x30
[<ffffffffa625bba3>] ? set_track+0x83/0x140
[<ffffffffa610f66d>] ? mark_lock+0x6d/0x8a0
[<ffffffffa6671cea>] btrfs_lookup_csum+0xba/0x260
[<ffffffffa610d244>] ? __lock_is_held+0x84/0xc0
[<ffffffffa6671c30>] ? truncate_one_csum+0x1c0/0x1c0
[<ffffffffa613325a>] ? rcu_read_lock_sched_held+0x8a/0xa0
[<ffffffffa625fbc3>] ? kmem_cache_alloc+0x1c3/0x280
[<ffffffffa6673f8d>] btrfs_csum_file_blocks+0x2bd/0xac0
[<ffffffffa6673cd0>] ? btrfs_del_csums+0x490/0x490
[<ffffffffa6260b87>] ? kfree+0xb7/0x230
[<ffffffffa676aa5a>] ? copy_items+0x6ab/0xd2d
[<ffffffffa676aa5a>] ? copy_items+0x6ab/0xd2d
[<ffffffffa676aa89>] copy_items+0x6da/0xd2d
[<ffffffffa66e9001>] ? btrfs_set_lock_blocking_rw+0x21/0x160
[<ffffffffa676a3af>] ? assfail.constprop.22+0x1e/0x1e
[<ffffffffa664ec61>] ? btrfs_search_forward+0x541/0x600
[<ffffffffa66c3337>] ? read_extent_buffer+0xe7/0x160
[<ffffffffa66ec627>] ? btrfs_item_key_to_cpu+0xb7/0xf0
[<ffffffffa66ec570>] ? check_parent_dirs_for_sync+0x200/0x200
[<ffffffffa676c6e0>] btrfs_log_inode+0x7a9/0x11fa
[<ffffffffa676bf37>] ? btrfs_log_changed_extents+0x883/0x883
[<ffffffffa610f66d>] ? mark_lock+0x6d/0x8a0
[<ffffffffa610ff2e>] ? mark_held_locks+0x8e/0xc0
[<ffffffffa7027f95>] ? mutex_lock_nested+0x3a5/0x510
[<ffffffffa61100f2>] ? trace_hardirqs_on_caller+0x192/0x290
[<ffffffffa610f66d>] ? mark_lock+0x6d/0x8a0
[<ffffffffa6133335>] ? debug_lockdep_rcu_enabled+0x35/0x40
[<ffffffffa610ff2e>] ? mark_held_locks+0x8e/0xc0
[<ffffffffa7027a00>] ? __mutex_unlock_slowpath+0xe0/0x1c0
[<ffffffffa61100f2>] ? trace_hardirqs_on_caller+0x192/0x290
[<ffffffffa61101fd>] ? trace_hardirqs_on+0xd/0x10
[<ffffffffa66f1cf4>] btrfs_log_inode_parent+0x404/0x1440
[<ffffffffa61121c0>] ? debug_show_all_locks+0x1e0/0x1e0
[<ffffffffa61121c0>] ? debug_show_all_locks+0x1e0/0x1e0
[<ffffffffa66f18f0>] ? btrfs_end_log_trans+0x50/0x50
[<ffffffffa6133335>] ? debug_lockdep_rcu_enabled+0x35/0x40
[<ffffffffa612e93a>] ? debug_lockdep_rcu_enabled.part.36+0x1a/0x30
[<ffffffffa6133335>] ? debug_lockdep_rcu_enabled+0x35/0x40
[<ffffffffa6290aae>] ? dget_parent+0x8e/0x2f0
[<ffffffffa6290ade>] ? dget_parent+0xbe/0x2f0
[<ffffffffa66f46aa>] btrfs_log_dentry_safe+0x6a/0x90
[<ffffffffa66aca5f>] btrfs_sync_file+0x4df/0x690
[<ffffffffa66ac580>] ? start_ordered_ops+0x30/0x30
[<ffffffffa62d4830>] ? __fsnotify_update_child_dentry_flags+0x30/0x30
[<ffffffffa62bdc3d>] vfs_fsync_range+0x5d/0x120
[<ffffffffa66ac580>] ? start_ordered_ops+0x30/0x30
[<ffffffffa64ae7c6>] nfsd_vfs_write+0x356/0x650
[<ffffffffa64ae470>] ? nfsd_readv+0xa0/0xa0
[<ffffffffa6133335>] ? debug_lockdep_rcu_enabled+0x35/0x40
[<ffffffffa64b230f>] nfsd_write+0xff/0x120
[<ffffffffa6839e34>] ? __list_add+0x74/0xf0
[<ffffffffa64bb4f7>] nfsd3_proc_write+0x1c7/0x2d0
[<ffffffffa64b7bdf>] ? nfsd_cache_lookup+0x6ef/0xa90
[<ffffffffa64bb330>] ? nfsd3_proc_symlink+0x1f0/0x1f0
[<ffffffffa64a4b15>] nfsd_dispatch+0x185/0x370
[<ffffffffa64bb330>] ? nfsd3_proc_symlink+0x1f0/0x1f0
[<ffffffffa6fecd96>] svc_process_common+0x8c6/0xda0
[<ffffffffa64a4990>] ? nfsd_svc+0x770/0x770
[<ffffffffa6fec4d0>] ? svc_printk+0x180/0x180
[<ffffffffa610d1e5>] ? __lock_is_held+0x25/0xc0
[<ffffffffa6feefbb>] svc_process+0x22b/0x450
[<ffffffffa64a3cfc>] nfsd+0x23c/0x370
[<ffffffffa64a3ac5>] ? nfsd+0x5/0x370
[<ffffffffa64a3ac0>] ? nfsd_destroy+0x1f0/0x1f0
[<ffffffffa60ce496>] kthread+0x196/0x1c0
[<ffffffffa60ce300>] ? __kthread_parkme+0xe0/0xe0
[<ffffffffa610fec3>] ? mark_held_locks+0x23/0xc0
[<ffffffffa60ce300>] ? __kthread_parkme+0xe0/0xe0
[<ffffffffa702e82f>] ret_from_fork+0x3f/0x70
[<ffffffffa60ce300>] ? __kthread_parkme+0xe0/0xe0
Memory state around the buggy address:
ffff88039bef6700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff88039bef6780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff88039bef6800: 00 00 00 00 00 f1 f1 f1 f1 00 00 f4 f4 f3 f3 f3
^
ffff88039bef6880: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff88039bef6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists