lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 13 Jan 2020 22:13:17 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     LKML <linux-kernel@...r.kernel.org>
Cc:     Jens Axboe <axboe@...nel.dk>, Chris Mason <clm@...com>,
        Ming Lei <ming.lei@...hat.com>, linux-block@...r.kernel.org,
        Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [BUG] bisected to: block: fix splitting segments on boundary masks

Hi!

Running one of my ftrace stress tests, I hit this bug:
(On i386, haven't tested on x86_64 yet)

------------[ cut here ]------------
kernel BUG at block/bio.c:1885!
invalid opcode: 0000 [#1] SMP PTI
CPU: 1 PID: 105 Comm: kworker/u8:6 Not tainted 5.5.0-rc4-test+ #365
Hardware name: MSI MS-7823/CSM-H87M-G43 (MS-7823), BIOS V1.6 02/22/2014
Workqueue: writeback wb_workfn (flush-8:0)
EIP: bio_split+0xf/0x67
Code: 89 d8 e8 90 0f 02 00 85 c0 79 09 89 d8 31 db e8 e0 fa ff ff 89 d8 5b 5e 5f 5d c3 e8 db 5b d2 ff 55 89 e5 57 56 53 85 d2 7f 02 <0f> 0b 8b 58 20 c1 eb 09 39 d3 77 02 0f 0b 89 cb 8b 4d 08 89 d6 89
EAX: e2ddb600 EBX: ec74bc80 ECX: 00000c00 EDX: 00000000
ESI: 00000000 EDI: 00025000 EBP: ec74bbec ESP: ec74bbe0
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 EFLAGS: 00010246
CR0: 80050033 CR2: 025c7ed4 CR3: 270bc000 CR4: 001406f0
Call Trace:
 __blk_queue_split+0x327/0x40b
 ? blk_mq_try_issue_directly+0x91/0x91
 ? blk_mq_try_issue_directly+0x91/0x91
 blk_mq_make_request+0x6e/0x407
 ? function_trace_call+0xb8/0xdc
 ? blk_mq_try_issue_directly+0x91/0x91
 generic_make_request+0xc7/0x1e1
 submit_bio+0x113/0x12b
 ? ftrace_call+0x5/0x15
 ext4_io_submit+0x47/0x51
 ext4_writepages+0x53d/0x6ee
 ? trace_function+0xcc/0xd4
 ? page_writeback_cpu_online+0x11/0x11
 do_writepages+0x29/0x55
 __writeback_single_inode+0xc4/0x420
 writeback_sb_inodes+0x239/0x395
 __writeback_inodes_wb+0x5c/0x8b
 ? trace_trigger_soft_disabled+0x40/0x40
 wb_writeback+0x175/0x30a
 wb_workfn+0x255/0x348
 ? function_trace_call+0xb8/0xdc
 ? inode_wait_for_writeback+0x28/0x28
 process_one_work+0x25e/0x3d1
 worker_thread+0x170/0x21f
 kthread+0xe1/0xe3
 ? rescuer_thread+0x217/0x217
 ? kthread_worker_fn+0x116/0x116
 ret_from_fork+0x2e/0x38
Modules linked in: ip6t_REJECT nf_reject_ipv6 ip6table_filter ip6_tables ipv6 crc_ccitt realtek ppdev r8169 parport_pc parport
---[ end trace 7b7d4d993e5ceea3 ]---

It is very reproducible and I bisected it to 429120f3df2dba ("block: fix
splitting segments on boundary masks")

The test is simply:

 # perf record -o perf-test.dat -a -- \
   trace-cmd record -e all -p function ./hackbench 20
 # trace-cmd report > /tmp/tempfile

It appears to crash on the trace-cmd report.

Attached is the config.

-- Steve

Download attachment ".config.gz" of type "application/gzip" (33049 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ