| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Jan 2022 13:06:52 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Christoph Hellwig <hch@....de>
Cc: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
lkp@...ts.01.org, Jens Axboe <axboe@...nel.dk>,
Pavel Begunkov <asml.silence@...il.com>,
Mike Snitzer <snitzer@...hat.com>,
Philipp Reisner <philipp.reisner@...bit.com>,
Lars Ellenberg <lars.ellenberg@...bit.com>,
linux-block@...r.kernel.org, dm-devel@...hat.com,
drbd-dev@...ts.linbit.com
Subject: [dm] 3826813630:
BUG:KASAN:double-free_or_invalid-free_in_dm_io_dec_pending
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: 3826813630ed690673ff1ca72ce67b6eec65e971 ("[PATCH 09/14] dm: add a missing bio initialization to alloc_tio")
url: https://github.com/0day-ci/linux/commits/Christoph-Hellwig/drbd-set-bi_bdev-in-drbd_req_new/20220127-153615
base: https://git.kernel.org/cgit/linux/kernel/git/axboe/linux-block.git for-next
patch link: https://lore.kernel.org/linux-block/20220127063546.1314111-10-hch@lst.de
in testcase: xfstests
version: xfstests-x86_64-972d710-1_20220127
with following parameters:
disk: 4HDD
fs: ext4
test: ext4-group-01
ucode: 0xe2
test-description: xfstests is a regression test suite for xfs and other files ystems.
test-url: git://git.kernel.org/pub/scm/fs/xfs/xfstests-dev.git
on test machine: 4 threads Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz with 32G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 461.185281][T19325] ==================================================================
[ 461.193194][T19325] BUG: KASAN: double-free or invalid-free in dm_io_dec_pending+0x15f/0x7c0 [dm_mod]
[ 461.202411][T19325]
[ 461.204613][T19325] CPU: 0 PID: 19325 Comm: systemd-udevd Tainted: G I 5.17.0-rc1-00114-g3826813630ed #1
[ 461.215393][T19325] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.1.1 10/07/2015
[ 461.223472][T19325] Call Trace:
[ 461.226611][T19325] <TASK>
[ 461.229401][T19325] dump_stack_lvl+0x34/0x44
[ 461.233755][T19325] print_address_description+0x21/0x180
[ 461.240191][T19325] ? dm_io_dec_pending+0x15f/0x7c0 [dm_mod]
[ 461.245938][T19325] ? dm_io_dec_pending+0x15f/0x7c0 [dm_mod]
[ 461.251685][T19325] kasan_report_invalid_free+0x70/0xc0
[ 461.256990][T19325] ? dm_io_dec_pending+0x15f/0x7c0 [dm_mod]
[ 461.262738][T19325] __kasan_slab_free+0x115/0x140
[ 461.267524][T19325] kfree+0x8e/0x400
[ 461.271190][T19325] dm_io_dec_pending+0x15f/0x7c0 [dm_mod]
[ 461.276773][T19325] ? dm_set_geometry+0x1c0/0x1c0 [dm_mod]
[ 461.282354][T19325] ? __send_empty_flush+0x300/0x300 [dm_mod]
[ 461.288194][T19325] dm_submit_bio+0x6be/0xd00 [dm_mod]
[ 461.293431][T19325] ? __split_and_process_non_flush+0x840/0x840 [dm_mod]
[ 461.300225][T19325] ? __bio_try_merge_page+0x400/0x400
[ 461.305445][T19325] ? do_mpage_readpage+0xc35/0x1a80
[ 461.310494][T19325] __submit_bio+0x1d3/0x580
[ 461.314848][T19325] submit_bio_noacct+0x315/0x880
[ 461.319641][T19325] ? mpage_writepage+0x1c0/0x1c0
[ 461.324439][T19325] ? __submit_bio+0x580/0x580
[ 461.328964][T19325] mpage_readahead+0x362/0x580
[ 461.333575][T19325] ? do_mpage_readpage+0x1a80/0x1a80
[ 461.338707][T19325] ? blkdev_read_iter+0x540/0x540
[ 461.343577][T19325] ? __filemap_add_folio+0x377/0x700
[ 461.348730][T19325] read_pages+0x1c2/0xbc0
[ 461.352908][T19325] ? pagevec_add_and_need_flush+0xd6/0x140
[ 461.358561][T19325] ? read_cache_pages+0x680/0x680
[ 461.363434][T19325] ? folio_add_lru+0x4d/0x80
[ 461.367873][T19325] ? policy_node+0xb9/0x140
[ 461.372225][T19325] page_cache_ra_unbounded+0x427/0x600
[ 461.377530][T19325] ? read_pages+0xbc0/0xbc0
[ 461.381883][T19325] ? inode_to_bdi+0x9e/0x140
[ 461.386320][T19325] ? force_page_cache_ra+0x83/0x300
[ 461.391366][T19325] filemap_get_pages+0x25a/0x1340
[ 461.396238][T19325] ? create_prof_cpu_mask+0x40/0x40
[ 461.401284][T19325] ? arch_stack_walk+0x9e/0x100
[ 461.405981][T19325] ? filemap_read_folio+0x180/0x180
[ 461.411641][T19325] ? stack_trace_save+0x91/0xc0
[ 461.416352][T19325] filemap_read+0x29f/0x8c0
[ 461.420704][T19325] ? exit_to_user_mode_prepare+0x205/0x240
[ 461.426356][T19325] ? filemap_get_pages+0x1340/0x1340
[ 461.431489][T19325] ? from_kgid_munged+0x84/0x100
[ 461.436275][T19325] ? __might_fault+0x4d/0x80
[ 461.440716][T19325] ? _copy_to_user+0x94/0xc0
[ 461.445155][T19325] ? cp_new_stat+0x47a/0x5c0
[ 461.449611][T19325] ? __ia32_sys_lstat+0x80/0x80
[ 461.454309][T19325] new_sync_read+0x388/0x640
[ 461.458749][T19325] ? __x64_sys_llseek+0x300/0x300
[ 461.463635][T19325] ? vfs_getattr_nosec+0x272/0x340
[ 461.468613][T19325] vfs_read+0x25f/0x500
[ 461.472640][T19325] ksys_read+0xed/0x1c0
[ 461.476664][T19325] ? vfs_write+0x800/0x800
[ 461.480931][T19325] ? up_write+0x48/0x80
[ 461.484937][T19325] do_syscall_64+0x3b/0xc0
[ 461.489202][T19325] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 461.494942][T19325] RIP: 0033:0x7fcc82848461
[ 461.499206][T19325] Code: fe ff ff 50 48 8d 3d fe d0 09 00 e8 e9 03 02 00 66 0f 1f 84 00 00 00 00 00 48 8d 05 99 62 0d 00 8b 00 85 c0 75 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 57 c3 66 0f 1f 44 00 00 41 54 49 89 d4 55 48
[ 461.518661][T19325] RSP: 002b:00007ffedabce468 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 461.526929][T19325] RAX: ffffffffffffffda RBX: 00007fcc84716140 RCX: 00007fcc82848461
[ 461.534759][T19325] RDX: 0000000000000040 RSI: 00007fcc84722588 RDI: 0000000000000006
[ 461.542581][T19325] RBP: 00007fcc84716190 R08: 00007fcc84722560 R09: 0000000000000007
[ 461.550420][T19325] R10: 00007fcc8470f010 R11: 0000000000000246 R12: 000010007fff0000
[ 461.558237][T19325] R13: 0000000000000040 R14: 00007fcc84722578 R15: 00007fcc84722560
[ 461.566054][T19325] </TASK>
[ 461.568932][T19325]
[ 461.571128][T19325] Allocated by task 19325:
[ 461.575392][T19325] kasan_save_stack+0x1e/0x40
[ 461.579917][T19325] __kasan_slab_alloc+0x66/0x80
[ 461.584615][T19325] kmem_cache_alloc+0x123/0x480
[ 461.589326][T19325] mempool_alloc+0x105/0x300
[ 461.593763][T19325] bio_alloc_bioset+0x19a/0x440
[ 461.598461][T19325] dm_submit_bio+0x1dd/0xd00 [dm_mod]
[ 461.603686][T19325] __submit_bio+0x1d3/0x580
[ 461.608038][T19325] submit_bio_noacct+0x315/0x880
[ 461.612824][T19325] mpage_readahead+0x362/0x580
[ 461.617434][T19325] read_pages+0x1c2/0xbc0
[ 461.621611][T19325] page_cache_ra_unbounded+0x427/0x600
[ 461.626927][T19325] filemap_get_pages+0x25a/0x1340
[ 461.631799][T19325] filemap_read+0x29f/0x8c0
[ 461.636148][T19325] new_sync_read+0x388/0x640
[ 461.640606][T19325] vfs_read+0x25f/0x500
[ 461.644636][T19325] ksys_read+0xed/0x1c0
[ 461.648665][T19325] do_syscall_64+0x3b/0xc0
[ 461.652930][T19325] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 461.658670][T19325]
[ 461.660852][T19325] The buggy address belongs to the object at ffff888264fcb900
[ 461.660852][T19325] which belongs to the cache bio-232 of size 232
[ 461.674395][T19325] The buggy address is located 112 bytes inside of
[ 461.674395][T19325] 232-byte region [ffff888264fcb900, ffff888264fcb9e8)
[ 461.687502][T19325] The buggy address belongs to the page:
[ 461.692980][T19325] page:0000000027a9b37c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x264fca
[ 461.703054][T19325] head:0000000027a9b37c order:1 compound_mapcount:0
[ 461.709483][T19325] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff)
[ 461.717567][T19325] raw: 0017ffffc0010200 0000000000000000 dead000000000122 ffff88812683c280
[ 461.725993][T19325] raw: 0000000000000000 0000000080190019 00000001ffffffff 0000000000000000
[ 461.734417][T19325] page dumped because: kasan: bad access detected
[ 461.740672][T19325]
[ 461.742855][T19325] Memory state around the buggy address:
[ 461.748330][T19325] ffff888264fcb800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 461.756251][T19325] ffff888264fcb880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 461.764166][T19325] >ffff888264fcb900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 461.772083][T19325] ^
[ 461.779657][T19325] ffff888264fcb980: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[ 461.787564][T19325] ffff888264fcba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 461.795469][T19325] ==================================================================
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
sudo bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
sudo bin/lkp run generated-yaml-file
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.17.0-rc1-00114-g3826813630ed" of type "text/plain" (178959 bytes)
View attachment "job-script" of type "text/plain" (5678 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (351324 bytes)
View attachment "xfstests" of type "text/plain" (922 bytes)
View attachment "job.yaml" of type "text/plain" (4698 bytes)
View attachment "reproduce" of type "text/plain" (848 bytes)
Powered by blists - more mailing lists