lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20220129050652.GA27169@xsang-OptiPlex-9020>
Date:   Sat, 29 Jan 2022 13:06:52 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Christoph Hellwig <hch@....de>
Cc:     0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
        lkp@...ts.01.org, Jens Axboe <axboe@...nel.dk>,
        Pavel Begunkov <asml.silence@...il.com>,
        Mike Snitzer <snitzer@...hat.com>,
        Philipp Reisner <philipp.reisner@...bit.com>,
        Lars Ellenberg <lars.ellenberg@...bit.com>,
        linux-block@...r.kernel.org, dm-devel@...hat.com,
        drbd-dev@...ts.linbit.com
Subject: [dm]  3826813630:
 BUG:KASAN:double-free_or_invalid-free_in_dm_io_dec_pending



Greeting,

FYI, we noticed the following commit (built with gcc-9):

commit: 3826813630ed690673ff1ca72ce67b6eec65e971 ("[PATCH 09/14] dm: add a missing bio initialization to alloc_tio")
url: https://github.com/0day-ci/linux/commits/Christoph-Hellwig/drbd-set-bi_bdev-in-drbd_req_new/20220127-153615
base: https://git.kernel.org/cgit/linux/kernel/git/axboe/linux-block.git for-next
patch link: https://lore.kernel.org/linux-block/20220127063546.1314111-10-hch@lst.de

in testcase: xfstests
version: xfstests-x86_64-972d710-1_20220127
with following parameters:

	disk: 4HDD
	fs: ext4
	test: ext4-group-01
	ucode: 0xe2

test-description: xfstests is a regression test suite for xfs and other files ystems.
test-url: git://git.kernel.org/pub/scm/fs/xfs/xfstests-dev.git


on test machine: 4 threads Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz with 32G memory

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):



If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>



[  461.185281][T19325] ==================================================================
[  461.193194][T19325] BUG: KASAN: double-free or invalid-free in dm_io_dec_pending+0x15f/0x7c0 [dm_mod]
[  461.202411][T19325]
[  461.204613][T19325] CPU: 0 PID: 19325 Comm: systemd-udevd Tainted: G          I       5.17.0-rc1-00114-g3826813630ed #1
[  461.215393][T19325] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.1.1 10/07/2015
[  461.223472][T19325] Call Trace:
[  461.226611][T19325]  <TASK>
[  461.229401][T19325]  dump_stack_lvl+0x34/0x44
[  461.233755][T19325]  print_address_description+0x21/0x180
[  461.240191][T19325]  ? dm_io_dec_pending+0x15f/0x7c0 [dm_mod]
[  461.245938][T19325]  ? dm_io_dec_pending+0x15f/0x7c0 [dm_mod]
[  461.251685][T19325]  kasan_report_invalid_free+0x70/0xc0
[  461.256990][T19325]  ? dm_io_dec_pending+0x15f/0x7c0 [dm_mod]
[  461.262738][T19325]  __kasan_slab_free+0x115/0x140
[  461.267524][T19325]  kfree+0x8e/0x400
[  461.271190][T19325]  dm_io_dec_pending+0x15f/0x7c0 [dm_mod]
[  461.276773][T19325]  ? dm_set_geometry+0x1c0/0x1c0 [dm_mod]
[  461.282354][T19325]  ? __send_empty_flush+0x300/0x300 [dm_mod]
[  461.288194][T19325]  dm_submit_bio+0x6be/0xd00 [dm_mod]
[  461.293431][T19325]  ? __split_and_process_non_flush+0x840/0x840 [dm_mod]
[  461.300225][T19325]  ? __bio_try_merge_page+0x400/0x400
[  461.305445][T19325]  ? do_mpage_readpage+0xc35/0x1a80
[  461.310494][T19325]  __submit_bio+0x1d3/0x580
[  461.314848][T19325]  submit_bio_noacct+0x315/0x880
[  461.319641][T19325]  ? mpage_writepage+0x1c0/0x1c0
[  461.324439][T19325]  ? __submit_bio+0x580/0x580
[  461.328964][T19325]  mpage_readahead+0x362/0x580
[  461.333575][T19325]  ? do_mpage_readpage+0x1a80/0x1a80
[  461.338707][T19325]  ? blkdev_read_iter+0x540/0x540
[  461.343577][T19325]  ? __filemap_add_folio+0x377/0x700
[  461.348730][T19325]  read_pages+0x1c2/0xbc0
[  461.352908][T19325]  ? pagevec_add_and_need_flush+0xd6/0x140
[  461.358561][T19325]  ? read_cache_pages+0x680/0x680
[  461.363434][T19325]  ? folio_add_lru+0x4d/0x80
[  461.367873][T19325]  ? policy_node+0xb9/0x140
[  461.372225][T19325]  page_cache_ra_unbounded+0x427/0x600
[  461.377530][T19325]  ? read_pages+0xbc0/0xbc0
[  461.381883][T19325]  ? inode_to_bdi+0x9e/0x140
[  461.386320][T19325]  ? force_page_cache_ra+0x83/0x300
[  461.391366][T19325]  filemap_get_pages+0x25a/0x1340
[  461.396238][T19325]  ? create_prof_cpu_mask+0x40/0x40
[  461.401284][T19325]  ? arch_stack_walk+0x9e/0x100
[  461.405981][T19325]  ? filemap_read_folio+0x180/0x180
[  461.411641][T19325]  ? stack_trace_save+0x91/0xc0
[  461.416352][T19325]  filemap_read+0x29f/0x8c0
[  461.420704][T19325]  ? exit_to_user_mode_prepare+0x205/0x240
[  461.426356][T19325]  ? filemap_get_pages+0x1340/0x1340
[  461.431489][T19325]  ? from_kgid_munged+0x84/0x100
[  461.436275][T19325]  ? __might_fault+0x4d/0x80
[  461.440716][T19325]  ? _copy_to_user+0x94/0xc0
[  461.445155][T19325]  ? cp_new_stat+0x47a/0x5c0
[  461.449611][T19325]  ? __ia32_sys_lstat+0x80/0x80
[  461.454309][T19325]  new_sync_read+0x388/0x640
[  461.458749][T19325]  ? __x64_sys_llseek+0x300/0x300
[  461.463635][T19325]  ? vfs_getattr_nosec+0x272/0x340
[  461.468613][T19325]  vfs_read+0x25f/0x500
[  461.472640][T19325]  ksys_read+0xed/0x1c0
[  461.476664][T19325]  ? vfs_write+0x800/0x800
[  461.480931][T19325]  ? up_write+0x48/0x80
[  461.484937][T19325]  do_syscall_64+0x3b/0xc0
[  461.489202][T19325]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  461.494942][T19325] RIP: 0033:0x7fcc82848461
[  461.499206][T19325] Code: fe ff ff 50 48 8d 3d fe d0 09 00 e8 e9 03 02 00 66 0f 1f 84 00 00 00 00 00 48 8d 05 99 62 0d 00 8b 00 85 c0 75 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 57 c3 66 0f 1f 44 00 00 41 54 49 89 d4 55 48
[  461.518661][T19325] RSP: 002b:00007ffedabce468 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  461.526929][T19325] RAX: ffffffffffffffda RBX: 00007fcc84716140 RCX: 00007fcc82848461
[  461.534759][T19325] RDX: 0000000000000040 RSI: 00007fcc84722588 RDI: 0000000000000006
[  461.542581][T19325] RBP: 00007fcc84716190 R08: 00007fcc84722560 R09: 0000000000000007
[  461.550420][T19325] R10: 00007fcc8470f010 R11: 0000000000000246 R12: 000010007fff0000
[  461.558237][T19325] R13: 0000000000000040 R14: 00007fcc84722578 R15: 00007fcc84722560
[  461.566054][T19325]  </TASK>
[  461.568932][T19325]
[  461.571128][T19325] Allocated by task 19325:
[  461.575392][T19325]  kasan_save_stack+0x1e/0x40
[  461.579917][T19325]  __kasan_slab_alloc+0x66/0x80
[  461.584615][T19325]  kmem_cache_alloc+0x123/0x480
[  461.589326][T19325]  mempool_alloc+0x105/0x300
[  461.593763][T19325]  bio_alloc_bioset+0x19a/0x440
[  461.598461][T19325]  dm_submit_bio+0x1dd/0xd00 [dm_mod]
[  461.603686][T19325]  __submit_bio+0x1d3/0x580
[  461.608038][T19325]  submit_bio_noacct+0x315/0x880
[  461.612824][T19325]  mpage_readahead+0x362/0x580
[  461.617434][T19325]  read_pages+0x1c2/0xbc0
[  461.621611][T19325]  page_cache_ra_unbounded+0x427/0x600
[  461.626927][T19325]  filemap_get_pages+0x25a/0x1340
[  461.631799][T19325]  filemap_read+0x29f/0x8c0
[  461.636148][T19325]  new_sync_read+0x388/0x640
[  461.640606][T19325]  vfs_read+0x25f/0x500
[  461.644636][T19325]  ksys_read+0xed/0x1c0
[  461.648665][T19325]  do_syscall_64+0x3b/0xc0
[  461.652930][T19325]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  461.658670][T19325]
[  461.660852][T19325] The buggy address belongs to the object at ffff888264fcb900
[  461.660852][T19325]  which belongs to the cache bio-232 of size 232
[  461.674395][T19325] The buggy address is located 112 bytes inside of
[  461.674395][T19325]  232-byte region [ffff888264fcb900, ffff888264fcb9e8)
[  461.687502][T19325] The buggy address belongs to the page:
[  461.692980][T19325] page:0000000027a9b37c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x264fca
[  461.703054][T19325] head:0000000027a9b37c order:1 compound_mapcount:0
[  461.709483][T19325] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff)
[  461.717567][T19325] raw: 0017ffffc0010200 0000000000000000 dead000000000122 ffff88812683c280
[  461.725993][T19325] raw: 0000000000000000 0000000080190019 00000001ffffffff 0000000000000000
[  461.734417][T19325] page dumped because: kasan: bad access detected
[  461.740672][T19325]
[  461.742855][T19325] Memory state around the buggy address:
[  461.748330][T19325]  ffff888264fcb800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  461.756251][T19325]  ffff888264fcb880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  461.764166][T19325] >ffff888264fcb900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  461.772083][T19325]                                                              ^
[  461.779657][T19325]  ffff888264fcb980: 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
[  461.787564][T19325]  ffff888264fcba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  461.795469][T19325] ==================================================================



To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        sudo bin/lkp install job.yaml           # job file is attached in this email
        bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
        sudo bin/lkp run generated-yaml-file

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



---
0DAY/LKP+ Test Infrastructure                   Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org       Intel Corporation

Thanks,
Oliver Sang


View attachment "config-5.17.0-rc1-00114-g3826813630ed" of type "text/plain" (178959 bytes)

View attachment "job-script" of type "text/plain" (5678 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (351324 bytes)

View attachment "xfstests" of type "text/plain" (922 bytes)

View attachment "job.yaml" of type "text/plain" (4698 bytes)

View attachment "reproduce" of type "text/plain" (848 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ