| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Jul 2022 22:44:14 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Dave Chinner <dchinner@...hat.com>
Cc: "Darrick J. Wong" <djwong@...nel.org>,
LKML <linux-kernel@...r.kernel.org>, linux-xfs@...r.kernel.org,
lkp@...ts.01.org, lkp@...el.com
Subject: [xfs] 7cf2b0f961:
BUG:KASAN:use-after-free_in_xfs_attr3_node_inactive[xfs]
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: 7cf2b0f9611b9971d663e1fc3206eeda3b902922 ("xfs: bound maximum wait time for inodegc work")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
in testcase: xfstests
version: xfstests-x86_64-c1144bf-1_20220704
with following parameters:
disk: 4HDD
fs: xfs
test: xfs-group-43
ucode: 0x21
test-description: xfstests is a regression test suite for xfs and other files ystems.
test-url: git://git.kernel.org/pub/scm/fs/xfs/xfstests-dev.git
on test machine: 4 threads 1 sockets Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz with 8G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
kern :err : [ 76.817811] BUG: KASAN: use-after-free in xfs_attr3_node_inactive (fs/xfs/xfs_attr_inactive.c:214) xfs
kern :err : [ 76.818048] Read of size 4 at addr ffff88820ac2bd44 by task kworker/0:2/139
kern :err : [ 76.818055] CPU: 0 PID: 139 Comm: kworker/0:2 Tainted: G S 5.19.0-rc2-00004-g7cf2b0f9611b #1
kern :err : [ 76.818061] Hardware name: Hewlett-Packard p6-1451cx/2ADA, BIOS 8.15 02/05/2013
kern :err : [ 76.818065] Workqueue: xfs-inodegc/sdb4 xfs_inodegc_worker [xfs]
kern :err : [ 76.818282] Call Trace:
kern :err : [ 76.818284] <TASK>
kern :err : [ 76.818287] ? xfs_attr3_node_inactive (fs/xfs/xfs_attr_inactive.c:214) xfs
kern :err : [ 76.818508] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))
kern :err : [ 76.818516] print_address_description+0x1f/0x200
kern :err : [ 76.818523] ? xfs_attr3_node_inactive (fs/xfs/xfs_attr_inactive.c:214) xfs
kern :err : [ 76.818744] print_report.cold (mm/kasan/report.c:430)
kern :err : [ 76.818751] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)
kern :err : [ 76.818757] kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493)
kern :err : [ 76.818764] ? xfs_attr3_node_inactive (fs/xfs/xfs_attr_inactive.c:214) xfs
kern :err : [ 76.819000] xfs_attr3_node_inactive (fs/xfs/xfs_attr_inactive.c:214) xfs
kern :err : [ 76.819225] ? xfs_buf_set_ref (arch/x86/include/asm/atomic.h:41 include/linux/atomic/atomic-instrumented.h:42 fs/xfs/xfs_buf.c:2311) xfs
kern :err : [ 76.819453] ? xfs_attr3_leaf_inactive (fs/xfs/xfs_attr_inactive.c:135) xfs
kern :err : [ 76.819677] ? xfs_da3_root_split (fs/xfs/libxfs/xfs_da_btree.c:2640) xfs
kern :err : [ 76.819901] ? kthread (kernel/kthread.c:376)
kern :err : [ 76.819907] ? check_preempt_curr (arch/x86/include/asm/bitops.h:207 (discriminator 1) include/asm-generic/bitops/instrumented-non-atomic.h:135 (discriminator 1) include/linux/thread_info.h:118 (discriminator 1) include/linux/sched.h:2011 (discriminator 1) include/linux/sched.h:2026 (discriminator 1) kernel/sched/core.c:2197 (discriminator 1))
kern :err : [ 76.819912] ? xfs_trans_buf_set_type (arch/x86/include/asm/atomic.h:29 include/linux/atomic/atomic-instrumented.h:28 fs/xfs/xfs_trans_buf.c:708) xfs
kern :err : [ 76.820141] xfs_attr3_root_inactive (fs/xfs/xfs_attr_inactive.c:296) xfs
kern :err : [ 76.820371] ? xfs_attr3_node_inactive (fs/xfs/xfs_attr_inactive.c:258) xfs
kern :err : [ 76.820601] ? xfs_trans_alloc (fs/xfs/xfs_trans.c:284) xfs
kern :err : [ 76.820860] xfs_attr_inactive (fs/xfs/xfs_attr_inactive.c:371) xfs
kern :err : [ 76.821085] ? xfs_attr3_root_inactive (fs/xfs/xfs_attr_inactive.c:331) xfs
kern :err : [ 76.821313] ? _raw_spin_lock (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:134 kernel/locking/spinlock.c:154)
kern :err : [ 76.821317] ? _raw_write_lock_irq (kernel/locking/spinlock.c:153)
kern :err : [ 76.821323] xfs_inactive (fs/xfs/xfs_inode.c:1781) xfs
kern :err : [ 76.821554] xfs_inodegc_worker (fs/xfs/xfs_icache.c:1837 fs/xfs/xfs_icache.c:1860) xfs
kern :err : [ 76.821787] process_one_work (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 include/trace/events/workqueue.h:108 kernel/workqueue.c:2294)
kern :err : [ 76.821794] worker_thread (include/linux/list.h:292 kernel/workqueue.c:2437)
kern :err : [ 76.821800] ? __kthread_parkme (arch/x86/include/asm/bitops.h:207 (discriminator 4) include/asm-generic/bitops/instrumented-non-atomic.h:135 (discriminator 4) kernel/kthread.c:270 (discriminator 4))
kern :err : [ 76.821806] ? schedule (arch/x86/include/asm/bitops.h:207 (discriminator 1) include/asm-generic/bitops/instrumented-non-atomic.h:135 (discriminator 1) include/linux/thread_info.h:118 (discriminator 1) include/linux/sched.h:2196 (discriminator 1) kernel/sched/core.c:6502 (discriminator 1))
kern :err : [ 76.821811] ? process_one_work (kernel/workqueue.c:2379)
kern :err : [ 76.821816] ? process_one_work (kernel/workqueue.c:2379)
kern :err : [ 76.821821] kthread (kernel/kthread.c:376)
kern :err : [ 76.821825] ? kthread_complete_and_exit (kernel/kthread.c:331)
kern :err : [ 76.821829] ret_from_fork (arch/x86/entry/entry_64.S:308)
kern :err : [ 76.821842] </TASK>
kern :err : [ 76.821845] Allocated by task 139:
kern :warn : [ 76.821848] kasan_save_stack (mm/kasan/common.c:39)
kern :warn : [ 76.821853] __kasan_slab_alloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:469)
kern :warn : [ 76.821858] kmem_cache_alloc (mm/slab.h:750 mm/slub.c:3214 mm/slub.c:3222 mm/slub.c:3229 mm/slub.c:3239)
kern :warn : [ 76.821862] _xfs_buf_alloc (include/linux/instrumented.h:86 include/linux/atomic/atomic-instrumented.h:41 fs/xfs/xfs_buf.c:232) xfs
kern :warn : [ 76.822085] xfs_buf_get_map (fs/xfs/xfs_buf.c:660) xfs
kern :warn : [ 76.822358] xfs_buf_read_map (fs/xfs/xfs_buf.c:777) xfs
kern :warn : [ 76.822576] xfs_trans_read_buf_map (fs/xfs/xfs_trans_buf.c:289) xfs
kern :warn : [ 76.822808] xfs_da_read_buf (fs/xfs/libxfs/xfs_da_btree.c:2652) xfs
kern :warn : [ 76.823025] xfs_da3_node_read (fs/xfs/libxfs/xfs_da_btree.c:392) xfs
kern :warn : [ 76.823247] xfs_attr3_root_inactive (fs/xfs/xfs_attr_inactive.c:272) xfs
kern :warn : [ 76.823470] xfs_attr_inactive (fs/xfs/xfs_attr_inactive.c:371) xfs
kern :warn : [ 76.823720] xfs_inactive (fs/xfs/xfs_inode.c:1781) xfs
kern :warn : [ 76.823974] xfs_inodegc_worker (fs/xfs/xfs_icache.c:1837 fs/xfs/xfs_icache.c:1860) xfs
kern :warn : [ 76.824205] process_one_work (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 include/trace/events/workqueue.h:108 kernel/workqueue.c:2294)
kern :warn : [ 76.824209] worker_thread (include/linux/list.h:292 kernel/workqueue.c:2437)
kern :warn : [ 76.824213] kthread (kernel/kthread.c:376)
kern :warn : [ 76.824216] ret_from_fork (arch/x86/entry/entry_64.S:308)
kern :err : [ 76.824221] Freed by task 139:
kern :warn : [ 76.824223] kasan_save_stack (mm/kasan/common.c:39)
kern :warn : [ 76.824228] kasan_set_track (mm/kasan/common.c:45)
kern :warn : [ 76.824232] kasan_set_free_info (mm/kasan/generic.c:372)
kern :warn : [ 76.824237] __kasan_slab_free (mm/kasan/common.c:368 mm/kasan/common.c:328 mm/kasan/common.c:374)
kern :warn : [ 76.824242] kmem_cache_free (mm/slub.c:1753 mm/slub.c:3507 mm/slub.c:3524)
kern :warn : [ 76.824246] xfs_buf_rele (fs/xfs/xfs_buf.c:1040) xfs
kern :warn : [ 76.824466] xfs_attr3_node_inactive (fs/xfs/xfs_attr_inactive.c:210) xfs
kern :warn : [ 76.824694] xfs_attr3_root_inactive (fs/xfs/xfs_attr_inactive.c:296) xfs
kern :warn : [ 76.824944] xfs_attr_inactive (fs/xfs/xfs_attr_inactive.c:371) xfs
kern :warn : [ 76.825194] xfs_inactive (fs/xfs/xfs_inode.c:1781) xfs
kern :warn : [ 76.825450] xfs_inodegc_worker (fs/xfs/xfs_icache.c:1837 fs/xfs/xfs_icache.c:1860) xfs
kern :warn : [ 76.825675] process_one_work (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 include/trace/events/workqueue.h:108 kernel/workqueue.c:2294)
kern :warn : [ 76.825679] worker_thread (include/linux/list.h:292 kernel/workqueue.c:2437)
kern :warn : [ 76.825683] kthread (kernel/kthread.c:376)
kern :warn : [ 76.825686] ret_from_fork (arch/x86/entry/entry_64.S:308)
kern :err : [ 76.825691] Last potentially related work creation:
kern :warn : [ 76.825692] kasan_save_stack (mm/kasan/common.c:39)
kern :warn : [ 76.825697] __kasan_record_aux_stack (mm/kasan/generic.c:348)
kern :warn : [ 76.825701] insert_work (include/linux/instrumented.h:71 include/asm-generic/bitops/instrumented-non-atomic.h:134 kernel/workqueue.c:635 kernel/workqueue.c:642 kernel/workqueue.c:1361)
kern :warn : [ 76.825705] __queue_work (kernel/workqueue.c:1520)
kern :warn : [ 76.825709] queue_work_on (kernel/workqueue.c:1546)
kern :warn : [ 76.825713] xfs_buf_bio_end_io (fs/xfs/xfs_buf.c:1410) xfs
kern :warn : [ 76.825986] blk_update_request (block/blk-mq.c:818)
kern :warn : [ 76.825991] scsi_end_request (drivers/scsi/scsi_lib.c:543)
kern :warn : [ 76.825997] scsi_io_completion (drivers/scsi/scsi_lib.c:972)
kern :warn : [ 76.826001] blk_complete_reqs (block/blk-mq.c:1012 (discriminator 3))
kern :warn : [ 76.826005] __do_softirq (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 include/trace/events/irq.h:142 kernel/softirq.c:572)
kern :err : [ 76.826011] Second to last potentially related work creation:
kern :warn : [ 76.826012] kasan_save_stack (mm/kasan/common.c:39)
kern :warn : [ 76.826016] __kasan_record_aux_stack (mm/kasan/generic.c:348)
kern :warn : [ 76.826022] insert_work (include/linux/instrumented.h:71 include/asm-generic/bitops/instrumented-non-atomic.h:134 kernel/workqueue.c:635 kernel/workqueue.c:642 kernel/workqueue.c:1361)
kern :warn : [ 76.826025] __queue_work (kernel/workqueue.c:1520)
kern :warn : [ 76.826029] queue_work_on (kernel/workqueue.c:1546)
kern :warn : [ 76.826033] xfs_buf_bio_end_io (fs/xfs/xfs_buf.c:1410) xfs
kern :warn : [ 76.826283] blk_update_request (block/blk-mq.c:818)
kern :warn : [ 76.826287] scsi_end_request (drivers/scsi/scsi_lib.c:543)
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
sudo bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
sudo bin/lkp run generated-yaml-file
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.19.0-rc2-00004-g7cf2b0f9611b" of type "text/plain" (167550 bytes)
View attachment "job-script" of type "text/plain" (5737 bytes)
Download attachment "kmsg.xz" of type "application/x-xz" (23432 bytes)
View attachment "xfstests" of type "text/plain" (1054 bytes)
View attachment "job.yaml" of type "text/plain" (4826 bytes)
View attachment "reproduce" of type "text/plain" (925 bytes)
Powered by blists - more mailing lists