* [linus:master] [netfs] c9c4ff12df: BUG:KASAN:wild-memory-access_in__fscache_use_cookie
@ 2024-03-13 13:41 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2024-03-13 13:41 UTC (permalink / raw)
To: David Howells
Cc: oe-lkp, lkp, linux-kernel, Jeff Layton, v9fs, linux-afs,
ceph-devel, linux-fsdevel, netfs, linux-cifs, samba-technical,
oliver.sang
Hello,
kernel test robot noticed "BUG:KASAN:wild-memory-access_in__fscache_use_cookie" on:
commit: c9c4ff12df110feb1b91951010f673f4b16e49e8 ("netfs: Move pinning-for-writeback from fscache to netfs")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
[test failed on linus/master 3aaa8ce7a3350d95b241046ae2401103a4384ba2]
[test failed on linux-next/master 8ffc8b1bbd505e27e2c8439d326b6059c906c9dd]
in testcase: xfstests
version: xfstests-x86_64-386c7b6a-1_20240304
with following parameters:
disk: 4HDD
fs: ext4
fs2: smbv2
test: generic-group-60
compiler: gcc-12
test machine: 4 threads Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz (Skylake) with 32G memory
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202403131625.ef8a3315-oliver.sang@intel.com
[ 188.580903][ T3137] BUG: KASAN: wild-memory-access in __fscache_use_cookie (arch/x86/include/asm/bitops.h:206 arch/x86/include/asm/bitops.h:238 include/asm-generic/bitops/instrumented-non-atomic.h:142 fs/netfs/fscache_cookie.c:577)
[ 188.588776][ T3137] Read of size 8 at addr cccccccccccccd54 by task xfs_io/3137
[ 188.596127][ T3137]
[ 188.598326][ T3137] CPU: 3 PID: 3137 Comm: xfs_io Tainted: G S 6.7.0-rc7-00007-gc9c4ff12df11 #1
[ 188.608454][ T3137] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.8.1 12/05/2017
[ 188.616571][ T3137] Call Trace:
[ 188.619723][ T3137] <TASK>
[ 188.622527][ T3137] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))
[ 188.626903][ T3137] kasan_report (mm/kasan/report.c:590)
[ 188.631192][ T3137] ? __fscache_use_cookie (arch/x86/include/asm/bitops.h:206 arch/x86/include/asm/bitops.h:238 include/asm-generic/bitops/instrumented-non-atomic.h:142 fs/netfs/fscache_cookie.c:577)
[ 188.636349][ T3137] kasan_check_range (mm/kasan/generic.c:181 mm/kasan/generic.c:187)
[ 188.641069][ T3137] __fscache_use_cookie (arch/x86/include/asm/bitops.h:206 arch/x86/include/asm/bitops.h:238 include/asm-generic/bitops/instrumented-non-atomic.h:142 fs/netfs/fscache_cookie.c:577)
[ 188.646051][ T3137] ? _raw_write_lock_irq (kernel/locking/spinlock.c:153)
[ 188.651036][ T3137] ? fscache_cookie_worker (fs/netfs/fscache_cookie.c:570)
[ 188.656367][ T3137] ? _raw_spin_lock_irq (arch/x86/include/asm/atomic.h:115 include/linux/atomic/atomic-arch-fallback.h:2164 include/linux/atomic/atomic-instrumented.h:1296 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:120 kernel/locking/spinlock.c:170)
[ 188.661262][ T3137] ? _raw_spin_lock (arch/x86/include/asm/atomic.h:115 include/linux/atomic/atomic-arch-fallback.h:2164 include/linux/atomic/atomic-instrumented.h:1296 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:134 kernel/locking/spinlock.c:154)
[ 188.665810][ T3137] ? _raw_write_lock_irq (kernel/locking/spinlock.c:153)
[ 188.670790][ T3137] ? wb_wakeup_delayed (include/linux/spinlock.h:401 mm/backing-dev.c:397)
[ 188.675600][ T3137] netfs_dirty_folio (include/linux/fscache.h:273 fs/netfs/misc.c:45)
[ 188.680409][ T3137] cifs_write_end (fs/smb/client/file.c:3091) cifs
[ 188.685652][ T3137] ? cifs_write (fs/smb/client/file.c:3045) cifs
[ 188.690724][ T3137] ? cifs_readpage_worker (fs/smb/client/file.c:4764) cifs
[ 188.696664][ T3137] ? is_valid_gup_args (mm/gup.c:1979)
[ 188.701662][ T3137] ? inode_owner_or_capable (fs/inode.c:2499)
[ 188.707093][ T3137] ? cap_task_fix_setuid (security/commoncap.c:1142)
[ 188.712165][ T3137] generic_perform_write (mm/filemap.c:3929)
[ 188.717323][ T3137] ? folio_add_wait_queue (mm/filemap.c:3882)
[ 188.722565][ T3137] ? file_update_time (fs/inode.c:2170)
[ 188.727373][ T3137] cifs_strict_writev (fs/smb/client/file.c:3730 fs/smb/client/file.c:3760) cifs
[ 188.732941][ T3137] vfs_write (include/linux/fs.h:2020 fs/read_write.c:491 fs/read_write.c:584)
[ 188.737054][ T3137] ? kernel_write (fs/read_write.c:565)
[ 188.741600][ T3137] ? __get_file_rcu (arch/x86/include/asm/atomic64_64.h:15 include/linux/atomic/atomic-arch-fallback.h:2569 include/linux/atomic/atomic-arch-fallback.h:4529 include/linux/atomic/atomic-arch-fallback.h:4558 include/linux/atomic/atomic-arch-fallback.h:4578 include/linux/atomic/atomic-long.h:1731 include/linux/atomic/atomic-instrumented.h:4654 fs/file.c:869)
[ 188.746148][ T3137] ? __fget_light (fs/file.c:1140)
[ 188.750708][ T3137] __x64_sys_pwrite64 (fs/read_write.c:699 fs/read_write.c:709 fs/read_write.c:706 fs/read_write.c:706)
[ 188.755602][ T3137] ? vfs_write (fs/read_write.c:706)
[ 188.759887][ T3137] ? do_user_addr_fault (include/linux/rcupdate.h:779 include/linux/mm.h:688 arch/x86/mm/fault.c:1366)
[ 188.764959][ T3137] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
[ 188.769245][ T3137] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)
[ 188.775012][ T3137] RIP: 0033:0x7f7f3ffd43b7
[ 188.779296][ T3137] Code: 08 89 3c 24 48 89 4c 24 18 e8 05 f4 f8 ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 55 f4 f8 ff 48 8b
All code
========
0: 08 89 3c 24 48 89 or %cl,-0x76b7dbc4(%rcx)
6: 4c 24 18 rex.WR and $0x18,%al
9: e8 05 f4 f8 ff callq 0xfffffffffff8f413
e: 4c 8b 54 24 18 mov 0x18(%rsp),%r10
13: 48 8b 54 24 10 mov 0x10(%rsp),%rdx
18: 41 89 c0 mov %eax,%r8d
1b: 48 8b 74 24 08 mov 0x8(%rsp),%rsi
20: 8b 3c 24 mov (%rsp),%edi
23: b8 12 00 00 00 mov $0x12,%eax
28: 0f 05 syscall
2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction
30: 77 31 ja 0x63
32: 44 89 c7 mov %r8d,%edi
35: 48 89 04 24 mov %rax,(%rsp)
39: e8 55 f4 f8 ff callq 0xfffffffffff8f493
3e: 48 rex.W
3f: 8b .byte 0x8b
Code starting with the faulting instruction
===========================================
0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax
6: 77 31 ja 0x39
8: 44 89 c7 mov %r8d,%edi
b: 48 89 04 24 mov %rax,(%rsp)
f: e8 55 f4 f8 ff callq 0xfffffffffff8f469
14: 48 rex.W
15: 8b .byte 0x8b
[ 188.798823][ T3137] RSP: 002b:00007ffcffb5da70 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[ 188.807116][ T3137] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f7f3ffd43b7
[ 188.814977][ T3137] RDX: 0000000000001000 RSI: 00005644520fa000 RDI: 0000000000000004
[ 188.822846][ T3137] RBP: 0000000000000000 R08: 0000000000000000 R09: 00005644520f9f80
[ 188.830716][ T3137] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 188.838583][ T3137] R13: 0000000000001000 R14: 0000000000001000 R15: 00000000ffffffff
[ 188.846449][ T3137] </TASK>
[ 188.849338][ T3137] ==================================================================
[ 188.857341][ T3137] Disabling lock debugging due to kernel taint
[ 188.863392][ T3137] general protection fault, probably for non-canonical address 0xf9999599999999aa: 0000 [#1] PREEMPT SMP KASAN PTI
[ 188.875344][ T3137] KASAN: maybe wild-memory-access in range [0xcccccccccccccd50-0xcccccccccccccd57]
[ 188.884508][ T3137] CPU: 3 PID: 3137 Comm: xfs_io Tainted: G S B 6.7.0-rc7-00007-gc9c4ff12df11 #1
[ 188.894630][ T3137] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.8.1 12/05/2017
[ 188.902765][ T3137] RIP: 0010:__fscache_use_cookie (arch/x86/include/asm/bitops.h:206 arch/x86/include/asm/bitops.h:238 include/asm-generic/bitops/instrumented-non-atomic.h:142 fs/netfs/fscache_cookie.c:577)
[ 188.908533][ T3137] Code: f1 f1 f1 f1 c7 40 0c f3 f3 f3 f3 65 48 8b 04 25 28 00 00 00 48 89 84 24 e0 00 00 00 31 c0 e8 4a 41 cf ff 4c 89 e8 48 c1 e8 03 <80> 3c 28 00 0f 85 67 07 00 00 49 8b 87 88 00 00 00 83 e0 01 88 44
All code
========
0: f1 icebp
1: f1 icebp
2: f1 icebp
3: f1 icebp
4: c7 40 0c f3 f3 f3 f3 movl $0xf3f3f3f3,0xc(%rax)
b: 65 48 8b 04 25 28 00 mov %gs:0x28,%rax
12: 00 00
14: 48 89 84 24 e0 00 00 mov %rax,0xe0(%rsp)
1b: 00
1c: 31 c0 xor %eax,%eax
1e: e8 4a 41 cf ff callq 0xffffffffffcf416d
23: 4c 89 e8 mov %r13,%rax
26: 48 c1 e8 03 shr $0x3,%rax
2a:* 80 3c 28 00 cmpb $0x0,(%rax,%rbp,1) <-- trapping instruction
2e: 0f 85 67 07 00 00 jne 0x79b
34: 49 8b 87 88 00 00 00 mov 0x88(%r15),%rax
3b: 83 e0 01 and $0x1,%eax
3e: 88 .byte 0x88
3f: 44 rex.R
Code starting with the faulting instruction
===========================================
0: 80 3c 28 00 cmpb $0x0,(%rax,%rbp,1)
4: 0f 85 67 07 00 00 jne 0x771
a: 49 8b 87 88 00 00 00 mov 0x88(%r15),%rax
11: 83 e0 01 and $0x1,%eax
14: 88 .byte 0x88
15: 44 rex.R
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240313/202403131625.ef8a3315-oliver.sang@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-03-13 13:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-13 13:41 [linus:master] [netfs] c9c4ff12df: BUG:KASAN:wild-memory-access_in__fscache_use_cookie kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.