* [Bug 204015] New: BUG: KASAN: slab-out-of-bounds in __bio_add_page+0x1ec/0x2b0
@ 2019-06-28 14:26 bugzilla-daemon
2019-06-28 20:52 ` [Bug 204015] " bugzilla-daemon
2019-06-29 14:17 ` bugzilla-daemon
0 siblings, 2 replies; 3+ messages in thread
From: bugzilla-daemon @ 2019-06-28 14:26 UTC (permalink / raw)
To: linux-xfs
https://bugzilla.kernel.org/show_bug.cgi?id=204015
Bug ID: 204015
Summary: BUG: KASAN: slab-out-of-bounds in
__bio_add_page+0x1ec/0x2b0
Product: IO/Storage
Version: 2.5
Kernel Version: 5.2.0-rc4 with xfs-5.3-merge-2
Hardware: All
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: Block Layer
Assignee: axboe@kernel.dk
Reporter: zlang@redhat.com
CC: filesystem_xfs@kernel-bugs.kernel.org
Regression: No
I think a kasan warning several times when I built and installed 5.2-rc4
kernel. CC XFS developers to check if XFS is related.
[ 30.072839] SGI XFS with ACLs, security attributes, verbose warnings, no
debug enabled
[ 30.141472] XFS (sda7): Mounting V5 Filesystem
[ 30.307363] XFS (sda7): Ending clean mount
[ 30.327331]
==================================================================
[ 30.360891] BUG: KASAN: slab-out-of-bounds in __bio_add_page+0x1ec/0x2b0
[ 30.391947] Write of size 4 at addr ffff8880321ddccc by task mount/748
[ 30.421680]
[ 30.428399] CPU: 7 PID: 748 Comm: mount Not tainted 5.2.0-rc4+ #1
[ 30.456331] Hardware name: HP ProLiant DL388p Gen8, BIOS P70 09/18/2013
[ 30.486318] Call Trace:
[ 30.497284] dump_stack+0x7c/0xc0
[ 30.512213] ? __bio_add_page+0x1ec/0x2b0
[ 30.530389] print_address_description+0x65/0x22e
[ 30.551533] ? __bio_add_page+0x1ec/0x2b0
[ 30.569509] ? __bio_add_page+0x1ec/0x2b0
[ 30.587526] __kasan_report.cold.3+0x37/0x77
[ 30.607785] ? __bio_add_page+0x1ec/0x2b0
[ 30.625952] kasan_report+0xe/0x20
[ 30.641188] __bio_add_page+0x1ec/0x2b0
[ 30.658950] bio_add_page+0x96/0xb0
[ 30.674878] xlog_write_iclog+0x4de/0x8e0 [xfs]
[ 30.695564] xlog_state_release_iclog+0x1d6/0x2e0 [xfs]
[ 30.719506] ? do_raw_spin_unlock+0x54/0x220
[ 30.738973] xfs_log_write_unmount_record+0x223/0x7b0 [xfs]
[ 30.764214] ? xfs_log_reserve+0xaa0/0xaa0 [xfs]
[ 30.785399] ? sched_clock+0x5/0x10
[ 30.801308] ? __lock_acquire+0x58d/0x2be0
[ 30.821886] ? sched_clock+0x5/0x10
[ 30.838540] ? sched_clock_cpu+0x18/0x170
[ 30.858708] ? do_raw_spin_unlock+0x54/0x220
[ 30.878314] ? _raw_spin_unlock+0x24/0x30
[ 30.896358] ? xfs_log_force+0x8c4/0xc30 [xfs]
[ 30.916744] ? xlog_commit_record+0x1a0/0x1a0 [xfs]
[ 30.939319] ? xfs_log_quiesce+0x148/0x570 [xfs]
[ 30.960148] ? rcu_read_lock_sched_held+0x114/0x130
[ 30.982293] xfs_log_quiesce+0x375/0x570 [xfs]
[ 31.002708] ? xfs_log_write_unmount_record+0x7b0/0x7b0 [xfs]
[ 31.028934] ? xfs_cowblocks_worker+0x40/0x40 [xfs]
[ 31.050933] xfs_mountfs+0x1385/0x1890 [xfs]
[ 31.070237] ? xfs_default_resblks+0x60/0x60 [xfs]
[ 31.091730] ? module_assert_mutex_or_preempt+0x41/0x70
[ 31.116538] ? __module_address+0x3f/0x360
[ 31.135147] ? xfs_filestream_get_ag+0x40/0x40 [xfs]
[ 31.157601] ? is_module_address+0x11/0x20
[ 31.176822] ? static_obj+0x2d/0x50
[ 31.192637] ? lockdep_init_map+0x1dc/0x620
[ 31.211685] ? xfs_filestream_get_ag+0x40/0x40 [xfs]
[ 31.234488] ? xfs_mru_cache_create+0x34d/0x560 [xfs]
[ 31.257969] xfs_fs_fill_super+0xb0e/0x13e0 [xfs]
[ 31.279666] ? xfs_test_remount_options+0x80/0x80 [xfs]
[ 31.303804] ? xfs_test_remount_options+0x80/0x80 [xfs]
[ 31.327825] mount_bdev+0x26e/0x330
[ 31.343785] ? xfs_finish_flags+0x310/0x310 [xfs]
[ 31.365424] legacy_get_tree+0x101/0x1f0
[ 31.383731] vfs_get_tree+0x89/0x350
[ 31.399799] do_mount+0xe78/0x15c0
[ 31.415070] ? copy_mount_string+0x20/0x20
[ 31.433508] ? lock_downgrade+0x620/0x620
[ 31.452013] ? _copy_from_user+0x93/0xd0
[ 31.469783] ? memdup_user+0x4b/0x70
[ 31.486122] ksys_mount+0xb6/0xd0
[ 31.501100] __x64_sys_mount+0xba/0x150
[ 31.518965] ? lockdep_hardirqs_on+0x37f/0x560
[ 31.539285] do_syscall_64+0x9f/0x4d0
[ 31.555741] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 31.578634] RIP: 0033:0x7fcb735d9fce
[ 31.594282] Code: 48 8b 0d bd fe 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e
0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01
f0 ff ff 73 01 c3 48 8b 0d 8a fe 2b 00 f7 d8 64 89 01 48
[ 31.680795] RSP: 002b:00007ffc8aaed448 EFLAGS: 00000246 ORIG_RAX:
00000000000000a5
[ 31.715737] RAX: ffffffffffffffda RBX: 0000559c77156ef0 RCX:
00007fcb735d9fce
[ 31.748298] RDX: 0000559c77165f30 RSI: 0000559c771570d0 RDI:
0000559c77158dd0
[ 31.780803] RBP: 00007fcb74385184 R08: 0000000000000000 R09:
0000000000000000
[ 31.813645] R10: 00000000c0ed0001 R11: 0000000000000246 R12:
0000000000000000
[ 31.846394] R13: 00000000c0ed0001 R14: 0000559c77158dd0 R15:
0000559c77165f30
[ 31.878830]
[ 31.885488] Allocated by task 748:
[ 31.901122] save_stack+0x19/0x80
[ 31.916029] __kasan_kmalloc.constprop.6+0xc1/0xd0
[ 31.937991] __kmalloc+0x14e/0x310
[ 31.953270] kmem_alloc+0x5e/0x130 [xfs]
[ 31.971366] xlog_alloc_log+0xc87/0x12e0 [xfs]
[ 31.991876] xfs_log_mount+0xa2/0x650 [xfs]
[ 32.010721] xfs_mountfs+0xb5e/0x1890 [xfs]
[ 32.030045] xfs_fs_fill_super+0xb0e/0x13e0 [xfs]
[ 32.051336] mount_bdev+0x26e/0x330
[ 32.067054] legacy_get_tree+0x101/0x1f0
[ 32.084747] vfs_get_tree+0x89/0x350
[ 32.100777] do_mount+0xe78/0x15c0
[ 32.116054] ksys_mount+0xb6/0xd0
[ 32.130906] __x64_sys_mount+0xba/0x150
[ 32.148949] do_syscall_64+0x9f/0x4d0
[ 32.165364] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 32.188633]
[ 32.195288] Freed by task 346:
[ 32.209418] save_stack+0x19/0x80
[ 32.224277] __kasan_slab_free+0x125/0x170
[ 32.243142] kfree+0xfa/0x2d0
[ 32.256474] rfc4106_set_hash_subkey+0xb3/0xe0
[ 32.277138]
[ 32.283789] The buggy address belongs to the object at ffff8880321dda00
[ 32.283789] which belongs to the cache kmalloc-1k of size 1024
[ 32.340980] The buggy address is located 716 bytes inside of
[ 32.340980] 1024-byte region [ffff8880321dda00, ffff8880321dde00)
[ 32.395443] The buggy address belongs to the page:
[ 32.416986] page:ffffea0000c87600 refcount:1 mapcount:0
mapping:ffff888105016400 index:0x0 compound_mapcount: 0
[ 32.463287] flags: 0xfffffc0010200(slab|head)
[ 32.483036] raw: 000fffffc0010200 dead000000000100 dead000000000200
ffff888105016400
[ 32.518755] raw: 0000000000000000 00000000801c001c 00000001ffffffff
0000000000000000
[ 32.553632] page dumped because: kasan: bad access detected
[ 32.579437]
[ 32.586214] Memory state around the buggy address:
[ 32.607839] ffff8880321ddb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
[ 32.640419] ffff8880321ddc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
[ 32.674436] >ffff8880321ddc80: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc
fc
[ 32.707277] ^
[ 32.732585] ffff8880321ddd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc
[ 32.765431] ffff8880321ddd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
fc
[ 32.798577]
==================================================================
[ 32.831699] Disabling lock debugging due to kernel taint
[ 32.858427] random: crng init done
[ 32.874609] random: 7 urandom warning(s) missed due to ratelimiting
[ 32.907093] mount (748) used greatest stack depth: 24680 bytes left
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug 204015] BUG: KASAN: slab-out-of-bounds in __bio_add_page+0x1ec/0x2b0
2019-06-28 14:26 [Bug 204015] New: BUG: KASAN: slab-out-of-bounds in __bio_add_page+0x1ec/0x2b0 bugzilla-daemon
@ 2019-06-28 20:52 ` bugzilla-daemon
2019-06-29 14:17 ` bugzilla-daemon
1 sibling, 0 replies; 3+ messages in thread
From: bugzilla-daemon @ 2019-06-28 20:52 UTC (permalink / raw)
To: linux-xfs
https://bugzilla.kernel.org/show_bug.cgi?id=204015
Darrick J. Wong (djwong+kernel@djwong.org) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djwong+kernel@djwong.org
--- Comment #1 from Darrick J. Wong (djwong+kernel@djwong.org) ---
I suspect this is fixed by "xfs: fix iclog allocation size" which will be in
for-next soon.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug 204015] BUG: KASAN: slab-out-of-bounds in __bio_add_page+0x1ec/0x2b0
2019-06-28 14:26 [Bug 204015] New: BUG: KASAN: slab-out-of-bounds in __bio_add_page+0x1ec/0x2b0 bugzilla-daemon
2019-06-28 20:52 ` [Bug 204015] " bugzilla-daemon
@ 2019-06-29 14:17 ` bugzilla-daemon
1 sibling, 0 replies; 3+ messages in thread
From: bugzilla-daemon @ 2019-06-29 14:17 UTC (permalink / raw)
To: linux-xfs
https://bugzilla.kernel.org/show_bug.cgi?id=204015
--- Comment #2 from Zorro Lang (zlang@redhat.com) ---
(In reply to Darrick J. Wong from comment #1)
> I suspect this is fixed by "xfs: fix iclog allocation size" which will be in
> for-next soon.
Great, I'll verify that after the patch be merged.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-06-29 14:17 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-06-28 14:26 [Bug 204015] New: BUG: KASAN: slab-out-of-bounds in __bio_add_page+0x1ec/0x2b0 bugzilla-daemon
2019-06-28 20:52 ` [Bug 204015] " bugzilla-daemon
2019-06-29 14:17 ` bugzilla-daemon
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.