Re: [Bug 204371] BUG kmalloc-4k (Tainted: G W ): Object padding overwritten

Re: [Bug 204371] BUG kmalloc-4k (Tainted: G W ): Object padding overwritten

[Michael Ellerman]

bugzilla-daemon@bugzilla.kernel.org writes:
> https://bugzilla.kernel.org/show_bug.cgi?id=204371
>
> --- Comment #10 from David Sterba (dsterba@suse.com) ---
> In my case it happened on 5.3-rc3, with a strestest. The same machine has been
> running fstests periodically, with slab debug on, but there are no slab reports
> like that.
>
> [ 8516.870046] BUG kmalloc-4k (Not tainted): Poison overwritten                 
> [ 8516.875873]
> -----------------------------------------------------------------------------   
>
> [ 8516.885864] Disabling lock debugging due to kernel taint                     
> [ 8516.891312] INFO: 0x000000001c70c8c9-0x000000003cd1e164. First byte 0x16
> instead of 0x6b                                                                 
> [ 8516.899717] INFO: Allocated in btrfs_read_tree_root+0x46/0x120 [btrfs]
> age=1769 cpu=7 pid=8717                                                         
> [ 8516.908544]  __slab_alloc.isra.53+0x3e/0x70                                  
> [ 8516.912861]  kmem_cache_alloc_trace+0x1b0/0x330                              
> [ 8516.917581]  btrfs_read_tree_root+0x46/0x120 [btrfs]                         
> [ 8516.922737]  btrfs_read_fs_root+0xe/0x40 [btrfs]                             
> [ 8516.927552]  create_reloc_root+0x17f/0x2a0 [btrfs]                           
> [ 8516.932536]  btrfs_init_reloc_root+0x72/0xe0 [btrfs]                         
> [ 8516.937686]  record_root_in_trans+0xbb/0xf0 [btrfs]                          
> [ 8516.942750]  btrfs_record_root_in_trans+0x50/0x70 [btrfs]                    
> [ 8516.948340]  start_transaction+0xa1/0x550 [btrfs]                            
> [ 8516.953237]  __btrfs_prealloc_file_range+0xca/0x490 [btrfs]                  
> [ 8516.959003]  btrfs_prealloc_file_range+0x10/0x20 [btrfs]                     
> [ 8516.964509]  prealloc_file_extent_cluster+0x13e/0x2b0 [btrfs]                
> [ 8516.970447]  relocate_file_extent_cluster+0x8d/0x530 [btrfs]                 
> [ 8516.976305]  relocate_data_extent+0x80/0x110 [btrfs]                         
> [ 8516.981469]  relocate_block_group+0x473/0x720 [btrfs]                        
> [ 8516.986711]  btrfs_relocate_block_group+0x15f/0x2c0 [btrfs]                  

So this is looking more like it could be a btrfs bug, given you've both
hit it using btrfs but on different platforms.

cheers

Re: [Bug 204371] BUG kmalloc-4k (Tainted: G W ): Object padding overwritten

[christophe leroy]

Le 30/07/2019 à 20:52, bugzilla-daemon@bugzilla.kernel.org a écrit :
> https://bugzilla.kernel.org/show_bug.cgi?id=204371
> 
> --- Comment #2 from Andrew Morton (akpm@linux-foundation.org) ---
> (switched to email.  Please respond via emailed reply-to-all, not via the
> bugzilla web interface).

Reply all replies to bugzilla-daemon@bugzilla.kernel.org only.


[...]


> 
> cc'ing various people here.

Hum ... only got that email through the bugzilla interface, and CC'ed 
people don't show up.


> 
> I suspect proc_cgroup_show() is innocent and that perhaps
> bpf_prepare_filter() had a memory scribble.  iirc there has been at
> least one recent pretty serious bpf fix applied recently.  Can others
> please take a look?
> 
> (Seriously - please don't modify this report via the bugzilla web interface!)
> 

Haven't got the original CC'ed list, so please reply with missing Cc's 
if any.

We have well progressed on this case.

Erhard made a relation being this "Object padding overwritten" issue 
arising on any driver, and the presence of the BTRFS driver.

Then he was able to bisect the issue to:

commit 69d2480456d1baf027a86e530989d7bedd698d5f
Author: David Sterba <dsterba@suse.com>
Date:   Fri Jun 29 10:56:44 2018 +0200

     btrfs: use copy_page for copying pages instead of memcpy

     Use the helper that's possibly optimized for full page copies.

     Signed-off-by: David Sterba <dsterba@suse.com>



After looking in the code, it has appeared that some of the said "pages" 
were allocated with "kzalloc()".

Using the patch https://patchwork.ozlabs.org/patch/1148033/ Erhard 
confirmed that some btrfs functions were calling copy_page() with 
misaligned destinations.

copy_page(), at least on powerpc, expects cache aligned destination.

The patch https://patchwork.ozlabs.org/patch/1148606/ fixes the issue.

Christophe

---
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel antivirus Avast.
https://www.avast.com/antivirus

Re: [Bug 204371] BUG kmalloc-4k (Tainted: G W ): Object padding overwritten

[Christophe Leroy]

Le 16/08/2019 à 16:38, bugzilla-daemon@bugzilla.kernel.org a écrit :
> https://bugzilla.kernel.org/show_bug.cgi?id=204371
> 
> --- Comment #34 from Erhard F. (erhard_f@mailbox.org) ---
> On Fri, 16 Aug 2019 08:22:31 +0000
> bugzilla-daemon@bugzilla.kernel.org wrote:
> 
>> https://bugzilla.kernel.org/show_bug.cgi?id=204371
>>
>> --- Comment #32 from Christophe Leroy (christophe.leroy@c-s.fr) ---
>> Then see if the WARNING on kfree() in  btrfs_free_dummy_fs_info() is still
>> there.
> With latest changes there are no complaints of the kernel any longer. btrfs
> selftests pass, mounting and unmounting a btrfs partition works without any
> suspicious dmesg output.
> 

That's good news. Will you handle submitting the patch to BTRFS file 
system ?