* BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50
@ 2015-12-01 20:20 Andrea Gelmini
2015-12-02 22:58 ` James Bottomley
0 siblings, 1 reply; 14+ messages in thread
From: Andrea Gelmini @ 2015-12-01 20:20 UTC (permalink / raw)
To: linux-kernel; +Cc: James E.J. Bottomley, linux-scsi
[-- Attachment #1.1: Type: text/plain, Size: 23069 bytes --]
Hi everybody,
and thanks a lot for your work.
As soon as I plugged an external WD USB hard drive (details in the attached file)
into USB3 port, I've got this (much more info in the attached files).
Using commit 2255702db4014d1c69d6037ed7bdad2d2e271985
Thanks again,
Andrea
[ 542.582204] ==================================================================
[ 542.582220] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50 [ses] at addr ffff88038c421c12
[ 542.582223] Read of size 1 by task systemd-udevd/4017
[ 542.582225] =============================================================================
[ 542.582227] BUG kmalloc-8 (Not tainted): kasan: bad access detected
[ 542.582228] -----------------------------------------------------------------------------
[ 542.582229] Disabling lock debugging due to kernel taint
[ 542.582236] INFO: Allocated in ses_enclosure_data_process+0x1e6/0xe50 [ses] age=1 cpu=2 pid=4017
[ 542.582243] ___slab_alloc.constprop.27+0x379/0x3a0
[ 542.582246] __slab_alloc.isra.24.constprop.26+0x26/0x40
[ 542.582249] __kmalloc+0x19b/0x1e0
[ 542.582253] ses_enclosure_data_process+0x1e6/0xe50 [ses]
[ 542.582256] ses_intf_add+0x9d6/0xe00 [ses]
[ 542.582261] class_interface_register+0x213/0x350
[ 542.582264] scsi_register_interface+0x33/0x40
[ 542.582268] ses_init+0x13/0x1000 [ses]
[ 542.582272] do_one_initcall+0x13c/0x2f0
[ 542.582277] do_init_module+0x1d9/0x5bc
[ 542.582280] load_module+0x6029/0x9230
[ 542.582283] SyS_finit_module+0x103/0x130
[ 542.582288] entry_SYSCALL_64_fastpath+0x16/0x75
[ 542.582293] INFO: Freed in sg_clean+0x12e/0x200 age=1 cpu=3 pid=4009
[ 542.582296] __slab_free+0x292/0x3d0
[ 542.582298] kfree+0x108/0x120
[ 542.582300] sg_clean+0x12e/0x200
[ 542.582302] usb_sg_wait+0x2ad/0x3d0
[ 542.582307] usb_stor_bulk_transfer_sglist.part.3+0xc4/0x200 [usb_storage]
[ 542.582311] usb_stor_bulk_srb+0x184/0x280 [usb_storage]
[ 542.582315] usb_stor_Bulk_transport+0x53e/0xf80 [usb_storage]
[ 542.582319] usb_stor_invoke_transport+0xf2/0x1430 [usb_storage]
[ 542.582323] usb_stor_transparent_scsi_command+0x9/0x10 [usb_storage]
[ 542.582327] usb_stor_control_thread+0x530/0xac0 [usb_storage]
[ 542.582332] kthread+0x1c0/0x260
[ 542.582335] ret_from_fork+0x3f/0x70
[ 542.582339] INFO: Slab 0xffffea000e310800 objects=26 used=25 fp=0xffff88038c421e78 flags=0x8000000000004080
[ 542.582341] INFO: Object 0xffff88038c421c08 @offset=7176 fp=0x0000000000000008
[ 542.582345] Bytes b4 ffff88038c421bf8: 01 00 00 00 01 00 00 00 74 97 fd ff 00 00 00 00 ........t.......
[ 542.582348] Object ffff88038c421c08: 08 00 00 00 00 00 00 00 ........
[ 542.582354] CPU: 2 PID: 4017 Comm: systemd-udevd Tainted: G B 4.4.0-rc3KASan-00005-g2255702 #5
[ 542.582356] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA3WW (2.63 ) 04/16/2015
[ 542.582361] ffff88038c420000 ffff8800ac3ff6c0 ffffffff819c3387 ffff88038e404240
[ 542.582365] ffff8800ac3ff6f0 ffffffff813e22f4 ffff88038e404240 ffffea000e310800
[ 542.582368] ffff88038c421c08 0000000000000000 ffff8800ac3ff718 ffffffff813e69bf
[ 542.582369] Call Trace:
[ 542.582375] [<ffffffff819c3387>] dump_stack+0x4b/0x74
[ 542.582378] [<ffffffff813e22f4>] print_trailer+0xf4/0x150
[ 542.582382] [<ffffffff813e69bf>] object_err+0x2f/0x40
[ 542.582387] [<ffffffff813e85fc>] kasan_report_error+0x21c/0x540
[ 542.582392] [<ffffffffc130842c>] ? ses_recv_diag+0xac/0xe0 [ses]
[ 542.582397] [<ffffffff813e895e>] __asan_report_load1_noabort+0x3e/0x40
[ 542.582401] [<ffffffffc1309490>] ? ses_enclosure_data_process+0x900/0xe50 [ses]
[ 542.582406] [<ffffffffc1309490>] ses_enclosure_data_process+0x900/0xe50 [ses]
[ 542.582412] [<ffffffff81d5d454>] ? pm_runtime_init+0x364/0x410
[ 542.582417] [<ffffffffc130a806>] ses_intf_add+0x9d6/0xe00 [ses]
[ 542.582421] [<ffffffff81d45183>] class_interface_register+0x213/0x350
[ 542.582425] [<ffffffff81d44f70>] ? class_dev_iter_exit+0x10/0x10
[ 542.582429] [<ffffffff819f44a0>] ? kvasprintf+0xf0/0xf0
[ 542.582432] [<ffffffffc1130000>] ? 0xffffffffc1130000
[ 542.582435] [<ffffffff81dff163>] scsi_register_interface+0x33/0x40
[ 542.582439] [<ffffffffc1130013>] ses_init+0x13/0x1000 [ses]
[ 542.582443] [<ffffffff810021ac>] do_one_initcall+0x13c/0x2f0
[ 542.582446] [<ffffffff81002070>] ? try_to_run_init_process+0x40/0x40
[ 542.582450] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
[ 542.582454] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
[ 542.582458] [<ffffffff813e7e17>] ? __asan_register_globals+0x87/0xa0
[ 542.582463] [<ffffffff813199fd>] do_init_module+0x1d9/0x5bc
[ 542.582466] [<ffffffff8124d669>] load_module+0x6029/0x9230
[ 542.582469] [<ffffffff81245430>] ? symbol_put_addr+0x50/0x50
[ 542.582475] [<ffffffff81247640>] ? module_frob_arch_sections+0x20/0x20
[ 542.582479] [<ffffffff8142de90>] ? open_exec+0x50/0x50
[ 542.582486] [<ffffffff8111b9ff>] ? ns_capable+0x4f/0xd0
[ 542.582489] [<ffffffff81250b43>] SyS_finit_module+0x103/0x130
[ 542.582492] [<ffffffff81250a40>] ? SyS_init_module+0x1d0/0x1d0
[ 542.582497] [<ffffffff824c6df6>] entry_SYSCALL_64_fastpath+0x16/0x75
[ 542.582498] Memory state around the buggy address:
[ 542.582501] ffff88038c421b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.582503] ffff88038c421b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.582506] >ffff88038c421c00: fc 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.582507] ^
[ 542.582509] ffff88038c421c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.582512] ffff88038c421d00: fc fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[ 542.582513] ==================================================================
[ 542.582514] ==================================================================
[ 542.582519] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0xe3b/0xe50 [ses] at addr ffff88038c421c13
[ 542.582521] Read of size 1 by task systemd-udevd/4017
[ 542.582521] Read of size 1 by task systemd-udevd/4017
[ 542.582522] =============================================================================
[ 542.582524] BUG kmalloc-8 (Tainted: G B ): kasan: bad access detected
[ 542.582525] -----------------------------------------------------------------------------
[ 542.582530] INFO: Allocated in ses_enclosure_data_process+0x1e6/0xe50 [ses] age=1 cpu=2 pid=4017
[ 542.582533] ___slab_alloc.constprop.27+0x379/0x3a0
[ 542.582536] __slab_alloc.isra.24.constprop.26+0x26/0x40
[ 542.582539] __kmalloc+0x19b/0x1e0
[ 542.582542] ses_enclosure_data_process+0x1e6/0xe50 [ses]
[ 542.582546] ses_intf_add+0x9d6/0xe00 [ses]
[ 542.582549] class_interface_register+0x213/0x350
[ 542.582551] scsi_register_interface+0x33/0x40
[ 542.582555] ses_init+0x13/0x1000 [ses]
[ 542.582557] do_one_initcall+0x13c/0x2f0
[ 542.582560] do_init_module+0x1d9/0x5bc
[ 542.582562] load_module+0x6029/0x9230
[ 542.582564] SyS_finit_module+0x103/0x130
[ 542.582568] entry_SYSCALL_64_fastpath+0x16/0x75
[ 542.582571] INFO: Freed in sg_clean+0x12e/0x200 age=1 cpu=3 pid=4009
[ 542.582574] __slab_free+0x292/0x3d0
[ 542.582577] kfree+0x108/0x120
[ 542.582578] sg_clean+0x12e/0x200
[ 542.582580] usb_sg_wait+0x2ad/0x3d0
[ 542.582585] usb_stor_bulk_transfer_sglist.part.3+0xc4/0x200 [usb_storage]
[ 542.582588] usb_stor_bulk_srb+0x184/0x280 [usb_storage]
[ 542.582592] usb_stor_Bulk_transport+0x53e/0xf80 [usb_storage]
[ 542.582596] usb_stor_invoke_transport+0xf2/0x1430 [usb_storage]
[ 542.582599] usb_stor_transparent_scsi_command+0x9/0x10 [usb_storage]
[ 542.582603] usb_stor_control_thread+0x530/0xac0 [usb_storage]
[ 542.582606] kthread+0x1c0/0x260
[ 542.582610] ret_from_fork+0x3f/0x70
[ 542.582612] INFO: Slab 0xffffea000e310800 objects=26 used=25 fp=0xffff88038c421e78 flags=0x8000000000004080
[ 542.582614] INFO: Object 0xffff88038c421c08 @offset=7176 fp=0x0000000000000008
[ 542.582617] Bytes b4 ffff88038c421bf8: 01 00 00 00 01 00 00 00 74 97 fd ff 00 00 00 00 ........t.......
[ 542.582620] Object ffff88038c421c08: 08 00 00 00 00 00 00 00 ........
[ 542.582623] CPU: 2 PID: 4017 Comm: systemd-udevd Tainted: G B 4.4.0-rc3KASan-00005-g2255702 #5
[ 542.582625] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA3WW (2.63 ) 04/16/2015
[ 542.582628] ffff88038c420000 ffff8800ac3ff6c0 ffffffff819c3387 ffff88038e404240
[ 542.582632] ffff8800ac3ff6f0 ffffffff813e22f4 ffff88038e404240 ffffea000e310800
[ 542.582635] ffff88038c421c08 0000000000000000 ffff8800ac3ff718 ffffffff813e69bf
[ 542.582636] Call Trace:
[ 542.582639] [<ffffffff819c3387>] dump_stack+0x4b/0x74
[ 542.582642] [<ffffffff813e22f4>] print_trailer+0xf4/0x150
[ 542.582645] [<ffffffff813e69bf>] object_err+0x2f/0x40
[ 542.582649] [<ffffffff813e85fc>] kasan_report_error+0x21c/0x540
[ 542.582654] [<ffffffff813e895e>] __asan_report_load1_noabort+0x3e/0x40
[ 542.582659] [<ffffffffc13099cb>] ? ses_enclosure_data_process+0xe3b/0xe50 [ses]
[ 542.582663] [<ffffffffc13099cb>] ses_enclosure_data_process+0xe3b/0xe50 [ses]
[ 542.582667] [<ffffffff81d5d454>] ? pm_runtime_init+0x364/0x410
[ 542.582672] [<ffffffffc130a806>] ses_intf_add+0x9d6/0xe00 [ses]
[ 542.582676] [<ffffffff81d45183>] class_interface_register+0x213/0x350
[ 542.582680] [<ffffffff81d44f70>] ? class_dev_iter_exit+0x10/0x10
[ 542.582683] [<ffffffff819f44a0>] ? kvasprintf+0xf0/0xf0
[ 542.582686] [<ffffffffc1130000>] ? 0xffffffffc1130000
[ 542.582689] [<ffffffff81dff163>] scsi_register_interface+0x33/0x40
[ 542.582693] [<ffffffffc1130013>] ses_init+0x13/0x1000 [ses]
[ 542.582696] [<ffffffff810021ac>] do_one_initcall+0x13c/0x2f0
[ 542.582699] [<ffffffff81002070>] ? try_to_run_init_process+0x40/0x40
[ 542.582703] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
[ 542.582707] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
[ 542.582711] [<ffffffff813e7e17>] ? __asan_register_globals+0x87/0xa0
[ 542.582715] [<ffffffff813199fd>] do_init_module+0x1d9/0x5bc
[ 542.582718] [<ffffffff8124d669>] load_module+0x6029/0x9230
[ 542.582721] [<ffffffff81245430>] ? symbol_put_addr+0x50/0x50
[ 542.582727] [<ffffffff81247640>] ? module_frob_arch_sections+0x20/0x20
[ 542.582730] [<ffffffff8142de90>] ? open_exec+0x50/0x50
[ 542.582735] [<ffffffff8111b9ff>] ? ns_capable+0x4f/0xd0
[ 542.582738] [<ffffffff81250b43>] SyS_finit_module+0x103/0x130
[ 542.582741] [<ffffffff81250a40>] ? SyS_init_module+0x1d0/0x1d0
[ 542.582746] [<ffffffff824c6df6>] entry_SYSCALL_64_fastpath+0x16/0x75
[ 542.582747] Memory state around the buggy address:
[ 542.582750] ffff88038c421b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.582752] ffff88038c421b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.582754] >ffff88038c421c00: fc 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.582755] ^
[ 542.582757] ffff88038c421c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.582759] ffff88038c421d00: fc fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[ 542.582760] ==================================================================
[ 542.584193] ==================================================================
[ 542.584206] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50 [ses] at addr ffff88038c421c12
[ 542.584209] Read of size 1 by task systemd-udevd/4017
[ 542.584210] =============================================================================
[ 542.584212] BUG kmalloc-8 (Tainted: G B ): kasan: bad access detected
[ 542.584213] -----------------------------------------------------------------------------
[ 542.584219] INFO: Allocated in ses_enclosure_data_process+0x1e6/0xe50 [ses] age=1 cpu=2 pid=4017
[ 542.584223] ___slab_alloc.constprop.27+0x379/0x3a0
[ 542.584226] __slab_alloc.isra.24.constprop.26+0x26/0x40
[ 542.584229] __kmalloc+0x19b/0x1e0
[ 542.584232] ses_enclosure_data_process+0x1e6/0xe50 [ses]
[ 542.584236] ses_match_to_enclosure+0xb5/0x450 [ses]
[ 542.584239] ses_intf_add+0xaa0/0xe00 [ses]
[ 542.584243] class_interface_register+0x213/0x350
[ 542.584245] scsi_register_interface+0x33/0x40
[ 542.584249] ses_init+0x13/0x1000 [ses]
[ 542.584252] do_one_initcall+0x13c/0x2f0
[ 542.584255] do_init_module+0x1d9/0x5bc
[ 542.584258] load_module+0x6029/0x9230
[ 542.584260] SyS_finit_module+0x103/0x130
[ 542.584264] entry_SYSCALL_64_fastpath+0x16/0x75
[ 542.584267] INFO: Freed in sg_clean+0x12e/0x200 age=1 cpu=3 pid=4009
[ 542.584270] __slab_free+0x292/0x3d0
[ 542.584273] kfree+0x108/0x120
[ 542.584275] sg_clean+0x12e/0x200
[ 542.584277] usb_sg_wait+0x2ad/0x3d0
[ 542.584281] usb_stor_bulk_transfer_sglist.part.3+0xc4/0x200 [usb_storage]
[ 542.584285] usb_stor_bulk_srb+0x184/0x280 [usb_storage]
[ 542.584288] usb_stor_Bulk_transport+0x53e/0xf80 [usb_storage]
[ 542.584292] usb_stor_invoke_transport+0xf2/0x1430 [usb_storage]
[ 542.584296] usb_stor_transparent_scsi_command+0x9/0x10 [usb_storage]
[ 542.584300] usb_stor_control_thread+0x530/0xac0 [usb_storage]
[ 542.584303] kthread+0x1c0/0x260
[ 542.584307] ret_from_fork+0x3f/0x70
[ 542.584310] INFO: Slab 0xffffea000e310800 objects=26 used=25 fp=0xffff88038c421e78 flags=0x8000000000004080
[ 542.584311] INFO: Object 0xffff88038c421c08 @offset=7176 fp=0x0000000000000008
[ 542.584315] Bytes b4 ffff88038c421bf8: 01 00 00 00 01 00 00 00 74 97 fd ff 00 00 00 00 ........t.......
[ 542.584317] Object ffff88038c421c08: 08 00 00 00 00 00 00 00 ........
[ 542.584321] CPU: 2 PID: 4017 Comm: systemd-udevd Tainted: G B 4.4.0-rc3KASan-00005-g2255702 #5
[ 542.584323] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA3WW (2.63 ) 04/16/2015
[ 542.584327] ffff88038c420000 ffff8800ac3ff5f8 ffffffff819c3387 ffff88038e404240
[ 542.584331] ffff8800ac3ff628 ffffffff813e22f4 ffff88038e404240 ffffea000e310800
[ 542.584334] ffff88038c421c08 0000000000000000 ffff8800ac3ff650 ffffffff813e69bf
[ 542.584335] Call Trace:
[ 542.584338] [<ffffffff819c3387>] dump_stack+0x4b/0x74
[ 542.584342] [<ffffffff813e22f4>] print_trailer+0xf4/0x150
[ 542.584345] [<ffffffff813e69bf>] object_err+0x2f/0x40
[ 542.584349] [<ffffffff813e85fc>] kasan_report_error+0x21c/0x540
[ 542.584354] [<ffffffffc130842c>] ? ses_recv_diag+0xac/0xe0 [ses]
[ 542.584358] [<ffffffff813e895e>] __asan_report_load1_noabort+0x3e/0x40
[ 542.584363] [<ffffffffc1309490>] ? ses_enclosure_data_process+0x900/0xe50 [ses]
[ 542.584367] [<ffffffffc1309490>] ses_enclosure_data_process+0x900/0xe50 [ses]
[ 542.584371] [<ffffffff813e884a>] ? kasan_report_error+0x46a/0x540
[ 542.584376] [<ffffffffc1309a95>] ses_match_to_enclosure+0xb5/0x450 [ses]
[ 542.584380] [<ffffffffc13093b0>] ? ses_enclosure_data_process+0x820/0xe50 [ses]
[ 542.584385] [<ffffffffc13099e0>] ? ses_enclosure_data_process+0xe50/0xe50 [ses]
[ 542.584389] [<ffffffff81dd1a13>] ? __scsi_iterate_devices+0xf3/0x240
[ 542.584394] [<ffffffffc130a8d0>] ses_intf_add+0xaa0/0xe00 [ses]
[ 542.584398] [<ffffffff81d45183>] class_interface_register+0x213/0x350
[ 542.584402] [<ffffffff81d44f70>] ? class_dev_iter_exit+0x10/0x10
[ 542.584405] [<ffffffff819f44a0>] ? kvasprintf+0xf0/0xf0
[ 542.584408] [<ffffffffc1130000>] ? 0xffffffffc1130000
[ 542.584411] [<ffffffff81dff163>] scsi_register_interface+0x33/0x40
[ 542.584415] [<ffffffffc1130013>] ses_init+0x13/0x1000 [ses]
[ 542.584418] [<ffffffff810021ac>] do_one_initcall+0x13c/0x2f0
[ 542.584421] [<ffffffff81002070>] ? try_to_run_init_process+0x40/0x40
[ 542.584425] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
[ 542.584429] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
[ 542.584433] [<ffffffff813e7e17>] ? __asan_register_globals+0x87/0xa0
[ 542.584438] [<ffffffff813199fd>] do_init_module+0x1d9/0x5bc
[ 542.584441] [<ffffffff8124d669>] load_module+0x6029/0x9230
[ 542.584444] [<ffffffff81245430>] ? symbol_put_addr+0x50/0x50
[ 542.584450] [<ffffffff81247640>] ? module_frob_arch_sections+0x20/0x20
[ 542.584453] [<ffffffff8142de90>] ? open_exec+0x50/0x50
[ 542.584458] [<ffffffff8111b9ff>] ? ns_capable+0x4f/0xd0
[ 542.584461] [<ffffffff81250b43>] SyS_finit_module+0x103/0x130
[ 542.584464] [<ffffffff81250a40>] ? SyS_init_module+0x1d0/0x1d0
[ 542.584469] [<ffffffff824c6df6>] entry_SYSCALL_64_fastpath+0x16/0x75
[ 542.584470] Memory state around the buggy address:
[ 542.584473] ffff88038c421b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.584475] ffff88038c421b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.584478] >ffff88038c421c00: fc 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.584479] ^
[ 542.584481] ffff88038c421c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.584483] ffff88038c421d00: fc fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[ 542.584484] ==================================================================
[ 542.584485] ==================================================================
[ 542.584490] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0xe3b/0xe50 [ses] at addr ffff88038c421c13
[ 542.584492] Read of size 1 by task systemd-udevd/4017
[ 542.584493] =============================================================================
[ 542.584495] BUG kmalloc-8 (Tainted: G B ): kasan: bad access detected
[ 542.584496] -----------------------------------------------------------------------------
[ 542.584501] INFO: Allocated in ses_enclosure_data_process+0x1e6/0xe50 [ses] age=1 cpu=2 pid=4017
[ 542.584504] ___slab_alloc.constprop.27+0x379/0x3a0
[ 542.584507] __slab_alloc.isra.24.constprop.26+0x26/0x40
[ 542.584510] __kmalloc+0x19b/0x1e0
[ 542.584513] ses_enclosure_data_process+0x1e6/0xe50 [ses]
[ 542.584517] ses_match_to_enclosure+0xb5/0x450 [ses]
[ 542.584520] ses_intf_add+0xaa0/0xe00 [ses]
[ 542.584523] class_interface_register+0x213/0x350
[ 542.584525] scsi_register_interface+0x33/0x40
[ 542.584529] ses_init+0x13/0x1000 [ses]
[ 542.584531] do_one_initcall+0x13c/0x2f0
[ 542.584534] do_init_module+0x1d9/0x5bc
[ 542.584536] load_module+0x6029/0x9230
[ 542.584538] SyS_finit_module+0x103/0x130
[ 542.584542] entry_SYSCALL_64_fastpath+0x16/0x75
[ 542.584545] INFO: Freed in sg_clean+0x12e/0x200 age=1 cpu=3 pid=4009
[ 542.584548] __slab_free+0x292/0x3d0
[ 542.584550] kfree+0x108/0x120
[ 542.584552] sg_clean+0x12e/0x200
[ 542.584554] usb_sg_wait+0x2ad/0x3d0
[ 542.584558] usb_stor_bulk_transfer_sglist.part.3+0xc4/0x200 [usb_storage]
[ 542.584562] usb_stor_bulk_srb+0x184/0x280 [usb_storage]
[ 542.584565] usb_stor_Bulk_transport+0x53e/0xf80 [usb_storage]
[ 542.584569] usb_stor_invoke_transport+0xf2/0x1430 [usb_storage]
[ 542.584573] usb_stor_transparent_scsi_command+0x9/0x10 [usb_storage]
[ 542.584577] usb_stor_control_thread+0x530/0xac0 [usb_storage]
[ 542.584580] kthread+0x1c0/0x260
[ 542.584583] ret_from_fork+0x3f/0x70
[ 542.584585] INFO: Slab 0xffffea000e310800 objects=26 used=25 fp=0xffff88038c421e78 flags=0x8000000000004080
[ 542.584587] INFO: Object 0xffff88038c421c08 @offset=7176 fp=0x0000000000000008
[ 542.584590] Bytes b4 ffff88038c421bf8: 01 00 00 00 01 00 00 00 74 97 fd ff 00 00 00 00 ........t.......
[ 542.584592] Object ffff88038c421c08: 08 00 00 00 00 00 00 00 ........
[ 542.584596] CPU: 2 PID: 4017 Comm: systemd-udevd Tainted: G B 4.4.0-rc3KASan-00005-g2255702 #5
[ 542.584597] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA3WW (2.63 ) 04/16/2015
[ 542.584601] ffff88038c420000 ffff8800ac3ff5f8 ffffffff819c3387 ffff88038e404240
[ 542.584604] ffff8800ac3ff628 ffffffff813e22f4 ffff88038e404240 ffffea000e310800
[ 542.584607] ffff88038c421c08 0000000000000000 ffff8800ac3ff650 ffffffff813e69bf
[ 542.584608] Call Trace:
[ 542.584611] [<ffffffff819c3387>] dump_stack+0x4b/0x74
[ 542.584614] [<ffffffff813e22f4>] print_trailer+0xf4/0x150
[ 542.584617] [<ffffffff813e69bf>] object_err+0x2f/0x40
[ 542.584621] [<ffffffff813e85fc>] kasan_report_error+0x21c/0x540
[ 542.584626] [<ffffffff813e895e>] __asan_report_load1_noabort+0x3e/0x40
[ 542.584630] [<ffffffffc13099cb>] ? ses_enclosure_data_process+0xe3b/0xe50 [ses]
[ 542.584635] [<ffffffffc13099cb>] ses_enclosure_data_process+0xe3b/0xe50 [ses]
[ 542.584638] [<ffffffff813e884a>] ? kasan_report_error+0x46a/0x540
[ 542.584643] [<ffffffffc1309a95>] ses_match_to_enclosure+0xb5/0x450 [ses]
[ 542.584647] [<ffffffffc13093b0>] ? ses_enclosure_data_process+0x820/0xe50 [ses]
[ 542.584652] [<ffffffffc13099e0>] ? ses_enclosure_data_process+0xe50/0xe50 [ses]
[ 542.584655] [<ffffffff81dd1a13>] ? __scsi_iterate_devices+0xf3/0x240
[ 542.584660] [<ffffffffc130a8d0>] ses_intf_add+0xaa0/0xe00 [ses]
[ 542.584664] [<ffffffff81d45183>] class_interface_register+0x213/0x350
[ 542.584668] [<ffffffff81d44f70>] ? class_dev_iter_exit+0x10/0x10
[ 542.584671] [<ffffffff819f44a0>] ? kvasprintf+0xf0/0xf0
[ 542.584674] [<ffffffffc1130000>] ? 0xffffffffc1130000
[ 542.584677] [<ffffffff81dff163>] scsi_register_interface+0x33/0x40
[ 542.584681] [<ffffffffc1130013>] ses_init+0x13/0x1000 [ses]
[ 542.584684] [<ffffffff810021ac>] do_one_initcall+0x13c/0x2f0
[ 542.584687] [<ffffffff81002070>] ? try_to_run_init_process+0x40/0x40
[ 542.584691] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
[ 542.584694] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
[ 542.584698] [<ffffffff813e7e17>] ? __asan_register_globals+0x87/0xa0
[ 542.584703] [<ffffffff813199fd>] do_init_module+0x1d9/0x5bc
[ 542.584706] [<ffffffff8124d669>] load_module+0x6029/0x9230
[ 542.584709] [<ffffffff81245430>] ? symbol_put_addr+0x50/0x50
[ 542.584715] [<ffffffff81247640>] ? module_frob_arch_sections+0x20/0x20
[ 542.584718] [<ffffffff8142de90>] ? open_exec+0x50/0x50
[ 542.584723] [<ffffffff8111b9ff>] ? ns_capable+0x4f/0xd0
[ 542.584726] [<ffffffff81250b43>] SyS_finit_module+0x103/0x130
[ 542.584728] [<ffffffff81250a40>] ? SyS_init_module+0x1d0/0x1d0
[ 542.584733] [<ffffffff824c6df6>] entry_SYSCALL_64_fastpath+0x16/0x75
[ 542.584735] Memory state around the buggy address:
[ 542.584737] ffff88038c421b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.584739] ffff88038c421b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.584741] >ffff88038c421c00: fc 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.584742] ^
[ 542.584744] ffff88038c421c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 542.584747] ffff88038c421d00: fc fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[ 542.584748] ==================================================================
[ 542.585112] ses 6:0:0:1: Attached Enclosure device
[ 542.897281] sd 6:0:0:0: [sdb] Assuming drive cache: write through
[ 542.975864] sd 6:0:0:0: [sdb] Attached SCSI disk
[-- Attachment #1.2: config.gz --]
[-- Type: application/gzip, Size: 40617 bytes --]
[-- Attachment #1.3: demidecode.txt.gz --]
[-- Type: application/gzip, Size: 4069 bytes --]
[-- Attachment #1.4: dmesg.txt.gz --]
[-- Type: application/gzip, Size: 22338 bytes --]
[-- Attachment #1.5: hdparm_sdb.txt.gz --]
[-- Type: application/gzip, Size: 1539 bytes --]
[-- Attachment #1.6: lsmod.txt.gz --]
[-- Type: application/gzip, Size: 1436 bytes --]
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 949 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50
2015-12-01 20:20 BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50 Andrea Gelmini
@ 2015-12-02 22:58 ` James Bottomley
2015-12-03 20:36 ` Andrea Gelmini
0 siblings, 1 reply; 14+ messages in thread
From: James Bottomley @ 2015-12-02 22:58 UTC (permalink / raw)
To: Andrea Gelmini; +Cc: linux-kernel, linux-scsi
[-- Attachment #1: Type: text/plain, Size: 24404 bytes --]
On Tue, 2015-12-01 at 21:20 +0100, Andrea Gelmini wrote:
> Hi everybody,
> and thanks a lot for your work.
>
> As soon as I plugged an external WD USB hard drive (details in the attached file)
> into USB3 port, I've got this (much more info in the attached files).
> Using commit 2255702db4014d1c69d6037ed7bdad2d2e271985
>
> Thanks again,
> Andrea
>
> [ 542.582204] ==================================================================
> [ 542.582220] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50 [ses] at addr ffff88038c421c12
> [ 542.582223] Read of size 1 by task systemd-udevd/4017
> [ 542.582225] =============================================================================
> [ 542.582227] BUG kmalloc-8 (Not tainted): kasan: bad access detected
> [ 542.582228] -----------------------------------------------------------------------------
>
> [ 542.582229] Disabling lock debugging due to kernel taint
> [ 542.582236] INFO: Allocated in ses_enclosure_data_process+0x1e6/0xe50 [ses] age=1 cpu=2 pid=4017
> [ 542.582243] ___slab_alloc.constprop.27+0x379/0x3a0
> [ 542.582246] __slab_alloc.isra.24.constprop.26+0x26/0x40
> [ 542.582249] __kmalloc+0x19b/0x1e0
> [ 542.582253] ses_enclosure_data_process+0x1e6/0xe50 [ses]
> [ 542.582256] ses_intf_add+0x9d6/0xe00 [ses]
> [ 542.582261] class_interface_register+0x213/0x350
> [ 542.582264] scsi_register_interface+0x33/0x40
> [ 542.582268] ses_init+0x13/0x1000 [ses]
> [ 542.582272] do_one_initcall+0x13c/0x2f0
> [ 542.582277] do_init_module+0x1d9/0x5bc
> [ 542.582280] load_module+0x6029/0x9230
> [ 542.582283] SyS_finit_module+0x103/0x130
> [ 542.582288] entry_SYSCALL_64_fastpath+0x16/0x75
> [ 542.582293] INFO: Freed in sg_clean+0x12e/0x200 age=1 cpu=3 pid=4009
> [ 542.582296] __slab_free+0x292/0x3d0
> [ 542.582298] kfree+0x108/0x120
> [ 542.582300] sg_clean+0x12e/0x200
> [ 542.582302] usb_sg_wait+0x2ad/0x3d0
> [ 542.582307] usb_stor_bulk_transfer_sglist.part.3+0xc4/0x200 [usb_storage]
> [ 542.582311] usb_stor_bulk_srb+0x184/0x280 [usb_storage]
> [ 542.582315] usb_stor_Bulk_transport+0x53e/0xf80 [usb_storage]
> [ 542.582319] usb_stor_invoke_transport+0xf2/0x1430 [usb_storage]
> [ 542.582323] usb_stor_transparent_scsi_command+0x9/0x10 [usb_storage]
> [ 542.582327] usb_stor_control_thread+0x530/0xac0 [usb_storage]
> [ 542.582332] kthread+0x1c0/0x260
> [ 542.582335] ret_from_fork+0x3f/0x70
> [ 542.582339] INFO: Slab 0xffffea000e310800 objects=26 used=25 fp=0xffff88038c421e78 flags=0x8000000000004080
> [ 542.582341] INFO: Object 0xffff88038c421c08 @offset=7176 fp=0x0000000000000008
>
> [ 542.582345] Bytes b4 ffff88038c421bf8: 01 00 00 00 01 00 00 00 74 97 fd ff 00 00 00 00 ........t.......
> [ 542.582348] Object ffff88038c421c08: 08 00 00 00 00 00 00 00 ........
> [ 542.582354] CPU: 2 PID: 4017 Comm: systemd-udevd Tainted: G B 4.4.0-rc3KASan-00005-g2255702 #5
> [ 542.582356] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA3WW (2.63 ) 04/16/2015
> [ 542.582361] ffff88038c420000 ffff8800ac3ff6c0 ffffffff819c3387 ffff88038e404240
> [ 542.582365] ffff8800ac3ff6f0 ffffffff813e22f4 ffff88038e404240 ffffea000e310800
> [ 542.582368] ffff88038c421c08 0000000000000000 ffff8800ac3ff718 ffffffff813e69bf
> [ 542.582369] Call Trace:
> [ 542.582375] [<ffffffff819c3387>] dump_stack+0x4b/0x74
> [ 542.582378] [<ffffffff813e22f4>] print_trailer+0xf4/0x150
> [ 542.582382] [<ffffffff813e69bf>] object_err+0x2f/0x40
> [ 542.582387] [<ffffffff813e85fc>] kasan_report_error+0x21c/0x540
> [ 542.582392] [<ffffffffc130842c>] ? ses_recv_diag+0xac/0xe0 [ses]
> [ 542.582397] [<ffffffff813e895e>] __asan_report_load1_noabort+0x3e/0x40
> [ 542.582401] [<ffffffffc1309490>] ? ses_enclosure_data_process+0x900/0xe50 [ses]
> [ 542.582406] [<ffffffffc1309490>] ses_enclosure_data_process+0x900/0xe50 [ses]
> [ 542.582412] [<ffffffff81d5d454>] ? pm_runtime_init+0x364/0x410
> [ 542.582417] [<ffffffffc130a806>] ses_intf_add+0x9d6/0xe00 [ses]
> [ 542.582421] [<ffffffff81d45183>] class_interface_register+0x213/0x350
> [ 542.582425] [<ffffffff81d44f70>] ? class_dev_iter_exit+0x10/0x10
> [ 542.582429] [<ffffffff819f44a0>] ? kvasprintf+0xf0/0xf0
> [ 542.582432] [<ffffffffc1130000>] ? 0xffffffffc1130000
> [ 542.582435] [<ffffffff81dff163>] scsi_register_interface+0x33/0x40
> [ 542.582439] [<ffffffffc1130013>] ses_init+0x13/0x1000 [ses]
> [ 542.582443] [<ffffffff810021ac>] do_one_initcall+0x13c/0x2f0
> [ 542.582446] [<ffffffff81002070>] ? try_to_run_init_process+0x40/0x40
> [ 542.582450] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [ 542.582454] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [ 542.582458] [<ffffffff813e7e17>] ? __asan_register_globals+0x87/0xa0
> [ 542.582463] [<ffffffff813199fd>] do_init_module+0x1d9/0x5bc
> [ 542.582466] [<ffffffff8124d669>] load_module+0x6029/0x9230
> [ 542.582469] [<ffffffff81245430>] ? symbol_put_addr+0x50/0x50
> [ 542.582475] [<ffffffff81247640>] ? module_frob_arch_sections+0x20/0x20
> [ 542.582479] [<ffffffff8142de90>] ? open_exec+0x50/0x50
> [ 542.582486] [<ffffffff8111b9ff>] ? ns_capable+0x4f/0xd0
> [ 542.582489] [<ffffffff81250b43>] SyS_finit_module+0x103/0x130
> [ 542.582492] [<ffffffff81250a40>] ? SyS_init_module+0x1d0/0x1d0
> [ 542.582497] [<ffffffff824c6df6>] entry_SYSCALL_64_fastpath+0x16/0x75
> [ 542.582498] Memory state around the buggy address:
> [ 542.582501] ffff88038c421b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.582503] ffff88038c421b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.582506] >ffff88038c421c00: fc 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.582507] ^
> [ 542.582509] ffff88038c421c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.582512] ffff88038c421d00: fc fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
> [ 542.582513] ==================================================================
> [ 542.582514] ==================================================================
> [ 542.582519] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0xe3b/0xe50 [ses] at addr ffff88038c421c13
> [ 542.582521] Read of size 1 by task systemd-udevd/4017
> [ 542.582521] Read of size 1 by task systemd-udevd/4017
> [ 542.582522] =============================================================================
> [ 542.582524] BUG kmalloc-8 (Tainted: G B ): kasan: bad access detected
> [ 542.582525] -----------------------------------------------------------------------------
>
> [ 542.582530] INFO: Allocated in ses_enclosure_data_process+0x1e6/0xe50 [ses] age=1 cpu=2 pid=4017
> [ 542.582533] ___slab_alloc.constprop.27+0x379/0x3a0
> [ 542.582536] __slab_alloc.isra.24.constprop.26+0x26/0x40
> [ 542.582539] __kmalloc+0x19b/0x1e0
> [ 542.582542] ses_enclosure_data_process+0x1e6/0xe50 [ses]
> [ 542.582546] ses_intf_add+0x9d6/0xe00 [ses]
> [ 542.582549] class_interface_register+0x213/0x350
> [ 542.582551] scsi_register_interface+0x33/0x40
> [ 542.582555] ses_init+0x13/0x1000 [ses]
> [ 542.582557] do_one_initcall+0x13c/0x2f0
> [ 542.582560] do_init_module+0x1d9/0x5bc
> [ 542.582562] load_module+0x6029/0x9230
> [ 542.582564] SyS_finit_module+0x103/0x130
> [ 542.582568] entry_SYSCALL_64_fastpath+0x16/0x75
> [ 542.582571] INFO: Freed in sg_clean+0x12e/0x200 age=1 cpu=3 pid=4009
> [ 542.582574] __slab_free+0x292/0x3d0
> [ 542.582577] kfree+0x108/0x120
> [ 542.582578] sg_clean+0x12e/0x200
> [ 542.582580] usb_sg_wait+0x2ad/0x3d0
> [ 542.582585] usb_stor_bulk_transfer_sglist.part.3+0xc4/0x200 [usb_storage]
> [ 542.582588] usb_stor_bulk_srb+0x184/0x280 [usb_storage]
> [ 542.582592] usb_stor_Bulk_transport+0x53e/0xf80 [usb_storage]
> [ 542.582596] usb_stor_invoke_transport+0xf2/0x1430 [usb_storage]
> [ 542.582599] usb_stor_transparent_scsi_command+0x9/0x10 [usb_storage]
> [ 542.582603] usb_stor_control_thread+0x530/0xac0 [usb_storage]
> [ 542.582606] kthread+0x1c0/0x260
> [ 542.582610] ret_from_fork+0x3f/0x70
> [ 542.582612] INFO: Slab 0xffffea000e310800 objects=26 used=25 fp=0xffff88038c421e78 flags=0x8000000000004080
> [ 542.582614] INFO: Object 0xffff88038c421c08 @offset=7176 fp=0x0000000000000008
>
> [ 542.582617] Bytes b4 ffff88038c421bf8: 01 00 00 00 01 00 00 00 74 97 fd ff 00 00 00 00 ........t.......
> [ 542.582620] Object ffff88038c421c08: 08 00 00 00 00 00 00 00 ........
> [ 542.582623] CPU: 2 PID: 4017 Comm: systemd-udevd Tainted: G B 4.4.0-rc3KASan-00005-g2255702 #5
> [ 542.582625] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA3WW (2.63 ) 04/16/2015
> [ 542.582628] ffff88038c420000 ffff8800ac3ff6c0 ffffffff819c3387 ffff88038e404240
> [ 542.582632] ffff8800ac3ff6f0 ffffffff813e22f4 ffff88038e404240 ffffea000e310800
> [ 542.582635] ffff88038c421c08 0000000000000000 ffff8800ac3ff718 ffffffff813e69bf
> [ 542.582636] Call Trace:
> [ 542.582639] [<ffffffff819c3387>] dump_stack+0x4b/0x74
> [ 542.582642] [<ffffffff813e22f4>] print_trailer+0xf4/0x150
> [ 542.582645] [<ffffffff813e69bf>] object_err+0x2f/0x40
> [ 542.582649] [<ffffffff813e85fc>] kasan_report_error+0x21c/0x540
> [ 542.582654] [<ffffffff813e895e>] __asan_report_load1_noabort+0x3e/0x40
> [ 542.582659] [<ffffffffc13099cb>] ? ses_enclosure_data_process+0xe3b/0xe50 [ses]
> [ 542.582663] [<ffffffffc13099cb>] ses_enclosure_data_process+0xe3b/0xe50 [ses]
> [ 542.582667] [<ffffffff81d5d454>] ? pm_runtime_init+0x364/0x410
> [ 542.582672] [<ffffffffc130a806>] ses_intf_add+0x9d6/0xe00 [ses]
> [ 542.582676] [<ffffffff81d45183>] class_interface_register+0x213/0x350
> [ 542.582680] [<ffffffff81d44f70>] ? class_dev_iter_exit+0x10/0x10
> [ 542.582683] [<ffffffff819f44a0>] ? kvasprintf+0xf0/0xf0
> [ 542.582686] [<ffffffffc1130000>] ? 0xffffffffc1130000
> [ 542.582689] [<ffffffff81dff163>] scsi_register_interface+0x33/0x40
> [ 542.582693] [<ffffffffc1130013>] ses_init+0x13/0x1000 [ses]
> [ 542.582696] [<ffffffff810021ac>] do_one_initcall+0x13c/0x2f0
> [ 542.582699] [<ffffffff81002070>] ? try_to_run_init_process+0x40/0x40
> [ 542.582703] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [ 542.582707] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [ 542.582711] [<ffffffff813e7e17>] ? __asan_register_globals+0x87/0xa0
> [ 542.582715] [<ffffffff813199fd>] do_init_module+0x1d9/0x5bc
> [ 542.582718] [<ffffffff8124d669>] load_module+0x6029/0x9230
> [ 542.582721] [<ffffffff81245430>] ? symbol_put_addr+0x50/0x50
> [ 542.582727] [<ffffffff81247640>] ? module_frob_arch_sections+0x20/0x20
> [ 542.582730] [<ffffffff8142de90>] ? open_exec+0x50/0x50
> [ 542.582735] [<ffffffff8111b9ff>] ? ns_capable+0x4f/0xd0
> [ 542.582738] [<ffffffff81250b43>] SyS_finit_module+0x103/0x130
> [ 542.582741] [<ffffffff81250a40>] ? SyS_init_module+0x1d0/0x1d0
> [ 542.582746] [<ffffffff824c6df6>] entry_SYSCALL_64_fastpath+0x16/0x75
> [ 542.582747] Memory state around the buggy address:
> [ 542.582750] ffff88038c421b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.582752] ffff88038c421b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.582754] >ffff88038c421c00: fc 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.582755] ^
> [ 542.582757] ffff88038c421c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.582759] ffff88038c421d00: fc fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
> [ 542.582760] ==================================================================
> [ 542.584193] ==================================================================
> [ 542.584206] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50 [ses] at addr ffff88038c421c12
> [ 542.584209] Read of size 1 by task systemd-udevd/4017
> [ 542.584210] =============================================================================
> [ 542.584212] BUG kmalloc-8 (Tainted: G B ): kasan: bad access detected
> [ 542.584213] -----------------------------------------------------------------------------
>
> [ 542.584219] INFO: Allocated in ses_enclosure_data_process+0x1e6/0xe50 [ses] age=1 cpu=2 pid=4017
> [ 542.584223] ___slab_alloc.constprop.27+0x379/0x3a0
> [ 542.584226] __slab_alloc.isra.24.constprop.26+0x26/0x40
> [ 542.584229] __kmalloc+0x19b/0x1e0
> [ 542.584232] ses_enclosure_data_process+0x1e6/0xe50 [ses]
> [ 542.584236] ses_match_to_enclosure+0xb5/0x450 [ses]
> [ 542.584239] ses_intf_add+0xaa0/0xe00 [ses]
> [ 542.584243] class_interface_register+0x213/0x350
> [ 542.584245] scsi_register_interface+0x33/0x40
> [ 542.584249] ses_init+0x13/0x1000 [ses]
> [ 542.584252] do_one_initcall+0x13c/0x2f0
> [ 542.584255] do_init_module+0x1d9/0x5bc
> [ 542.584258] load_module+0x6029/0x9230
> [ 542.584260] SyS_finit_module+0x103/0x130
> [ 542.584264] entry_SYSCALL_64_fastpath+0x16/0x75
> [ 542.584267] INFO: Freed in sg_clean+0x12e/0x200 age=1 cpu=3 pid=4009
> [ 542.584270] __slab_free+0x292/0x3d0
> [ 542.584273] kfree+0x108/0x120
> [ 542.584275] sg_clean+0x12e/0x200
> [ 542.584277] usb_sg_wait+0x2ad/0x3d0
> [ 542.584281] usb_stor_bulk_transfer_sglist.part.3+0xc4/0x200 [usb_storage]
> [ 542.584285] usb_stor_bulk_srb+0x184/0x280 [usb_storage]
> [ 542.584288] usb_stor_Bulk_transport+0x53e/0xf80 [usb_storage]
> [ 542.584292] usb_stor_invoke_transport+0xf2/0x1430 [usb_storage]
> [ 542.584296] usb_stor_transparent_scsi_command+0x9/0x10 [usb_storage]
> [ 542.584300] usb_stor_control_thread+0x530/0xac0 [usb_storage]
> [ 542.584303] kthread+0x1c0/0x260
> [ 542.584307] ret_from_fork+0x3f/0x70
> [ 542.584310] INFO: Slab 0xffffea000e310800 objects=26 used=25 fp=0xffff88038c421e78 flags=0x8000000000004080
> [ 542.584311] INFO: Object 0xffff88038c421c08 @offset=7176 fp=0x0000000000000008
>
> [ 542.584315] Bytes b4 ffff88038c421bf8: 01 00 00 00 01 00 00 00 74 97 fd ff 00 00 00 00 ........t.......
> [ 542.584317] Object ffff88038c421c08: 08 00 00 00 00 00 00 00 ........
> [ 542.584321] CPU: 2 PID: 4017 Comm: systemd-udevd Tainted: G B 4.4.0-rc3KASan-00005-g2255702 #5
> [ 542.584323] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA3WW (2.63 ) 04/16/2015
> [ 542.584327] ffff88038c420000 ffff8800ac3ff5f8 ffffffff819c3387 ffff88038e404240
> [ 542.584331] ffff8800ac3ff628 ffffffff813e22f4 ffff88038e404240 ffffea000e310800
> [ 542.584334] ffff88038c421c08 0000000000000000 ffff8800ac3ff650 ffffffff813e69bf
> [ 542.584335] Call Trace:
> [ 542.584338] [<ffffffff819c3387>] dump_stack+0x4b/0x74
> [ 542.584342] [<ffffffff813e22f4>] print_trailer+0xf4/0x150
> [ 542.584345] [<ffffffff813e69bf>] object_err+0x2f/0x40
> [ 542.584349] [<ffffffff813e85fc>] kasan_report_error+0x21c/0x540
> [ 542.584354] [<ffffffffc130842c>] ? ses_recv_diag+0xac/0xe0 [ses]
> [ 542.584358] [<ffffffff813e895e>] __asan_report_load1_noabort+0x3e/0x40
> [ 542.584363] [<ffffffffc1309490>] ? ses_enclosure_data_process+0x900/0xe50 [ses]
> [ 542.584367] [<ffffffffc1309490>] ses_enclosure_data_process+0x900/0xe50 [ses]
> [ 542.584371] [<ffffffff813e884a>] ? kasan_report_error+0x46a/0x540
> [ 542.584376] [<ffffffffc1309a95>] ses_match_to_enclosure+0xb5/0x450 [ses]
> [ 542.584380] [<ffffffffc13093b0>] ? ses_enclosure_data_process+0x820/0xe50 [ses]
> [ 542.584385] [<ffffffffc13099e0>] ? ses_enclosure_data_process+0xe50/0xe50 [ses]
> [ 542.584389] [<ffffffff81dd1a13>] ? __scsi_iterate_devices+0xf3/0x240
> [ 542.584394] [<ffffffffc130a8d0>] ses_intf_add+0xaa0/0xe00 [ses]
> [ 542.584398] [<ffffffff81d45183>] class_interface_register+0x213/0x350
> [ 542.584402] [<ffffffff81d44f70>] ? class_dev_iter_exit+0x10/0x10
> [ 542.584405] [<ffffffff819f44a0>] ? kvasprintf+0xf0/0xf0
> [ 542.584408] [<ffffffffc1130000>] ? 0xffffffffc1130000
> [ 542.584411] [<ffffffff81dff163>] scsi_register_interface+0x33/0x40
> [ 542.584415] [<ffffffffc1130013>] ses_init+0x13/0x1000 [ses]
> [ 542.584418] [<ffffffff810021ac>] do_one_initcall+0x13c/0x2f0
> [ 542.584421] [<ffffffff81002070>] ? try_to_run_init_process+0x40/0x40
> [ 542.584425] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [ 542.584429] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [ 542.584433] [<ffffffff813e7e17>] ? __asan_register_globals+0x87/0xa0
> [ 542.584438] [<ffffffff813199fd>] do_init_module+0x1d9/0x5bc
> [ 542.584441] [<ffffffff8124d669>] load_module+0x6029/0x9230
> [ 542.584444] [<ffffffff81245430>] ? symbol_put_addr+0x50/0x50
> [ 542.584450] [<ffffffff81247640>] ? module_frob_arch_sections+0x20/0x20
> [ 542.584453] [<ffffffff8142de90>] ? open_exec+0x50/0x50
> [ 542.584458] [<ffffffff8111b9ff>] ? ns_capable+0x4f/0xd0
> [ 542.584461] [<ffffffff81250b43>] SyS_finit_module+0x103/0x130
> [ 542.584464] [<ffffffff81250a40>] ? SyS_init_module+0x1d0/0x1d0
> [ 542.584469] [<ffffffff824c6df6>] entry_SYSCALL_64_fastpath+0x16/0x75
> [ 542.584470] Memory state around the buggy address:
> [ 542.584473] ffff88038c421b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.584475] ffff88038c421b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.584478] >ffff88038c421c00: fc 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.584479] ^
> [ 542.584481] ffff88038c421c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.584483] ffff88038c421d00: fc fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
> [ 542.584484] ==================================================================
> [ 542.584485] ==================================================================
> [ 542.584490] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0xe3b/0xe50 [ses] at addr ffff88038c421c13
> [ 542.584492] Read of size 1 by task systemd-udevd/4017
> [ 542.584493] =============================================================================
> [ 542.584495] BUG kmalloc-8 (Tainted: G B ): kasan: bad access detected
> [ 542.584496] -----------------------------------------------------------------------------
>
> [ 542.584501] INFO: Allocated in ses_enclosure_data_process+0x1e6/0xe50 [ses] age=1 cpu=2 pid=4017
> [ 542.584504] ___slab_alloc.constprop.27+0x379/0x3a0
> [ 542.584507] __slab_alloc.isra.24.constprop.26+0x26/0x40
> [ 542.584510] __kmalloc+0x19b/0x1e0
> [ 542.584513] ses_enclosure_data_process+0x1e6/0xe50 [ses]
> [ 542.584517] ses_match_to_enclosure+0xb5/0x450 [ses]
> [ 542.584520] ses_intf_add+0xaa0/0xe00 [ses]
> [ 542.584523] class_interface_register+0x213/0x350
> [ 542.584525] scsi_register_interface+0x33/0x40
> [ 542.584529] ses_init+0x13/0x1000 [ses]
> [ 542.584531] do_one_initcall+0x13c/0x2f0
> [ 542.584534] do_init_module+0x1d9/0x5bc
> [ 542.584536] load_module+0x6029/0x9230
> [ 542.584538] SyS_finit_module+0x103/0x130
> [ 542.584542] entry_SYSCALL_64_fastpath+0x16/0x75
> [ 542.584545] INFO: Freed in sg_clean+0x12e/0x200 age=1 cpu=3 pid=4009
> [ 542.584548] __slab_free+0x292/0x3d0
> [ 542.584550] kfree+0x108/0x120
> [ 542.584552] sg_clean+0x12e/0x200
> [ 542.584554] usb_sg_wait+0x2ad/0x3d0
> [ 542.584558] usb_stor_bulk_transfer_sglist.part.3+0xc4/0x200 [usb_storage]
> [ 542.584562] usb_stor_bulk_srb+0x184/0x280 [usb_storage]
> [ 542.584565] usb_stor_Bulk_transport+0x53e/0xf80 [usb_storage]
> [ 542.584569] usb_stor_invoke_transport+0xf2/0x1430 [usb_storage]
> [ 542.584573] usb_stor_transparent_scsi_command+0x9/0x10 [usb_storage]
> [ 542.584577] usb_stor_control_thread+0x530/0xac0 [usb_storage]
> [ 542.584580] kthread+0x1c0/0x260
> [ 542.584583] ret_from_fork+0x3f/0x70
> [ 542.584585] INFO: Slab 0xffffea000e310800 objects=26 used=25 fp=0xffff88038c421e78 flags=0x8000000000004080
> [ 542.584587] INFO: Object 0xffff88038c421c08 @offset=7176 fp=0x0000000000000008
>
> [ 542.584590] Bytes b4 ffff88038c421bf8: 01 00 00 00 01 00 00 00 74 97 fd ff 00 00 00 00 ........t.......
> [ 542.584592] Object ffff88038c421c08: 08 00 00 00 00 00 00 00 ........
> [ 542.584596] CPU: 2 PID: 4017 Comm: systemd-udevd Tainted: G B 4.4.0-rc3KASan-00005-g2255702 #5
> [ 542.584597] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA3WW (2.63 ) 04/16/2015
> [ 542.584601] ffff88038c420000 ffff8800ac3ff5f8 ffffffff819c3387 ffff88038e404240
> [ 542.584604] ffff8800ac3ff628 ffffffff813e22f4 ffff88038e404240 ffffea000e310800
> [ 542.584607] ffff88038c421c08 0000000000000000 ffff8800ac3ff650 ffffffff813e69bf
> [ 542.584608] Call Trace:
> [ 542.584611] [<ffffffff819c3387>] dump_stack+0x4b/0x74
> [ 542.584614] [<ffffffff813e22f4>] print_trailer+0xf4/0x150
> [ 542.584617] [<ffffffff813e69bf>] object_err+0x2f/0x40
> [ 542.584621] [<ffffffff813e85fc>] kasan_report_error+0x21c/0x540
> [ 542.584626] [<ffffffff813e895e>] __asan_report_load1_noabort+0x3e/0x40
> [ 542.584630] [<ffffffffc13099cb>] ? ses_enclosure_data_process+0xe3b/0xe50 [ses]
> [ 542.584635] [<ffffffffc13099cb>] ses_enclosure_data_process+0xe3b/0xe50 [ses]
> [ 542.584638] [<ffffffff813e884a>] ? kasan_report_error+0x46a/0x540
> [ 542.584643] [<ffffffffc1309a95>] ses_match_to_enclosure+0xb5/0x450 [ses]
> [ 542.584647] [<ffffffffc13093b0>] ? ses_enclosure_data_process+0x820/0xe50 [ses]
> [ 542.584652] [<ffffffffc13099e0>] ? ses_enclosure_data_process+0xe50/0xe50 [ses]
> [ 542.584655] [<ffffffff81dd1a13>] ? __scsi_iterate_devices+0xf3/0x240
> [ 542.584660] [<ffffffffc130a8d0>] ses_intf_add+0xaa0/0xe00 [ses]
> [ 542.584664] [<ffffffff81d45183>] class_interface_register+0x213/0x350
> [ 542.584668] [<ffffffff81d44f70>] ? class_dev_iter_exit+0x10/0x10
> [ 542.584671] [<ffffffff819f44a0>] ? kvasprintf+0xf0/0xf0
> [ 542.584674] [<ffffffffc1130000>] ? 0xffffffffc1130000
> [ 542.584677] [<ffffffff81dff163>] scsi_register_interface+0x33/0x40
> [ 542.584681] [<ffffffffc1130013>] ses_init+0x13/0x1000 [ses]
> [ 542.584684] [<ffffffff810021ac>] do_one_initcall+0x13c/0x2f0
> [ 542.584687] [<ffffffff81002070>] ? try_to_run_init_process+0x40/0x40
> [ 542.584691] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [ 542.584694] [<ffffffff813e7d06>] ? kasan_unpoison_shadow+0x36/0x50
> [ 542.584698] [<ffffffff813e7e17>] ? __asan_register_globals+0x87/0xa0
> [ 542.584703] [<ffffffff813199fd>] do_init_module+0x1d9/0x5bc
> [ 542.584706] [<ffffffff8124d669>] load_module+0x6029/0x9230
> [ 542.584709] [<ffffffff81245430>] ? symbol_put_addr+0x50/0x50
> [ 542.584715] [<ffffffff81247640>] ? module_frob_arch_sections+0x20/0x20
> [ 542.584718] [<ffffffff8142de90>] ? open_exec+0x50/0x50
> [ 542.584723] [<ffffffff8111b9ff>] ? ns_capable+0x4f/0xd0
> [ 542.584726] [<ffffffff81250b43>] SyS_finit_module+0x103/0x130
> [ 542.584728] [<ffffffff81250a40>] ? SyS_init_module+0x1d0/0x1d0
> [ 542.584733] [<ffffffff824c6df6>] entry_SYSCALL_64_fastpath+0x16/0x75
> [ 542.584735] Memory state around the buggy address:
> [ 542.584737] ffff88038c421b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.584739] ffff88038c421b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.584741] >ffff88038c421c00: fc 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.584742] ^
> [ 542.584744] ffff88038c421c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 542.584747] ffff88038c421d00: fc fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
> [ 542.584748] ==================================================================
> [ 542.585112] ses 6:0:0:1: Attached Enclosure device
> [ 542.897281] sd 6:0:0:0: [sdb] Assuming drive cache: write through
> [ 542.975864] sd 6:0:0:0: [sdb] Attached SCSI disk
OK, this looks like some type of problem with a USB enclosure. It's
probably misreporting something in the mode pages. can you run sg_ses
on whatever /dev/sg<n> the enclosure turns up as?
Thanks,
James
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50
2015-12-02 22:58 ` James Bottomley
@ 2015-12-03 20:36 ` Andrea Gelmini
2015-12-03 20:59 ` James Bottomley
0 siblings, 1 reply; 14+ messages in thread
From: Andrea Gelmini @ 2015-12-03 20:36 UTC (permalink / raw)
To: James Bottomley; +Cc: linux-kernel, linux-scsi
[-- Attachment #1.1: Type: text/plain, Size: 784 bytes --]
On Wed, Dec 02, 2015 at 02:58:21PM -0800, James Bottomley wrote:
> On Tue, 2015-12-01 at 21:20 +0100, Andrea Gelmini wrote:
> OK, this looks like some type of problem with a USB enclosure. It's
> probably misreporting something in the mode pages. can you run sg_ses
> on whatever /dev/sg<n> the enclosure turns up as?
root@glen:/tmp/report# cat sg_ses_usb_hd.txt
WD My Passport 0820 1007
disk device (not an enclosure)
Supported diagnostic pages:
Supported Diagnostic Pages [sdp] [0x0]
Short Enclosure Status (SES) [ses] [0x8]
<unknown> [0x80]
<unknown> [0x83]
<unknown> [0x84]
<unknown> [0x85]
By the way, same issue with kernel 4.3 (6a13feb9c82803e2b815eca72fa7a9f5561d7861).
Attached the dmesg output.
Thanks a lot,
Andrea
[-- Attachment #1.2: dmesg.txt.gz --]
[-- Type: application/gzip, Size: 2991 bytes --]
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 949 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50
2015-12-03 20:36 ` Andrea Gelmini
@ 2015-12-03 20:59 ` James Bottomley
2015-12-03 21:11 ` Douglas Gilbert
2015-12-03 22:20 ` Andrea Gelmini
0 siblings, 2 replies; 14+ messages in thread
From: James Bottomley @ 2015-12-03 20:59 UTC (permalink / raw)
To: Andrea Gelmini; +Cc: linux-kernel, linux-scsi
[-- Attachment #1: Type: text/plain, Size: 1047 bytes --]
On Thu, 2015-12-03 at 21:36 +0100, Andrea Gelmini wrote:
> On Wed, Dec 02, 2015 at 02:58:21PM -0800, James Bottomley wrote:
> > On Tue, 2015-12-01 at 21:20 +0100, Andrea Gelmini wrote:
> > OK, this looks like some type of problem with a USB enclosure. It's
> > probably misreporting something in the mode pages. can you run sg_ses
> > on whatever /dev/sg<n> the enclosure turns up as?
>
>
> root@glen:/tmp/report# cat sg_ses_usb_hd.txt
> WD My Passport 0820 1007
> disk device (not an enclosure)
> Supported diagnostic pages:
> Supported Diagnostic Pages [sdp] [0x0]
> Short Enclosure Status (SES) [ses] [0x8]
> <unknown> [0x80]
> <unknown> [0x83]
> <unknown> [0x84]
> <unknown> [0x85]
Actually, I'm afraid that's the wrong device; it's the disk not the
enclosure (that's why sg_ses says not an enclosure)
If you do
sg_map -i
in your system, you should see something with an inquiry string like
enclosure. It's the /dev/sg<n> of that you need to run sg_ses on.
Thanks,
James
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50
2015-12-03 20:59 ` James Bottomley
@ 2015-12-03 21:11 ` Douglas Gilbert
2015-12-03 21:20 ` James Bottomley
2015-12-03 22:20 ` Andrea Gelmini
1 sibling, 1 reply; 14+ messages in thread
From: Douglas Gilbert @ 2015-12-03 21:11 UTC (permalink / raw)
To: James Bottomley, Andrea Gelmini; +Cc: linux-kernel, linux-scsi
On 15-12-03 03:59 PM, James Bottomley wrote:
> On Thu, 2015-12-03 at 21:36 +0100, Andrea Gelmini wrote:
>> On Wed, Dec 02, 2015 at 02:58:21PM -0800, James Bottomley wrote:
>>> On Tue, 2015-12-01 at 21:20 +0100, Andrea Gelmini wrote:
>>> OK, this looks like some type of problem with a USB enclosure. It's
>>> probably misreporting something in the mode pages. can you run sg_ses
>>> on whatever /dev/sg<n> the enclosure turns up as?
>>
>>
>> root@glen:/tmp/report# cat sg_ses_usb_hd.txt
>> WD My Passport 0820 1007
>> disk device (not an enclosure)
>> Supported diagnostic pages:
>> Supported Diagnostic Pages [sdp] [0x0]
>> Short Enclosure Status (SES) [ses] [0x8]
>> <unknown> [0x80]
>> <unknown> [0x83]
>> <unknown> [0x84]
>> <unknown> [0x85]
>
> Actually, I'm afraid that's the wrong device; it's the disk not the
> enclosure (that's why sg_ses says not an enclosure)
>
> If you do
>
> sg_map -i
>
> in your system, you should see something with an inquiry string like
> enclosure. It's the /dev/sg<n> of that you need to run sg_ses on.
Or use lsscsi like this and look for lines with 'enclosu' in
its output:
# lsscsi -gs
[3:0:0:0] disk ATA ST3160812AS D /dev/sda /dev/sg0 160GB
[6:0:0:0] disk SEAGATE ST200FM0073 0007 /dev/sdb /dev/sg1 200GB
[6:0:1:0] enclosu Areca ARC-802801.13.1D 0113 - /dev/sg2 -
Then:
# sg_ses /dev/sg2
Areca ARC-802801.13.1D 0113
Supported diagnostic pages:
Supported Diagnostic Pages [sdp] [0x0]
Configuration (SES) [cf] [0x1]
Enclosure Status/Control (SES) [ec,es] [0x2]
String In/Out (SES) [str] [0x4]
Threshold In/Out (SES) [th] [0x5]
Element Descriptor (SES) [ed] [0x7]
Additional Element Status (SES-2) [aes] [0xa]
Supported SES Diagnostic Pages (SES-2) [ssp] [0xd]
Download Microcode (SES-2) [dm] [0xe]
Subenclosure Nickname (SES-2) [snic] [0xf]
Protocol Specific (SAS transport) [] [0x3f]
Doug Gilbert
Doug Gilbert
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50
2015-12-03 21:11 ` Douglas Gilbert
@ 2015-12-03 21:20 ` James Bottomley
0 siblings, 0 replies; 14+ messages in thread
From: James Bottomley @ 2015-12-03 21:20 UTC (permalink / raw)
To: dgilbert; +Cc: Andrea Gelmini, linux-kernel, linux-scsi
On Thu, 2015-12-03 at 16:11 -0500, Douglas Gilbert wrote:
> On 15-12-03 03:59 PM, James Bottomley wrote:
> > On Thu, 2015-12-03 at 21:36 +0100, Andrea Gelmini wrote:
> >> On Wed, Dec 02, 2015 at 02:58:21PM -0800, James Bottomley wrote:
> >>> On Tue, 2015-12-01 at 21:20 +0100, Andrea Gelmini wrote:
> >>> OK, this looks like some type of problem with a USB enclosure. It's
> >>> probably misreporting something in the mode pages. can you run sg_ses
> >>> on whatever /dev/sg<n> the enclosure turns up as?
> >>
> >>
> >> root@glen:/tmp/report# cat sg_ses_usb_hd.txt
> >> WD My Passport 0820 1007
> >> disk device (not an enclosure)
> >> Supported diagnostic pages:
> >> Supported Diagnostic Pages [sdp] [0x0]
> >> Short Enclosure Status (SES) [ses] [0x8]
> >> <unknown> [0x80]
> >> <unknown> [0x83]
> >> <unknown> [0x84]
> >> <unknown> [0x85]
> >
> > Actually, I'm afraid that's the wrong device; it's the disk not the
> > enclosure (that's why sg_ses says not an enclosure)
> >
> > If you do
> >
> > sg_map -i
> >
> > in your system, you should see something with an inquiry string like
> > enclosure. It's the /dev/sg<n> of that you need to run sg_ses on.
>
> Or use lsscsi like this and look for lines with 'enclosu' in
> its output:
> # lsscsi -gs
> [3:0:0:0] disk ATA ST3160812AS D /dev/sda /dev/sg0 160GB
> [6:0:0:0] disk SEAGATE ST200FM0073 0007 /dev/sdb /dev/sg1 200GB
> [6:0:1:0] enclosu Areca ARC-802801.13.1D 0113 - /dev/sg2 -
>
> Then:
> # sg_ses /dev/sg2
> Areca ARC-802801.13.1D 0113
> Supported diagnostic pages:
> Supported Diagnostic Pages [sdp] [0x0]
> Configuration (SES) [cf] [0x1]
> Enclosure Status/Control (SES) [ec,es] [0x2]
> String In/Out (SES) [str] [0x4]
> Threshold In/Out (SES) [th] [0x5]
> Element Descriptor (SES) [ed] [0x7]
> Additional Element Status (SES-2) [aes] [0xa]
> Supported SES Diagnostic Pages (SES-2) [ssp] [0xd]
> Download Microcode (SES-2) [dm] [0xe]
> Subenclosure Nickname (SES-2) [snic] [0xf]
> Protocol Specific (SAS transport) [] [0x3f]
Actually I need a hex dump of pages 1 7 and 0xa ... how do you get that?
Thanks,
James
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50
2015-12-03 20:59 ` James Bottomley
2015-12-03 21:11 ` Douglas Gilbert
@ 2015-12-03 22:20 ` Andrea Gelmini
2015-12-04 16:58 ` Ewan Milne
2015-12-04 17:09 ` James Bottomley
1 sibling, 2 replies; 14+ messages in thread
From: Andrea Gelmini @ 2015-12-03 22:20 UTC (permalink / raw)
To: James Bottomley; +Cc: linux-kernel, linux-scsi, dgilbert
[-- Attachment #1: Type: text/plain, Size: 1293 bytes --]
On Thu, Dec 03, 2015 at 12:59:06PM -0800, James Bottomley wrote:
> sg_map -i
>
> in your system, you should see something with an inquiry string like
> enclosure. It's the /dev/sg<n> of that you need to run sg_ses on.
root@glen:/home/gelma# sg_map -i
/dev/sg0 /dev/sda ATA Samsung SSD 850 1B6Q
/dev/sg1 /dev/sr0 HL-DT-ST DVDRAM GU40N QX23
/dev/sg2 /dev/sdb WD My Passport 0820 1007
/dev/sg3 WD SES Device 1007
And following Douglas' instructions:
root@glen:/home/gelma# lsscsi -gs
[0:0:0:0] disk ATA Samsung SSD 850 1B6Q /dev/sda /dev/sg0 1.02TB
[1:0:0:0] cd/dvd HL-DT-ST DVDRAM GU40N QX23 /dev/sr0 /dev/sg1 -
[8:0:0:0] disk WD My Passport 0820 1007 /dev/sdb /dev/sg2 2.00TB
[8:0:0:1] enclosu WD SES Device 1007 - /dev/sg3
root@glen:/home/gelma# sg_ses /dev/sg3
WD SES Device 1007
Supported diagnostic pages:
Supported Diagnostic Pages [sdp] [0x0]
Short Enclosure Status (SES) [ses] [0x8]
<unknown> [0x80]
<unknown> [0x83]
<unknown> [0x84]
<unknown> [0x85]
Well, if it's better for you, I can give you root access to a machine with this device
connected to.
Thanks a lot for your time,
Andrea
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 949 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50
2015-12-03 22:20 ` Andrea Gelmini
@ 2015-12-04 16:58 ` Ewan Milne
2015-12-04 19:16 ` James Bottomley
2015-12-04 17:09 ` James Bottomley
1 sibling, 1 reply; 14+ messages in thread
From: Ewan Milne @ 2015-12-04 16:58 UTC (permalink / raw)
To: Andrea Gelmini; +Cc: James Bottomley, linux-kernel, linux-scsi, dgilbert
On Thu, 2015-12-03 at 23:20 +0100, Andrea Gelmini wrote:
> On Thu, Dec 03, 2015 at 12:59:06PM -0800, James Bottomley wrote:
> > sg_map -i
> >
> > in your system, you should see something with an inquiry string like
> > enclosure. It's the /dev/sg<n> of that you need to run sg_ses on.
>
> root@glen:/home/gelma# sg_map -i
> /dev/sg0 /dev/sda ATA Samsung SSD 850 1B6Q
> /dev/sg1 /dev/sr0 HL-DT-ST DVDRAM GU40N QX23
> /dev/sg2 /dev/sdb WD My Passport 0820 1007
> /dev/sg3 WD SES Device 1007
>
> And following Douglas' instructions:
>
> root@glen:/home/gelma# lsscsi -gs
> [0:0:0:0] disk ATA Samsung SSD 850 1B6Q /dev/sda /dev/sg0 1.02TB
> [1:0:0:0] cd/dvd HL-DT-ST DVDRAM GU40N QX23 /dev/sr0 /dev/sg1 -
> [8:0:0:0] disk WD My Passport 0820 1007 /dev/sdb /dev/sg2 2.00TB
> [8:0:0:1] enclosu WD SES Device 1007 - /dev/sg3
>
> root@glen:/home/gelma# sg_ses /dev/sg3
> WD SES Device 1007
> Supported diagnostic pages:
> Supported Diagnostic Pages [sdp] [0x0]
> Short Enclosure Status (SES) [ses] [0x8]
> <unknown> [0x80]
> <unknown> [0x83]
> <unknown> [0x84]
> <unknown> [0x85]
>
>
> Well, if it's better for you, I can give you root access to a machine with this device
> connected to.
>
> Thanks a lot for your time,
> Andrea
There seems to be a problem with the ses code if the device only reports
Short Enclosure Status. We probably need to do something like:
diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c
index eba183c..065a528 100644
--- a/drivers/scsi/ses.c
+++ b/drivers/scsi/ses.c
@@ -537,6 +537,15 @@ static int ses_intf_add(struct device *cdev,
if (result)
goto recv_failed;
+ /* If enclosure only supports Short Enclosure Status page (08),
+ * it returns that page regardless of what we requested, and
+ * only returns vendor-specific status. There is nothing wrong
+ * with such enclosures, we just can't make use of them. */
+ if (hdr_buf[0] == 8) {
+ err = -ENODEV;
+ goto err_init_free_nomsg;
+ }
+
len = (hdr_buf[2] << 8) + hdr_buf[3] + 4;
buf = kzalloc(len, GFP_KERNEL);
if (!buf)
@@ -646,9 +655,10 @@ static int ses_intf_add(struct device *cdev,
kfree(ses_dev->page2);
kfree(ses_dev->page1);
err_init_free:
+ sdev_printk(KERN_ERR, sdev, "Failed to bind enclosure %d\n",
err);
+ err_init_free_nomsg:
kfree(ses_dev);
kfree(hdr_buf);
- sdev_printk(KERN_ERR, sdev, "Failed to bind enclosure %d\n",
err);
return err;
}
Otherwise we go off issuing commands for pages the device says it won't
return. I don't see offhand how this would cause KASAN errors though.
-Ewan
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50
2015-12-03 22:20 ` Andrea Gelmini
2015-12-04 16:58 ` Ewan Milne
@ 2015-12-04 17:09 ` James Bottomley
2015-12-04 17:46 ` Andrea Gelmini
1 sibling, 1 reply; 14+ messages in thread
From: James Bottomley @ 2015-12-04 17:09 UTC (permalink / raw)
To: Andrea Gelmini; +Cc: linux-kernel, linux-scsi, dgilbert
[-- Attachment #1: Type: text/plain, Size: 1904 bytes --]
On Thu, 2015-12-03 at 23:20 +0100, Andrea Gelmini wrote:
> On Thu, Dec 03, 2015 at 12:59:06PM -0800, James Bottomley wrote:
> > sg_map -i
> >
> > in your system, you should see something with an inquiry string like
> > enclosure. It's the /dev/sg<n> of that you need to run sg_ses on.
>
> root@glen:/home/gelma# sg_map -i
> /dev/sg0 /dev/sda ATA Samsung SSD 850 1B6Q
> /dev/sg1 /dev/sr0 HL-DT-ST DVDRAM GU40N QX23
> /dev/sg2 /dev/sdb WD My Passport 0820 1007
> /dev/sg3 WD SES Device 1007
>
> And following Douglas' instructions:
>
> root@glen:/home/gelma# lsscsi -gs
> [0:0:0:0] disk ATA Samsung SSD 850 1B6Q /dev/sda /dev/sg0 1.02TB
> [1:0:0:0] cd/dvd HL-DT-ST DVDRAM GU40N QX23 /dev/sr0 /dev/sg1 -
> [8:0:0:0] disk WD My Passport 0820 1007 /dev/sdb /dev/sg2 2.00TB
> [8:0:0:1] enclosu WD SES Device 1007 - /dev/sg3
>
> root@glen:/home/gelma# sg_ses /dev/sg3
> WD SES Device 1007
> Supported diagnostic pages:
> Supported Diagnostic Pages [sdp] [0x0]
> Short Enclosure Status (SES) [ses] [0x8]
> <unknown> [0x80]
> <unknown> [0x83]
> <unknown> [0x84]
> <unknown> [0x85]
>
>
> Well, if it's better for you, I can give you root access to a machine with this device
> connected to.
Actually, that would be really helpful, since I only have access to one,
very old, enclosure device. My ssh key is
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnSsL4HoG8CXrJKA2CDAFJi+Ry8EUYgLluzX+zQ21iShnlCelp8djuoe+q+96WX2VGTnxQPJGAYUXNIW+rT9g3g8mgbjLAxYec4AHOgir/LlEBCARHo4SWue9L2if0nl6nLu1PudCQIKM747Pfzj1R4VfWboMU4m6KvkaFgP3rwJkZ96aNHI4ssRDh3EXvlD/vix6DZx0T7UEDpD3icc6ZyA2kmymtGCg1+nAWRTWImsnyhRFTIJvVw+xL7iR6GBoIJND82SpzP13Z95owuLm6QGPWow5Xgp3FLgoh+KezU7qXZh17Wh5ANRbgCNZJDc4fDBhXO+oNZmaU8bc0AW8R
Thanks,
James
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50
2015-12-04 17:09 ` James Bottomley
@ 2015-12-04 17:46 ` Andrea Gelmini
2015-12-04 19:04 ` James Bottomley
0 siblings, 1 reply; 14+ messages in thread
From: Andrea Gelmini @ 2015-12-04 17:46 UTC (permalink / raw)
To: James Bottomley; +Cc: linux-kernel, linux-scsi, dgilbert
[-- Attachment #1: Type: text/plain, Size: 313 bytes --]
On Fri, Dec 04, 2015 at 09:09:32AM -0800, James Bottomley wrote:
> Actually, that would be really helpful, since I only have access to one,
> very old, enclosure device. My ssh key is
Ok.
Do you need same PC/Kernel of the report, or is it enough if I plug the USB in any PC and give you access?
Thanks,
Andrea
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 949 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50
2015-12-04 17:46 ` Andrea Gelmini
@ 2015-12-04 19:04 ` James Bottomley
0 siblings, 0 replies; 14+ messages in thread
From: James Bottomley @ 2015-12-04 19:04 UTC (permalink / raw)
To: Andrea Gelmini; +Cc: linux-kernel, linux-scsi, dgilbert
[-- Attachment #1: Type: text/plain, Size: 498 bytes --]
On Fri, 2015-12-04 at 18:46 +0100, Andrea Gelmini wrote:
> On Fri, Dec 04, 2015 at 09:09:32AM -0800, James Bottomley wrote:
> > Actually, that would be really helpful, since I only have access to one,
> > very old, enclosure device. My ssh key is
>
> Ok.
> Do you need same PC/Kernel of the report, or is it enough if I plug the USB in any PC and give you access?
I think, since we suspect the device, it's enough to plug it into any PC
running a current kernel.
Thanks,
James
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50
2015-12-04 16:58 ` Ewan Milne
@ 2015-12-04 19:16 ` James Bottomley
2015-12-04 20:40 ` Ewan Milne
0 siblings, 1 reply; 14+ messages in thread
From: James Bottomley @ 2015-12-04 19:16 UTC (permalink / raw)
To: emilne; +Cc: Andrea Gelmini, linux-kernel, linux-scsi, dgilbert
On Fri, 2015-12-04 at 11:58 -0500, Ewan Milne wrote:
> On Thu, 2015-12-03 at 23:20 +0100, Andrea Gelmini wrote:
> > On Thu, Dec 03, 2015 at 12:59:06PM -0800, James Bottomley wrote:
> > > sg_map -i
> > >
> > > in your system, you should see something with an inquiry string like
> > > enclosure. It's the /dev/sg<n> of that you need to run sg_ses on.
> >
> > root@glen:/home/gelma# sg_map -i
> > /dev/sg0 /dev/sda ATA Samsung SSD 850 1B6Q
> > /dev/sg1 /dev/sr0 HL-DT-ST DVDRAM GU40N QX23
> > /dev/sg2 /dev/sdb WD My Passport 0820 1007
> > /dev/sg3 WD SES Device 1007
> >
> > And following Douglas' instructions:
> >
> > root@glen:/home/gelma# lsscsi -gs
> > [0:0:0:0] disk ATA Samsung SSD 850 1B6Q /dev/sda /dev/sg0 1.02TB
> > [1:0:0:0] cd/dvd HL-DT-ST DVDRAM GU40N QX23 /dev/sr0 /dev/sg1 -
> > [8:0:0:0] disk WD My Passport 0820 1007 /dev/sdb /dev/sg2 2.00TB
> > [8:0:0:1] enclosu WD SES Device 1007 - /dev/sg3
> >
> > root@glen:/home/gelma# sg_ses /dev/sg3
> > WD SES Device 1007
> > Supported diagnostic pages:
> > Supported Diagnostic Pages [sdp] [0x0]
> > Short Enclosure Status (SES) [ses] [0x8]
> > <unknown> [0x80]
> > <unknown> [0x83]
> > <unknown> [0x84]
> > <unknown> [0x85]
> >
> >
> > Well, if it's better for you, I can give you root access to a machine with this device
> > connected to.
> >
> > Thanks a lot for your time,
> > Andrea
>
> There seems to be a problem with the ses code if the device only reports
> Short Enclosure Status. We probably need to do something like:
>
> diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c
> index eba183c..065a528 100644
> --- a/drivers/scsi/ses.c
> +++ b/drivers/scsi/ses.c
> @@ -537,6 +537,15 @@ static int ses_intf_add(struct device *cdev,
> if (result)
> goto recv_failed;
>
> + /* If enclosure only supports Short Enclosure Status page (08),
> + * it returns that page regardless of what we requested, and
> + * only returns vendor-specific status. There is nothing wrong
> + * with such enclosures, we just can't make use of them. */
> + if (hdr_buf[0] == 8) {
> + err = -ENODEV;
> + goto err_init_free_nomsg;
> + }
> +
> len = (hdr_buf[2] << 8) + hdr_buf[3] + 4;
> buf = kzalloc(len, GFP_KERNEL);
> if (!buf)
> @@ -646,9 +655,10 @@ static int ses_intf_add(struct device *cdev,
> kfree(ses_dev->page2);
> kfree(ses_dev->page1);
> err_init_free:
> + sdev_printk(KERN_ERR, sdev, "Failed to bind enclosure %d\n",
> err);
> + err_init_free_nomsg:
> kfree(ses_dev);
> kfree(hdr_buf);
> - sdev_printk(KERN_ERR, sdev, "Failed to bind enclosure %d\n",
> err);
> return err;
> }
>
> Otherwise we go off issuing commands for pages the device says it won't
> return. I don't see offhand how this would cause KASAN errors though.
I think we have two separate bugs. One is the usual USB devices getting
into a new SCSI standard and getting it wrong. The other looks to be an
enumeration problem ... possibly because ses2 added an indexed
descriptor which current SES doesn't cope with.
Anyway, in concentrating on the USB problem first, I think we need to
code a little more defensively, like this.
James
---
diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c
index dcb0d76..7d9cec5 100644
--- a/drivers/scsi/ses.c
+++ b/drivers/scsi/ses.c
@@ -84,6 +84,7 @@ static void init_device_slot_control(unsigned char *dest_desc,
static int ses_recv_diag(struct scsi_device *sdev, int page_code,
void *buf, int bufflen)
{
+ int ret;
unsigned char cmd[] = {
RECEIVE_DIAGNOSTIC,
1, /* Set PCV bit */
@@ -92,9 +93,26 @@ static int ses_recv_diag(struct scsi_device *sdev, int page_code,
bufflen & 0xff,
0
};
+ unsigned char recv_page_code;
- return scsi_execute_req(sdev, cmd, DMA_FROM_DEVICE, buf, bufflen,
+ ret = scsi_execute_req(sdev, cmd, DMA_FROM_DEVICE, buf, bufflen,
NULL, SES_TIMEOUT, SES_RETRIES, NULL);
+ if (unlikely(!ret))
+ return ret;
+
+ recv_page_code = ((unsigned char *)buf)[0];
+
+ if (likely(recv_page_code == page_code))
+ return ret;
+
+ /* successful diagnostic but wrong page code. This happens to some
+ * USB devices, just print a message and pretend there was an error */
+
+ sdev_printk(KERN_ERR, sdev,
+ "Wrong diagnostic page; asked for %d got %u\n",
+ page_code, recv_page_code);
+
+ return -EINVAL;
}
static int ses_send_diag(struct scsi_device *sdev, int page_code,
^ permalink raw reply related [flat|nested] 14+ messages in thread
* Re: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50
2015-12-04 19:16 ` James Bottomley
@ 2015-12-04 20:40 ` Ewan Milne
0 siblings, 0 replies; 14+ messages in thread
From: Ewan Milne @ 2015-12-04 20:40 UTC (permalink / raw)
To: James Bottomley; +Cc: Andrea Gelmini, linux-kernel, linux-scsi, dgilbert
On Fri, 2015-12-04 at 11:16 -0800, James Bottomley wrote:
> On Fri, 2015-12-04 at 11:58 -0500, Ewan Milne wrote:
> > On Thu, 2015-12-03 at 23:20 +0100, Andrea Gelmini wrote:
> > > On Thu, Dec 03, 2015 at 12:59:06PM -0800, James Bottomley wrote:
> > > > sg_map -i
> > > >
> > > > in your system, you should see something with an inquiry string like
> > > > enclosure. It's the /dev/sg<n> of that you need to run sg_ses on.
> > >
> > > root@glen:/home/gelma# sg_map -i
> > > /dev/sg0 /dev/sda ATA Samsung SSD 850 1B6Q
> > > /dev/sg1 /dev/sr0 HL-DT-ST DVDRAM GU40N QX23
> > > /dev/sg2 /dev/sdb WD My Passport 0820 1007
> > > /dev/sg3 WD SES Device 1007
> > >
> > > And following Douglas' instructions:
> > >
> > > root@glen:/home/gelma# lsscsi -gs
> > > [0:0:0:0] disk ATA Samsung SSD 850 1B6Q /dev/sda /dev/sg0 1.02TB
> > > [1:0:0:0] cd/dvd HL-DT-ST DVDRAM GU40N QX23 /dev/sr0 /dev/sg1 -
> > > [8:0:0:0] disk WD My Passport 0820 1007 /dev/sdb /dev/sg2 2.00TB
> > > [8:0:0:1] enclosu WD SES Device 1007 - /dev/sg3
> > >
> > > root@glen:/home/gelma# sg_ses /dev/sg3
> > > WD SES Device 1007
> > > Supported diagnostic pages:
> > > Supported Diagnostic Pages [sdp] [0x0]
> > > Short Enclosure Status (SES) [ses] [0x8]
> > > <unknown> [0x80]
> > > <unknown> [0x83]
> > > <unknown> [0x84]
> > > <unknown> [0x85]
> > >
> > >
> > > Well, if it's better for you, I can give you root access to a machine with this device
> > > connected to.
> > >
> > > Thanks a lot for your time,
> > > Andrea
> >
> > There seems to be a problem with the ses code if the device only reports
> > Short Enclosure Status. We probably need to do something like:
> >
> > diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c
> > index eba183c..065a528 100644
> > --- a/drivers/scsi/ses.c
> > +++ b/drivers/scsi/ses.c
> > @@ -537,6 +537,15 @@ static int ses_intf_add(struct device *cdev,
> > if (result)
> > goto recv_failed;
> >
> > + /* If enclosure only supports Short Enclosure Status page (08),
> > + * it returns that page regardless of what we requested, and
> > + * only returns vendor-specific status. There is nothing wrong
> > + * with such enclosures, we just can't make use of them. */
> > + if (hdr_buf[0] == 8) {
> > + err = -ENODEV;
> > + goto err_init_free_nomsg;
> > + }
> > +
> > len = (hdr_buf[2] << 8) + hdr_buf[3] + 4;
> > buf = kzalloc(len, GFP_KERNEL);
> > if (!buf)
> > @@ -646,9 +655,10 @@ static int ses_intf_add(struct device *cdev,
> > kfree(ses_dev->page2);
> > kfree(ses_dev->page1);
> > err_init_free:
> > + sdev_printk(KERN_ERR, sdev, "Failed to bind enclosure %d\n",
> > err);
> > + err_init_free_nomsg:
> > kfree(ses_dev);
> > kfree(hdr_buf);
> > - sdev_printk(KERN_ERR, sdev, "Failed to bind enclosure %d\n",
> > err);
> > return err;
> > }
> >
> > Otherwise we go off issuing commands for pages the device says it won't
> > return. I don't see offhand how this would cause KASAN errors though.
>
> I think we have two separate bugs. One is the usual USB devices getting
> into a new SCSI standard and getting it wrong. The other looks to be an
> enumeration problem ... possibly because ses2 added an indexed
> descriptor which current SES doesn't cope with.
>
> Anyway, in concentrating on the USB problem first, I think we need to
> code a little more defensively, like this.
This could certainly be the case for a USB device, however I have also
had a report of this for regular SCSI attached devices with EncServ=1
that only supported Short Enclosure Status. The SES-3 spec 4.3.3 says
that in this case, it "...shall always return the Short Enclosure
Status diagnostic page, regardless of which SES diagnostic page is
requested..." The person who reported the problem wanted to have the
error messages removed about all his spec-compliant devices.
Short Enclosure Status appears to be vendor-specific, it doesn't look
like we can do anything with it.
But anyway, there's still the other problem...
-Ewan
>
> James
>
> ---
>
> diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c
> index dcb0d76..7d9cec5 100644
> --- a/drivers/scsi/ses.c
> +++ b/drivers/scsi/ses.c
> @@ -84,6 +84,7 @@ static void init_device_slot_control(unsigned char *dest_desc,
> static int ses_recv_diag(struct scsi_device *sdev, int page_code,
> void *buf, int bufflen)
> {
> + int ret;
> unsigned char cmd[] = {
> RECEIVE_DIAGNOSTIC,
> 1, /* Set PCV bit */
> @@ -92,9 +93,26 @@ static int ses_recv_diag(struct scsi_device *sdev, int page_code,
> bufflen & 0xff,
> 0
> };
> + unsigned char recv_page_code;
>
> - return scsi_execute_req(sdev, cmd, DMA_FROM_DEVICE, buf, bufflen,
> + ret = scsi_execute_req(sdev, cmd, DMA_FROM_DEVICE, buf, bufflen,
> NULL, SES_TIMEOUT, SES_RETRIES, NULL);
> + if (unlikely(!ret))
> + return ret;
> +
> + recv_page_code = ((unsigned char *)buf)[0];
> +
> + if (likely(recv_page_code == page_code))
> + return ret;
> +
> + /* successful diagnostic but wrong page code. This happens to some
> + * USB devices, just print a message and pretend there was an error */
> +
> + sdev_printk(KERN_ERR, sdev,
> + "Wrong diagnostic page; asked for %d got %u\n",
> + page_code, recv_page_code);
> +
> + return -EINVAL;
> }
>
> static int ses_send_diag(struct scsi_device *sdev, int page_code,
>
>
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50
@ 2015-12-03 14:20 Pavel Tikhomirov
0 siblings, 0 replies; 14+ messages in thread
From: Pavel Tikhomirov @ 2015-12-03 14:20 UTC (permalink / raw)
Cc: James Bottomley, Andrea Gelmini, linux-scsi, linux-kernel
I have very similar problem with SAS2X28, please take a look on a bug
report here https://bugzilla.kernel.org/show_bug.cgi?id=108771
Thanks, Pavel
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2015-12-04 20:40 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-12-01 20:20 BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x900/0xe50 Andrea Gelmini
2015-12-02 22:58 ` James Bottomley
2015-12-03 20:36 ` Andrea Gelmini
2015-12-03 20:59 ` James Bottomley
2015-12-03 21:11 ` Douglas Gilbert
2015-12-03 21:20 ` James Bottomley
2015-12-03 22:20 ` Andrea Gelmini
2015-12-04 16:58 ` Ewan Milne
2015-12-04 19:16 ` James Bottomley
2015-12-04 20:40 ` Ewan Milne
2015-12-04 17:09 ` James Bottomley
2015-12-04 17:46 ` Andrea Gelmini
2015-12-04 19:04 ` James Bottomley
2015-12-03 14:20 Pavel Tikhomirov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).