From: Kent Overstreet <kent.overstreet@linux.dev>
To: v9fs@lists.linux.dev
Subject: new 9p kasan splat in 6.9
Date: Sun, 31 Mar 2024 01:33:41 -0400 [thread overview]
Message-ID: <f6upxoxa6d2c6cbh4ka775msggvuduigiu7xgvfx7qsufg2lo6@2ellaad6b2on> (raw)
00000 Running test kasan-ec.ktest on farm2 at /home/testdashboard/linux-5
00164 building kernel... done
00169 systemd[1]: Failed to find module 'autofs4'
00170 ==================================================================
00170 BUG: KASAN: slab-use-after-free in v9fs_stat2inode_dotl+0x7f8/0x988
00170 Read of size 8 at addr ffff0000c12f9000 by task mount/217
00170
00170 CPU: 3 PID: 217 Comm: mount Not tainted 6.9.0-rc1-ktest-ga097468ffe82 #10998
00170 Hardware name: linux,dummy-virt (DT)
00170 Call trace:
00170 dump_backtrace+0xa4/0xe0
00170 show_stack+0x1c/0x30
00170 dump_stack_lvl+0x70/0x88
00170 print_report+0x110/0x5b8
00170 kasan_report+0x80/0xc0
00170 __asan_report_load8_noabort+0x1c/0x28
00170 v9fs_stat2inode_dotl+0x7f8/0x988
00170 v9fs_fid_iget_dotl+0x164/0x1f0
00170 v9fs_mount+0x380/0x718
00170 legacy_get_tree+0xd4/0x198
00170 vfs_get_tree+0x78/0x240
00170 path_mount+0xc6c/0x15f0
00170 do_mount+0xc4/0x100
00170 __arm64_sys_mount+0x228/0x330
00170 invoke_syscall.constprop.0+0x74/0x1e8
00170 do_el0_svc+0xc8/0x200
00170 el0_svc+0x20/0x60
00170 el0t_64_sync_handler+0xb8/0xc0
00170 el0t_64_sync+0x14c/0x150
00170
00170 Allocated by task 217:
00170
00170 Freed by task 217:
00170
00170 The buggy address belongs to the object at ffff0000c12f9000
00170 which belongs to the cache kmalloc-192 of size 192
00170 The buggy address is located 0 bytes inside of
00170 freed 192-byte region [ffff0000c12f9000, ffff0000c12f90c0)
00170
00170 The buggy address belongs to the physical page:
00170
00170 Memory state around the buggy address:
00170 ffff0000c12f8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00170 ffff0000c12f8f80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
00170 >ffff0000c12f9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
00170 ^
00170 ffff0000c12f9080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
00170 ffff0000c12f9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
00170 ==================================================================
00170 Kernel panic - not syncing: kasan.fault=panic set ...
00170 CPU: 3 PID: 217 Comm: mount Not tainted 6.9.0-rc1-ktest-ga097468ffe82 #10998
00170 Hardware name: linux,dummy-virt (DT)
00170 Call trace:
00170 dump_backtrace+0xa4/0xe0
00170 show_stack+0x1c/0x30
00170 dump_stack_lvl+0x34/0x88
00170 dump_stack+0x18/0x20
00170 panic+0x4dc/0x520
00170 end_report+0xec/0xf0
00170 kasan_report+0x90/0xc0
00170 __asan_report_load8_noabort+0x1c/0x28
00170 v9fs_stat2inode_dotl+0x7f8/0x988
00170 v9fs_fid_iget_dotl+0x164/0x1f0
00170 v9fs_mount+0x380/0x718
00170 legacy_get_tree+0xd4/0x198
00170 vfs_get_tree+0x78/0x240
00170 path_mount+0xc6c/0x15f0
00170 do_mount+0xc4/0x100
00170 __arm64_sys_mount+0x228/0x330
00170 invoke_syscall.constprop.0+0x74/0x1e8
00170 do_el0_svc+0xc8/0x200
00170 el0_svc+0x20/0x60
00170 el0t_64_sync_handler+0xb8/0xc0
00170 el0t_64_sync+0x14c/0x150
00170 SMP: stopping secondary CPUs
00170 Kernel Offset: disabled
00170 CPU features: 0x0,00000003,80000008,4240500b
00170 Memory Limit: none
00170 ---[ end Kernel panic - not syncing: kasan.fault=panic set ... ]---
00175 ========= FAILED TIMEOUT (no test) in 1200s
next reply other threads:[~2024-03-31 5:33 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-31 5:33 Kent Overstreet [this message]
2024-04-02 0:02 ` new 9p kasan splat in 6.9 Eric Van Hensbergen
2024-04-02 0:07 ` Kent Overstreet
2024-04-02 0:33 ` Eric Van Hensbergen
2024-04-02 1:12 ` Kent Overstreet
2024-04-02 1:27 ` Eric Van Hensbergen
2024-04-02 1:34 ` Kent Overstreet
2024-04-10 11:43 ` Eric Van Hensbergen
2024-04-10 17:02 ` Kent Overstreet
2024-04-10 18:17 ` Eric Van Hensbergen
2024-04-15 13:48 ` Eric Van Hensbergen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f6upxoxa6d2c6cbh4ka775msggvuduigiu7xgvfx7qsufg2lo6@2ellaad6b2on \
--to=kent.overstreet@linux.dev \
--cc=v9fs@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).