Details
-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
-
3
-
9223372036854775807
Description
I discussed KASAN (kernel address sanitizer) with Oleg at LAD, and centos 8 just went out with their -debug kernel having KASAN enabled; so just compiled a fresh lustre master with that and ran sanity.sh to show what kind of reports would come up.
On v2_12_58-81-g95f8ae5677
I got this trace twice on the same test, but not if I try to run the test individually, not sure if cleanup from previous tests happen at the same time or what happens...
1st
[ 1523.737579] Lustre: DEBUG MARKER: == sanity test 27K: basic ops on dir with foreign LMV ================================================ 10:42:27 (1569573747)
[ 1524.109788] ==================================================================
[ 1524.113090] BUG: KASAN: slab-out-of-bounds in strcmp+0x97/0xa0
[ 1524.113983] Read of size 1 at addr ffff880301be4759 by task lt-lfs/27933
[ 1524.115222] CPU: 26 PID: 27933 Comm: lt-lfs Kdump: loaded Tainted: G W OE --------- -t - 4.18.0-80.7.1.el8.x86_64+debug #1
[ 1524.117042] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014
[ 1524.118861] Call Trace:
[ 1524.119242] dump_stack+0x9a/0xe9
[ 1524.119777] print_address_description+0x65/0x22e
[ 1524.120512] ? strcmp+0x97/0xa0
[ 1524.120995] kasan_report.cold.6+0x92/0x1a6
[ 1524.121651] strcmp+0x97/0xa0
[ 1524.122145] ll_update_inode+0x1375/0x3e60 [lustre]
[ 1524.122900] ? _raw_spin_unlock+0x24/0x30
[ 1524.123563] ? ll_set_inode+0x430/0x430 [lustre]
[ 1524.124269] ? do_raw_spin_unlock+0x13e/0x1e0
[ 1524.124968] ? ll_set_inode+0x430/0x430 [lustre]
[ 1524.125742] ll_iget+0x40a/0x7a0 [lustre]
[ 1524.126386] ll_prep_inode+0x852/0x1900 [lustre]
[ 1524.127131] ? mdc_intent_lock+0x7a7/0xf40 [mdc]
[ 1524.127870] ? ll_open_cleanup+0xcb0/0xcb0 [lustre]
[ 1524.128675] ? ll_atomic_open+0x867/0x4880 [lustre]
[ 1524.129406] ? lookup_open+0xab3/0x1980
[ 1524.129987] ? mdc_revalidate_lock+0x530/0x530 [mdc]
[ 1524.130870] ? __req_capsule_get+0xb20/0xf40 [ptlrpc]
[ 1524.131705] ? lustre_swab_generic_32s+0x40/0x40 [ptlrpc]
[ 1524.132584] ll_lookup_it_finish+0x5f7/0x2f80 [lustre]
[ 1524.133363] ? trace_hardirqs_on+0x10/0x10
[ 1524.133992] ? ll_splice_alias+0x7b0/0x7b0 [lustre]
[ 1524.134776] ? lmv_intent_remote.isra.10+0x1e60/0x1e60 [lmv]
[ 1524.135653] ? from_kgid+0x83/0xc0
[ 1524.136186] ? ll_md_need_convert+0x440/0x440 [lustre]
[ 1524.136988] ? lmv_intent_lock+0x47c/0xaf0 [lmv]
[ 1524.137739] ? cfs_curproc_cap_pack+0x14/0x80 [libcfs]
[ 1524.138522] ? lock_downgrade+0x5e0/0x5e0
[ 1524.139181] ? lprocfs_counter_add+0x275/0x410 [obdclass]
[ 1524.140008] ? lmv_intent_lookup+0x1840/0x1840 [lmv]
[ 1524.140835] ll_lookup_it+0x16b3/0x3fc0 [lustre]
[ 1524.141571] ? kasan_kmalloc+0xbf/0xe0
[ 1524.142152] ? ll_lookup_it_finish+0x2f80/0x2f80 [lustre]
[ 1524.142975] ? path_openat+0x14ce/0x2e30
[ 1524.143604] ? do_sys_open+0x1db/0x310
[ 1524.144183] ? do_syscall_64+0xa5/0x4a0
[ 1524.144794] ? entry_SYSCALL_64_after_hwframe+0x6a/0xdf
[ 1524.145610] ? libcfs_debug_msg+0x1523/0x1f30 [libcfs]
[ 1524.146398] ? lookup_open+0x472/0x1980
[ 1524.147000] ? do_filp_open+0x17c/0x250
[ 1524.147661] ? do_syscall_64+0xa5/0x4a0
[ 1524.148252] ? put_pages_on_daemon_list+0x120/0x120 [libcfs]
[ 1524.149177] ? lprocfs_counter_add+0x275/0x410 [obdclass]
[ 1524.150047] ? lprocfs_alloc_md_stats+0x3b0/0x3b0 [obdclass]
[ 1524.150934] ? ll_atomic_open+0x2a1/0x4880 [lustre]
[ 1524.151699] ? kmem_cache_alloc_trace+0x15b/0x3a0
[ 1524.152448] ? ll_atomic_open+0x2a1/0x4880 [lustre]
[ 1524.153221] ll_atomic_open+0x867/0x4880 [lustre]
[ 1524.153954] ? lock_downgrade+0x5e0/0x5e0
[ 1524.154604] ? lookup_open+0x472/0x1980
[ 1524.155179] ? _raw_spin_unlock+0x24/0x30
[ 1524.155824] ? ll_lookup_it+0x3fc0/0x3fc0 [lustre]
[ 1524.156615] ? d_alloc_parallel+0x51e/0x14b0
[ 1524.157255] ? __d_lookup_rcu+0x800/0x800
[ 1524.157889] ? __d_lookup+0x3e/0x580
[ 1524.158456] ? lookup_open+0x289/0x1980
[ 1524.159058] lookup_open+0xab3/0x1980
[ 1524.159652] ? trailing_symlink+0x8b0/0x8b0
[ 1524.160293] ? trace_hardirqs_on+0x10/0x10
[ 1524.160934] path_openat+0x14ce/0x2e30
[ 1524.161527] ? kasan_kmalloc+0xbf/0xe0
[ 1524.162107] ? kmem_cache_alloc+0x112/0x370
[ 1524.162766] ? getname_flags+0xba/0x510
[ 1524.163352] ? path_lookupat.isra.47+0x830/0x830
[ 1524.164070] ? _raw_spin_unlock+0x24/0x30
[ 1524.164713] ? get_partial_node.isra.59.part.60+0x1eb/0x290
[ 1524.165576] ? lock_acquire+0x14c/0x400
[ 1524.166145] ? __audit_syscall_entry+0x33d/0x790
[ 1524.166863] ? trace_hardirqs_on+0x10/0x10
[ 1524.167494] do_filp_open+0x17c/0x250
[ 1524.168063] ? may_open_dev+0xc0/0xc0
[ 1524.168668] ? do_raw_spin_unlock+0x13e/0x1e0
[ 1524.169329] ? _raw_spin_unlock+0x24/0x30
[ 1524.169948] do_sys_open+0x1db/0x310
[ 1524.170520] ? spurious_fault+0x710/0x710
[ 1524.171135] ? filp_open+0x50/0x50
[ 1524.171685] do_syscall_64+0xa5/0x4a0
[ 1524.172247] entry_SYSCALL_64_after_hwframe+0x6a/0xdf
[ 1524.173034] RIP: 0033:0x7fefeb5b5675
[ 1524.173615] Code: 44 24 18 31 c0 41 83 e2 40 75 42 89 f0 25 00 00 41 00 3d 00 00 41 00 74 34 89 f2 b8 01 01 00 00 48 89 fe bf 9c ff ff ff 0f 05 <48> 3d 00 f0 ff ff 77 43 48 8b 4c 24 18 64 48 33 0c 25 28 00 00 00
[ 1524.176444] RSP: 002b:00007ffe87f814a0 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
[ 1524.177624] RAX: ffffffffffffffda RBX: 00000000022e72a4 RCX: 00007fefeb5b5675
[ 1524.178703] RDX: 0000000000090800 RSI: 00000000022e7280 RDI: 00000000ffffff9c
[ 1524.179789] RBP: 00000000022e7280 R08: 00007ffe87f81730 R09: 0000000000000000
[ 1524.180896] R10: 0000000000000000 R11: 0000000000000287 R12: 00000000022e7280
[ 1524.181976] R13: 00007fefec4781f0 R14: 00007fefec46e7b0 R15: 0000000000000000
[ 1524.183324] Allocated by task 27933:
[ 1524.183877] kasan_kmalloc+0xbf/0xe0
[ 1524.184447] __kmalloc+0x149/0x350
[ 1524.184974] lmv_unpackmd+0xca2/0x23e0 [lmv]
[ 1524.185666] mdc_get_lustre_md+0xd03/0x2460 [mdc]
[ 1524.186422] ll_prep_inode+0x402/0x1900 [lustre]
[ 1524.187151] ll_lookup_it_finish+0x5f7/0x2f80 [lustre]
[ 1524.187944] ll_lookup_it+0x16b3/0x3fc0 [lustre]
[ 1524.188712] ll_atomic_open+0x867/0x4880 [lustre]
[ 1524.189428] lookup_open+0xab3/0x1980
[ 1524.189986] path_openat+0x14ce/0x2e30
[ 1524.190600] do_filp_open+0x17c/0x250
[ 1524.191168] do_sys_open+0x1db/0x310
[ 1524.191745] do_syscall_64+0xa5/0x4a0
[ 1524.192318] entry_SYSCALL_64_after_hwframe+0x6a/0xdf
[ 1524.193344] Freed by task 11472:
[ 1524.193854] __kasan_slab_free+0x125/0x170
[ 1524.194488] slab_free_freelist_hook+0x5a/0x120
[ 1524.195184] kfree+0xd6/0x2e0
[ 1524.195717] tgt_release_reply_data+0x29a/0x4d0 [ptlrpc]
[ 1524.196672] tgt_handle_received_xid+0x18f/0x280 [ptlrpc]
[ 1524.197587] tgt_request_handle+0x28f5/0x4040 [ptlrpc]
[ 1524.198411] ptlrpc_server_handle_request+0xa65/0x1ff0 [ptlrpc]
[ 1524.199359] ptlrpc_main+0x1f6c/0x3d10 [ptlrpc]
[ 1524.200046] kthread+0x30c/0x3d0
[ 1524.200595] ret_from_fork+0x3a/0x50
[ 1524.201372] The buggy address belongs to the object at ffff880301be4700
which belongs to the cache kmalloc-96 of size 96
[ 1524.203242] The buggy address is located 89 bytes inside of
96-byte region [ffff880301be4700, ffff880301be4760)
[ 1524.204977] The buggy address belongs to the page:
[ 1524.205743] page:ffffea000c06f900 count:1 mapcount:0 mapping:ffff880107c16e00 index:0xffff880301be4180
[ 1524.207137] flags: 0x17ffffc0000100(slab)
[ 1524.207772] raw: 0017ffffc0000100 ffffea0064ae12c0 0000000b0000000b ffff880107c16e00
[ 1524.208985] raw: ffff880301be4180 000000008020000b 00000001ffffffff 0000000000000000
[ 1524.210176] page dumped because: kasan: bad access detected
[ 1524.211261] Memory state around the buggy address:
[ 1524.211993] ffff880301be4600: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1524.213159] ffff880301be4680: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1524.214268] >ffff880301be4700: 00 00 00 00 00 00 00 00 00 00 00 01 fc fc fc fc
[ 1524.215370] ^
[ 1524.216317] ffff880301be4780: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1524.217454] ffff880301be4800: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1524.218578] ==================================================================
2nd
[ 2628.507920] Lustre: DEBUG MARKER: == sanity test 27K: basic ops on dir with foreign LMV ================================================ 15:22:19 (1569504139)
[ 2628.940393] ==================================================================
[ 2628.943833] BUG: KASAN: slab-out-of-bounds in strcmp+0x97/0xa0
[ 2628.944738] Read of size 1 at addr ffff88031e652659 by task lt-lfs/10986
[ 2628.946028] CPU: 26 PID: 10986 Comm: lt-lfs Kdump: loaded Tainted: G W OE --------- -t - 4.18.0-80.7.1.el8.x86_64+debug #1
[ 2628.947829] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014
[ 2628.949646] Call Trace:
[ 2628.950046] dump_stack+0x9a/0xe9
[ 2628.950557] print_address_description+0x65/0x22e
[ 2628.951293] ? strcmp+0x97/0xa0
[ 2628.951788] kasan_report.cold.6+0x92/0x1a6
[ 2628.952447] strcmp+0x97/0xa0
[ 2628.952957] ll_update_inode+0x1375/0x3e60 [lustre]
[ 2628.953719] ? _raw_spin_unlock+0x24/0x30
[ 2628.954364] ? ll_set_inode+0x430/0x430 [lustre]
[ 2628.955087] ? do_raw_spin_unlock+0x13e/0x1e0
[ 2628.955770] ? ll_set_inode+0x430/0x430 [lustre]
[ 2628.956503] ll_iget+0x40a/0x7a0 [lustre]
[ 2628.957160] ll_prep_inode+0x852/0x1900 [lustre]
[ 2628.957899] ? mdc_intent_lock+0x7a7/0xf40 [mdc]
[ 2628.958642] ? ll_open_cleanup+0xcb0/0xcb0 [lustre]
[ 2628.959413] ? ll_atomic_open+0x867/0x4880 [lustre]
[ 2628.960173] ? lookup_open+0xab3/0x1980
[ 2628.960796] ? mdc_revalidate_lock+0x530/0x530 [mdc]
[ 2628.961699] ? __req_capsule_get+0xb20/0xf40 [ptlrpc]
[ 2628.962534] ? lustre_swab_generic_32s+0x40/0x40 [ptlrpc]
[ 2628.963407] ll_lookup_it_finish+0x5f7/0x2f80 [lustre]
[ 2628.964214] ? trace_hardirqs_on+0x10/0x10
[ 2628.964869] ? ll_splice_alias+0x7b0/0x7b0 [lustre]
[ 2628.965643] ? lmv_intent_remote.isra.10+0x1e60/0x1e60 [lmv]
[ 2628.966507] ? from_kgid+0x83/0xc0
[ 2628.967078] ? ll_md_need_convert+0x440/0x440 [lustre]
[ 2628.967884] ? lmv_intent_lock+0x47c/0xaf0 [lmv]
[ 2628.968632] ? cfs_curproc_cap_pack+0x14/0x80 [libcfs]
[ 2628.969422] ? lock_downgrade+0x5e0/0x5e0
[ 2628.970119] ? lprocfs_counter_add+0x275/0x410 [obdclass]
[ 2628.970954] ? lmv_intent_lookup+0x1840/0x1840 [lmv]
[ 2628.971771] ll_lookup_it+0x16b3/0x3fc0 [lustre]
[ 2628.972507] ? kasan_kmalloc+0xbf/0xe0
[ 2628.973145] ? ll_lookup_it_finish+0x2f80/0x2f80 [lustre]
[ 2628.973998] ? path_openat+0x14ce/0x2e30
[ 2628.974641] ? do_sys_open+0x1db/0x310
[ 2628.975249] ? do_syscall_64+0xa5/0x4a0
[ 2628.975878] ? entry_SYSCALL_64_after_hwframe+0x6a/0xdf
[ 2628.976736] ? libcfs_debug_msg+0x1523/0x1f30 [libcfs]
[ 2628.977577] ? lookup_open+0x472/0x1980
[ 2628.978219] ? do_filp_open+0x17c/0x250
[ 2628.978835] ? do_syscall_64+0xa5/0x4a0
[ 2628.979478] ? put_pages_on_daemon_list+0x120/0x120 [libcfs]
[ 2628.980446] ? lprocfs_counter_add+0x275/0x410 [obdclass]
[ 2628.981359] ? lprocfs_alloc_md_stats+0x3b0/0x3b0 [obdclass]
[ 2628.982286] ? ll_atomic_open+0x2a1/0x4880 [lustre]
[ 2628.983089] ? kmem_cache_alloc_trace+0x15b/0x3a0
[ 2628.983856] ? ll_atomic_open+0x2a1/0x4880 [lustre]
[ 2628.984678] ll_atomic_open+0x867/0x4880 [lustre]
[ 2628.985419] ? lock_downgrade+0x5e0/0x5e0
[ 2628.986072] ? lookup_open+0x472/0x1980
[ 2628.986689] ? _raw_spin_unlock+0x24/0x30
[ 2628.987360] ? ll_lookup_it+0x3fc0/0x3fc0 [lustre]
[ 2628.988124] ? d_alloc_parallel+0x51e/0x14b0
[ 2628.988809] ? __d_lookup_rcu+0x800/0x800
[ 2628.989465] ? __d_lookup+0x3e/0x580
[ 2628.990057] ? lookup_open+0x289/0x1980
[ 2628.990679] ? iam_lvar_create+0x720/0xa60 [osd_ldiskfs]
[ 2628.991522] lookup_open+0xab3/0x1980
[ 2628.992117] ? trailing_symlink+0x8b0/0x8b0
[ 2628.992783] ? trace_hardirqs_on+0x10/0x10
[ 2628.993464] path_openat+0x14ce/0x2e30
[ 2628.994080] ? kasan_kmalloc+0xbf/0xe0
[ 2628.994688] ? kmem_cache_alloc+0x112/0x370
[ 2628.995363] ? getname_flags+0xba/0x510
[ 2628.995963] ? path_lookupat.isra.47+0x830/0x830
[ 2628.996691] ? trace_hardirqs_on+0x10/0x10
[ 2628.997372] ? handle_pte_fault+0x837/0x2b80
[ 2628.998049] ? lock_downgrade+0x5e0/0x5e0
[ 2628.998677] ? lock_acquire+0x14c/0x400
[ 2628.999281] ? __audit_syscall_entry+0x33d/0x790
[ 2629.000024] ? trace_hardirqs_on+0x10/0x10
[ 2629.000680] do_filp_open+0x17c/0x250
[ 2629.001274] ? may_open_dev+0xc0/0xc0
[ 2629.001852] ? do_raw_spin_unlock+0x13e/0x1e0
[ 2629.002559] ? _raw_spin_unlock+0x24/0x30
[ 2629.003220] do_sys_open+0x1db/0x310
[ 2629.003784] ? spurious_fault+0x710/0x710
[ 2629.004448] ? filp_open+0x50/0x50
[ 2629.005000] do_syscall_64+0xa5/0x4a0
[ 2629.005586] entry_SYSCALL_64_after_hwframe+0x6a/0xdf
[ 2629.006411] RIP: 0033:0x7fbf58904675
[ 2629.006973] Code: 44 24 18 31 c0 41 83 e2 40 75 42 89 f0 25 00 00 41 00 3d 00 00 41 00 74 34 89 f2 b8 01 01 00 00 48 89 fe bf 9c ff ff ff 0f 05 <48> 3d 00 f0 ff ff 77 43 48 8b 4c 24 18 64 48 33 0c 25 28 00 00 00
[ 2629.009919] RSP: 002b:00007ffc0271b250 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
[ 2629.011130] RAX: ffffffffffffffda RBX: 00000000022082a4 RCX: 00007fbf58904675
[ 2629.012270] RDX: 0000000000090800 RSI: 0000000002208280 RDI: 00000000ffffff9c
[ 2629.013386] RBP: 0000000002208280 R08: 00007ffc0271b4e0 R09: 0000000000000000
[ 2629.014482] R10: 0000000000000000 R11: 0000000000000287 R12: 0000000002208280
[ 2629.015629] R13: 00007fbf597c71f0 R14: 00007fbf597bd7b0 R15: 0000000000000000
[ 2629.016993] Allocated by task 10986:
[ 2629.017563] kasan_kmalloc+0xbf/0xe0
[ 2629.018144] __kmalloc+0x149/0x350
[ 2629.018685] lmv_unpackmd+0xca2/0x23e0 [lmv]
[ 2629.019391] mdc_get_lustre_md+0xd03/0x2460 [mdc]
[ 2629.020148] ll_prep_inode+0x402/0x1900 [lustre]
[ 2629.020918] ll_lookup_it_finish+0x5f7/0x2f80 [lustre]
[ 2629.021753] ll_lookup_it+0x16b3/0x3fc0 [lustre]
[ 2629.022519] ll_atomic_open+0x867/0x4880 [lustre]
[ 2629.023315] lookup_open+0xab3/0x1980
[ 2629.023952] path_openat+0x14ce/0x2e30
[ 2629.024537] do_filp_open+0x17c/0x250
[ 2629.025142] do_sys_open+0x1db/0x310
[ 2629.025703] do_syscall_64+0xa5/0x4a0
[ 2629.026283] entry_SYSCALL_64_after_hwframe+0x6a/0xdf
[ 2629.027330] Freed by task 0:
[ 2629.027782] __kasan_slab_free+0x125/0x170
[ 2629.028442] slab_free_freelist_hook+0x5a/0x120
[ 2629.029158] kfree+0xd6/0x2e0
[ 2629.029653] rcu_process_callbacks+0xb43/0x1320
[ 2629.030380] __do_softirq+0x23c/0xaa0
[ 2629.031201] The buggy address belongs to the object at ffff88031e652600
which belongs to the cache kmalloc-96 of size 96
[ 2629.033125] The buggy address is located 89 bytes inside of
96-byte region [ffff88031e652600, ffff88031e652660)
[ 2629.034924] The buggy address belongs to the page:
[ 2629.035685] page:ffffea000c799480 count:1 mapcount:0 mapping:ffff880107c16e00 index:0x0
[ 2629.036942] flags: 0x17ffffc0000100(slab)
[ 2629.037574] raw: 0017ffffc0000100 ffffea000c9c7700 0000001000000010 ffff880107c16e00
[ 2629.038796] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 2629.040039] page dumped because: kasan: bad access detected
[ 2629.041163] Memory state around the buggy address:
[ 2629.041929] ffff88031e652500: 00 00 00 00 00 00 00 00 00 00 00 01 fc fc fc fc
[ 2629.043075] ffff88031e652580: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 2629.044187] >ffff88031e652600: 00 00 00 00 00 00 00 00 00 00 00 01 fc fc fc fc
[ 2629.045311] ^
[ 2629.046275] ffff88031e652680: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 2629.047417] ffff88031e652700: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 2629.048552] ==================================================================
lmv_unpackmd allocates a lmv_stripe_md struct so assuming it's what it is we have:
crash> struct lmv_stripe_md
struct lmv_stripe_md {
__u32 lsm_md_magic;
__u32 lsm_md_stripe_count;
__u32 lsm_md_master_mdt_index;
__u32 lsm_md_hash_type;
__u32 lsm_md_layout_version;
__u32 lsm_md_migrate_offset;
__u32 lsm_md_migrate_hash;
__u32 lsm_md_default_count;
__u32 lsm_md_default_index;
char lsm_md_pool_name[16];
struct lmv_oinfo lsm_md_oinfo[];
}
SIZE: 56
crash> struct lmv_oinfo
struct lmv_oinfo {
struct lu_fid lmo_fid;
u32 lmo_mds;
struct inode *lmo_root;
}
SIZE: 32
crash> p 56+32
$1 = 88
crash> p 56+32+32
$2 = 120
So offset 89 would be the start of x.lsm_md_oinfo[1].lmo_fid, but the allocation size hints that only one element was allocated in the first place, a bit weird that this comes out as a use-after-free from KASAN?...
I actually looked a bit and couldn't find where the strcmp comes from in ll_update_inode, it looks like it might actually be a memcmp that got incorrectly logged for some reason.
Looking at the dis -l ll_update_inode output the bad access seems to be in ll_update_inode ->ll_update_lsm_md -> lsm_md_eq -> lu_fid_eq
(deduced from the +0x1375)
Unfortunately cannot tell what lsm1->lsm_md_stripe_count was at the time, would need to configure kdump on this machine and set kernel.panic_on_warn maybe but I'm afraid I'd crash on the earlier lockdep / block when !TASK_RUNNING warnings I get if I were to do that... Anyway, I'm not too serious about this particular issue, I just wanted to show Oleg what a KASAN trace looks like.