Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-13040

BUG: KASAN: slab-out-of-bounds in string_nocheck+0xd1/0x180

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • Lustre 2.14.0
    • None
    • None
    • 3
    • 9223372036854775807

    Description

      Nov 27 00:46:15 lustre-client kernel: ==================================================================
Nov 27 00:46:15 lustre-client kernel: BUG: KASAN: slab-out-of-bounds in string_nocheck+0xd1/0x180
Nov 27 00:46:15 lustre-client kernel: Read of size 1 at addr ffff888217560921 by task parse_foreign_d/23741
Nov 27 00:46:15 lustre-client kernel: 
Nov 27 00:46:15 lustre-client kernel: CPU: 3 PID: 23741 Comm: parse_foreign_d Tainted: P O 5.4.0-1.ldiskfs.d.el7.x86_64 #1
Nov 27 00:46:15 lustre-client kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.12.0-1 04/01/2014
Nov 27 00:46:15 lustre-client kernel: Call Trace:
Nov 27 00:46:15 lustre-client kernel: dump_stack+0x7b/0xba
Nov 27 00:46:15 lustre-client kernel: ? string_nocheck+0xd1/0x180
Nov 27 00:46:15 lustre-client kernel: print_address_description.constprop.7.cold.9+0x9/0x350
Nov 27 00:46:15 lustre-client kernel: ? string_nocheck+0xd1/0x180
Nov 27 00:46:15 lustre-client kernel: ? string_nocheck+0xd1/0x180
Nov 27 00:46:15 lustre-client kernel: __kasan_report.cold.10+0x1b/0x3f
Nov 27 00:46:15 lustre-client kernel: ? string_nocheck+0xd1/0x180
Nov 27 00:46:15 lustre-client kernel: kasan_report+0x12/0x20
Nov 27 00:46:15 lustre-client kernel: __asan_load1+0x47/0x50
Nov 27 00:46:15 lustre-client kernel: string_nocheck+0xd1/0x180
Nov 27 00:46:15 lustre-client kernel: ? widen_string+0x190/0x190
Nov 27 00:46:15 lustre-client kernel: string+0xb6/0xc0
Nov 27 00:46:15 lustre-client kernel: ? hex_string+0x2e0/0x2e0
Nov 27 00:46:15 lustre-client kernel: vsnprintf+0x56c/0x8e0
Nov 27 00:46:15 lustre-client kernel: ? pointer+0x4e0/0x4e0
Nov 27 00:46:15 lustre-client kernel: ? vsnprintf+0x655/0x8e0
Nov 27 00:46:15 lustre-client kernel: libcfs_debug_msg+0x4f2/0xf30 [libcfs]
Nov 27 00:46:15 lustre-client kernel: ? put_pages_on_daemon_list+0xd0/0xd0 [libcfs]
Nov 27 00:46:15 lustre-client kernel: ? libcfs_debug_msg+0xd99/0xf30 [libcfs]
Nov 27 00:46:15 lustre-client kernel: lsm_md_dump+0x14a/0x270 [lustre]
Nov 27 00:46:15 lustre-client kernel: ll_update_inode+0xb6c/0x2010 [lustre]
Nov 27 00:46:15 lustre-client kernel: ? ll_test_inode_by_fid+0x30/0x30 [lustre]
Nov 27 00:46:15 lustre-client kernel: ? __kasan_check_read+0x11/0x20
Nov 27 00:46:15 lustre-client kernel: ll_iget+0x2bf/0x420 [lustre]
Nov 27 00:46:15 lustre-client kernel: ll_prep_inode+0x50e/0xca0 [lustre]
Nov 27 00:46:15 lustre-client kernel: ? ll_open_cleanup+0x6b0/0x6b0 [lustre]
Nov 27 00:46:15 lustre-client kernel: ? strcpy+0x30/0x50
Nov 27 00:46:15 lustre-client kernel: ? cfs_trace_unlock_tcd+0x20/0xb0 [libcfs]
Nov 27 00:46:15 lustre-client kernel: ? lustre_msg_buf_v2+0x8a/0x220 [ptlrpc]
Nov 27 00:46:15 lustre-client kernel: ? ptlrpc_buf_need_swab+0x5d/0xf0 [ptlrpc]
Nov 27 00:46:15 lustre-client kernel: ? __req_capsule_get+0x72a/0x8a0 [ptlrpc]
Nov 27 00:46:15 lustre-client kernel: ? lustre_swab_generic_32s+0x20/0x20 [ptlrpc]
Nov 27 00:46:15 lustre-client kernel: ll_lookup_it_finish+0x349/0x1500 [lustre]
Nov 27 00:46:15 lustre-client kernel: ? ll_splice_alias+0x410/0x410 [lustre]
Nov 27 00:46:15 lustre-client kernel: ? ll_md_need_convert+0x2c0/0x2c0 [lustre]
Nov 27 00:46:15 lustre-client kernel: ? ll_md_need_convert+0x2c0/0x2c0 [lustre]
Nov 27 00:46:15 lustre-client kernel: ? libcfs_log_return+0x22/0x30 [libcfs]
Nov 27 00:46:15 lustre-client kernel: ? lmv_intent_lock+0x2f0/0x560 [lmv]
Nov 27 00:46:15 lustre-client kernel: ? lmv_intent_lookup+0xaf0/0xaf0 [lmv]
Nov 27 00:46:15 lustre-client kernel: ? __kasan_check_write+0x14/0x20
Nov 27 00:46:15 lustre-client kernel: ll_lookup_it+0xeae/0x2000 [lustre]
Nov 27 00:46:15 lustre-client kernel: ? ll_lookup_it_finish+0x1500/0x1500 [lustre]
Nov 27 00:46:15 lustre-client kernel: ? strcpy+0x30/0x50
Nov 27 00:46:15 lustre-client kernel: ? cfs_trace_unlock_tcd+0x20/0xb0 [libcfs]
Nov 27 00:46:15 lustre-client kernel: ? libcfs_debug_msg+0xd99/0xf30 [libcfs]
Nov 27 00:46:15 lustre-client kernel: ? put_pages_on_daemon_list+0xd0/0xd0 [libcfs]
Nov 27 00:46:15 lustre-client kernel: ? __d_alloc+0x277/0x380
Nov 27 00:46:15 lustre-client kernel: ? __kasan_check_write+0x14/0x20
Nov 27 00:46:15 lustre-client kernel: ? d_alloc_parallel+0x435/0x950
Nov 27 00:46:15 lustre-client kernel: ? libcfs_debug_msg+0xd99/0xf30 [libcfs]
Nov 27 00:46:15 lustre-client kernel: ll_lookup_nd+0x1ee/0x2b0 [lustre]
Nov 27 00:46:15 lustre-client kernel: ? ll_atomic_open+0x2360/0x2360 [lustre]
Nov 27 00:46:15 lustre-client kernel: ? __d_lookup+0x49/0x230
Nov 27 00:46:15 lustre-client kernel: __lookup_slow+0x123/0x230
Nov 27 00:46:15 lustre-client kernel: ? vfs_readlink+0x220/0x220
Nov 27 00:46:15 lustre-client kernel: ? __nd_alloc_stack+0xa0/0xa0
Nov 27 00:46:15 lustre-client kernel: lookup_slow+0x44/0x60
Nov 27 00:46:15 lustre-client kernel: walk_component+0x3e3/0x680
Nov 27 00:46:15 lustre-client kernel: ? lookup_slow+0x60/0x60
Nov 27 00:46:15 lustre-client kernel: ? link_path_walk.part.41+0x292/0x830
Nov 27 00:46:15 lustre-client kernel: ? lookup_one_len+0x130/0x130
Nov 27 00:46:15 lustre-client kernel: ? path_init+0x451/0x5a0
Nov 27 00:46:15 lustre-client kernel: ? save_stack+0x21/0x90
Nov 27 00:46:15 lustre-client kernel: ? __kasan_kmalloc.constprop.14+0xc1/0xd0
Nov 27 00:46:15 lustre-client kernel: ? kasan_slab_alloc+0x11/0x20
Nov 27 00:46:15 lustre-client kernel: ? getname_flags+0x6f/0x2c0
Nov 27 00:46:15 lustre-client kernel: path_lookupat.isra.43+0x118/0x420
Nov 27 00:46:15 lustre-client kernel: ? path_parentat.isra.42+0xa0/0xa0
Nov 27 00:46:15 lustre-client kernel: ? deactivate_slab.isra.79+0x21b/0x5c0
Nov 27 00:46:15 lustre-client kernel: ? check_object+0xb5/0x290
Nov 27 00:46:15 lustre-client kernel: ? init_object+0x7e/0x90
Nov 27 00:46:15 lustre-client kernel: filename_lookup.part.59+0x116/0x240
Nov 27 00:46:15 lustre-client kernel: ? __ia32_sys_rename+0x50/0x50
Nov 27 00:46:15 lustre-client kernel: ? __check_object_size+0x1a7/0x216
Nov 27 00:46:15 lustre-client kernel: ? strncpy_from_user+0xdd/0x200
Nov 27 00:46:15 lustre-client kernel: ? getname_flags+0x112/0x2c0
Nov 27 00:46:15 lustre-client kernel: user_path_at_empty+0x3e/0x50
Nov 27 00:46:15 lustre-client kernel: path_getxattr+0xa8/0x130
Nov 27 00:46:15 lustre-client kernel: ? getxattr+0x230/0x230
Nov 27 00:46:15 lustre-client kernel: __x64_sys_getxattr+0x5b/0x70
Nov 27 00:46:15 lustre-client kernel: do_syscall_64+0x78/0x200
Nov 27 00:46:15 lustre-client kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9
Nov 27 00:46:15 lustre-client kernel: RIP: 0033:0x7fec4f3453ea
Nov 27 00:46:15 lustre-client kernel: Code: 73 01 c3 48 8b 0d 86 9a 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 bf 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 56 9a 2c 00 f7 d8 64 89 01 48
Nov 27 00:46:15 lustre-client kernel: RSP: 002b:00007ffd6b274628 EFLAGS: 00000206 ORIG_RAX: 00000000000000bf
Nov 27 00:46:15 lustre-client kernel: RAX: ffffffffffffffda RBX: 00007ffd6b274748 RCX: 00007fec4f3453ea
Nov 27 00:46:15 lustre-client kernel: RDX: 0000000000000000 RSI: 0000000000400cff RDI: 00007ffd6b276054
Nov 27 00:46:15 lustre-client kernel: RBP: 0000000000400cfc R08: 0000000000000000 R09: 0000000000000000
Nov 27 00:46:15 lustre-client kernel: R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003
Nov 27 00:46:15 lustre-client kernel: R13: 00007ffd6b276054 R14: 0000000000000000 R15: 0000000000000000
Nov 27 00:46:15 lustre-client kernel: 
Nov 27 00:46:15 lustre-client kernel: Allocated by task 23741:
Nov 27 00:46:15 lustre-client kernel: save_stack+0x21/0x90
Nov 27 00:46:15 lustre-client kernel: __kasan_kmalloc.constprop.14+0xc1/0xd0
Nov 27 00:46:15 lustre-client kernel: kasan_kmalloc+0x9/0x10
Nov 27 00:46:15 lustre-client kernel: __kmalloc+0x139/0x300
Nov 27 00:46:15 lustre-client kernel: lmv_unpackmd+0x5d3/0x12a0 [lmv]
Nov 27 00:46:15 lustre-client kernel: mdc_get_lustre_md+0x81a/0x12a0 [mdc]
Nov 27 00:46:15 lustre-client kernel: lmv_get_lustre_md+0x1c9/0x1e0 [lmv]
Nov 27 00:46:15 lustre-client kernel: ll_prep_inode+0x1e7/0xca0 [lustre]
Nov 27 00:46:15 lustre-client kernel: ll_lookup_it_finish+0x349/0x1500 [lustre]
Nov 27 00:46:15 lustre-client kernel: ll_lookup_it+0xeae/0x2000 [lustre]
Nov 27 00:46:15 lustre-client kernel: ll_lookup_nd+0x1ee/0x2b0 [lustre]
Nov 27 00:46:15 lustre-client kernel: __lookup_slow+0x123/0x230
Nov 27 00:46:15 lustre-client kernel: lookup_slow+0x44/0x60
Nov 27 00:46:15 lustre-client kernel: walk_component+0x3e3/0x680
Nov 27 00:46:15 lustre-client kernel: path_lookupat.isra.43+0x118/0x420
Nov 27 00:46:15 lustre-client kernel: filename_lookup.part.59+0x116/0x240
Nov 27 00:46:15 lustre-client kernel: user_path_at_empty+0x3e/0x50
Nov 27 00:46:15 lustre-client kernel: path_getxattr+0xa8/0x130
Nov 27 00:46:15 lustre-client kernel: __x64_sys_getxattr+0x5b/0x70
Nov 27 00:46:15 lustre-client kernel: do_syscall_64+0x78/0x200
Nov 27 00:46:15 lustre-client kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9
Nov 27 00:46:15 lustre-client kernel: 
Nov 27 00:46:15 lustre-client kernel: Freed by task 0:
Nov 27 00:46:15 lustre-client kernel: save_stack+0x21/0x90
Nov 27 00:46:15 lustre-client kernel: __kasan_slab_free+0x128/0x170
Nov 27 00:46:15 lustre-client kernel: kasan_slab_free+0xe/0x10
Nov 27 00:46:15 lustre-client kernel: kfree+0xa4/0x290
Nov 27 00:46:15 lustre-client kernel: autogroup_free+0x25/0x30
Nov 27 00:46:15 lustre-client kernel: sched_free_group+0x22/0x40
Nov 27 00:46:15 lustre-client kernel: sched_free_group_rcu+0x15/0x20
Nov 27 00:46:15 lustre-client kernel: rcu_do_batch+0x27c/0x660
Nov 27 00:46:15 lustre-client kernel: rcu_core+0x2a8/0x460
Nov 27 00:46:15 lustre-client kernel: rcu_core_si+0xe/0x10
Nov 27 00:46:15 lustre-client kernel: __do_softirq+0x10d/0x3c9
Nov 27 00:46:15 lustre-client kernel: 
Nov 27 00:46:15 lustre-client kernel: The buggy address belongs to the object at ffff8882175608c8#012 which belongs to the cache kmalloc-96 of size 96
Nov 27 00:46:15 lustre-client kernel: The buggy address is located 89 bytes inside of#012 96-byte region [ffff8882175608c8, ffff888217560928)
Nov 27 00:46:15 lustre-client kernel: The buggy address belongs to the page:
Nov 27 00:46:15 lustre-client kernel: page:ffffea00085d5800 refcount:1 mapcount:0 mapping:ffff888227010a00 index:0xffff888217563488 compound_mapcount: 0
Nov 27 00:46:15 lustre-client kernel: flags: 0x17ffffc0010200(slab|head)
Nov 27 00:46:15 lustre-client kernel: raw: 0017ffffc0010200 ffffea0007cc0208 ffff888227003a50 ffff888227010a00
Nov 27 00:46:15 lustre-client kernel: raw: ffff888217563488 0000000000240011 00000001ffffffff 0000000000000000
Nov 27 00:46:15 lustre-client kernel: page dumped because: kasan: bad access detected
Nov 27 00:46:15 lustre-client kernel: 
Nov 27 00:46:15 lustre-client kernel: Memory state around the buggy address:
Nov 27 00:46:15 lustre-client kernel: ffff888217560800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Nov 27 00:46:15 lustre-client kernel: ffff888217560880: fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00
Nov 27 00:46:15 lustre-client kernel: >ffff888217560900: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc
Nov 27 00:46:15 lustre-client kernel: ^
Nov 27 00:46:15 lustre-client kernel: ffff888217560980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Nov 27 00:46:15 lustre-client kernel: ffff888217560a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Nov 27 00:46:15 lustre-client kernel: ==================================================================

      Attachments

        Activity

          People

            stancheff Shaun Tancheff
            stancheff Shaun Tancheff
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: