Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-16342

BUG: KASAN: slab-out-of-bounds in mdt_quotactl+0x13ff/0x1430 [mdt]

    XMLWordPrintable

Details

    • 3
    • 9223372036854775807

    Description

      [20681.530066] BUG: KASAN: slab-out-of-bounds in mdt_quotactl+0x13ff/0x1430 [mdt]
[20681.530107] Write of size 16 at addr ffff8880129a5398 by task mdt00_003/243049

[20681.530165] CPU: 0 PID: 243049 Comm: mdt00_003 Tainted: G        W  OE    --------- -  - 4.18.0-193.28.1.x5.0.26.x86_64+debug #1
[20681.530216] Hardware name: Radxa ROCK Pi X/ROCK Pi X, BIOS 5.11 09/24/2020
[20681.530250] Call Trace:
[20681.530286]  dump_stack+0x9a/0xf0
[20681.530322]  print_address_description.cold.3+0x9/0x23b
[20681.530362]  kasan_report.cold.4+0x65/0x95
[20681.530599]  mdt_quotactl+0x13ff/0x1430 [mdt]
[20681.530909]  tgt_request_handle+0x17de/0x4300 [ptlrpc]
[20681.531860]  ptlrpc_server_handle_request+0xa65/0x1ff0 [ptlrpc]
[20681.532154]  ptlrpc_main+0x1dd3/0x3810 [ptlrpc]
[20681.532903]  kthread+0x30c/0x3d0
[20681.532971]  ret_from_fork+0x3a/0x50

[20681.533032] Allocated by task 243049:
[20681.533063]  kasan_kmalloc+0xbf/0xe0
[20681.533089]  __kmalloc+0x13d/0x210
[20681.533354]  null_alloc_rs+0x1d6/0x7d0 [ptlrpc]
[20681.533621]  sptlrpc_svc_alloc_rs+0x19c/0x830 [ptlrpc]
[20681.533887]  lustre_pack_reply_v2+0x14c/0x8a0 [ptlrpc]
[20681.534153]  lustre_pack_reply_flags+0x126/0x380 [ptlrpc]
[20681.534421]  req_capsule_server_pack+0xa7/0x1f0 [ptlrpc]
[20681.534548]  mdt_quotactl+0x1cd/0x1430 [mdt]
[20681.534826]  tgt_request_handle+0x17de/0x4300 [ptlrpc]
[20681.535095]  ptlrpc_server_handle_request+0xa65/0x1ff0 [ptlrpc]
[20681.535365]  ptlrpc_main+0x1dd3/0x3810 [ptlrpc]
[20681.535398]  kthread+0x30c/0x3d0
[20681.535425]  ret_from_fork+0x3a/0x50
[20681.535450]  0xffffffffffffffff

[20681.535487] Freed by task 4965:
[20681.535515]  __kasan_slab_free+0x125/0x170
[20681.535542]  slab_free_freelist_hook+0x5a/0x120
[20681.535570]  kfree+0xd6/0x2c0
[20681.535595]  __kfree_skb+0xe/0x20
[20681.535622]  tcp_clean_rtx_queue+0x654/0x2640
[20681.535649]  tcp_ack+0x12cb/0x2da0
[20681.535673]  tcp_rcv_established+0x1324/0x1ff0
[20681.535702]  tcp_v4_do_rcv+0x522/0x790
[20681.535729]  __release_sock+0x11e/0x310
[20681.535756]  release_sock+0x4f/0x180
[20681.535781]  tcp_sendmsg+0x31/0x40
[20681.535806]  sock_sendmsg+0xc0/0x110
[20681.535830]  sock_write_iter+0x1ed/0x340
[20681.535858]  new_sync_write+0x412/0x620
[20681.535884]  vfs_write+0x157/0x460
[20681.535908]  ksys_write+0xb8/0x170
[20681.535934]  do_syscall_64+0xa5/0x4d0
[20681.535961]  entry_SYSCALL_64_after_hwframe+0x6a/0xdf
[20681.535990]  0xffffffffffffffff

[20681.536028] The buggy address belongs to the object at ffff8880129a5100
                which belongs to the cache kmalloc-1k of size 1024
[20681.536083] The buggy address is located 664 bytes inside of
                1024-byte region [ffff8880129a5100, ffff8880129a5500)

      Attachments

        Activity

          People

            scherementsev Sergey Cheremencev
            scherementsev Sergey Cheremencev
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: