Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-18213

BUG: KFENCE: use-after-free write in kiblnd_destroy_conn+0x356/0x660 [ko2iblnd]

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • Lustre 2.17.0
    • None
    • None
    • 3
    • 9223372036854775807

    Description

      During 24 hour LNET router FOFB test (which was clean from VERs test results) logged four kfence messages.

      [root@kjcf04n00 log]# cat kern |grep BUG
Aug 27 18:05:55 kjcf04n02 kernel: BUG: KFENCE: use-after-free write in kiblnd_destroy_conn+0x356/0x660 [ko2iblnd]
Aug 27 23:16:03 kjcf04n09 kernel: BUG: KFENCE: use-after-free write in kiblnd_destroy_conn+0x356/0x660 [ko2iblnd]
Aug 28 06:01:49 kjcf04n02 kernel: BUG: KFENCE: use-after-free write in kiblnd_destroy_conn+0x356/0x660 [ko2iblnd]
Aug 28 11:44:53 kjcf04n07 kernel: BUG: KFENCE: use-after-free write in kiblnd_destroy_conn+0x356/0x660 [ko2iblnd]
[root@kjcf04n00 log]#

      BUG: KFENCE: use-after-free write in kiblnd_destroy_conn+0x356/0x660 [ko2iblnd]

      kjcf04n02 kernel: BUG: KFENCE: use-after-free write in kiblnd_destroy_conn+0x356/0x660 [ko2iblnd]
Aug 27 18:05:55 kjcf04n02 kernel: Use-after-free write at 0x0000000032f9c95d (in kfence-#236):
Aug 27 18:05:55 kjcf04n02 kernel:  kiblnd_destroy_conn+0x356/0x660 [ko2iblnd]
Aug 27 18:05:55 kjcf04n02 kernel:  kiblnd_connd+0x103/0x990 [ko2iblnd]
Aug 27 18:05:55 kjcf04n02 kernel:  kthread+0xd6/0x100
Aug 27 18:05:55 kjcf04n02 kernel:  ret_from_fork+0x1f/0x30
Aug 27 18:05:55 kjcf04n02 kernel:
Aug 27 18:05:55 kjcf04n02 kernel: kfence-#236: 0x000000002f73d039-0x00000000843d21cc, size=120, cache=kmalloc-128
Aug 27 18:05:55 kjcf04n02 kernel: allocated by task 16520 on cpu 12 at 107061.611145s:
Aug 27 18:05:55 kjcf04n02 kernel:  kiblnd_create_peer+0x5e/0x330 [ko2iblnd]
Aug 27 18:05:55 kjcf04n02 kernel:  kiblnd_launch_tx+0x4a9/0xc70 [ko2iblnd]
Aug 27 18:05:55 kjcf04n02 kernel:  kiblnd_send+0x2db/0x9d0 [ko2iblnd]
Aug 27 18:05:55 kjcf04n02 kernel:  lnet_ni_send+0x49/0xe0 [lnet]
Aug 27 18:05:55 kjcf04n02 kernel:  lnet_send+0xae/0x1e0 [lnet]
Aug 27 18:05:55 kjcf04n02 kernel:  LNetGet+0x49d/0x9d0 [lnet]
Aug 27 18:05:55 kjcf04n02 kernel:  lnet_send_ping+0x136/0x210 [lnet]
Aug 27 18:05:55 kjcf04n02 kernel:  lnet_recover_peer_nis.constprop.0+0x2d6/0x6d0 [lnet]
Aug 27 18:05:55 kjcf04n02 kernel:  lnet_monitor_thread+0xd7/0x190 [lnet]
Aug 27 18:05:55 kjcf04n02 kernel:  kthread+0xd6/0x100
Aug 27 18:05:55 kjcf04n02 kernel:  ret_from_fork+0x1f/0x30
Aug 27 18:05:55 kjcf04n02 kernel:
Aug 27 18:05:55 kjcf04n02 kernel: freed by task 16266 on cpu 12 at 107364.269670s:
Aug 27 18:05:55 kjcf04n02 kernel:  kiblnd_destroy_peer+0xb1/0x220 [ko2iblnd]
Aug 27 18:05:55 kjcf04n02 kernel:  kiblnd_destroy_conn+0x5f1/0x660 [ko2iblnd]
Aug 27 18:05:55 kjcf04n02 kernel:  kiblnd_connd+0x103/0x990 [ko2iblnd]
Aug 27 18:05:55 kjcf04n02 kernel:  kthread+0xd6/0x100
Aug 27 18:05:55 kjcf04n02 kernel:  ret_from_fork+0x1f/0x30
Aug 27 18:05:55 kjcf04n02 kernel:
Aug 27 18:05:55 kjcf04n02 kernel: CPU: 12 PID: 16266 Comm: kiblnd_connd Kdump: loaded Tainted: G           OE    --------  ---  5.14.0-284.18.1.x7.0.010.8.x86_64 #1

      Attachments

        Activity

          People

            stancheff Shaun Tancheff
            stancheff Shaun Tancheff
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: