[LU-16157] KASAN reports an read out of bound during lnet-selftest. Created: 14/Sep/22  Updated: 20/Dec/22  Resolved: 20/Dec/22

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: Lustre 2.16.0

Type: Bug Priority: Critical
Reporter: Alexey Lyashkov Assignee: Alexey Lyashkov
Resolution: Fixed Votes: 0
Labels: None

Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

easy to replicate - just build a lustre with with 2.15.0 (without my patches applied).
sysctl -w kernel.panic_on_warn=1
will helps with crash dump obtain.

[ 5715.612789] LNet: 6072:0:(rpc.c:616:srpc_service_add_buffers()) waiting for adding buffer
[ 5716.149797] LNet: 6072:0:(rpc.c:616:srpc_service_add_buffers()) waiting for adding buffer
[ 5716.683091] LNet: 6072:0:(rpc.c:616:srpc_service_add_buffers()) waiting for adding buffer
[ 5716.952287] ==================================================================
[ 5716.958820] BUG: KASAN: slab-out-of-bounds in lstcon_testrpc_prep+0x19e7/0x1bb0 [lnet_selftest]
[ 5716.960248] Read of size 4 at addr ffff8888bbaa866c by task lt-lst/6371
[ 5716.961381]
[ 5716.961667] CPU: 3 PID: 6371 Comm: lt-lst Tainted: G           OE    ---------r-  - 4.18.0-305.25.1.el8_4.x86_64+debug #1
[ 5716.963474] Hardware name: Red Hat KVM, BIOS 1.15.0-2.module_el8.6.0+2880+7d9e3703 04/01/2014
[ 5716.964554] Call Trace:
[ 5716.964970]  dump_stack+0x8e/0xd0
[ 5716.965562]  ? lstcon_testrpc_prep+0x19e7/0x1bb0 [lnet_selftest]
[ 5716.966596]  print_address_description.constprop.5+0x1e/0x230
[ 5716.967577]  ? kmsg_dump_rewind_nolock+0xd9/0xd9
[ 5716.968385]  ? lstcon_testrpc_prep+0x19e7/0x1bb0 [lnet_selftest]
[ 5716.969420]  ? lstcon_testrpc_prep+0x19e7/0x1bb0 [lnet_selftest]
[ 5716.970411]  ? lstcon_testrpc_prep+0x19e7/0x1bb0 [lnet_selftest]
[ 5716.971462]  __kasan_report.cold.7+0x37/0x86
[ 5716.972244]  ? lstcon_testrpc_prep+0x19e7/0x1bb0 [lnet_selftest]
[ 5716.973050]  kasan_report+0x37/0x50
[ 5716.973682]  lstcon_testrpc_prep+0x19e7/0x1bb0 [lnet_selftest]


 Comments   
Comment by Alexey Lyashkov [ 14/Sep/22 ]

In fact this is bug in lnet_selftest tool.
lstcon_pingrpc_prep expect to have some ping parameters from user land, but lst tool don't send any it caused a read outside of allocation. let's fix this in tool and in the module.

Comment by Gerrit Updater [ 14/Sep/22 ]

"Alexey Lyashkov <alexey.lyashkov@hpe.com>" uploaded a new patch: https://review.whamcloud.com/48547
Subject: LU-16157 lnet: lst read-outside of allocation
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: f94b4c87c94e75314a56a0c356ac689469f62c3a

Comment by Gerrit Updater [ 20/Dec/22 ]

"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/48547/
Subject: LU-16157 lnet: lst read-outside of allocation
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 222fbed52e02122c752fcb7fca153e9d8fe487bf

Comment by Peter Jones [ 20/Dec/22 ]

Landed for 2.16

Generated at Sat Feb 10 03:24:30 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.