Whamcloud Community JIRA https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 [LU-17386] BUG: KASAN: stack-out-of-bounds in iov_iter_advance https://jira.whamcloud.com/browse/LU-17386 Lustre <p>[ 3715.647977] LustreError: 110715:0:(file.c:246:ll_close_inode_openhandle()) Skipped 14 previous similar messages<br/> [ 3745.888562] Lustre: DEBUG MARKER: == sanity-flr test 61a: mirror extend and migrate preserve timestamps ========================================================== 19:39:55 (1703781595)<br/> [ 3762.757868] ==================================================================<br/> [ 3762.758950] BUG: KASAN: stack-out-of-bounds in iov_iter_advance+0xbf8/0xe00<br/> [ 3762.759766] Read of size 8 at addr ffff8881be6efd30 by task lt-lfs/112002<br/> [ 3762.760551]<br/> [ 3762.760741] CPU: 5 PID: 112002 Comm: lt-lfs Tainted: G W OE --------<del>r</del> - 4.18.0-305.25.1.el8_4.x86_64+debug #1<br/> [ 3762.762017] Hardware name: Red Hat KVM/RHEL-AV, BIOS 1.16.0-4.module_el8.9.0+3659+9c8643f3 04/01/2014<br/> [ 3762.763072] Call Trace:<br/> [ 3762.763379] dump_stack+0x8e/0xd0<br/> [ 3762.763812] ? iov_iter_advance+0xbf8/0xe00<br/> [ 3762.764314] print_address_description.constprop.5+0x1e/0x230<br/> [ 3762.765053] ? kmsg_dump_rewind_nolock+0xd9/0xd9<br/> [ 3762.765628] ? osc_io_lseek_start+0xb90/0xb90 <span class="error">&#91;osc&#93;</span><br/> [ 3762.766206] ? iov_iter_advance+0xbf8/0xe00<br/> [ 3762.766708] ? iov_iter_advance+0xbf8/0xe00<br/> [ 3762.767199] ? iov_iter_advance+0xbf8/0xe00<br/> [ 3762.767696] __kasan_report.cold.7+0x37/0x86<br/> [ 3762.768198] ? iov_iter_advance+0xbf8/0xe00<br/> [ 3762.768699] kasan_report+0x37/0x50<br/> [ 3762.769115] iov_iter_advance+0xbf8/0xe00<br/> [ 3762.769685] ? cl_sync_io_note+0x1aa/0x560 <span class="error">&#91;obdclass&#93;</span><br/> [ 3762.770331] ll_direct_IO_impl+0x17f0/0x2ab0 <span class="error">&#91;lustre&#93;</span><br/> [ 3762.770979] ? ll_write_end+0x12b0/0x12b0 <span class="error">&#91;lustre&#93;</span><br/> [ 3762.771625] ? file_update_time+0xf4/0x400<br/> [ 3762.772195] generic_file_direct_write+0x1eb/0x410<br/> [ 3762.772769] __generic_file_write_iter+0x271/0x530<br/> [ 3762.773380] ? cl_object_maxbytes+0x13c/0x3d0 <span class="error">&#91;obdclass&#93;</span><br/> [ 3762.774030] vvp_io_write_start+0xccf/0x2a00 <span class="error">&#91;lustre&#93;</span><br/> [ 3762.774649] ? lov_lock_init_composite+0x1b1/0x1f0 <span class="error">&#91;lov&#93;</span><br/> [ 3762.775338] ? vvp_io_write_commit+0xd70/0xd70 <span class="error">&#91;lustre&#93;</span><br/> [ 3762.776004] ? cl_lock_request+0x148/0x370 <span class="error">&#91;obdclass&#93;</span><br/> [ 3762.776661] cl_io_start+0x187/0x3a0 <span class="error">&#91;obdclass&#93;</span><br/> [ 3762.777258] cl_io_loop+0x183/0x490 <span class="error">&#91;obdclass&#93;</span><br/> [ 3762.777869] ll_file_io_generic+0x937/0x2540 <span class="error">&#91;lustre&#93;</span><br/> [ 3762.778539] ? lock_release+0x541/0xd70<br/> [ 3762.779127] ? lock_release+0xd40/0xd70<br/> [ 3762.779657] ? ll_io_init+0x1080/0x1080 <span class="error">&#91;lustre&#93;</span><br/> [ 3762.780272] ? lu_context_refill+0x3f/0x60 <span class="error">&#91;obdclass&#93;</span><br/> [ 3762.780939] ? cl_env_get+0x537/0x6e0 <span class="error">&#91;obdclass&#93;</span><br/> [ 3762.781527] ll_file_write_iter+0x140a/0x21a0 <span class="error">&#91;lustre&#93;</span><br/> [ 3762.782191] ? ll_file_io_generic+0x2540/0x2540 <span class="error">&#91;lustre&#93;</span><br/> [ 3762.782835] ? up_read+0x1b7/0x75a<br/> [ 3762.783251] ? down_read_killable_nested+0x770/0x770<br/> [ 3762.783888] ? vvp_io_fini+0x4d3/0x1ab0 <span class="error">&#91;lustre&#93;</span><br/> [ 3762.784480] new_sync_write+0x393/0x550<br/> [ 3762.784929] ? remap_verify_area+0x30/0x30<br/> [ 3762.785459] ? lock_downgrade+0x710/0x710<br/> [ 3762.785997] ? lock_acquire+0x34d/0x8a0<br/> [ 3762.786549] ? lprocfs_counter_add+0x2f5/0x4b0 <span class="error">&#91;obdclass&#93;</span><br/> [ 3762.787339] ? ktime_get_coarse_real_ts64+0x127/0x1b0<br/> [ 3762.787932] ? trace_hardirqs_on+0x20/0x195<br/> [ 3762.788438] ? __sb_start_write+0x180/0x300<br/> [ 3762.788965] vfs_write+0x157/0x460<br/> [ 3762.789423] ksys_pwrite64+0x11b/0x140<br/> [ 3762.789927] ? __audit_syscall_exit+0x796/0xab0<br/> [ 3762.790571] ? __ia32_sys_pread64+0xf0/0xf0<br/> [ 3762.791167] ? trace_hardirqs_on_thunk+0x1a/0x20<br/> [ 3762.791821] ? trace_hardirqs_on_caller+0x22/0x1a0<br/> [ 3762.792413] ? do_syscall_64+0x22/0x430<br/> [ 3762.792868] do_syscall_64+0xa5/0x430<br/> [ 3762.793310] entry_SYSCALL_64_after_hwframe+0x6a/0xdf<br/> [ 3762.793931] RIP: 0033:0x7fa290b0a278<br/> [ 3762.794433] Code: 89 02 48 c7 c0 ff ff ff ff eb b6 0f 1f 80 00 00 00 00 f3 0f 1e fa 8b 05 d6 d1 20 00 49 89 ca 85 c0 75 17 b8 12 00 00 00 0f 05 &lt;48&gt; 3d 00 f0 ff ff 77 60 c3 0f 1f 80 00 00 00 00 41 55 49 89 cd 41<br/> [ 3762.796988] RSP: 002b:00007ffc84da7908 EFLAGS: 00000246 ORIG_RAX: 0000000000000012<br/> [ 3762.797949] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fa290b0a278<br/> [ 3762.798976] RDX: 0000000000000005 RSI: 00007fa28b937000 RDI: 0000000000000004<br/> [ 3762.799931] RBP: 0000000000000000 R08: 00007ffc84df7090 R09: 0000000000328dd6<br/> [ 3762.800891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000<br/> [ 3762.801789] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc84da79c0<br/> [ 3762.802904]<br/> [ 3762.803161] The buggy address belongs to the page:<br/> [ 3762.803797] page:ffffea0006f9bbc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0<br/> [ 3762.804917] flags: 0x17ffffc0000000()<br/> [ 3762.805401] raw: 0017ffffc0000000 0000000000000000 ffffea0006f9bb88 0000000000000000<br/> [ 3762.806427] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000<br/> [ 3762.807487] page dumped because: kasan: bad access detected<br/> [ 3762.808175]<br/> [ 3762.808406] addr ffff8881be6efd30 is located in stack of task lt-lfs/112002 at offset 56 in frame:<br/> [ 3762.809618] new_sync_write+0x0/0x550<br/> [ 3762.810076]<br/> [ 3762.810275] this frame has 3 objects:<br/> [ 3762.810734] [32, 48) 'iov'<br/> [ 3762.810736] [96, 136) 'iter'<br/> [ 3762.811123] [192, 240) 'kiocb'<br/> [ 3762.811551]<br/> [ 3762.812192] Memory state around the buggy address:<br/> [ 3762.812879] ffff8881be6efc00: 00 00 f1 f1 f1 f1 01 f2 f2 f2 f2 f2 f2 f2 02 f2<br/> [ 3762.813808] ffff8881be6efc80: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 f1<br/> [ 3762.814792] &gt;ffff8881be6efd00: f1 f1 f1 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00<br/> [ 3762.815842] ^<br/> [ 3762.816536] ffff8881be6efd80: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 f2 f2 00<br/> [ 3762.817501] ffff8881be6efe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00<br/> [ 3762.818455] ==================================================================<br/> [ 3796.865939] Lustre: DEBUG MARKER: == sanity-flr test 61b: mirror extend and split preserve timestamps ========================================================== 19:40:46 (1703781646)</p> RHEL8 + debug kernel LU-17386 BUG: KASAN: stack-out-of-bounds in iov_iter_advance Bug Blocker Open Unresolved WC Triage Alexey Lyashkov Thu, 28 Dec 2023 17:00:59 +0000 Thu, 28 Dec 2023 17:00:59 +0000 0 2 Development Rank 1|i045x3: Rank (Obsolete) 9223372036854775807 Severity