From: bvanassche@acm.org (Bart Van Assche)
Subject: v5.0-rc2 and NVMeOF
Date: Mon, 11 Feb 2019 14:27:19 -0800 [thread overview]
Message-ID: <1549924039.19311.26.camel@acm.org> (raw)
In-Reply-To: <20190211210808.GS4240@linux.ibm.com>
On Mon, 2019-02-11@13:08 -0800, Paul E. McKenney wrote:
> On Mon, Feb 11, 2019@09:24:51AM -0800, Bart Van Assche wrote:
> > BUG: KASAN: use-after-free in srcu_invoke_callbacks+0x209/0x290
> > Read of size 8 at addr ffff8881126b6df0 by task kworker/2:94/26747
> > CPU: 2 PID: 26747 Comm: kworker/2:94 Not tainted 5.0.0-rc5-dbg+ #5
> > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
> > Workqueue: rcu_gp srcu_invoke_callbacks
> > Call Trace:
> > dump_stack+0x86/0xca
> > print_address_description+0x71/0x239
> > kasan_report.cold.3+0x1b/0x3e
> > __asan_load8+0x54/0x90
> > srcu_invoke_callbacks+0x209/0x290
> > process_one_work+0x4f1/0xa40
> > worker_thread+0x67/0x5b0
> > kthread+0x1cf/0x1f0
> > ret_from_fork+0x24/0x30
>
> The usual way that something like this happens is by invoking call_srcu()
> twice in a row on the same object, similar to double-kfree() but with
> call_srcu() instead of kfree(). One way to check for this sort of thing
> is to reproduce in a kernel built with CONFIG_DEBUG_OBJECTS_RCU_HEAD=y.
Thanks Paul for the feedback. You may want to know that this test was run
against kernel v5.0-rc5 and that that debugging option was enabled in the
kernel config before I ran this test:
$ grep RCU_HEAD .config
CONFIG_DEBUG_OBJECTS_RCU_HEAD=y
Bart.
next prev parent reply other threads:[~2019-02-11 22:27 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-15 19:07 v5.0-rc2 and NVMeOF Bart Van Assche
2019-01-17 1:16 ` Sagi Grimberg
2019-02-11 17:24 ` Bart Van Assche
2019-02-11 21:08 ` Paul E. McKenney
2019-02-11 22:27 ` Bart Van Assche [this message]
2019-02-12 1:24 ` Paul E. McKenney
2019-02-12 16:47 ` Bart Van Assche
2019-02-12 17:47 ` Paul E. McKenney
2019-02-12 19:15 ` Paul E. McKenney
2019-02-13 0:44 ` Bart Van Assche
2019-02-13 1:10 ` Paul E. McKenney
2019-02-13 15:19 ` Paul E. McKenney
2019-02-13 15:24 ` Paul E. McKenney
2019-02-13 18:36 ` Bart Van Assche
2019-02-13 18:48 ` Paul E. McKenney
2019-02-13 19:12 ` Bart Van Assche
2019-02-13 19:30 ` Paul E. McKenney
2019-02-13 19:52 ` Paul E. McKenney
2019-02-13 21:00 ` Bart Van Assche
2019-02-13 22:09 ` Paul E. McKenney
2019-02-13 23:07 ` Paul E. McKenney
2019-02-14 0:21 ` Bart Van Assche
2019-02-14 1:02 ` Paul E. McKenney
2019-02-26 17:35 ` Paul E. McKenney
2019-02-26 17:47 ` Bart Van Assche
2019-02-26 18:12 ` Paul E. McKenney
2019-02-26 18:40 ` Bart Van Assche
2019-02-26 19:20 ` Paul E. McKenney
2019-02-26 23:48 ` Bart Van Assche
2019-02-27 16:04 ` Paul E. McKenney
2019-02-27 16:25 ` Bart Van Assche
2019-02-27 18:22 ` Paul E. McKenney
2019-02-13 19:13 ` Paul E. McKenney
2019-02-13 0:47 ` Bart Van Assche
2019-02-13 1:07 ` Paul E. McKenney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1549924039.19311.26.camel@acm.org \
--to=bvanassche@acm.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.