Re: BUG: KASAN: use-after-free in xfs_iflush_cluster+0x9d7/0xaf0

From: Andrea Gelmini <andrea.gelmini@gelma.net>
To: Dave Chinner <david@fromorbit.com>
Cc: linux-kernel@vger.kernel.org, xfs@oss.sgi.com
Subject: Re: BUG: KASAN: use-after-free in xfs_iflush_cluster+0x9d7/0xaf0
Date: Mon, 4 Jan 2016 15:12:39 +0100	[thread overview]
Message-ID: <20160104141239.GA7054@glen> (raw)
In-Reply-To: <20160103204758.GW19802@dastard>

[-- Attachment #1.1.1: Type: text/plain, Size: 4976 bytes --]

On Mon, Jan 04, 2016 at 07:47:58AM +1100, Dave Chinner wrote:
> > Maybe, in the meanwhile, you can do something with my files. You can find 'em here:
> > http://mail.gelma.net/xfs_kasan
> 
> Any update on this problem, Andrea?

Hi Dave,
   and thanks a lot for your interest.
   So, to make long story short.
   Recompiled kernel with debug info and all the rest.
   Run it.
   Then started a flood of this kind:
Dec 15 12:12:24 glen kernel: [ 5326.351571] BUG: KASAN: use-after-free in __check_element+0x1e0/0x200 at addr ffff88004a201ff5
Dec 15 12:12:24 glen kernel: [ 5326.351574] Read of size 1 by task kworker/u8:2/10221
Dec 15 12:12:24 glen kernel: [ 5326.351578] page:ffffea0001288040 count:1 mapcount:0 mapping:          (null) index:0x0
Dec 15 12:12:24 glen kernel: [ 5326.351580] flags: 0x4000000000000000()
Dec 15 12:12:24 glen kernel: [ 5326.351583] page dumped because: kasan: bad access detected
Dec 15 12:12:24 glen kernel: [ 5326.351587] CPU: 1 PID: 10221 Comm: kworker/u8:2 Tainted: G    B           4.4.0-rc5KASan #1
Dec 15 12:12:24 glen kernel: [ 5326.351590] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA4WW (2.64 ) 10/08/2015
Dec 15 12:12:24 glen kernel: [ 5326.351594] Workqueue: kcryptd kcryptd_crypt
Dec 15 12:12:24 glen kernel: [ 5326.351596]  ffff88004a201ff5 ffff8801086bfa10 ffffffff819d2e3a 00000000ffffff6b
Dec 15 12:12:24 glen kernel: [ 5326.351601]  ffff8801086bfa98 ffffffff813f4b61 0000000000000010 dffffc0000000000
Dec 15 12:12:24 glen kernel: [ 5326.351606]  0000000000000046 ffffed00094403fe 00000000813f42cd 0000000000000000
Dec 15 12:12:24 glen kernel: [ 5326.351610] Call Trace:
Dec 15 12:12:24 glen kernel: [ 5326.351614]  [<ffffffff819d2e3a>] dump_stack+0x4e/0x84
Dec 15 12:12:24 glen kernel: [ 5326.351619]  [<ffffffff813f4b61>] kasan_report_error+0x511/0x540
Dec 15 12:12:24 glen kernel: [ 5326.351623]  [<ffffffff813f4bce>] __asan_report_load1_noabort+0x3e/0x40
Dec 15 12:12:24 glen kernel: [ 5326.351628]  [<ffffffff8132e600>] ? __check_element+0x1e0/0x200
Dec 15 12:12:24 glen kernel: [ 5326.351632]  [<ffffffff8132e600>] __check_element+0x1e0/0x200
Dec 15 12:12:24 glen kernel: [ 5326.351636]  [<ffffffff8132e8b6>] remove_element+0x206/0x430
Dec 15 12:12:24 glen kernel: [ 5326.351640]  [<ffffffff8132ec35>] mempool_alloc+0x155/0x2a0
Dec 15 12:12:24 glen kernel: [ 5326.351644]  [<ffffffff813f40c8>] ? memset+0x28/0x30
Dec 15 12:12:24 glen kernel: [ 5326.351648]  [<ffffffff8132eae0>] ? remove_element+0x430/0x430
Dec 15 12:12:24 glen kernel: [ 5326.351652]  [<ffffffff81927cb0>] ? bvec_alloc+0x250/0x250
Dec 15 12:12:24 glen kernel: [ 5326.351656]  [<ffffffff8103af40>] ? set_tsc_mode+0x60/0x60
Dec 15 12:12:24 glen kernel: [ 5326.351661]  [<ffffffff8206075d>] kcryptd_crypt+0x5dd/0xea0
Dec 15 12:12:24 glen kernel: [ 5326.351667]  [<ffffffff8114728a>] process_one_work+0x48a/0x1160
Dec 15 12:12:24 glen kernel: [ 5326.351671]  [<ffffffff81148034>] worker_thread+0xd4/0x1170
Dec 15 12:12:24 glen kernel: [ 5326.351676]  [<ffffffff81147f60>] ? process_one_work+0x1160/0x1160
Dec 15 12:12:24 glen kernel: [ 5326.351681]  [<ffffffff81157d70>] kthread+0x1c0/0x260
Dec 15 12:12:24 glen kernel: [ 5326.351686]  [<ffffffff81157bb0>] ? kthread_worker_fn+0x560/0x560
Dec 15 12:12:24 glen kernel: [ 5326.351691]  [<ffffffff81157bb0>] ? kthread_worker_fn+0x560/0x560
Dec 15 12:12:24 glen kernel: [ 5326.351696]  [<ffffffff824daf8f>] ret_from_fork+0x3f/0x70
Dec 15 12:12:24 glen kernel: [ 5326.351700]  [<ffffffff81157bb0>] ? kthread_worker_fn+0x560/0x560
Dec 15 12:12:24 glen kernel: [ 5326.351703] Memory state around the buggy address:
Dec 15 12:12:24 glen kernel: [ 5326.351707]  ffff88004a201e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Dec 15 12:12:24 glen kernel: [ 5326.351711]  ffff88004a201f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Dec 15 12:12:24 glen kernel: [ 5326.351715] >ffff88004a201f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Dec 15 12:12:24 glen kernel: [ 5326.351717]                                                              ^
Dec 15 12:12:24 glen kernel: [ 5326.351721]  ffff88004a202000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dec 15 12:12:24 glen kernel: [ 5326.351725]  ffff88004a202080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dec 15 12:12:24 glen kernel: [ 5326.351727] ==================================================================
Dec 15 12:12:24 glen kernel: [ 5326.351730] ==================================================================

   Everytime it happened (usually when writing) I had a little stall of the system. After a few hours it was
   impossible to work this way, so I got back to an Ubuntu vanilla kernel. (I guess it's related to my luks
   partition).

   Anyway, now I compile rc8 and try it again.
   In attachment you can find my .config.
   If you please can give it a look and tell me if it's good for you, about info you could need after.

Thanks again,
Andrea

[-- Attachment #1.1.2: config.gz --]
[-- Type: application/gzip, Size: 41187 bytes --]

[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 949 bytes --]

[-- Attachment #2: Type: text/plain, Size: 121 bytes --]

_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs