From: Sasha Levin <sasha.levin@oracle.com>
To: keith.busch@intel.com, Jens Axboe <axboe@kernel.dk>,
Christoph Hellwig <hch@infradead.org>,
jonathan.derrick@intel.com
Cc: LKML <linux-kernel@vger.kernel.org>, linux-block@vger.kernel.org
Subject: blk: accessing invalid memory with "blk-mq: dynamic h/w context count"
Date: Fri, 12 Feb 2016 00:41:28 -0500 [thread overview]
Message-ID: <56BD7088.1020908@oracle.com> (raw)
Hi all,
I've started seeing the following errors on boot:
[6035791.296570] ==================================================================
[6035791.297467] BUG: KASAN: slab-out-of-bounds in loop_init_request+0x19c/0x1c0 at addr ffff880052e5c190
[6035791.298355] Write of size 8 by task swapper/0/1
[6035791.298842] =============================================================================
[6035791.299751] BUG kmalloc-512 (Tainted: G W ): kasan: bad access detected
[6035791.300736] -----------------------------------------------------------------------------
[6035791.300736]
[6035791.301696] Disabling lock debugging due to kernel taint
[6035791.302220] INFO: Slab 0xffffea00014b9700 objects=32 used=32 fp=0x (null) flags=0x1fffff80004080
[6035791.303218] INFO: Object 0xffff880052e5c000 @offset=0 fp=0x (null)
[6035791.303218]
[6035791.304047] Object ffff880052e5c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.304955] Object ffff880052e5c010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.305970] Object ffff880052e5c020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.306916] Object ffff880052e5c030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.307908] Object ffff880052e5c040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.308903] Object ffff880052e5c050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.309959] Object ffff880052e5c060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.310896] Object ffff880052e5c070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.311849] Object ffff880052e5c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.312784] Object ffff880052e5c090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.313734] Object ffff880052e5c0a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.314646] Object ffff880052e5c0b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.315567] Object ffff880052e5c0c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.316519] Object ffff880052e5c0d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.317475] Object ffff880052e5c0e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.318461] Object ffff880052e5c0f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.319428] Object ffff880052e5c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.320548] Object ffff880052e5c110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.321680] Object ffff880052e5c120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.322585] Object ffff880052e5c130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.323587] Object ffff880052e5c140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.324574] Object ffff880052e5c150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.325505] Object ffff880052e5c160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.326449] Object ffff880052e5c170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.327412] Object ffff880052e5c180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.328329] Object ffff880052e5c190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.329200] Object ffff880052e5c1a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.330117] Object ffff880052e5c1b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.331000] Object ffff880052e5c1c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.331949] Object ffff880052e5c1d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.332888] Object ffff880052e5c1e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.333886] Object ffff880052e5c1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[6035791.334813] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B W 4.5.0-rc3-next-20160211-sasha-00028-g542d18e-dirty #2898
[6035791.335884] 1ffff1000a714ed2 00000000534d57fe ffff8800538a7718 ffffffffa34d4a15
[6035791.336796] ffffffff00000000 fffffbfff5eec534 0000000041b58ab3 ffffffffaefba520
[6035791.337631] ffffffffa34d489f 00000000534d57fe ffff880184220000 ffffffffaefd813f
[6035791.338458] Call Trace:
[6035791.338756] dump_stack (lib/dump_stack.c:53)
[6035791.340573] print_trailer (mm/slub.c:661)
[6035791.341117] object_err (mm/slub.c:668)
[6035791.341738] kasan_report_error (include/linux/kasan.h:28 mm/kasan/report.c:170 mm/kasan/report.c:237)
[6035791.344327] __asan_report_store8_noabort (mm/kasan/report.c:259 mm/kasan/report.c:285)
[6035791.345775] loop_init_request (drivers/block/loop.c:1699)
[6035791.347753] blk_mq_realloc_hw_ctxs (block/blk-mq.c:1722 block/blk-mq.c:1981)
[6035791.351966] blk_mq_init_allocated_queue (block/blk-mq.c:2027)
[6035791.355528] blk_mq_init_queue (block/blk-mq.c:1944)
[6035791.356081] loop_add (drivers/block/loop.c:1749)
[6035791.358663] loop_init (drivers/block/loop.c:2006 (discriminator 3))
[6035791.362708] do_one_initcall (init/main.c:788)
[6035791.363968] kernel_init_freeable (init/main.c:853 init/main.c:861 init/main.c:879 init/main.c:1004)
[6035791.366040] kernel_init (init/main.c:932)
[6035791.366573] ret_from_fork (arch/x86/entry/entry_64.S:383)
[6035791.367782] Memory state around the buggy address:
[6035791.368247] ffff880052e5c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[6035791.368968] ffff880052e5c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[6035791.369852] >ffff880052e5c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[6035791.370635] ^
[6035791.371015] ffff880052e5c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[6035791.371816] ffff880052e5c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
Bisection pointed to:
commit 868f2f0b72068a097508b6e8870a8950fd8eb7ef
Author: Keith Busch <keith.busch@intel.com>
Date: Thu Dec 17 17:08:14 2015 -0700
blk-mq: dynamic h/w context count
Thanks,
Sasha
next reply other threads:[~2016-02-12 5:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-12 5:41 Sasha Levin [this message]
2016-02-12 8:24 ` blk: accessing invalid memory with "blk-mq: dynamic h/w context count" Ming Lei
2016-02-12 18:50 ` Keith Busch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56BD7088.1020908@oracle.com \
--to=sasha.levin@oracle.com \
--cc=axboe@kernel.dk \
--cc=hch@infradead.org \
--cc=jonathan.derrick@intel.com \
--cc=keith.busch@intel.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.