Re: use-after-free access in bt_iter()

public inbox for linux-block@vger.kernel.org
 help / color / mirror / Atom feed

From: pragalla@codeaurora.org
To: John Garry <john.garry@huawei.com>
Cc: Bart Van Assche <bvanassche@acm.org>,
	axboe@kernel.dk, evgreen@google.com, linux-block@vger.kernel.org,
	stummala@codeaurora.org, Ming Lei <ming.lei@redhat.com>
Subject: Re: use-after-free access in bt_iter()
Date: Fri, 19 Feb 2021 11:52:25 +0530	[thread overview]
Message-ID: <b859618aeac58bd9bb620d7ebdb24b90@codeaurora.org> (raw)
In-Reply-To: <9ace4c26c47e84c3c6a1c68ef1a193f8@codeaurora.org>

On 2021-02-05 21:51, pragalla@codeaurora.org wrote:
> On 2021-02-05 21:37, John Garry wrote:
>> - bouncing jianchao.w.wang@oracle.com
>> 
>>>> 
>>>>> Some time ago you replied the following to an email from me with a
>>>>> suggestion for a fix: "Please let me consider it a bit more." Are 
>>>>> you
>>>>> still working on a fix?
>>>> 
>>>> Unfortunately I have not had a chance, sorry. But I can look again.
>>>> 
>>>> So I have only seen KASAN use-after-free's myself, but never an 
>>>> actual
>>>> oops. IIRC, someone did report an oops.
>>>> 
>>> Hi John,
>>> 
>>>> @Pradeep, do you have a reliable re-creator? I noticed the timeout
>>>> handler stackframe in your mail, so I guess not. However, as an
>>>> experiment, could you test:
>>>> https://lore.kernel.org/linux-block/1608203273-170555-2-git-send-email-john.garry@huawei.com/
>>> Yes, i don't have a reliable re-creator. The oops was noticed as a 
>>> part of stability testing and
>>> was not an intentional try. This was noticed couple of times.
>>> Please share the steps (if any) to easy hit or to exercise this path 
>>> more frequently.
>>> Meanwhile, i will go with the usual stability procedure. i will 
>>> update the results here later.
>>> 
>> 
Hi John,

we ran the stability with the above patch
(https://lore.kernel.org/linux-block/1608203273-170555-2-git-send-email-john.garry@huawei.com/)
with switching the io-schedulers in b/w for ~88hrs on 2 devices, we 
didn't notice any crash/issue.

>> Do you have a full kernel log for your crash?
> Yes. Attaching the full kernel dmesg log.
>> 
>> So there are different flavors of this issue, and you reported a crash
>> from blk_mq_queue_tag_busy_iter().
>> 
>> If you check:
>> https://lore.kernel.org/linux-block/76190c94-c5c1-9553-5509-9969fc323544@huawei.com/
>> 
>> You can see how I artificially trigger an issue in 
>> blk_mq_queue_tag_busy_iter().
> Sure, i will go through the steps on the recreation part. Thanks.
>> 
>>>> This should fix the common issue. But no final solution to issues
>>>> discussed from patch 2/2, which is more exotic.
>>>> 
>>>> BTW, is this the same Pradeep who reported:
>>>> https://lore.kernel.org/linux-block/1606402925-24420-1-git-send-email-ppvk@codeaurora.org/
>> 
>> Thanks,
>> John
> 
> Thanks and Regards,
> Pradeep

next prev parent reply	other threads:[~2021-02-19  6:23 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-02-04 11:46 use-after-free access in bt_iter() pragalla
2021-02-04 15:51 ` Bart Van Assche
2021-02-04 16:17   ` John Garry
2021-02-05  2:39     ` Ming Lei
2021-02-05 15:30     ` pragalla
2021-02-05 16:07       ` John Garry
     [not found]         ` <9ace4c26c47e84c3c6a1c68ef1a193f8@codeaurora.org>
2021-02-19  6:22           ` pragalla [this message]
2021-02-19  9:34             ` John Garry

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b859618aeac58bd9bb620d7ebdb24b90@codeaurora.org \
    --to=pragalla@codeaurora.org \
    --cc=axboe@kernel.dk \
    --cc=bvanassche@acm.org \
    --cc=evgreen@google.com \
    --cc=john.garry@huawei.com \
    --cc=linux-block@vger.kernel.org \
    --cc=ming.lei@redhat.com \
    --cc=stummala@codeaurora.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox