From: 周继峰 <zhoujifeng@kylinos.com.cn>
To: "kernel test robot" <oliver.sang@intel.com>
Cc: oe-lkp <oe-lkp@lists.linux.dev>, lkp <lkp@intel.com>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
ltp <ltp@lists.linux.it>,
linux-kernel <linux-kernel@vger.kernel.org>,
miklos <miklos@szeredi.hu>, "oliver.sang" <oliver.sang@intel.com>
Subject: Re: [PATCH v2] fuse: Track process write operations in both direct and writethrough modes
Date: Fri, 17 Nov 2023 11:06:10 +0800 [thread overview]
Message-ID: <tencent_357A64C125E563CC20B58A87@qq.com> (raw)
In-Reply-To: <202311161627.5a936995-oliver.sang@intel.com>
Hi Miklos,
On Thu, Nov 16, 2023 at 4:43 PM kernel test robot <oliver.sang@intel.com> wrote:
>
>
>
> Hello,
>
> kernel test robot noticed "BUG:KASAN:slab-out-of-bounds_in_fuse_evict_inode" on:
>
> commit: 6772e9ddfc996544d6a22e72eddf7510ac2999fc ("[PATCH v2] fuse: Track process write operations in both direct and writethrough modes")
> url: https://github.com/intel-lab-lkp/linux/commits/Zhou-Jifeng/fuse-Track-process-write-operations-in-both-direct-and-writethrough-modes/20231107-163300
> base: https://git.kernel.org/cgit/linux/kernel/git/mszeredi/fuse.git for-next
> patch link: https://lore.kernel.org/all/20231107081350.14472-1-zhoujifeng@kylinos.com.cn/
> patch subject: [PATCH v2] fuse: Track process write operations in both direct and writethrough modes
>
> in testcase: ltp
> version: ltp-x86_64-14c1f76-1_20230715
> with following parameters:
>
> disk: 1HDD
> fs: xfs
> test: fs-03
>
>
>
> compiler: gcc-12
> test machine: 4 threads 1 sockets Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz (Ivy Bridge) with 8G memory
>
> (please refer to attached dmesg/kmsg for entire log/backtrace)
>
>
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang@intel.com>
> | Closes: https://lore.kernel.org/oe-lkp/202311161627.5a936995-oliver.sang@intel.com
>
>
>
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20231116/202311161627.5a936995-oliver.sang@intel.com
>
>
> [ 608.279527][ T5411] ==================================================================
> [ 608.279697][ T5411] BUG: KASAN: slab-out-of-bounds in fuse_evict_inode+0x15c/0x4a0 [fuse]
> [ 608.279871][ T5411] Write of size 4 at addr ffff888092af0dc8 by task fs_fill/5411
> [ 608.280019][ T5411]
> [ 608.280082][ T5411] CPU: 1 PID: 5411 Comm: fs_fill Not tainted 6.6.0-rc2-00004-g6772e9ddfc99 #1
> [ 608.280252][ T5411] Hardware name: Hewlett-Packard p6-1451cx/2ADA, BIOS 8.15 02/05/2013
> [ 608.280409][ T5411] Call Trace:
> [ 608.280494][ T5411] <TASK>
> [ 608.280570][ T5411] dump_stack_lvl+0x36/0x50
> [ 608.280674][ T5411] print_address_description+0x2c/0x3a0
> [ 608.280808][ T5411] ? fuse_evict_inode+0x15c/0x4a0 [fuse]
> [ 608.280935][ T5411] print_report+0xba/0x2b0
> [ 608.281034][ T5411] ? kasan_addr_to_slab+0xd/0x90
> [ 608.281140][ T5411] ? fuse_evict_inode+0x15c/0x4a0 [fuse]
> [ 608.281266][ T5411] kasan_report+0xc7/0x100
> [ 608.281604][ T5411] ? fuse_evict_inode+0x15c/0x4a0 [fuse]
> [ 608.281763][ T5411] kasan_check_range+0xfc/0x1a0
> [ 608.281871][ T5411] fuse_evict_inode+0x15c/0x4a0 [fuse]
> [ 608.281994][ T5411] evict+0x29b/0x5e0
> [ 608.282086][ T5411] ? lookup_one_qstr_excl+0x23/0x150
> [ 608.282201][ T5411] do_unlinkat+0x34f/0x5a0
> [ 608.282300][ T5411] ? __x64_sys_rmdir+0xf0/0xf0
> [ 608.282404][ T5411] ? 0xffffffff81000000
> [ 608.282498][ T5411] ? strncpy_from_user+0x6a/0x230
> [ 608.282611][ T5411] ? getname_flags+0x8d/0x430
> [ 608.282724][ T5411] __x64_sys_unlink+0xa9/0xf0
> [ 608.282827][ T5411] do_syscall_64+0x38/0x80
> [ 608.282928][ T5411] entry_SYSCALL_64_after_hwframe+0x5e/0xc8
> [ 608.283052][ T5411] RIP: 0033:0x7f6ba18898a7
> [ 608.283574][ T5411] Code: f0 ff ff 73 01 c3 48 8b 0d 56 85 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 29 85 0d 00 f7 d8 64 89 01 48
> [ 608.283947][ T5411] RSP: 002b:00007f6ba178ae48 EFLAGS: 00000246 ORIG_RAX: 0000000000000057
> [ 608.284142][ T5411] RAX: ffffffffffffffda RBX: 00007f6b94000b70 RCX: 00007f6ba18898a7
> [ 608.284321][ T5411] RDX: 0000000000000000 RSI: 0000000000000039 RDI: 00007f6ba178ae90
> [ 608.284503][ T5411] RBP: 00007f6ba178ae90 R08: 0000000000000000 R09: 0000000000000073
> [ 608.284681][ T5411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000562b20532004
> [ 608.284862][ T5411] R13: 0000000000000039 R14: 0000000000000000 R15: 00007f6ba178ae90
> [ 608.285050][ T5411] </TASK>
> [ 608.285150][ T5411]
> [ 608.285237][ T5411] The buggy address belongs to the object at ffff888092af0b40
> [ 608.285237][ T5411] which belongs to the cache fuse_inode of size 824
> [ 608.285514][ T5411] The buggy address is located 648 bytes inside of
> [ 608.285514][ T5411] allocated 824-byte region [ffff888092af0b40, ffff888092af0e78)
> [ 608.285794][ T5411]
> [ 608.285883][ T5411] The buggy address belongs to the physical page:
> [ 608.286036][ T5411] page:00000000c8edd8aa refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x92af0
> [ 608.286258][ T5411] head:00000000c8edd8aa order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0
> [ 608.286455][ T5411] memcg:ffff8881f087ff01
> [ 608.286572][ T5411] flags: 0xfffffc0000840(slab|head|node=0|zone=1|lastcpupid=0x1fffff)
> [ 608.286753][ T5411] page_type: 0xffffffff()
> [ 608.286867][ T5411] raw: 000fffffc0000840 ffff8881019c9e00 dead000000000122 0000000000000000
> [ 608.287685][ T5411] raw: 0000000000000000 0000000080110011 00000001ffffffff ffff8881f087ff01
> [ 608.287877][ T5411] page dumped because: kasan: bad access detected
> [ 608.288035][ T5411]
> [ 608.288121][ T5411] Memory state around the buggy address:
> [ 608.288261][ T5411] ffff888092af0c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 608.288443][ T5411] ffff888092af0d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 608.288624][ T5411] >ffff888092af0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 608.288803][ T5411] ^
> [ 608.288932][ T291] tst_fill_fs.c:126: TINFO: writev("mntpoint/subdir/thread4/AOF", iov, 512): ENOSPC
> [ 608.288950][ T5411] ffff888092af0e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 608.288953][ T5411] ffff888092af0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 608.288984][ T291]
> [ 608.289107][ T5411] ==================================================================
> [ 608.289285][ T5411] Disabling lock debugging due to kernel taint
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>
>
I carefully analyzed the patch I submitted, and I feel that the error in the ltp test has nothing to do with the "[PATCH v2] fuse: Track process write operations in both direct and writethrough modes" patch. Can you give me some guidance on the cause of the error?
Thanks,
Bernd
next prev parent reply other threads:[~2023-11-17 3:06 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-28 6:59 [PATCH] fuse: Track process write operations in both direct and writethrough modes Zhou Jifeng
2023-11-07 4:27 ` Dan Carpenter
2023-11-07 8:13 ` [PATCH v2] " Zhou Jifeng
2023-11-16 8:42 ` kernel test robot
2023-11-17 3:06 ` 周继峰 [this message]
2023-11-17 17:15 ` Krister Johansen
2024-03-05 16:04 ` Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=tencent_357A64C125E563CC20B58A87@qq.com \
--to=zhoujifeng@kylinos.com.cn \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
--cc=ltp@lists.linux.it \
--cc=miklos@szeredi.hu \
--cc=oe-lkp@lists.linux.dev \
--cc=oliver.sang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).