From: bvanassche@acm.org (Bart Van Assche)
Subject: v5.0-rc2 and NVMeOF
Date: Mon, 11 Feb 2019 09:24:51 -0800 [thread overview]
Message-ID: <1549905891.19311.5.camel@acm.org> (raw)
In-Reply-To: <6c18d8f8-949f-9502-566a-643d384e9113@grimberg.me>
On Wed, 2019-01-16@17:16 -0800, Sagi Grimberg wrote:
> On 1/15/19 11:07 AM, Bart Van Assche wrote:
> > Hello,
> >
> > With Linus' kernel v5.0-rc2 the blktests nvmeof-mp tests trigger the
> > complaint shown below. Is this a known issue?
>
> Seems like ns remove is racing with ns revalidate again..
>
> Wasn't this related to: eb4c2382272a ("srcu: Lock srcu_data structure in
> srcu_gp_start()") ?
(+Paul)
I'm not sure. Paul, are you perhaps aware of any open issues in the RCU
infrastructure? If I run the following test:
git clone https://github.com/osandov/blktests.git
cd blktests
./check -q nvmeof-mp
then the following appears on the console:
BUG: KASAN: use-after-free in srcu_invoke_callbacks+0x209/0x290
Read of size 8 at addr ffff8881126b6df0 by task kworker/2:94/26747
CPU: 2 PID: 26747 Comm: kworker/2:94 Not tainted 5.0.0-rc5-dbg+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
Workqueue: rcu_gp srcu_invoke_callbacks
Call Trace:
dump_stack+0x86/0xca
print_address_description+0x71/0x239
kasan_report.cold.3+0x1b/0x3e
__asan_load8+0x54/0x90
srcu_invoke_callbacks+0x209/0x290
process_one_work+0x4f1/0xa40
worker_thread+0x67/0x5b0
kthread+0x1cf/0x1f0
ret_from_fork+0x24/0x30
Allocated by task 955:
save_stack+0x43/0xd0
__kasan_kmalloc.constprop.9+0xcb/0xd0
kasan_kmalloc+0x9/0x10
kmem_cache_alloc_trace+0x14c/0x340
nvme_validate_ns+0xada/0x1170
nvme_scan_work+0x299/0x4c8
process_one_work+0x4f1/0xa40
worker_thread+0x67/0x5b0
kthread+0x1cf/0x1f0
ret_from_fork+0x24/0x30
Freed by task 55:
save_stack+0x43/0xd0
__kasan_slab_free+0x139/0x190
kasan_slab_free+0xe/0x10
kfree+0x103/0x320
nvme_free_ns+0x198/0x1a0
nvme_ns_remove+0x1c5/0x240
nvme_remove_namespaces+0x1b3/0x210
nvme_delete_ctrl_work+0x7d/0xe0
process_one_work+0x4f1/0xa40
worker_thread+0x367/0x5b0
kthread+0x1cf/0x1f0
ret_from_fork+0x24/0x30
The buggy address belongs to the object at ffff8881126b6c00
which belongs to the cache kmalloc-1k of size 1024
The buggy address is located 496 bytes inside of
1024-byte region [ffff8881126b6c00, ffff8881126b7000)
The buggy address belongs to the page:
page:ffffea000449ac00 count:1 mapcount:0 mapping:ffff88811b002a00 index:0xffff8881126b1f80 compound_mapcount: 0
flags: 0x2fff000000010200(slab|head)
raw: 2fff000000010200 ffffea00042bcc08 ffffea000457b808 ffff88811b002a00
raw: ffff8881126b1f80 00000000001c0011 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8881126b6c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8881126b6d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff8881126b6d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8881126b6e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8881126b6e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
next prev parent reply other threads:[~2019-02-11 17:24 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-15 19:07 v5.0-rc2 and NVMeOF Bart Van Assche
2019-01-17 1:16 ` Sagi Grimberg
2019-02-11 17:24 ` Bart Van Assche [this message]
2019-02-11 21:08 ` Paul E. McKenney
2019-02-11 22:27 ` Bart Van Assche
2019-02-12 1:24 ` Paul E. McKenney
2019-02-12 16:47 ` Bart Van Assche
2019-02-12 17:47 ` Paul E. McKenney
2019-02-12 19:15 ` Paul E. McKenney
2019-02-13 0:44 ` Bart Van Assche
2019-02-13 1:10 ` Paul E. McKenney
2019-02-13 15:19 ` Paul E. McKenney
2019-02-13 15:24 ` Paul E. McKenney
2019-02-13 18:36 ` Bart Van Assche
2019-02-13 18:48 ` Paul E. McKenney
2019-02-13 19:12 ` Bart Van Assche
2019-02-13 19:30 ` Paul E. McKenney
2019-02-13 19:52 ` Paul E. McKenney
2019-02-13 21:00 ` Bart Van Assche
2019-02-13 22:09 ` Paul E. McKenney
2019-02-13 23:07 ` Paul E. McKenney
2019-02-14 0:21 ` Bart Van Assche
2019-02-14 1:02 ` Paul E. McKenney
2019-02-26 17:35 ` Paul E. McKenney
2019-02-26 17:47 ` Bart Van Assche
2019-02-26 18:12 ` Paul E. McKenney
2019-02-26 18:40 ` Bart Van Assche
2019-02-26 19:20 ` Paul E. McKenney
2019-02-26 23:48 ` Bart Van Assche
2019-02-27 16:04 ` Paul E. McKenney
2019-02-27 16:25 ` Bart Van Assche
2019-02-27 18:22 ` Paul E. McKenney
2019-02-13 19:13 ` Paul E. McKenney
2019-02-13 0:47 ` Bart Van Assche
2019-02-13 1:07 ` Paul E. McKenney
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1549905891.19311.5.camel@acm.org \
--to=bvanassche@acm.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).