From: Andrea Gelmini <andrea.gelmini@gelma.net>
To: Dave Chinner <david@fromorbit.com>
Cc: linux-kernel@vger.kernel.org, xfs@oss.sgi.com
Subject: Re: BUG: KASAN: use-after-free in xfs_iflush_cluster+0x9d7/0xaf0
Date: Mon, 4 Jan 2016 15:12:39 +0100 [thread overview]
Message-ID: <20160104141239.GA7054@glen> (raw)
In-Reply-To: <20160103204758.GW19802@dastard>
[-- Attachment #1.1: Type: text/plain, Size: 4976 bytes --]
On Mon, Jan 04, 2016 at 07:47:58AM +1100, Dave Chinner wrote:
> > Maybe, in the meanwhile, you can do something with my files. You can find 'em here:
> > http://mail.gelma.net/xfs_kasan
>
> Any update on this problem, Andrea?
Hi Dave,
and thanks a lot for your interest.
So, to make long story short.
Recompiled kernel with debug info and all the rest.
Run it.
Then started a flood of this kind:
Dec 15 12:12:24 glen kernel: [ 5326.351571] BUG: KASAN: use-after-free in __check_element+0x1e0/0x200 at addr ffff88004a201ff5
Dec 15 12:12:24 glen kernel: [ 5326.351574] Read of size 1 by task kworker/u8:2/10221
Dec 15 12:12:24 glen kernel: [ 5326.351578] page:ffffea0001288040 count:1 mapcount:0 mapping: (null) index:0x0
Dec 15 12:12:24 glen kernel: [ 5326.351580] flags: 0x4000000000000000()
Dec 15 12:12:24 glen kernel: [ 5326.351583] page dumped because: kasan: bad access detected
Dec 15 12:12:24 glen kernel: [ 5326.351587] CPU: 1 PID: 10221 Comm: kworker/u8:2 Tainted: G B 4.4.0-rc5KASan #1
Dec 15 12:12:24 glen kernel: [ 5326.351590] Hardware name: LENOVO 2356LRG/2356LRG, BIOS G7ETA4WW (2.64 ) 10/08/2015
Dec 15 12:12:24 glen kernel: [ 5326.351594] Workqueue: kcryptd kcryptd_crypt
Dec 15 12:12:24 glen kernel: [ 5326.351596] ffff88004a201ff5 ffff8801086bfa10 ffffffff819d2e3a 00000000ffffff6b
Dec 15 12:12:24 glen kernel: [ 5326.351601] ffff8801086bfa98 ffffffff813f4b61 0000000000000010 dffffc0000000000
Dec 15 12:12:24 glen kernel: [ 5326.351606] 0000000000000046 ffffed00094403fe 00000000813f42cd 0000000000000000
Dec 15 12:12:24 glen kernel: [ 5326.351610] Call Trace:
Dec 15 12:12:24 glen kernel: [ 5326.351614] [<ffffffff819d2e3a>] dump_stack+0x4e/0x84
Dec 15 12:12:24 glen kernel: [ 5326.351619] [<ffffffff813f4b61>] kasan_report_error+0x511/0x540
Dec 15 12:12:24 glen kernel: [ 5326.351623] [<ffffffff813f4bce>] __asan_report_load1_noabort+0x3e/0x40
Dec 15 12:12:24 glen kernel: [ 5326.351628] [<ffffffff8132e600>] ? __check_element+0x1e0/0x200
Dec 15 12:12:24 glen kernel: [ 5326.351632] [<ffffffff8132e600>] __check_element+0x1e0/0x200
Dec 15 12:12:24 glen kernel: [ 5326.351636] [<ffffffff8132e8b6>] remove_element+0x206/0x430
Dec 15 12:12:24 glen kernel: [ 5326.351640] [<ffffffff8132ec35>] mempool_alloc+0x155/0x2a0
Dec 15 12:12:24 glen kernel: [ 5326.351644] [<ffffffff813f40c8>] ? memset+0x28/0x30
Dec 15 12:12:24 glen kernel: [ 5326.351648] [<ffffffff8132eae0>] ? remove_element+0x430/0x430
Dec 15 12:12:24 glen kernel: [ 5326.351652] [<ffffffff81927cb0>] ? bvec_alloc+0x250/0x250
Dec 15 12:12:24 glen kernel: [ 5326.351656] [<ffffffff8103af40>] ? set_tsc_mode+0x60/0x60
Dec 15 12:12:24 glen kernel: [ 5326.351661] [<ffffffff8206075d>] kcryptd_crypt+0x5dd/0xea0
Dec 15 12:12:24 glen kernel: [ 5326.351667] [<ffffffff8114728a>] process_one_work+0x48a/0x1160
Dec 15 12:12:24 glen kernel: [ 5326.351671] [<ffffffff81148034>] worker_thread+0xd4/0x1170
Dec 15 12:12:24 glen kernel: [ 5326.351676] [<ffffffff81147f60>] ? process_one_work+0x1160/0x1160
Dec 15 12:12:24 glen kernel: [ 5326.351681] [<ffffffff81157d70>] kthread+0x1c0/0x260
Dec 15 12:12:24 glen kernel: [ 5326.351686] [<ffffffff81157bb0>] ? kthread_worker_fn+0x560/0x560
Dec 15 12:12:24 glen kernel: [ 5326.351691] [<ffffffff81157bb0>] ? kthread_worker_fn+0x560/0x560
Dec 15 12:12:24 glen kernel: [ 5326.351696] [<ffffffff824daf8f>] ret_from_fork+0x3f/0x70
Dec 15 12:12:24 glen kernel: [ 5326.351700] [<ffffffff81157bb0>] ? kthread_worker_fn+0x560/0x560
Dec 15 12:12:24 glen kernel: [ 5326.351703] Memory state around the buggy address:
Dec 15 12:12:24 glen kernel: [ 5326.351707] ffff88004a201e80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Dec 15 12:12:24 glen kernel: [ 5326.351711] ffff88004a201f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Dec 15 12:12:24 glen kernel: [ 5326.351715] >ffff88004a201f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Dec 15 12:12:24 glen kernel: [ 5326.351717] ^
Dec 15 12:12:24 glen kernel: [ 5326.351721] ffff88004a202000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dec 15 12:12:24 glen kernel: [ 5326.351725] ffff88004a202080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Dec 15 12:12:24 glen kernel: [ 5326.351727] ==================================================================
Dec 15 12:12:24 glen kernel: [ 5326.351730] ==================================================================
Everytime it happened (usually when writing) I had a little stall of the system. After a few hours it was
impossible to work this way, so I got back to an Ubuntu vanilla kernel. (I guess it's related to my luks
partition).
Anyway, now I compile rc8 and try it again.
In attachment you can find my .config.
If you please can give it a look and tell me if it's good for you, about info you could need after.
Thanks again,
Andrea
[-- Attachment #1.2: config.gz --]
[-- Type: application/gzip, Size: 41187 bytes --]
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 949 bytes --]
next prev parent reply other threads:[~2016-01-04 14:12 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-14 18:00 BUG: KASAN: use-after-free in xfs_iflush_cluster+0x9d7/0xaf0 Andrea Gelmini
2015-12-14 19:54 ` Dave Chinner
2015-12-14 20:15 ` Andrea Gelmini
2015-12-14 21:22 ` Dave Chinner
2015-12-15 9:11 ` Andrea Gelmini
2016-01-03 20:47 ` Dave Chinner
2016-01-04 14:12 ` Andrea Gelmini [this message]
2016-01-05 16:30 ` Andrea Gelmini
2016-01-05 20:58 ` Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160104141239.GA7054@glen \
--to=andrea.gelmini@gelma.net \
--cc=david@fromorbit.com \
--cc=linux-kernel@vger.kernel.org \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox