dm-integrity resize crashes kernel

Ondrej Kozina <okozina@xxxxxxxxxx> · Thu, 24 Mar 2022 16:34:37 +0100

Hi,

I've hit a dm-integrity crash when re-extending dm-integrity device. The 
trick is that underlying device needs to change its size as well. 
There's reproducer attached which I have tested on top of scsi_debug 
device but it's not limited to scsi_debug.

Tested kernel version: 5.17.0, My minimal tested device size was 128MB, 
but it can be reproduced with larger devices as well.

See the attached test.sh script but basically:

1) create 1:1 dm linear mapping (to be able to resize it online later)
2) format dm-linear with integritysetup
3) activate dm-integrity on top of dm-linear
4) write whole dm-integrity
5) shrink dm-integrity
6) shrink dm-linear mapping
7) re-extend dm-integrity over dm-linear again
8) write dm-linear
9) kernel crashes with:

[  158.771518] kernel BUG at drivers/md/dm-integrity.c:2168!
[  158.772175] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[  158.772749] CPU: 1 PID: 1053 Comm: dd Not tainted 
5.17.0-128.fc37.x86_64 #1
[  158.773448] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[  158.773997] RIP: 0010:dm_integrity_map_continue+0x6e8/0xa40 
[dm_integrity]
[  158.774662] Code: a8 00 00 00 e8 79 db ff ff 84 c0 0f 85 b0 fd ff ff 
4c 89 ff e8 99 e2 ff ff e9 b6 fd ff ff 48 8b 4c 24 08 31 c0 e9 bd fa ff 
ff <0f> 0b 31 db e9 e4 fa ff ff 80 7c 24 1a 00 0f 85 05 03 00 00 83 fb
[  158.776404] RSP: 0018:ffffa95a00c67a38 EFLAGS: 00010013
[  158.776900] RAX: ffff8ee4e9de7000 RBX: 0000000000000001 RCX: 
0000000000000018
[  158.777574] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 
ffff8ee4c35b8000
[  158.778229] RBP: 0000000000000000 R08: 000000000000000b R09: 
00000000000000b0
[  158.778822] R10: 0000000000000000 R11: 0000000000000002 R12: 
0000000000000000
[  158.779446] R13: 0000000000000000 R14: ffff8ee4c43f5000 R15: 
ffff8ee4c3eace00
[  158.780080] FS:  00007f361d61c740(0000) GS:ffff8ee4fbc80000(0000) 
knlGS:0000000000000000
[  158.780798] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  158.781286] CR2: 00007f3610062000 CR3: 0000000103e96003 CR4: 
0000000000370ee0
[  158.781881] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
0000000000000000
[  158.782482] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 
0000000000000400
[  158.783081] Call Trace:
[  158.783291]  <TASK>
[  158.783457]  ? mempool_alloc+0x4f/0x170
[  158.783753]  dm_integrity_map+0x1bf/0x330 [dm_integrity]
[  158.784163]  __map_bio+0x62/0x210
[  158.784427]  __split_and_process_non_flush+0x1cb/0x240
[  158.784818]  dm_submit_bio+0x115/0x360
[  158.785110]  __submit_bio+0xaf/0x180
[  158.785391]  submit_bio_noacct+0xbd/0x2a0
[  158.785696]  __blkdev_direct_IO_simple+0x198/0x290
[  158.786069]  ? folio_add_lru+0x83/0x100
[  158.786364]  ? _raw_spin_unlock+0x16/0x30
[  158.786670]  ? __handle_mm_fault+0x1109/0x13f0
[  158.787010]  ? __blkdev_direct_IO_simple+0x290/0x290
[  158.787389]  generic_file_direct_write+0x9b/0x1d0
[  158.787748]  __generic_file_write_iter+0x91/0x190
[  158.788119]  blkdev_write_iter+0xbc/0x140
[  158.788412]  new_sync_write+0xff/0x180
[  158.788692]  vfs_write+0x209/0x2a0
[  158.788944]  ksys_write+0x53/0xd0
[  158.789191]  do_syscall_64+0x37/0x80
[  158.789457]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  158.789828] RIP: 0033:0x7f361d7247e7
[  158.790101] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 
1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 
05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
[  158.792087] RSP: 002b:00007fff3413fa68 EFLAGS: 00000246 ORIG_RAX: 
0000000000000001
[  158.792962] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 
00007f361d7247e7
[  158.793811] RDX: 0000000000100000 RSI: 00007f360ff63000 RDI: 
0000000000000001
[  158.794665] RBP: 0000000000100000 R08: 00000000ffffffff R09: 
0000000000000000
[  158.795515] R10: 0000000000000022 R11: 0000000000000246 R12: 
00007f360ff63000
[  158.796389] R13: 0000000000000000 R14: 0000000000100000 R15: 
0000000000000000
[  158.797237]  </TASK>
[  158.797732] Modules linked in: dm_integrity async_xor async_tx 
scsi_debug rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd 
grace fscache netfs intel_rapl_msr intel_rapl_common kvm_intel sunrpc 
kvm binfmt_misc snd_hda_codec_generic ledtrig_audio snd_hda_intel 
irqbypass snd_intel_dspcfg snd_intel_sdw_acpi rapl snd_hda_codec 
snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm virtio_net 
snd_timer joydev snd net_failover failover soundcore virtio_balloon 
i2c_piix4 cfg80211 rfkill fuse dm_crypt xfs crct10dif_pclmul 
crc32_pclmul crc32c_intel qxl ata_generic drm_ttm_helper ttm virtio_scsi 
pata_acpi serio_raw qemu_fw_cfg ghash_clmulni_intel virtio_console
[  158.803972] ---[ end trace 0000000000000000 ]---
[  158.804669] RIP: 0010:dm_integrity_map_continue+0x6e8/0xa40 
[dm_integrity]
[  158.805554] Code: a8 00 00 00 e8 79 db ff ff 84 c0 0f 85 b0 fd ff ff 
4c 89 ff e8 99 e2 ff ff e9 b6 fd ff ff 48 8b 4c 24 08 31 c0 e9 bd fa ff 
ff <0f> 0b 31 db e9 e4 fa ff ff 80 7c 24 1a 00 0f 85 05 03 00 00 83 fb
[  158.807657] RSP: 0018:ffffa95a00c67a38 EFLAGS: 00010013
[  158.808427] RAX: ffff8ee4e9de7000 RBX: 0000000000000001 RCX: 
0000000000000018
[  158.809322] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 
ffff8ee4c35b8000
[  158.810227] RBP: 0000000000000000 R08: 000000000000000b R09: 
00000000000000b0
[  158.811137] R10: 0000000000000000 R11: 0000000000000002 R12: 
0000000000000000
[  158.812043] R13: 0000000000000000 R14: ffff8ee4c43f5000 R15: 
ffff8ee4c3eace00
[  158.812940] FS:  00007f361d61c740(0000) GS:ffff8ee4fbc80000(0000) 
knlGS:0000000000000000
[  158.813932] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  158.814747] CR2: 00007f3610062000 CR3: 0000000103e96003 CR4: 
0000000000370ee0
[  158.815654] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
0000000000000000
[  158.816559] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 
0000000000000400
[  158.817489] note: dd[1053] exited with preempt_count 1
[  158.818287] ------------[ cut here ]------------
[  158.819279] WARNING: CPU: 1 PID: 1053 at kernel/exit.c:738 
do_exit+0x35/0xad0
[  158.820207] Modules linked in: dm_integrity async_xor async_tx 
scsi_debug rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd 
grace fscache netfs intel_rapl_msr intel_rapl_common kvm_intel sunrpc 
kvm binfmt_misc snd_hda_codec_generic ledtrig_audio snd_hda_intel 
irqbypass snd_intel_dspcfg snd_intel_sdw_acpi rapl snd_hda_codec 
snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm virtio_net 
snd_timer joydev snd net_failover failover soundcore virtio_balloon 
i2c_piix4 cfg80211 rfkill fuse dm_crypt xfs crct10dif_pclmul 
crc32_pclmul crc32c_intel qxl ata_generic drm_ttm_helper ttm virtio_scsi 
pata_acpi serio_raw qemu_fw_cfg ghash_clmulni_intel virtio_console
[  158.826988] CPU: 1 PID: 1053 Comm: dd Tainted: G      D 
--------- ---  5.17.0-128.fc37.x86_64 #1
[  158.828156] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[  158.829064] RIP: 0010:do_exit+0x35/0xad0
[  158.829892] Code: 41 54 49 89 fc 55 53 65 48 8b 1c 25 c0 fb 01 00 48 
83 ec 20 48 8b 83 10 0d 00 00 48 85 c0 74 0c 48 83 38 00 0f 84 ab 04 00 
00 <0f> 0b 48 8b bb 28 0c 00 00 e8 cd 35 c3 00 83 4b 2c 08 48 8b 83 20
[  158.832312] RSP: 0018:ffffa95a00c67ee8 EFLAGS: 00010002
[  158.833220] RAX: ffffa95a00c67e10 RBX: ffff8ee4c21a8000 RCX: 
0000000000000000
[  158.834288] RDX: 0000000000000001 RSI: ffffffffb6665155 RDI: 
000000000000000b
[  158.835330] RBP: ffff8ee4c21a8000 R08: 0000000000000000 R09: 
ffffa95a00c67d88
[  158.836365] R10: ffffa95a00c67d80 R11: ffffffffb6f45588 R12: 
000000000000000b
[  158.837392] R13: 0000000000000004 R14: ffff8ee4c21a8000 R15: 
ffffa95a00c67988
[  158.838416] FS:  00007f361d61c740(0000) GS:ffff8ee4fbc80000(0000) 
knlGS:0000000000000000
[  158.839502] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  158.840433] CR2: 00007f3610062000 CR3: 0000000103e96003 CR4: 
0000000000370ee0
[  158.841459] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 
0000000000000000
[  158.842487] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 
0000000000000400
[  158.843520] Call Trace:
[  158.844235]  <TASK>
[  158.844896]  make_task_dead+0x51/0x60
[  158.845661]  rewind_stack_and_make_dead+0x17/0x17
[  158.846509] RIP: 0033:0x7f361d7247e7
[  158.847261] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 
1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 
05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
[  158.849550] RSP: 002b:00007fff3413fa68 EFLAGS: 00000246 ORIG_RAX: 
0000000000000001
[  158.850587] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 
00007f361d7247e7
[  158.851574] RDX: 0000000000100000 RSI: 00007f360ff63000 RDI: 
0000000000000001
[  158.852559] RBP: 0000000000100000 R08: 00000000ffffffff R09: 
0000000000000000
[  158.853572] R10: 0000000000000022 R11: 0000000000000246 R12: 
00007f360ff63000
[  158.854535] R13: 0000000000000000 R14: 0000000000100000 R15: 
0000000000000000
[  158.855498]  </TASK>
[  158.856112] ---[ end trace 0000000000000000 ]---
Attachment:
test.sh

Description: application/shellscript
--
dm-devel mailing list
dm-devel@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/dm-devel