Hello,
If I run the srp tests from the blktests test suite long enough against
kernel v4.20-rc1 then the complaint shown below appears. Has anyone else
already encountered this? This is how I run the srp tests:
(cd blktests +ACYAJg while ./check -q srp+ADs do :+ADs done)
Thanks,
Bart.
+AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9
BUG: KASAN: use-after-free in rxe+AF8-resp+AF8-queue+AF8-pkt+-0x2b/0x70 +AFs-rdma+AF8-rxe+AF0
Read of size 1 at addr ffff8800361722d5 by task kworker/1:2/26251
CPU: 1 PID: 26251 Comm: kworker/1:2 Not tainted 4.20.0-rc1-dbg+- +ACM-2
Hardware name: QEMU Standard PC (i440FX +- PIIX, 1996), BIOS 1.10.2-1 04/01/2014
Workqueue: target+AF8-completion target+AF8-complete+AF8-ok+AF8-work +AFs-target+AF8-core+AF8-mod+AF0
Call Trace:
+ADw-IRQ+AD4
dump+AF8-stack+-0x86/0xca
print+AF8-address+AF8-description+-0x71/0x239
kasan+AF8-report.cold.5+-0x242/0x301
+AF8AXw-asan+AF8-load1+-0x47/0x50
rxe+AF8-resp+AF8-queue+AF8-pkt+-0x2b/0x70 +AFs-rdma+AF8-rxe+AF0
rxe+AF8-rcv+-0x53e/0xb00 +AFs-rdma+AF8-rxe+AF0
rxe+AF8-loopback+-0xe/0x10 +AFs-rdma+AF8-rxe+AF0
rxe+AF8-requester+-0x13de/0x2130 +AFs-rdma+AF8-rxe+AF0
rxe+AF8-do+AF8-task+-0xdd/0x170 +AFs-rdma+AF8-rxe+AF0
tasklet+AF8-action+AF8-common.isra.14+-0xc0/0x280
tasklet+AF8-action+-0x3d/0x50
+AF8AXw-do+AF8-softirq+-0x128/0x5ae
irq+AF8-exit+-0xdd/0x100
smp+AF8-call+AF8-function+AF8-single+AF8-interrupt+-0x90/0x2b0
call+AF8-function+AF8-single+AF8-interrupt+-0xf/0x20
+ADw-/IRQ+AD4
RIP: 0010:+AF8-raw+AF8-spin+AF8-unlock+AF8-irq+-0x32/0x50
Code: 00 00 00 48 89 e5 53 48 89 fb 48 83 c7 18 48 8b 55 08 e8 a1 ff 30 ff 48 89 df e8 79 67 31 ff e8 34 b6 40 ff fb bf 01 00 00 00 +ADw-e8+AD4 09 e9 2b ff 65 8b 05 02 31 1d 7e 85 c0 74 03 5b 5d c3 e8 d9 7a
RSP: 0018:ffff8800b71e7d98 EFLAGS: 00000246 ORIG+AF8-RAX: ffffffffffffff04
RAX: 0000000000000000 RBX: ffff88011b66ac80 RCX: ffffffff8115b2e6
RDX: 0000000000000007 RSI: dffffc0000000000 RDI: 0000000000000001
RBP: ffff8800b71e7da0 R08: ffffed00236cd591 R09: ffffed00236cd590
R10: ffffed00236cd590 R11: ffff88011b66ac83 R12: ffff880112b49a00
R13: ffff88011b66acd0 R14: ffff88011b66ac80 R15: ffff88011b66acd0
process+AF8-one+AF8-work+-0x3e6/0x9f0
worker+AF8-thread+-0x67/0x5b0
kthread+-0x1cf/0x1f0
ret+AF8-from+AF8-fork+-0x24/0x30
Allocated by task 26251:
save+AF8-stack+-0x43/0xd0
kasan+AF8-kmalloc+-0xc7/0xe0
kasan+AF8-slab+AF8-alloc+-0x11/0x20
kmem+AF8-cache+AF8-alloc+AF8-node+-0xf3/0x350
+AF8AXw-alloc+AF8-skb+-0xa8/0x310
rxe+AF8-init+AF8-packet+-0xc8/0x220 +AFs-rdma+AF8-rxe+AF0
rxe+AF8-requester+-0x5f9/0x2130 +AFs-rdma+AF8-rxe+AF0
rxe+AF8-do+AF8-task+-0xdd/0x170 +AFs-rdma+AF8-rxe+AF0
tasklet+AF8-action+AF8-common.isra.14+-0xc0/0x280
tasklet+AF8-action+-0x3d/0x50
+AF8AXw-do+AF8-softirq+-0x128/0x5ae
Freed by task 36:
save+AF8-stack+-0x43/0xd0
+AF8AXw-kasan+AF8-slab+AF8-free+-0x139/0x190
kasan+AF8-slab+AF8-free+-0xe/0x10
kmem+AF8-cache+AF8-free+-0xbc/0x330
kfree+AF8-skbmem+-0x66/0xa0
kfree+AF8-skb+-0x80/0x1b0
rxe+AF8-responder+-0x663/0x3760 +AFs-rdma+AF8-rxe+AF0
rxe+AF8-do+AF8-task+-0xdd/0x170 +AFs-rdma+AF8-rxe+AF0
tasklet+AF8-action+AF8-common.isra.14+-0xc0/0x280
tasklet+AF8-action+-0x3d/0x50
+AF8AXw-do+AF8-softirq+-0x128/0x5ae
The buggy address belongs to the object at ffff880036172280
which belongs to the cache skbuff+AF8-head+AF8-cache of size 200
The buggy address is located 85 bytes inside of
200-byte region +AFs-ffff880036172280, ffff880036172348)
The buggy address belongs to the page:
page:ffffea0000d85c80 count:1 mapcount:0 mapping:ffff88011abb7200 index:0x0 compound+AF8-mapcount: 0
flags: 0x1fff000000010200(slab+AHw-head)
raw: 1fff000000010200 ffffea0002550a00 0000000600000006 ffff88011abb7200
raw: 0000000000000000 0000000080190019 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff880036172180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff880036172200: fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
+AD4-ffff880036172280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+AF4
ffff880036172300: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc
ffff880036172380: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
+AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9AD0APQA9-
