From: Oliver Sang <oliver.sang@intel.com>
To: David Howells <dhowells@redhat.com>
Cc: Christian Brauner <brauner@kernel.org>,
Steve French <sfrench@samba.org>, <oe-lkp@lists.linux.dev>,
<lkp@intel.com>,
Linux Memory Management List <linux-mm@kvack.org>,
Jeff Layton <jlayton@kernel.org>, <netfs@lists.linux.dev>,
<linux-fsdevel@vger.kernel.org>, <oliver.sang@intel.com>
Subject: Re: [linux-next:master] [netfs] a05b682d49: BUG:KASAN:slab-use-after-free_in_copy_from_iter
Date: Thu, 19 Sep 2024 10:23:42 +0800 [thread overview]
Message-ID: <ZuuLLrurWiPSXt7X@xsang-OptiPlex-9020> (raw)
In-Reply-To: <2364479.1726658868@warthog.procyon.org.uk>
[-- Attachment #1: Type: text/plain, Size: 3053 bytes --]
hi, David,
On Wed, Sep 18, 2024 at 12:27:48PM +0100, David Howells wrote:
> David Howells <dhowells@redhat.com> wrote:
>
> > Does this:
> >
> > https://lore.kernel.org/linux-fsdevel/2280667.1726594254@warthog.procyon.org.uk/T/#u
> >
> > [PATCH] cifs: Fix reversion of the iter in cifs_readv_receive()
> >
> > help?
>
> Actually, it probably won't. The issue seems to be one I'm already trying to
> reproduce that Steve has flagged.
>
> Can you tell me SMB server you're using? Samba, ksmbd, Windows, Azure? I'm
> guessing one of the first two.
we actually use local mount to simulate smb. I attached an output for details.
2024-09-11 23:30:58 mkdir -p /cifs/sda1
2024-09-11 23:30:58 timeout 5m mount -t cifs -o vers=2.0 -o user=root,password=pass //localhost/fs/sda1 /cifs/sda1
mount cifs success
2024-09-11 23:30:58 mkdir -p /cifs/sda2
2024-09-11 23:30:58 timeout 5m mount -t cifs -o vers=2.0 -o user=root,password=pass //localhost/fs/sda2 /cifs/sda2
mount cifs success
2024-09-11 23:30:59 mkdir -p /cifs/sda3
2024-09-11 23:30:59 timeout 5m mount -t cifs -o vers=2.0 -o user=root,password=pass //localhost/fs/sda3 /cifs/sda3
mount cifs success
2024-09-11 23:30:59 mkdir -p /cifs/sda4
2024-09-11 23:30:59 timeout 5m mount -t cifs -o vers=2.0 -o user=root,password=pass //localhost/fs/sda4 /cifs/sda4
mount cifs success
2024-09-11 23:31:00 mount /dev/sda1 /fs/sda1
2024-09-11 23:31:01 mkdir -p /smbv2//cifs/sda1
2024-09-11 23:31:01 export FSTYP=cifs
2024-09-11 23:31:01 export TEST_DEV=//localhost/fs/sda1
2024-09-11 23:31:01 export TEST_DIR=/smbv2//cifs/sda1
2024-09-11 23:31:01 export CIFS_MOUNT_OPTIONS=-ousername=root,password=pass,noperm,vers=2.0,mfsymlinks,actimeo=0
2024-09-11 23:31:01 sed "s:^:generic/:" //lkp/benchmarks/xfstests/tests/generic-group-07
2024-09-11 23:31:01 ./check -E tests/cifs/exclude.incompatible-smb2.txt -E tests/cifs/exclude.very-slow.txt generic/071 generic/072 generic/074 generic/075 generic/076 generic/078 generic/079
>
> Also, will your reproducer really clobber four arbitrary partitions on sdb?
yeah, we setup dedicated hdd for tests on each test machine, e.g. for the
lkp-skl-d05 used in the test, it has:
nr_hdd_partitions: 4
hdd_partitions: /dev/disk/by-id/wwn-0x5000c50091e544de-part*
then in this 4HDD-ext4-smbv2-generic-group-07 test, also as in attached output
2024-09-11 23:26:17 wipefs -a --force /dev/sda1
/dev/sda1: 2 bytes were erased at offset 0x00000438 (ext4): 53 ef
2024-09-11 23:26:17 wipefs -a --force /dev/sda2
2024-09-11 23:26:17 wipefs -a --force /dev/sda3
2024-09-11 23:26:17 wipefs -a --force /dev/sda4
2024-09-11 23:26:17 mkfs -t ext4 -q -E lazy_itable_init=0,lazy_journal_init=0 -F /dev/sda1
2024-09-11 23:26:17 mkfs -t ext4 -q -E lazy_itable_init=0,lazy_journal_init=0 -F /dev/sda3
2024-09-11 23:26:17 mkfs -t ext4 -q -E lazy_itable_init=0,lazy_journal_init=0 -F /dev/sda2
2024-09-11 23:26:17 mkfs -t ext4 -q -E lazy_itable_init=0,lazy_journal_init=0 -F /dev/sda4
I also attached 074.full. KASAN issue occurs while this 074 test
in generic-group-07.
>
> David
>
[-- Attachment #2: output --]
[-- Type: text/plain, Size: 5379 bytes --]
==> /tmp/stdout <==
==> /tmp/stderr <==
==> /tmp/stdout <==
RESULT_ROOT=/result/xfstests/4HDD-ext4-smbv2-generic-group-07/lkp-skl-d05/debian-12-x86_64-20240206.cgz/x86_64-rhel-8.3-func/gcc-12/a05b682d498a81ca12f1dd964f06f3aec48af595/0
job=/lkp/jobs/scheduled/lkp-skl-d05/xfstests-4HDD-ext4-smbv2-generic-group-07-debian-12-x86_64-20240206.cgz-a05b682d498a-20240912-365474-1kx9t2n-0.yaml
result_service: raw_upload, RESULT_MNT: /internal-lkp-server/result, RESULT_ROOT: /internal-lkp-server/result/xfstests/4HDD-ext4-smbv2-generic-group-07/lkp-skl-d05/debian-12-x86_64-20240206.cgz/x86_64-rhel-8.3-func/gcc-12/a05b682d498a81ca12f1dd964f06f3aec48af595/0, TMP_RESULT_ROOT: /tmp/lkp/result
run-job /lkp/jobs/scheduled/lkp-skl-d05/xfstests-4HDD-ext4-smbv2-generic-group-07-debian-12-x86_64-20240206.cgz-a05b682d498a-20240912-365474-1kx9t2n-0.yaml
/usr/bin/wget -q --timeout=3600 --tries=1 --local-encoding=UTF-8 http://internal-lkp-server:80/~lkp/cgi-bin/lkp-jobfile-append-var?job_file=/lkp/jobs/scheduled/lkp-skl-d05/xfstests-4HDD-ext4-smbv2-generic-group-07-debian-12-x86_64-20240206.cgz-a05b682d498a-20240912-365474-1kx9t2n-0.yaml&job_state=running -O /dev/null
target ucode: 0xf0
LKP: stdout: 1226: current_version: f0, target_version: f0
2024-09-11 23:26:16 dmsetup remove_all
2024-09-11 23:26:17 wipefs -a --force /dev/sda1
/dev/sda1: 2 bytes were erased at offset 0x00000438 (ext4): 53 ef
2024-09-11 23:26:17 wipefs -a --force /dev/sda2
2024-09-11 23:26:17 wipefs -a --force /dev/sda3
2024-09-11 23:26:17 wipefs -a --force /dev/sda4
2024-09-11 23:26:17 mkfs -t ext4 -q -E lazy_itable_init=0,lazy_journal_init=0 -F /dev/sda1
2024-09-11 23:26:17 mkfs -t ext4 -q -E lazy_itable_init=0,lazy_journal_init=0 -F /dev/sda3
2024-09-11 23:26:17 mkfs -t ext4 -q -E lazy_itable_init=0,lazy_journal_init=0 -F /dev/sda2
2024-09-11 23:26:17 mkfs -t ext4 -q -E lazy_itable_init=0,lazy_journal_init=0 -F /dev/sda4
2024-09-11 23:30:56 mkdir -p /fs/sda1
ext4
2024-09-11 23:30:56 mount -t ext4 /dev/sda1 /fs/sda1
2024-09-11 23:30:56 mkdir -p /fs/sda2
ext4
2024-09-11 23:30:56 mount -t ext4 /dev/sda2 /fs/sda2
2024-09-11 23:30:57 mkdir -p /fs/sda3
ext4
2024-09-11 23:30:57 mount -t ext4 /dev/sda3 /fs/sda3
2024-09-11 23:30:57 mkdir -p /fs/sda4
ext4
2024-09-11 23:30:57 mount -t ext4 /dev/sda4 /fs/sda4
Added user root.
2024-09-11 23:30:58 mkdir -p /cifs/sda1
2024-09-11 23:30:58 timeout 5m mount -t cifs -o vers=2.0 -o user=root,password=pass //localhost/fs/sda1 /cifs/sda1
mount cifs success
2024-09-11 23:30:58 mkdir -p /cifs/sda2
2024-09-11 23:30:58 timeout 5m mount -t cifs -o vers=2.0 -o user=root,password=pass //localhost/fs/sda2 /cifs/sda2
mount cifs success
2024-09-11 23:30:59 mkdir -p /cifs/sda3
2024-09-11 23:30:59 timeout 5m mount -t cifs -o vers=2.0 -o user=root,password=pass //localhost/fs/sda3 /cifs/sda3
mount cifs success
2024-09-11 23:30:59 mkdir -p /cifs/sda4
2024-09-11 23:30:59 timeout 5m mount -t cifs -o vers=2.0 -o user=root,password=pass //localhost/fs/sda4 /cifs/sda4
mount cifs success
check_nr_cpu
CPU(s): 4
On-line CPU(s) list: 0-3
Model name: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz
BIOS Model name: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz CPU @ 3.2GHz
Thread(s) per core: 1
Core(s) per socket: 4
Socket(s): 1
CPU(s) scaling MHz: 94%
NUMA node(s): 1
NUMA node0 CPU(s): 0-3
==> /tmp/stderr <==
512+0 records in
512+0 records out
262144 bytes (262 kB, 256 KiB) copied, 0.013281 s, 19.7 MB/s
512+0 records in
512+0 records out
262144 bytes (262 kB, 256 KiB) copied, 0.090282 s, 2.9 MB/s
512+0 records in
512+0 records out
262144 bytes (262 kB, 256 KiB) copied, 0.0451926 s, 5.8 MB/s
==> /tmp/stdout <==
2024-09-11 23:31:00 mount /dev/sda1 /fs/sda1
2024-09-11 23:31:01 mkdir -p /smbv2//cifs/sda1
2024-09-11 23:31:01 export FSTYP=cifs
2024-09-11 23:31:01 export TEST_DEV=//localhost/fs/sda1
2024-09-11 23:31:01 export TEST_DIR=/smbv2//cifs/sda1
2024-09-11 23:31:01 export CIFS_MOUNT_OPTIONS=-ousername=root,password=pass,noperm,vers=2.0,mfsymlinks,actimeo=0
2024-09-11 23:31:01 sed "s:^:generic/:" //lkp/benchmarks/xfstests/tests/generic-group-07
2024-09-11 23:31:01 ./check -E tests/cifs/exclude.incompatible-smb2.txt -E tests/cifs/exclude.very-slow.txt generic/071 generic/072 generic/074 generic/075 generic/076 generic/078 generic/079
IPMI BMC is not supported on this machine, skip bmc-watchdog setup!
FSTYP -- cifs
PLATFORM -- Linux/x86_64 lkp-skl-d05 6.11.0-rc6-00065-ga05b682d498a #1 SMP PREEMPT_DYNAMIC Thu Sep 12 06:26:04 CST 2024
generic/071 [not run] this test requires a valid $SCRATCH_DEV
generic/072 [not run] xfs_io fcollapse failed (old kernel/wrong fs?)
generic/074 _check_dmesg: something found in dmesg (see /lkp/benchmarks/xfstests/results//generic/074.dmesg)
generic/075 95s
generic/076 [not run] this test requires a valid $SCRATCH_DEV
generic/078 [not run] kernel doesn't support renameat2 syscall
generic/079 [not run] file system doesn't support chattr +ia
Ran: generic/071 generic/072 generic/074 generic/075 generic/076 generic/078 generic/079
Not run: generic/071 generic/072 generic/076 generic/078 generic/079
Failures: generic/074
Failed 1 of 7 tests
[-- Attachment #3: 074.full --]
[-- Type: text/plain, Size: 4329 bytes --]
Params are for Linux SMP
Params: n = 3 l = 10 f = 5
num_children=1 file_size=1048576 num_files=1 loop_count=10 block_size=1024
mmap=0 sync=0 prealloc=0
Total data size 1.0 Mbyte
Child 0 loop 0
Child 0 loop 1
Child 0 loop 2
Child 0 loop 3
Child 0 loop 4
Child 0 loop 5
Child 0 loop 6
Child 0 loop 7
Child 0 loop 8
Child 0 loop 9
Child 0 cleaning up /smbv2/cifs/sda1/fstest.0/child0
num_children=1 file_size=1048576 num_files=1 loop_count=10 block_size=1024
mmap=0 sync=0 prealloc=0
Total data size 1.0 Mbyte
num_children=1 file_size=10485760 num_files=1 loop_count=10 block_size=8192
mmap=1 sync=0 prealloc=0
Total data size 10.5 Mbyte
Child 0 loop 0
Child 0 loop 1
Child 0 loop 2
Child 0 loop 3
Child 0 loop 4
Child 0 loop 5
Child 0 loop 6
Child 0 loop 7
Child 0 loop 8
Child 0 loop 9
Child 0 cleaning up /smbv2/cifs/sda1/fstest.1/child0
num_children=1 file_size=10485760 num_files=1 loop_count=10 block_size=8192
mmap=1 sync=0 prealloc=0
Total data size 10.5 Mbyte
num_children=3 file_size=31457280 num_files=5 loop_count=10 block_size=512
mmap=0 sync=0 prealloc=0
Total data size 471.9 Mbyte
Child 0 loop 0
Child 0 loop 1
Child 0 loop 2
Child 0 loop 3
Child 0 loop 4
Child 0 loop 5
Child 0 loop 6
Child 0 loop 7
Child 0 loop 8
Child 0 loop 9
Child 0 cleaning up /smbv2/cifs/sda1/fstest.2/child0
num_children=3 file_size=31457280 num_files=5 loop_count=10 block_size=512
mmap=0 sync=0 prealloc=0
Total data size 471.9 Mbyte
Child 1 loop 0
Child 1 loop 1
Child 1 loop 2
Child 1 loop 3
Child 1 loop 4
Child 1 loop 5
Child 1 loop 6
Child 1 loop 7
Child 1 loop 8
Child 1 loop 9
Child 1 cleaning up /smbv2/cifs/sda1/fstest.2/child1
num_children=3 file_size=31457280 num_files=5 loop_count=10 block_size=512
mmap=0 sync=0 prealloc=0
Total data size 471.9 Mbyte
Child 2 loop 0
Child 2 loop 1
Child 2 loop 2
Child 2 loop 3
Child 2 loop 4
Child 2 loop 5
Child 2 loop 6
Child 2 loop 7
Child 2 loop 8
Child 2 loop 9
Child 2 cleaning up /smbv2/cifs/sda1/fstest.2/child2
num_children=3 file_size=31457280 num_files=5 loop_count=10 block_size=512
mmap=0 sync=0 prealloc=0
Total data size 471.9 Mbyte
num_children=3 file_size=31457280 num_files=5 loop_count=10 block_size=512
mmap=1 sync=0 prealloc=0
Total data size 471.9 Mbyte
Child 0 loop 0
Child 0 loop 1
Child 0 loop 2
Child 0 loop 3
Child 0 loop 4
Child 0 loop 5
Child 0 loop 6
Child 0 loop 7
Child 0 loop 8
Child 0 loop 9
Child 0 cleaning up /smbv2/cifs/sda1/fstest.3/child0
num_children=3 file_size=31457280 num_files=5 loop_count=10 block_size=512
mmap=1 sync=0 prealloc=0
Total data size 471.9 Mbyte
Child 2 loop 0
Child 2 loop 1
Child 2 loop 2
Child 2 loop 3
Child 2 loop 4
Child 2 loop 5
Child 2 loop 6
Child 2 loop 7
Child 2 loop 8
Child 2 loop 9
Child 2 cleaning up /smbv2/cifs/sda1/fstest.3/child2
num_children=3 file_size=31457280 num_files=5 loop_count=10 block_size=512
mmap=1 sync=0 prealloc=0
Total data size 471.9 Mbyte
Child 1 loop 0
Child 1 loop 1
Child 1 loop 2
Child 1 loop 3
Child 1 loop 4
Child 1 loop 5
Child 1 loop 6
Child 1 loop 7
Child 1 loop 8
Child 1 loop 9
Child 1 cleaning up /smbv2/cifs/sda1/fstest.3/child1
num_children=3 file_size=31457280 num_files=5 loop_count=10 block_size=512
mmap=1 sync=0 prealloc=0
Total data size 471.9 Mbyte
num_children=3 file_size=10485760 num_files=5 loop_count=10 block_size=512
mmap=1 sync=1 prealloc=0
Total data size 157.3 Mbyte
Child 2 loop 0
Child 2 loop 1
Child 2 loop 2
Child 2 loop 3
Child 2 loop 4
Child 2 loop 5
Child 2 loop 6
Child 2 loop 7
Child 2 loop 8
Child 2 loop 9
Child 2 cleaning up /smbv2/cifs/sda1/fstest.4/child2
num_children=3 file_size=10485760 num_files=5 loop_count=10 block_size=512
mmap=1 sync=1 prealloc=0
Total data size 157.3 Mbyte
Child 0 loop 0
Child 0 loop 1
Child 0 loop 2
Child 0 loop 3
Child 0 loop 4
Child 0 loop 5
Child 0 loop 6
Child 0 loop 7
Child 0 loop 8
Child 0 loop 9
Child 0 cleaning up /smbv2/cifs/sda1/fstest.4/child0
num_children=3 file_size=10485760 num_files=5 loop_count=10 block_size=512
mmap=1 sync=1 prealloc=0
Total data size 157.3 Mbyte
Child 1 loop 0
Child 1 loop 1
Child 1 loop 2
Child 1 loop 3
Child 1 loop 4
Child 1 loop 5
Child 1 loop 6
Child 1 loop 7
Child 1 loop 8
Child 1 loop 9
Child 1 cleaning up /smbv2/cifs/sda1/fstest.4/child1
num_children=3 file_size=10485760 num_files=5 loop_count=10 block_size=512
mmap=1 sync=1 prealloc=0
Total data size 157.3 Mbyte
next prev parent reply other threads:[~2024-09-19 2:24 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-13 7:24 kernel test robot
2024-09-13 7:59 ` David Howells
2024-09-13 8:11 ` Christian Brauner
2024-09-18 2:24 ` Oliver Sang
2024-09-18 10:34 ` David Howells
2024-09-18 11:27 ` David Howells
2024-09-19 2:23 ` Oliver Sang [this message]
2024-09-19 7:14 ` David Howells
2024-09-20 6:36 ` Oliver Sang
2024-09-20 7:55 ` David Howells
2024-09-18 14:03 ` David Howells
2024-09-19 2:50 ` Oliver Sang
2024-09-24 21:47 ` David Howells
2024-09-24 23:19 ` Steve French
2024-09-26 2:20 ` Oliver Sang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZuuLLrurWiPSXt7X@xsang-OptiPlex-9020 \
--to=oliver.sang@intel.com \
--cc=brauner@kernel.org \
--cc=dhowells@redhat.com \
--cc=jlayton@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lkp@intel.com \
--cc=netfs@lists.linux.dev \
--cc=oe-lkp@lists.linux.dev \
--cc=sfrench@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox