NetBSD Problem Report #55287
From clare@csel.org Fri May 22 23:48:30 2020
Return-Path: <clare@csel.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 1A8E41A9227
for <gnats-bugs@gnats.NetBSD.org>; Fri, 22 May 2020 23:48:30 +0000 (UTC)
Message-Id: <20200522234824.68AD338844@mail.csel.org>
Date: Sat, 23 May 2020 08:48:24 +0900 (JST)
From: Shinichi Doyashiki <clare@csel.org>
Reply-To: Shinichi Doyashiki <clare@csel.org>
To: gnats-bugs@NetBSD.org
Subject: memory corruption around lfs_unmark_dirop
X-Send-Pr-Version: 3.95
>Number: 55287
>Category: kern
>Synopsis: memory corruption around lfs_unmark_dirop
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri May 22 23:50:00 +0000 2020
>Last-Modified: Sat May 23 12:40:01 +0000 2020
>Originator: Shinichi Doyashiki
>Release: NetBSD 9.99.63
>Organization:
at home
>Environment:
System: NetBSD drunker.csel.org 9.99.63 NetBSD 9.99.63 (J1900PC_KASAN) #4: Fri May 22 02:18:02 JST 2020 clare@drunker.csel.org:/export/netbsd/src/sys/arch/amd64/compile/J1900PC_KASAN amd64
Architecture: x86_64
Machine: amd64
>Description:
i got a error report from kASan while using LFS.
reboot after panic: [ 1220.1714081] panic: ASan: Unauthorized Access In 0xffffffff80e64896: Addr 0xffffb880261aa4d8 [4 bytes, read, PoolUseAfterFree]
Reading symbols from netbsd.gdb...
(gdb) target kvm /var/crash/netbsd.3.core
0xffffffff80225f35 in cpu_reboot (howto=howto@entry=260, bootstr=bootstr@entry=0x0) at ../../../../arch/amd64/amd64/machdep.c:713
713 dumpsys();
(gdb) bt
#0 0xffffffff80225f35 in cpu_reboot (howto=howto@entry=260, bootstr=bootstr@entry=0x0) at ../../../../arch/amd64/amd64/machdep.c:713
#1 0xffffffff80f20a6b in kern_reboot (howto=howto@entry=260, bootstr=bootstr@entry=0x0) at ../../../../kern/kern_reboot.c:73
#2 0xffffffff80f819db in vpanic (fmt=fmt@entry=0xffffffff817433d8 "ASan: Unauthorized Access In %p: Addr %p [%zu byte%s, %s, %s]\n",
ap=ap@entry=0xffffc382f632bb70) at ../../../../kern/subr_prf.c:290
#3 0xffffffff80f81b2d in panic (fmt=fmt@entry=0xffffffff817433d8 "ASan: Unauthorized Access In %p: Addr %p [%zu byte%s, %s, %s]\n")
at ../../../../kern/subr_prf.c:209
#4 0xffffffff80f4c245 in kasan_report (addr=<optimized out>, size=size@entry=4, write=write@entry=false, pc=<optimized out>, code=<optimized out>)
at ../../../../kern/subr_asan.c:197
#5 0xffffffff80f5a48e in kasan_shadow_check (retaddr=<optimized out>, write=false, size=4, addr=<optimized out>) at ../../../../kern/subr_asan.c:424
#6 __asan_load4 (addr=<optimized out>) at ../../../../kern/subr_asan.c:1209
#7 0xffffffff80e64896 in lfs_unmark_dirop (fs=0xffffc380236aa000) at ../../../../ufs/lfs/lfs_subr.c:384
#8 lfs_segunlock (fs=0xffffc380236aa000) at ../../../../ufs/lfs/lfs_subr.c:555
#9 0xffffffff80e6196a in lfs_segwrite (mp=mp@entry=0xffffc380236a9000, flags=<optimized out>, flags@entry=5) at ../../../../ufs/lfs/lfs_segment.c:840
#10 0xffffffff80e6cb78 in lfs_sync (mp=0xffffc380236a9000, waitfor=3, cred=<optimized out>) at ../../../../ufs/lfs/lfs_vfsops.c:1531
#11 0xffffffff80ffd1d8 in VFS_SYNC (mp=0xffffc380236a9000, a=3, b=0xffffc3801f7e1040) at ../../../../kern/vfs_subr.c:1436
#12 0xffffffff80ffd34f in sched_sync (arg=<optimized out>) at ./machine/cpu.h:72
#13 0xffffffff802086f7 in lwp_trampoline ()
#14 0x0000000000000000 in ?? ()
>How-To-Repeat:
use LFS with kASan enabled kernel.
>Fix:
unknown yet.
>Audit-Trail:
From: clare@csel.org
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/55287: memory corruption around lfs_unmark_dirop
Date: Sat, 23 May 2020 21:39:09 +0900
i forgotten enabling DIAGNOSTIC.
after diagnostic option enabled, the kernel panics on lfs_vnops.c:530
2020-05-23T20:48:11.205395+09:00 drunker.csel.org savecore - - - reboot after panic: [ 264.5263227] panic: kernel diagnostic assertion "VOP_ISLOCKED(ap->a_vp) == LK_EXCLUSIVE" failed: file "../../../../ufs/lfs/lfs_vnops.c", line 530
2020-05-23T20:54:59.954169+09:00 drunker.csel.org savecore - - - reboot after panic: [ 223.1100985] panic: kernel diagnostic assertion "VOP_ISLOCKED(ap->a_vp) == LK_EXCLUSIVE" failed: file "../../../../ufs/lfs/lfs_vnops.c", line 530
2020-05-23T21:02:00.280991+09:00 drunker.csel.org savecore - - - reboot after panic: [ 233.5912117] panic: kernel diagnostic assertion "VOP_ISLOCKED(ap->a_vp) == LK_EXCLUSIVE" failed: file "../../../../ufs/lfs/lfs_vnops.c", line 530
# newfs_lfs /dev/rdk4
Creating a version 2 LFS32 with roll-forward ident 0x33603a29
462221.0MB in 462221 segments of size 1048576
super-block backups (for fsck -b #) at:
16, 94662656, 189325312, 283987968, 378650624, 473313280, 567975936,
662638592, 757301248, 851963904.
# mount /lfs
[ 709.5109605] WARNING: the log-structured file system is experimental
[ 709.5209683] WARNING: it may cause system crashes and/or corrupt data
# mkdir /lfs/netbsd
# chown clare /lfs/netbsd
# exit
$ cd /lfs/netbsd
[ 724.5141931] panic: kernel diagnostic assertion "VOP_ISLOCKED(ap->a_vp) == LK_EXCLUSIVE" failed: file "../../../../ufs/lfs/lfs_vnops.c", line 530
[ 724.5365961] cpu0: Begin traceback...
[ 724.5365961] vpanic() at netbsd:vpanic+0x1e0
[ 724.5442220] _GLOBAL__sub_D_65535_0_cpu_configure() at netbsd:_GLOBAL__sub_D_65535_0_cpu_configure
[ 724.5642405] lfs_inactive() at netbsd:lfs_inactive+0x2b1
[ 724.5742535] VOP_INACTIVE() at netbsd:VOP_INACTIVE+0x135
[ 724.5842608] vrelel() at netbsd:vrelel+0x295
[ 724.5942685] vput() at netbsd:vput+0xc4
[ 724.6052045] getcwd_common() at netbsd:getcwd_common+0x397
[ 724.6146007] sys___getcwd() at netbsd:sys___getcwd+0x156
[ 724.6246897] syscall() at netbsd:syscall+0x4c2
[ 724.6358105] --- syscall (number 296) ---
[ 724.6443099] netbsd:syscall+0x4c2:
[ 724.6443099] cpu0: End traceback...
--
Shinichi Doyashiki <clare@csel.org>
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.