On Thu 28-06-18 22:48:51, Anatoly Trosinenko wrote: > Mounting broken UDF image causes KASAN warning on v4.18-rc2. > > How to reproduce: > 1. Compile v4.18-rc2 kernel with the attached config > 2. Unpack and mount the attached FS image as UDF
Thanks for the report and reproducer. I'll send fixes for the bug shortly. Honza > > What happens: > [ 24.002776] UDF-fs: warning (device sda): udf_fill_super: No fileset found > [ 24.003207] > ================================================================== > [ 24.003402] BUG: KASAN: slab-out-of-bounds in iput+0x8df/0xa80 > [ 24.003584] Read of size 8 at addr ffff880067e82100 by task exe/1090 > [ 24.003684] > [ 24.004030] CPU: 0 PID: 1090 Comm: exe Not tainted 4.18.0-rc2 #1 > [ 24.004146] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), > BIOS 1.10.2-1ubuntu1 04/01/2014 > [ 24.004420] Call Trace: > [ 24.004629] dump_stack+0xae/0x14b > [ 24.004736] ? show_regs_print_info+0x5/0x5 > [ 24.004815] ? printk+0x97/0xbe > [ 24.004876] ? kmsg_dump_rewind_nolock+0xf0/0xf0 > [ 24.004950] ? __switch_to_asm+0x40/0x70 > [ 24.005018] ? iput+0x8df/0xa80 > [ 24.005076] print_address_description+0x75/0x3e0 > [ 24.005157] ? iput+0x8df/0xa80 > [ 24.005217] kasan_report+0x1d8/0x460 > [ 24.005284] ? __switch_to_asm+0x40/0x70 > [ 24.005353] ? iput+0x8df/0xa80 > [ 24.005412] iput+0x8df/0xa80 > [ 24.005472] ? __sched_text_start+0x8/0x8 > [ 24.005540] ? inode_add_lru+0x280/0x280 > [ 24.005610] ? inode_add_lru+0x280/0x280 > [ 24.005676] ? kmsg_dump_rewind_nolock+0xf0/0xf0 > [ 24.005753] ? submit_bio+0x97/0x480 > [ 24.005825] ? submit_bio+0x97/0x480 > [ 24.005890] ? bio_alloc_bioset+0x224/0x680 > [ 24.005964] ? _udf_warn+0x104/0x190 > [ 24.006027] ? apic_timer_interrupt+0xa/0x20 > [ 24.006107] udf_sb_free_partitions+0x4e1/0x9b0 > [ 24.006190] udf_fill_super+0xe00/0x1ed0 > [ 24.006265] ? udf_load_vrs+0xc80/0xc80 > [ 24.006331] ? strspn+0x230/0x250 > [ 24.006394] ? vsnprintf+0x587/0x1380 > [ 24.006461] ? pointer+0x790/0x790 > [ 24.006522] ? rcu_note_context_switch+0x4e3/0x500 > [ 24.006603] ? udf_load_vrs+0xc80/0xc80 > [ 24.006669] ? snprintf+0x8f/0xc0 > [ 24.006729] ? vsprintf+0x10/0x10 > [ 24.006791] ? udf_load_vrs+0xc80/0xc80 > [ 24.006861] ? udf_load_vrs+0xc80/0xc80 > [ 24.006925] mount_bdev+0x25e/0x330 > [ 24.006993] mount_fs+0x59/0x330 > [ 24.007059] vfs_kern_mount.part.8+0xba/0x460 > [ 24.007136] ? unlock_mount+0x190/0x190 > [ 24.007207] ? __get_fs_type+0x82/0xe0 > [ 24.007276] do_mount+0xe13/0x34f0 > [ 24.007345] ? copy_mount_string+0x20/0x20 > [ 24.007417] ? strndup_user+0x42/0xb0 > [ 24.007479] ? save_stack+0x89/0xb0 > [ 24.007541] ? __kmalloc_track_caller+0x11a/0x360 > [ 24.007614] ? memdup_user+0x23/0x60 > [ 24.007673] ? strndup_user+0x42/0xb0 > [ 24.007733] ? ksys_mount+0x49/0xd0 > [ 24.007793] ? __x64_sys_mount+0xbe/0x170 > [ 24.007857] ? do_syscall_64+0x13c/0x520 > [ 24.007921] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 > [ 24.008014] ? d_move+0xf0/0xf0 > [ 24.008077] ? selinux_inode_getattr+0x19f/0x260 > [ 24.008153] ? selinux_sctp_assoc_request+0x9e0/0x9e0 > [ 24.008233] ? kmem_cache_alloc+0xfa/0x2d0 > [ 24.008304] ? _copy_to_user+0x6d/0xb0 > [ 24.008369] ? cp_new_stat+0x66a/0x8e0 > [ 24.008433] ? inode_get_bytes+0x210/0x210 > [ 24.008509] ? kasan_unpoison_shadow+0x30/0x40 > [ 24.008583] ? kasan_kmalloc+0xa0/0xd0 > [ 24.008649] ? __kmalloc_track_caller+0x11a/0x360 > [ 24.008726] ? _copy_from_user+0x75/0xc0 > [ 24.008794] ? memdup_user+0x39/0x60 > [ 24.008860] ksys_mount+0x7b/0xd0 > [ 24.008926] __x64_sys_mount+0xbe/0x170 > [ 24.008996] do_syscall_64+0x13c/0x520 > [ 24.009065] ? syscall_return_slowpath+0x370/0x370 > [ 24.009145] ? __do_page_fault+0xb80/0xb80 > [ 24.009215] ? prepare_exit_to_usermode+0x1df/0x280 > [ 24.009293] ? perf_trace_sys_enter+0x17e0/0x17e0 > [ 24.009370] ? __put_user_4+0x1c/0x30 > [ 24.009437] entry_SYSCALL_64_after_hwframe+0x44/0xa9 > [ 24.009621] RIP: 0033:0x48d31a > [ 24.009692] Code: b8 67 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 6d > cc 01 00 c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 > 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 4a cc 01 00 c3 66 0f 1f 84 00 00 00 > 00 00 > [ 24.010213] RSP: 002b:00007ffdd66b17e8 EFLAGS: 00000246 ORIG_RAX: > 00000000000000a5 > [ 24.010368] RAX: ffffffffffffffda RBX: 0000000000008000 RCX: > 000000000048d31a > [ 24.010487] RDX: 00007ffdd66b2fa2 RSI: 00007ffdd66b2f9a RDI: > 00007ffdd66b2f91 > [ 24.010605] RBP: 0000000001d668a0 R08: 0000000000000000 R09: > 0000000000000000 > [ 24.010723] R10: 0000000000008000 R11: 0000000000000246 R12: > 0000000000000000 > [ 24.010839] R13: 0000000000000000 R14: 00007ffdd66b1a58 R15: > 0000000000000000 > [ 24.011020] > [ 24.011147] Allocated by task 0: > [ 24.011209] (stack is not available) > [ 24.011277] > [ 24.011314] Freed by task 0: > [ 24.011359] (stack is not available) > [ 24.011413] > [ 24.011457] The buggy address belongs to the object at ffff880067e82100 > [ 24.011457] which belongs to the cache kmalloc-16 of size 16 > [ 24.011662] The buggy address is located 0 bytes inside of > [ 24.011662] 16-byte region [ffff880067e82100, ffff880067e82110) > [ 24.011839] The buggy address belongs to the page: > [ 24.012064] page:ffffea00019fa080 count:1 mapcount:0 > mapping:ffff88006c001b40 index:0x0 > [ 24.012318] flags: 0x100000000000100(slab) > [ 24.012614] raw: 0100000000000100 dead000000000100 dead000000000200 > ffff88006c001b40 > [ 24.012744] raw: 0000000000000000 0000000080800080 00000001ffffffff > 0000000000000000 > [ 24.012991] page dumped because: kasan: bad access detected > [ 24.013105] > [ 24.013162] Memory state around the buggy address: > [ 24.013453] ffff880067e82000: fb fb fc fc 00 00 fc fc 00 00 fc fc > 00 00 fc fc > [ 24.013581] ffff880067e82080: fc fc fc fc fc fc fc fc fc fc fc fc > fc fc fc fc > [ 24.013700] >ffff880067e82100: fc fc fc fc fc fc fc fc fc fc fc fc > fc fc fc fc > [ 24.013851] ^ > [ 24.013912] ffff880067e82180: fc fc fc fc fc fc fc fc fc fc fc fc > fc fc fc fc > [ 24.014012] ffff880067e82200: fc fc fc fc fc fc fc fc fc fc fc fc > fc fc fc fc > [ 24.014132] > ================================================================== > [ 24.014250] Disabling lock debugging due to kernel taint > mount: mounting /dev/sda on /mnt failed: Invalid argument > [ 24.027931] exe (1090) used greatest stack depth: 19824 bytes left > > (Full log attached) > > Thanks, > Anatoly > q[ 0.000000] Linux version 4.18.0-rc2 (trosinenko@trosinenko-pc) (gcc > version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)) #1 SMP Thu Jun 28 22:26:49 MSK 2018 > [ 0.000000] Command line: console=ttyS0 > [ 0.000000] x86/fpu: x87 FPU will use FXSAVE > [ 0.000000] BIOS-provided physical RAM map: > [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable > [ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved > [ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved > [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000007ffdffff] usable > [ 0.000000] BIOS-e820: [mem 0x000000007ffe0000-0x000000007fffffff] reserved > [ 0.000000] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved > [ 0.000000] NX (Execute Disable) protection: active > [ 0.000000] SMBIOS 2.8 present. > [ 0.000000] DMI: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > 1.10.2-1ubuntu1 04/01/2014 > [ 0.000000] last_pfn = 0x7ffe0 max_arch_pfn = 0x400000000 > [ 0.000000] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT > [ 0.000000] found SMP MP-table at [mem 0x000f6aa0-0x000f6aaf] mapped at > [(____ptrval____)] > [ 0.000000] Scanning 1 areas for low memory corruption > [ 0.000000] RAMDISK: [mem 0x7f991000-0x7ffdffff] > [ 0.000000] ACPI: Early table checksum verification disabled > [ 0.000000] ACPI: RSDP 0x00000000000F68C0 000014 (v00 BOCHS ) > [ 0.000000] ACPI: RSDT 0x000000007FFE15FC 000030 (v01 BOCHS BXPCRSDT > 00000001 BXPC 00000001) > [ 0.000000] ACPI: FACP 0x000000007FFE1458 000074 (v01 BOCHS BXPCFACP > 00000001 BXPC 00000001) > [ 0.000000] ACPI: DSDT 0x000000007FFE0040 001418 (v01 BOCHS BXPCDSDT > 00000001 BXPC 00000001) > [ 0.000000] ACPI: FACS 0x000000007FFE0000 000040 > [ 0.000000] ACPI: APIC 0x000000007FFE154C 000078 (v01 BOCHS BXPCAPIC > 00000001 BXPC 00000001) > [ 0.000000] ACPI: HPET 0x000000007FFE15C4 000038 (v01 BOCHS BXPCHPET > 00000001 BXPC 00000001) > [ 0.000000] No NUMA configuration found > [ 0.000000] Faking a node at [mem 0x0000000000000000-0x000000007ffdffff] > [ 0.000000] NODE_DATA(0) allocated [mem 0x7f98d000-0x7f990fff] > [ 0.000000] tsc: Fast TSC calibration using PIT > [ 0.000000] Zone ranges: > [ 0.000000] DMA [mem 0x0000000000001000-0x0000000000ffffff] > [ 0.000000] DMA32 [mem 0x0000000001000000-0x000000007ffdffff] > [ 0.000000] Normal empty > [ 0.000000] Movable zone start for each node > [ 0.000000] Early memory node ranges > [ 0.000000] node 0: [mem 0x0000000000001000-0x000000000009efff] > [ 0.000000] node 0: [mem 0x0000000000100000-0x000000007ffdffff] > [ 0.000000] Initmem setup node 0 [mem > 0x0000000000001000-0x000000007ffdffff] > [ 0.000000] Reserved but unavailable: 98 pages > [ 0.000000] kasan: KernelAddressSanitizer initialized > [ 0.000000] ACPI: PM-Timer IO Port: 0x608 > [ 0.000000] ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1]) > [ 0.000000] IOAPIC[0]: apic_id 0, version 32, address 0xfec00000, GSI 0-23 > [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl) > [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level) > [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) > [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level) > [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level) > [ 0.000000] Using ACPI (MADT) for SMP configuration information > [ 0.000000] ACPI: HPET id: 0x8086a201 base: 0xfed00000 > [ 0.000000] smpboot: Allowing 1 CPUs, 0 hotplug CPUs > [ 0.000000] PM: Registered nosave memory: [mem 0x00000000-0x00000fff] > [ 0.000000] PM: Registered nosave memory: [mem 0x0009f000-0x0009ffff] > [ 0.000000] PM: Registered nosave memory: [mem 0x000a0000-0x000effff] > [ 0.000000] PM: Registered nosave memory: [mem 0x000f0000-0x000fffff] > [ 0.000000] [mem 0x80000000-0xfffbffff] available for PCI devices > [ 0.000000] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: > 0xffffffff, max_idle_ns: 1910969940391419 ns > [ 0.000000] random: get_random_bytes called from start_kernel+0xed/0x7f6 > with crng_init=0 > [ 0.000000] setup_percpu: NR_CPUS:64 nr_cpumask_bits:64 nr_cpu_ids:1 > nr_node_ids:1 > [ 0.000000] percpu: Embedded 52 pages/cpu @(____ptrval____) s175128 r8192 > d29672 u2097152 > [ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 515945 > [ 0.000000] Policy zone: DMA32 > [ 0.000000] Kernel command line: console=ttyS0 > [ 0.000000] Memory: 1643244K/2096632K available (55308K kernel code, > 49708K rwdata, 6688K rodata, 2008K init, 9040K bss, 453388K reserved, 0K > cma-reserved) > [ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1 > [ 0.000000] Hierarchical RCU implementation. > [ 0.000000] RCU event tracing is enabled. > [ 0.000000] RCU restricting CPUs from NR_CPUS=64 to nr_cpu_ids=1. > [ 0.000000] RCU: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=1 > [ 0.000000] NR_IRQS: 4352, nr_irqs: 256, preallocated irqs: 16 > [ 0.000000] Console: colour VGA+ 80x25 > [ 0.000000] console [ttyS0] enabled > [ 0.000000] ACPI: Core revision 20180531 > [ 0.000000] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, > max_idle_ns: 19112604467 ns > [ 0.003000] APIC: Switch to symmetric I/O mode setup > [ 0.009000] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1 > [ 0.014000] tsc: Fast TSC calibration using PIT > [ 0.015000] tsc: Detected 2808.209 MHz processor > [ 0.017473] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: > 0x287a8b8a1c0, max_idle_ns: 440795227519 ns > [ 0.018141] Calibrating delay loop (skipped), value calculated using timer > frequency.. 5616.41 BogoMIPS (lpj=2808209) > [ 0.018450] pid_max: default: 32768 minimum: 301 > [ 0.020681] Security Framework initialized > [ 0.021073] SELinux: Initializing. > [ 0.027162] Dentry cache hash table entries: 262144 (order: 9, 2097152 > bytes) > [ 0.028626] Inode-cache hash table entries: 131072 (order: 8, 1048576 > bytes) > [ 0.029311] Mount-cache hash table entries: 4096 (order: 3, 32768 bytes) > [ 0.029577] Mountpoint-cache hash table entries: 4096 (order: 3, 32768 > bytes) > [ 0.061230] mce: CPU supports 10 MCE banks > [ 0.063110] Last level iTLB entries: 4KB 0, 2MB 0, 4MB 0 > [ 0.063205] Last level dTLB entries: 4KB 0, 2MB 0, 4MB 0, 1GB 0 > [ 0.063442] Spectre V2 : Spectre mitigation: LFENCE not serializing, > switching to generic retpoline > [ 0.063590] Spectre V2 : Mitigation: Full generic retpoline > [ 0.063723] Spectre V2 : Spectre v2 mitigation: Filling RSB on context > switch > [ 0.063924] Speculative Store Bypass: Vulnerable > [ 0.256397] random: fast init done > [ 0.455845] Freeing SMP alternatives memory: 40K > [ 0.481000] smpboot: CPU0: AMD QEMU Virtual CPU version 2.5+ (family: 0x6, > model: 0x6, stepping: 0x3) > [ 0.493825] Performance Events: PMU not available due to virtualization, > using software events only. > [ 0.498073] Hierarchical SRCU implementation. > [ 0.505165] Huh? What family is it: 0x6?! > [ 0.506387] smp: Bringing up secondary CPUs ... > [ 0.506553] smp: Brought up 1 node, 1 CPU > [ 0.506734] smpboot: Max logical packages: 1 > [ 0.506899] smpboot: Total of 1 processors activated (5616.41 BogoMIPS) > [ 0.529340] devtmpfs: initialized > [ 0.607599] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, > max_idle_ns: 1911260446275000 ns > [ 0.608193] futex hash table entries: 256 (order: 2, 16384 bytes) > [ 0.618953] RTC time: 19:33:37, date: 06/28/18 > [ 0.623415] kworker/u2:0 (17) used greatest stack depth: 24496 bytes left > [ 0.638162] NET: Registered protocol family 16 > [ 0.649060] audit: initializing netlink subsys (disabled) > [ 0.654074] audit: type=2000 audit(1530214416.651:1): state=initialized > audit_enabled=0 res=1 > [ 0.663356] kworker/u2:1 (21) used greatest stack depth: 24112 bytes left > [ 0.671352] kworker/u2:1 (24) used greatest stack depth: 22936 bytes left > [ 0.688550] cpuidle: using governor menu > [ 0.693503] ACPI: bus type PCI registered > [ 0.702697] PCI: Using configuration type 1 for base access > [ 1.193628] kworker/u2:2 (233) used greatest stack depth: 22792 bytes left > [ 1.561817] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages > [ 1.577757] ACPI: Added _OSI(Module Device) > [ 1.577877] ACPI: Added _OSI(Processor Device) > [ 1.577947] ACPI: Added _OSI(3.0 _SCP Extensions) > [ 1.578147] ACPI: Added _OSI(Processor Aggregator Device) > [ 1.578475] ACPI: Added _OSI(Linux-Dell-Video) > [ 1.800896] ACPI: 1 ACPI AML tables successfully acquired and loaded > [ 1.868847] ACPI: Interpreter enabled > [ 1.871322] ACPI: (supports S0 S3 S4 S5) > [ 1.871453] ACPI: Using IOAPIC for interrupt routing > [ 1.873657] PCI: Using host bridge windows from ACPI; if necessary, use > "pci=nocrs" and report a bug > [ 1.891553] ACPI: Enabled 2 GPEs in block 00 to 0F > [ 2.546287] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff]) > [ 2.548667] acpi PNP0A03:00: _OSC: OS supports [ASPM ClockPM Segments MSI] > [ 2.550450] acpi PNP0A03:00: _OSC failed (AE_NOT_FOUND); disabling ASPM > [ 2.553086] acpi PNP0A03:00: fail to add MMCONFIG information, can't > access extended PCI configuration space under this bridge. > [ 2.561868] PCI host bridge to bus 0000:00 > [ 2.562399] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window] > [ 2.562586] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window] > [ 2.562757] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff > window] > [ 2.562923] pci_bus 0000:00: root bus resource [mem 0x80000000-0xfebfffff > window] > [ 2.563100] pci_bus 0000:00: root bus resource [mem > 0x100000000-0x17fffffff window] > [ 2.563520] pci_bus 0000:00: root bus resource [bus 00-ff] > [ 2.613125] pci 0000:00:01.1: legacy IDE quirk: reg 0x10: [io > 0x01f0-0x01f7] > [ 2.613305] pci 0000:00:01.1: legacy IDE quirk: reg 0x14: [io 0x03f6] > [ 2.613458] pci 0000:00:01.1: legacy IDE quirk: reg 0x18: [io > 0x0170-0x0177] > [ 2.613600] pci 0000:00:01.1: legacy IDE quirk: reg 0x1c: [io 0x0376] > [ 2.633780] pci 0000:00:01.3: quirk: [io 0x0600-0x063f] claimed by PIIX4 > ACPI > [ 2.633944] pci 0000:00:01.3: quirk: [io 0x0700-0x070f] claimed by PIIX4 > SMB > [ 2.775527] ACPI: PCI Interrupt Link [LNKA] (IRQs 5 *10 11) > [ 2.788069] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 *10 11) > [ 2.800167] ACPI: PCI Interrupt Link [LNKC] (IRQs 5 10 *11) > [ 2.812044] ACPI: PCI Interrupt Link [LNKD] (IRQs 5 10 *11) > [ 2.817261] ACPI: PCI Interrupt Link [LNKS] (IRQs *9) > [ 2.849000] pci 0000:00:02.0: vgaarb: setting as boot VGA device > [ 2.849000] pci 0000:00:02.0: vgaarb: VGA device added: > decodes=io+mem,owns=io+mem,locks=none > [ 2.849090] pci 0000:00:02.0: vgaarb: bridge control possible > [ 2.849356] vgaarb: loaded > [ 2.862274] SCSI subsystem initialized > [ 2.883787] ACPI: bus type USB registered > [ 2.890761] usbcore: registered new interface driver usbfs > [ 2.893496] usbcore: registered new interface driver hub > [ 2.894455] usbcore: registered new device driver usb > [ 2.903395] pps_core: LinuxPPS API ver. 1 registered > [ 2.903507] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo > Giometti <giome...@linux.it> > [ 2.907834] PTP clock support registered > [ 2.915465] EDAC MC: Ver: 3.0.0 > [ 2.932454] Advanced Linux Sound Architecture Driver Initialized. > [ 2.937315] PCI: Using ACPI for IRQ routing > [ 2.969872] NetLabel: Initializing > [ 2.970041] NetLabel: domain hash size = 128 > [ 2.970115] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO > [ 2.974292] NetLabel: unlabeled traffic allowed by default > [ 2.979336] HPET: 3 timers in total, 0 timers will be used for per-cpu > timer > [ 2.979857] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0 > [ 2.980076] hpet0: 3 comparators, 64-bit 100.000000 MHz counter > [ 2.986696] clocksource: Switched to clocksource tsc-early > [ 4.324764] VFS: Disk quotas dquot_6.6.0 > [ 4.325423] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes) > [ 4.332741] pnp: PnP ACPI init > [ 4.407246] pnp: PnP ACPI: found 6 devices > [ 4.713833] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, > max_idle_ns: 2085701024 ns > [ 4.726418] NET: Registered protocol family 2 > [ 4.741225] tcp_listen_portaddr_hash hash table entries: 1024 (order: 2, > 16384 bytes) > [ 4.741854] TCP established hash table entries: 16384 (order: 5, 131072 > bytes) > [ 4.742779] TCP bind hash table entries: 16384 (order: 6, 262144 bytes) > [ 4.743522] TCP: Hash tables configured (established 16384 bind 16384) > [ 4.746491] UDP hash table entries: 1024 (order: 3, 32768 bytes) > [ 4.747208] UDP-Lite hash table entries: 1024 (order: 3, 32768 bytes) > [ 4.751439] NET: Registered protocol family 1 > [ 4.760941] pci 0000:00:00.0: Limiting direct PCI/PCI transfers > [ 4.761267] pci 0000:00:01.0: PIIX3: Enabling Passive Release > [ 4.761562] pci 0000:00:01.0: Activating ISA DMA hang workarounds > [ 4.762047] pci 0000:00:02.0: Video device with shadowed ROM at [mem > 0x000c0000-0x000dffff] > [ 4.774561] Unpacking initramfs... > [ 5.130716] Freeing initrd memory: 6460K > [ 5.145346] Scanning for low memory corruption every 60 seconds > [ 5.206053] Initialise system trusted keyrings > [ 5.211246] workingset: timestamp_bits=56 max_order=19 bucket_order=0 > [ 5.577481] kworker/u2:2 (743) used greatest stack depth: 21168 bytes left > [ 5.720731] SGI XFS with ACLs, security attributes, no debug enabled > [ 5.916791] Key type asymmetric registered > [ 5.916998] Asymmetric key parser 'x509' registered > [ 5.921445] Block layer SCSI generic (bsg) driver version 0.4 loaded > (major 251) > [ 5.921759] io scheduler noop registered > [ 5.921878] io scheduler deadline registered > [ 5.930274] io scheduler cfq registered (default) > [ 5.930413] io scheduler mq-deadline registered > [ 5.930491] io scheduler kyber registered > [ 5.975911] input: Power Button as > /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 > [ 5.977769] ACPI: Power Button [PWRF] > [ 6.014555] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled > [ 6.039447] 00:05: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a > 16550A > [ 6.096560] Non-volatile memory driver v1.3 > [ 6.100775] Linux agpgart interface v0.103 > [ 6.176494] tsc: Refined TSC clocksource calibration: 2808.082 MHz > [ 6.176741] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: > 0x287a13892a4, max_idle_ns: 440795348502 ns > [ 6.177109] clocksource: Switched to clocksource tsc > [ 6.289643] loop: module loaded > [ 6.366407] scsi host0: ata_piix > [ 6.382885] scsi host1: ata_piix > [ 6.391381] ata1: PATA max MWDMA2 cmd 0x1f0 ctl 0x3f6 bmdma 0xc040 irq 14 > [ 6.391581] ata2: PATA max MWDMA2 cmd 0x170 ctl 0x376 bmdma 0xc048 irq 15 > [ 6.414667] e100: Intel(R) PRO/100 Network Driver, 3.5.24-k2-NAPI > [ 6.414797] e100: Copyright(c) 1999-2006 Intel Corporation > [ 6.417634] e1000: Intel(R) PRO/1000 Network Driver - version > 7.3.21-k8-NAPI > [ 6.417763] e1000: Copyright (c) 1999-2006 Intel Corporation. > [ 6.561478] ata1.00: ATA-7: QEMU HARDDISK, 2.5+, max UDMA/100 > [ 6.561619] ata1.00: 2048 sectors, multi 16: LBA48 > [ 6.567791] ata2.00: ATAPI: QEMU DVD-ROM, 2.5+, max UDMA/100 > [ 6.608970] scsi 0:0:0:0: Direct-Access ATA QEMU HARDDISK 2.5+ > PQ: 0 ANSI: 5 > [ 6.659396] sd 0:0:0:0: Attached scsi generic sg0 type 0 > [ 6.662495] sd 0:0:0:0: [sda] 2048 512-byte logical blocks: (1.05 MB/1.00 > MiB) > [ 6.665960] sd 0:0:0:0: [sda] Write Protect is off > [ 6.678630] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, > doesn't support DPO or FUA > [ 6.679878] scsi 1:0:0:0: CD-ROM QEMU QEMU DVD-ROM 2.5+ > PQ: 0 ANSI: 5 > [ 6.723763] sr 1:0:0:0: [sr0] scsi3-mmc drive: 4x/4x cd/rw xa/form2 tray > [ 6.724296] cdrom: Uniform CD-ROM driver Revision: 3.20 > [ 6.786185] sr 1:0:0:0: Attached scsi generic sg1 type 5 > [ 6.836523] sd 0:0:0:0: [sda] Attached SCSI disk > [ 19.893823] PCI Interrupt Link [LNKC] enabled at IRQ 11 > [ 20.203979] e1000 0000:00:03.0 eth0: (PCI:33MHz:32-bit) 52:54:00:12:34:56 > [ 20.204505] e1000 0000:00:03.0 eth0: Intel(R) PRO/1000 Network Connection > [ 20.207769] e1000e: Intel(R) PRO/1000 Network Driver - 3.2.6-k > [ 20.207881] e1000e: Copyright(c) 1999 - 2015 Intel Corporation. > [ 20.209804] sky2: driver version 1.30 > [ 20.233708] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver > [ 20.233886] ehci-pci: EHCI PCI platform driver > [ 20.234950] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver > [ 20.235938] ohci-pci: OHCI PCI platform driver > [ 20.236867] uhci_hcd: USB Universal Host Controller Interface driver > [ 20.246727] usbcore: registered new interface driver usblp > [ 20.250392] usbcore: registered new interface driver usb-storage > [ 20.257766] i8042: PNP: PS/2 Controller [PNP0303:KBD,PNP0f13:MOU] at > 0x60,0x64 irq 1,12 > [ 20.270772] serio: i8042 KBD port at 0x60,0x64 irq 1 > [ 20.272798] serio: i8042 AUX port at 0x60,0x64 irq 12 > [ 20.302861] rtc_cmos 00:00: RTC can wake from S4 > [ 20.304033] input: AT Translated Set 2 keyboard as > /devices/platform/i8042/serio0/input/input1 > [ 20.326954] rtc_cmos 00:00: registered as rtc0 > [ 20.339642] rtc_cmos 00:00: alarms up to one day, y3k, 114 bytes nvram, > hpet irqs > [ 20.380001] device-mapper: ioctl: 4.39.0-ioctl (2018-04-03) initialised: > dm-de...@redhat.com > [ 20.385520] hidraw: raw HID events driver (C) Jiri Kosina > [ 20.443299] usbcore: registered new interface driver usbhid > [ 20.443437] usbhid: USB HID core driver > [ 20.496845] Initializing XFRM netlink socket > [ 20.521833] NET: Registered protocol family 10 > [ 20.552610] Segment Routing with IPv6 > [ 20.564402] sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver > [ 20.586536] NET: Registered protocol family 17 > [ 20.587435] Key type dns_resolver registered > [ 20.596490] sched_clock: Marking stable (20596083277, 0)->(20731580955, > -135497678) > [ 20.614255] registered taskstats version 1 > [ 20.614383] Loading compiled-in X.509 certificates > [ 20.618946] Unable to create integrity sysfs dir: -19 > [ 20.651619] Magic number: 6:151:598 > [ 20.652449] console [netcon0] enabled > [ 20.652576] netconsole: network logging started > [ 20.659513] cfg80211: Loading compiled-in X.509 certificates for > regulatory database > [ 20.690194] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7' > [ 20.693610] platform regulatory.0: Direct firmware load for regulatory.db > failed with error -2 > [ 20.694296] cfg80211: failed to load regulatory.db > [ 20.694714] ALSA device list: > [ 20.694811] No soundcards found. > [ 20.752768] Freeing unused kernel memory: 2008K > [ 20.754450] Write protecting the kernel read-only data: 65536k > [ 20.760006] Freeing unused kernel memory: 2004K > [ 20.808943] Freeing unused kernel memory: 1504K > [ 21.020827] input: ImExPS/2 Generic Explorer Mouse as > /devices/platform/i8042/serio1/input/input3 > > Mounting... > > [ 24.002776] UDF-fs: warning (device sda): udf_fill_super: No fileset found > [ 24.003207] > ================================================================== > [ 24.003402] BUG: KASAN: slab-out-of-bounds in iput+0x8df/0xa80 > [ 24.003584] Read of size 8 at addr ffff880067e82100 by task exe/1090 > [ 24.003684] > [ 24.004030] CPU: 0 PID: 1090 Comm: exe Not tainted 4.18.0-rc2 #1 > [ 24.004146] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS > 1.10.2-1ubuntu1 04/01/2014 > [ 24.004420] Call Trace: > [ 24.004629] dump_stack+0xae/0x14b > [ 24.004736] ? show_regs_print_info+0x5/0x5 > [ 24.004815] ? printk+0x97/0xbe > [ 24.004876] ? kmsg_dump_rewind_nolock+0xf0/0xf0 > [ 24.004950] ? __switch_to_asm+0x40/0x70 > [ 24.005018] ? iput+0x8df/0xa80 > [ 24.005076] print_address_description+0x75/0x3e0 > [ 24.005157] ? iput+0x8df/0xa80 > [ 24.005217] kasan_report+0x1d8/0x460 > [ 24.005284] ? __switch_to_asm+0x40/0x70 > [ 24.005353] ? iput+0x8df/0xa80 > [ 24.005412] iput+0x8df/0xa80 > [ 24.005472] ? __sched_text_start+0x8/0x8 > [ 24.005540] ? inode_add_lru+0x280/0x280 > [ 24.005610] ? inode_add_lru+0x280/0x280 > [ 24.005676] ? kmsg_dump_rewind_nolock+0xf0/0xf0 > [ 24.005753] ? submit_bio+0x97/0x480 > [ 24.005825] ? submit_bio+0x97/0x480 > [ 24.005890] ? bio_alloc_bioset+0x224/0x680 > [ 24.005964] ? _udf_warn+0x104/0x190 > [ 24.006027] ? apic_timer_interrupt+0xa/0x20 > [ 24.006107] udf_sb_free_partitions+0x4e1/0x9b0 > [ 24.006190] udf_fill_super+0xe00/0x1ed0 > [ 24.006265] ? udf_load_vrs+0xc80/0xc80 > [ 24.006331] ? strspn+0x230/0x250 > [ 24.006394] ? vsnprintf+0x587/0x1380 > [ 24.006461] ? pointer+0x790/0x790 > [ 24.006522] ? rcu_note_context_switch+0x4e3/0x500 > [ 24.006603] ? udf_load_vrs+0xc80/0xc80 > [ 24.006669] ? snprintf+0x8f/0xc0 > [ 24.006729] ? vsprintf+0x10/0x10 > [ 24.006791] ? udf_load_vrs+0xc80/0xc80 > [ 24.006861] ? udf_load_vrs+0xc80/0xc80 > [ 24.006925] mount_bdev+0x25e/0x330 > [ 24.006993] mount_fs+0x59/0x330 > [ 24.007059] vfs_kern_mount.part.8+0xba/0x460 > [ 24.007136] ? unlock_mount+0x190/0x190 > [ 24.007207] ? __get_fs_type+0x82/0xe0 > [ 24.007276] do_mount+0xe13/0x34f0 > [ 24.007345] ? copy_mount_string+0x20/0x20 > [ 24.007417] ? strndup_user+0x42/0xb0 > [ 24.007479] ? save_stack+0x89/0xb0 > [ 24.007541] ? __kmalloc_track_caller+0x11a/0x360 > [ 24.007614] ? memdup_user+0x23/0x60 > [ 24.007673] ? strndup_user+0x42/0xb0 > [ 24.007733] ? ksys_mount+0x49/0xd0 > [ 24.007793] ? __x64_sys_mount+0xbe/0x170 > [ 24.007857] ? do_syscall_64+0x13c/0x520 > [ 24.007921] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 > [ 24.008014] ? d_move+0xf0/0xf0 > [ 24.008077] ? selinux_inode_getattr+0x19f/0x260 > [ 24.008153] ? selinux_sctp_assoc_request+0x9e0/0x9e0 > [ 24.008233] ? kmem_cache_alloc+0xfa/0x2d0 > [ 24.008304] ? _copy_to_user+0x6d/0xb0 > [ 24.008369] ? cp_new_stat+0x66a/0x8e0 > [ 24.008433] ? inode_get_bytes+0x210/0x210 > [ 24.008509] ? kasan_unpoison_shadow+0x30/0x40 > [ 24.008583] ? kasan_kmalloc+0xa0/0xd0 > [ 24.008649] ? __kmalloc_track_caller+0x11a/0x360 > [ 24.008726] ? _copy_from_user+0x75/0xc0 > [ 24.008794] ? memdup_user+0x39/0x60 > [ 24.008860] ksys_mount+0x7b/0xd0 > [ 24.008926] __x64_sys_mount+0xbe/0x170 > [ 24.008996] do_syscall_64+0x13c/0x520 > [ 24.009065] ? syscall_return_slowpath+0x370/0x370 > [ 24.009145] ? __do_page_fault+0xb80/0xb80 > [ 24.009215] ? prepare_exit_to_usermode+0x1df/0x280 > [ 24.009293] ? perf_trace_sys_enter+0x17e0/0x17e0 > [ 24.009370] ? __put_user_4+0x1c/0x30 > [ 24.009437] entry_SYSCALL_64_after_hwframe+0x44/0xa9 > [ 24.009621] RIP: 0033:0x48d31a > [ 24.009692] Code: b8 67 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 6d cc 01 00 > c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d > 01 f0 ff ff 0f 83 4a cc 01 00 c3 66 0f 1f 84 00 00 00 00 00 > [ 24.010213] RSP: 002b:00007ffdd66b17e8 EFLAGS: 00000246 ORIG_RAX: > 00000000000000a5 > [ 24.010368] RAX: ffffffffffffffda RBX: 0000000000008000 RCX: > 000000000048d31a > [ 24.010487] RDX: 00007ffdd66b2fa2 RSI: 00007ffdd66b2f9a RDI: > 00007ffdd66b2f91 > [ 24.010605] RBP: 0000000001d668a0 R08: 0000000000000000 R09: > 0000000000000000 > [ 24.010723] R10: 0000000000008000 R11: 0000000000000246 R12: > 0000000000000000 > [ 24.010839] R13: 0000000000000000 R14: 00007ffdd66b1a58 R15: > 0000000000000000 > [ 24.011020] > [ 24.011147] Allocated by task 0: > [ 24.011209] (stack is not available) > [ 24.011277] > [ 24.011314] Freed by task 0: > [ 24.011359] (stack is not available) > [ 24.011413] > [ 24.011457] The buggy address belongs to the object at ffff880067e82100 > [ 24.011457] which belongs to the cache kmalloc-16 of size 16 > [ 24.011662] The buggy address is located 0 bytes inside of > [ 24.011662] 16-byte region [ffff880067e82100, ffff880067e82110) > [ 24.011839] The buggy address belongs to the page: > [ 24.012064] page:ffffea00019fa080 count:1 mapcount:0 > mapping:ffff88006c001b40 index:0x0 > [ 24.012318] flags: 0x100000000000100(slab) > [ 24.012614] raw: 0100000000000100 dead000000000100 dead000000000200 > ffff88006c001b40 > [ 24.012744] raw: 0000000000000000 0000000080800080 00000001ffffffff > 0000000000000000 > [ 24.012991] page dumped because: kasan: bad access detected > [ 24.013105] > [ 24.013162] Memory state around the buggy address: > [ 24.013453] ffff880067e82000: fb fb fc fc 00 00 fc fc 00 00 fc fc 00 00 > fc fc > [ 24.013581] ffff880067e82080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc > fc fc > [ 24.013700] >ffff880067e82100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc > fc fc > [ 24.013851] ^ > [ 24.013912] ffff880067e82180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc > fc fc > [ 24.014012] ffff880067e82200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc > fc fc > [ 24.014132] > ================================================================== > [ 24.014250] Disabling lock debugging due to kernel taint > mount: mounting /dev/sda on /mnt failed: Invalid argument > [ 24.027931] exe (1090) used greatest stack depth: 19824 bytes left > > > > BusyBox v1.27.2 (Ubuntu 1:1.27.2-2ubuntu3) built-in shell (ash) > Enter 'help' for a list of built-in commands. > > /bin/sh: can't access tty; job control turned off > / # [6n -- Jan Kara <j...@suse.com> SUSE Labs, CR