[dm-devel] dm-integrity resize crashes kernel
Ondrej Kozina
okozina at redhat.com
Thu Mar 24 15:34:37 UTC 2022
Hi,
I've hit a dm-integrity crash when re-extending dm-integrity device. The
trick is that underlying device needs to change its size as well.
There's reproducer attached which I have tested on top of scsi_debug
device but it's not limited to scsi_debug.
Tested kernel version: 5.17.0, My minimal tested device size was 128MB,
but it can be reproduced with larger devices as well.
See the attached test.sh script but basically:
1) create 1:1 dm linear mapping (to be able to resize it online later)
2) format dm-linear with integritysetup
3) activate dm-integrity on top of dm-linear
4) write whole dm-integrity
5) shrink dm-integrity
6) shrink dm-linear mapping
7) re-extend dm-integrity over dm-linear again
8) write dm-linear
9) kernel crashes with:
[ 158.771518] kernel BUG at drivers/md/dm-integrity.c:2168!
[ 158.772175] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[ 158.772749] CPU: 1 PID: 1053 Comm: dd Not tainted
5.17.0-128.fc37.x86_64 #1
[ 158.773448] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 158.773997] RIP: 0010:dm_integrity_map_continue+0x6e8/0xa40
[dm_integrity]
[ 158.774662] Code: a8 00 00 00 e8 79 db ff ff 84 c0 0f 85 b0 fd ff ff
4c 89 ff e8 99 e2 ff ff e9 b6 fd ff ff 48 8b 4c 24 08 31 c0 e9 bd fa ff
ff <0f> 0b 31 db e9 e4 fa ff ff 80 7c 24 1a 00 0f 85 05 03 00 00 83 fb
[ 158.776404] RSP: 0018:ffffa95a00c67a38 EFLAGS: 00010013
[ 158.776900] RAX: ffff8ee4e9de7000 RBX: 0000000000000001 RCX:
0000000000000018
[ 158.777574] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
ffff8ee4c35b8000
[ 158.778229] RBP: 0000000000000000 R08: 000000000000000b R09:
00000000000000b0
[ 158.778822] R10: 0000000000000000 R11: 0000000000000002 R12:
0000000000000000
[ 158.779446] R13: 0000000000000000 R14: ffff8ee4c43f5000 R15:
ffff8ee4c3eace00
[ 158.780080] FS: 00007f361d61c740(0000) GS:ffff8ee4fbc80000(0000)
knlGS:0000000000000000
[ 158.780798] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 158.781286] CR2: 00007f3610062000 CR3: 0000000103e96003 CR4:
0000000000370ee0
[ 158.781881] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 158.782482] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 158.783081] Call Trace:
[ 158.783291] <TASK>
[ 158.783457] ? mempool_alloc+0x4f/0x170
[ 158.783753] dm_integrity_map+0x1bf/0x330 [dm_integrity]
[ 158.784163] __map_bio+0x62/0x210
[ 158.784427] __split_and_process_non_flush+0x1cb/0x240
[ 158.784818] dm_submit_bio+0x115/0x360
[ 158.785110] __submit_bio+0xaf/0x180
[ 158.785391] submit_bio_noacct+0xbd/0x2a0
[ 158.785696] __blkdev_direct_IO_simple+0x198/0x290
[ 158.786069] ? folio_add_lru+0x83/0x100
[ 158.786364] ? _raw_spin_unlock+0x16/0x30
[ 158.786670] ? __handle_mm_fault+0x1109/0x13f0
[ 158.787010] ? __blkdev_direct_IO_simple+0x290/0x290
[ 158.787389] generic_file_direct_write+0x9b/0x1d0
[ 158.787748] __generic_file_write_iter+0x91/0x190
[ 158.788119] blkdev_write_iter+0xbc/0x140
[ 158.788412] new_sync_write+0xff/0x180
[ 158.788692] vfs_write+0x209/0x2a0
[ 158.788944] ksys_write+0x53/0xd0
[ 158.789191] do_syscall_64+0x37/0x80
[ 158.789457] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 158.789828] RIP: 0033:0x7f361d7247e7
[ 158.790101] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f
1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f
05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
[ 158.792087] RSP: 002b:00007fff3413fa68 EFLAGS: 00000246 ORIG_RAX:
0000000000000001
[ 158.792962] RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
00007f361d7247e7
[ 158.793811] RDX: 0000000000100000 RSI: 00007f360ff63000 RDI:
0000000000000001
[ 158.794665] RBP: 0000000000100000 R08: 00000000ffffffff R09:
0000000000000000
[ 158.795515] R10: 0000000000000022 R11: 0000000000000246 R12:
00007f360ff63000
[ 158.796389] R13: 0000000000000000 R14: 0000000000100000 R15:
0000000000000000
[ 158.797237] </TASK>
[ 158.797732] Modules linked in: dm_integrity async_xor async_tx
scsi_debug rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd
grace fscache netfs intel_rapl_msr intel_rapl_common kvm_intel sunrpc
kvm binfmt_misc snd_hda_codec_generic ledtrig_audio snd_hda_intel
irqbypass snd_intel_dspcfg snd_intel_sdw_acpi rapl snd_hda_codec
snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm virtio_net
snd_timer joydev snd net_failover failover soundcore virtio_balloon
i2c_piix4 cfg80211 rfkill fuse dm_crypt xfs crct10dif_pclmul
crc32_pclmul crc32c_intel qxl ata_generic drm_ttm_helper ttm virtio_scsi
pata_acpi serio_raw qemu_fw_cfg ghash_clmulni_intel virtio_console
[ 158.803972] ---[ end trace 0000000000000000 ]---
[ 158.804669] RIP: 0010:dm_integrity_map_continue+0x6e8/0xa40
[dm_integrity]
[ 158.805554] Code: a8 00 00 00 e8 79 db ff ff 84 c0 0f 85 b0 fd ff ff
4c 89 ff e8 99 e2 ff ff e9 b6 fd ff ff 48 8b 4c 24 08 31 c0 e9 bd fa ff
ff <0f> 0b 31 db e9 e4 fa ff ff 80 7c 24 1a 00 0f 85 05 03 00 00 83 fb
[ 158.807657] RSP: 0018:ffffa95a00c67a38 EFLAGS: 00010013
[ 158.808427] RAX: ffff8ee4e9de7000 RBX: 0000000000000001 RCX:
0000000000000018
[ 158.809322] RDX: 0000000000000000 RSI: 0000000000000000 RDI:
ffff8ee4c35b8000
[ 158.810227] RBP: 0000000000000000 R08: 000000000000000b R09:
00000000000000b0
[ 158.811137] R10: 0000000000000000 R11: 0000000000000002 R12:
0000000000000000
[ 158.812043] R13: 0000000000000000 R14: ffff8ee4c43f5000 R15:
ffff8ee4c3eace00
[ 158.812940] FS: 00007f361d61c740(0000) GS:ffff8ee4fbc80000(0000)
knlGS:0000000000000000
[ 158.813932] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 158.814747] CR2: 00007f3610062000 CR3: 0000000103e96003 CR4:
0000000000370ee0
[ 158.815654] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 158.816559] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 158.817489] note: dd[1053] exited with preempt_count 1
[ 158.818287] ------------[ cut here ]------------
[ 158.819279] WARNING: CPU: 1 PID: 1053 at kernel/exit.c:738
do_exit+0x35/0xad0
[ 158.820207] Modules linked in: dm_integrity async_xor async_tx
scsi_debug rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd
grace fscache netfs intel_rapl_msr intel_rapl_common kvm_intel sunrpc
kvm binfmt_misc snd_hda_codec_generic ledtrig_audio snd_hda_intel
irqbypass snd_intel_dspcfg snd_intel_sdw_acpi rapl snd_hda_codec
snd_hda_core snd_hwdep snd_seq snd_seq_device snd_pcm virtio_net
snd_timer joydev snd net_failover failover soundcore virtio_balloon
i2c_piix4 cfg80211 rfkill fuse dm_crypt xfs crct10dif_pclmul
crc32_pclmul crc32c_intel qxl ata_generic drm_ttm_helper ttm virtio_scsi
pata_acpi serio_raw qemu_fw_cfg ghash_clmulni_intel virtio_console
[ 158.826988] CPU: 1 PID: 1053 Comm: dd Tainted: G D
--------- --- 5.17.0-128.fc37.x86_64 #1
[ 158.828156] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
[ 158.829064] RIP: 0010:do_exit+0x35/0xad0
[ 158.829892] Code: 41 54 49 89 fc 55 53 65 48 8b 1c 25 c0 fb 01 00 48
83 ec 20 48 8b 83 10 0d 00 00 48 85 c0 74 0c 48 83 38 00 0f 84 ab 04 00
00 <0f> 0b 48 8b bb 28 0c 00 00 e8 cd 35 c3 00 83 4b 2c 08 48 8b 83 20
[ 158.832312] RSP: 0018:ffffa95a00c67ee8 EFLAGS: 00010002
[ 158.833220] RAX: ffffa95a00c67e10 RBX: ffff8ee4c21a8000 RCX:
0000000000000000
[ 158.834288] RDX: 0000000000000001 RSI: ffffffffb6665155 RDI:
000000000000000b
[ 158.835330] RBP: ffff8ee4c21a8000 R08: 0000000000000000 R09:
ffffa95a00c67d88
[ 158.836365] R10: ffffa95a00c67d80 R11: ffffffffb6f45588 R12:
000000000000000b
[ 158.837392] R13: 0000000000000004 R14: ffff8ee4c21a8000 R15:
ffffa95a00c67988
[ 158.838416] FS: 00007f361d61c740(0000) GS:ffff8ee4fbc80000(0000)
knlGS:0000000000000000
[ 158.839502] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 158.840433] CR2: 00007f3610062000 CR3: 0000000103e96003 CR4:
0000000000370ee0
[ 158.841459] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 158.842487] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 158.843520] Call Trace:
[ 158.844235] <TASK>
[ 158.844896] make_task_dead+0x51/0x60
[ 158.845661] rewind_stack_and_make_dead+0x17/0x17
[ 158.846509] RIP: 0033:0x7f361d7247e7
[ 158.847261] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f
1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f
05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24
[ 158.849550] RSP: 002b:00007fff3413fa68 EFLAGS: 00000246 ORIG_RAX:
0000000000000001
[ 158.850587] RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
00007f361d7247e7
[ 158.851574] RDX: 0000000000100000 RSI: 00007f360ff63000 RDI:
0000000000000001
[ 158.852559] RBP: 0000000000100000 R08: 00000000ffffffff R09:
0000000000000000
[ 158.853572] R10: 0000000000000022 R11: 0000000000000246 R12:
00007f360ff63000
[ 158.854535] R13: 0000000000000000 R14: 0000000000100000 R15:
0000000000000000
[ 158.855498] </TASK>
[ 158.856112] ---[ end trace 0000000000000000 ]---
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.sh
Type: application/x-shellscript
Size: 1597 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/dm-devel/attachments/20220324/264e5def/attachment.bin>
More information about the dm-devel
mailing list