search

openzfs / zfs

OpenZFS on Linux and FreeBSD
https://openzfs.github.io/openzfs-docs
Other
10.45k stars 1.73k forks source link

memcpy: detected field-spanning write (size 7) of single field "sbuf" at /var/lib/dkms/zfs/2.2.99/build/module/lua/lstring.c:107 #16541

Open leelists opened 4 days ago

leelists commented 4 days ago

System information

Type Version/Name
Distribution Name Ubuntu
Distribution Version 24.04
Kernel Version 6.11.0
Architecture amd64
OpenZFS Version 2.2.99-700_ga10e552b9

Describe the problem you're observing

Kernel warn when using lua

Describe how to reproduce the problem

zrepl is using lua to do snapshoting

Include any warning/errors/backtraces from the system logs

[ 1569.953074] ------------[ cut here ]------------
[ 1569.953082] memcpy: detected field-spanning write (size 7) of single field "sbuf" at /var/lib/dkms/zfs/2.2.99/build/module/lua/lstring.c:107 (size 0)
[ 1569.953150] WARNING: CPU: 12 PID: 15044 at createstrobj+0xa0/0xb0 [zfs]
[ 1569.953311] Modules linked in: uhid rfcomm snd_seq_dummy snd_hrtimer xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp nft_compat nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 bridge stp llc overlay vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) qrtr cmac algif_hash algif_skcipher af_alg bnep nf_tables libcrc32c binfmt_misc nls_iso8859_1 snd_sof_amd_rembrandt snd_sof_amd_renoir snd_sof_amd_acp snd_sof_pci amd_atl intel_rapl_msr snd_sof_xtensa_dsp intel_rapl_common snd_hda_codec_realtek ucsi_ccg snd_sof ee1004 snd_sof_utils snd_hda_codec_generic edac_mce_amd snd_hda_scodec_component snd_pci_ps btusb btrtl snd_amd_sdw_acpi soundwire_amd btintel kvm_amd btbcm soundwire_generic_allocation btmtk soundwire_bus snd_hda_codec_hdmi amdgpu bluetooth uvcvideo snd_soc_core snd_hda_intel kvm videobuf2_vmalloc snd_intel_dspcfg snd_compress snd_intel_sdw_acpi uvc videobuf2_memops ac97_bus crct10dif_pclmul snd_hda_codec videobuf2_v4l2 snd_pcm_dmaengine snd_hda_core polyval_clmulni snd_hwdep
[ 1569.953370]  videodev polyval_generic snd_rpl_pci_acp6x ghash_clmulni_intel videobuf2_common rtw88_8822ce sha512_ssse3 snd_seq_midi snd_acp_pci snd_seq_midi_event snd_acp_legacy_common sha256_ssse3 rtw88_8822c mc sha1_ssse3 aesni_intel snd_rawmidi rtw88_pci crypto_simd snd_pci_acp6x drm_exec rtw88_core cryptd amdxcp drm_buddy snd_seq rapl snd_pcm wmi_bmof gpu_sched snd_seq_device mac80211 drm_suballoc_helper snd_pci_acp5x drm_ttm_helper snd_timer ttm snd_rn_pci_acp3x snd_acp_config snd cfg80211 drm_display_helper snd_soc_acpi i2c_piix4 i2c_nvidia_gpu i2c_algo_bit libarc4 snd_pci_acp3x ccp k10temp i2c_smbus soundcore i2c_ccgx_ucsi asus_wireless nvidia_uvm(POE) input_leds joydev serio_raw mac_hid sch_fq_pie sch_pie dell_smm_hwmon msr parport_pc ppdev lp parport nvme_fabrics nfsd efi_pstore auth_rpcgss nfs_acl lockd grace sunrpc nfnetlink dmi_sysfs ip_tables x_tables autofs4 zfs(POE) spl(OE) cdc_ether usbnet usbhid r8152 mii nvidia_drm(POE) hid_multitouch nvidia_modeset(POE) hid_generic nvidia(POE) r8169 i2c_hid_acpi
[ 1569.953437]  i2c_hid realtek drm_kms_helper hid mdio_devres nvme ahci crc32_pclmul ucsi_acpi typec_ucsi libphy libahci xhci_pci nvme_core xhci_pci_renesas typec drm video wmi
[ 1569.953454] CPU: 12 UID: 0 PID: 15044 Comm: zfs Tainted: P     U  W  OE      6.11.0-jave #1
[ 1569.953458] Tainted: [P]=PROPRIETARY_MODULE, [U]=USER, [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE
[ 1569.953459] Hardware name: ASUSTeK COMPUTER INC. ASUS TUF Gaming A15 FA506IV_TUF566IV/FA506IV, BIOS FA506IV.320 06/01/2022
[ 1569.953461] RIP: 0010:createstrobj+0xa0/0xb0 [zfs]
[ 1569.953548] Code: e4 c2 80 3d 9a da ce ff 00 75 c4 31 c9 48 c7 c2 68 33 f8 c3 48 89 ee 48 c7 c7 b0 33 f8 c3 c6 05 7e da ce ff 01 e8 50 0a 20 c2 <0f> 0b eb a1 66 66 2e 0f 1f 84 00 00 00 00 00 90 48 39 f7 b8 01 00
[ 1569.953550] RSP: 0018:ffffbac3d19df8f8 EFLAGS: 00010286
[ 1569.953552] RAX: 0000000000000000 RBX: ffff991896b59808 RCX: 0000000000000027
[ 1569.953553] RDX: ffff991b9f91ba88 RSI: 0000000000000001 RDI: ffff991b9f91ba80
[ 1569.953555] RBP: 0000000000000007 R08: 0000000000000000 R09: 0000000000000003
[ 1569.953556] R10: ffffbac3d19df798 R11: ffffffff8751a8a8 R12: 00000000a0333c07
[ 1569.953557] R13: ffffffffc3fa84a7 R14: 0000000000000007 R15: ffff991af9b75008
[ 1569.953559] FS:  00007f9b6e1e4040(0000) GS:ffff991b9f900000(0000) knlGS:0000000000000000
[ 1569.953561] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1569.953562] CR2: 000055f271110000 CR3: 000000026d268000 CR4: 0000000000350ef0
[ 1569.953564] Call Trace:
[ 1569.953566]  <TASK>
[ 1569.953569]  ? __warn+0x66/0xc0
[ 1569.953573]  ? createstrobj+0xa0/0xb0 [zfs]
[ 1569.953659]  ? report_bug+0x146/0x170
[ 1569.953664]  ? handle_bug+0x3a/0x70
[ 1569.953667]  ? exc_invalid_op+0x1f/0x90
[ 1569.953669]  ? srso_return_thunk+0x5/0x5f
[ 1569.953672]  ? asm_exc_invalid_op+0x16/0x20
[ 1569.953677]  ? createstrobj+0xa0/0xb0 [zfs]
[ 1569.953762]  ? createstrobj+0xa0/0xb0 [zfs]
[ 1569.953848]  luaS_newlstr+0x12b/0x170 [zfs]
[ 1569.953934]  ? zcp_lua_to_nvlist_helper+0x90/0x90 [zfs]
[ 1569.954035]  luaT_init+0x1d/0x50 [zfs]
[ 1569.954122]  f_luaopen+0xad/0x110 [zfs]
[ 1569.954208]  luaD_rawrunprotected+0x66/0xa0 [zfs]
[ 1569.954293]  ? stack_init+0xb0/0xb0 [zfs]
[ 1569.954379]  ? zcp_lua_to_nvlist_helper+0x90/0x90 [zfs]
[ 1569.954472]  ? luaD_rawrunprotected+0x4f/0xa0 [zfs]
[ 1569.954558]  lua_newstate+0x27e/0x2c0 [zfs]
[ 1569.954644]  ? close_state+0xe0/0xe0 [zfs]
[ 1569.954729]  zcp_eval+0x83/0x8a0 [zfs]
[ 1569.954822]  ? srso_return_thunk+0x5/0x5f
[ 1569.954824]  ? __kmalloc_node_noprof+0x159/0x370
[ 1569.954829]  ? spl_kmem_alloc_impl+0x10e/0x150 [spl]
[ 1569.954836]  ? srso_return_thunk+0x5/0x5f
[ 1569.954838]  ? __kmalloc_node_noprof+0x159/0x370
[ 1569.954840]  ? srso_return_thunk+0x5/0x5f
[ 1569.954842]  ? spl_kmem_alloc_impl+0x10e/0x150 [spl]
[ 1569.954848]  ? srso_return_thunk+0x5/0x5f
[ 1569.954850]  ? nvlist_lookup_nvpair_ei_sep+0x22b/0x3c0 [zfs]
[ 1569.954942]  dsl_destroy_snapshots_nvl.part.0+0x115/0x210 [zfs]
[ 1569.955046]  zfs_ioc_destroy_snaps+0x179/0x180 [zfs]
[ 1569.955148]  zfsdev_ioctl_common+0x3d3/0x960 [zfs]
[ 1569.955241]  ? srso_return_thunk+0x5/0x5f
[ 1569.955244]  zfsdev_ioctl+0x58/0xf0 [zfs]
[ 1569.955335]  __x64_sys_ioctl+0xb6/0xf0
[ 1569.955338]  ? srso_return_thunk+0x5/0x5f
[ 1569.955341]  do_syscall_64+0x64/0x100
[ 1569.955344]  ? srso_return_thunk+0x5/0x5f
[ 1569.955346]  ? zfsdev_ioctl_common+0x46a/0x960 [zfs]
[ 1569.955437]  ? srso_return_thunk+0x5/0x5f
[ 1569.955439]  ? __rseq_handle_notify_resume+0xac/0x450
[ 1569.955442]  ? srso_return_thunk+0x5/0x5f
[ 1569.955445]  ? srso_return_thunk+0x5/0x5f
[ 1569.955448]  ? srso_return_thunk+0x5/0x5f
[ 1569.955449]  ? syscall_exit_to_user_mode+0x125/0x160
[ 1569.955452]  ? srso_return_thunk+0x5/0x5f
[ 1569.955453]  ? do_syscall_64+0x70/0x100
[ 1569.955456]  ? srso_return_thunk+0x5/0x5f
[ 1569.955458]  ? srso_return_thunk+0x5/0x5f
[ 1569.955460]  ? irqentry_exit_to_user_mode+0x38/0x150
[ 1569.955462]  entry_SYSCALL_64_after_hwframe+0x55/0x5d
[ 1569.955465] RIP: 0033:0x7f9b6eb24ded
[ 1569.955467] Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00
[ 1569.955468] RSP: 002b:00007ffca2342d20 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1569.955471] RAX: ffffffffffffffda RBX: 0000000000005a3b RCX: 00007f9b6eb24ded
[ 1569.955472] RDX: 00007ffca2342da0 RSI: 0000000000005a3b RDI: 0000000000000004
[ 1569.955473] RBP: 00007ffca2342d70 R08: 00007f9b6ec03b20 R09: 0000000000000000
[ 1569.955475] R10: 0000000000000001 R11: 0000000000000246 R12: 00007ffca2342da0
[ 1569.955476] R13: 0000000000005a3b R14: 00007ffca2346301 R15: 00007ffca23464f8
[ 1569.955480]  </TASK>
[ 1569.955481] ---[ end trace 0000000000000000 ]---
amotin commented 4 days ago

On a first guess I thought it is a duplicate of https://github.com/openzfs/zfs/issues/16501, but it seems a different issue of the same kind, not even in ZFS itself, but in its Lua interpreter.

rincebrain commented 4 days ago

This one is probably a legitimate concern, see also #12230 #13134