| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Jul 2016 02:39:16 +0800
From: kernel test robot <fengguang.wu@...el.com>
To: Alexander Potapenko <glider@...gle.com>
Cc: LKP <lkp@...org>, kasan-dev@...glegroups.com,
linux-kernel@...r.kernel.org, linux-mm@...ck.org,
Linux Memory Management List <linux-mm@...ck.org>,
Andrew Morton <akpm@...ux-foundation.org>, wfg@...ux.intel.com
Subject: [mm, kasan] 63495b0c58: BUG radix_tree_node (Not tainted):
Object padding overwritten
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
commit 63495b0c58fff45bd94baf23a2f1138de7c20c3e
Author: Alexander Potapenko <glider@...gle.com>
AuthorDate: Sat Jun 25 10:10:25 2016 +1000
Commit: Stephen Rothwell <sfr@...b.auug.org.au>
CommitDate: Sat Jun 25 13:26:56 2016 +1000
mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB
For KASAN builds:
- switch SLUB allocator to using stackdepot instead of storing the
allocation/deallocation stacks in the objects;
- change the freelist hook so that parts of the freelist can be put
into the quarantine.
Link: http://lkml.kernel.org/r/1466617421-58518-1-git-send-email-glider@google.com
Signed-off-by: Alexander Potapenko <glider@...gle.com>
Cc: Andrey Konovalov <adech.fo@...il.com>
Cc: Dmitry Vyukov <dvyukov@...gle.com>
Cc: Steven Rostedt (Red Hat) <rostedt@...dmis.org>
Cc: Joonsoo Kim <iamjoonsoo.kim@....com>
Cc: Konstantin Serebryany <kcc@...gle.com>
Cc: Christoph Lameter <cl@...ux.com>
Cc: Pekka Enberg <penberg@...nel.org>
Cc: David Rientjes <rientjes@...gle.com>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
+---------------------------------------------------------------+------------+------------+---------------+
| | 8b84dfd7fe | 63495b0c58 | next-20160711 |
+---------------------------------------------------------------+------------+------------+---------------+
| boot_successes | 62 | 0 | 0 |
| boot_failures | 1 | 22 | 13 |
| Out_of_memory:Kill_process | 1 | | |
| BUG_radix_tree_node(Not_tainted):Object_padding_overwritten | 0 | 22 | 13 |
| INFO:#-#.First_byte#instead_of | 0 | 22 | 13 |
| INFO:Slab#objects=#used=#fp=0x(null)flags= | 0 | 22 | 13 |
| INFO:Object#@...set=#fp= | 0 | 22 | 13 |
| BUG_inode_cache(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 |
| BUG_sighand_cache(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 |
| BUG_proc_inode_cache(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 |
| BUG_radix_tree_node(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 |
| BUG_shmem_inode_cache(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 |
| INFO:Allocated_in_copy_process_age=#cpu=#pid= | 0 | 22 | 13 |
| INFO:Slab#objects=#used=#fp=#flags= | 0 | 22 | 13 |
| BUG_sock_inode_cache(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 |
| INFO:Object#@...set=#fp=0x(null) | 0 | 22 | 13 |
| BUG_kmalloc-#(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 |
| INFO:Allocated_in_acpi_ns_internalize_name_age=#cpu=#pid= | 0 | 22 | 13 |
| INFO:Allocated_in_pcpu_mem_zalloc_age=#cpu=#pid= | 0 | 22 | 13 |
| BUG_idr_layer_cache(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 |
| INFO:Allocated_in_ida_pre_get_age=#cpu=#pid= | 0 | 22 | 13 |
| backtrace:__radix_tree_insert | 0 | 22 | 13 |
| backtrace:early_irq_init | 0 | 22 | 13 |
| backtrace:vfs_kern_mount | 0 | 22 | 13 |
| backtrace:mnt_init | 0 | 22 | 13 |
| backtrace:vfs_caches_init | 0 | 22 | 13 |
| backtrace:kern_mount_data | 0 | 22 | 13 |
| backtrace:nsfs_init | 0 | 22 | 13 |
| backtrace:_do_fork | 0 | 22 | 13 |
| backtrace:apic_bsp_setup | 0 | 22 | 13 |
| backtrace:APIC_init_uniprocessor | 0 | 22 | 13 |
| backtrace:up_late_init | 0 | 22 | 13 |
| backtrace:kernel_init_freeable | 0 | 22 | 13 |
| backtrace:shmem_init | 0 | 22 | 13 |
| backtrace:do_exit | 0 | 22 | 13 |
| backtrace:do_mount | 0 | 22 | 13 |
| backtrace:SyS_mount | 0 | 22 | 13 |
| backtrace:devtmpfsd | 0 | 22 | 13 |
| backtrace:debugfs_create_dir | 0 | 22 | 13 |
| backtrace:regulator_init | 0 | 22 | 13 |
| backtrace:debugfs_create_file | 0 | 22 | 13 |
| backtrace:rdev_init_debugfs | 0 | 22 | 13 |
| backtrace:__platform_driver_register | 0 | 22 | 13 |
| backtrace:regulator_dummy_init | 0 | 22 | 13 |
| backtrace:debugfs_create_u32 | 0 | 22 | 13 |
| backtrace:sock_init | 0 | 22 | 13 |
| backtrace:__netlink_kernel_create | 0 | 22 | 13 |
| backtrace:rtnetlink_net_init | 0 | 22 | 13 |
| backtrace:ops_init | 0 | 22 | 13 |
| backtrace:register_pernet_subsys | 0 | 22 | 13 |
| backtrace:rtnetlink_init | 0 | 22 | 13 |
| backtrace:netlink_proto_init | 0 | 22 | 13 |
| backtrace:bdi_class_init | 0 | 22 | 13 |
| backtrace:uevent_net_init | 0 | 22 | 13 |
| backtrace:kobject_uevent_init | 0 | 22 | 13 |
| backtrace:wakeup_sources_debugfs_init | 0 | 22 | 13 |
| backtrace:regmap_initcall | 0 | 22 | 13 |
| backtrace:arch_kdebugfs_init | 0 | 22 | 13 |
| backtrace:sysfs_create_file_ns | 0 | 22 | 2 |
| backtrace:param_sysfs_init | 0 | 22 | 2 |
| INFO:Allocated_in__register_sysctl_paths_age=#cpu=#pid= | 0 | 0 | 13 |
| INFO:Allocated_in_allocate_cgrp_cset_links_age=#cpu=#pid= | 0 | 0 | 9 |
| INFO:Allocated_in_kthread_create_on_node_age=#cpu=#pid= | 0 | 0 | 4 |
| backtrace:kmem_cache_create | 0 | 0 | 11 |
| backtrace:uid_cache_init | 0 | 0 | 11 |
| INFO:Allocated_in_alloc_workqueue_attrs_age=#cpu=#pid= | 0 | 0 | 2 |
| INFO:Allocated_in_apply_wqattrs_prepare_age=#cpu=#pid= | 0 | 0 | 2 |
| BUG_pid(Tainted:G_B):Object_padding_overwritten | 0 | 0 | 2 |
| INFO:Allocated_in_alloc_pid_age=#cpu=#pid= | 0 | 0 | 2 |
| BUG_signal_cache(Tainted:G_B):Object_padding_overwritten | 0 | 0 | 2 |
| BUG_task_struct(Tainted:G_B):Object_padding_overwritten | 0 | 0 | 2 |
| BUG_cred_jar(Tainted:G_B):Object_padding_overwritten | 0 | 0 | 2 |
| INFO:Allocated_in_prepare_creds_age=#cpu=#pid= | 0 | 0 | 2 |
| BUG_names_cache(Tainted:G_B):Object_padding_overwritten | 0 | 0 | 2 |
| INFO:Allocated_in_getname_flags_age=#cpu=#pid= | 0 | 0 | 2 |
| INFO:Allocated_in_copy_mount_options_age=#cpu=#pid= | 0 | 0 | 2 |
| INFO:Allocated_in_strndup_user_age=#cpu=#pid= | 0 | 0 | 2 |
| backtrace:native_calibrate_cpu | 0 | 0 | 2 |
| backtrace:tsc_init | 0 | 0 | 2 |
| backtrace:x86_late_time_init | 0 | 0 | 2 |
+---------------------------------------------------------------+------------+------------+---------------+
[ 0.000000] Running RCU self tests
[ 0.000000] NR_IRQS:4352 nr_irqs:256 16
[ 0.000000] =============================================================================
[ 0.000000] BUG radix_tree_node (Not tainted): Object padding overwritten
[ 0.000000] -----------------------------------------------------------------------------
[ 0.000000]
[ 0.000000] Disabling lock debugging due to kernel taint
[ 0.000000] INFO: 0xffff88000c800210-0xffff88000c800210. First byte 0x58 instead of 0x5a
[ 0.000000] INFO: Slab 0xffffea0000320000 objects=14 used=14 fp=0x (null) flags=0x4080
[ 0.000000] INFO: Object 0xffff88000c800008 @offset=8 fp=0xffff88000c800238
[ 0.000000]
[ 0.000000] Redzone ffff88000c800000: bb bb bb bb bb bb bb bb ........
[ 0.000000] Object ffff88000c800008: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 0.000000] Object ffff88000c800018: 00 00 00 00 00 00 00 00 20 00 80 0c 00 88 ff ff ........ .......
[ 0.000000] Object ffff88000c800028: 20 00 80 0c 00 88 ff ff 00 00 00 00 00 00 00 00 ...............
[ 0.000000] Object ffff88000c800038: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 0.000000] Object ffff88000c800048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 0.000000] Object ffff88000c800058: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 0.000000] Object ffff88000c800068: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 0.000000] Object ffff88000c800078: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 0.000000] Object ffff88000c800088: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 0.000000] Object ffff88000c800098: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 0.000000] Object ffff88000c8000a8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 0.000000] Object ffff88000c8000b8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
[ 0.000000] Redzone ffff88000c8000c8: bb bb bb bb bb bb bb bb ........
[ 0.000000] Padding ffff88000c800208: 5a 5a 5a 5a 5a 5a 5a 5a 58 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZXZZZZZZZ
[ 0.000000] Padding ffff88000c800218: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ
[ 0.000000] Padding ffff88000c800228: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
git bisect start dd27435af10bb67660f1e9f5689aea1854c20f26 a99cde438de0c4c0cecc1d1af1a55a75b10bfdef --
git bisect good 8fe2e22827c7050f1361354858596a2b94448dcd # 23:30 22+ 0 Merge remote-tracking branch 'slave-dma/next'
git bisect good 9605f7cece91a057a6c7a3f17d3fc26d91c54bf6 # 23:44 22+ 0 Merge remote-tracking branch 'spi/for-next'
git bisect good ccd7d3c2c3a8f538e7babeb1cf955730f5cde118 # 23:52 22+ 1 Merge remote-tracking branch 'extcon/extcon-next'
git bisect good 938e32d7f884c5baa75d68b2063fd48315a09ccd # 23:57 22+ 1 Merge remote-tracking branch 'userns/for-next'
git bisect good d4656ac2985214dcfad8acc5c841a884a088a2d1 # 00:12 22+ 1 Merge remote-tracking branch 'livepatching/for-next'
git bisect good a47bd84d8c1d6498ae3a4c6e74efa26c517e4f85 # 00:33 22+ 0 Merge remote-tracking branch 'nvdimm/libnvdimm-for-next'
git bisect bad 2ffbdc1098912039558a87f665688b45ba220274 # 00:36 0- 22 Merge branch 'akpm-current/current'
git bisect good a137d2de1575885e2b41acd813ca50ad9fd7c1f4 # 00:42 21+ 3 thp, mlock: do not mlock PTE-mapped file huge pages
git bisect bad 73c4a26170c610887770a58163a960d03f199d90 # 00:45 0- 5 lib/iommu-helper: skip to next segment
git bisect good 8611b108d9f74d5c76f2be4f3842498511fe9f32 # 00:50 22+ 2 proc, oom: drop bogus sighand lock
git bisect bad bb3877b284bbec55e0db68be669e8a1c380813de # 00:54 0- 22 proc_oom_score: remove tasklist_lock and pid_alive()
git bisect good e27d880ea5fa9c569a4945f1e4fc77ec8050e44e # 00:58 22+ 2 mm, oom_reaper: do not attempt to reap a task more than twice
git bisect good d8a354ccd10174801dcf686aaba5bb28d164199e # 01:04 21+ 0 ksm: set anon_vma of first rmap_item of ksm page to page's anon_vma other than vma's anon_vma
git bisect good 8b84dfd7feb26100eb92f3ae227fcf7ee4b14b76 # 01:08 20+ 0 mm/compaction: remove unnecessary order check in try_to_compact_pages()
git bisect bad 63495b0c58fff45bd94baf23a2f1138de7c20c3e # 01:12 0- 22 mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB
# first bad commit: [63495b0c58fff45bd94baf23a2f1138de7c20c3e] mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB
git bisect good 8b84dfd7feb26100eb92f3ae227fcf7ee4b14b76 # 01:15 63+ 1 mm/compaction: remove unnecessary order check in try_to_compact_pages()
# extra tests with CONFIG_DEBUG_INFO_REDUCED
git bisect bad 63495b0c58fff45bd94baf23a2f1138de7c20c3e # 01:19 0- 24 mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB
# extra tests on HEAD of linux-next/master
git bisect bad dd27435af10bb67660f1e9f5689aea1854c20f26 # 01:19 0- 13 Add linux-next specific files for 20160711
# extra tests on tree/branch linux-next/master
git bisect bad dd27435af10bb67660f1e9f5689aea1854c20f26 # 01:53 0- 13 Add linux-next specific files for 20160711
# extra tests with first bad commit reverted
git bisect good 0ccaf34cb358153063a9e1727dfccd6ad2521c7e # 02:03 64+ 7 Revert "mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB"
# extra tests on tree/branch linus/master
git bisect good 92d21ac74a9e3c09b0b01c764e530657e4c85c49 # 02:08 61+ 15 Linux 4.7-rc7
# extra tests on tree/branch linux-next/master
git bisect bad dd27435af10bb67660f1e9f5689aea1854c20f26 # 02:38 0- 13 Add linux-next specific files for 20160711
This script may reproduce the error.
----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
kvm=(
qemu-system-x86_64
-enable-kvm
-cpu Haswell,+smep,+smap
-kernel $kernel
-m 256
-smp 1
-device e1000,netdev=net0
-netdev user,id=net0
-boot order=nc
-no-reboot
-watchdog i6300esb
-rtc base=localtime
-serial stdio
-display none
-monitor null
)
append=(
hung_task_panic=1
earlyprintk=ttyS0,115200
systemd.log_level=err
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
panic=-1
softlockup_panic=1
nmi_watchdog=panic
oops=panic
load_ramdisk=2
prompt_ramdisk=0
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
drbd.minor_count=8
)
"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-yocto-vp-83:20160712011123:x86_64-randconfig-s5-07112049:4.7.0-rc4-00278-g63495b0:2.gz" of type "application/gzip" (92140 bytes)
Download attachment "dmesg-quantal-kbuild-12:20160712011329:x86_64-randconfig-s5-07112049:4.7.0-rc4-00277-g8b84dfd:1.gz" of type "application/gzip" (20487 bytes)
View attachment "config-4.7.0-rc4-00278-g63495b0" of type "text/plain" (80995 bytes)
Powered by blists - more mailing lists