| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 13 Jul 2016 09:29:19 +0800
From: kernel test robot <xiaolong.ye@...el.com>
To: Alexander Potapenko <glider@...gle.com>
Cc: 0day robot <fengguang.wu@...el.com>,
LKML <linux-kernel@...r.kernel.org>, lkp@...org
Subject: [lkp] [mm, kasan] 7392becb25: BUG: KASAN: slab-out-of-bounds in
bucket_table_alloc+0x79/0x1a0 at addr ffff88003e400000
FYI, we noticed the following commit:
https://github.com/0day-ci/linux Alexander-Potapenko/mm-kasan-switch-SLUB-to-stackdepot-enable-memory-quarantine-for-SLUB/20160708-183858
commit 7392becb255cd6c0e7bedaabd58f638b732772f2 ("mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB")
in testcase: boot
on test machine: 2 threads qemu-system-x86_64 -enable-kvm -cpu Haswell,+smep,+smap with 1G memory
caused below changes:
+-----------------------------------------------------------------------------------------+----------+------------+
| | v4.7-rc6 | 7392becb25 |
+-----------------------------------------------------------------------------------------+----------+------------+
| boot_successes | 0 | 0 |
| boot_failures | 61 | 36 |
| BUG:workqueue_lockup-pool | 58 | 14 |
| BUG:workqueue_lockup-pool_cpus=#cpus=#node=#node=#flags=#nice=#flags=#nice=#stuck_for#s | 58 | 14 |
| BUG:workqueue_lockup-pool_cpus=#cpus=#flags=#nice=#flags=#nice=#stuck_for#s | 12 | 1 |
| Kernel_panic-not_syncing:Attempted_to_kill_init!exitcode= | 9 | |
| BUG:KASAN:slab-out-of-bounds_in_bucket_table_alloc_at_addr | 0 | 22 |
| backtrace:threadfunc | 0 | 22 |
| BUG:KASAN:slab-out-of-bounds_in | 0 | 1 |
+-----------------------------------------------------------------------------------------+----------+------------+
[ 22.095742] Testing concurrent rhashtable access from 10 threads
[ 22.756188] ==================================================================
[ 22.756188] ==================================================================
[ 22.759097] BUG: KASAN: slab-out-of-bounds in bucket_table_alloc+0x79/0x1a0 at addr ffff88003e400000
[ 22.759097] BUG: KASAN: slab-out-of-bounds in bucket_table_alloc+0x79/0x1a0 at addr ffff88003e400000
[ 22.762225] Write of size 4 by task rhashtable_thra/165
[ 22.762225] Write of size 4 by task rhashtable_thra/165
[ 22.764303] CPU: 0 PID: 165 Comm: rhashtable_thra Not tainted 4.7.0-rc6-00001-g7392bec #1
[ 22.764303] CPU: 0 PID: 165 Comm: rhashtable_thra Not tainted 4.7.0-rc6-00001-g7392bec #1
[ 22.766875] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
[ 22.766875] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
[ 22.769722] 0000000000000000
[ 22.769722] 0000000000000000 ffff8800165f7be8 ffff8800165f7be8 ffffffff812cd64c ffffffff812cd64c ffff8800165f7c58 ffff8800165f7c58
[ 22.772033] ffffffff811c4b96
[ 22.772033] ffffffff811c4b96 ffffffff812ec3c8 ffffffff812ec3c8 0000000000000246 0000000000000246 ffff880000082300 ffff880000082300
[ 22.774265] 0000000002089220
[ 22.774265] 0000000002089220 0000000002089220 0000000002089220 ffff8800165f7c68 ffff8800165f7c68 ffffffff811c2379 ffffffff811c2379
[ 22.776571] Call Trace:
[ 22.776571] Call Trace:
[ 22.777355] [<ffffffff812cd64c>] dump_stack+0x19/0x1b
[ 22.777355] [<ffffffff812cd64c>] dump_stack+0x19/0x1b
[ 22.779220] [<ffffffff811c4b96>] kasan_report+0x2d7/0x4ed
[ 22.779220] [<ffffffff811c4b96>] kasan_report+0x2d7/0x4ed
[ 22.780862] [<ffffffff812ec3c8>] ? bucket_table_alloc+0x79/0x1a0
[ 22.780862] [<ffffffff812ec3c8>] ? bucket_table_alloc+0x79/0x1a0
[ 22.782668] [<ffffffff811c2379>] ? __kmalloc+0x177/0x1b0
[ 22.782668] [<ffffffff811c2379>] ? __kmalloc+0x177/0x1b0
[ 22.784273] [<ffffffff811c46b0>] __asan_store4+0x6e/0x70
[ 22.784273] [<ffffffff811c46b0>] __asan_store4+0x6e/0x70
[ 22.785885] [<ffffffff812ec3c8>] bucket_table_alloc+0x79/0x1a0
[ 22.785885] [<ffffffff812ec3c8>] bucket_table_alloc+0x79/0x1a0
[ 22.787660] [<ffffffff812ecfb7>] rhashtable_insert_rehash+0xc0/0x13f
[ 22.787660] [<ffffffff812ecfb7>] rhashtable_insert_rehash+0xc0/0x13f
[ 22.789577] [<ffffffff812f15d5>] insert_retry+0x2fa/0x5bc
[ 22.789577] [<ffffffff812f15d5>] insert_retry+0x2fa/0x5bc
[ 22.791705] [<ffffffff81101f19>] ? trace_hardirqs_on+0xd/0xf
[ 22.791705] [<ffffffff81101f19>] ? trace_hardirqs_on+0xd/0xf
[ 22.793425] [<ffffffff812f195f>] threadfunc+0xc8/0x68c
[ 22.793425] [<ffffffff812f195f>] threadfunc+0xc8/0x68c
[ 22.794987] [<ffffffff81f92dbe>] ? __schedule+0x5fe/0x73f
[ 22.794987] [<ffffffff81f92dbe>] ? __schedule+0x5fe/0x73f
[ 22.796629] [<ffffffff812f1897>] ? insert_retry+0x5bc/0x5bc
[ 22.796629] [<ffffffff812f1897>] ? insert_retry+0x5bc/0x5bc
[ 22.798810] [<ffffffff810e5c55>] kthread+0x18d/0x19c
[ 22.798810] [<ffffffff810e5c55>] kthread+0x18d/0x19c
[ 22.800319] [<ffffffff810e5ac8>] ? __kthread_parkme+0xb0/0xb0
[ 22.800319] [<ffffffff810e5ac8>] ? __kthread_parkme+0xb0/0xb0
[ 22.802048] [<ffffffff810ea54c>] ? finish_task_switch+0x1ac/0x224
[ 22.802048] [<ffffffff810ea54c>] ? finish_task_switch+0x1ac/0x224
[ 22.804976] [<ffffffff81f9986f>] ret_from_fork+0x1f/0x40
[ 22.804976] [<ffffffff81f9986f>] ret_from_fork+0x1f/0x40
[ 22.807662] [<ffffffff810e5ac8>] ? __kthread_parkme+0xb0/0xb0
[ 22.807662] [<ffffffff810e5ac8>] ? __kthread_parkme+0xb0/0xb0
[ 22.810556] Object at ffff88003e400000, in cache kmalloc-4194304
[ 22.810556] Object at ffff88003e400000, in cache kmalloc-4194304
[ 22.813231] Memory state around the buggy address:
FYI, raw QEMU command line is:
qemu-system-x86_64 -enable-kvm -cpu Haswell,+smep,+smap -kernel /pkg/linux/x86_64-randconfig-s2-07120443/gcc-6/7392becb255cd6c0e7bedaabd58f638b732772f2/vmlinuz-4.7.0-rc6-00001-g7392bec -append 'root=/dev/ram0 user=lkp job=/lkp/scheduled/vm-kbuild-1G-5/bisect_boot-1-debian-x86_64-2015-02-07.cgz-x86_64-randconfig-s2-07120443-7392becb255cd6c0e7bedaabd58f638b732772f2-20160712-21427-xipcnl-0.yaml ARCH=x86_64 kconfig=x86_64-randconfig-s2-07120443 branch=linux-devel/devel-spot-201607120350 commit=7392becb255cd6c0e7bedaabd58f638b732772f2 BOOT_IMAGE=/pkg/linux/x86_64-randconfig-s2-07120443/gcc-6/7392becb255cd6c0e7bedaabd58f638b732772f2/vmlinuz-4.7.0-rc6-00001-g7392bec max_uptime=600 RESULT_ROOT=/result/boot/1/vm-kbuild-1G/debian-x86_64-2015-02-07.cgz/x86_64-randconfig-s2-07120443/gcc-6/7392becb255cd6c0e7bedaabd58f638b732772f2/0 LKP_SERVER=inn earlyprintk=ttyS0,115200 systemd.log_level=err debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal rw ip=::::vm-kbuild-1G-5::dhcp' -initrd /fs/sdg1/initrd-vm-kbuild-1G-5 -m 1024 -smp 2 -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::23004-:22 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -device virtio-scsi-pci,id=scsi0 -drive file=/fs/sdg1/disk0-vm-kbuild-1G-5,if=none,id=hd0,media=disk,aio=native,cache=none -device scsi-hd,bus=scsi0.0,drive=hd0,scsi-id=1,lun=0 -drive file=/fs/sdg1/disk1-vm-kbuild-1G-5,if=none,id=hd1,media=disk,aio=native,cache=none -device scsi-hd,bus=scsi0.0,drive=hd1,scsi-id=1,lun=1 -drive file=/fs/sdg1/disk2-vm-kbuild-1G-5,if=none,id=hd2,media=disk,aio=native,cache=none -device scsi-hd,bus=scsi0.0,drive=hd2,scsi-id=1,lun=2 -drive file=/fs/sdg1/disk3-vm-kbuild-1G-5,if=none,id=hd3,media=disk,aio=native,cache=none -device scsi-hd,bus=scsi0.0,drive=hd3,scsi-id=1,lun=3 -drive file=/fs/sdg1/disk4-vm-kbuild-1G-5,if=none,id=hd4,media=disk,aio=native,cache=none -device scsi-hd,bus=scsi0.0,drive=hd4,scsi-id=1,lun=4 -pidfile /dev/shm/kboot/pid-vm-kbuild-1G-5 -serial file:/dev/shm/kboot/serial-vm-kbuild-1G-5 -daemonize -display none -monitor null
Thanks,
Xiaolong
View attachment "config-4.7.0-rc6-00001-g7392bec" of type "text/plain" (91138 bytes)
Download attachment "dmesg.xz" of type "application/octet-stream" (24032 bytes)
Powered by blists - more mailing lists