| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 28 Oct 2018 10:09:51 +0800
From: kernel test robot <lkp@...el.com>
To: Peter Zijlstra <peterz@...radead.org>
Cc: LKP <lkp@...org>, linux-kernel@...r.kernel.org, linux-mm@...ck.org,
linux-arch@...r.kernel.org
Subject: a31acd3ee8 ("x86/mm: Page size aware flush_tlb_mm_range()"):
BUG: KASAN: stack-out-of-bounds in __unwind_start
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit a31acd3ee8f7dbc0370bdf4a4bfef7a8c13c7542
Author: Peter Zijlstra <peterz@...radead.org>
AuthorDate: Sun Aug 26 12:56:48 2018 +0200
Commit: Peter Zijlstra <peterz@...radead.org>
CommitDate: Tue Oct 9 16:51:11 2018 +0200
x86/mm: Page size aware flush_tlb_mm_range()
Use the new tlb_get_unmap_shift() to determine the stride of the
INVLPG loop.
Cc: Nick Piggin <npiggin@...il.com>
Cc: Will Deacon <will.deacon@....com>
Cc: "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org>
a5b966ae42 Merge branch 'tlb/asm-generic' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux into x86/mm
a31acd3ee8 x86/mm: Page size aware flush_tlb_mm_range()
69d5b97c59 HID: we do not randomly make new drivers 'default y'
8c60c36d0b Add linux-next specific files for 20181019
+-----------------------------------------------------+------------+------------+------------+---------------+
| | a5b966ae42 | a31acd3ee8 | 69d5b97c59 | next-20181019 |
+-----------------------------------------------------+------------+------------+------------+---------------+
| boot_successes | 26 | 0 | 0 | 0 |
| boot_failures | 0 | 11 | 11 | 11 |
| BUG:KASAN:stack-out-of-bounds_in__unwind_start | 0 | 11 | 11 | 11 |
| WARNING:at_kernel/locking/lockdep.c:#lock_downgrade | 0 | 0 | 11 | 11 |
| RIP:lock_downgrade | 0 | 0 | 11 | 11 |
+-----------------------------------------------------+------------+------------+------------+---------------+
[ 378.192588] Freeing unused kernel image memory: 1440K
[ 378.288842] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 378.289798] rodata_test: all tests were successful
[ 378.290495] Run /init as init process
[ 378.298833] ==================================================================
[ 378.299979] BUG: KASAN: stack-out-of-bounds in __unwind_start+0x92/0x370
[ 378.300898] Write of size 88 at addr ffff880000337918 by task init/1
[ 378.301983]
[ 378.302240] CPU: 0 PID: 1 Comm: init Not tainted 4.19.0-rc5-00035-ga31acd3 #1
[ 378.303196] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 378.304311] Call Trace:
[ 378.304679] dump_stack+0x164/0x21b
[ 378.305182] ? printk+0xbd/0xe4
[ 378.305644] ? arch_local_irq_restore+0x37/0x37
[ 378.306313] ? rcu_read_unlock_sched_notrace+0x1d/0x1d
[ 378.307035] ? preempt_trace+0x8/0x1c
[ 378.307579] ? __unwind_start+0x92/0x370
[ 378.308147] print_address_description+0x55/0x228
[ 378.308826] ? __unwind_start+0x92/0x370
[ 378.309416] kasan_report+0x249/0x287
[ 378.309949] memset+0x1f/0x31
[ 378.311062] __unwind_start+0x92/0x370
[ 378.311616] ? unwind_next_frame+0x85f/0x85f
[ 378.312235] ? free_unref_page_list+0x35a/0x39e
[ 378.312878] ? flush_tlb_mm_range+0x23f/0x28d
[ 378.313509] ? clear_sched_clock_stable+0xff/0xff
[ 378.314192] ? lock_is_held_type+0x78/0x88
[ 378.314783] ? free_unref_page+0x6e/0x6e
[ 378.315384] __save_stack_trace+0x65/0xe8
[ 378.315970] ? release_pages+0x3c4/0x409
[ 378.316582] save_stack+0x32/0xa3
[ 378.317078] ? tlb_flush_mmu_tlbonly+0xbf/0x123
[ 378.317722] ? __tlb_reset_range+0xcd/0xdc
[ 378.318310] ? tlb_flush_mmu_free+0x69/0x92
[ 378.318893] ? preempt_trace+0x8/0x1c
[ 378.319435] ? tracer_preempt_on+0x23/0x50
[ 378.320008] ? preempt_count_sub+0x11/0x1d
[ 378.320608] ? trace_preempt_on+0x1d0/0x213
[ 378.321196] ? trace_hardirqs_off_caller+0x60/0x60
[ 378.321865] ? trace_preempt_on+0x213/0x213
[ 378.322456] ? tlb_gather_mmu+0x5f/0x5f
[ 378.323021] ? trace_irq_enable_rcuidle+0x1af/0x1f2
[ 378.323709] ? trace_irq_disable_rcuidle+0x1f2/0x1f2
[ 378.324407] ? hlock_class+0x6f/0x8d
[ 378.324929] ? mark_lock+0x2b/0x26e
[ 378.325449] ? __phys_addr+0x8c/0x92
[ 378.325972] __kasan_slab_free+0x102/0x124
[ 378.326557] slab_free_freelist_hook+0x92/0xe0
[ 378.327191] kmem_cache_free+0x76/0x1dc
[ 378.327737] ? remove_vma+0xbc/0xc4
[ 378.328235] remove_vma+0xbc/0xc4
[ 378.328708] do_munmap+0x530/0x563
[ 378.329204] vm_munmap+0xd9/0x130
[ 378.329679] ? __x64_sys_brk+0x33e/0x33e
[ 378.330241] ? write_seqcount_end+0x1f/0x23
[ 378.330832] __x64_sys_munmap+0x31/0x36
[ 378.331396] do_syscall_64+0x3eb/0x44b
[ 378.331926] ? syscall_return_slowpath+0x3dd/0x3dd
[ 378.332605] ? context_tracking_is_enabled+0x83/0xaf
[ 378.333298] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 378.334044] ? trace_irq_disable_rcuidle+0x1af/0x1f2
[ 378.334781] ? cpumask_test_cpu+0x28/0x28
[ 378.335509] ? rcu_read_unlock_sched_notrace+0x5/0x1d
[ 378.336236] ? prepare_exit_to_usermode+0x2b0/0x2f3
[ 378.336939] ? enter_from_user_mode+0x57/0x57
[ 378.337580] ? kvm_read_and_reset_pf_reason+0x25/0x25
[ 378.338309] ? mark_held_locks+0x67/0x81
[ 378.338878] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[ 378.339635] ? lockdep_hardirqs_off+0xf2/0xfb
[ 378.342306] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 378.342985] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 378.343701] RIP: 0033:0x7f0939e95a17
[ 378.344248] Code: f0 ff ff 73 01 c3 48 8d 0d 8a a7 20 00 31 d2 48 29 c2 89 11 48 83 c8 ff eb eb 90 90 90 90 90 90 90 90 90 b8 0b 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8d 0d 5d a7 20 00 31 d2 48 29 c2 89
[ 378.346800] RSP: 002b:00007ffc1cb77d78 EFLAGS: 00000203 ORIG_RAX: 000000000000000b
[ 378.347887] RAX: ffffffffffffffda RBX: 00007f093a0a01c8 RCX: 00007f0939e95a17
[ 378.348889] RDX: 000000000001dd00 RSI: 0000000000000413 RDI: 00007f093a09c000
[ 378.349887] RBP: 00007ffc1cb77ec0 R08: 0000000000000001 R09: 0000000000000007
[ 378.350879] R10: 00007f0939e90717 R11: 0000000000000203 R12: 000000e532dcfbe4
[ 378.351871] R13: 000000e532c785e7 R14: 00007f093a09a700 R15: 00007f093a09f9d8
[ 378.352864]
[ 378.353105] The buggy address belongs to the page:
[ 378.353782] page:ffffea000000cdc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start dd5e791be1fe7870ef7d5e68ac19bf7d9460a1d1 84df9525b0c27f3ebc2ebb1864fa62a97fdedb7d --
git bisect bad dc7875563b7fb1d58d8ea66860690d809b892082 # 01:50 B 0 2 16 0 Merge 'block/mq-maps' into devel-spot-201810252124
git bisect bad ce6c97b2e33b8df9718712879667185f9e47a192 # 02:14 B 0 1 15 0 Merge 'vireshk-pm/opp/genpd/required-opps' into devel-spot-201810252124
git bisect bad 6a401649772a60e0295c309a72d7d02c4407b759 # 02:38 B 0 5 19 0 Merge 'vincent.guittot/sched/pelt' into devel-spot-201810252124
git bisect bad e1100c624b286bd26c8a9fd7c623dc7620780dbf # 03:03 B 0 2 16 0 Merge 'linux-review/Andrew-Lunn/net-phy-genphy_10g_driver-Avoid-NULL-pointer-dereference/20181025-204453' into devel-spot-201810252124
git bisect good a7797cd3410d7561d1f93cf40ea631b31a3d1b3a # 03:31 G 11 0 3 3 Merge 'drm-tip/drm-tip' into devel-spot-201810252124
git bisect good 385380978d5b8809131747835aa8dd6fcd832742 # 03:47 G 11 0 5 5 Merge 'abelloni/rtc-next' into devel-spot-201810252124
git bisect good 3f80e08f40cdb308589a49077c87632fa4508b21 # 04:21 G 11 0 3 3 tcp: add tcp_reset_xmit_timer() helper
git bisect good 58a0228707870c8330917f919804986855443a19 # 04:42 G 11 0 3 3 Merge tag 'acpi-4.20-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
git bisect good 382d72a9aa525b56ab8453ce61751fa712414d3d # 05:05 G 11 0 5 5 Merge branch 'x86-hyperv-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect bad 44adbac8f7217040be97928cd19998259d9d4418 # 05:21 B 0 3 17 0 Merge branch 'work.tty-ioctl' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
git bisect bad a978a5b8d83f795e107a2ff759b28643739be70e # 05:44 B 0 6 20 0 net/kconfig: Make QCOM_QMI_HELPERS available when COMPILE_TEST
git bisect bad d7197a5ad8528642cb70f1d27d4d5c7332a2b395 # 05:59 B 0 4 18 0 Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect bad 164477c2331be75d9bd57fb76704e676b2bcd1cd # 06:21 B 0 5 19 0 x86/mm: Clarify hardware vs. software "error_code"
git bisect good 7904ba8a66f400182a204893c92098994e22a88d # 06:45 G 10 0 2 2 x86/mm/cpa: Optimize __cpa_flush_range()
git bisect good cf089611f4c446285046fcd426d90c18f37d2905 # 07:18 G 10 0 3 3 proc/vmcore: Fix i386 build error of missing copy_oldmem_page_encrypted()
git bisect bad c3f7f2c7eba1a53d2e5ffbc2dcc9a20c5f094890 # 07:33 B 0 2 16 0 smp: use __cpumask_set_cpu in on_each_cpu_cond
git bisect bad a31acd3ee8f7dbc0370bdf4a4bfef7a8c13c7542 # 07:56 B 0 3 17 0 x86/mm: Page size aware flush_tlb_mm_range()
git bisect good a5b966ae42a70b194b03eaa5eaea70d8b3790c40 # 08:37 G 11 0 5 5 Merge branch 'tlb/asm-generic' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux into x86/mm
# first bad commit: [a31acd3ee8f7dbc0370bdf4a4bfef7a8c13c7542] x86/mm: Page size aware flush_tlb_mm_range()
git bisect good a5b966ae42a70b194b03eaa5eaea70d8b3790c40 # 08:59 G 31 0 6 11 Merge branch 'tlb/asm-generic' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux into x86/mm
# extra tests with debug options
git bisect bad a31acd3ee8f7dbc0370bdf4a4bfef7a8c13c7542 # 09:16 B 0 2 16 0 x86/mm: Page size aware flush_tlb_mm_range()
# extra tests on HEAD of linux-devel/devel-spot-201810252124
git bisect bad dd5e791be1fe7870ef7d5e68ac19bf7d9460a1d1 # 09:22 B 0 13 30 0 0day head guard for 'devel-spot-201810252124'
# extra tests on tree/branch linus/master
git bisect bad 69d5b97c597307773fe6c59775a5d5a88bb7e6b3 # 09:39 B 0 1 15 0 HID: we do not randomly make new drivers 'default y'
# extra tests on tree/branch linux-next/master
git bisect bad 8c60c36d0b8c92599b8f0ec391b5250bc40e8e05 # 10:02 B 0 1 15 0 Add linux-next specific files for 20181019
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-yocto-lkp-hsw01-68:20181028075736:x86_64-randconfig-s5-10261033:4.19.0-rc5-00035-ga31acd3:1.gz" of type "application/gzip" (24391 bytes)
Download attachment "dmesg-yocto-lkp-hsw01-102:20181028083450:x86_64-randconfig-s5-10261033:4.19.0-rc5-00034-ga5b966a:1.gz" of type "application/gzip" (43961 bytes)
View attachment "reproduce-yocto-lkp-hsw01-68:20181028075736:x86_64-randconfig-s5-10261033:4.19.0-rc5-00035-ga31acd3:1" of type "text/plain" (922 bytes)
View attachment "config-4.19.0-rc5-00035-ga31acd3" of type "text/plain" (136742 bytes)
Powered by blists - more mailing lists