| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <55b50ff5.ix9cERaWn4rwWV5c%fengguang.wu@intel.com>
Date: Mon, 27 Jul 2015 00:51:01 +0800
From: kernel test robot <fengguang.wu@...el.com>
To: Sudip Mukherjee <sudipm.mukherjee@...il.com>
Cc: LKP <lkp@...org>, linux-kernel@...r.kernel.org,
"Greg Kroah-Hartman" <gregkh@...uxfoundation.org>,
wfg@...ux.intel.com
Subject: [parport] BUG kmalloc-16 (Not tainted): Object already free
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 23c405912b881e3ca516554efde852c2ad550b31
Author: Sudip Mukherjee <sudipm.mukherjee@...il.com>
AuthorDate: Mon Jun 15 20:05:50 2015 +0530
Commit: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
CommitDate: Wed Jul 22 21:15:49 2015 -0700
parport: fix memory leak
After the reference count becomes 0 when put_device() is called, it will
execute the release callback where we are freeing all the allocated
memory associated with the device. We missed freeing par_dev->state.
Signed-off-by: Sudip Mukherjee <sudip@...torindia.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
+-------------------------------------------------------------+------------+------------+------------+
| | cabea69587 | 23c405912b | 3505500da0 |
+-------------------------------------------------------------+------------+------------+------------+
| boot_successes | 63 | 0 | 0 |
| boot_failures | 0 | 24 | 17 |
| BUG_kmalloc-#(Not_tainted):Object_already_free | 0 | 24 | 17 |
| INFO:Allocated_in_parport_register_dev_model_age=#cpu=#pid= | 0 | 24 | 17 |
| INFO:Freed_in_parport_unregister_device_age=#cpu=#pid= | 0 | 24 | 17 |
| INFO:Slab#objects=#used=#fp=#flags= | 0 | 24 | 17 |
| INFO:Object#@...set=#fp= | 0 | 24 | 17 |
| backtrace:__parport_register_driver | 0 | 24 | 17 |
| backtrace:panel_init_module | 0 | 24 | 17 |
| backtrace:kernel_init_freeable | 0 | 24 | 17 |
| IP-Config:Auto-configuration_of_network_failed | 0 | 2 | 2 |
+-------------------------------------------------------------+------------+------------+------------+
[ 8.033163] hv_vmbus: registering driver hid_hyperv
[ 8.041742] panel: could not claim access to parport0. Aborting.
[ 8.043371] =============================================================================
[ 8.045047] BUG kmalloc-16 (Not tainted): Object already free
[ 8.046216] -----------------------------------------------------------------------------
[ 8.046216]
[ 8.048066] Disabling lock debugging due to kernel taint
[ 8.049127] INFO: Allocated in parport_register_dev_model+0x117/0x490 age=1 cpu=0 pid=1
[ 8.060317] INFO: Freed in parport_unregister_device+0x1a5/0x2d0 age=0 cpu=0 pid=1
[ 8.070909] INFO: Slab 0xffffea0000004500 objects=23 used=19 fp=0xffff880000115178 flags=0x4081
[ 8.072591] INFO: Object 0xffff880000115178 @offset=4472 fp=0xffff880000114d70
[ 8.072591]
[ 8.074266] Bytes b4 ffff880000115168: 00 00 00 00 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ
[ 8.076100] Object ffff880000115178: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk.
[ 8.077883] Redzone ffff880000115188: bb bb bb bb bb bb bb bb ........
[ 8.079558] Padding ffff8800001152c8: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
[ 8.081225] CPU: 0 PID: 1 Comm: swapper Tainted: G B 4.2.0-rc3-00002-g23c4059 #1
[ 8.082846] ffff880000115178 ffff880010e03ac8 ffffffff81fa8b17 ffff880010e03b08
[ 8.084398] ffffffff8123e8ce 0000000000000008 0000000000000001 ffff880010c03b00
[ 8.085949] ffff880000115178 ffff880010c00380 ffffea0000004500 ffff880010e03b58
[ 8.087488] Call Trace:
[ 8.087984] [<ffffffff81fa8b17>] dump_stack+0x19/0x1b
[ 8.088975] [<ffffffff8123e8ce>] print_trailer+0x1ae/0x250
[ 8.090087] [<ffffffff81241a09>] free_debug_processing+0x329/0x3d0
[ 8.091356] [<ffffffff819bfad6>] ? free_pardevice+0x26/0x40
[ 8.092492] [<ffffffff81241d4c>] __slab_free+0x29c/0x4c0
[ 8.093578] [<ffffffff8112fd01>] ? mark_held_locks+0x11/0x90
[ 8.094704] [<ffffffff8112fd59>] ? mark_held_locks+0x69/0x90
[ 8.095846] [<ffffffff8124628f>] ? kfree+0x3df/0x580
[ 8.096817] [<ffffffff812463a6>] kfree+0x4f6/0x580
[ 8.097778] [<ffffffff819bfad6>] ? free_pardevice+0x26/0x40
[ 8.098915] [<ffffffff819bfad6>] free_pardevice+0x26/0x40
[ 8.100090] [<ffffffff819c714f>] device_release+0x7f/0x100
[ 8.101213] [<ffffffff832d0c1c>] ? staging_init+0x8/0x8
[ 8.102283] [<ffffffff813f5c1d>] kobject_release+0x9d/0x110
[ 8.103411] [<ffffffff832d0c1c>] ? staging_init+0x8/0x8
[ 8.104464] [<ffffffff813f5aa2>] kobject_put+0xc2/0xd0
[ 8.105465] [<ffffffff819c81d0>] put_device+0x30/0x40
[ 8.106454] [<ffffffff819c9295>] device_unregister+0x35/0x40
[ 8.107549] [<ffffffff832d0c1c>] ? staging_init+0x8/0x8
[ 8.108561] [<ffffffff819c18f4>] parport_unregister_device+0x234/0x2d0
[ 8.109862] [<ffffffff819bf990>] ? driver_detach+0x40/0x40
[ 8.110942] [<ffffffff81c79a5d>] panel_attach+0x27d/0xf00
[ 8.111929] [<ffffffff819bf990>] ? driver_detach+0x40/0x40
[ 8.112942] [<ffffffff832d0c1c>] ? staging_init+0x8/0x8
[ 8.113906] [<ffffffff819bf9c5>] port_check+0x35/0x40
[ 8.114834] [<ffffffff819cb60f>] bus_for_each_dev+0x7f/0xc0
[ 8.116060] [<ffffffff819bfd6d>] __parport_register_driver+0x13d/0x140
[ 8.117309] [<ffffffff832d0ed3>] panel_init_module+0x2b7/0x33c
[ 8.118434] [<ffffffff83269451>] do_one_initcall+0x14b/0x254
[ 8.119523] [<ffffffff8110dd66>] ? parse_args+0x3a6/0x520
[ 8.120559] [<ffffffff83269763>] kernel_init_freeable+0x209/0x2ce
[ 8.121722] [<ffffffff81f9ec20>] ? rest_init+0x160/0x160
[ 8.122743] [<ffffffff81f9ec2e>] kernel_init+0xe/0x160
[ 8.123735] [<ffffffff81fc060f>] ret_from_fork+0x3f/0x70
[ 8.124753] [<ffffffff81f9ec20>] ? rest_init+0x160/0x160
[ 8.125805] FIX kmalloc-16: Object at 0xffff880000115178 not freed
[ 8.127013] panel: driver version 0.9.5 not yet registered
[ 8.134972] ashmem: initialized
git bisect start 3505500da066c2d61724b028f64bc96fa2f709fa 52721d9d3334c1cb1f76219a161084094ec634dc --
git bisect bad 1d4d38f2cc8de2fafdb947940acdc4534fd1ee38 # 23:52 0- 22 Merge 'kees/gcc-bug' into devel-spot-201507260856
git bisect good 65be6aecfa246aedd6ce2ec15eacc0d5c011c185 # 23:57 22+ 0 Merge 'tip/x86/platform' into devel-spot-201507260856
git bisect bad c326255c9385dd42e8b6a97bf4f2d3ec5009de33 # 00:03 0- 16 Merge 'phy/next' into devel-spot-201507260856
git bisect good d2ef6ed177d19d000cccc7a4eaf4c1ab5b883e15 # 00:09 20+ 0 Merge 'kvm/master' into devel-spot-201507260856
git bisect bad ba1c097b2e9302730d5bef75bd029e32cefe48ef # 00:13 0- 2 Merge 'mvebu/mvebu/soc' into devel-spot-201507260856
git bisect good 4b8c61b6674b3afabd119e0ac6a4ddb6a627eb14 # 00:18 22+ 0 Merge 'ext3/for_next' into devel-spot-201507260856
git bisect bad deae28e6e03aeed1293cd56f376ba54cbd3695aa # 00:23 0- 10 Merge 'char-misc/char-misc-linus' into devel-spot-201507260856
git bisect bad 23c405912b881e3ca516554efde852c2ad550b31 # 00:27 0- 15 parport: fix memory leak
git bisect good cabea695875e3a07313c205a9753c7416126dfa2 # 00:34 22+ 0 parport: fix error handling
# first bad commit: [23c405912b881e3ca516554efde852c2ad550b31] parport: fix memory leak
git bisect good cabea695875e3a07313c205a9753c7416126dfa2 # 00:36 63+ 0 parport: fix error handling
# extra tests with DEBUG_INFO
git bisect bad 23c405912b881e3ca516554efde852c2ad550b31 # 00:40 0- 6 parport: fix memory leak
# extra tests on HEAD of linux-devel/devel-spot-201507260856
git bisect bad 3505500da066c2d61724b028f64bc96fa2f709fa # 00:40 0- 17 0day head guard for 'devel-spot-201507260856'
# extra tests on tree/branch linus/master
git bisect good 26ae19a3883c9d595e9100fd10b856a7cf1a949a # 00:46 65+ 0 Merge tag 'usb-4.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
# extra tests on tree/branch linus/master
git bisect good 26ae19a3883c9d595e9100fd10b856a7cf1a949a # 00:46 66+ 0 Merge tag 'usb-4.2-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
# extra tests on tree/branch linux-next/master
git bisect bad e8e9cc31b0769f2152a6825560e4005b84b2c768 # 00:50 0- 3 Add linux-next specific files for 20150724
This script may reproduce the error.
----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
initrd=quantal-core-x86_64.cgz
wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd
kvm=(
qemu-system-x86_64
-enable-kvm
-cpu kvm64
-kernel $kernel
-initrd $initrd
-m 300
-smp 2
-device e1000,netdev=net0
-netdev user,id=net0
-boot order=nc
-no-reboot
-watchdog i6300esb
-rtc base=localtime
-serial stdio
-display none
-monitor null
)
append=(
hung_task_panic=1
earlyprintk=ttyS0,115200
systemd.log_level=err
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
panic=-1
softlockup_panic=1
nmi_watchdog=panic
oops=panic
load_ramdisk=2
prompt_ramdisk=0
console=ttyS0,115200
console=tty0
vga=normal
root=/dev/ram0
rw
drbd.minor_count=8
)
"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
View attachment "dmesg-quantal-ivb41-13:20150727002641:x86_64-randconfig-b0-07262114:4.2.0-rc3-00002-g23c4059:1" of type "text/plain" (48376 bytes)
View attachment "config-4.2.0-rc3-00002-g23c4059" of type "text/plain" (84152 bytes)
Powered by blists - more mailing lists