| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170305022401.txa4joadlrlcqutf@wfg-t540p.sh.intel.com>
Date: Sun, 5 Mar 2017 10:24:01 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Jan Kara <jack@...e.cz>
Cc: Jens Axboe <axboe@...nel.dk>, linux-block@...r.kernel.org,
linux-kernel@...r.kernel.org, LKP <lkp@...org>
Subject: [bdi_unregister] 165a5e22fa BUG kmalloc-512 (Not tainted): Poison
overwritten
Hi Jan,
Here is another bisect result.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 165a5e22fafb127ecb5914e12e8c32a1f0d3f820
Author: Jan Kara <jack@...e.cz>
AuthorDate: Wed Feb 8 08:05:56 2017 +0100
Commit: Jens Axboe <axboe@...com>
CommitDate: Thu Mar 2 16:08:35 2017 -0700
block: Move bdi_unregister() to del_gendisk()
Commit 6cd18e711dd8 "block: destroy bdi before blockdev is
unregistered." moved bdi unregistration (at that time through
bdi_destroy()) from blk_release_queue() to blk_cleanup_queue() because
it needs to happen before blk_unregister_region() call in del_gendisk()
for MD. SCSI though will free up the device number from sd_remove()
called through a maze of callbacks from device_del() in
__scsi_remove_device() before blk_cleanup_queue() and thus similar races
as described in 6cd18e711dd8 can happen for SCSI as well as reported by
Omar [1].
Moving bdi_unregister() to del_gendisk() works for MD and fixes the
problem for SCSI since del_gendisk() gets called from sd_remove() before
freeing the device number.
This also makes device_add_disk() (calling bdi_register_owner()) more
symmetric with del_gendisk().
[1] http://marc.info/?l=linux-block&m=148554717109098&w=2
Tested-by: Lekshmi Pillai <lekshmicpillai@...ibm.com>
Acked-by: Tejun Heo <tj@...nel.org>
Signed-off-by: Jan Kara <jack@...e.cz>
Tested-by: Omar Sandoval <osandov@...com>
Signed-off-by: Jens Axboe <axboe@...com>
113285b473 blk-mq: ensure that bd->last is always set correctly
165a5e22fa block: Move bdi_unregister() to del_gendisk()
+-------------------------------------------------+------------+------------+
| | 113285b473 | 165a5e22fa |
+-------------------------------------------------+------------+------------+
| boot_successes | 434 | 20 |
| boot_failures | 0 | 116 |
| BUG_kmalloc-#(Not_tainted):Poison_overwritten | 0 | 116 |
| INFO:#-#.First_byte#instead_of | 0 | 116 |
| INFO:Allocated_in_bdi_alloc_node_age=#cpu=#pid= | 0 | 89 |
| INFO:Freed_in_release_bdi_age=#cpu=#pid= | 0 | 89 |
| INFO:Slab#objects=#used=#fp=0x(null)flags= | 0 | 116 |
| INFO:Object#@...set=#fp= | 0 | 116 |
| INFO:Allocated_in_load_elf_phdrs_age=#cpu=#pid= | 0 | 27 |
| INFO:Freed_in_load_elf_binary_age=#cpu=#pid= | 0 | 27 |
+-------------------------------------------------+------------+------------+
[ 2.573289] Write protecting the kernel read-only data: 2676k
[ 2.574616] NX-protecting the kernel data: 5812k
[ 2.576021] rodata_test: all tests were successful
[ 2.583146] random: init: uninitialized urandom read (12 bytes read)
[ 2.596347] =============================================================================
[ 2.596676] BUG kmalloc-512 (Not tainted): Poison overwritten
[ 2.596676] -----------------------------------------------------------------------------
[ 2.596676]
[ 2.596676] Disabling lock debugging due to kernel taint
[ 2.596676] INFO: 0xd6840cac-0xd6840caf. First byte 0x0 instead of 0x6b
[ 2.596676] INFO: Allocated in load_elf_phdrs+0x3e/0x73 age=3 cpu=1 pid=132
[ 2.596676] ___slab_alloc+0x4c6/0x4d8
[ 2.596676] __slab_alloc+0x40/0x6a
[ 2.596676] __kmalloc+0x103/0x1cd
[ 2.596676] load_elf_phdrs+0x3e/0x73
[ 2.596676] load_elf_binary+0xa3/0x9f7
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start a8abdd4d4ab9bb6c1d94c1f528e91e2abe823912 c470abd4fde40ea6a0846a2beab642a578c0b8cd --
git bisect bad f875f31a067fbad4a9f8cc8addcb83ee2890829a # 07:14 B 13 1 13 65 Merge 'linux-review/Georgios-Emmanouil/Staging-wilc1000-linux_wlan-Modified-the-if-else-statement/20170304-041306' into devel-spot-201703041408
git bisect bad 6740c9bb3604e0be1db08f0e81d02843cd057775 # 07:24 B 38 3 37 100 Merge 'linux-review/Arnd-Bergmann/scsi-qedi-fix-build-error-without-DEBUG_FS/20170304-083336' into devel-spot-201703041408
git bisect bad 040c12521a4ab55b0cf5f12494d4d1974f492dbf # 07:38 B 50 1 50 89 Merge 'cifs/for-next' into devel-spot-201703041408
git bisect good feeeb3990cc4b5372c326a235deeb0921938854b # 07:54 G 128 0 1 1 Merge 'linux-review/Alban/mtd-Add-support-for-reading-MTD-devices-via-the-nvmem-API/20170304-124946' into devel-spot-201703041408
git bisect good 8fe21608956d7be06f0d97d352313f7bfd157ac7 # 08:10 G 119 0 0 0 Merge 'linux-review/Wenyou-Yang/can-m_can-support-transmit-frame-in-CAN-FD-format/20170304-123621' into devel-spot-201703041408
git bisect good 16e7a33d62c254187926a64d2c03351ca516677d # 08:24 G 128 0 0 0 Merge 'linux-review/Jeffy-Chen/pinctrl-rockchip-add-irq_enable-irq_disable-ops/20170304-115926' into devel-spot-201703041408
git bisect good c82be9d2244aacea9851c86f4fb74694c99cd874 # 08:30 G 121 0 0 0 Merge tag 'pm-turbostat-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
git bisect good ac4e620967bb72f86371154935aa8b67cf54e225 # 08:48 G 122 0 0 0 sched/headers: Remove #include <linux/capability.h> from <linux/sched.h>
git bisect bad 4e66c42c60fdf9be81837857454a41b39bf1b773 # 08:48 B 0 1 49 25 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
git bisect good 1827adb11ad26b2290dc9fe2aaf54976b2439865 # 08:57 G 128 0 2 2 Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 113285b473824922498d07d7f82459507b9792eb # 09:05 G 127 0 1 1 blk-mq: ensure that bd->last is always set correctly
git bisect good 51f8f3c4e22535933ef9aecc00e9a6069e051b57 # 09:11 G 119 0 0 0 ovl: drop CAP_SYS_RESOURCE from saved mounter's credentials
git bisect bad 590dce2d4934fb909b112cd80c80486362337744 # 09:12 B 12 2 12 19 Merge branch 'rebased-statx' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
git bisect bad e0d072250a54669dce876d8ade70e417356aae74 # 09:13 B 3 1 3 9 Merge branch 'for-linus' of git://git.kernel.dk/linux-block
git bisect bad 165a5e22fafb127ecb5914e12e8c32a1f0d3f820 # 09:14 B 7 3 7 15 block: Move bdi_unregister() to del_gendisk()
# first bad commit: [165a5e22fafb127ecb5914e12e8c32a1f0d3f820] block: Move bdi_unregister() to del_gendisk()
git bisect good 113285b473824922498d07d7f82459507b9792eb # 09:27 G 364 0 0 1 blk-mq: ensure that bd->last is always set correctly
# extra tests on HEAD of linux-devel/devel-spot-201703041408
git bisect bad a8abdd4d4ab9bb6c1d94c1f528e91e2abe823912 # 09:28 B 1 2 0 10 0day head guard for 'devel-spot-201703041408'
# extra tests on tree/branch linus/master
git bisect bad 2d62e0768d3c28536d4cfe4c40ba1e5e8e442a93 # 09:28 B 1 1 1 20 Merge tag 'kvm-4.11-2' of git://git.kernel.org/pub/scm/virt/kvm/kvm
# extra tests with first bad commit reverted
git bisect good 0895b8dbd26fccb96a39a50cb9796da6f819feb7 # 09:44 G 127 0 0 0 Revert "block: Move bdi_unregister() to del_gendisk()"
# extra tests on tree/branch linux-next/master
git bisect good c0b7b2b33bd17f7155956d0338ce92615da686c9 # 09:50 G 121 0 0 0 Add linux-next specific files for 20170303
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-quantal-ivb41-14:20170305091836:i386-randconfig-i0-201709:4.10.0-11089-g165a5e2:346.gz" of type "application/gzip" (13345 bytes)
View attachment "reproduce-quantal-ivb41-14:20170305091836:i386-randconfig-i0-201709:4.10.0-11089-g165a5e2:346" of type "text/plain" (886 bytes)
View attachment "config-4.10.0-11089-g165a5e2" of type "text/plain" (98520 bytes)
Powered by blists - more mailing lists