lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Mar 2017 09:45:47 +0100 From: Dmitry Vyukov <dvyukov@...gle.com> To: Fengguang Wu <fengguang.wu@...el.com> Cc: Ingo Molnar <mingo@...nel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, LKML <linux-kernel@...r.kernel.org>, kasan-dev <kasan-dev@...glegroups.com>, LKP <lkp@...org> Subject: Re: [sched] 1827adb11a BUG kmalloc-128 (Not tainted): Poison overwritten On Thu, Mar 9, 2017 at 4:01 AM, Fengguang Wu <fengguang.wu@...el.com> wrote: > Hi Ingo, > > FYI this also shows up in next-20170308 and tip/master 7f27de49 > ("Merge branch 'WIP.sched/core'"). The attached reproduce-* script may > help, however note that this bug may not show up in every boot. This is not KASAN-detected bug, this is slub debug or something. The crash looks like the issue that I fixed here few days ago: https://groups.google.com/d/msg/syzkaller/dpZ6ou1WOiI/7zfgSe1QEAAJ > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master > > commit 1827adb11ad26b2290dc9fe2aaf54976b2439865 > Merge: 7876991 5eca1c1 > Author: Linus Torvalds <torvalds@...ux-foundation.org> > AuthorDate: Fri Mar 3 10:16:38 2017 -0800 > Commit: Linus Torvalds <torvalds@...ux-foundation.org> > CommitDate: Fri Mar 3 10:16:38 2017 -0800 > > Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip > > Pull sched.h split-up from Ingo Molnar: > "The point of these changes is to significantly reduce the > <linux/sched.h> header footprint, to speed up the kernel build and to > have a cleaner header structure. > > After these changes the new <linux/sched.h>'s typical preprocessed > size goes down from a previous ~0.68 MB (~22K lines) to ~0.45 MB (~15K > lines), which is around 40% faster to build on typical configs. > > Not much changed from the last version (-v2) posted three weeks ago: I > eliminated quirks, backmerged fixes plus I rebased it to an upstream > SHA1 from yesterday that includes most changes queued up in -next plus > all sched.h changes that were pending from Andrew. > > I've re-tested the series both on x86 and on cross-arch defconfigs, > and did a bisectability test at a number of random points. > > I tried to test as many build configurations as possible, but some > build breakage is probably still left - but it should be mostly > limited to architectures that have no cross-compiler binaries > available on kernel.org, and non-default configurations" > > * 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (146 commits) > sched/headers: Clean up <linux/sched.h> > sched/headers: Remove #ifdefs from <linux/sched.h> > sched/headers: Remove the <linux/topology.h> include from <linux/sched.h> > sched/headers, hrtimer: Remove the <linux/wait.h> include from <linux/hrtimer.h> > sched/headers, x86/apic: Remove the <linux/pm.h> header inclusion from <asm/apic.h> > sched/headers, timers: Remove the <linux/sysctl.h> include from <linux/timer.h> > sched/headers: Remove <linux/magic.h> from <linux/sched/task_stack.h> > sched/headers: Remove <linux/sched.h> from <linux/sched/init.h> > sched/core: Remove unused prefetch_stack() > sched/headers: Remove <linux/rculist.h> from <linux/sched.h> > sched/headers: Remove the 'init_pid_ns' prototype from <linux/sched.h> > sched/headers: Remove <linux/signal.h> from <linux/sched.h> > sched/headers: Remove <linux/rwsem.h> from <linux/sched.h> > sched/headers: Remove the runqueue_is_locked() prototype > sched/headers: Remove <linux/sched.h> from <linux/sched/hotplug.h> > sched/headers: Remove <linux/sched.h> from <linux/sched/debug.h> > sched/headers: Remove <linux/sched.h> from <linux/sched/nohz.h> > sched/headers: Remove <linux/sched.h> from <linux/sched/stat.h> > sched/headers: Remove the <linux/gfp.h> include from <linux/sched.h> > sched/headers: Remove <linux/rtmutex.h> from <linux/sched.h> > ... > > 78769912f6 Merge tag 'linux-kselftest-4.11-rc1-urgent_fix' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest > 5eca1c10cb sched/headers: Clean up <linux/sched.h> > 1827adb11a Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip > +-----------------------------------------------+------------+------------+------------+ > | | 78769912f6 | 5eca1c10cb | 1827adb11a | > +-----------------------------------------------+------------+------------+------------+ > | boot_successes | 69 | 32 | 166 | > | boot_failures | 0 | 0 | 2 | > | BUG_kmalloc-#(Not_tainted):Poison_overwritten | 0 | 0 | 2 | > | INFO:#-#.First_byte#instead_of | 0 | 0 | 2 | > | INFO:Allocated_in_ida_pre_get_age=#cpu=#pid= | 0 | 0 | 2 | > | INFO:Freed_in_ida_pre_get_age=#cpu=#pid= | 0 | 0 | 2 | > | INFO:Slab#objects=#used=#fp=0x(null)flags= | 0 | 0 | 2 | > | INFO:Object#@...set=#fp= | 0 | 0 | 2 | > +-----------------------------------------------+------------+------------+------------+ > > [ 2.792346] .................................... done. > [ 2.793824] Using IPI No-Shortcut mode > [ 2.806241] Key type trusted registered > [ 2.807779] ima: No TPM chip found, activating TPM-bypass! (rc=-19) > [ 2.810445] ============================================================================= > [ 2.813344] BUG kmalloc-128 (Not tainted): Poison overwritten > [ 2.813344] ----------------------------------------------------------------------------- > [ 2.813344] > [ 2.813344] Disabling lock debugging due to kernel taint > [ 2.813344] INFO: 0xd6ede140-0xd6ede1be. First byte 0xff instead of 0x6b > [ 2.813344] INFO: Allocated in ida_pre_get+0x3f/0x6a age=71 cpu=0 pid=19 > [ 2.813344] ___slab_alloc+0x4c6/0x4d8 > [ 2.813344] __slab_alloc+0x40/0x6a > [ 2.813344] kmem_cache_alloc_trace+0x8b/0x150 > [ 2.813344] ida_pre_get+0x3f/0x6a > [ 2.813344] ida_simple_get+0x8f/0x108 > > # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD > git bisect start f7f74b7bdd6cbca19825b59e7b5a126dd38d1bbd c470abd4fde40ea6a0846a2beab642a578c0b8cd -- > git bisect bad 507eda8a922cef9ce495cdaa575f426363846153 # 03:51 B 0 5 16 0 Merge 'davejiang/davejiang/ioatdma' into devel-spot-201703041051 > git bisect bad 6f37d50d389dd0905c0249dafeb9a2c4d6f187bd # 04:06 B 0 3 14 0 Merge 'block/for-linus' into devel-spot-201703041051 > git bisect good e3970327faad76348bb43b15501d2469e9599bcf # 04:19 G 10 0 0 0 Merge 'rcar/drm/du/vsp-race-v2.1' into devel-spot-201703041051 > git bisect good c98d6d458fed6cb67187f95c33ba1c9a0599f60d # 04:31 G 11 0 0 0 Merge 'linux-review/Tuomo-Rinne/staging-speakup-Fixed-coding-style-errors-and-aligned-indents/20170304-061810' into devel-spot-201703041051 > git bisect good 96e410f081d62b36da02fe71417f8266b05f6e34 # 04:42 G 11 0 0 0 Merge 'arm-integrator/apq8060-dragonboard-wm8903' into devel-spot-201703041051 > git bisect good b4226ea1775995a06d8ee2d05e4b1294b8d2c9f9 # 04:56 G 11 0 0 0 Merge 'arm-integrator/apq8060-dragonboard-sdc5' into devel-spot-201703041051 > git bisect good 3f80dd67c367878aaad16e458eebc3c8980bb841 # 04:56 G 11 0 0 0 Merge tag 'acpi-extra-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm > git bisect good 5a2d6880f461faa416c0d329d46a128cf342c1eb # 04:56 G 11 0 0 0 sched/headers: Remove <linux/sched.h> from <linux/sched/loadavg.h> > git bisect good 78769912f680fc0a79a67e798a0ae76f07e63a7b # 04:56 G 11 0 0 0 Merge tag 'linux-kselftest-4.11-rc1-urgent_fix' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest > git bisect bad 1827adb11ad26b2290dc9fe2aaf54976b2439865 # 04:56 B 11 2 0 0 Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip > git bisect good 4f079e98a0db5f067c0981a526ff8938e21c52e2 # 05:13 G 11 0 0 0 sched/headers: Remove <linux/sched.h> from <linux/sched/debug.h> > git bisect good 5c0d0f36414f9f8a292b42e797f9284b127d79c2 # 05:26 G 11 0 0 0 sched/headers: Remove <linux/sched.h> from <linux/sched/init.h> > git bisect good 283cb90305cf1686594ed537c7a8cb188eba1a4d # 05:38 G 11 0 0 0 sched/headers, hrtimer: Remove the <linux/wait.h> include from <linux/hrtimer.h> > git bisect good 7f5f8e8d97d77edf33f2836259d1f19c6f4d94f5 # 05:48 G 11 0 0 0 sched/headers: Remove #ifdefs from <linux/sched.h> > git bisect good 5eca1c10cbaa9c366c18ca79f81f21c731e3dcc7 # 05:59 G 11 0 0 0 sched/headers: Clean up <linux/sched.h> > # first bad commit: [1827adb11ad26b2290dc9fe2aaf54976b2439865] Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip > git bisect good 78769912f680fc0a79a67e798a0ae76f07e63a7b # 06:02 G 31 0 0 0 Merge tag 'linux-kselftest-4.11-rc1-urgent_fix' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest > git bisect good 5eca1c10cbaa9c366c18ca79f81f21c731e3dcc7 # 06:06 G 30 0 0 0 sched/headers: Clean up <linux/sched.h> > # extra tests on HEAD of linux-devel/devel-spot-201703041051 > git bisect bad f7f74b7bdd6cbca19825b59e7b5a126dd38d1bbd # 06:06 B 0 39 53 0 0day head guard for 'devel-spot-201703041051' > # extra tests on tree/branch linus/master > git bisect bad c1ae3cfa0e89fa1a7ecc4c99031f5e9ae99d9201 # 06:16 B 0 11 22 0 Linux 4.11-rc1 > # extra tests on tree/branch linux-next/master > git bisect good c0b7b2b33bd17f7155956d0338ce92615da686c9 # 06:16 G 11 0 0 0 Add linux-next specific files for 20170303 > > --- > 0-DAY kernel test infrastructure Open Source Technology Center > https://lists.01.org/pipermail/lkp Intel Corporation > > -- > You received this message because you are subscribed to the Google Groups "kasan-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an email to kasan-dev+unsubscribe@...glegroups.com. > To post to this group, send email to kasan-dev@...glegroups.com. > To view this discussion on the web visit https://groups.google.com/d/msgid/kasan-dev/20170309030157.vzkijmdia77xwafv%40wfg-t540p.sh.intel.com. > For more options, visit https://groups.google.com/d/optout.
Powered by blists - more mailing lists