| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180104054711.GA23834@yexl-desktop>
Date: Thu, 4 Jan 2018 13:47:11 +0800
From: kernel test robot <xiaolong.ye@...el.com>
To: Andrey Ryabinin <aryabinin@...tuozzo.com>
Cc: Ingo Molnar <mingo@...nel.org>,
Pavel Tatashin <pasha.tatashin@...cle.com>,
Andy Lutomirski <luto@...nel.org>,
Steven Sistare <steven.sistare@...cle.com>,
Daniel Jordan <daniel.m.jordan@...cle.com>,
Bob Picco <bob.picco@...cle.com>,
Michal Hocko <mhocko@...e.com>,
Alexander Potapenko <glider@...gle.com>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Catalin Marinas <catalin.marinas@....com>,
Christian Borntraeger <borntraeger@...ibm.com>,
"David S. Miller" <davem@...emloft.net>,
Dmitry Vyukov <dvyukov@...gle.com>,
Heiko Carstens <heiko.carstens@...ibm.com>,
"H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...hat.com>,
Mark Rutland <mark.rutland@....com>,
Matthew Wilcox <willy@...radead.org>,
Mel Gorman <mgorman@...hsingularity.net>,
Michal Hocko <mhocko@...nel.org>,
Sam Ravnborg <sam@...nborg.org>,
Thomas Gleixner <tglx@...utronix.de>,
Will Deacon <will.deacon@....com>,
Andrew Morton <akpm@...ux-foundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Stephen Rothwell <sfr@...b.auug.org.au>, lkp@...org
Subject: [lkp-robot] [x86/mm/kasan] 2533a63618:
BUG:KASAN:use-after-scope_in__lock_acquire
FYI, we noticed the following commit (built with gcc-7):
commit: 2533a63618fcfd5fb0c7bb7549913e173a1908af ("x86/mm/kasan: Don't use vmemmap_populate() to initialize shadow")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -m 512M
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+--------------------------------------------+------------+------------+
| | fe9e139482 | 2533a63618 |
+--------------------------------------------+------------+------------+
| boot_successes | 56 | 0 |
| boot_failures | 0 | 65 |
| BUG:KASAN:use-after-scope_in__lock_acquire | 0 | 65 |
+--------------------------------------------+------------+------------+
[ 0.003333] BUG: KASAN: use-after-scope in __lock_acquire+0x19a0/0x20d6
[ 0.003333] BUG: KASAN: use-after-scope in __lock_acquire+0x19a0/0x20d6
[ 0.003333] Write of size 64 at addr ffffffff83007510 by task swapper/0
[ 0.003333] Write of size 64 at addr ffffffff83007510 by task swapper/0
[ 0.003333]
[ 0.003333]
[ 0.003333] CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.0-00072-g2533a636 #1
[ 0.003333] CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.0-00072-g2533a636 #1
[ 0.003333] Call Trace:
[ 0.003333] Call Trace:
[ 0.003333] dump_stack+0x106/0x1ca
[ 0.003333] dump_stack+0x106/0x1ca
[ 0.003333] ? arch_local_irq_restore+0xd/0xd
[ 0.003333] ? arch_local_irq_restore+0xd/0xd
[ 0.003333] ? printk+0x8f/0xab
[ 0.003333] ? printk+0x8f/0xab
[ 0.003333] ? cpumask_weight+0x49/0x49
[ 0.003333] ? cpumask_weight+0x49/0x49
[ 0.003333] ? __lock_acquire+0x19a0/0x20d6
[ 0.003333] ? __lock_acquire+0x19a0/0x20d6
[ 0.003333] print_address_description+0x86/0x226
[ 0.003333] print_address_description+0x86/0x226
[ 0.003333] ? __lock_acquire+0x19a0/0x20d6
[ 0.003333] ? __lock_acquire+0x19a0/0x20d6
[ 0.003333] kasan_report+0x21e/0x247
[ 0.003333] kasan_report+0x21e/0x247
[ 0.003333] __asan_report_store_n_noabort+0x12/0x14
[ 0.003333] __asan_report_store_n_noabort+0x12/0x14
[ 0.003333] __lock_acquire+0x19a0/0x20d6
[ 0.003333] __lock_acquire+0x19a0/0x20d6
[ 0.003333] ? debug_show_all_locks+0x37c/0x37c
[ 0.003333] ? debug_show_all_locks+0x37c/0x37c
[ 0.003333] ? debug_show_all_locks+0x37c/0x37c
[ 0.003333] ? debug_show_all_locks+0x37c/0x37c
[ 0.003333] ? put_dec+0x6c/0x73
[ 0.003333] ? put_dec+0x6c/0x73
[ 0.003333] ? do_raw_spin_trylock+0x15b/0x15b
[ 0.003333] ? do_raw_spin_trylock+0x15b/0x15b
[ 0.003333] ? down_trylock+0x49/0x60
[ 0.003333] ? down_trylock+0x49/0x60
[ 0.003333] lock_acquire+0xd6/0x12f
[ 0.003333] lock_acquire+0xd6/0x12f
[ 0.003333] ? lock_acquire+0xd6/0x12f
[ 0.003333] ? lock_acquire+0xd6/0x12f
[ 0.003333] ? console_unlock+0x232/0x608
[ 0.003333] ? console_unlock+0x232/0x608
[ 0.003333] _raw_spin_lock+0x2d/0x3c
[ 0.003333] _raw_spin_lock+0x2d/0x3c
[ 0.003333] ? console_unlock+0x232/0x608
[ 0.003333] ? console_unlock+0x232/0x608
[ 0.003333] console_unlock+0x232/0x608
[ 0.003333] console_unlock+0x232/0x608
[ 0.003333] ? vprintk_emit+0x2b5/0x2cf
[ 0.003333] ? vprintk_emit+0x2b5/0x2cf
[ 0.003333] vprintk_emit+0x2be/0x2cf
[ 0.003333] vprintk_emit+0x2be/0x2cf
[ 0.003333] vprintk_default+0x18/0x1a
[ 0.003333] vprintk_default+0x18/0x1a
[ 0.003333] vprintk_func+0xb5/0xbe
[ 0.003333] vprintk_func+0xb5/0xbe
[ 0.003333] printk+0x8f/0xab
[ 0.003333] printk+0x8f/0xab
[ 0.003333] ? cpumask_weight+0x49/0x49
[ 0.003333] ? cpumask_weight+0x49/0x49
[ 0.003333] ? arch_local_save_flags+0xb/0xd
[ 0.003333] ? arch_local_save_flags+0xb/0xd
[ 0.003333] ? trace_hardirqs_off_caller+0xd1/0x217
[ 0.003333] ? trace_hardirqs_off_caller+0xd1/0x217
[ 0.003333] mp_register_ioapic+0xad9/0xb7f
[ 0.003333] mp_register_ioapic+0xad9/0xb7f
[ 0.003333] ? mp_map_gsi_to_irq+0x68/0x68
[ 0.003333] ? mp_map_gsi_to_irq+0x68/0x68
[ 0.003333] ? acpi_os_map_memory+0x9/0xb
[ 0.003333] ? acpi_os_map_memory+0x9/0xb
[ 0.003333] ? acpi_tb_acquire_table+0xb6/0x1de
[ 0.003333] ? acpi_tb_acquire_table+0xb6/0x1de
[ 0.003333] acpi_parse_ioapic+0x2ee/0x31a
[ 0.003333] acpi_parse_ioapic+0x2ee/0x31a
[ 0.003333] ? acpi_tb_validate_table+0x4a/0x82
[ 0.003333] ? acpi_tb_validate_table+0x4a/0x82
[ 0.003333] ? acpi_parse_nmi_src+0x5f/0x5f
[ 0.003333] ? acpi_parse_nmi_src+0x5f/0x5f
[ 0.003333] ? acpi_ut_release_mutex+0xb5/0xbf
[ 0.003333] ? acpi_ut_release_mutex+0xb5/0xbf
[ 0.003333] ? acpi_get_table+0x164/0x17c
[ 0.003333] ? acpi_get_table+0x164/0x17c
[ 0.003333] acpi_table_parse_entries_array+0x383/0x499
[ 0.003333] acpi_table_parse_entries_array+0x383/0x499
[ 0.003333] ? acpi_parse_apic_instance+0x3c/0x3c
[ 0.003333] ? acpi_parse_apic_instance+0x3c/0x3c
[ 0.003333] ? acpi_ut_release_mutex+0xb5/0xbf
[ 0.003333] ? acpi_ut_release_mutex+0xb5/0xbf
[ 0.003333] ? acpi_put_table+0xcc/0xd8
[ 0.003333] ? acpi_put_table+0xcc/0xd8
[ 0.003333] ? acpi_parse_nmi_src+0x5f/0x5f
[ 0.003333] ? acpi_parse_nmi_src+0x5f/0x5f
[ 0.003333] acpi_table_parse_entries+0x14f/0x17b
[ 0.003333] acpi_table_parse_entries+0x14f/0x17b
[ 0.003333] ? acpi_table_parse_entries_array+0x499/0x499
[ 0.003333] ? acpi_table_parse_entries_array+0x499/0x499
[ 0.003333] ? acpi_parse_nmi_src+0x5f/0x5f
[ 0.003333] ? acpi_parse_nmi_src+0x5f/0x5f
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Xiaolong
View attachment "config-4.14.0-00072-g2533a636" of type "text/plain" (91840 bytes)
View attachment "job-script" of type "text/plain" (3890 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (7828 bytes)
Powered by blists - more mailing lists