lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20181022003833.GB24195@shao2-debian>
Date:   Mon, 22 Oct 2018 08:38:33 +0800
From:   kernel test robot <rong.a.chen@...el.com>
To:     David Howells <dhowells@...hat.com>
Cc:     linux-afs@...ts.infradead.org, linux-kernel@...r.kernel.org,
        LKP <lkp@...org>
Subject: [LKP] 5b86d4ff5d [ 52.328552] BUG: KASAN: use-after-free in
 rxrpc_rcu_destroy_call

Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

commit 5b86d4ff5dce3271dff54119e06174dc22422903
Author:     David Howells <dhowells@...hat.com>
AuthorDate: Fri May 18 11:46:15 2018 +0100
Commit:     David Howells <dhowells@...hat.com>
CommitDate: Wed May 23 12:01:15 2018 +0100

    afs: Implement network namespacing
    
    Implement network namespacing within AFS, but don't yet let mounts occur
    outside the init namespace.  An additional patch will be required propagate
    the network namespace across automounts.
    
    Signed-off-by: David Howells <dhowells@...hat.com>

1588def91d  afs: Mark afs_net::ws_cell as __rcu and set using rcu functions
5b86d4ff5d  afs: Implement network namespacing
91b15613ce  Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
8c60c36d0b  Add linux-next specific files for 20181019
+------------------------------------------+------------+------------+------------+---------------+
|                                          | 1588def91d | 5b86d4ff5d | 91b15613ce | next-20181019 |
+------------------------------------------+------------+------------+------------+---------------+
| boot_successes                           | 36         | 1          | 2          | 0             |
| boot_failures                            | 0          | 11         | 12         | 3             |
| BUG:KASAN:use-after-free_in_r            | 0          | 10         | 9          | 3             |
| RIP:native_safe_halt                     | 0          | 8          | 7          |               |
| RIP:alloc_set_pte                        | 0          | 1          | 1          |               |
| RIP:copy_user_enhanced_fast_string       | 0          | 1          |            |               |
| general_protection_fault:#[##]           | 0          | 1          | 1          |               |
| RIP:__rb_insert_augmented                | 0          | 1          |            |               |
| Kernel_panic-not_syncing:Fatal_exception | 0          | 1          | 1          |               |
| RIP:find_next_bit                        | 0          | 1          |            |               |
| RIP:rb_next                              | 0          | 0          | 1          |               |
| RIP:ksys_read                            | 0          | 0          | 1          |               |
| RIP:_raw_spin_unlock_irqrestore          | 0          | 0          | 2          |               |
| Mem-Info                                 | 0          | 0          | 1          |               |
| RIP:default_idle                         | 0          | 0          | 0          | 3             |
+------------------------------------------+------------+------------+------------+---------------+

[child3:826] lookup_dcookie (212) returned ENOSYS, marking as inactive.
[child3:826] vm86old (113:[32BIT]) returned ENOSYS, marking as inactive.
[child3:826] nfsservctl (180) returned ENOSYS, marking as inactive.
[child3:863] userfaultfd (374:[32BIT]) returned ENOSYS, marking as inactive.
[   52.316994] ==================================================================
[   52.328552] BUG: KASAN: use-after-free in rxrpc_rcu_destroy_call+0xca/0x110
[   52.340568] Write of size 4 at addr ffff88001798c028 by task swapper/0/0
[   52.351683] 
[   52.355951] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G                T 4.17.0-rc5-00051-g5b86d4f #2
[   52.377010] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[   52.383690] Call Trace:
[   52.387014]  <IRQ>
[   52.392006]  dump_stack+0x7b/0xb5
[   52.397618]  print_address_description+0xab/0x360
[   52.403979]  kasan_report+0x259/0x380
[   52.410673]  ? rxrpc_rcu_destroy_call+0xca/0x110
[   52.425250]  check_memory_region+0x13b/0x1a0
[   52.426531]  kasan_check_write+0x14/0x20
[   52.427713]  rxrpc_rcu_destroy_call+0xca/0x110
[   52.429014]  rcu_process_callbacks+0x65d/0x14d0
[   52.430334]  ? rcu_gp_kthread+0x1eb0/0x1eb0
[   52.431597]  ? sched_clock+0x9/0x10
[   52.432677]  __do_softirq+0x1a9/0x49e
[   52.489578]  ? ktime_get+0x58/0xd0
[   52.567609]  irq_exit+0xee/0x110
[   52.570629]  smp_apic_timer_interrupt+0xaa/0x130
[   52.573667]  apic_timer_interrupt+0xf/0x20
[   52.576063]  </IRQ>
[   52.577864] RIP: 0010:native_safe_halt+0x6/0x10
[   52.580645] RSP: 0018:ffffffff84007c78 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[   52.585874] RAX: 0000000080000000 RBX: ffffffff840147c0 RCX: ffffffff8123c8c2
[   52.590009] RDX: 1ffffffff08028f8 RSI: 0000000000000004 RDI: ffff88001a622290
[   52.594572] RBP: ffffffff84007c78 R08: ffffed00034c4453 R09: ffffed00034c4452
[   52.598676] R10: ffff88001a622293 R11: ffffed00034c4453 R12: 0000000000000000
[   52.604864] R13: 0000000000000000 R14: ffffffff840147c0 R15: ffffffff844ee7d8
[   52.607929]  ? rcu_dynticks_eqs_enter+0x22/0x30
[   52.609627]  ? rcu_dynticks_eqs_enter+0x22/0x30
[   52.611451]  default_idle+0x9/0x10
[   52.612689]  arch_cpu_idle+0xa/0x10
[   52.614053]  default_idle_call+0x36/0x50
[   52.615604]  do_idle+0x221/0x2f0
[   52.616923]  ? arch_cpu_idle_exit+0x40/0x40
[   52.618563]  cpu_startup_entry+0xc6/0xd0
[   52.620292]  ? play_idle+0x350/0x350
[   52.621840]  rest_init+0xec/0xf0
[   52.623322]  start_kernel+0xd22/0xe8f
[   52.624896]  ? thread_stack_cache_init+0x2e/0x2e
[   52.626685]  ? early_idt_handler_common+0x3b/0x52
[   52.628500]  x86_64_start_reservations+0x55/0x76
[   52.630205]  x86_64_start_kernel+0x83/0xa6
[   52.631803]  secondary_startup_64+0xa5/0xb0
[   52.633423] 
[   52.634076] The buggy address belongs to the page:
[   52.635904] page:ffff88001f1d5300 count:0 mapcount:-127 mapping:0000000000000000 index:0x0
[   52.638854] flags: 0x402000000000()
[   52.640205] raw: 0000402000000000 0000000000000000 0000000000000000 00000000ffffff80

                                                          # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start v4.18 v4.17 --
git bisect  bad c81b995f00c7a1c2ca9ad67f5bb4a50d02f98f84  # 19:57  B      0     1   16   0  Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 2a70ea5cda00214a1d573acf19fa0cd06d947e38  # 20:28  G     12     0    0   0  Merge tag 'hsi-for-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-hsi
git bisect good e7655d2b25466c534ed1f539367dae595bb0bd20  # 20:52  G     12     0    0   0  Merge tag 'for-4.18-part2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
git bisect  bad 6d90eb7ba341b3eb035121eff0b69d370cbc251e  # 21:09  B      0     3   18   0  Merge tag 'dma-rename-4.18' of git://git.infradead.org/users/hch/dma-mapping
git bisect good 29d6849d88b61edf130aef500acad78206bda3cd  # 21:32  G     11     0    0   0  Merge branch 'work.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
git bisect  bad 3ed1d012ac3e60e0e95cda6fbd59352ec6dcbb88  # 21:52  B      0     4   19   0  Fix Documentation build due to rename of main.c to mtrr.c
git bisect  bad dbb2816fc78abb0282a803bea1119e2f31354b20  # 22:14  B      0     1   16   0  Merge tag 'fsnotify_for_v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
git bisect  bad 35773c93817c5f2df264d013978e7551056a063a  # 22:32  B      0     3   18   0  Merge branch 'afs-proc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
git bisect  bad 5b86d4ff5dce3271dff54119e06174dc22422903  # 22:47  B      0     1   16   0  afs: Implement network namespacing
git bisect good 5d9de25d934b9a6e3c9efdce782b0d23d0f1fa2a  # 23:26  G     12     0    0   0  afs: Rearrange fs/afs/proc.c to remove remaining predeclarations.
git bisect good c875c76a061df306ca82b69ba80b8da3ee758c87  # 23:49  G     11     0    0   0  afs: Fix a Sparse warning in xdr_decode_AFSFetchStatus()
git bisect good 1588def91d58bf70afe1acf9fc0331fa26e974f4  # 00:14  G     11     0    0   0  afs: Mark afs_net::ws_cell as __rcu and set using rcu functions
# first bad commit: [5b86d4ff5dce3271dff54119e06174dc22422903] afs: Implement network namespacing
git bisect good 1588def91d58bf70afe1acf9fc0331fa26e974f4  # 00:25  G     34     0    0   0  afs: Mark afs_net::ws_cell as __rcu and set using rcu functions
# extra tests with debug options
git bisect  bad 5b86d4ff5dce3271dff54119e06174dc22422903  # 00:45  B      1     2    1   1  afs: Implement network namespacing
# extra tests on HEAD of linux-devel/devel-spot-201810190850
git bisect  bad 2500a6c9a2c45cf82f0c6266097cde98375c1560  # 00:50  B      0    13   32   0  0day head guard for 'devel-spot-201810190850'
# extra tests on tree/branch linus/master
git bisect  bad 91b15613ce7fb3e724ca0d433eef8e6bf15322af  # 01:08  B      0     1   16   0  Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
# extra tests on tree/branch linux-next/master
git bisect  bad 8c60c36d0b8c92599b8f0ec391b5250bc40e8e05  # 01:33  B      0     2   17   0  Add linux-next specific files for 20181019

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/lkp                          Intel Corporation

Download attachment "dmesg-yocto-ivb41-66:20181019224618:x86_64-randconfig-s0-10190946:4.17.0-rc5-00051-g5b86d4f:2.gz" of type "application/gzip" (15756 bytes)

View attachment "reproduce-yocto-ivb41-66:20181019224618:x86_64-randconfig-s0-10190946:4.17.0-rc5-00051-g5b86d4f:2" of type "text/plain" (922 bytes)

View attachment "config-4.17.0-rc5-00051-g5b86d4f" of type "text/plain" (129904 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ