| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Oct 2018 08:38:33 +0800
From: kernel test robot <rong.a.chen@...el.com>
To: David Howells <dhowells@...hat.com>
Cc: linux-afs@...ts.infradead.org, linux-kernel@...r.kernel.org,
LKP <lkp@...org>
Subject: [LKP] 5b86d4ff5d [ 52.328552] BUG: KASAN: use-after-free in
rxrpc_rcu_destroy_call
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 5b86d4ff5dce3271dff54119e06174dc22422903
Author: David Howells <dhowells@...hat.com>
AuthorDate: Fri May 18 11:46:15 2018 +0100
Commit: David Howells <dhowells@...hat.com>
CommitDate: Wed May 23 12:01:15 2018 +0100
afs: Implement network namespacing
Implement network namespacing within AFS, but don't yet let mounts occur
outside the init namespace. An additional patch will be required propagate
the network namespace across automounts.
Signed-off-by: David Howells <dhowells@...hat.com>
1588def91d afs: Mark afs_net::ws_cell as __rcu and set using rcu functions
5b86d4ff5d afs: Implement network namespacing
91b15613ce Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
8c60c36d0b Add linux-next specific files for 20181019
+------------------------------------------+------------+------------+------------+---------------+
| | 1588def91d | 5b86d4ff5d | 91b15613ce | next-20181019 |
+------------------------------------------+------------+------------+------------+---------------+
| boot_successes | 36 | 1 | 2 | 0 |
| boot_failures | 0 | 11 | 12 | 3 |
| BUG:KASAN:use-after-free_in_r | 0 | 10 | 9 | 3 |
| RIP:native_safe_halt | 0 | 8 | 7 | |
| RIP:alloc_set_pte | 0 | 1 | 1 | |
| RIP:copy_user_enhanced_fast_string | 0 | 1 | | |
| general_protection_fault:#[##] | 0 | 1 | 1 | |
| RIP:__rb_insert_augmented | 0 | 1 | | |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 1 | 1 | |
| RIP:find_next_bit | 0 | 1 | | |
| RIP:rb_next | 0 | 0 | 1 | |
| RIP:ksys_read | 0 | 0 | 1 | |
| RIP:_raw_spin_unlock_irqrestore | 0 | 0 | 2 | |
| Mem-Info | 0 | 0 | 1 | |
| RIP:default_idle | 0 | 0 | 0 | 3 |
+------------------------------------------+------------+------------+------------+---------------+
[child3:826] lookup_dcookie (212) returned ENOSYS, marking as inactive.
[child3:826] vm86old (113:[32BIT]) returned ENOSYS, marking as inactive.
[child3:826] nfsservctl (180) returned ENOSYS, marking as inactive.
[child3:863] userfaultfd (374:[32BIT]) returned ENOSYS, marking as inactive.
[ 52.316994] ==================================================================
[ 52.328552] BUG: KASAN: use-after-free in rxrpc_rcu_destroy_call+0xca/0x110
[ 52.340568] Write of size 4 at addr ffff88001798c028 by task swapper/0/0
[ 52.351683]
[ 52.355951] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G T 4.17.0-rc5-00051-g5b86d4f #2
[ 52.377010] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 52.383690] Call Trace:
[ 52.387014] <IRQ>
[ 52.392006] dump_stack+0x7b/0xb5
[ 52.397618] print_address_description+0xab/0x360
[ 52.403979] kasan_report+0x259/0x380
[ 52.410673] ? rxrpc_rcu_destroy_call+0xca/0x110
[ 52.425250] check_memory_region+0x13b/0x1a0
[ 52.426531] kasan_check_write+0x14/0x20
[ 52.427713] rxrpc_rcu_destroy_call+0xca/0x110
[ 52.429014] rcu_process_callbacks+0x65d/0x14d0
[ 52.430334] ? rcu_gp_kthread+0x1eb0/0x1eb0
[ 52.431597] ? sched_clock+0x9/0x10
[ 52.432677] __do_softirq+0x1a9/0x49e
[ 52.489578] ? ktime_get+0x58/0xd0
[ 52.567609] irq_exit+0xee/0x110
[ 52.570629] smp_apic_timer_interrupt+0xaa/0x130
[ 52.573667] apic_timer_interrupt+0xf/0x20
[ 52.576063] </IRQ>
[ 52.577864] RIP: 0010:native_safe_halt+0x6/0x10
[ 52.580645] RSP: 0018:ffffffff84007c78 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
[ 52.585874] RAX: 0000000080000000 RBX: ffffffff840147c0 RCX: ffffffff8123c8c2
[ 52.590009] RDX: 1ffffffff08028f8 RSI: 0000000000000004 RDI: ffff88001a622290
[ 52.594572] RBP: ffffffff84007c78 R08: ffffed00034c4453 R09: ffffed00034c4452
[ 52.598676] R10: ffff88001a622293 R11: ffffed00034c4453 R12: 0000000000000000
[ 52.604864] R13: 0000000000000000 R14: ffffffff840147c0 R15: ffffffff844ee7d8
[ 52.607929] ? rcu_dynticks_eqs_enter+0x22/0x30
[ 52.609627] ? rcu_dynticks_eqs_enter+0x22/0x30
[ 52.611451] default_idle+0x9/0x10
[ 52.612689] arch_cpu_idle+0xa/0x10
[ 52.614053] default_idle_call+0x36/0x50
[ 52.615604] do_idle+0x221/0x2f0
[ 52.616923] ? arch_cpu_idle_exit+0x40/0x40
[ 52.618563] cpu_startup_entry+0xc6/0xd0
[ 52.620292] ? play_idle+0x350/0x350
[ 52.621840] rest_init+0xec/0xf0
[ 52.623322] start_kernel+0xd22/0xe8f
[ 52.624896] ? thread_stack_cache_init+0x2e/0x2e
[ 52.626685] ? early_idt_handler_common+0x3b/0x52
[ 52.628500] x86_64_start_reservations+0x55/0x76
[ 52.630205] x86_64_start_kernel+0x83/0xa6
[ 52.631803] secondary_startup_64+0xa5/0xb0
[ 52.633423]
[ 52.634076] The buggy address belongs to the page:
[ 52.635904] page:ffff88001f1d5300 count:0 mapcount:-127 mapping:0000000000000000 index:0x0
[ 52.638854] flags: 0x402000000000()
[ 52.640205] raw: 0000402000000000 0000000000000000 0000000000000000 00000000ffffff80
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start v4.18 v4.17 --
git bisect bad c81b995f00c7a1c2ca9ad67f5bb4a50d02f98f84 # 19:57 B 0 1 16 0 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 2a70ea5cda00214a1d573acf19fa0cd06d947e38 # 20:28 G 12 0 0 0 Merge tag 'hsi-for-4.18' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-hsi
git bisect good e7655d2b25466c534ed1f539367dae595bb0bd20 # 20:52 G 12 0 0 0 Merge tag 'for-4.18-part2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux
git bisect bad 6d90eb7ba341b3eb035121eff0b69d370cbc251e # 21:09 B 0 3 18 0 Merge tag 'dma-rename-4.18' of git://git.infradead.org/users/hch/dma-mapping
git bisect good 29d6849d88b61edf130aef500acad78206bda3cd # 21:32 G 11 0 0 0 Merge branch 'work.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
git bisect bad 3ed1d012ac3e60e0e95cda6fbd59352ec6dcbb88 # 21:52 B 0 4 19 0 Fix Documentation build due to rename of main.c to mtrr.c
git bisect bad dbb2816fc78abb0282a803bea1119e2f31354b20 # 22:14 B 0 1 16 0 Merge tag 'fsnotify_for_v4.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
git bisect bad 35773c93817c5f2df264d013978e7551056a063a # 22:32 B 0 3 18 0 Merge branch 'afs-proc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
git bisect bad 5b86d4ff5dce3271dff54119e06174dc22422903 # 22:47 B 0 1 16 0 afs: Implement network namespacing
git bisect good 5d9de25d934b9a6e3c9efdce782b0d23d0f1fa2a # 23:26 G 12 0 0 0 afs: Rearrange fs/afs/proc.c to remove remaining predeclarations.
git bisect good c875c76a061df306ca82b69ba80b8da3ee758c87 # 23:49 G 11 0 0 0 afs: Fix a Sparse warning in xdr_decode_AFSFetchStatus()
git bisect good 1588def91d58bf70afe1acf9fc0331fa26e974f4 # 00:14 G 11 0 0 0 afs: Mark afs_net::ws_cell as __rcu and set using rcu functions
# first bad commit: [5b86d4ff5dce3271dff54119e06174dc22422903] afs: Implement network namespacing
git bisect good 1588def91d58bf70afe1acf9fc0331fa26e974f4 # 00:25 G 34 0 0 0 afs: Mark afs_net::ws_cell as __rcu and set using rcu functions
# extra tests with debug options
git bisect bad 5b86d4ff5dce3271dff54119e06174dc22422903 # 00:45 B 1 2 1 1 afs: Implement network namespacing
# extra tests on HEAD of linux-devel/devel-spot-201810190850
git bisect bad 2500a6c9a2c45cf82f0c6266097cde98375c1560 # 00:50 B 0 13 32 0 0day head guard for 'devel-spot-201810190850'
# extra tests on tree/branch linus/master
git bisect bad 91b15613ce7fb3e724ca0d433eef8e6bf15322af # 01:08 B 0 1 16 0 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
# extra tests on tree/branch linux-next/master
git bisect bad 8c60c36d0b8c92599b8f0ec391b5250bc40e8e05 # 01:33 B 0 2 17 0 Add linux-next specific files for 20181019
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-yocto-ivb41-66:20181019224618:x86_64-randconfig-s0-10190946:4.17.0-rc5-00051-g5b86d4f:2.gz" of type "application/gzip" (15756 bytes)
View attachment "reproduce-yocto-ivb41-66:20181019224618:x86_64-randconfig-s0-10190946:4.17.0-rc5-00051-g5b86d4f:2" of type "text/plain" (922 bytes)
View attachment "config-4.17.0-rc5-00051-g5b86d4f" of type "text/plain" (129904 bytes)
Powered by blists - more mailing lists