lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 10 Apr 2019 22:55:00 +0800
From:   kernel test robot <lkp@...el.com>
To:     Peter Zijlstra <peterz@...radead.org>
Cc:     LKP <lkp@...org>, linux-kernel@...r.kernel.org, linux-mm@...ck.org,
        linux-arch@...r.kernel.org, Ingo Molnar <mingo@...nel.org>
Subject: 1808d65b55 ("asm-generic/tlb: Remove arch_tlb*_mmu()"):  BUG:
 KASAN: stack-out-of-bounds in __change_page_attr_set_clr

Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git core/mm

commit 1808d65b55e4489770dd4f76fb0dff5b81eb9b11
Author:     Peter Zijlstra <peterz@...radead.org>
AuthorDate: Thu Sep 20 10:50:11 2018 +0200
Commit:     Ingo Molnar <mingo@...nel.org>
CommitDate: Wed Apr 3 10:32:58 2019 +0200

    asm-generic/tlb: Remove arch_tlb*_mmu()
    
    Now that all architectures are converted to the generic code, remove
    the arch hooks.
    
    No change in behavior intended.
    
    Signed-off-by: Peter Zijlstra (Intel) <peterz@...radead.org>
    Acked-by: Will Deacon <will.deacon@....com>
    Cc: Andrew Morton <akpm@...ux-foundation.org>
    Cc: Andy Lutomirski <luto@...nel.org>
    Cc: Borislav Petkov <bp@...en8.de>
    Cc: Dave Hansen <dave.hansen@...ux.intel.com>
    Cc: H. Peter Anvin <hpa@...or.com>
    Cc: Linus Torvalds <torvalds@...ux-foundation.org>
    Cc: Peter Zijlstra <peterz@...radead.org>
    Cc: Rik van Riel <riel@...riel.com>
    Cc: Thomas Gleixner <tglx@...utronix.de>
    Signed-off-by: Ingo Molnar <mingo@...nel.org>

9de7d833e3  s390/tlb: Convert to generic mmu_gather
1808d65b55  asm-generic/tlb: Remove arch_tlb*_mmu()
6455959819  ia64/tlb: Eradicate tlb_migrate_finish() callback
31437a258f  Merge branch 'perf/urgent'
+------------------------------------------------------------+------------+------------+------------+------------+
|                                                            | 9de7d833e3 | 1808d65b55 | 6455959819 | 31437a258f |
+------------------------------------------------------------+------------+------------+------------+------------+
| boot_successes                                             | 0          | 0          | 0          | 0          |
| boot_failures                                              | 44         | 11         | 11         | 11         |
| BUG:KASAN:stack-out-of-bounds_in__unwind_start             | 44         |            |            |            |
| BUG:KASAN:stack-out-of-bounds_in__change_page_attr_set_clr | 0          | 11         | 11         | 11         |
+------------------------------------------------------------+------------+------------+------------+------------+

[   13.977997] rodata_test: all tests were successful
[   13.979792] x86/mm: Checking user space page tables
[   14.011779] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[   14.013022] Run /init as init process
[   14.015154] ==================================================================
[   14.016489] BUG: KASAN: stack-out-of-bounds in __change_page_attr_set_clr+0xa8/0x4df
[   14.017853] Read of size 8 at addr ffff8880191ef8b0 by task init/1
[   14.018976] 
[   14.019259] CPU: 0 PID: 1 Comm: init Not tainted 5.1.0-rc3-00029-g1808d65 #3
[   14.020509] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[   14.022028] Call Trace:
[   14.022471]  print_address_description+0x9d/0x26b
[   14.023295]  ? __change_page_attr_set_clr+0xa8/0x4df
[   14.024161]  ? __change_page_attr_set_clr+0xa8/0x4df
[   14.025031]  kasan_report+0x145/0x18a
[   14.025667]  ? __change_page_attr_set_clr+0xa8/0x4df
[   14.026542]  __change_page_attr_set_clr+0xa8/0x4df
[   14.027433]  ? __change_page_attr+0xad0/0xad0
[   14.028260]  ? kasan_unpoison_shadow+0xf/0x2e
[   14.029062]  ? preempt_latency_start+0x22/0x68
[   14.029962]  ? get_page_from_freelist+0xf37/0x1281
[   14.030796]  ? native_flush_tlb_one_user+0x54/0x95
[   14.031602]  ? trace_tlb_flush+0x1f/0x106
[   14.032352]  ? flush_tlb_func_common+0x26a/0x289
[   14.033322]  ? trace_irq_enable_rcuidle+0x21/0xf5
[   14.034109]  __kernel_map_pages+0x148/0x1b1
[   14.034777]  ? set_pages_rw+0x94/0x94
[   14.035408]  ? flush_tlb_mm_range+0x161/0x1ae
[   14.036134]  ? atomic_read+0xe/0x3f
[   14.036715]  ? page_expected_state+0x46/0x81
[   14.037442]  free_unref_page_prepare+0xe1/0x192
[   14.038201]  free_unref_page_list+0xd3/0x319
[   14.038960]  release_pages+0x5d1/0x612
[   14.039581]  ? __put_compound_page+0x91/0x91
[   14.040346]  ? tlb_flush_mmu_tlbonly+0x107/0x1c5
[   14.041193]  ? preempt_latency_start+0x22/0x68
[   14.041922]  ? free_swap_cache+0x51/0xd5
[   14.042566]  tlb_flush_mmu_free+0x31/0xca
[   14.043254]  tlb_finish_mmu+0xf6/0x1b5
[   14.043883]  shift_arg_pages+0x280/0x30b
[   14.044535]  ? __register_binfmt+0x18d/0x18d
[   14.045259]  ? trace_irq_enable_rcuidle+0x21/0xf5
[   14.046029]  ? ___might_sleep+0xac/0x33e
[   14.046666]  setup_arg_pages+0x46a/0x56e
[   14.047347]  ? shift_arg_pages+0x30b/0x30b
[   14.048208]  load_elf_binary+0x888/0x20dd
[   14.048872]  ? _raw_read_unlock+0x14/0x24
[   14.049532]  ? ima_bprm_check+0x18c/0x1c2
[   14.050199]  ? elf_map+0x1e8/0x1e8
[   14.050756]  ? ima_file_mmap+0xf3/0xf3
[   14.051583]  search_binary_handler+0x154/0x511
[   14.052323]  __do_execve_file+0x10b5/0x15e9
[   14.053004]  ? open_exec+0x3a/0x3a
[   14.053564]  ? memcpy+0x34/0x46
[   14.054095]  ? rest_init+0xdd/0xdd
[   14.054669]  kernel_init+0x66/0x10d
[   14.055262]  ? rest_init+0xdd/0xdd
[   14.055833]  ret_from_fork+0x3a/0x50
[   14.056516] 
[   14.056769] The buggy address belongs to the page:
[   14.057552] page:ffff88801de82c48 count:0 mapcount:0 mapping:0000000000000000 index:0x0
[   14.058923] flags: 0x680000000000()
[   14.059495] raw: 0000680000000000 ffff88801de82c50 ffff88801de82c50 0000000000000000

                                                          # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 73f7e0e993d885606124134bd88c4c0e6b8b45bd 15ade5d2e7775667cf191cf2f94327a4889f8b9d --
git bisect  bad 9b748775c7b377ae207813cb9ecdb0153b74ca55  # 17:54  B      0     9   24   0  Merge 'hwmon/hwmon' into devel-hourly-2019040920
git bisect  bad a891bf73affea7bf5e4a7ef78b23b1c3f5b29d58  # 18:05  B      0    11   26   0  Merge 'linux-review/Heiner-Kallweit/net-phy-switch-drivers-to-use-dynamic-feature-detection/20190408-065213' into devel-hourly-2019040920
git bisect good 7ccb8fbbe4f0de58aeaac0f783d926a091de2942  # 18:18  G     11     0   11  11  Merge 'brgl-linux/gpio/for-next' into devel-hourly-2019040920
git bisect  bad 081419eb685d308d93e12e1ddea3d02bfa52c0a4  # 18:33  B      0     4   19   0  Merge 'csky-linux/linux-next' into devel-hourly-2019040920
git bisect good 95041a63b3167fdc27aa36ef3b54daeeff12bdae  # 18:52  G     11     0   11  11  Merge 'linux-review/Ido-Schimmel/mlxsw-Add-support-for-devlink-info-command/20190408-210315' into devel-hourly-2019040920
git bisect good 404993d745381524b38243176df8f1a11dd99d3b  # 19:14  G     11     0   11  11  Merge 'linux-review/Simon-Horman/ravb-Avoid-unsupported-internal-delay-mode-for-R-Car-E3-D3/20190408-204324' into devel-hourly-2019040920
git bisect good 8cad949760cbcba41a6981993d0c65b4604a9e18  # 19:31  G     11     0   11  11  Merge 'gfs2/for-next.glock-refcount' into devel-hourly-2019040920
git bisect good 2c0d83617d30e6e747067a08e48a0e2de7404aa2  # 19:43  G     11     0   11  11  Merge 'pinctrl/devel' into devel-hourly-2019040920
git bisect good 14fb0415d4eba1e4f63efc98d4b3f1b8ceea047f  # 19:57  G     11     0   11  11  Merge 'linux-review/Kristian-Evensen/qmi_wwan-Add-quirk-for-Quectel-dynamic-config/20190408-073833' into devel-hourly-2019040920
git bisect  bad 8e115919d3366790a875d7dfad33bcb7009a957d  # 20:10  B      0     1   16   0  Merge 'tip/master' into devel-hourly-2019040920
git bisect  bad 9402fa854486829a7792fbb4038b5585473f3b1a  # 20:31  B      0     8   23   0  Merge branch 'perf/urgent'
git bisect good 2e8623e9bc0ba4907e94c4d94a1caeac23d1fadb  # 20:44  G     11     0   11  11  Merge branch 'linus'
git bisect good 64604d54d3115fee89598bfb6d8d2252f8a2d114  # 20:54  G     11     0   11  11  sched/x86_64: Don't save flags on context switch
git bisect  bad b3fa8ed4e48802e6ba0aa5f3283313a27dcbf46f  # 21:04  B      0    11   26   0  asm-generic/tlb: Remove CONFIG_HAVE_GENERIC_MMU_GATHER
git bisect good b78180b97dcf667350aac716cd3f32356eaf4984  # 21:20  G     11     0   11  11  arm/tlb: Convert to generic mmu_gather
git bisect good 6137fed0823247e32306bde2b48cac627c24f894  # 21:30  G     11     0   11  11  arch/tlb: Clean up simple architectures
git bisect good 9de7d833e3708213bf99d75c37483e0f773f5e16  # 21:43  G     11     0   11  11  s390/tlb: Convert to generic mmu_gather
git bisect  bad 1808d65b55e4489770dd4f76fb0dff5b81eb9b11  # 21:52  B      0    11   26   0  asm-generic/tlb: Remove arch_tlb*_mmu()
# first bad commit: [1808d65b55e4489770dd4f76fb0dff5b81eb9b11] asm-generic/tlb: Remove arch_tlb*_mmu()
git bisect good 9de7d833e3708213bf99d75c37483e0f773f5e16  # 21:53  G     33     0   33  44  s390/tlb: Convert to generic mmu_gather
# extra tests with debug options
git bisect  bad 1808d65b55e4489770dd4f76fb0dff5b81eb9b11  # 22:07  B      0     1   16   0  asm-generic/tlb: Remove arch_tlb*_mmu()
# extra tests on HEAD of linux-devel/devel-hourly-2019040920
git bisect  bad 73f7e0e993d885606124134bd88c4c0e6b8b45bd  # 22:13  B      0    13   31   0  0day head guard for 'devel-hourly-2019040920'
# extra tests on tree/branch tip/core/mm
git bisect  bad 6455959819bf2469190ae9f6b4ccebaa9827e884  # 22:37  B      0     4   19   0  ia64/tlb: Eradicate tlb_migrate_finish() callback
# extra tests on tree/branch tip/master
git bisect  bad 31437a258fa637d7449385ef2e1b33efc6786397  # 22:54  B      0    11   26   0  Merge branch 'perf/urgent'

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/lkp                          Intel Corporation

Download attachment "dmesg-quantal-vm-quantal-217:20190410215134:x86_64-randconfig-s3-04092154:5.1.0-rc3-00029-g1808d65:3.gz" of type "application/gzip" (14431 bytes)

Download attachment "dmesg-quantal-vm-quantal-101:20190410215248:x86_64-randconfig-s3-04092154:5.1.0-rc3-00028-g9de7d83:1.gz" of type "application/gzip" (14635 bytes)

View attachment "reproduce-quantal-vm-quantal-217:20190410215134:x86_64-randconfig-s3-04092154:5.1.0-rc3-00029-g1808d65:3" of type "text/plain" (900 bytes)

View attachment "config-5.1.0-rc3-00029-g1808d65" of type "text/plain" (126234 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ