| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Jun 2019 16:30:57 +0800
From: kernel test robot <lkp@...el.com>
To: Matthew Wilcox <willy@...radead.org>
Cc: LKML <linux-kernel@...r.kernel.org>,
Stephen Rothwell <sfr@...b.auug.org.au>, lkp@...org
Subject: [XArray] fa858b6eec: BUG:Bad_page_state_in_process
FYI, we noticed the following commit (built with gcc-7):
commit: fa858b6eec3f4908973131b1d5a3f2e35c4182cd ("XArray: Add xas_replace")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------+------------+------------+
| | 12fd2aee6d | fa858b6eec |
+------------------------------------------+------------+------------+
| boot_successes | 6 | 29 |
| boot_failures | 0 | 17 |
| BUG:KASAN:wild-memory-access_in_g | 0 | 7 |
| RIP:copy_user_generic_unrolled | 0 | 4 |
| general_protection_fault:#[##] | 0 | 16 |
| RIP:get_page_from_freelist | 0 | 7 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 16 |
| BUG:Bad_page_state_in_process | 0 | 9 |
| BUG:KASAN:wild-memory-access_in_f | 0 | 8 |
| RIP:free_pcppages_bulk | 0 | 8 |
| BUG:KASAN:wild-memory-access_in_r | 0 | 1 |
| RIP:release_pages | 0 | 1 |
+------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp@...el.com>
[ 90.960908] BUG: Bad page state in process find pfn:05da9
[ 90.961733] page:ffffea0000176a40 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1
[ 90.962958] flags: 0x0()
[ 90.963352] raw: 0000000000000000 dead000000000100 dead000000000200 0000000000000000
[ 90.964491] raw: 0000000000000001 0000000000000000 00000000ffffff7f 0000000000000000
[ 90.965588] page dumped because: nonzero mapcount
[ 90.966270] CPU: 0 PID: 263 Comm: find Not tainted 5.2.0-rc2-00162-gfa858b6eec3f4 #1
[ 90.967353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 90.968534] Call Trace:
[ 90.968921] bad_page+0x118/0x14b
[ 90.969433] free_pcppages_bulk+0x2a9/0xc7b
[ 90.970060] ? ftrace_likely_update+0x29a/0x2ae
[ 90.970708] ? get_pfnblock_flags_mask+0xa9/0xa9
[ 90.971376] ? tracer_hardirqs_off+0x15/0x153
[ 90.972007] free_unref_page_list+0x1eb/0x266
[ 90.972633] release_pages+0x61e/0x65f
[ 90.973181] ? mark_page_accessed+0x3cb/0x3cb
[ 90.973806] ? ftrace_likely_update+0x29a/0x2ae
[ 90.974460] __pagevec_release+0x50/0x5e
[ 90.975035] shmem_undo_range+0x99e/0xa46
[ 90.975636] ? shmem_getpage+0x5f/0x5f
[ 90.976207] ? ftrace_likely_update+0x29a/0x2ae
[ 90.976881] ? match_held_lock+0x1c/0x1eb
[ 90.977465] ? find_held_lock+0x86/0x96
[ 90.978027] ? match_held_lock+0x1c/0x1eb
[ 90.978604] ? find_held_lock+0x86/0x96
[ 90.979165] ? match_held_lock+0x1c/0x1eb
[ 90.979742] ? match_held_lock+0x1c/0x1eb
[ 90.980328] ? match_held_lock+0x1c/0x1eb
[ 90.980934] ? find_held_lock+0x86/0x96
[ 90.981526] shmem_truncate_range+0x32/0x6b
[ 90.982135] shmem_evict_inode+0x172/0x496
[ 90.982726] ? find_held_lock+0x86/0x96
[ 90.983284] ? shmem_truncate_range+0x6b/0x6b
[ 90.983908] ? ftrace_likely_update+0x29a/0x2ae
[ 90.984560] ? shmem_truncate_range+0x6b/0x6b
[ 90.985190] evict+0x1b7/0x2cd
[ 90.985641] ? find_inode_nowait+0xe1/0xe1
[ 90.986236] iput+0x334/0x3b1
[ 90.986690] do_unlinkat+0x2b2/0x42a
[ 90.987241] ? vfs_unlink+0x26a/0x26a
[ 90.987792] ? __check_heap_object+0x88/0x149
[ 90.988449] ? ftrace_likely_update+0x29a/0x2ae
[ 90.989129] ? ftrace_likely_update+0x29a/0x2ae
[ 90.989804] ? getname_flags+0x3cb/0x3da
[ 90.990377] __x64_sys_unlinkat+0x7d/0x90
[ 90.990954] ? do_syscall_64+0x4f7/0x828
[ 90.991524] do_syscall_64+0x507/0x828
[ 90.992078] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 90.992795] RIP: 0033:0x7f21f9c27a5d
[ 90.993323] Code: e9 f3 2c 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 48 63 d2 48 63 ff b8 07 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 f3 c3 48 8b 15 b2 f3 2c 00 f7 d8 64 89 02
[ 90.995955] RSP: 002b:00007ffdbf2f9988 EFLAGS: 00000206 ORIG_RAX: 0000000000000107
[ 90.997023] RAX: ffffffffffffffda RBX: 00000000017f2bc0 RCX: 00007f21f9c27a5d
[ 90.998022] RDX: 0000000000000000 RSI: 00000000017fd108 RDI: ffffffffffffff9c
[ 90.999020] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 91.000052] R10: 00007ffdbf2f9720 R11: 0000000000000206 R12: 0000000000000000
[ 91.001087] R13: 00000000017f38a0 R14: 00007ffdbf2fbdcd R15: 00000000017f3820
[ 91.002087] Disabling lock debugging due to kernel taint
[ 91.002831] ==================================================================
[ 91.003845] BUG: KASAN: wild-memory-access in free_pcppages_bulk+0x13e/0xc7b
[ 91.004832] Write of size 8 at addr dead000000000108 by task find/263
[ 91.005758]
[ 91.006010] CPU: 0 PID: 263 Comm: find Tainted: G B 5.2.0-rc2-00162-gfa858b6eec3f4 #1
[ 91.007311] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 91.008468] Call Trace:
[ 91.008834] ? free_pcppages_bulk+0x13e/0xc7b
[ 91.009462] __kasan_report+0x1d0/0x1fa
[ 91.010023] ? free_pcppages_bulk+0x13e/0xc7b
[ 91.010660] kasan_report+0x31/0x3a
[ 91.011193] ? free_pcppages_bulk+0x13e/0xc7b
[ 91.011844] free_pcppages_bulk+0x13e/0xc7b
[ 91.012472] ? ftrace_likely_update+0x29a/0x2ae
[ 91.013149] ? get_pfnblock_flags_mask+0xa9/0xa9
[ 91.013828] ? tracer_hardirqs_off+0x15/0x153
[ 91.014457] free_unref_page_list+0x1eb/0x266
[ 91.015084] release_pages+0x61e/0x65f
[ 91.015624] ? mark_page_accessed+0x3cb/0x3cb
[ 91.016250] ? ftrace_likely_update+0x29a/0x2ae
[ 91.016894] __pagevec_release+0x50/0x5e
[ 91.017464] shmem_undo_range+0x99e/0xa46
[ 91.018047] ? shmem_getpage+0x5f/0x5f
[ 91.018584] ? ftrace_likely_update+0x29a/0x2ae
[ 91.019235] ? match_held_lock+0x1c/0x1eb
[ 91.019810] ? find_held_lock+0x86/0x96
[ 91.020365] ? match_held_lock+0x1c/0x1eb
[ 91.020940] ? find_held_lock+0x86/0x96
[ 91.021498] ? match_held_lock+0x1c/0x1eb
[ 91.022078] ? match_held_lock+0x1c/0x1eb
[ 91.022652] ? match_held_lock+0x1c/0x1eb
[ 91.023233] ? find_held_lock+0x86/0x96
[ 91.023782] shmem_truncate_range+0x32/0x6b
[ 91.027841] shmem_evict_inode+0x172/0x496
[ 91.028447] ? find_held_lock+0x86/0x96
[ 91.029003] ? shmem_truncate_range+0x6b/0x6b
[ 91.029635] ? ftrace_likely_update+0x29a/0x2ae
[ 91.030287] ? shmem_truncate_range+0x6b/0x6b
[ 91.030909] evict+0x1b7/0x2cd
[ 91.031369] ? find_inode_nowait+0xe1/0xe1
[ 91.031955] iput+0x334/0x3b1
[ 91.032399] do_unlinkat+0x2b2/0x42a
[ 91.032928] ? vfs_unlink+0x26a/0x26a
[ 91.033461] ? __check_heap_object+0x88/0x149
[ 91.034089] ? ftrace_likely_update+0x29a/0x2ae
[ 91.034733] ? ftrace_likely_update+0x29a/0x2ae
[ 91.035392] ? getname_flags+0x3cb/0x3da
[ 91.035957] __x64_sys_unlinkat+0x7d/0x90
[ 91.036554] ? do_syscall_64+0x4f7/0x828
[ 91.037144] do_syscall_64+0x507/0x828
[ 91.037721] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 91.038471] RIP: 0033:0x7f21f9c27a5d
[ 91.039025] Code: e9 f3 2c 00 31 d2 48 29 c2 64 89 11 48 83 c8 ff eb ea 90 90 90 90 90 90 90 90 90 90 90 48 63 d2 48 63 ff b8 07 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 02 f3 c3 48 8b 15 b2 f3 2c 00 f7 d8 64 89 02
[ 91.041597] RSP: 002b:00007ffdbf2f9988 EFLAGS: 00000206 ORIG_RAX: 0000000000000107
[ 91.042655] RAX: ffffffffffffffda RBX: 00000000017f2bc0 RCX: 00007f21f9c27a5d
[ 91.043650] RDX: 0000000000000000 RSI: 00000000017fd108 RDI: ffffffffffffff9c
[ 91.044646] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 91.045642] R10: 00007ffdbf2f9720 R11: 0000000000000206 R12: 0000000000000000
[ 91.046637] R13: 00000000017f38a0 R14: 00007ffdbf2fbdcd R15: 00000000017f3820
[ 91.047633] ==================================================================
[ 91.048657] general protection fault: 0000 [#1] DEBUG_PAGEALLOC KASAN
[ 91.049571] CPU: 0 PID: 263 Comm: find Tainted: G B 5.2.0-rc2-00162-gfa858b6eec3f4 #1
[ 91.050868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 91.052083] RIP: 0010:free_pcppages_bulk+0x143/0xc7b
[ 91.052786] Code: 8d 43 08 4c 8b 3b 48 89 c7 48 89 44 24 10 e8 1e 32 01 00 48 8b 43 08 49 8d 7f 08 48 89 44 24 10 e8 b8 32 01 00 48 8b 44 24 10 <49> 89 47 08 48 89 c7 e8 a7 32 01 00 48 8b 44 24 10 4c 89 ef 4c 89
[ 91.055362] RSP: 0018:ffff88805b997758 EFLAGS: 00010092
[ 91.056144] RAX: dead000000000200 RBX: ffffea0000176a48 RCX: ffff88805bb80040
[ 91.057181] RDX: 0000000000000000 RSI: ffffffff8124ce51 RDI: ffffffff837f81c0
[ 91.058199] RBP: ffff88806b1f85d0 R08: 0000000000000003 R09: 0000000000000007
[ 91.059197] R10: fffffbfff08469ee R11: fffffbfff08469ed R12: 0000000000000001
[ 91.060194] R13: ffff88806b1f85b0 R14: ffffffff84087a00 R15: dead000000000100
[ 91.061195] FS: 00007f21fa61b700(0000) GS:ffffffff83693000(0000) knlGS:0000000000000000
[ 91.062324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 91.063135] CR2: 00000000017f5000 CR3: 000000005fec7000 CR4: 00000000000406f0
[ 91.064137] Call Trace:
[ 91.064503] ? ftrace_likely_update+0x29a/0x2ae
[ 91.065190] ? get_pfnblock_flags_mask+0xa9/0xa9
[ 91.065873] ? tracer_hardirqs_off+0x15/0x153
[ 91.066541] free_unref_page_list+0x1eb/0x266
[ 91.067171] release_pages+0x61e/0x65f
[ 91.067712] ? mark_page_accessed+0x3cb/0x3cb
[ 91.068341] ? ftrace_likely_update+0x29a/0x2ae
[ 91.068985] __pagevec_release+0x50/0x5e
[ 91.069557] shmem_undo_range+0x99e/0xa46
[ 91.070144] ? shmem_getpage+0x5f/0x5f
[ 91.070685] ? ftrace_likely_update+0x29a/0x2ae
[ 91.071340] ? match_held_lock+0x1c/0x1eb
[ 91.071919] ? find_held_lock+0x86/0x96
[ 91.072478] ? match_held_lock+0x1c/0x1eb
[ 91.073063] ? find_held_lock+0x86/0x96
[ 91.073617] ? match_held_lock+0x1c/0x1eb
[ 91.074203] ? match_held_lock+0x1c/0x1eb
[ 91.074781] ? match_held_lock+0x1c/0x1eb
[ 91.075366] ? find_held_lock+0x86/0x96
[ 91.075920] shmem_truncate_range+0x32/0x6b
[ 91.076526] shmem_evict_inode+0x172/0x496
[ 91.077122] ? find_held_lock+0x86/0x96
[ 91.077672] ? shmem_truncate_range+0x6b/0x6b
[ 91.078301] ? ftrace_likely_update+0x29a/0x2ae
[ 91.078945] ? shmem_truncate_range+0x6b/0x6b
[ 91.079572] evict+0x1b7/0x2cd
[ 91.080026] ? find_inode_nowait+0xe1/0xe1
To reproduce:
# build kernel
cd linux
cp config-5.2.0-rc2-00162-gfa858b6eec3f4 .config
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 modules_prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 SHELL=/bin/bash
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
lkp
View attachment "config-5.2.0-rc2-00162-gfa858b6eec3f4" of type "text/plain" (110858 bytes)
View attachment "job-script" of type "text/plain" (4307 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (16272 bytes)
Powered by blists - more mailing lists