| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <5d055b54.Kf66KUxVpBPXKiIw%lkp@intel.com>
Date: Sun, 16 Jun 2019 04:55:48 +0800
From: kernel test robot <lkp@...el.com>
To: Christoph Hellwig <hch@....de>
Cc: LKP <lkp@...org>, linux-kernel@...r.kernel.org,
linux-block@...r.kernel.org, Ming Lei <ming.lei@...hat.com>,
Jens Axboe <axboe@...nel.dk>, philip.li@...el.com
Subject: 41c3b82ce7 ("block: return from __bio_try_merge_page if .."):
BUG: KASAN: null-ptr-deref in __bio_add_pc_page
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup.git block/for-linus
commit 41c3b82ce7980f8e7b51cf2cf6c3f55fd8bc07c0
Author: Christoph Hellwig <hch@....de>
AuthorDate: Thu Jun 13 11:55:28 2019 +0200
Commit: Jens Axboe <axboe@...nel.dk>
CommitDate: Thu Jun 13 04:02:35 2019 -0600
block: return from __bio_try_merge_page if merging occured in the same page
We currently have an input same_page parameter to __bio_try_merge_page
to prohibit merging in the same page. The rationale for that is that
some callers need to account for every page added to a bio. Instead of
letting these callers call twice into the merge code to account for the
new vs existing page cases, just turn the paramter into an output one that
returns if a merge in the same page occured and let them act accordingly.
Signed-off-by: Christoph Hellwig <hch@....de>
Reviewed-by: Ming Lei <ming.lei@...hat.com>
Signed-off-by: Jens Axboe <axboe@...nel.dk>
1d0c06513b block/ps3vram: Use %llu to format sector_t after LBDAF removal
41c3b82ce7 block: return from __bio_try_merge_page if merging occured in the same page
9c9b3e34fa block: fix page leak when merging to same page
+------------------------------------------------+------------+------------+------------+
| | 1d0c06513b | 41c3b82ce7 | 9c9b3e34fa |
+------------------------------------------------+------------+------------+------------+
| boot_successes | 9 | 1 | 0 |
| boot_failures | 3 | 14 | 12 |
| BUG:soft_lockup-CPU##stuck_for#s | 2 | | |
| RIP:memset_erms | 1 | | |
| Kernel_panic-not_syncing:softlockup:hung_tasks | 2 | | |
| RIP:__asan_load8 | 1 | | |
| BUG:kernel_timeout_in_torture_test_stage | 1 | | |
| BUG:KASAN:null-ptr-deref_in__bio_add_pc_page | 0 | 14 | 12 |
| BUG:kernel_NULL_pointer_dereference,address | 0 | 14 | 12 |
| Oops:#[##] | 0 | 14 | 12 |
| RIP:__bio_add_pc_page | 0 | 14 | 12 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 14 | 12 |
+------------------------------------------------+------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp@...el.com>
[ 212.664343] osst :I: $Id: osst.c,v 1.73 2005/01/01 21:13:34 wriede Exp $
[ 212.673694] scsi host0: scsi_debug: version 0188 [20190125]
[ 212.673694] dev_size_mb=8, opts=0x0, submit_queues=1, statistics=0
[ 212.682114] scsi 0:0:0:0: Direct-Access Linux scsi_debug 0188 PQ: 0 ANSI: 7
[ 212.685451] ==================================================================
[ 212.687542] BUG: KASAN: null-ptr-deref in __bio_add_pc_page+0x223/0x510
[ 212.689077] Write of size 1 at addr 0000000000000000 by task kworker/u2:1/108
[ 212.690676]
[ 212.691445] CPU: 0 PID: 108 Comm: kworker/u2:1 Not tainted 5.2.0-rc4-00013-g41c3b82 #1
[ 212.693624] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 212.694987] Workqueue: events_unbound async_run_entry_fn
[ 212.694987] Call Trace:
[ 212.694987] ? __bio_add_pc_page+0x223/0x510
[ 212.694987] __kasan_report+0x1d2/0x207
[ 212.694987] ? __bio_add_pc_page+0x223/0x510
[ 212.694987] kasan_report+0x29/0x40
[ 212.694987] __bio_add_pc_page+0x223/0x510
[ 212.694987] bio_map_kern+0x118/0x190
[ 212.694987] blk_rq_map_kern+0x235/0x270
[ 212.694987] ? blk_rq_unmap_user+0x90/0x90
[ 212.694987] ? ftrace_likely_update+0x45/0x2a0
[ 212.694987] ? scsi_initialize_rq+0x54/0x70
[ 212.694987] __scsi_execute+0xa6/0x2d0
[ 212.694987] __scsi_scan_target+0x4d8/0x890
[ 212.694987] ? scsi_target_reap+0x60/0x60
[ 212.694987] ? find_held_lock+0x74/0xd0
[ 212.694987] ? __pm_runtime_resume+0x71/0xb0
[ 212.694987] ? ftrace_likely_update+0x45/0x2a0
[ 212.694987] ? _raw_spin_unlock_irqrestore+0x32/0x50
[ 212.694987] scsi_scan_channel+0x94/0xe0
[ 212.694987] scsi_scan_host_selected+0x158/0x1d0
[ 212.694987] ? do_scsi_scan_host+0x110/0x110
[ 212.694987] do_scan_async+0x29/0x250
[ 212.694987] ? do_scsi_scan_host+0x110/0x110
[ 212.694987] async_run_entry_fn+0x66/0x2e0
[ 212.694987] process_one_work+0x575/0xb10
[ 212.694987] ? pwq_dec_nr_in_flight+0x140/0x140
[ 212.694987] ? worker_thread+0x1cf/0x790
[ 212.694987] worker_thread+0x68/0x790
[ 212.694987] ? process_one_work+0xb10/0xb10
[ 212.694987] kthread+0x20c/0x230
[ 212.694987] ? kthread_delayed_work_timer_fn+0x1c0/0x1c0
[ 212.694987] ret_from_fork+0x24/0x30
[ 212.694987] ==================================================================
[ 212.694987] Disabling lock debugging due to kernel taint
[ 212.738776] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 212.740355] #PF: supervisor write access in kernel mode
[ 212.741675] #PF: error_code(0x0002) - not-present page
[ 212.742998] PGD 0 P4D 0
[ 212.743930] Oops: 0002 [#1] KASAN PTI
[ 212.745024] CPU: 0 PID: 108 Comm: kworker/u2:1 Tainted: G B 5.2.0-rc4-00013-g41c3b82 #1
[ 212.747388] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 212.748734] Workqueue: events_unbound async_run_entry_fn
[ 212.748734] RIP: 0010:__bio_add_pc_page+0x22b/0x510
[ 212.748734] Code: 06 85 c0 0f 85 b4 01 00 00 49 83 ed 01 31 ff 4c 89 e8 48 25 00 f0 ff ff 48 89 44 24 08 e8 bd 1e 8e ff 48 8b 44 24 08 49 39 c6 <0f> 94 04 25 00 00 00 00 0f 84 a0 01 00 00 4c 8b 35 98 db eb 03 49
[ 212.748734] RSP: 0000:ffff8880192f7948 EFLAGS: 00010206
[ 212.748734] RAX: 0000000013621000 RBX: ffff888015fce200 RCX: fffffbfff0d785d9
[ 212.748734] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff83ba6482
[ 212.748734] RBP: 0000000000000100 R08: fffffbfff0d785da R09: fffffbfff0d785da
[ 212.748734] R10: ffffffff86bc2ecb R11: fffffbfff0d785da R12: ffff888013c496d0
[ 212.748734] R13: 0000000013621fff R14: 0000000013622000 R15: ffff888015fce214
[ 212.748734] FS: 0000000000000000(0000) GS:ffffffff85a9e000(0000) knlGS:0000000000000000
[ 212.748734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 212.748734] CR2: 0000000000000000 CR3: 0000000005a32001 CR4: 00000000001606f0
[ 212.748734] Call Trace:
[ 212.748734] bio_map_kern+0x118/0x190
[ 212.748734] blk_rq_map_kern+0x235/0x270
[ 212.748734] ? blk_rq_unmap_user+0x90/0x90
[ 212.748734] ? ftrace_likely_update+0x45/0x2a0
[ 212.748734] ? scsi_initialize_rq+0x54/0x70
[ 212.748734] __scsi_execute+0xa6/0x2d0
[ 212.748734] __scsi_scan_target+0x4d8/0x890
[ 212.748734] ? scsi_target_reap+0x60/0x60
[ 212.748734] ? find_held_lock+0x74/0xd0
[ 212.748734] ? __pm_runtime_resume+0x71/0xb0
[ 212.748734] ? ftrace_likely_update+0x45/0x2a0
[ 212.748734] ? _raw_spin_unlock_irqrestore+0x32/0x50
[ 212.748734] scsi_scan_channel+0x94/0xe0
[ 212.748734] scsi_scan_host_selected+0x158/0x1d0
[ 212.748734] ? do_scsi_scan_host+0x110/0x110
[ 212.748734] do_scan_async+0x29/0x250
[ 212.748734] ? do_scsi_scan_host+0x110/0x110
[ 212.748734] async_run_entry_fn+0x66/0x2e0
[ 212.748734] process_one_work+0x575/0xb10
[ 212.748734] ? pwq_dec_nr_in_flight+0x140/0x140
[ 212.748734] ? worker_thread+0x1cf/0x790
[ 212.748734] worker_thread+0x68/0x790
[ 212.748734] ? process_one_work+0xb10/0xb10
[ 212.748734] kthread+0x20c/0x230
[ 212.748734] ? kthread_delayed_work_timer_fn+0x1c0/0x1c0
[ 212.748734] ret_from_fork+0x24/0x30
[ 212.748734] CR2: 0000000000000000
[ 212.748734] ---[ end trace b9d0d98398fe5790 ]---
[ 212.748734] RIP: 0010:__bio_add_pc_page+0x22b/0x510
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start b03773ed7363554492ff274f4a9364a4c30b3637 d1fdb6d8f6a4109a4263176c84b899076a5f8008 --
git bisect bad a77e549e7925f1a071787a77d36e28d0f290e722 # 20:13 B 0 2 17 1 Merge 'jpoimboe/bpf-orc-fix-3' into devel-hourly-2019061516
git bisect bad fec395990abb566155bfd809696168b65df8cde3 # 20:35 B 0 6 20 0 Merge 'pm/linux-next' into devel-hourly-2019061516
git bisect good 60c912e9d5d16b2e39194e51aa4e9196cda3df08 # 21:30 G 10 0 8 9 Merge 'sunxi/sunxi/dt64-for-5.3' into devel-hourly-2019061516
git bisect bad cf1a70094c0b31e849ea1461e6da3da63cac85cb # 21:53 B 0 1 15 0 Merge 'tip/x86/cpu' into devel-hourly-2019061516
git bisect bad 4baf710ddb5fb2b90abefdd5cfa11660cdae67f6 # 23:01 B 0 1 20 5 Merge 'cgroup/block/for-linus' into devel-hourly-2019061516
git bisect good d4d2c24ea2a5346d75f21d3a44868f9021650115 # 23:35 G 10 0 8 8 Merge 'arm-tegra/for-5.3/firmware' into devel-hourly-2019061516
git bisect good e4fde4a63896f617c1d9b131ca973be1c791fbbf # 00:24 G 10 0 6 6 Merge 'gpio/devel' into devel-hourly-2019061516
git bisect good 7448723a0b6ac76fe0766c37fc7aaa123613de0b # 01:14 G 10 0 10 10 Merge 'linux-review/fei-yang-intel-com/usb-gadget-f_fs-data_len-used-before-properly-set/20190614-094348' into devel-hourly-2019061516
git bisect good 3a54fca087b6a92c1bcf9c2b72bb2e70131d378e # 01:56 G 10 0 10 10 Merge 'm68knommu/for-next' into devel-hourly-2019061516
git bisect bad 9c9b3e34faeaeee28fce5b613c7f0e5930f8da5c # 02:12 B 0 7 21 0 block: fix page leak when merging to same page
git bisect bad 41c3b82ce7980f8e7b51cf2cf6c3f55fd8bc07c0 # 02:50 B 0 9 24 1 block: return from __bio_try_merge_page if merging occured in the same page
# first bad commit: [41c3b82ce7980f8e7b51cf2cf6c3f55fd8bc07c0] block: return from __bio_try_merge_page if merging occured in the same page
git bisect good 1d0c06513bd44e724f572ef9c932d0c889d183c6 # 03:45 G 30 0 25 25 block/ps3vram: Use %llu to format sector_t after LBDAF removal
# extra tests with debug options
git bisect bad 41c3b82ce7980f8e7b51cf2cf6c3f55fd8bc07c0 # 04:16 B 0 3 22 4 block: return from __bio_try_merge_page if merging occured in the same page
# extra tests on HEAD of linux-devel/devel-hourly-2019061516
git bisect bad b03773ed7363554492ff274f4a9364a4c30b3637 # 04:21 B 0 14 36 4 0day head guard for 'devel-hourly-2019061516'
# extra tests on tree/branch cgroup/block/for-linus
git bisect bad 9c9b3e34faeaeee28fce5b613c7f0e5930f8da5c # 04:27 B 0 12 26 0 block: fix page leak when merging to same page
# extra tests with first bad commit reverted
git bisect good 5333d4fc3975d26a16540fc2e959060a27500329 # 04:55 G 12 0 7 7 Revert "block: return from __bio_try_merge_page if merging occured in the same page"
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-yocto-vm-yocto-711:20190616024949:x86_64-randconfig-a0-06151807:5.2.0-rc4-00013-g41c3b82:1.gz" of type "application/gzip" (16060 bytes)
Download attachment "dmesg-yocto-vm-yocto-47bd4dbb8d52:20190616032527:x86_64-randconfig-a0-06151807:5.2.0-rc4-00012-g1d0c065:1.gz" of type "application/gzip" (26727 bytes)
View attachment "reproduce-yocto-vm-yocto-711:20190616024949:x86_64-randconfig-a0-06151807:5.2.0-rc4-00013-g41c3b82:1" of type "text/plain" (910 bytes)
View attachment "config-5.2.0-rc4-00013-g41c3b82" of type "text/plain" (136830 bytes)
Powered by blists - more mailing lists