| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Nov 2020 08:31:24 +0800
From: kernel test robot <rong.a.chen@...el.com>
To: Valentin Schneider <valentin.schneider@....com>
Cc: Ingo Molnar <mingo@...nel.org>, linux-kernel@...r.kernel.org,
LKP <lkp@...ts.01.org>, lkp@...el.com
Subject: 5b9f8ff7b3 ("sched/debug: Output SD flag names rather than .."): [
320.831182] BUG: KASAN: double-free or invalid-free in sd_ctl_doflags
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit 5b9f8ff7b320a34af3dbcf04edb40d9b04f22f4a
Author: Valentin Schneider <valentin.schneider@....com>
AuthorDate: Mon Aug 17 12:29:52 2020 +0100
Commit: Ingo Molnar <mingo@...nel.org>
CommitDate: Wed Aug 19 10:49:48 2020 +0200
sched/debug: Output SD flag names rather than their values
Decoding the output of /proc/sys/kernel/sched_domain/cpu*/domain*/flags has
always been somewhat annoying, as one needs to go fetch the bit -> name
mapping from the source code itself. This encoding can be saved in a script
somewhere, but that isn't safe from flags being added, removed or even
shuffled around.
What matters for debugging purposes is to get *which* flags are set in a
given domain, their associated value is pretty much meaningless.
Make the sd flags debug file output flag names.
Signed-off-by: Valentin Schneider <valentin.schneider@....com>
Signed-off-by: Ingo Molnar <mingo@...nel.org>
Acked-by: Peter Zijlstra <a.p.zijlstra@...llo.nl>
Link: https://lore.kernel.org/r/20200817113003.20802-7-valentin.schneider@arm.com
65c5e25316 sched/topology: Verify SD_* flags setup when sched_debug is on
5b9f8ff7b3 sched/debug: Output SD flag names rather than their values
3cea11cd5e Linux 5.10-rc2
+-------------------------------------------------+------------+------------+-----------+
| | 65c5e25316 | 5b9f8ff7b3 | v5.10-rc2 |
+-------------------------------------------------+------------+------------+-----------+
| boot_successes | 824 | 523 | 322 |
| boot_failures | 491 | 331 | 145 |
| WARNING:at_mm/usercopy.c:#usercopy_warn | 439 | 292 | 143 |
| RIP:usercopy_warn | 439 | 292 | 143 |
| INFO:rcu_sched_self-detected_stall_on_CPU | 38 | 22 | |
| RIP:iov_iter_copy_from_user_atomic | 26 | 15 | |
| BUG:soft_lockup-CPU##stuck_for#s![trinity-c0:#] | 6 | 3 | |
| Kernel_panic-not_syncing | 39 | 23 | |
| RIP:ftrace_likely_update | 33 | 19 | |
| BUG:soft_lockup-CPU##stuck_for#s![trinity-c6:#] | 5 | 3 | |
| BUG:soft_lockup-CPU##stuck_for#s![trinity-c4:#] | 10 | 4 | |
| WARNING:kernel_stack | 3 | 1 | |
| BUG:soft_lockup-CPU##stuck_for#s![trinity-c2:#] | 6 | 2 | |
| RIP:init_numa_balancing | 1 | | |
| BUG:soft_lockup-CPU##stuck_for#s![trinity-c5:#] | 5 | 2 | |
| BUG:soft_lockup-CPU##stuck_for#s![trinity-c7:#] | 3 | 3 | |
| RIP:default_idle | 2 | 2 | |
| BUG:soft_lockup-CPU##stuck_for#s![trinity-c3:#] | 4 | 4 | |
| BUG:kernel_hang_in_boot_stage | 8 | 1 | 1 |
| WARNING:at_fs/read_write.c:#vfs_copy_file_range | 1 | | |
| RIP:vfs_copy_file_range | 1 | | |
| invoked_oom-killer:gfp_mask=0x | 0 | 1 | |
| Mem-Info | 0 | 2 | |
| BUG:KASAN:double-free_or_invalid-free_in_s | 0 | 10 | 1 |
| RIP:_raw_spin_unlock_irq | 0 | 1 | |
| BUG:kernel_reboot-without-warning_in_test_stage | 0 | 1 | |
| BUG:soft_lockup-CPU##stuck_for#s![trinity-c1:#] | 0 | 1 | |
| canonical_address#:#[##] | 0 | 1 | |
| RIP:write_port | 0 | 1 | |
+-------------------------------------------------+------------+------------+-----------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen@...el.com>
[main] 175940 iterations. [F:131816 S:43081 HI:4371]
[main] 261312 iterations. [F:197423 S:62526 HI:4009]
[ 317.933582] futex_wake_op: trinity-c2 tries to shift op by -723; fix this program
[main] 250542 iterations. [F:189030 S:60214 HI:4263]
[ 320.826504] ==================================================================
[ 320.831182] BUG: KASAN: double-free or invalid-free in sd_ctl_doflags+0x2f5/0x3c0
[ 320.833579]
[ 320.834270] CPU: 1 PID: 11346 Comm: trinity-c1 Tainted: G E 5.9.0-rc1-00104-g5b9f8ff7b320a #2
[ 320.837287] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 320.839788] Call Trace:
[ 320.840707] dump_stack+0xa8/0xea
[ 320.841872] print_address_description+0x4f/0x70
[ 320.843661] ? kmsg_dump_rewind+0x160/0x160
[ 320.845065] ? sd_ctl_doflags+0x2f5/0x3c0
[ 320.846408] ? sd_ctl_doflags+0x2f5/0x3c0
[ 320.847753] kasan_report_invalid_free+0x56/0x80
[ 320.849257] __kasan_slab_free+0x121/0x140
[ 320.850632] kasan_slab_free+0xe/0x10
[ 320.851895] kfree+0x130/0x300
[ 320.853001] sd_ctl_doflags+0x2f5/0x3c0
[ 320.854292] ? kmalloc_array+0x60/0x60
[ 320.855859] ? proc_sys_call_handler+0x18b/0x3e0
[ 320.857361] proc_sys_call_handler+0x1ca/0x3e0
[ 320.858825] ? insert_header+0xee0/0xee0
[ 320.860150] proc_sys_read+0x11/0x20
[ 320.861365] do_iter_read+0x383/0x610
[ 320.862609] ? import_iovec+0xad/0x1b0
[ 320.863873] vfs_readv+0xc6/0x120
[ 320.865022] ? vfs_iocb_iter_write+0x3b0/0x3b0
[ 320.873362] ? _raw_spin_unlock_irqrestore+0x1e/0x40
[ 320.875004] ? _raw_spin_unlock_irq+0x13/0x20
[ 320.876452] ? do_setitimer+0x330/0x6c0
[ 320.877658] ? trace_hardirqs_on+0x49/0x1e0
[ 320.879011] ? do_raw_spin_unlock+0x165/0x2f0
[ 320.880410] ? _raw_spin_unlock_irq+0x13/0x20
[ 320.881794] ? do_setitimer+0x330/0x6c0
[ 320.883044] ? __fget_light+0x174/0x250
[ 320.884299] do_preadv+0x114/0x160
[ 320.885451] ? do_readv+0x200/0x200
[ 320.886612] ? trace_hardirqs_off_finish+0x45/0x1a0
[ 320.888145] __x64_sys_preadv+0x9a/0xf0
[ 320.889394] do_syscall_64+0x57/0x70
[ 320.890576] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 320.892146] RIP: 0033:0x463519
[ 320.893207] Code: 00 f3 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db 59 00 00 c3 66 2e 0f 1f 84 00 00 00 00
[ 320.898702] RSP: 002b:00007fff33658f28 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[ 320.901115] RAX: ffffffffffffffda RBX: 0000000000000127 RCX: 0000000000463519
[ 320.903291] RDX: 0000000000000044 RSI: 00000000012a5290 RDI: 0000000000000101
[ 320.905446] RBP: 00007f0429c8a000 R08: 0000000031313131 R09: 0000000000000200
[ 320.907667] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000002
[ 320.909820] R13: 00007f0429c8a058 R14: 000000000109a850 R15: 00007f0429c8a000
[ 320.912014]
[ 320.912681] Allocated by task 11346:
[ 320.913917] kasan_save_stack+0x23/0x50
[ 320.915232] __kasan_kmalloc+0xde/0xf0
[ 320.916866] kasan_kmalloc+0x9/0x10
[ 320.918121] __kmalloc+0x1e4/0x410
[ 320.919382] kmalloc_array+0x43/0x60
[ 320.920235] sd_ctl_doflags+0x1a6/0x3c0
[ 320.920941] proc_sys_call_handler+0x1ca/0x3e0
[ 320.921718] proc_sys_read+0x11/0x20
[ 320.922386] do_iter_read+0x383/0x610
[ 320.923061] vfs_readv+0xc6/0x120
[ 320.923707] do_preadv+0x114/0x160
[ 320.924360] __x64_sys_preadv+0x9a/0xf0
[ 320.925077] do_syscall_64+0x57/0x70
[ 320.925736] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 320.926599]
[ 320.926971] The buggy address belongs to the object at ffff8881e8e33200
[ 320.926971] which belongs to the cache kmalloc-96 of size 96
[ 320.928969] The buggy address is located 16 bytes inside of
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start 6b02addb1d1748d21dd1261e46029b264be4e5a0 v5.8 --
git bisect good 005c53447a63cbce10de37406975a34d7bdc8704 # 03:49 G 901 0 330 330 Merge tag 'devprop-5.9-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
git bisect good bed2a4433efe8bc1955cfd63713f39b0542efbbc # 09:20 G 902 0 360 364 Merge remote-tracking branch 'reset/reset/next' into master
git bisect good 39424c3bcdc021f17f08c3dc3ec30d9366c1a6ae # 17:47 G 904 0 366 366 Merge remote-tracking branch 'regmap/for-next' into master
git bisect bad b1b1be0299c99199d87ac3b3a774419d3f2df2c7 # 19:50 B 93 1 44 44 Merge remote-tracking branch 'tty/tty-next' into master
git bisect good ace3d451d95ae878eecf3297489c85cd5e62d2d4 # 02:33 G 901 0 329 329 Merge remote-tracking branch 'audit/next' into master
git bisect bad 48d93f3f79aee5666a738b9a86a91911d77f7688 # 06:00 B 393 1 156 156 Merge remote-tracking branch 'kvm-ppc/kvm-ppc-next' into master
git bisect bad 9ea874987cf6c8eaffe005777436060b8230f0fa # 08:49 B 266 1 104 104 Merge remote-tracking branch 'clockevents/timers/drivers/next' into master
git bisect good bea60d24f16679ab249287d682501d4038a83e2a # 14:22 G 900 0 355 355 Merge remote-tracking branch 'spi/for-next' into master
git bisect bad e78d6468da9befc77a7e651d0412af274a826c9a # 15:11 B 244 1 85 85 Merge remote-tracking branch 'tip/auto-latest' into master
git bisect good ac3a5e30263f99ed60464188bb883b42c60c9d6e # 17:50 G 901 0 363 363 Merge branch 'timers/core'
git bisect bad c3803e61269bbea8c8eb2a812f6e574520ce6b0a # 18:25 B 163 1 56 57 Merge branch 'objtool/core'
git bisect bad 72f5b5b539a07fd15256364a8040792a56c84435 # 19:48 B 302 1 105 105 Merge branch 'perf/kprobes'
git bisect bad 848785df48835eefebe0c4eb5da7690690b0a8b7 # 21:06 B 47 1 19 19 sched/topology: Move sd_flag_debug out of #ifdef CONFIG_SYSCTL
git bisect bad 94b858fea1f2246a2fb7f7af21840fd14ced028f # 22:08 B 125 1 54 54 sched/topology: Mark SD_BALANCE_WAKE as SDF_NEEDS_GROUPS
git bisect bad 5b9f8ff7b320a34af3dbcf04edb40d9b04f22f4a # 22:55 B 23 1 10 10 sched/debug: Output SD flag names rather than their values
git bisect good d54a9658a75633b839af7a2c6c758807678b8064 # 03:42 G 901 0 372 372 sched/topology: Split out SD_* flags declaration to its own file
git bisect good 65c5e253168dbbb52c20026b0c5b7a2f344b9197 # 06:09 G 905 0 372 372 sched/topology: Verify SD_* flags setup when sched_debug is on
# first bad commit: [5b9f8ff7b320a34af3dbcf04edb40d9b04f22f4a] sched/debug: Output SD flag names rather than their values
git bisect good 65c5e253168dbbb52c20026b0c5b7a2f344b9197 # 07:08 G 1000 0 186 558 sched/topology: Verify SD_* flags setup when sched_debug is on
# extra tests with debug options
git bisect bad 5b9f8ff7b320a34af3dbcf04edb40d9b04f22f4a # 08:13 B 310 1 133 133 sched/debug: Output SD flag names rather than their values
# extra tests on revert first bad commit
git bisect good 42455f6a04d80c81d88c30c1be83cfb5a5f25532 # 10:48 G 903 0 349 349 Revert "sched/debug: Output SD flag names rather than their values"
# good: [42455f6a04d80c81d88c30c1be83cfb5a5f25532] Revert "sched/debug: Output SD flag names rather than their values"
# extra tests on head commit of linus/master
git bisect bad 3cea11cd5e3b00d91caf0b4730194039b45c5891 # 11:56 B 355 1 117 117 Linux 5.10-rc2
# bad: [3cea11cd5e3b00d91caf0b4730194039b45c5891] Linux 5.10-rc2
# extra tests on linus/master
# duplicated: [3cea11cd5e3b00d91caf0b4730194039b45c5891] Linux 5.10-rc2
# extra tests on linux-next/master
# 119: [4e78c578cb987725eef1cec7d11b6437109e9a49] Add linux-next specific files for 20201030
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/lkp@lists.01.org
Download attachment "dmesg-quantal-vm-quantal-46:20201101234258:x86_64-randconfig-a002-20200920:5.9.0-rc1-00104-g5b9f8ff7b320a:2.gz" of type "application/gzip" (22471 bytes)
Download attachment "dmesg-quantal-vm-quantal-100:20201102043455:x86_64-randconfig-a002-20200920:5.9.0-rc1-00103-g65c5e253168db:2.gz" of type "application/gzip" (32028 bytes)
View attachment "reproduce-quantal-vm-quantal-46:20201101234258:x86_64-randconfig-a002-20200920:5.9.0-rc1-00104-g5b9f8ff7b320a:2" of type "text/plain" (1180 bytes)
Download attachment "53e8baadcb5e7e0a3f3571b298f6034a469897b3:gcc-9:x86_64-randconfig-a002-20200920:BUG:KASAN:double-free_or_invalid-free_in_s.xz" of type "application/x-xz" (23348 bytes)
View attachment "config-5.9.0-rc1-00104-g5b9f8ff7b320a" of type "text/plain" (154971 bytes)
Powered by blists - more mailing lists