lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <202209140949.45a9520d-yujie.liu@intel.com>
Date:   Wed, 14 Sep 2022 10:11:14 +0800
From:   kernel test robot <yujie.liu@...el.com>
To:     Ben Luo <luoben@...ux.alibaba.com>
CC:     <lkp@...ts.01.org>, <lkp@...el.com>, <linux-mm@...ck.org>,
        <cl@...ux.com>, <penberg@...nel.org>, <rientjes@...gle.com>,
        <iamjoonsoo.kim@....com>, <akpm@...ux-foundation.org>,
        <vbabka@...e.cz>, <roman.gushchin@...ux.dev>,
        <42.hyeyoo@...il.com>, <linux-kernel@...r.kernel.org>,
        <luoben@...ux.alibaba.com>
Subject: [mm/slub] fb670abe87:
 BUG_kmem_cache_node(Not_tainted):Freechain_corrupt

Greeting,

FYI, we noticed the following commit (built with gcc-11):

commit: fb670abe87296c7b214b6d9f29e9c7380d8d621c ("[PATCH] mm/slub: return 0 when object pointer is NULL")
url: https://github.com/intel-lab-lkp/linux/commits/Ben-Luo/mm-slub-return-0-when-object-pointer-is-NULL/20220912-140234
base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything
patch link: https://lore.kernel.org/linux-mm/1662962379-16174-1-git-send-email-luoben@linux.alibaba.com

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+----------------------------------------------------------+------------+------------+
|                                                          | 2558c2ced7 | fb670abe87 |
+----------------------------------------------------------+------------+------------+
| BUG_kmem_cache_node(Not_tainted):Freechain_corrupt       | 0          | 24         |
| BUG_kmem_cache(Tainted:G_B):Freechain_corrupt            | 0          | 24         |
| BUG_kmem_cache_node(Tainted:G_B):Freechain_corrupt       | 0          | 24         |
| BUG_kmem_cache_node(Tainted:G_B):Freepointer_corrupt     | 0          | 24         |
| BUG_debug_objects_cache(Tainted:G_B):Freechain_corrupt   | 0          | 24         |
| BUG_debug_objects_cache(Tainted:G_B):Freepointer_corrupt | 0          | 24         |
| BUG_vmap_area(Tainted:G_B):Freechain_corrupt             | 0          | 20         |
| BUG_kmalloc-#(Tainted:G_B):Freechain_corrupt             | 0          | 20         |
| BUG_kmalloc-#k(Tainted:G_B):Freechain_corrupt            | 0          | 20         |
| BUG_kmalloc-#(Tainted:G_B):Freepointer_corrupt           | 0          | 20         |
| BUG_radix_tree_node(Tainted:G_B):Freechain_corrupt       | 0          | 14         |
| BUG_pool_workqueue(Tainted:G_B):Freechain_corrupt        | 0          | 14         |
| BUG_trace_event_file(Tainted:G_B):Freechain_corrupt      | 0          | 13         |
| BUG_ftrace_event_field(Tainted:G_B):Freechain_corrupt    | 0          | 13         |
+----------------------------------------------------------+------------+------------+


[    2.980173][    T0] =============================================================================
[    2.981207][    T0] BUG kmem_cache_node (Not tainted): Freechain corrupt
[    2.981954][    T0] -----------------------------------------------------------------------------
[    2.981954][    T0]
[    2.983185][    T0] Slab 0xea3fe800 objects=21 used=21 fp=0x00000000 flags=0x200(slab|zone=0)
[    2.984205][    T0] Object 0xc0100f40 @offset=3904 fp=0x00000000
[    2.984205][    T0]
[    2.985174][    T0] Redzone  c0100f00: bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb  ................
[    2.986268][    T0] Redzone  c0100f10: bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb  ................
[    2.987368][    T0] Redzone  c0100f20: bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb  ................
[    2.988420][    T0] Redzone  c0100f30: bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb  ................
[    2.989412][    T0] Object   c0100f40: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
[    2.990420][    T0] Object   c0100f50: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
[    2.991436][    T0] Object   c0100f60: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
[    2.992505][    T0] Object   c0100f70: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5  kkkkkkkkkkkkkkk.
[    2.993539][    T0] Redzone  c0100f80: bb bb bb bb                                      ....
[    2.994476][    T0] Padding  c0100fb0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
[    2.995639][    T0] CPU: 0 PID: 0 Comm: swapper Not tainted 6.0.0-rc3-00584-gfb670abe8729 #6
[    2.996635][    T0] Call Trace:
[    2.996998][    T0]  ? show_stack+0x35/0x3b
[    2.997511][    T0]  dump_stack_lvl+0x55/0x79
[    2.997986][    T0]  dump_stack+0xd/0x10
[    2.998412][    T0]  print_trailer+0x104/0x10c
[    2.998914][    T0]  object_err+0x2b/0x3f
[    2.999367][    T0]  deactivate_slab.cold+0x13/0x2e
[    2.999925][    T0]  ? __kmem_cache_create+0x16/0xa0
[    3.000519][    T0]  ? kmem_cache_init+0x73/0xe9
[    3.001069][    T0]  ? start_kernel+0x1b8/0x413
[    3.001585][    T0]  ? i386_start_kernel+0x43/0x45
[    3.002122][    T0]  ? alloc_debug_processing+0x41/0x150
[    3.002722][    T0]  ? pcpu_alloc+0x734/0x9d0
[    3.003235][    T0]  ___slab_alloc+0x753/0xc00
[    3.003853][    T0]  ? init_kmem_cache_nodes+0x31/0x210
[    3.004446][    T0]  ? __mutex_unlock_slowpath+0x20/0x290
[    3.005080][    T0]  ? init_kmem_cache_nodes+0x31/0x210
[    3.005676][    T0]  ? rcu_read_lock_sched_held+0xe/0x70
[    3.006282][    T0]  ? pcpu_alloc+0x49f/0x9d0
[    3.006772][    T0]  kmem_cache_alloc+0x3b0/0x480
[    3.007302][    T0]  ? init_kmem_cache_nodes+0x31/0x210
[    3.007874][    T0]  init_kmem_cache_nodes+0x31/0x210
[    3.008436][    T0]  kmem_cache_open+0xf6/0x290
[    3.008933][    T0]  ? kmem_cache_open+0x192/0x290
[    3.009454][    T0]  __kmem_cache_create+0x16/0xa0
[    3.009996][    T0]  create_boot_cache+0x63/0x83
[    3.010526][    T0]  kmem_cache_init+0x73/0xe9
[    3.011186][    T0]  start_kernel+0x1b8/0x413
[    3.011611][    T0]  ? idt_setup_early_handler+0x39/0x4c
[    3.012209][    T0]  i386_start_kernel+0x43/0x45
[    3.012728][    T0]  startup_32_smp+0x161/0x164
[    3.013254][    T0] Disabling lock debugging due to kernel taint
[    3.013911][    T0] FIX kmem_cache_node: Isolate corrupted freechain
...


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <yujie.liu@...el.com>
Link: https://lore.kernel.org/r/202209140949.45a9520d-yujie.liu@intel.com


To reproduce:

        # build kernel
	cd linux
	cp config-6.0.0-rc3-00584-gfb670abe8729 .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.


-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

View attachment "config-6.0.0-rc3-00584-gfb670abe8729" of type "text/plain" (129499 bytes)

View attachment "job-script" of type "text/plain" (4702 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (208072 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ