From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1AAF7C2D0A8 for ; Wed, 30 Sep 2020 05:10:08 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 7EA33206F7 for ; Wed, 30 Sep 2020 05:10:07 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7EA33206F7 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id AA74D6B006C; Wed, 30 Sep 2020 01:10:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A565D6B006E; Wed, 30 Sep 2020 01:10:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9444F6B0070; Wed, 30 Sep 2020 01:10:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0232.hostedemail.com [216.40.44.232]) by kanga.kvack.org (Postfix) with ESMTP id 7F2546B006C for ; Wed, 30 Sep 2020 01:10:06 -0400 (EDT) Received: from smtpin23.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 3B2B518028EBA for ; Wed, 30 Sep 2020 05:10:06 +0000 (UTC) X-FDA: 77318551212.23.goose08_1d078a527190 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin23.hostedemail.com (Postfix) with ESMTP id 1F10D37606 for ; Wed, 30 Sep 2020 05:10:06 +0000 (UTC) X-HE-Tag: goose08_1d078a527190 X-Filterd-Recvd-Size: 12997 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by imf41.hostedemail.com (Postfix) with ESMTP for ; Wed, 30 Sep 2020 05:10:04 +0000 (UTC) IronPort-SDR: 4fs4MciJVMkj8I1dL+IJF8ZrHaSWo9T+uWOWSLokqura88z3p2zXoCCspuf2isv0KbPGesn8bB vSboUq5e4Ipg== X-IronPort-AV: E=McAfee;i="6000,8403,9759"; a="226516813" X-IronPort-AV: E=Sophos;i="5.77,321,1596524400"; d="scan'208";a="226516813" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Sep 2020 22:09:59 -0700 IronPort-SDR: Bxfy7+OiEhsuDKfPEQ8YWjcMjbuV8sxRaNZgDqE2fznNYeKZDap66/dnVIrolyzM+pnB4vUOo3 M3xYEFHrwr9w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,321,1596524400"; d="scan'208";a="338940291" Received: from fmsmsx606.amr.corp.intel.com ([10.18.126.86]) by fmsmga004.fm.intel.com with ESMTP; 29 Sep 2020 22:09:58 -0700 Received: from shsmsx601.ccr.corp.intel.com (10.109.6.141) by fmsmsx606.amr.corp.intel.com (10.18.126.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 29 Sep 2020 22:09:58 -0700 Received: from shsmsx601.ccr.corp.intel.com (10.109.6.141) by SHSMSX601.ccr.corp.intel.com (10.109.6.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Wed, 30 Sep 2020 13:09:56 +0800 Received: from shsmsx601.ccr.corp.intel.com ([10.109.6.141]) by SHSMSX601.ccr.corp.intel.com ([10.109.6.141]) with mapi id 15.01.1713.004; Wed, 30 Sep 2020 13:09:56 +0800 From: "Li, Philip" To: lkp , Patricia Alfonso CC: LKP , Linux Memory Management List , Andrew Morton , Dmitry Vyukov , Andrey Konovalov , "Brendan Higgins" , David Gow Subject: RE: 42cc27ddec ("KASAN: Port KASAN Tests to KUnit"): BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right Thread-Topic: 42cc27ddec ("KASAN: Port KASAN Tests to KUnit"): BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right Thread-Index: AQHWluXuZGj1bxZ5BES1sF8ry4btaKmAofaA Date: Wed, 30 Sep 2020 05:09:56 +0000 Message-ID: References: <5f740fb5.Fx8vL6TKkZHZNi2n%lkp@intel.com> In-Reply-To: <5f740fb5.Fx8vL6TKkZHZNi2n%lkp@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 x-originating-ip: [10.239.127.36] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: > Subject: 42cc27ddec ("KASAN: Port KASAN Tests to KUnit"): BUG: KASAN: sla= b- > out-of-bounds in kmalloc_oob_right >=20 > Greetings, >=20 > 0day kernel testing robot got the below dmesg and the first bad commit is >=20 > https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git maste= r sorry, kindly ignore this false positive as well. >=20 > commit 42cc27ddece13e7bcac2d1882c35066aff76d60b > Author: Patricia Alfonso > AuthorDate: Fri Sep 25 14:50:16 2020 +1000 > Commit: Stephen Rothwell > CommitDate: Sun Sep 27 17:23:34 2020 +1000 >=20 > KASAN: Port KASAN Tests to KUnit >=20 > Transfer all previous tests for KASAN to KUnit so they can be run mor= e > easily. Using kunit_tool, developers can run these tests with their > other > KUnit tests and see "pass" or "fail" with the appropriate KASAN repor= t > instead of needing to parse each KASAN report to test KASAN > functionalities. All KASAN reports are still printed to dmesg. >=20 > Stack tests do not work properly when KASAN_STACK is enabled so those > tests use a check for "if IS_ENABLED(CONFIG_KASAN_STACK)" so they onl= y > run > if stack instrumentation is enabled. If KASAN_STACK is not enabled, > KUnit > will print a statement to let the user know this test was not run wit= h > KASAN_STACK enabled. >=20 > copy_user_test and kasan_rcu_uaf cannot be run in KUnit so there is a > separate test file for those tests, which can be run as before as a > module. >=20 > Link: https://lkml.kernel.org/r/20200910070331.3358048-4- > davidgow@google.com > Signed-off-by: Patricia Alfonso > Signed-off-by: David Gow > Reviewed-by: Brendan Higgins > Reviewed-by: Andrey Konovalov > Reviewed-by: Dmitry Vyukov > Tested-by: Andrey Konovalov > Cc: Andrey Ryabinin > Cc: Ingo Molnar > Cc: Juri Lelli > Cc: Peter Zijlstra > Cc: Shuah Khan > Cc: Vincent Guittot > Signed-off-by: Andrew Morton > Signed-off-by: Stephen Rothwell >=20 > 77a8004d0e KUnit: KASAN Integration > 42cc27ddec KASAN: Port KASAN Tests to KUnit > +--------------------------------------------+------------+------------+ > | | 77a8004d0e | 42cc27ddec | > +--------------------------------------------+------------+------------+ > | boot_successes | 32 | 0 | > | boot_failures | 0 | 15 | > | BUG:KASAN:slab-out-of-bounds_in_k | 0 | 15 | > | BUG:KASAN:out-of-bounds_in_k | 0 | 15 | > | BUG:KASAN:use-after-free_in_k | 0 | 15 | > | BUG:KASAN:global-out-of-bounds_in_k | 0 | 15 | > | BUG:KASAN:stack-out-of-bounds_in_k | 0 | 15 | > | BUG:KASAN:alloca-out-of-bounds_in_k | 0 | 15 | > | BUG:KASAN:double-free_or_invalid-free_in_k | 0 | 15 | > | BUG:KASAN:slab-out-of-bounds_in_t | 0 | 15 | > | BUG:KASAN:vmalloc-out-of-bounds_in_v | 0 | 15 | > +--------------------------------------------+------------+------------+ >=20 > If you fix the issue, kindly add following tag > Reported-by: kernel test robot >=20 > [ 14.465638] Btrfs loaded, crc32c=3Dcrc32c-generic, debug=3Don, ref-ver= ify=3Don > [ 14.469661] Key type big_key registered > [ 14.473561] # Subtest: kasan > [ 14.473569] 1..36 > [ 14.481549] > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > [ 14.487271] BUG: KASAN: slab-out-of-bounds in > kmalloc_oob_right+0x190/0x26c > [ 14.490566] Write of size 1 at addr ffff8881ee42f47b by task > kunit_try_catch/220 > [ 14.493839] > [ 14.496419] CPU: 1 PID: 220 Comm: kunit_try_catch Not tainted 5.9.0-rc= 6- > 00463-g42cc27ddece13 #1 > [ 14.500161] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIO= S > 1.12.0-1 04/01/2014 > [ 14.507888] Call Trace: > [ 14.511057] dump_stack+0x96/0xc4 > [ 14.514227] print_address_description+0x21/0x41f > [ 14.517722] ? _raw_spin_lock_irqsave+0x91/0xe1 > [ 14.521245] ? _raw_write_lock_irqsave+0x33/0x33 > [ 14.527489] ? kmalloc_oob_right+0x190/0x26c > [ 14.531050] kasan_report+0x14c/0x187 > [ 14.534502] ? kmalloc_oob_right+0x190/0x26c > [ 14.538064] __asan_report_store1_noabort+0x17/0x19 > [ 14.541623] kmalloc_oob_right+0x190/0x26c > [ 14.545329] ? kmalloc_oob_left+0x29c/0x29c > [ 14.549033] ? kunit_binary_str_assert_format+0x178/0x178 > [ 14.553015] ? finish_task_switch+0x37f/0x4d3 > [ 14.556934] ? preempt_latency_start+0x23/0x80 > [ 14.560866] ? __kasan_check_write+0x14/0x16 > [ 14.564827] ? _raw_spin_lock_irqsave+0x91/0xe1 > [ 14.568689] ? _raw_write_lock_irqsave+0x33/0x33 > [ 14.572620] ? _raw_spin_lock_irqsave+0x91/0xe1 > [ 14.576343] ? _raw_write_lock_irqsave+0x33/0x33 > [ 14.580190] kunit_try_run_case+0x1d8/0x221 > [ 14.583805] ? kunit_do_assertion+0x570/0x570 > [ 14.587697] kunit_generic_run_threadfn_adapter+0x55/0x87 > [ 14.591474] kthread+0x341/0x350 > [ 14.595113] ? kunit_try_catch_throw+0x6c/0x6c > [ 14.598993] ? kthread_create_worker_on_cpu+0xce/0xce > [ 14.602975] ret_from_fork+0x22/0x30 > [ 14.606711] > [ 14.610327] Allocated by task 220: > [ 14.614000] kasan_save_stack+0x23/0x4d > [ 14.617714] kasan_set_track+0x20/0x26 > [ 14.621373] __kasan_kmalloc+0x7b/0x8a > [ 14.625275] kasan_kmalloc+0x9/0xb > [ 14.628905] kmalloc_oob_right+0xc4/0x26c > [ 14.632594] kunit_try_run_case+0x1d8/0x221 > [ 14.636089] kunit_generic_run_threadfn_adapter+0x55/0x87 > [ 14.639805] kthread+0x341/0x350 > [ 14.643246] ret_from_fork+0x22/0x30 > [ 14.646700] > [ 14.652903] The buggy address belongs to the object at ffff8881ee42f40= 0 > [ 14.652903] which belongs to the cache kmalloc-128 of size 128 > [ 14.660520] The buggy address is located 123 bytes inside of > [ 14.660520] 128-byte region [ffff8881ee42f400, ffff8881ee42f480) >=20 > # HH:MM RESULT > GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD > git bisect start 49e7e3e905e437a02782019570f70997e2da9101 v5.8 -- > git bisect good d849ca483dba7546ad176da83bf66d1c013725f6 # 00:35 G = 10 > 0 0 0 Merge tag 'io_uring-5.9-2020-09-04' of > git://git.kernel.dk/linux-block > git bisect good e62584618d93201358c3e897f9595fcd28aa925d # 00:53 G = 10 > 0 0 0 Merge remote-tracking branch 'arm64/for-next/core' into maste= r > git bisect good 006eef11777e23ffdb60ccf45be817770318bacb # 01:14 G = 11 > 0 0 0 Merge remote-tracking branch 'mtd/mtd/next' into master > git bisect good 2061dc795bd8a07388636092652fa0abc5cf07ef # 01:36 G = 11 > 0 0 0 Merge remote-tracking branch 'chrome-platform/for-next' into > master > git bisect good 9bb4ec01566d43b32e335af167631bac1adf3174 # 02:50 G = 10 > 0 1 1 Merge remote-tracking branch 'pwm/for-next' into master > git bisect good d3fc492211d3935c3ba570d80758888bc985213a # 03:49 G = 10 > 0 0 0 Merge remote-tracking branch 'nvmem/for-next' into master > git bisect good cb38a851eb8a18edf44797040ac2c3075ca4ddc1 # 04:19 G = 11 > 0 0 0 Merge remote-tracking branch 'trivial/for-next' into master > git bisect good b2a6843cfff9cab0387e0fd9316dcbc57a6068e7 # 05:23 G = 10 > 0 0 0 Merge remote-tracking branch 'memblock/for-next' into master > git bisect bad 3f91859d3d7941000d51704d11ad4835f2026bfe # 06:13 B = 0 > 1 10 0 Merge branch 'akpm-current/current' into master > git bisect bad eec17018489b6a5bd5d04cd8e884f0bffb6ff948 # 07:03 B = 0 > 2 11 0 hugetlb: add lockdep check for i_mmap_rwsem held in > huge_pmd_share > git bisect good 4ea9429970547632b609cebd4135d086407c3c55 # 08:17 G = 10 > 0 0 3 mm: add find_lock_head > git bisect good e0c358f3a1cc904f8e05515c07b868286dd402e2 # 08:51 G = 10 > 0 0 0 mm/mmap.c: use helper function allow_write_access() in > __remove_shared_vm_struct() > git bisect bad a3f39c26a8db0040c8a2ad1b9eeb3ac5ec517706 # 09:07 B = 0 > 3 13 1 mm, isolation: avoid checking unmovable pages across pagebloc= k > boundary > git bisect good 77a8004d0e0420aab36d80eee23fef1813853eaf # 10:30 G = 11 > 0 1 1 KUnit: KASAN Integration > git bisect bad 71b5099c7c2247f0072575ecc755e1e789058fb1 # 11:17 B = 0 > 3 13 1 mm/page_alloc: tweak comments in has_unmovable_pages() > git bisect bad 1c5d1dcc17456092bbdb51470ab88157bb3c7867 # 11:50 B = 0 > 8 22 5 kasan-port-kasan-tests-to-kunit-v14 > git bisect bad 42cc27ddece13e7bcac2d1882c35066aff76d60b # 12:07 B = 0 > 9 21 3 KASAN: Port KASAN Tests to KUnit > # first bad commit: [42cc27ddece13e7bcac2d1882c35066aff76d60b] KASAN: Por= t > KASAN Tests to KUnit > git bisect good 77a8004d0e0420aab36d80eee23fef1813853eaf # 12:17 G = 31 > 0 0 1 KUnit: KASAN Integration > # extra tests with debug options > git bisect bad 42cc27ddece13e7bcac2d1882c35066aff76d60b # 12:37 B = 0 > 4 14 1 KASAN: Port KASAN Tests to KUnit >=20 > --- > 0-DAY CI Kernel Test Service, Intel Corporation > https://lists.01.org/hyperkitty/list/lkp@lists.01.org