Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master commit 1771c6e1a567ea0ba2cccc0a4ffe68a1419fd8ef Author: Andrey Ryabinin AuthorDate: Fri May 20 16:59:31 2016 -0700 Commit: Linus Torvalds CommitDate: Fri May 20 17:58:30 2016 -0700 x86/kasan: instrument user memory access API Exchange between user and kernel memory is coded in assembly language. Which means that such accesses won't be spotted by KASAN as a compiler instruments only C code. Add explicit KASAN checks to user memory access API to ensure that userspace writes to (or reads from) a valid kernel memory. Note: Unlike others strncpy_from_user() is written mostly in C and KASAN sees memory accesses in it. However, it makes sense to add explicit check for all @count bytes that *potentially* could be written to the kernel. [aryabinin@virtuozzo.com: move kasan check under the condition] Link: http://lkml.kernel.org/r/1462869209-21096-1-git-send-email-aryabinin@virtuozzo.com Link: http://lkml.kernel.org/r/1462538722-1574-4-git-send-email-aryabinin@virtuozzo.com Signed-off-by: Andrey Ryabinin Cc: Alexander Potapenko Cc: Dmitry Vyukov Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds 64f8ebaf11 mm/kasan: add API to check memory regions 1771c6e1a5 x86/kasan: instrument user memory access API 065f3e4951 Merge tag 'platform-drivers-x86-v4.11-2' of git://git.infradead.org/linux-platform-drivers-x86 5be4921c99 Add linux-next specific files for 20170310 +------------------------------------------------+------------+------------+------------+---------------+ | | 64f8ebaf11 | 1771c6e1a5 | 065f3e4951 | next-20170310 | +------------------------------------------------+------------+------------+------------+---------------+ | boot_successes | 26 | 0 | 0 | 0 | | boot_failures | 18 | 11 | 11 | 25 | | BUG:soft_lockup-CPU##stuck_for#s | 18 | | | | | RIP:ptdump_walk_pgd_level_core | 9 | | | | | calltrace:mark_rodata_ro | 18 | | | | | Kernel_panic-not_syncing:softlockup:hung_tasks | 18 | | | | | RIP:note_page | 9 | | | | | BUG:KASAN:slab-out-of-bounds | 0 | 11 | 11 | 25 | | calltrace:SyS_mount | 0 | 11 | | | | calltrace:devtmpfsd | 0 | 11 | | | +------------------------------------------------+------------+------------+------------+---------------+ [ 0.385456] x86: Booted up 1 node, 1 CPUs [ 0.386626] smpboot: Total of 1 processors activated (5387.01 BogoMIPS) [ 0.386626] smpboot: Total of 1 processors activated (5387.01 BogoMIPS) [ 0.391649] ================================================================== [ 0.391649] ================================================================== [ 0.393756] BUG: KASAN: slab-out-of-bounds in memdup_user+0x46/0x7c at addr ffff8800001f3940 [ 0.393756] BUG: KASAN: slab-out-of-bounds in memdup_user+0x46/0x7c at addr ffff8800001f3940 [ 0.396381] Write of size 9 by task kdevtmpfs/12 [ 0.396381] Write of size 9 by task kdevtmpfs/12 [ 0.397828] CPU: 0 PID: 12 Comm: kdevtmpfs Not tainted 4.6.0-06644-g1771c6e #1 [ 0.397828] CPU: 0 PID: 12 Comm: kdevtmpfs Not tainted 4.6.0-06644-g1771c6e #1 [ 0.400059] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014 [ 0.400059] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014 [ 0.402897] 0000000000000000 [ 0.402897] 0000000000000000 ffff8800188d7d18 ffff8800188d7d18 ffffffff98de3224 ffffffff98de3224 ffff8800001f3940 ffff8800001f3940 [ 0.405982] ffffed000003e729 [ 0.405982] ffffed000003e729 ffff8800188d7da8 ffff8800188d7da8 ffffffff98d2c370 ffffffff98d2c370 ffff8800188d7d68 ffff8800188d7d68 [ 0.408131] ffff8800001f3960 [ 0.408131] ffff8800001f3960 00000000024000c0 00000000024000c0 0000000000000292 0000000000000292 ffff880000098a00 ffff880000098a00 [ 0.410372] Call Trace: [ 0.410372] Call Trace: [ 0.411072] [] dump_stack+0x63/0x7f [ 0.411072] [] dump_stack+0x63/0x7f [ 0.412528] [] kasan_report+0x2d0/0x51c [ 0.412528] [] kasan_report+0x2d0/0x51c [ 0.414082] [] ? __kmalloc_track_caller+0xf8/0x111 [ 0.414082] [] ? __kmalloc_track_caller+0xf8/0x111 [ 0.415889] [] check_memory_region+0x10b/0x10d [ 0.415889] [] check_memory_region+0x10b/0x10d [ 0.417601] [] kasan_check_write+0x14/0x16 [ 0.417601] [] kasan_check_write+0x14/0x16 [ 0.419230] [] memdup_user+0x46/0x7c [ 0.419230] [] memdup_user+0x46/0x7c [ 0.420784] [] strndup_user+0x37/0x4d [ 0.420784] [] strndup_user+0x37/0x4d [ 0.422276] [] copy_mount_string+0x15/0x17 [ 0.422276] [] copy_mount_string+0x15/0x17 [ 0.423890] [] SyS_mount+0x23/0xa1 [ 0.423890] [] SyS_mount+0x23/0xa1 [ 0.425323] [] ? handle_create+0x1e0/0x1e0 [ 0.425323] [] ? handle_create+0x1e0/0x1e0 [ 0.427107] [] devtmpfsd+0x57/0x14a [ 0.427107] [] devtmpfsd+0x57/0x14a [ 0.428567] [] kthread+0xab/0xb3 [ 0.428567] [] kthread+0xab/0xb3 [ 0.429958] [] ret_from_fork+0x1f/0x40 [ 0.429958] [] ret_from_fork+0x1f/0x40 [ 0.431528] [] ? kthread_parkme+0x1f/0x1f [ 0.431528] [] ? kthread_parkme+0x1f/0x1f [ 0.433125] Object at ffff8800001f3940, in cache kmalloc-32 [ 0.433125] Object at ffff8800001f3940, in cache kmalloc-32 [ 0.434675] Object allocated with size 9 bytes. [ 0.434675] Object allocated with size 9 bytes. [ 0.435954] Allocation: [ 0.435954] Allocation: [ 0.436656] PID = 12 [ 0.436656] PID = 12 [ 0.437279] [ 0.437279] [] save_stack_trace+0x27/0x44 [] save_stack_trace+0x27/0x44 [ 0.438894] [ 0.438894] [] save_stack+0x37/0xb0 [] save_stack+0x37/0xb0 [ 0.440370] [ 0.440370] [] kasan_kmalloc+0xb8/0xca [] kasan_kmalloc+0xb8/0xca [ 0.442128] [ 0.442128] [] __kmalloc_track_caller+0xf8/0x111 [] __kmalloc_track_caller+0xf8/0x111 [ 0.444113] [ 0.444113] [] memdup_user+0x22/0x7c [] memdup_user+0x22/0x7c [ 0.445760] [ 0.445760] [] strndup_user+0x37/0x4d [] strndup_user+0x37/0x4d [ 0.447446] [ 0.447446] [] copy_mount_string+0x15/0x17 [] copy_mount_string+0x15/0x17 [ 0.449278] [ 0.449278] [] SyS_mount+0x23/0xa1 [] SyS_mount+0x23/0xa1 [ 0.450895] [ 0.450895] [] devtmpfsd+0x57/0x14a [] devtmpfsd+0x57/0x14a [ 0.452548] [ 0.452548] [] kthread+0xab/0xb3 [] kthread+0xab/0xb3 [ 0.453943] [ 0.453943] [] ret_from_fork+0x1f/0x40 [] ret_from_fork+0x1f/0x40 [ 0.455479] Memory state around the buggy address: [ 0.455479] Memory state around the buggy address: [ 0.456831] ffff8800001f3800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 0.456831] ffff8800001f3800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 0.458861] ffff8800001f3880: fc fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD git bisect start v4.7 v4.6 -- git bisect bad 4340fa55298d17049e71c7a34e04647379c269f3 # 06:00 B 0 11 22 0 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm git bisect good 0eff4589c36edd03d50b835d0768b2c2ef3f20bd # 06:15 G 11 0 1 1 Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux git bisect bad 0e77816e096c4ae27e98977fef56b6b9169f9017 # 06:23 B 0 4 15 0 Merge tag 'mmc-v4.7-rc1' of git://git.linaro.org/people/ulf.hansson/mmc git bisect bad 36b150bbcc1125abaad89963420a37ff70686d5a # 06:35 B 0 11 22 0 Merge tag 'microblaze-4.7-rc1' of git://git.monstr.eu/linux-2.6-microblaze git bisect bad bd28b14591b98f696bc9f94c5ba2e598ca487dfd # 06:45 B 0 8 20 1 x86: remove more uaccess_32.h complexity git bisect bad 5469dc270cd44c451590d40c031e6a71c1f637e8 # 06:58 B 0 11 22 0 Merge branch 'akpm' (patches from Andrew) git bisect good 5af2344013454640e0133bb62e8cf2e30190a472 # 07:06 G 11 0 11 11 Merge tag 'char-misc-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc git bisect good 3aa2fc1667acdd9cca816a2bc9529f494bd61b05 # 07:16 G 11 0 9 9 Merge tag 'driver-core-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core git bisect good 2f37dd131c5d3a2eac21cd5baf80658b1b02a8ac # 07:24 G 11 0 7 7 Merge tag 'staging-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging git bisect bad 42a0bb3f71383b457a7db362f1c69e7afb96732b # 07:35 B 0 5 16 0 printk/nmi: generic solution for safe printk in NMI git bisect good 7b8da4c7f0777489f8690115b5fd7704ac0abb8f # 07:45 G 11 0 0 0 vmstat: get rid of the ugly cpu_stat_off variable git bisect good 936bb4bbbb832f81055328b84e5afe1fc7246a8d # 07:57 G 11 0 0 0 mm/kasan: print name of mem[set,cpy,move]() caller in report git bisect bad 200867af4dedfe7cb707f96773684de1d1fd21e6 # 08:05 B 0 5 16 0 mm/zswap: use workqueue to destroy pool git bisect bad 830e4bc5baa9fda5d45257e9a3dbb3555c6c180e # 08:32 B 0 1 12 0 zsmalloc: clean up many BUG_ON git bisect bad 1771c6e1a567ea0ba2cccc0a4ffe68a1419fd8ef # 08:46 B 0 2 13 0 x86/kasan: instrument user memory access API git bisect good 64f8ebaf115bcddc4aaa902f981c57ba6506bc42 # 09:01 G 10 0 10 10 mm/kasan: add API to check memory regions # first bad commit: [1771c6e1a567ea0ba2cccc0a4ffe68a1419fd8ef] x86/kasan: instrument user memory access API git bisect good 64f8ebaf115bcddc4aaa902f981c57ba6506bc42 # 09:10 G 30 0 8 18 mm/kasan: add API to check memory regions # extra tests with CONFIG_DEBUG_INFO_REDUCED git bisect bad 1771c6e1a567ea0ba2cccc0a4ffe68a1419fd8ef # 09:17 B 0 1 12 0 x86/kasan: instrument user memory access API # extra tests on HEAD of linux-devel/devel-catchup-201703140350 git bisect bad 702bbfb9a586a1f445aec794f66d4a625a19b6bf # 09:22 B 0 13 27 0 0day head guard for 'devel-catchup-201703140350' # extra tests on tree/branch linus/master git bisect bad 065f3e4951f11701729ad310ca0b610f61d91e2a # 09:33 B 0 1 12 0 Merge tag 'platform-drivers-x86-v4.11-2' of git://git.infradead.org/linux-platform-drivers-x86 # extra tests on tree/branch linux-next/master git bisect bad 5be4921c9958ec02a67506bd6f7a52fce663c201 # 09:38 B 0 25 36 0 Add linux-next specific files for 20170310 --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/lkp Intel Corporation