From: Vlastimil Babka <vbabka@suse.cz>
To: Jann Horn <jannh@google.com>, kernel test robot <oliver.sang@intel.com>
Cc: oe-lkp@lists.linux.dev, lkp@intel.com,
Linux Memory Management List <linux-mm@kvack.org>,
Andrey Konovalov <andreyknvl@gmail.com>,
Marco Elver <elver@google.com>,
kasan-dev@googlegroups.com
Subject: Re: [linux-next:master] [slub] 3a34e8ea62: BUG:KASAN:slab-use-after-free_in_kmem_cache_rcu_uaf
Date: Mon, 26 Aug 2024 22:27:29 +0200 [thread overview]
Message-ID: <4fbe9507-13b9-4af5-88c3-63379835f386@suse.cz> (raw)
In-Reply-To: <CAG48ez1o2GvYuMxox5HngG57CFcZYVJ02PxF_20ELN7e29epCA@mail.gmail.com>
On 8/26/24 22:18, Jann Horn wrote:
> Hi!
>
> On Sun, Aug 25, 2024 at 11:45 AM kernel test robot
> <oliver.sang@intel.com> wrote:
>> Hello,
>>
>> kernel test robot noticed "BUG:KASAN:slab-use-after-free_in_kmem_cache_rcu_uaf" on:
>>
>> commit: 3a34e8ea62cdeba64a66fa4489059c59ba4ec285 ("slub: Introduce CONFIG_SLUB_RCU_DEBUG")
>> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
>>
>> [test failed on linux-next/master c79c85875f1af04040fe4492ed94ce37ad729c4d]
>>
>> in testcase: kunit
>> version:
>> with following parameters:
>>
>> group: group-00
>>
>>
>>
>> compiler: gcc-12
>> test machine: 36 threads 1 sockets Intel(R) Core(TM) i9-10980XE CPU @ 3.00GHz (Cascade Lake) with 128G memory
>>
>> (please refer to attached dmesg/kmsg for entire log/backtrace)
>>
>>
>>
>> If you fix the issue in a separate patch/commit (i.e. not just a new version of
>> the same patch/commit), kindly add following tags
>> | Reported-by: kernel test robot <oliver.sang@intel.com>
>> | Closes: https://lore.kernel.org/oe-lkp/202408251741.4ce3b34e-oliver.sang@intel.com
>>
>>
>> The kernel config and materials to reproduce are available at:
>> https://download.01.org/0day-ci/archive/20240825/202408251741.4ce3b34e-oliver.sang@intel.com
>
> Oh, this is a weird one...
As I replied I think lkp simply reacts to the BUG: in dmesg and doesn't
filter it out as an expected test output.
> Do you happen to have either the vmlinux ELF file that this issue
> happened with, or a version of the bug report that's been run through
> scripts/decode_stacktrace.sh, so that we can tell whether the reported
> slab-use-after-free is on line 1029 (which would mean that either ASAN
> is not tracking the state of the object correctly or the object is
The reported freed stack suggests the object was already freed by rcu, so we
should be past the rcu_read_unlock();
> freed earlier than it should) or line 1039 (which would mean the
> KUNIT_EXPECT_KASAN_FAIL() is not working at it should)?
There's also "ok 38 kmem_cache_rcu_uaf" in the log so the kunit test macro
is satisfied.
next prev parent reply other threads:[~2024-08-26 20:27 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-25 9:45 kernel test robot
2024-08-26 20:16 ` Vlastimil Babka
2024-08-26 20:18 ` Jann Horn
2024-08-26 20:27 ` Vlastimil Babka [this message]
2024-08-27 7:27 ` Oliver Sang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4fbe9507-13b9-4af5-88c3-63379835f386@suse.cz \
--to=vbabka@suse.cz \
--cc=andreyknvl@gmail.com \
--cc=elver@google.com \
--cc=jannh@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-mm@kvack.org \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
--cc=oliver.sang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox