Greetings, 0day kernel testing robot got the below dmesg and the first bad commit is https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master commit 63495b0c58fff45bd94baf23a2f1138de7c20c3e Author: Alexander Potapenko AuthorDate: Sat Jun 25 10:10:25 2016 +1000 Commit: Stephen Rothwell CommitDate: Sat Jun 25 13:26:56 2016 +1000 mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB For KASAN builds: - switch SLUB allocator to using stackdepot instead of storing the allocation/deallocation stacks in the objects; - change the freelist hook so that parts of the freelist can be put into the quarantine. Link: http://lkml.kernel.org/r/1466617421-58518-1-git-send-email-glider@google.com Signed-off-by: Alexander Potapenko Cc: Andrey Konovalov Cc: Dmitry Vyukov Cc: Steven Rostedt (Red Hat) Cc: Joonsoo Kim Cc: Konstantin Serebryany Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Signed-off-by: Andrew Morton +---------------------------------------------------------------+------------+------------+---------------+ | | 8b84dfd7fe | 63495b0c58 | next-20160711 | +---------------------------------------------------------------+------------+------------+---------------+ | boot_successes | 62 | 0 | 0 | | boot_failures | 1 | 22 | 13 | | Out_of_memory:Kill_process | 1 | | | | BUG_radix_tree_node(Not_tainted):Object_padding_overwritten | 0 | 22 | 13 | | INFO:#-#.First_byte#instead_of | 0 | 22 | 13 | | INFO:Slab#objects=#used=#fp=0x(null)flags= | 0 | 22 | 13 | | INFO:Object#@offset=#fp= | 0 | 22 | 13 | | BUG_inode_cache(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 | | BUG_sighand_cache(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 | | BUG_proc_inode_cache(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 | | BUG_radix_tree_node(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 | | BUG_shmem_inode_cache(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 | | INFO:Allocated_in_copy_process_age=#cpu=#pid= | 0 | 22 | 13 | | INFO:Slab#objects=#used=#fp=#flags= | 0 | 22 | 13 | | BUG_sock_inode_cache(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 | | INFO:Object#@offset=#fp=0x(null) | 0 | 22 | 13 | | BUG_kmalloc-#(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 | | INFO:Allocated_in_acpi_ns_internalize_name_age=#cpu=#pid= | 0 | 22 | 13 | | INFO:Allocated_in_pcpu_mem_zalloc_age=#cpu=#pid= | 0 | 22 | 13 | | BUG_idr_layer_cache(Tainted:G_B):Object_padding_overwritten | 0 | 22 | 13 | | INFO:Allocated_in_ida_pre_get_age=#cpu=#pid= | 0 | 22 | 13 | | backtrace:__radix_tree_insert | 0 | 22 | 13 | | backtrace:early_irq_init | 0 | 22 | 13 | | backtrace:vfs_kern_mount | 0 | 22 | 13 | | backtrace:mnt_init | 0 | 22 | 13 | | backtrace:vfs_caches_init | 0 | 22 | 13 | | backtrace:kern_mount_data | 0 | 22 | 13 | | backtrace:nsfs_init | 0 | 22 | 13 | | backtrace:_do_fork | 0 | 22 | 13 | | backtrace:apic_bsp_setup | 0 | 22 | 13 | | backtrace:APIC_init_uniprocessor | 0 | 22 | 13 | | backtrace:up_late_init | 0 | 22 | 13 | | backtrace:kernel_init_freeable | 0 | 22 | 13 | | backtrace:shmem_init | 0 | 22 | 13 | | backtrace:do_exit | 0 | 22 | 13 | | backtrace:do_mount | 0 | 22 | 13 | | backtrace:SyS_mount | 0 | 22 | 13 | | backtrace:devtmpfsd | 0 | 22 | 13 | | backtrace:debugfs_create_dir | 0 | 22 | 13 | | backtrace:regulator_init | 0 | 22 | 13 | | backtrace:debugfs_create_file | 0 | 22 | 13 | | backtrace:rdev_init_debugfs | 0 | 22 | 13 | | backtrace:__platform_driver_register | 0 | 22 | 13 | | backtrace:regulator_dummy_init | 0 | 22 | 13 | | backtrace:debugfs_create_u32 | 0 | 22 | 13 | | backtrace:sock_init | 0 | 22 | 13 | | backtrace:__netlink_kernel_create | 0 | 22 | 13 | | backtrace:rtnetlink_net_init | 0 | 22 | 13 | | backtrace:ops_init | 0 | 22 | 13 | | backtrace:register_pernet_subsys | 0 | 22 | 13 | | backtrace:rtnetlink_init | 0 | 22 | 13 | | backtrace:netlink_proto_init | 0 | 22 | 13 | | backtrace:bdi_class_init | 0 | 22 | 13 | | backtrace:uevent_net_init | 0 | 22 | 13 | | backtrace:kobject_uevent_init | 0 | 22 | 13 | | backtrace:wakeup_sources_debugfs_init | 0 | 22 | 13 | | backtrace:regmap_initcall | 0 | 22 | 13 | | backtrace:arch_kdebugfs_init | 0 | 22 | 13 | | backtrace:sysfs_create_file_ns | 0 | 22 | 2 | | backtrace:param_sysfs_init | 0 | 22 | 2 | | INFO:Allocated_in__register_sysctl_paths_age=#cpu=#pid= | 0 | 0 | 13 | | INFO:Allocated_in_allocate_cgrp_cset_links_age=#cpu=#pid= | 0 | 0 | 9 | | INFO:Allocated_in_kthread_create_on_node_age=#cpu=#pid= | 0 | 0 | 4 | | backtrace:kmem_cache_create | 0 | 0 | 11 | | backtrace:uid_cache_init | 0 | 0 | 11 | | INFO:Allocated_in_alloc_workqueue_attrs_age=#cpu=#pid= | 0 | 0 | 2 | | INFO:Allocated_in_apply_wqattrs_prepare_age=#cpu=#pid= | 0 | 0 | 2 | | BUG_pid(Tainted:G_B):Object_padding_overwritten | 0 | 0 | 2 | | INFO:Allocated_in_alloc_pid_age=#cpu=#pid= | 0 | 0 | 2 | | BUG_signal_cache(Tainted:G_B):Object_padding_overwritten | 0 | 0 | 2 | | BUG_task_struct(Tainted:G_B):Object_padding_overwritten | 0 | 0 | 2 | | BUG_cred_jar(Tainted:G_B):Object_padding_overwritten | 0 | 0 | 2 | | INFO:Allocated_in_prepare_creds_age=#cpu=#pid= | 0 | 0 | 2 | | BUG_names_cache(Tainted:G_B):Object_padding_overwritten | 0 | 0 | 2 | | INFO:Allocated_in_getname_flags_age=#cpu=#pid= | 0 | 0 | 2 | | INFO:Allocated_in_copy_mount_options_age=#cpu=#pid= | 0 | 0 | 2 | | INFO:Allocated_in_strndup_user_age=#cpu=#pid= | 0 | 0 | 2 | | backtrace:native_calibrate_cpu | 0 | 0 | 2 | | backtrace:tsc_init | 0 | 0 | 2 | | backtrace:x86_late_time_init | 0 | 0 | 2 | +---------------------------------------------------------------+------------+------------+---------------+ [ 0.000000] Running RCU self tests [ 0.000000] NR_IRQS:4352 nr_irqs:256 16 [ 0.000000] ============================================================================= [ 0.000000] BUG radix_tree_node (Not tainted): Object padding overwritten [ 0.000000] ----------------------------------------------------------------------------- [ 0.000000] [ 0.000000] Disabling lock debugging due to kernel taint [ 0.000000] INFO: 0xffff88000c800210-0xffff88000c800210. First byte 0x58 instead of 0x5a [ 0.000000] INFO: Slab 0xffffea0000320000 objects=14 used=14 fp=0x (null) flags=0x4080 [ 0.000000] INFO: Object 0xffff88000c800008 @offset=8 fp=0xffff88000c800238 [ 0.000000] [ 0.000000] Redzone ffff88000c800000: bb bb bb bb bb bb bb bb ........ [ 0.000000] Object ffff88000c800008: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object ffff88000c800018: 00 00 00 00 00 00 00 00 20 00 80 0c 00 88 ff ff ........ ....... [ 0.000000] Object ffff88000c800028: 20 00 80 0c 00 88 ff ff 00 00 00 00 00 00 00 00 ............... [ 0.000000] Object ffff88000c800038: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object ffff88000c800048: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object ffff88000c800058: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object ffff88000c800068: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object ffff88000c800078: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object ffff88000c800088: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object ffff88000c800098: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object ffff88000c8000a8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Object ffff88000c8000b8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 0.000000] Redzone ffff88000c8000c8: bb bb bb bb bb bb bb bb ........ [ 0.000000] Padding ffff88000c800208: 5a 5a 5a 5a 5a 5a 5a 5a 58 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZXZZZZZZZ [ 0.000000] Padding ffff88000c800218: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ [ 0.000000] Padding ffff88000c800228: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ git bisect start dd27435af10bb67660f1e9f5689aea1854c20f26 a99cde438de0c4c0cecc1d1af1a55a75b10bfdef -- git bisect good 8fe2e22827c7050f1361354858596a2b94448dcd # 23:30 22+ 0 Merge remote-tracking branch 'slave-dma/next' git bisect good 9605f7cece91a057a6c7a3f17d3fc26d91c54bf6 # 23:44 22+ 0 Merge remote-tracking branch 'spi/for-next' git bisect good ccd7d3c2c3a8f538e7babeb1cf955730f5cde118 # 23:52 22+ 1 Merge remote-tracking branch 'extcon/extcon-next' git bisect good 938e32d7f884c5baa75d68b2063fd48315a09ccd # 23:57 22+ 1 Merge remote-tracking branch 'userns/for-next' git bisect good d4656ac2985214dcfad8acc5c841a884a088a2d1 # 00:12 22+ 1 Merge remote-tracking branch 'livepatching/for-next' git bisect good a47bd84d8c1d6498ae3a4c6e74efa26c517e4f85 # 00:33 22+ 0 Merge remote-tracking branch 'nvdimm/libnvdimm-for-next' git bisect bad 2ffbdc1098912039558a87f665688b45ba220274 # 00:36 0- 22 Merge branch 'akpm-current/current' git bisect good a137d2de1575885e2b41acd813ca50ad9fd7c1f4 # 00:42 21+ 3 thp, mlock: do not mlock PTE-mapped file huge pages git bisect bad 73c4a26170c610887770a58163a960d03f199d90 # 00:45 0- 5 lib/iommu-helper: skip to next segment git bisect good 8611b108d9f74d5c76f2be4f3842498511fe9f32 # 00:50 22+ 2 proc, oom: drop bogus sighand lock git bisect bad bb3877b284bbec55e0db68be669e8a1c380813de # 00:54 0- 22 proc_oom_score: remove tasklist_lock and pid_alive() git bisect good e27d880ea5fa9c569a4945f1e4fc77ec8050e44e # 00:58 22+ 2 mm, oom_reaper: do not attempt to reap a task more than twice git bisect good d8a354ccd10174801dcf686aaba5bb28d164199e # 01:04 21+ 0 ksm: set anon_vma of first rmap_item of ksm page to page's anon_vma other than vma's anon_vma git bisect good 8b84dfd7feb26100eb92f3ae227fcf7ee4b14b76 # 01:08 20+ 0 mm/compaction: remove unnecessary order check in try_to_compact_pages() git bisect bad 63495b0c58fff45bd94baf23a2f1138de7c20c3e # 01:12 0- 22 mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB # first bad commit: [63495b0c58fff45bd94baf23a2f1138de7c20c3e] mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB git bisect good 8b84dfd7feb26100eb92f3ae227fcf7ee4b14b76 # 01:15 63+ 1 mm/compaction: remove unnecessary order check in try_to_compact_pages() # extra tests with CONFIG_DEBUG_INFO_REDUCED git bisect bad 63495b0c58fff45bd94baf23a2f1138de7c20c3e # 01:19 0- 24 mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB # extra tests on HEAD of linux-next/master git bisect bad dd27435af10bb67660f1e9f5689aea1854c20f26 # 01:19 0- 13 Add linux-next specific files for 20160711 # extra tests on tree/branch linux-next/master git bisect bad dd27435af10bb67660f1e9f5689aea1854c20f26 # 01:53 0- 13 Add linux-next specific files for 20160711 # extra tests with first bad commit reverted git bisect good 0ccaf34cb358153063a9e1727dfccd6ad2521c7e # 02:03 64+ 7 Revert "mm, kasan: switch SLUB to stackdepot, enable memory quarantine for SLUB" # extra tests on tree/branch linus/master git bisect good 92d21ac74a9e3c09b0b01c764e530657e4c85c49 # 02:08 61+ 15 Linux 4.7-rc7 # extra tests on tree/branch linux-next/master git bisect bad dd27435af10bb67660f1e9f5689aea1854c20f26 # 02:38 0- 13 Add linux-next specific files for 20160711 This script may reproduce the error. ---------------------------------------------------------------------------- #!/bin/bash kernel=$1 kvm=( qemu-system-x86_64 -enable-kvm -cpu Haswell,+smep,+smap -kernel $kernel -m 256 -smp 1 -device e1000,netdev=net0 -netdev user,id=net0 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -serial stdio -display none -monitor null ) append=( hung_task_panic=1 earlyprintk=ttyS0,115200 systemd.log_level=err debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal root=/dev/ram0 rw drbd.minor_count=8 ) "${kvm[@]}" --append "${append[*]}" ---------------------------------------------------------------------------- --- 0-DAY kernel test infrastructure Open Source Technology Center https://lists.01.org/pipermail/lkp Intel Corporation