From: Juntong Deng <juntong.deng@outlook.com>
To: kernel test robot <oliver.sang@intel.com>
Cc: oe-lkp@lists.linux.dev, lkp@intel.com,
Dmitry Vyukov <dvyukov@google.com>,
kasan-dev@googlegroups.com, ryabinin.a.a@gmail.com,
glider@google.com, andreyknvl@gmail.com,
vincenzo.frascino@arm.com, akpm@linux-foundation.org,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
linux-kernel-mentees@lists.linuxfoundation.org
Subject: Re: [PATCH] kasan: Improve free meta storage in Generic KASAN
Date: Wed, 22 Nov 2023 00:03:17 +0800 [thread overview]
Message-ID: <VI1P193MB07520067C14EFDFECCC0B4C399BBA@VI1P193MB0752.EURP193.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <202311212204.c9c64d29-oliver.sang@intel.com>
On 2023/11/21 23:06, kernel test robot wrote:
>
>
> Hello,
>
> kernel test robot noticed "BUG_kmalloc-rnd-#-#(Not_tainted):Object_padding_overwritten" on:
>
> commit: cb53c2a822df305ec84b291e4c4a348c7d394b89 ("[PATCH] kasan: Improve free meta storage in Generic KASAN")
> url: https://github.com/intel-lab-lkp/linux/commits/Juntong-Deng/kasan-Improve-free-meta-storage-in-Generic-KASAN/20231120-044846
> base: https://git.kernel.org/cgit/linux/kernel/git/akpm/mm.git mm-everything
> patch link: https://lore.kernel.org/all/VI1P193MB0752DE2CCD9046B5FED0AA8E99B5A@VI1P193MB0752.EURP193.PROD.OUTLOOK.COM/
> patch subject: [PATCH] kasan: Improve free meta storage in Generic KASAN
>
> in testcase: boot
>
> compiler: clang-16
> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
>
> (please refer to attached dmesg/kmsg for entire log/backtrace)
>
>
> +-------------------------------------------------------------+------------+------------+
> | | a350566908 | cb53c2a822 |
> +-------------------------------------------------------------+------------+------------+
> | BUG_kmalloc-rnd-#-#(Not_tainted):Object_padding_overwritten | 0 | 17 |
> | BUG_kmalloc-rnd-#-#(Tainted:G_B):Object_padding_overwritten | 0 | 21 |
> | BUG_kmalloc-#(Tainted:G_B):Object_padding_overwritten | 0 | 21 |
> | BUG_kmalloc-#(Not_tainted):Object_padding_overwritten | 0 | 4 |
> +-------------------------------------------------------------+------------+------------+
>
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang@intel.com>
> | Closes: https://lore.kernel.org/oe-lkp/202311212204.c9c64d29-oliver.sang@intel.com
>
>
> [ 1.104299][ T0] ** administrator! **
> [ 1.104884][ T0] ** **
> [ 1.105469][ T0] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE **
> [ 1.106054][ T0] **********************************************************
> [ 1.109891][ T0] =============================================================================
> [ 1.110637][ T0] BUG kmalloc-rnd-09-8 (Not tainted): Object padding overwritten
> [ 1.111258][ T0] -----------------------------------------------------------------------------
> [ 1.111258][ T0]
> [ 1.112154][ T0] 0xffff888100078074-0xffff88810007807b @offset=116. First byte 0x0 instead of 0x5a
> [ 1.112904][ T0] Slab 0xffffea0004001e00 objects=30 used=1 fp=0xffff888100078090 flags=0x8000000000000800(slab|zone=2)
> [ 1.113798][ T0] Object 0xffff888100078008 @offset=8 fp=0xffff888100078090
> [ 1.113798][ T0]
> [ 1.114555][ T0] Redzone ffff888100078000: bb bb bb bb bb bb bb bb ........
> [ 1.115329][ T0] Object ffff888100078008: 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkk.
> [ 1.116098][ T0] Redzone ffff888100078010: bb bb bb bb bb bb bb bb ........
> [ 1.116868][ T0] Padding ffff888100078074: 00 00 00 00 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ
> [ 1.117691][ T0] Padding ffff888100078084: 5a 5a 5a 5a ZZZZ
> [ 1.118432][ T0] CPU: 0 PID: 0 Comm: swapper Not tainted 6.7.0-rc1-00145-gcb53c2a822df #1
> [ 1.119122][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> [ 1.119953][ T0] Call Trace:
> [ 1.120209][ T0] <TASK>
> [ 1.120439][ T0] dump_stack_lvl+0xa2/0x100
> [ 1.120808][ T0] check_bytes_and_report+0x113/0x160
> [ 1.121240][ T0] check_object+0x1e1/0x380
> [ 1.121599][ T0] alloc_debug_processing+0x10e/0x1f0
> [ 1.122027][ T0] ___slab_alloc+0x81b/0xdd0
> [ 1.122392][ T0] ? init_freelist_randomization+0x11/0x50
> [ 1.122854][ T0] ? cache_random_seq_create+0x49/0x110
> [ 1.123308][ T0] ? cache_random_seq_create+0x49/0x110
> [ 1.123751][ T0] __kmem_cache_alloc_node+0x161/0x1f0
> [ 1.124188][ T0] ? cache_random_seq_create+0x49/0x110
> [ 1.124637][ T0] __kmalloc+0xb5/0x1b0
> [ 1.124968][ T0] cache_random_seq_create+0x49/0x110
> [ 1.125395][ T0] init_cache_random_seq+0x2c/0xc0
> [ 1.125809][ T0] init_freelist_randomization+0x2d/0x50
> [ 1.126259][ T0] kmem_cache_init+0xac/0x120
> [ 1.126630][ T0] mm_core_init+0x2a/0x60
> [ 1.126972][ T0] start_kernel+0x156/0x370
> [ 1.127334][ T0] x86_64_start_reservations+0x20/0x20
> [ 1.127770][ T0] x86_64_start_kernel+0x59/0x60
> [ 1.128162][ T0] secondary_startup_64_no_verify+0x167/0x16b
> [ 1.128652][ T0] </TASK>
> [ 1.128887][ T0] Disabling lock debugging due to kernel taint
> [ 1.129373][ T0] FIX kmalloc-rnd-09-8: Restoring Object padding 0xffff888100078074-0xffff88810007807b=0x5a
> [ 1.130544][ T0] =============================================================================
> [ 1.131270][ T0] BUG kmalloc-rnd-09-8 (Tainted: G B ): Object padding overwritten
> [ 1.132002][ T0] -----------------------------------------------------------------------------
> [ 1.132002][ T0]
> [ 1.132893][ T0] 0xffff8881000780fc-0xffff888100078103 @offset=252. First byte 0x0 instead of 0x5a
> [ 1.133638][ T0] Slab 0xffffea0004001e00 objects=30 used=2 fp=0xffff888100078118 flags=0x8000000000000800(slab|zone=2)
> [ 1.134524][ T0] Object 0xffff888100078090 @offset=144 fp=0xffff888100078118
> [ 1.134524][ T0]
> [ 1.135292][ T0] Redzone ffff888100078088: bb bb bb bb bb bb bb bb ........
> [ 1.136060][ T0] Object ffff888100078090: 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkk.
> [ 1.136827][ T0] Redzone ffff888100078098: bb bb bb bb bb bb bb bb ........
> [ 1.137596][ T0] Padding ffff8881000780fc: 00 00 00 00 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ
> [ 1.138418][ T0] Padding ffff88810007810c: 5a 5a 5a 5a ZZZZ
> [ 1.139167][ T0] CPU: 0 PID: 0 Comm: swapper Tainted: G B 6.7.0-rc1-00145-gcb53c2a822df #1
> [ 1.139971][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> [ 1.140800][ T0] Call Trace:
> [ 1.141054][ T0] <TASK>
> [ 1.141281][ T0] dump_stack_lvl+0xa2/0x100
> [ 1.141643][ T0] check_bytes_and_report+0x113/0x160
> [ 1.142068][ T0] check_object+0x1e1/0x380
> [ 1.142423][ T0] alloc_debug_processing+0x10e/0x1f0
> [ 1.142848][ T0] ___slab_alloc+0x4fe/0xdd0
> [ 1.143214][ T0] ? cache_random_seq_create+0x49/0x110
> [ 1.143654][ T0] ? cache_random_seq_create+0x49/0x110
> [ 1.144092][ T0] __kmem_cache_alloc_node+0x161/0x1f0
> [ 1.144524][ T0] ? cache_random_seq_create+0x49/0x110
> [ 1.144962][ T0] __kmalloc+0xb5/0x1b0
> [ 1.145289][ T0] cache_random_seq_create+0x49/0x110
> [ 1.145713][ T0] init_cache_random_seq+0x2c/0xc0
> [ 1.146115][ T0] init_freelist_randomization+0x2d/0x50
> [ 1.146561][ T0] kmem_cache_init+0xac/0x120
> [ 1.146928][ T0] mm_core_init+0x2a/0x60
> [ 1.147272][ T0] start_kernel+0x156/0x370
> [ 1.147625][ T0] x86_64_start_reservations+0x20/0x20
> [ 1.148057][ T0] x86_64_start_kernel+0x59/0x60
> [ 1.148447][ T0] secondary_startup_64_no_verify+0x167/0x16b
> [ 1.148929][ T0] </TASK>
>
>
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20231121/202311212204.c9c64d29-oliver.sang@intel.com
>
>
>
This bug is caused by the fact that after improving the free meta
storage, kasan_metadata_size() continues to calculate the metadata
size according to the previous storage method.
I will fix this in a separate patch.
next prev parent reply other threads:[~2023-11-21 16:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-19 20:46 Juntong Deng
2023-11-21 15:06 ` kernel test robot
2023-11-21 16:03 ` Juntong Deng [this message]
2023-11-21 16:05 ` Andrey Konovalov
2023-11-21 16:15 ` Juntong Deng
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=VI1P193MB07520067C14EFDFECCC0B4C399BBA@VI1P193MB0752.EURP193.PROD.OUTLOOK.COM \
--to=juntong.deng@outlook.com \
--cc=akpm@linux-foundation.org \
--cc=andreyknvl@gmail.com \
--cc=dvyukov@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel-mentees@lists.linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
--cc=oliver.sang@intel.com \
--cc=ryabinin.a.a@gmail.com \
--cc=vincenzo.frascino@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox