Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20180419013855.4tyssb556l4lkgba@wfg-t540p.sh.intel.com>
Date: Thu, 19 Apr 2018 09:38:55 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Kees Cook <keescook@...omium.org>
Cc: linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com,
	linux-kbuild@...r.kernel.org, LKP <lkp@...org>
Subject: [gcc-plugins] c61f13eaa1 BUG: KASAN: use-after-scope in ep_poll at
 addr ffff88001ee87d00

Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

commit c61f13eaa1ee17728c41370100d2d45c254ce76f
Author:     Kees Cook <keescook@...omium.org>
AuthorDate: Fri Jan 13 11:14:39 2017 -0800
Commit:     Kees Cook <keescook@...omium.org>
CommitDate: Wed Jan 18 12:02:35 2017 -0800

     gcc-plugins: Add structleak for more stack initialization
     
     This plugin detects any structures that contain __user attributes and
     makes sure it is being fully initialized so that a specific class of
     information exposure is eliminated. (This plugin was originally designed
     to block the exposure of siginfo in CVE-2013-2141.)
     
     Ported from grsecurity/PaX. This version adds a verbose option to the
     plugin and the Kconfig.
     
     Signed-off-by: Kees Cook <keescook@...omium.org>

8d4973a1c0  gcc-plugins: add PASS_INFO and build_const_char_string()
c61f13eaa1  gcc-plugins: Add structleak for more stack initialization
c4e0ca7fa2  Merge tag 'riscv-for-linus-4.15-maintainers' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux
f0701bf7db  Add linux-next specific files for 20180126
+--------------------------------+------------+------------+------------+---------------+
|                                | 8d4973a1c0 | c61f13eaa1 | c4e0ca7fa2 | next-20180126 |
+--------------------------------+------------+------------+------------+---------------+
| boot_successes                 | 39         | 0          | 1          | 13            |
| boot_failures                  | 0          | 13         | 20         |               |
| BUG:KASAN:use-after-scope_in_e | 0          | 13         | 20         |               |
+--------------------------------+------------+------------+------------+---------------+

[   28.855033] init: Temporary process spawn error: No such file or directory
[   28.863505] init: Failed to create pty - disabling logging for job
[   28.864418] init: Temporary process spawn error: No such file or directory
udevd[253]: failed to execute '/sbin/modprobe' '/sbin/modprobe -bv acpi:LNXSYSTM:': No such file or directory
[   28.975924] ==================================================================
[   28.976803] BUG: KASAN: use-after-scope in ep_poll+0xb51/0xc33 at addr ffff88001ee87d00
[   28.977751] Write of size 16 by task udevadm/248
[   28.978321] page:ffffea00007ba1c0 count:0 mapcount:0 mapping:          (null) index:0x1
[   28.979273] flags: 0x0()
[   28.979600] raw: 0000000000000000 0000000000000000 0000000000000001 00000000ffffffff
[   28.980537] raw: 0000000000000000 dead000000000200 0000000000000000 0000000000000000
[   28.981458] page dumped because: kasan: bad access detected
[   28.982135] CPU: 0 PID: 248 Comm: udevadm Not tainted 4.10.0-rc2-00004-gc61f13e #1
[   28.983038] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[   28.984135] Call Trace:
[   28.984611]  dump_stack+0x1e/0x20
[   28.985172]  kasan_report+0x32e/0x435
[   28.985625]  ? ep_poll+0xb51/0xc33
[   28.986053]  ? ep_poll+0xb13/0xc33
[   28.986478]  __asan_report_store16_noabort+0x1c/0x1e
[   28.987286]  ep_poll+0xb51/0xc33
[   28.987803]  ? ep_poll_readyevents_proc+0x86/0x86
[   28.988551]  ? sock_enable_timestamp+0xa1/0xa1
[   28.989255]  ? bit_waitqueue+0x34/0x34
[   28.989831]  ? get_usage_char+0x3b/0x3b
[   28.990398]  ? get_usage_char+0x3b/0x3b
[   28.991120]  ? __lock_acquire+0x113d/0x1245
[   28.991675]  ? __context_tracking_exit+0xe4/0x266
[   28.992348]  ? lock_acquire+0x318/0x318
[   28.992963]  ? __fget_light+0x2e6/0x318
[   28.993566]  ? __fget+0x35b/0x35b
[   28.994101]  ? syscall_slow_exit_work+0x591/0x591
[   28.994850]  ? __this_cpu_preempt_check+0x1c/0x1f
[   28.995590]  ? do_task_dead+0x1cb/0x1cb
[   28.996204]  SyS_epoll_wait+0x16e/0x1a2
[   28.996811]  ? SyS_epoll_ctl+0x1571/0x1571
[   28.997461]  do_syscall_64+0x307/0x522
[   28.998060]  ? check_preemption_disabled+0x198/0x1a1
[   28.998866]  ? syscall_return_slowpath+0x25b/0x25b
[   28.999733]  ? context_tracking_user_enter+0x30/0x30
[   29.000486]  ? prepare_exit_to_usermode+0x13e/0x166
[   29.001217]  ? enter_from_user_mode+0x72/0x72
[   29.001909]  entry_SYSCALL64_slow_path+0x25/0x25
[   29.002627] RIP: 0033:0x7ffb5675cb33
[   29.003196] RSP: 002b:00007ffe90b896a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8
[   29.004363] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007ffb5675cb33
[   29.005460] RDX: 0000000000000004 RSI: 00007ffe90b89850 RDI: 0000000000000003
[   29.006556] RBP: 000055e3eed8e2d0 R08: 000000000000000a R09: 0000000000000000
[   29.007660] R10: 00000000ffffffff R11: 0000000000000246 R12: 000055e3eed8e110
[   29.008758] R13: 0000000000000001 R14: 00007ffe90b8985c R15: 0000000000000004
[   29.009872] Memory state around the buggy address:
[   29.010618]  ffff88001ee87c00: f8 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2
[   29.011730]  ffff88001ee87c80: 00 00 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2

                                                           # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start v4.11 v4.10 --
git bisect  bad ce70df089143c49385b4f32f39d41fb50fbf6a7c  # 11:07  B      0     3   16   0  mm, gup: fix typo in gup_p4d_range()
git bisect  bad 94eae8034002401d71ae950106659e16add36e77  # 11:38  B      0    11   24   0  Merge tag 'platform-drivers-x86-v4.11-1' of git://git.infradead.org/linux-platform-drivers-x86
git bisect good 7bb033829ef3ecfc491c0ed0197966e8f197fbdc  # 12:12  G     13     0   13  13  Merge tag 'rodata-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect  bad a3919caaa27a5fde1cbda46e394bb17953e104a1  # 12:52  B      0     4   17   0  Merge tag 'rproc-v4.11' of git://github.com/andersson/remoteproc
git bisect  bad a27fcb0cd1bcc812017192bdde41cc456dcd6afe  # 13:05  B      0    12   25   0  Merge tag 'xfs-4.11-merge-7' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
git bisect  bad 8ff546b801e5cca0337c0f0a7234795d0a6309a1  # 13:22  B      0     3   16   0  Merge tag 'usb-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
git bisect  bad ff47d8c05019d6e7753cef270d6399cb5a33be57  # 13:42  B      0     7   20   0  Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
git bisect  bad 1e74a2eb1f5cc7f2f2b5aa9c9eeecbcf352220a3  # 13:56  B      0     1   14   0  Merge tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect good e7e04c0c8c7ea931d966e5bd349a0b1c836b1ebf  # 14:16  G     12     0    0   0  Merge branch 'for-next/gcc-plugin-infrastructure' into for-linus/gcc-plugins
git bisect  bad c054ee3bbf69ebcabb1f3218b7faf4b1b37a8eb6  # 14:32  B      0     3   16   0  Merge branch 'for-next/gcc-plugin/structleak' into for-linus/gcc-plugins
git bisect  bad c61f13eaa1ee17728c41370100d2d45c254ce76f  # 14:50  B      0    10   23   0  gcc-plugins: Add structleak for more stack initialization
# first bad commit: [c61f13eaa1ee17728c41370100d2d45c254ce76f] gcc-plugins: Add structleak for more stack initialization
git bisect good 8d4973a1c01d4b38871fbc6631e1fdd20e6c9e90  # 15:06  G     39     0    0   0  gcc-plugins: add PASS_INFO and build_const_char_string()
# extra tests with debug options
git bisect  bad c61f13eaa1ee17728c41370100d2d45c254ce76f  # 15:42  B      0     9   22   0  gcc-plugins: Add structleak for more stack initialization
# extra tests on HEAD of linux-devel/devel-hourly-2018012623
git bisect  bad 053f055c57c24ecc91e16dc1056be540bec47d3e  # 15:42  B      0    13   29   0  0day head guard for 'devel-hourly-2018012623'
# extra tests on tree/branch linus/master
git bisect  bad c4e0ca7fa24137e372d6135fe16e8df8e123f116  # 16:24  B      1    12    0   0  Merge tag 'riscv-for-linus-4.15-maintainers' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux
# extra tests on tree/branch linux-next/master
git bisect good f0701bf7db7ab816244aed52d28ac49f32c8c2c9  # 16:46  G     13     0    0   0  Add linux-next specific files for 20180126

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/lkp                          Intel Corporation

Download attachment "dmesg-quantal-intel12-10:20180127145039:x86_64-randconfig-s5-01270457:4.10.0-rc2-00004-gc61f13e:1.gz" of type "application/gzip" (92392 bytes)

View attachment "reproduce-quantal-intel12-10:20180127145039:x86_64-randconfig-s5-01270457:4.10.0-rc2-00004-gc61f13e:1" of type "text/plain" (909 bytes)

View attachment "config-4.10.0-rc2-00004-gc61f13e" of type "text/plain" (100927 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.