kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #172770
[Bug 1572562] Missing required logs.
This bug is missing log files that will aid in diagnosing the problem.
>From a terminal window please run:
apport-collect 1572562
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable
to run this command, please add a comment stating that fact and change
the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the
Ubuntu Kernel Team.
** Changed in: linux (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1572562
Title:
KASan: out of bounds access in isolate_migratepages_range
Status in linux package in Ubuntu:
Incomplete
Bug description:
In the v3.13.0-76 kernel with KASan backported.
The following error message could be observed during the kernel
building stress test of the command: "./parallel-73670.sh -r 2 -k 40"
That means building 40 kernels in the same time with 2 rounds.
Bad access happens when we read page->mapping->flags, and
page->mapping is a pointer to anon_vma which is already freed
in the do_exit path.
==================================================================
BUG: KASan: out of bounds access in isolate_migratepages_range+0x663/0xb30 at addr ffff880279cc76d1
Read of size 8 by task cc1/27473
=============================================================================
BUG anon_vma (Not tainted): kasan: bad access detected
-----------------------------------------------------------------------------
Disabling lock debugging due to kernel taint
INFO: Allocated in anon_vma_prepare+0x189/0x250 age=7323 cpu=16 pid=31029
__slab_alloc+0x4f8/0x560
kmem_cache_alloc+0x18b/0x1e0
anon_vma_prepare+0x189/0x250
do_wp_page+0x837/0xb10
handle_mm_fault+0x884/0x1160
__do_page_fault+0x218/0x750
do_page_fault+0x1a/0x70
page_fault+0x28/0x30
INFO: Freed in __put_anon_vma+0x69/0xe0 age=8588 cpu=4 pid=29418
__slab_free+0x2ab/0x3f0
kmem_cache_free+0x1c1/0x200
__put_anon_vma+0x69/0xe0
unlink_anon_vmas+0x2a8/0x320
free_pgtables+0x50/0x1c0
exit_mmap+0xca/0x1e0
mmput+0x82/0x1b0
do_exit+0x391/0x1060
do_group_exit+0x86/0x130
SyS_exit_group+0x1d/0x20
system_call_fastpath+0x1a/0x1f
INFO: Slab 0xffffea0009e73100 objects=43 used=30 fp=0xffff880279cc67a8 flags=0x2ffff0000004080
INFO: Object 0xffff880279cc7658 @offset=13912 fp=0xffff880279cc7c38
Bytes b4 ffff880279cc7648: 10 00 00 00 5b 17 00 00 ef 25 6b 03 01 00 00 00 ....[....%k.....
Object ffff880279cc7658: 58 76 cc 79 02 88 ff ff 00 00 00 00 00 00 00 00 Xv.y............
Object ffff880279cc7668: 00 00 00 00 5a 5a 5a 5a 70 76 cc 79 02 88 ff ff ....ZZZZpv.y....
Object ffff880279cc7678: 70 76 cc 79 02 88 ff ff 01 00 00 00 03 00 00 00 pv.y............
Object ffff880279cc7688: 58 76 cc 79 02 88 ff ff b8 2a 20 31 02 88 ff ff Xv.y.....* 1....
CPU: 8 PID: 27473 Comm: cc1 Tainted: G B 3.13.0-76-generic #120hf00073670v20160120b0h5d3e6ab
Hardware name: Cisco Systems Inc UCSC-C220-M3L/UCSC-C220-M3L, BIOS C220M3.2.0.3.0.080120140402 08/01/2014
ffffea0009e73100 ffff880736bbf750 ffffffff81a6e195 ffff8804e881b840
ffff880736bbf780 ffffffff81244c1d ffff8804e881b840 ffffea0009e73100
ffff880279cc7658 ffffea001aa99c98 ffff880736bbf7a8 ffffffff8124ad66
Call Trace:
[<ffffffff81a6e195>] dump_stack+0x45/0x56
[<ffffffff81244c1d>] print_trailer+0xfd/0x170
[<ffffffff8124ad66>] object_err+0x36/0x40
[<ffffffff8124cd29>] kasan_report_error+0x1e9/0x3a0
[<ffffffff8125d9f8>] ? memcg_check_events+0x28/0x380
[<ffffffff81221c2d>] ? rmap_walk+0x32d/0x340
[<ffffffff8124d390>] kasan_report+0x40/0x50
[<ffffffff81205ee3>] ? isolate_migratepages_range+0x663/0xb30
[<ffffffff8124c019>] __asan_load8+0x69/0xa0
[<ffffffff81205ee3>] isolate_migratepages_range+0x663/0xb30
[<ffffffff811dc5e7>] ? zone_watermark_ok+0x57/0x70
[<ffffffff812067c6>] compact_zone+0x416/0x700
[<ffffffff81206b45>] compact_zone_order+0x95/0x100
[<ffffffff81207002>] try_to_compact_pages+0x102/0x1a0
[<ffffffff811e21e6>] __alloc_pages_direct_compact+0x96/0x290
[<ffffffff811e2d5e>] __alloc_pages_nodemask+0x97e/0xc40
[<ffffffff8123ce24>] alloc_pages_vma+0xb4/0x200
[<ffffffff812572ca>] do_huge_pmd_anonymous_page+0x13a/0x490
[<ffffffff8120f072>] ? do_numa_page+0x192/0x200
[<ffffffff81210c07>] handle_mm_fault+0x267/0x1160
[<ffffffff81a7d028>] __do_page_fault+0x218/0x750
[<ffffffff8121aead>] ? do_mmap_pgoff+0x47d/0x500
[<ffffffff811fd699>] ? vm_mmap_pgoff+0xa9/0xd0
[<ffffffff81a7d57a>] do_page_fault+0x1a/0x70
[<ffffffff81a785a8>] page_fault+0x28/0x30
Memory state around the buggy address:
ffff880279cc7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff880279cc7600: fc fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00
>ffff880279cc7680: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff880279cc7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff880279cc7780: fc fc fc fc fc fc fc fc fc fc 00 00 00 00 00 00
==================================================================
gavin@rotom:~/ddebs/ddebs-3.13.0-76.120hf00073670v20160120b0h5d3e6ab$ addr2line 0xffffffff81205ee3 -e usr/lib/debug/boot/vmlinux-3.13.0-76-generic -fi
constant_test_bit
/home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313
mapping_balloon
/home/gavin/ubuntu-trusty-amd64/include/linux/pagemap.h:69
__is_movable_balloon_page
/home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:131
balloon_page_movable
/home/gavin/ubuntu-trusty-amd64/include/linux/balloon_compaction.h:156
isolate_migratepages_range
/home/gavin/ubuntu-trusty-amd64/mm/compaction.c:554
>8------------------8<
/home/gavin/ubuntu-trusty-amd64/arch/x86/include/asm/bitops.h:313
310 static __always_inline int constant_test_bit(long nr, const volatile unsigned long *addr)
311 {
312 return ((1UL << (nr & (BITS_PER_LONG-1))) &
313 (addr[nr >> _BITOPS_LONG_SHIFT])) != 0;
314 }
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1572562/+subscriptions
References
