| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 09 Mar 2017 16:16:59 +0100 From: Mike Galbraith <efault@....de> To: LKML <linux-kernel@...r.kernel.org> Cc: Jens Axboe <axboe@...nel.dk> Subject: [block] BUG: KASAN: use-after-free in rb_erase+0x1431/0x1970 Greetings, Building master.today with kasan enabled (because I saw the same when trying out kasan on rt), the below fell out. Config is enterprise based (tune for maximum build time), plus PREEMPT. [ 5.335444] ================================================================== [ 5.337030] BUG: KASAN: use-after-free in rb_erase+0x1431/0x1970 at addr ffff88035e78abb0 [ 5.338642] Write of size 8 by task swapper/7/0 [ 5.340204] CPU: 7 PID: 0 Comm: swapper/7 Tainted: G E 4.11.0-kasan #160 [ 5.341774] Hardware name: MEDION MS-7848/MS-7848, BIOS M7848W08.20C 09/23/2013 [ 5.343374] Call Trace: [ 5.344948] <IRQ> [ 5.346522] ? dump_stack+0x5c/0x7b [ 5.348098] ? kasan_object_err+0x1c/0x70 [ 5.349648] ? kasan_report.part.1+0x233/0x530 [ 5.351216] ? save_stack+0x33/0xa0 [ 5.352744] ? save_stack+0x33/0xa0 [ 5.354297] ? save_stack+0x33/0xa0 [ 5.355839] ? save_stack+0x33/0xa0 [ 5.357353] ? save_stack+0x33/0xa0 [ 5.358861] ? save_stack+0x33/0xa0 [ 5.360513] ? save_stack+0x33/0xa0 [ 5.362019] ? rb_erase+0x1431/0x1970 [ 5.363719] ? wb_congested_put+0x65/0xd0 [ 5.365833] ? __blkg_release_rcu+0x114/0x230 [ 5.367274] ? rcu_process_callbacks+0x8e2/0xff0 [ 5.368633] ? __do_softirq+0x1dd/0x581 [ 5.369988] ? irq_exit+0x166/0x190 [ 5.371323] ? smp_apic_timer_interrupt+0x76/0x90 [ 5.372627] ? apic_timer_interrupt+0x8c/0xa0 [ 5.374011] </IRQ> [ 5.375329] ? cpuidle_enter_state+0x10d/0x760 [ 5.376616] ? do_idle+0x21e/0x2d0 [ 5.377895] ? cpu_startup_entry+0xbe/0xd0 [ 5.379209] ? cpu_in_idle+0x20/0x20 [ 5.380452] ? clockevents_register_device+0x141/0x400 [ 5.381771] ? clockevents_config.part.9+0xfc/0x170 [ 5.383054] ? start_secondary+0x307/0x3e0 [ 5.384273] ? set_cpu_sibling_map+0x1880/0x1880 [ 5.385488] ? start_cpu+0x14/0x14 [ 5.387012] Object at ffff88035e78a880, in cache kmalloc-1024 size: 1024 [ 5.388250] Allocated: [ 5.389462] PID = 541 [ 5.390666] save_stack+0x33/0xa0 [ 5.391825] save_stack+0x33/0xa0 [ 5.392929] save_stack+0x33/0xa0 [ 5.394091] save_stack+0x33/0xa0 [ 5.395218] save_stack+0x33/0xa0 [ 5.396248] save_stack+0x33/0xa0 [ 5.397229] save_stack+0x33/0xa0 [ 5.398219] save_stack+0x33/0xa0 [ 5.399258] save_stack+0x33/0xa0 [ 5.400199] save_stack+0x33/0xa0 [ 5.401073] save_stack+0x33/0xa0 [ 5.401933] save_stack+0x33/0xa0 [ 5.402783] save_stack+0x33/0xa0 [ 5.403676] save_stack+0x33/0xa0 [ 5.404439] save_stack+0x33/0xa0 [ 5.405186] save_stack+0x33/0xa0 [ 5.405923] save_stack+0x33/0xa0 [ 5.406657] save_stack+0x33/0xa0 [ 5.407477] save_stack+0x33/0xa0 [ 5.408292] save_stack+0x33/0xa0 [ 5.408976] save_stack+0x33/0xa0 [ 5.409664] save_stack+0x33/0xa0 [ 5.410344] save_stack+0x33/0xa0 [ 5.411028] save_stack+0x33/0xa0 [ 5.411680] save_stack+0x33/0xa0 [ 5.412304] save_stack+0x33/0xa0 [ 5.412886] save_stack+0x33/0xa0 [ 5.413454] save_stack+0x33/0xa0 [ 5.414009] save_stack+0x33/0xa0 [ 5.414540] save_stack+0x33/0xa0 [ 5.415044] save_stack+0x33/0xa0 [ 5.415525] save_stack+0x33/0xa0 [ 5.416002] save_stack+0x33/0xa0 [ 5.416447] save_stack+0x33/0xa0 [ 5.416872] save_stack+0x33/0xa0 [ 5.417315] save_stack+0x33/0xa0 [ 5.417806] save_stack+0x33/0xa0 [ 5.418250] save_stack+0x33/0xa0 [ 5.418674] save_stack+0x33/0xa0 [ 5.419089] save_stack+0x33/0xa0 [ 5.419480] save_stack+0x33/0xa0 [ 5.419871] save_stack+0x33/0xa0 [ 5.420287] save_stack+0x33/0xa0 [ 5.420706] save_stack+0x33/0xa0 [ 5.421096] save_stack+0x33/0xa0 [ 5.421496] save_stack+0x33/0xa0 [ 5.421890] save_stack+0x33/0xa0 [ 5.422360] save_stack+0x33/0xa0 [ 5.422783] save_stack+0x33/0xa0 [ 5.423161] save_stack+0x33/0xa0 [ 5.423509] save_stack+0x33/0xa0 [ 5.423850] save_stack+0x33/0xa0 [ 5.424257] save_stack+0x33/0xa0 [ 5.424609] save_stack+0x33/0xa0 [ 5.424920] save_stack+0x33/0xa0 [ 5.425221] save_stack+0x33/0xa0 [ 5.425514] save_stack+0x33/0xa0 [ 5.425836] save_stack+0x33/0xa0 [ 5.426135] save_stack+0x33/0xa0 [ 5.426404] save_stack+0x33/0xa0 [ 5.426663] save_stack+0x33/0xa0 [ 5.426935] save_stack+0x33/0xa0 [ 5.427193] save_stack+0x33/0xa0 [ 5.427421] save_stack+0x33/0xa0 [ 5.427632] Freed: [ 5.427880] PID = 541 [ 5.428122] save_stack+0x33/0xa0 [ 5.428326] save_stack+0x33/0xa0 [ 5.428529] save_stack+0x33/0xa0 [ 5.428731] save_stack+0x33/0xa0 [ 5.428934] save_stack+0x33/0xa0 [ 5.429157] save_stack+0x33/0xa0 [ 5.429360] save_stack+0x33/0xa0 [ 5.429570] save_stack+0x33/0xa0 [ 5.429769] save_stack+0x33/0xa0 [ 5.429976] save_stack+0x33/0xa0 [ 5.430194] save_stack+0x33/0xa0 [ 5.430401] save_stack+0x33/0xa0 [ 5.430622] save_stack+0x33/0xa0 [ 5.430832] save_stack+0x33/0xa0 [ 5.431030] save_stack+0x33/0xa0 [ 5.431247] save_stack+0x33/0xa0 [ 5.431444] save_stack+0x33/0xa0 [ 5.431651] save_stack+0x33/0xa0 [ 5.431858] save_stack+0x33/0xa0 [ 5.432078] save_stack+0x33/0xa0 [ 5.432275] save_stack+0x33/0xa0 [ 5.432471] save_stack+0x33/0xa0 [ 5.432686] save_stack+0x33/0xa0 [ 5.432882] save_stack+0x33/0xa0 [ 5.433077] save_stack+0x33/0xa0 [ 5.433272] save_stack+0x33/0xa0 [ 5.433476] save_stack+0x33/0xa0 [ 5.433681] save_stack+0x33/0xa0 [ 5.433875] save_stack+0x33/0xa0 [ 5.434069] save_stack+0x33/0xa0 [ 5.434266] save_stack+0x33/0xa0 [ 5.434461] save_stack+0x33/0xa0 [ 5.434655] save_stack+0x33/0xa0 [ 5.434848] save_stack+0x33/0xa0 [ 5.435043] save_stack+0x33/0xa0 [ 5.435271] save_stack+0x33/0xa0 [ 5.435494] save_stack+0x33/0xa0 [ 5.435707] save_stack+0x33/0xa0 [ 5.435935] save_stack+0x33/0xa0 [ 5.436142] save_stack+0x33/0xa0 [ 5.436335] save_stack+0x33/0xa0 [ 5.436528] save_stack+0x33/0xa0 [ 5.436722] save_stack+0x33/0xa0 [ 5.436925] save_stack+0x33/0xa0 [ 5.437122] save_stack+0x33/0xa0 [ 5.437318] save_stack+0x33/0xa0 [ 5.437536] save_stack+0x33/0xa0 [ 5.437733] save_stack+0x33/0xa0 [ 5.437958] save_stack+0x33/0xa0 [ 5.438151] save_stack+0x33/0xa0 [ 5.438348] save_stack+0x33/0xa0 [ 5.438561] save_stack+0x33/0xa0 [ 5.438775] save_stack+0x33/0xa0 [ 5.438968] save_stack+0x33/0xa0 [ 5.439161] save_stack+0x33/0xa0 [ 5.439354] save_stack+0x33/0xa0 [ 5.439548] save_stack+0x33/0xa0 [ 5.439741] save_stack+0x33/0xa0 [ 5.439937] save_stack+0x33/0xa0 [ 5.440133] save_stack+0x33/0xa0 [ 5.440326] save_stack+0x33/0xa0 [ 5.440520] save_stack+0x33/0xa0 [ 5.440714] save_stack+0x33/0xa0 [ 5.440906] save_stack+0x33/0xa0 [ 5.441099] Memory state around the buggy address: [ 5.441327] ffff88035e78aa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 5.441572] ffff88035e78ab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 5.441805] >ffff88035e78ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 5.442027] ^ [ 5.442262] ffff88035e78ac00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 5.442538] ffff88035e78ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 5.442822] ==================================================================
Powered by blists - more mailing lists