| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Nov 2017 14:31:17 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: linux-mm@...ck.org
Cc: Tejun Heo <tj@...nel.org>, Christoph Lameter <cl@...ux.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Dennis Zhou <dennisszhou@...il.com>,
Josef Bacik <jbacik@...com>, linux-kernel@...r.kernel.org,
lkp@...org
Subject: [pcpu] BUG: KASAN: use-after-scope in
pcpu_setup_first_chunk+0x1e3b/0x29e2
Hello,
FYI this happens in mainline kernel 4.14.0-13151-g5a78775.
This looks like a new regression after 4.14.
It occurs in 3 out of 3 boots.
[ 0.000000] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645519600211568 ns
[ 0.000000] random: fast init done
[ 0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
[ 0.000000] pcpu-alloc: [0] 0
[ 0.000000] ==================================================================
[ 0.000000] BUG: KASAN: use-after-scope in pcpu_setup_first_chunk+0x1e3b/0x29e2:
pcpu_setup_first_chunk at mm/percpu.c:2118 (discriminator 3)
[ 0.000000] Write of size 8 at addr ffffffff83c07d38 by task swapper/0
[ 0.000000]
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.0-13151-g5a78775 #2
[ 0.000000] Call Trace:
[ 0.000000] print_address_description+0x2d/0x3d0:
print_address_description at mm/kasan/report.c:253
[ 0.000000] ? pcpu_setup_first_chunk+0x1e3b/0x29e2:
pcpu_setup_first_chunk at mm/percpu.c:2118 (discriminator 3)
[ 0.000000] kasan_report+0x1f4/0x3b0:
kasan_report_error at mm/kasan/report.c:352
(inlined by) kasan_report at mm/kasan/report.c:409
[ 0.000000] pcpu_setup_first_chunk+0x1e3b/0x29e2:
pcpu_setup_first_chunk at mm/percpu.c:2118 (discriminator 3)
[ 0.000000] ? pcpu_free_alloc_info+0x83/0x83:
pcpu_setup_first_chunk at mm/percpu.c:2003
[ 0.000000] ? memblock_virt_alloc_internal+0x5a5/0xa05:
memblock_virt_alloc_internal at mm/memblock.c:1304 (discriminator 1)
[ 0.000000] ? memblock_virt_alloc_try_nid_nopanic+0x1f9/0x220:
memset at include/linux/string.h:326
(inlined by) memblock_virt_alloc_try_nid_nopanic at mm/memblock.c:1412
[ 0.000000] setup_per_cpu_areas+0x2f3/0x3be:
setup_per_cpu_areas at mm/percpu.c:2720
[ 0.000000] start_kernel+0x7a2/0x11e8:
start_kernel at init/main.c:542
[ 0.000000] ? thread_stack_cache_init+0x2e/0x2e
[ 0.000000] ? memcpy_orig+0x16/0x110:
memcpy_orig at arch/x86/lib/memcpy_64.S:77
[ 0.000000] secondary_startup_64+0xa5/0xb0:
secondary_startup_64 at arch/x86/kernel/head_64.S:237
[ 0.000000]
[ 0.000000] Memory state around the buggy address:
[ 0.000000] ffffffff83c07c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 0.000000] ffffffff83c07c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 0.000000] >ffffffff83c07d00: 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00
Attached the full dmesg, kconfig and reproduce scripts.
Thanks,
Fengguang
View attachment "dmesg-yocto-ivb41-126:20171124152859:x86_64-randconfig-s1-11211736:4.14.0-13151-g5a78775:2" of type "text/plain" (35510 bytes)
View attachment ".config" of type "text/plain" (114188 bytes)
View attachment "reproduce-yocto-ivb41-126:20171124152859:x86_64-randconfig-s1-11211736:4.14.0-13151-g5a78775:2" of type "text/plain" (903 bytes)
Powered by blists - more mailing lists