lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 26 Nov 2017 14:31:17 +0800
From:   Fengguang Wu <fengguang.wu@...el.com>
To:     linux-mm@...ck.org
Cc:     Tejun Heo <tj@...nel.org>, Christoph Lameter <cl@...ux.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Dennis Zhou <dennisszhou@...il.com>,
        Josef Bacik <jbacik@...com>, linux-kernel@...r.kernel.org,
        lkp@...org
Subject: [pcpu] BUG: KASAN: use-after-scope in
 pcpu_setup_first_chunk+0x1e3b/0x29e2

Hello,

FYI this happens in mainline kernel 4.14.0-13151-g5a78775.
This looks like a new regression after 4.14.

It occurs in 3 out of 3 boots.

[    0.000000] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645519600211568 ns
[    0.000000] random: fast init done
[    0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
[    0.000000] pcpu-alloc: [0] 0
[    0.000000] ==================================================================
[    0.000000] BUG: KASAN: use-after-scope in pcpu_setup_first_chunk+0x1e3b/0x29e2:
						pcpu_setup_first_chunk at mm/percpu.c:2118 (discriminator 3)
[    0.000000] Write of size 8 at addr ffffffff83c07d38 by task swapper/0
[    0.000000]
[    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.0-13151-g5a78775 #2
[    0.000000] Call Trace:
[    0.000000]  print_address_description+0x2d/0x3d0:
						print_address_description at mm/kasan/report.c:253
[    0.000000]  ? pcpu_setup_first_chunk+0x1e3b/0x29e2:
						pcpu_setup_first_chunk at mm/percpu.c:2118 (discriminator 3)
[    0.000000]  kasan_report+0x1f4/0x3b0:
						kasan_report_error at mm/kasan/report.c:352
						 (inlined by) kasan_report at mm/kasan/report.c:409
[    0.000000]  pcpu_setup_first_chunk+0x1e3b/0x29e2:
						pcpu_setup_first_chunk at mm/percpu.c:2118 (discriminator 3)
[    0.000000]  ? pcpu_free_alloc_info+0x83/0x83:
						pcpu_setup_first_chunk at mm/percpu.c:2003
[    0.000000]  ? memblock_virt_alloc_internal+0x5a5/0xa05:
						memblock_virt_alloc_internal at mm/memblock.c:1304 (discriminator 1)
[    0.000000]  ? memblock_virt_alloc_try_nid_nopanic+0x1f9/0x220:
						memset at include/linux/string.h:326
						 (inlined by) memblock_virt_alloc_try_nid_nopanic at mm/memblock.c:1412
[    0.000000]  setup_per_cpu_areas+0x2f3/0x3be:
						setup_per_cpu_areas at mm/percpu.c:2720
[    0.000000]  start_kernel+0x7a2/0x11e8:
						start_kernel at init/main.c:542
[    0.000000]  ? thread_stack_cache_init+0x2e/0x2e
[    0.000000]  ? memcpy_orig+0x16/0x110:
						memcpy_orig at arch/x86/lib/memcpy_64.S:77
[    0.000000]  secondary_startup_64+0xa5/0xb0:
						secondary_startup_64 at arch/x86/kernel/head_64.S:237
[    0.000000]
[    0.000000] Memory state around the buggy address:
[    0.000000]  ffffffff83c07c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    0.000000]  ffffffff83c07c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    0.000000] >ffffffff83c07d00: 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00

Attached the full dmesg, kconfig and reproduce scripts.

Thanks,
Fengguang

View attachment "dmesg-yocto-ivb41-126:20171124152859:x86_64-randconfig-s1-11211736:4.14.0-13151-g5a78775:2" of type "text/plain" (35510 bytes)

View attachment ".config" of type "text/plain" (114188 bytes)

View attachment "reproduce-yocto-ivb41-126:20171124152859:x86_64-randconfig-s1-11211736:4.14.0-13151-g5a78775:2" of type "text/plain" (903 bytes)

Powered by blists - more mailing lists