lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Nov 2017 14:31:17 +0800 From: Fengguang Wu <fengguang.wu@...el.com> To: linux-mm@...ck.org Cc: Tejun Heo <tj@...nel.org>, Christoph Lameter <cl@...ux.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Dennis Zhou <dennisszhou@...il.com>, Josef Bacik <jbacik@...com>, linux-kernel@...r.kernel.org, lkp@...org Subject: [pcpu] BUG: KASAN: use-after-scope in pcpu_setup_first_chunk+0x1e3b/0x29e2 Hello, FYI this happens in mainline kernel 4.14.0-13151-g5a78775. This looks like a new regression after 4.14. It occurs in 3 out of 3 boots. [ 0.000000] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645519600211568 ns [ 0.000000] random: fast init done [ 0.000000] pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768 [ 0.000000] pcpu-alloc: [0] 0 [ 0.000000] ================================================================== [ 0.000000] BUG: KASAN: use-after-scope in pcpu_setup_first_chunk+0x1e3b/0x29e2: pcpu_setup_first_chunk at mm/percpu.c:2118 (discriminator 3) [ 0.000000] Write of size 8 at addr ffffffff83c07d38 by task swapper/0 [ 0.000000] [ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.14.0-13151-g5a78775 #2 [ 0.000000] Call Trace: [ 0.000000] print_address_description+0x2d/0x3d0: print_address_description at mm/kasan/report.c:253 [ 0.000000] ? pcpu_setup_first_chunk+0x1e3b/0x29e2: pcpu_setup_first_chunk at mm/percpu.c:2118 (discriminator 3) [ 0.000000] kasan_report+0x1f4/0x3b0: kasan_report_error at mm/kasan/report.c:352 (inlined by) kasan_report at mm/kasan/report.c:409 [ 0.000000] pcpu_setup_first_chunk+0x1e3b/0x29e2: pcpu_setup_first_chunk at mm/percpu.c:2118 (discriminator 3) [ 0.000000] ? pcpu_free_alloc_info+0x83/0x83: pcpu_setup_first_chunk at mm/percpu.c:2003 [ 0.000000] ? memblock_virt_alloc_internal+0x5a5/0xa05: memblock_virt_alloc_internal at mm/memblock.c:1304 (discriminator 1) [ 0.000000] ? memblock_virt_alloc_try_nid_nopanic+0x1f9/0x220: memset at include/linux/string.h:326 (inlined by) memblock_virt_alloc_try_nid_nopanic at mm/memblock.c:1412 [ 0.000000] setup_per_cpu_areas+0x2f3/0x3be: setup_per_cpu_areas at mm/percpu.c:2720 [ 0.000000] start_kernel+0x7a2/0x11e8: start_kernel at init/main.c:542 [ 0.000000] ? thread_stack_cache_init+0x2e/0x2e [ 0.000000] ? memcpy_orig+0x16/0x110: memcpy_orig at arch/x86/lib/memcpy_64.S:77 [ 0.000000] secondary_startup_64+0xa5/0xb0: secondary_startup_64 at arch/x86/kernel/head_64.S:237 [ 0.000000] [ 0.000000] Memory state around the buggy address: [ 0.000000] ffffffff83c07c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 0.000000] ffffffff83c07c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 0.000000] >ffffffff83c07d00: 00 00 00 f1 f1 f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 Attached the full dmesg, kconfig and reproduce scripts. Thanks, Fengguang View attachment "dmesg-yocto-ivb41-126:20171124152859:x86_64-randconfig-s1-11211736:4.14.0-13151-g5a78775:2" of type "text/plain" (35510 bytes) View attachment ".config" of type "text/plain" (114188 bytes) View attachment "reproduce-yocto-ivb41-126:20171124152859:x86_64-randconfig-s1-11211736:4.14.0-13151-g5a78775:2" of type "text/plain" (903 bytes)
Powered by blists - more mailing lists