| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 30 Nov 2017 11:41:39 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: Jason Baron <jbaron@...mai.com>
Cc: Shakeel Butt <shakeelb@...gle.com>, Lee Duncan <lduncan@...e.com>,
Chris Leech <cleech@...hat.com>,
"James E.J. Bottomley" <jejb@...ux.vnet.ibm.com>,
"Martin K. Petersen" <martin.petersen@...cle.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
open-iscsi@...glegroups.com, linux-scsi@...r.kernel.org,
linux-kernel@...r.kernel.org, lkp@...org
Subject: BUG: KASAN: use-after-scope in ep_poll+0x5cd/0xc90
Hello,
FYI this happens in mainline kernel 4.15.0-rc1.
It looks a new regression and bisect is on the way.
It occurs in 3 out of 3 boots.
[ 35.704690] init: Failed to create pty - disabling logging for job
[ 35.706676] init: Temporary process spawn error: No such file or directory
[ 35.731988] init: Failed to create pty - disabling logging for job
[ 35.734084] init: Temporary process spawn error: No such file or directory
[ 35.737946] ==================================================================
[ 35.739635] BUG: KASAN: use-after-scope in ep_poll+0x5cd/0xc90:
ep_send_events at fs/eventpoll.c:1700
(inlined by) ep_poll at fs/eventpoll.c:1829
[ 35.740945] Write of size 16 at addr ffff88001018fde8 by task plymouthd/174
[ 35.742422]
[ 35.742913] CPU: 1 PID: 174 Comm: plymouthd Not tainted 4.15.0-rc1 #149
[ 35.744333] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 35.746146] Call Trace:
[ 35.746823] dump_stack+0x17d/0x25a:
dump_stack at lib/dump_stack.c:55
[ 35.747676] ? _atomic_dec_and_lock+0x296/0x296:
dump_stack at lib/dump_stack.c:29
[ 35.748714] ? printk+0x94/0xb0:
printk at kernel/printk/printk.c:1824
[ 35.749489] ? cpumask_weight+0x1e/0x1e
[ 35.750623] print_address_description+0x14b/0x3e0:
print_address_description at mm/kasan/report.c:253
[ 35.751712] ? ep_poll+0x5cd/0xc90:
ep_send_events at fs/eventpoll.c:1700
(inlined by) ep_poll at fs/eventpoll.c:1829
[ 35.752540] kasan_report+0x239/0x3a0:
kasan_report_error at mm/kasan/report.c:352
(inlined by) kasan_report at mm/kasan/report.c:409
[ 35.753415] __asan_store16+0x54/0x80
[ 35.754292] ep_poll+0x5cd/0xc90:
ep_send_events at fs/eventpoll.c:1700
(inlined by) ep_poll at fs/eventpoll.c:1829
[ 35.755089] ? ep_eventpoll_poll+0x160/0x160:
ep_poll at fs/eventpoll.c:1738
[ 35.756079] ? ep_item_poll+0xa8/0x1a0
[ 35.757104] ? __asan_loadN+0xf/0x20
[ 35.757970] ? mutex_unlock+0x49/0x90:
__mutex_unlock_fast at kernel/locking/mutex.c:153
(inlined by) mutex_unlock at kernel/locking/mutex.c:611
[ 35.758848] ? __asan_loadN+0xf/0x20
[ 35.759397] init: Failed to create pty - disabling logging for job
[ 35.759739] init: Temporary process spawn error: No such file or directory
[ 35.762496] ? SyS_epoll_ctl+0x3fe/0x1620
[ 35.763427] ? SyS_epoll_create+0x210/0x210
[ 35.764395] ? unix_accept+0x49c/0x4d0:
native_queued_spin_unlock at include/linux/compiler.h:209
(inlined by) queued_spin_unlock at arch/x86/include/asm/qspinlock.h:46
(inlined by) do_raw_spin_unlock at include/linux/spinlock.h:187
(inlined by) __raw_spin_unlock at include/linux/spinlock_api_smp.h:151
(inlined by) spin_unlock at include/linux/spinlock.h:355
(inlined by) unix_accept at net/unix/af_unix.c:1448
[ 35.765288] ? sock_put+0x50/0x50:
unix_accept at net/unix/af_unix.c:1413
[ 35.766096] ? branch_trace_reset+0x10/0x10:
ftrace_likely_update at kernel/trace/trace_branch.c:207
[ 35.767056] ? __asan_loadN+0xf/0x20
[ 35.767916] ? ftrace_likely_update+0x91/0x3b0:
ftrace_likely_update at kernel/trace/trace_branch.c:223
[ 35.768936] ? branch_trace_reset+0x10/0x10:
ftrace_likely_update at kernel/trace/trace_branch.c:207
[ 35.769904] ? SYSC_accept4+0x12f/0x710:
SYSC_accept4 at net/socket.c:1597
[ 35.775190] ? __fget_light+0x26c/0x2e0:
__fget_light at fs/file.c:741 (discriminator 2)
[ 35.777712] ? rw_verify_area+0x13c/0x300:
rw_verify_area at fs/read_write.c:380
[ 35.778645] ? trace_hardirqs_on_caller+0xd5/0x1b0:
static_key_false at include/linux/jump_label.h:201
(inlined by) trace_irq_enable_rcuidle at include/trace/events/preemptirq.h:40
(inlined by) trace_hardirqs_on_caller at kernel/trace/trace_irqsoff.c:815
[ 35.781772] ? entry_SYSCALL_64_fastpath+0x5/0x91:
entry_SYSCALL_64_fastpath at arch/x86/entry/entry_64.S:192
[ 35.781784] ? vfs_write+0x35a/0x520:
file_end_write at include/linux/fs.h:2727
(inlined by) vfs_write at fs/read_write.c:550
[ 35.781796] ? do_task_dead+0x70/0x70:
default_wake_function at kernel/sched/core.c:3627
[ 35.781810] SyS_epoll_wait+0x2a6/0x2f0
[ 35.781821] entry_SYSCALL_64_fastpath+0x1f/0x91:
entry_SYSCALL_64_fastpath at arch/x86/entry/entry_64.S:210
[ 35.781828] RIP: 0033:0x7f78afd0db33
[ 35.781832] RSP: 002b:00007ffd2a335798 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8
[ 35.781842] RAX: ffffffffffffffda RBX: 0000000001a4c940 RCX: 00007f78afd0db33
[ 35.781847] RDX: 0000000000000040 RSI: 00007f78b0402520 RDI: 0000000000000003
[ 35.781852] RBP: 0000000000000007 R08: 0000000000000003 R09: 0000000000000008
[ 35.781858] R10: 00000000ffffffff R11: 0000000000000246 R12: 0000000001a4c940
[ 35.781863] R13: 0000000001a50c50 R14: 0000000000000000 R15: 0000000000000000
[ 35.781870]
[ 35.781873] The buggy address belongs to the page:
[ 35.781883] page:ffffea00004063c0 count:0 mapcount:0 mapping: (null) index:0x0
Attached the full dmesg, kconfig and reproduce scripts.
Thanks,
Fengguang
View attachment "dmesg-vm-vp-quantal-x86_64-45:20171129181612:x86_64-randconfig-ws0-11291727:4.15.0-rc1:149" of type "text/plain" (55412 bytes)
View attachment ".config" of type "text/plain" (106776 bytes)
View attachment "job-script" of type "text/plain" (3850 bytes)
View attachment "reproduce-vm-vp-quantal-x86_64-45:20171129181612:x86_64-randconfig-ws0-11291727:4.15.0-rc1:149" of type "text/plain" (1800 bytes)
Powered by blists - more mailing lists