| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <12c9e499-9c11-d248-6a3f-14ec8c4e07f1@molgen.mpg.de>
Date: Wed, 31 Jan 2018 17:46:47 +0100
From: Paul Menzel <pmenzel+linux-kasan-dev@...gen.mpg.de>
To: Andrey Ryabinin <aryabinin@...tuozzo.com>,
Alexander Potapenko <glider@...gle.com>,
Dmitry Vyukov <dvyukov@...gle.com>
Cc: kasan-dev@...glegroups.com, linux-kernel@...r.kernel.org,
linux-pm@...r.kernel.org
Subject: Trying to vfree() nonexistent vm area (000000005d3b34b9)
Dear Linux folks,
Running `sudo make kselftest` with Linux 4.15+ built from commit
3da90b159b14 (Merge tag 'f2fs-for-4.16-rc1' of
git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs) it stops at
```
[…]
TAP version 13
selftests: main.sh
========================================
pid 19166's current affinity mask: f
pid 19166's new affinity mask: 1
```
The traces below are shown in the log.
> [ 741.295745] ------------[ cut here ]------------
> [ 741.295748] Trying to vfree() nonexistent vm area (000000005d3b34b9)
> [ 741.295767] WARNING: CPU: 2 PID: 13215 at mm/vmalloc.c:1525 __vunmap+0x147/0x190
> [ 741.295768] Modules linked in: test_firmware ccm cmac rfcomm bnep uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core btusb btrtl videodev btbcm btintel media bluetooth ecdh_generic snd_hrtimer snd_seq snd_seq_device intel_rapl x86_pkg_temp_thermal binfmt_misc intel_powerclamp coretemp kvm_intel kvm nls_iso8859_1 snd_hda_codec_hdmi arc4 irqbypass snd_hda_codec_realtek crct10dif_pclmul crc32_pclmul snd_hda_codec_generic iwlmvm ghash_clmulni_intel pcbc mac80211 snd_hda_intel aesni_intel aes_x86_64 crypto_simd snd_hda_codec glue_helper cryptd snd_hda_core snd_hwdep intel_cstate iwlwifi intel_rapl_perf snd_pcm snd_timer input_leds joydev serio_raw snd cfg80211 soundcore mei_me mei shpchp intel_pch_thermal tpm_crb acpi_pad mac_hid parport_pc ppdev lp parport dm_crypt ip_tables x_tables
> [ 741.295829] autofs4 btrfs zstd_decompress zstd_compress xxhash raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear dm_mirror dm_region_hash dm_log i915 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops r8169 psmouse mii ahci drm libahci wmi video
> [ 741.295861] CPU: 2 PID: 13215 Comm: mem-on-off-test Not tainted 4.15.0+ #21
> [ 741.295863] Hardware name: Notebook N24_25BU/N24_25BU, BIOS 5.12 07/07/2017
> [ 741.295867] RIP: 0010:__vunmap+0x147/0x190
> [ 741.295868] RSP: 0018:ffff8806210b77f0 EFLAGS: 00010286
> [ 741.295871] RAX: 0000000000000000 RBX: ffffed0001000000 RCX: 0000000000000000
> [ 741.295873] RDX: 0000000000000007 RSI: 1ffff100c4216eb3 RDI: ffff880812b1f5f0
> [ 741.295875] RBP: 0000000000000000 R08: fffffbfff71ef2e5 R09: 1ffff100c4216e83
> [ 741.295877] R10: ffff8806ad34f6f8 R11: fffffbfff71ef2e4 R12: 0000000000000001
> [ 741.295880] R13: ffffed00c4216f16 R14: ffff8806210b78b0 R15: ffffffffb8728820
> [ 741.295883] FS: 00007fcb78078740(0000) GS:ffff880812b00000(0000) knlGS:0000000000000000
> [ 741.295884] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 741.295886] CR2: 0000000000714dc0 CR3: 00000006c7b8a004 CR4: 00000000003606e0
> [ 741.295888] Call Trace:
> [ 741.295895] kasan_mem_notifier+0xad/0xb9
> [ 741.295899] notifier_call_chain+0x166/0x260
> [ 741.295904] ? SyS_setns+0x240/0x240
> [ 741.295907] ? _cond_resched+0x17/0x60
> [ 741.295910] ? down_read+0x7f/0x110
> [ 741.295912] ? down_write_killable+0x100/0x100
> [ 741.295916] ? online_memory_block+0x10/0x10
> [ 741.295920] ? __bitmap_weight+0x3b/0xc0
> [ 741.295924] __blocking_notifier_call_chain+0xdb/0x140
> [ 741.295928] ? srcu_notifier_call_chain+0x10/0x10
> [ 741.295931] ? cpumask_next+0x1c/0x40
> [ 741.295935] __offline_pages+0x96a/0xb10
> [ 741.295941] ? online_pages+0x550/0x550
> [ 741.295944] ? _cond_resched+0x17/0x60
> [ 741.295946] ? down_write+0xa6/0xf0
> [ 741.295950] ? __down_killable+0x510/0x510
> [ 741.295954] ? _find_next_bit+0x8e/0xf0
> [ 741.295959] ? percpu_down_write+0x308/0x420
> [ 741.295964] ? __percpu_up_read+0x40/0x40
> [ 741.295967] ? locks_remove_posix+0xf9/0x400
> [ 741.295970] ? klist_next+0x10f/0x240
> [ 741.295974] ? klist_iter_exit+0x16/0x50
> [ 741.295978] ? rcu_sched_qs.part.49+0x70/0x70
> [ 741.295981] ? device_remove_class_symlinks+0x110/0x110
> [ 741.295985] ? show_auto_online_blocks+0x70/0x70
> [ 741.295988] memory_subsys_offline+0x76/0xc0
> [ 741.295991] device_offline+0xb8/0x120
> [ 741.295995] store_mem_state+0xfa/0x120
> [ 741.296000] kernfs_fop_write+0x1d5/0x320
> [ 741.296004] ? sysfs_kf_bin_read+0x1b0/0x1b0
> [ 741.296008] __vfs_write+0xd4/0x530
> [ 741.296012] ? __fget_light+0x1c3/0x2a0
> [ 741.296015] ? kernel_read+0x100/0x100
> [ 741.296020] ? apparmor_task_setrlimit+0x470/0x470
> [ 741.296026] ? vfs_fallocate+0x4f0/0x4f0
> [ 741.296029] ? SyS_dup2+0x297/0x4e0
> [ 741.296033] ? f_getown+0x80/0x80
> [ 741.296036] ? rcu_sched_qs.part.49+0x70/0x70
> [ 741.296040] vfs_write+0x105/0x340
> [ 741.296044] SyS_write+0xb0/0x140
> [ 741.296047] ? SyS_read+0x140/0x140
> [ 741.296052] entry_SYSCALL_64_fastpath+0x24/0x87
> [ 741.296088] RIP: 0033:0x7fcb777890c4
> [ 741.296090] RSP: 002b:00007ffc5dbf6888 EFLAGS: 00000246
> [ 741.296093] Code: 48 89 fe 48 c7 c7 40 82 71 b5 e8 a5 57 bf ff 0f ff 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 89 de 48 c7 c7 a0 82 71 b5 e8 89 57 bf ff <0f> ff eb e2 48 63 f3 ba 01 00 00 00 4c 89 ff e8 d1 c8 68 00 e9
> [ 741.296136] ---[ end trace a2224ce39f83d90a ]---
> [ 741.302360] Offlined Pages 32768
> [ 741.302915] ------------[ cut here ]------------
> [ 741.302918] Trying to vfree() nonexistent vm area (0000000048fb8dce)
> [ 741.302933] WARNING: CPU: 1 PID: 13215 at mm/vmalloc.c:1525 __vunmap+0x147/0x190
> [ 741.302934] Modules linked in: test_firmware ccm cmac rfcomm bnep uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core btusb btrtl videodev btbcm btintel media bluetooth ecdh_generic snd_hrtimer snd_seq snd_seq_device intel_rapl x86_pkg_temp_thermal binfmt_misc intel_powerclamp coretemp kvm_intel kvm nls_iso8859_1 snd_hda_codec_hdmi arc4 irqbypass snd_hda_codec_realtek crct10dif_pclmul crc32_pclmul snd_hda_codec_generic iwlmvm ghash_clmulni_intel pcbc mac80211 snd_hda_intel aesni_intel aes_x86_64 crypto_simd snd_hda_codec glue_helper cryptd snd_hda_core snd_hwdep intel_cstate iwlwifi intel_rapl_perf snd_pcm snd_timer input_leds joydev serio_raw snd cfg80211 soundcore mei_me mei shpchp intel_pch_thermal tpm_crb acpi_pad mac_hid parport_pc ppdev lp parport dm_crypt ip_tables x_tables
> [ 741.302978] autofs4 btrfs zstd_decompress zstd_compress xxhash raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear dm_mirror dm_region_hash dm_log i915 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops r8169 psmouse mii ahci drm libahci wmi video
> [ 741.303002] CPU: 1 PID: 13215 Comm: mem-on-off-test Tainted: G W 4.15.0+ #21
> [ 741.303003] Hardware name: Notebook N24_25BU/N24_25BU, BIOS 5.12 07/07/2017
> [ 741.303007] RIP: 0010:__vunmap+0x147/0x190
> [ 741.303008] RSP: 0018:ffff8806210b77f0 EFLAGS: 00010286
> [ 741.303010] RAX: 0000000000000000 RBX: ffffed000a000000 RCX: 0000000000000000
> [ 741.303011] RDX: 0000000000000007 RSI: 1ffff100c4216eb3 RDI: ffff880812a9f5f0
> [ 741.303012] RBP: 0000000000000000 R08: fffffbfff71ef2e5 R09: 1ffff100c4216e83
> [ 741.303013] R10: ffff88072da876f8 R11: fffffbfff71ef2e4 R12: 0000000000000001
> [ 741.303015] R13: ffffed00c4216f16 R14: ffff8806210b78b0 R15: ffffffffb8728820
> [ 741.303016] FS: 00007fcb78078740(0000) GS:ffff880812a80000(0000) knlGS:0000000000000000
> [ 741.303018] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 741.303019] CR2: 0000000000f094e0 CR3: 00000006c7b8a002 CR4: 00000000003606e0
> [ 741.303020] Call Trace:
> [ 741.303025] kasan_mem_notifier+0xad/0xb9
> [ 741.303028] notifier_call_chain+0x166/0x260
> [ 741.303031] ? SyS_setns+0x240/0x240
> [ 741.303033] ? _cond_resched+0x17/0x60
> [ 741.303036] ? down_read+0x7f/0x110
> [ 741.303038] ? down_write_killable+0x100/0x100
> [ 741.303041] ? online_memory_block+0x10/0x10
> [ 741.303044] ? __bitmap_weight+0x3b/0xc0
> [ 741.303046] __blocking_notifier_call_chain+0xdb/0x140
> [ 741.303049] ? srcu_notifier_call_chain+0x10/0x10
> [ 741.303052] ? cpumask_next+0x1c/0x40
> [ 741.303054] __offline_pages+0x96a/0xb10
> [ 741.303057] ? online_pages+0x550/0x550
> [ 741.303059] ? _cond_resched+0x17/0x60
> [ 741.303061] ? down_write+0xa6/0xf0
> [ 741.303063] ? __down_killable+0x510/0x510
> [ 741.303065] ? _find_next_bit+0x8e/0xf0
> [ 741.303068] ? percpu_down_write+0x308/0x420
> [ 741.303071] ? __percpu_up_read+0x40/0x40
> [ 741.303073] ? locks_remove_posix+0xf9/0x400
> [ 741.303076] ? klist_next+0x10f/0x240
> [ 741.303078] ? klist_iter_exit+0x16/0x50
> [ 741.303081] ? rcu_sched_qs.part.49+0x70/0x70
> [ 741.303083] ? device_remove_class_symlinks+0x110/0x110
> [ 741.303086] ? show_auto_online_blocks+0x70/0x70
> [ 741.303088] memory_subsys_offline+0x76/0xc0
> [ 741.303091] device_offline+0xb8/0x120
> [ 741.303093] store_mem_state+0xfa/0x120
> [ 741.303097] kernfs_fop_write+0x1d5/0x320
> [ 741.303099] ? sysfs_kf_bin_read+0x1b0/0x1b0
> [ 741.303102] __vfs_write+0xd4/0x530
> [ 741.303105] ? __fget_light+0x1c3/0x2a0
> [ 741.303107] ? kernel_read+0x100/0x100
> [ 741.303110] ? apparmor_task_setrlimit+0x470/0x470
> [ 741.303113] ? vfs_fallocate+0x4f0/0x4f0
> [ 741.303115] ? SyS_dup2+0x297/0x4e0
> [ 741.303118] ? f_getown+0x80/0x80
> [ 741.303120] ? rcu_sched_qs.part.49+0x70/0x70
> [ 741.303123] vfs_write+0x105/0x340
> [ 741.303126] SyS_write+0xb0/0x140
> [ 741.303127] ? SyS_read+0x140/0x140
> [ 741.303131] entry_SYSCALL_64_fastpath+0x24/0x87
> [ 741.303158] RIP: 0033:0x7fcb777890c4
> [ 741.303160] RSP: 002b:00007ffc5dbf6888 EFLAGS: 00000246
> [ 741.303162] Code: 48 89 fe 48 c7 c7 40 82 71 b5 e8 a5 57 bf ff 0f ff 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 89 de 48 c7 c7 a0 82 71 b5 e8 89 57 bf ff <0f> ff eb e2 48 63 f3 ba 01 00 00 00 4c 89 ff e8 d1 c8 68 00 e9
> [ 741.303194] ---[ end trace a2224ce39f83d90b ]---
> [ 741.309520] Offlined Pages 32768
> [ 741.309961] ------------[ cut here ]------------
> [ 741.309963] Trying to vfree() nonexistent vm area (00000000ac162129)
> [ 741.309978] WARNING: CPU: 3 PID: 13215 at mm/vmalloc.c:1525 __vunmap+0x147/0x190
> [ 741.309978] Modules linked in: test_firmware ccm cmac rfcomm bnep uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core btusb btrtl videodev btbcm btintel media bluetooth ecdh_generic snd_hrtimer snd_seq snd_seq_device intel_rapl x86_pkg_temp_thermal binfmt_misc intel_powerclamp coretemp kvm_intel kvm nls_iso8859_1 snd_hda_codec_hdmi arc4 irqbypass snd_hda_codec_realtek crct10dif_pclmul crc32_pclmul snd_hda_codec_generic iwlmvm ghash_clmulni_intel pcbc mac80211 snd_hda_intel aesni_intel aes_x86_64 crypto_simd snd_hda_codec glue_helper cryptd snd_hda_core snd_hwdep intel_cstate iwlwifi intel_rapl_perf snd_pcm snd_timer input_leds joydev serio_raw snd cfg80211 soundcore mei_me mei shpchp intel_pch_thermal tpm_crb acpi_pad mac_hid parport_pc ppdev lp parport dm_crypt ip_tables x_tables
> [ 741.310022] autofs4 btrfs zstd_decompress zstd_compress xxhash raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear dm_mirror dm_region_hash dm_log i915 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops r8169 psmouse mii ahci drm libahci wmi video
> [ 741.310045] CPU: 3 PID: 13215 Comm: mem-on-off-test Tainted: G W 4.15.0+ #21
> [ 741.310046] Hardware name: Notebook N24_25BU/N24_25BU, BIOS 5.12 07/07/2017
> [ 741.310048] RIP: 0010:__vunmap+0x147/0x190
> [ 741.310049] RSP: 0018:ffff8806210b77f0 EFLAGS: 00010286
> [ 741.310051] RAX: 0000000000000000 RBX: ffffed0064000000 RCX: 0000000000000000
> [ 741.310053] RDX: 0000000000000007 RSI: 1ffff100c4216eb3 RDI: ffff880812b9f5f0
> [ 741.310054] RBP: 0000000000000000 R08: fffffbfff71ef2e5 R09: 1ffff100c4216e83
> [ 741.310055] R10: ffff8806b99c76f8 R11: fffffbfff71ef2e4 R12: 0000000000000001
> [ 741.310056] R13: ffffed00c4216f16 R14: ffff8806210b78b0 R15: ffffffffb8728820
> [ 741.310058] FS: 00007fcb78078740(0000) GS:ffff880812b80000(0000) knlGS:0000000000000000
> [ 741.310059] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 741.310060] CR2: 000000000070f070 CR3: 00000006c7b8a002 CR4: 00000000003606e0
> [ 741.310061] Call Trace:
> [ 741.310067] kasan_mem_notifier+0xad/0xb9
> [ 741.310070] notifier_call_chain+0x166/0x260
> [ 741.310073] ? SyS_setns+0x240/0x240
> [ 741.310075] ? _cond_resched+0x17/0x60
> [ 741.310077] ? down_read+0x7f/0x110
> [ 741.310079] ? down_write_killable+0x100/0x100
> [ 741.310082] ? online_memory_block+0x10/0x10
> [ 741.310084] ? __bitmap_weight+0x3b/0xc0
> [ 741.310087] __blocking_notifier_call_chain+0xdb/0x140
> [ 741.310091] ? srcu_notifier_call_chain+0x10/0x10
> [ 741.310094] ? cpumask_next+0x1c/0x40
> [ 741.310097] __offline_pages+0x96a/0xb10
> [ 741.310100] ? online_pages+0x550/0x550
> [ 741.310102] ? _cond_resched+0x17/0x60
> [ 741.310104] ? down_write+0xa6/0xf0
> [ 741.310106] ? __down_killable+0x510/0x510
> [ 741.310108] ? _find_next_bit+0x8e/0xf0
> [ 741.310111] ? percpu_down_write+0x308/0x420
> [ 741.310113] ? __percpu_up_read+0x40/0x40
> [ 741.310116] ? locks_remove_posix+0xf9/0x400
> [ 741.310118] ? klist_next+0x10f/0x240
> [ 741.310120] ? klist_iter_exit+0x16/0x50
> [ 741.310123] ? rcu_sched_qs.part.49+0x70/0x70
> [ 741.310125] ? device_remove_class_symlinks+0x110/0x110
> [ 741.310128] ? show_auto_online_blocks+0x70/0x70
> [ 741.310130] memory_subsys_offline+0x76/0xc0
> [ 741.310132] device_offline+0xb8/0x120
> [ 741.310135] store_mem_state+0xfa/0x120
> [ 741.310138] kernfs_fop_write+0x1d5/0x320
> [ 741.310140] ? sysfs_kf_bin_read+0x1b0/0x1b0
> [ 741.310143] __vfs_write+0xd4/0x530
> [ 741.310146] ? __fget_light+0x1c3/0x2a0
> [ 741.310147] ? kernel_read+0x100/0x100
> [ 741.310150] ? apparmor_task_setrlimit+0x470/0x470
> [ 741.310153] ? vfs_fallocate+0x4f0/0x4f0
> [ 741.310155] ? SyS_dup2+0x297/0x4e0
> [ 741.310158] ? f_getown+0x80/0x80
> [ 741.310160] ? rcu_sched_qs.part.49+0x70/0x70
> [ 741.310163] vfs_write+0x105/0x340
> [ 741.310166] SyS_write+0xb0/0x140
> [ 741.310168] ? SyS_read+0x140/0x140
> [ 741.310171] entry_SYSCALL_64_fastpath+0x24/0x87
> [ 741.310194] RIP: 0033:0x7fcb777890c4
> [ 741.310195] RSP: 002b:00007ffc5dbf6888 EFLAGS: 00000246
> [ 741.310198] Code: 48 89 fe 48 c7 c7 40 82 71 b5 e8 a5 57 bf ff 0f ff 5b 5d 41 5c 41 5d 41 5e 41 5f c3 48 89 de 48 c7 c7 a0 82 71 b5 e8 89 57 bf ff <0f> ff eb e2 48 63 f3 ba 01 00 00 00 4c 89 ff e8 d1 c8 68 00 e9
> [ 741.310229] ---[ end trace a2224ce39f83d90c ]---
I am sorry, if this is the wrong subsystem to report such issues to.
Please tell me the right place.
Kind regards,
Paul
View attachment "config-4.15.0+" of type "text/plain" (212720 bytes)
Powered by blists - more mailing lists