lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190813105852.ovk5gtzddwlsm4ly@willie-the-truck>
Date:   Tue, 13 Aug 2019 11:58:52 +0100
From:   Will Deacon <will@...nel.org>
To:     Qian Cai <cai@....pw>
Cc:     Catalin Marinas <catalin.marinas@....com>,
        Andrey Konovalov <andreyknvl@...gle.com>,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: "arm64/for-next/core" causes boot panic

On Tue, Aug 13, 2019 at 10:02:01AM +0100, Will Deacon wrote:
> On Mon, Aug 12, 2019 at 05:51:35PM -0400, Qian Cai wrote:
> > Booting today's linux-next on an arm64 server triggers a panic with
> > CONFIG_KASAN_SW_TAGS=y pointing to this line,
> 
> Is this the only change on top of defconfig? If not, please can you share
> your full .config?
> 
> > kfree()->virt_to_head_page()->compound_head()
> > 
> > unsigned long head = READ_ONCE(page->compound_head);
> > 
> > The bisect so far indicates one of those could be bad,
> 
> I guess that means the issue is reproducible on the arm64 for-next/core
> branch. Once I have your .config, I'll give it a go.

FWIW, I've managed to reproduce this using defconfig + SW_TAGS on
for-next/core, so I'll keep investigating.

Will

--->8

[    0.000000] Unable to handle kernel paging request at virtual address 0037fe0007580d08
[    0.000000] Mem abort info:
[    0.000000]   ESR = 0x96000004
[    0.000000]   EC = 0x25: DABT (current EL), IL = 32 bits
[    0.000000]   SET = 0, FnV = 0
[    0.000000]   EA = 0, S1PTW = 0
[    0.000000] Data abort info:
[    0.000000]   ISV = 0, ISS = 0x00000004
[    0.000000]   CM = 0, WnR = 0
[    0.000000] [0037fe0007580d08] address between user and kernel address ranges
[    0.000000] Internal error: Oops: 96000004 [#1] PREEMPT SMP
[    0.000000] Modules linked in:
[    0.000000] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.3.0-rc3-00049-gf964cbd07098 #1
[    0.000000] Hardware name: linux,dummy-virt (DT)
[    0.000000] pstate: 20000085 (nzCv daIf -PAN -UAO)
[    0.000000] pc : kfree+0x44/0x6ac
[    0.000000] lr : apply_wqattrs_prepare+0x390/0x3fc
[    0.000000] sp : ffff9000541d7d00
[    0.000000] x29: ffff9000541d7d80 x28: 4dff0001de034e08 
[    0.000000] x27: b2ff0001de040000 x26: 0000000000000004 
[    0.000000] x25: c1ff0001de034c28 x24: 4dff0001de034e00 
[    0.000000] x23: a8ff0001de034d00 x22: c1ff0001de020a00 
[    0.000000] x21: a8ff0001de034d08 x20: 0000000000000000 
[    0.000000] x19: c1ff0001de034c00 x18: 0000000000000000 
[    0.000000] x17: 0000000000000000 x16: 0000000000000000 
[    0.000000] x15: 1ffff6b000000000 x14: ffff900053ca87e4 
[    0.000000] x13: ffff900052539444 x12: ffff90005253ce48 
[    0.000000] x11: 00000000000000c1 x10: ffff80001de034c1 
[    0.000000] x9 : fffffdffffe00008 x8 : 0138000007780d00 
[    0.000000] x7 : ffffffffffffffff x6 : a8ff0001de034d28 
[    0.000000] x5 : 0000000000000040 x4 : 0000000000000008 
[    0.000000] x3 : 0000000000000100 x2 : ffff9000541ddf68 
[    0.000000] x1 : a8ff0001de034d08 x0 : 4dff0001de034e00 
[    0.000000] Call trace:
[    0.000000]  kfree+0x44/0x6ac
[    0.000000]  apply_wqattrs_prepare+0x390/0x3fc
[    0.000000]  apply_workqueue_attrs+0x70/0xe4
[    0.000000]  alloc_workqueue+0x514/0x728
[    0.000000]  workqueue_init_early+0x36c/0x4a0
[    0.000000]  start_kernel+0x1d0/0x46c
[    0.000000] Code: f2bffc09 d346fd08 f2dfbfe9 927acd08 (f8696909) 
[    0.000000] random: get_random_bytes called from oops_exit+0x4c/0x78 with crng_init=0
[    0.000000] ---[ end trace 0000000000000000 ]---

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ