From: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
To: lkp@lists.01.org
Subject: Re: [ 0.003333] BUG: KASAN: use-after-scope in console_unlock+0x605/0xcc0
Date: Fri, 01 Dec 2017 10:58:28 +0900 [thread overview]
Message-ID: <20171201015828.GA1303@jagdpanzerIV> (raw)
In-Reply-To: <ecd089a9-5ec4-c512-aa37-7e0d59b64894@virtuozzo.com>
[-- Attachment #1: Type: text/plain, Size: 2454 bytes --]
On (11/30/17 16:07), Andrey Ryabinin wrote:
[..]
> >> You can try dirty patch from here:
> >> https://groups.google.com/d/msg/kasan-dev/iDb5bhcMBT0/55QzwWaHAwAJ
> >> It should make KASAN print the exact variable name and frame where it
> >> was allocated.
> >
> > would be good if Fengguang can try this out. I can't reproduce the
> > problem on my x86 box (linux-next and Linus's trees both work fine
> > for me with KASAN + lockdep + TRACE_IRQ).
>
> I suspect you don't have gcc 7. That's is requirement for use-after-scope.
I do have it.
gcc --version
gcc (GCC) 7.2.1 20171123
tested with
$ grep GCC .config
CONFIG_HAVE_GCC_PLUGINS=y
CONFIG_GCC_PLUGINS=y
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
CONFIG_GCC_PLUGIN_STRUCTLEAK=y
CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE=y
# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
got the following use-after-scope:
==================================================================
BUG: KASAN: use-after-scope in pcpu_setup_first_chunk+0x902/0xa21
Write of size 8 at addr ffffffff81e07d78 by task swapper/0
CPU: 0 PID: 0 Comm: swapper Not tainted 4.15.0-rc1-dbg-00261-g716b8dd05fd3-dirty #927
Call Trace:
dump_stack+0xca/0x146
? _atomic_dec_and_lock+0xdd/0xdd
? show_regs_print_info+0x39/0x39
? pcpu_setup_first_chunk+0x902/0xa21
print_address_description+0x6e/0x207
? pcpu_setup_first_chunk+0x902/0xa21
kasan_report+0x21e/0x244
pcpu_setup_first_chunk+0x902/0xa21
? pcpu_free_alloc_info+0x27/0x27
? memblock_remove+0x12/0x12
pcpu_embed_first_chunk+0x3fa/0x4a6
? pcpup_populate_pte+0xa/0xa
? pcpu_fc_free+0x40/0x40
setup_per_cpu_areas+0x7c/0x2df
start_kernel+0x174/0x489
? mem_encrypt_init+0x6/0x6
? load_ucode_bsp+0x7f/0xe0
secondary_startup_64+0xa5/0xb0
Memory state around the buggy address:
ffffffff81e07c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffff81e07c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff81e07d00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8
^
ffffffff81e07d80: f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00
ffffffff81e07e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
no printk() related reports.
-ss
WARNING: multiple messages have this Message-ID (diff)
From: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
To: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>,
Dmitry Vyukov <dvyukov@google.com>,
Fengguang Wu <fengguang.wu@intel.com>,
LKML <linux-kernel@vger.kernel.org>,
Petr Mladek <pmladek@suse.com>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
Steven Rostedt <rostedt@goodmis.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Ingo Molnar <mingo@kernel.org>,
Aleksey Makarov <aleksey.makarov@linaro.org>,
Nicolas Pitre <nicolas.pitre@linaro.org>,
Nikitas Angelinas <nikitas.angelinas@gmail.com>, LKP <lkp@01.org>,
kasan-dev <kasan-dev@googlegroups.com>
Subject: Re: [ 0.003333] BUG: KASAN: use-after-scope in console_unlock+0x605/0xcc0
Date: Fri, 1 Dec 2017 10:58:28 +0900 [thread overview]
Message-ID: <20171201015828.GA1303@jagdpanzerIV> (raw)
In-Reply-To: <ecd089a9-5ec4-c512-aa37-7e0d59b64894@virtuozzo.com>
On (11/30/17 16:07), Andrey Ryabinin wrote:
[..]
> >> You can try dirty patch from here:
> >> https://groups.google.com/d/msg/kasan-dev/iDb5bhcMBT0/55QzwWaHAwAJ
> >> It should make KASAN print the exact variable name and frame where it
> >> was allocated.
> >
> > would be good if Fengguang can try this out. I can't reproduce the
> > problem on my x86 box (linux-next and Linus's trees both work fine
> > for me with KASAN + lockdep + TRACE_IRQ).
>
> I suspect you don't have gcc 7. That's is requirement for use-after-scope.
I do have it.
gcc --version
gcc (GCC) 7.2.1 20171123
tested with
$ grep GCC .config
CONFIG_HAVE_GCC_PLUGINS=y
CONFIG_GCC_PLUGINS=y
# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
CONFIG_GCC_PLUGIN_STRUCTLEAK=y
CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y
CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE=y
# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set
got the following use-after-scope:
==================================================================
BUG: KASAN: use-after-scope in pcpu_setup_first_chunk+0x902/0xa21
Write of size 8 at addr ffffffff81e07d78 by task swapper/0
CPU: 0 PID: 0 Comm: swapper Not tainted 4.15.0-rc1-dbg-00261-g716b8dd05fd3-dirty #927
Call Trace:
dump_stack+0xca/0x146
? _atomic_dec_and_lock+0xdd/0xdd
? show_regs_print_info+0x39/0x39
? pcpu_setup_first_chunk+0x902/0xa21
print_address_description+0x6e/0x207
? pcpu_setup_first_chunk+0x902/0xa21
kasan_report+0x21e/0x244
pcpu_setup_first_chunk+0x902/0xa21
? pcpu_free_alloc_info+0x27/0x27
? memblock_remove+0x12/0x12
pcpu_embed_first_chunk+0x3fa/0x4a6
? pcpup_populate_pte+0xa/0xa
? pcpu_fc_free+0x40/0x40
setup_per_cpu_areas+0x7c/0x2df
start_kernel+0x174/0x489
? mem_encrypt_init+0x6/0x6
? load_ucode_bsp+0x7f/0xe0
secondary_startup_64+0xa5/0xb0
Memory state around the buggy address:
ffffffff81e07c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffffffff81e07c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffffffff81e07d00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8
^
ffffffff81e07d80: f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00
ffffffff81e07e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
==================================================================
no printk() related reports.
-ss
next prev parent reply other threads:[~2017-12-01 1:58 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-30 2:26 [ 0.003333] BUG: KASAN: use-after-scope in console_unlock+0x605/0xcc0 Fengguang Wu
2017-11-30 2:26 ` Fengguang Wu
2017-11-30 6:47 ` Sergey Senozhatsky
2017-11-30 6:47 ` Sergey Senozhatsky
2017-11-30 8:16 ` Dmitry Vyukov
2017-11-30 8:16 ` Dmitry Vyukov
2017-11-30 8:29 ` Sergey Senozhatsky
2017-11-30 8:29 ` Sergey Senozhatsky
2017-11-30 9:05 ` Fengguang Wu
2017-11-30 9:05 ` Fengguang Wu
2017-11-30 13:07 ` Andrey Ryabinin
2017-11-30 13:07 ` Andrey Ryabinin
2017-12-01 1:58 ` Sergey Senozhatsky [this message]
2017-12-01 1:58 ` Sergey Senozhatsky
2017-11-30 14:30 ` Fengguang Wu
2017-11-30 14:30 ` Fengguang Wu
2017-11-30 14:45 ` Dmitry Vyukov
2017-11-30 14:45 ` Dmitry Vyukov
2017-12-01 1:32 ` Sergey Senozhatsky
2017-12-01 1:32 ` Sergey Senozhatsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171201015828.GA1303@jagdpanzerIV \
--to=sergey.senozhatsky.work@gmail.com \
--cc=lkp@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.