From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752127AbdLAB6f (ORCPT ); Thu, 30 Nov 2017 20:58:35 -0500 Received: from mail-pl0-f51.google.com ([209.85.160.51]:45986 "EHLO mail-pl0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751410AbdLAB6e (ORCPT ); Thu, 30 Nov 2017 20:58:34 -0500 X-Google-Smtp-Source: AGs4zMZnWkjYmHw9F4ZJb9vkc0DP3OUUfeI8n/036hhmr+tMeFa10HZnuTtB1dvPeamAs+qiKJDV6w== Date: Fri, 1 Dec 2017 10:58:28 +0900 From: Sergey Senozhatsky To: Andrey Ryabinin Cc: Sergey Senozhatsky , Dmitry Vyukov , Fengguang Wu , LKML , Petr Mladek , Sergey Senozhatsky , Steven Rostedt , Linus Torvalds , Ingo Molnar , Aleksey Makarov , Nicolas Pitre , Nikitas Angelinas , LKP , kasan-dev Subject: Re: [ 0.003333] BUG: KASAN: use-after-scope in console_unlock+0x605/0xcc0 Message-ID: <20171201015828.GA1303@jagdpanzerIV> References: <20171130022655.2e5ehqmf3lyi4jy3@wfg-t540p.sh.intel.com> <20171130064712.GA488@jagdpanzerIV> <20171130082909.GA469@jagdpanzerIV> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On (11/30/17 16:07), Andrey Ryabinin wrote: [..] > >> You can try dirty patch from here: > >> https://groups.google.com/d/msg/kasan-dev/iDb5bhcMBT0/55QzwWaHAwAJ > >> It should make KASAN print the exact variable name and frame where it > >> was allocated. > > > > would be good if Fengguang can try this out. I can't reproduce the > > problem on my x86 box (linux-next and Linus's trees both work fine > > for me with KASAN + lockdep + TRACE_IRQ). > > I suspect you don't have gcc 7. That's is requirement for use-after-scope. I do have it. gcc --version gcc (GCC) 7.2.1 20171123 tested with $ grep GCC .config CONFIG_HAVE_GCC_PLUGINS=y CONFIG_GCC_PLUGINS=y # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set # CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set CONFIG_GCC_PLUGIN_STRUCTLEAK=y CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL=y CONFIG_GCC_PLUGIN_STRUCTLEAK_VERBOSE=y # CONFIG_GCC_PLUGIN_RANDSTRUCT is not set got the following use-after-scope: ================================================================== BUG: KASAN: use-after-scope in pcpu_setup_first_chunk+0x902/0xa21 Write of size 8 at addr ffffffff81e07d78 by task swapper/0 CPU: 0 PID: 0 Comm: swapper Not tainted 4.15.0-rc1-dbg-00261-g716b8dd05fd3-dirty #927 Call Trace: dump_stack+0xca/0x146 ? _atomic_dec_and_lock+0xdd/0xdd ? show_regs_print_info+0x39/0x39 ? pcpu_setup_first_chunk+0x902/0xa21 print_address_description+0x6e/0x207 ? pcpu_setup_first_chunk+0x902/0xa21 kasan_report+0x21e/0x244 pcpu_setup_first_chunk+0x902/0xa21 ? pcpu_free_alloc_info+0x27/0x27 ? memblock_remove+0x12/0x12 pcpu_embed_first_chunk+0x3fa/0x4a6 ? pcpup_populate_pte+0xa/0xa ? pcpu_fc_free+0x40/0x40 setup_per_cpu_areas+0x7c/0x2df start_kernel+0x174/0x489 ? mem_encrypt_init+0x6/0x6 ? load_ucode_bsp+0x7f/0xe0 secondary_startup_64+0xa5/0xb0 Memory state around the buggy address: ffffffff81e07c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff81e07c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffffff81e07d00: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f8 ^ ffffffff81e07d80: f2 f2 f2 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 ffffffff81e07e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== no printk() related reports. -ss