Re: PROBLEM: syzkaller found / pool corruption-overwrite / page in user-area or NULL

From: Esme
Date: Thu Jan 10 2019 - 16:35:34 EST

Next message: Andy Lutomirski: "Re: x86/sgx: uapi change proposal"
Previous message: Andy Lutomirski: "Re: x86/sgx: uapi change proposal"
In reply to: Qian Cai: "Re: PROBLEM: syzkaller found / pool corruption-overwrite / page in user-area or NULL"
Next in thread: Qian Cai: "Re: PROBLEM: syzkaller found / pool corruption-overwrite / page in user-area or NULL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The repro.report is from a different test system, I pulled the attached config from proc (attached);

Excerpted relevant PAGE options

# CONFIG_PAGE_TABLE_ISOLATION is not set
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
# CONFIG_PAGE_OWNER is not set
CONFIG_PAGE_EXTENSION=y
# CONFIG_DEBUG_PAGEALLOC is not set
CONFIG_PAGE_POISONING=y
CONFIG_PAGE_POISONING_NO_SANITY=y
# CONFIG_PAGE_POISONING_ZERO is not set
# CONFIG_DEBUG_PAGE_REF is not set
CONFIG_FAIL_PAGE_ALLOC=y

root@syzkaller:~# uname -a
Linux syzkaller 5.0.0-rc1+ #5 SMP Tue Jan 8 20:39:33 EST 2019 x86_64 GNU/Linux

--
Esme

âââââââ Original Message âââââââ
On Thursday, January 10, 2019 4:03 PM, Qian Cai <cai@xxxxxx> wrote:

> On Thu, 2019-01-10 at 20:47 +0000, Esme wrote:
>
> > Sure thing;
> > cmdline;
> > qemu-system-x86_64 -kernel linux//arch/x86/boot/bzImage -append console=ttyS0
> > root=/dev/sda debug earlyprintk=serial slub_debug=QUZ -hda stretch.img -net
> > user,hostfwd=tcp::10021-:22 -net nic -enable-kvm -nographic -m 2G -smp 2
> > -pidfile
> > CONFIG_PAGE*; (full file attached);
> >
> > CONFIG_DEBUG_PAGEALLOC is not set
> >
> > ==================================
> >
> > CONFIG_PAGE_POISONING=y
> > CONFIG_PAGE_POISONING_NO_SANITY=y
> >
> > CONFIG_PAGE_POISONING_ZERO is not set
> >
> > ======================================
> >
> > CONFIG_DEBUG_PAGE_REF is not set
> >
> > =================================
> >
> > CONFIG_FAIL_PAGE_ALLOC=y
>
> Confused.
>
> https://www.mail-archive.com/linux-kernel@xxxxxxxxxxxxxxx/msg1896410.html
>
> It said 5.0.0-rc1+
>
> https://www.mail-archive.com/linux-kernel@xxxxxxxxxxxxxxx/msg1896410/repro.repor
> t
>
> It said 4.20.0+, and it also have,
>
> "general protection fault: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI"
>
> which indicated CONFIG_DEBUG_PAGEALLOC=y but your .config said NO.
>
> However, it looks like a mess that KASAN does not play well with all those
> SLUB_DEBUG, CONFIG_DEBUG_PAGEALLOC etc, because it essentially step into each
> others' toes by redzoning, poisoning in allocate and free pages.

Attachment: proc.config
Description: Binary data

Next message: Andy Lutomirski: "Re: x86/sgx: uapi change proposal"
Previous message: Andy Lutomirski: "Re: x86/sgx: uapi change proposal"
In reply to: Qian Cai: "Re: PROBLEM: syzkaller found / pool corruption-overwrite / page in user-area or NULL"
Next in thread: Qian Cai: "Re: PROBLEM: syzkaller found / pool corruption-overwrite / page in user-area or NULL"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]