On Thu, 2019-01-10 at 11:58 -0800, James Bottomley wrote: > On Thu, 2019-01-10 at 19:12 +0000, Esme wrote: > > Sorry for the resend some mail servers rejected the mime type. > > > > Hi, I've been getting more into Kernel stuff lately and forged ahead > > with some syzkaller bug finding. I played with reducing it further > > as you can see from the attached c code but am moving on and hope to > > get better about this process moving forward as I'm still building > > out my test systems/debugging tools. > > > > Attached is the report and C repro that still triggers on a fresh git > > pull as of a few minutes ago, if you need anything else please let me > > know. > > Esme > > > > Linux syzkaller 5.0.0-rc1+ #5 SMP Tue Jan 8 20:39:33 EST 2019 x86_64 > > GNU/Linux > > I'm not sure I'm reading this right, but it seems that a simple > allocation inside block/scsi_ioctl.h > > buffer = kzalloc(bytes, q->bounce_gfp | GFP_USER| __GFP_NOWARN); > > (where bytes is < 4k) caused a slub padding check failure on free. > From the internal details, the freeing entity seems to be KASAN as part > of its quarantine reduction (albeit triggered by this kzalloc). I'm > not remotely familiar with what KASAN is doing, but it seems the memory > corruption problem is somewhere within the KASAN tracking? > > I added linux-mm in case they can confirm this diagnosis or give me a > pointer to what might be wrong in scsi. > Well, need your .config and /proc/cmdline then.
