Sure thing; cmdline; qemu-system-x86_64 -kernel linux//arch/x86/boot/bzImage -append console=ttyS0 root=/dev/sda debug earlyprintk=serial slub_debug=QUZ -hda stretch.img -net user,hostfwd=tcp::10021-:22 -net nic -enable-kvm -nographic -m 2G -smp 2 -pidfile CONFIG_PAGE*; (full file attached); # CONFIG_DEBUG_PAGEALLOC is not set CONFIG_PAGE_POISONING=y CONFIG_PAGE_POISONING_NO_SANITY=y # CONFIG_PAGE_POISONING_ZERO is not set # CONFIG_DEBUG_PAGE_REF is not set CONFIG_FAIL_PAGE_ALLOC=y ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Thursday, January 10, 2019 3:44 PM, Qian Cai <cai@xxxxxx> wrote: > On Thu, 2019-01-10 at 11:58 -0800, James Bottomley wrote: > > > On Thu, 2019-01-10 at 19:12 +0000, Esme wrote: > > > > > Sorry for the resend some mail servers rejected the mime type. > > > Hi, I've been getting more into Kernel stuff lately and forged ahead > > > with some syzkaller bug finding. I played with reducing it further > > > as you can see from the attached c code but am moving on and hope to > > > get better about this process moving forward as I'm still building > > > out my test systems/debugging tools. > > > Attached is the report and C repro that still triggers on a fresh git > > > pull as of a few minutes ago, if you need anything else please let me > > > know. > > > Esme > > > Linux syzkaller 5.0.0-rc1+ #5 SMP Tue Jan 8 20:39:33 EST 2019 x86_64 > > > GNU/Linux > > > > I'm not sure I'm reading this right, but it seems that a simple > > allocation inside block/scsi_ioctl.h > > buffer = kzalloc(bytes, q->bounce_gfp | GFP_USER| __GFP_NOWARN); > > (where bytes is < 4k) caused a slub padding check failure on free. > > From the internal details, the freeing entity seems to be KASAN as part > > of its quarantine reduction (albeit triggered by this kzalloc). I'm > > not remotely familiar with what KASAN is doing, but it seems the memory > > corruption problem is somewhere within the KASAN tracking? > > I added linux-mm in case they can confirm this diagnosis or give me a > > pointer to what might be wrong in scsi. > > Well, need your .config and /proc/cmdline then.
Attachment:
.config
Description: Binary data
