Received: by 10.223.185.116 with SMTP id b49csp757230wrg; Sat, 3 Mar 2018 06:53:37 -0800 (PST) X-Google-Smtp-Source: AG47ELvgKEVA8XlAEMySNJU5GMGjUeTD/kewvY7XI4hZnkX3LgOAtywWfumteOL0cjPxtlqNmJXO X-Received: by 2002:a17:902:a584:: with SMTP id az4-v6mr8575836plb.20.1520088817386; Sat, 03 Mar 2018 06:53:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520088817; cv=none; d=google.com; s=arc-20160816; b=q/ZqDIhYX6XFLbG+QWHYl+7BZ1u1T2bdDfsSGSC1sF4+GYE+KcPcx1Kej1sM1ISLiU 0PObTe+HqAImfivAvfiUHpjcIr59AY2SQKt5jw5ntqgKO1tvHOKVaqUm9DUYv8sZfye5 joKR/P9GhXFrQ3+R0e+8KBkwG1/PatMB+xTdQLzuSF3Cs93Fv1BSmB5LAWa5Px9gNRYb zz6T/qYqIbX6rEaI1DzhuJesTDDt4zQcDlxmygYRRdgkD0uSpL6WuF3uXguugMBDPz4y VqY/JeOzN6U2FEk13JyyLGV9RvpRzFTzlMiPUiGOFiSEdr2ir9wLcsBKcFUJdtSBdr+A aqgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:cc:references:to:from:subject:dmarc-filter :dkim-signature:dkim-signature:arc-authentication-results; bh=iH8diUGmsKVFkhg3svgw2b4RHlcvtbSshPUmV87ByBo=; b=PMGvwwZdcE0C66QRKI9tFQ/RdicZ2gjyTWF2YLhcUnW3mpB8wrkAlgKOYkKvVyIOSr tv+0gSovBExKXbY8UDgqjvn1n77/T/3x2rPLZN7CBReRbjKMJ0wSQjveampT2wq9Jyz4 ZEgJPObKJebRdr3Ul1X5EBRHzJQpBxGBb+mSUeX4NWscV0PruKF2uPsiA1xi74A6e+5R Cv0yd50+/1TlP90OxWe2DfvXW84ynY0kEN7SiEQxJ0SW5VykERC70E3XsXRF9ku3dI8k nHY6sBVZMgLbPbTnCawCLouO0gmMynHQfP+RXBHv9B7px2n0kXjX6F/L5Qn5R4Zd1fVv HUHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=cImWfx+0; dkim=pass header.i=@codeaurora.org header.s=default header.b=V6CuxpZn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c10si5628268pgp.41.2018.03.03.06.53.23; Sat, 03 Mar 2018 06:53:37 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@codeaurora.org header.s=default header.b=cImWfx+0; dkim=pass header.i=@codeaurora.org header.s=default header.b=V6CuxpZn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752001AbeCCOwp (ORCPT + 99 others); Sat, 3 Mar 2018 09:52:45 -0500 Received: from smtp.codeaurora.org ([198.145.29.96]:51076 "EHLO smtp.codeaurora.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751885AbeCCOwo (ORCPT ); Sat, 3 Mar 2018 09:52:44 -0500 Received: by smtp.codeaurora.org (Postfix, from userid 1000) id 15365602B8; Sat, 3 Mar 2018 14:52:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1520088764; bh=zgaZe1j0N/ruFRqKy7bYW8bh/1vsDF/RbrLBPUkEUMo=; h=Subject:From:To:References:Cc:Date:In-Reply-To:From; b=cImWfx+09rrNH3Wr/9/7eQOQgLul3okiiQWp2gBGopTb2Q7BPyytP/GA+PSypdmpW /yWXCKsZfeqcM0ecRvuu7gLVK/3PE5PN3/4zwEcawPnt7oU4AUwjuahkujJ274HOS6 woySCD+J0ss03mMQiF5ExR23z1vvevoOOXr0TUAU= X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on pdx-caf-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=2.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,T_DKIM_INVALID autolearn=no autolearn_force=no version=3.4.0 Received: from [192.168.43.244] (unknown [27.59.179.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: gkohli@smtp.codeaurora.org) by smtp.codeaurora.org (Postfix) with ESMTPSA id 234DF602B8; Sat, 3 Mar 2018 14:52:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=codeaurora.org; s=default; t=1520088763; bh=zgaZe1j0N/ruFRqKy7bYW8bh/1vsDF/RbrLBPUkEUMo=; h=Subject:From:To:References:Cc:Date:In-Reply-To:From; b=V6CuxpZn/ZQozOGiITbEQW5JqHiqq1GnGQjh4GgkCBtT1WT/NWzyYXmoGlZb3UCGW gTfvermqFcm+8Jh+1fN+ojs7fAvFdmWX2v0gFxYjkO+SUZ8eB7sLMdqkik2BIf/Kku FaXDWkvnNOMfZmMg4YbpN+kk6XH0S3vGiAdNSXFY= DMARC-Filter: OpenDMARC Filter v1.3.2 smtp.codeaurora.org 234DF602B8 Authentication-Results: pdx-caf-mail.web.codeaurora.org; dmarc=none (p=none dis=none) header.from=codeaurora.org Authentication-Results: pdx-caf-mail.web.codeaurora.org; spf=none smtp.mailfrom=gkohli@codeaurora.org Subject: Query:Regarding object poison overwritten in binder_transaction From: "Kohli, Gaurav" To: =?UTF-8?Q?Arve_Hj=c3=b8nnev=c3=a5g?= , Riley Andrews , devel@driverdev.osuosl.org References: <4d2b6014-ea76-b489-fdde-2e058e2fac4d@codeaurora.org> Cc: Greg Kroah-Hartman , linux-kernel@vger.kernel.org Message-ID: <760538e9-dd50-6cd3-1268-bb535eb363d0@codeaurora.org> Date: Sat, 3 Mar 2018 20:22:35 +0530 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <4d2b6014-ea76-b489-fdde-2e058e2fac4d@codeaurora.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org HI , Is there any known issue of slab poisoning in binder_transaction variable on kernel 4.9,  it seems owner variable of spinlock is getting corrupted(which is last 8th byte of binder_transaction struct).    368.423462:   <2> [] print_trailer+0x13c/0x214    368.428998:   <2> [] check_bytes_and_report+0xe8/0xfc    368.435144:   <2> [] check_object+0x248/0x280    368.440592:   <2> [] alloc_debug_processing+0x148/0x1a0    368.446913:   <2> [] ___slab_alloc.constprop.72+0x654/0x690    368.453586:   <2> [] __slab_alloc.isra.68.constprop.71+0x58/0x98    368.460693:   <2> [] kmem_cache_alloc_trace+0x198/0x2c4    368.467011:   <2> [] binder_transaction+0xcb8/0x244c    368.473065:   <2> [] binder_thread_write+0x9d8/0x1410    368.479206:   <2> [] binder_ioctl_write_read+0x130/0x370    368.485615:   <2> [] binder_ioctl+0x550/0x7dc    368.491065:   <2> [] do_vfs_ioctl+0xcc/0x888    368.496424:   <2> [] SyS_ioctl+0x90/0xa4    368.501430:   <2> [] el0_svc_naked+0x24/0x28    368.506798:   <6> Kernel panic - not syncing: object poison overwritten    368.287743:   <6> Object ffffffc5a0692e20: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk    368.297117:   <6> Object ffffffc5a0692e30: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk    368.306487:   <6> Object ffffffc5a0692e40: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk    368.315866:   <6> Object ffffffc5a0692e50: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk    368.325241:   <6> Object ffffffc5a0692e60: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk    368.334618:   <6> Object ffffffc5a0692e70: 6b 6b 6b 6b 6b 6b 6b 6b 67 6b 6b 6b 6b 6b 6b a5  kkkkkkkkgkkkkkk.   here it is corrupted(seems write after free case)    368.343997:   <6> Redzone ffffffc5a0692e80: bb bb bb bb bb bb bb bb                          ........    368.352755:   <6> Padding ffffffc5a0692fc0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ    368.362215:   <6> Padding ffffffc5a0692fd0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ    368.371681:   <6> Padding ffffffc5a0692fe0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ    368.381146:   <6> Padding ffffffc5a0692ff0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ Regards Gaurav -- Qualcomm India Private Limited, on behalf of Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, a Linux Foundation Collaborative Project.