| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 May 2017 09:22:38 +0800
From: kernel test robot <xiaolong.ye@...el.com>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: LKML <linux-kernel@...r.kernel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>, lkp@...org
Subject: [lkp-robot] [generic_file_read_iter()] 5ecda13711:
BUG:KASAN:stack-out-of-bounds
FYI, we noticed the following commit:
commit: 5ecda13711b3bd4a750b5740897bf13d1720de7c ("generic_file_read_iter(): make use of iov_iter_revert()")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
in testcase: ocfs2test
with following parameters:
disk: 1HDD
test: test-backup_super
on test machine: qemu-system-x86_64 -enable-kvm -cpu host -smp 2 -m 4G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------------------------------+------------+------------+
| | 639a93a521 | 5ecda13711 |
+------------------------------------------------------------------+------------+------------+
| boot_successes | 4 | 0 |
| boot_failures | 4 | 8 |
| invoked_oom-killer:gfp_mask=0x | 4 | 4 |
| Mem-Info | 4 | 4 |
| Kernel_panic-not_syncing:Out_of_memory_and_no_killable_processes | 4 | 4 |
| BUG:KASAN:stack-out-of-bounds | 0 | 4 |
+------------------------------------------------------------------+------------+------------+
[ 175.170846] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x329/0x38b at addr ffff880078647c78
[ 175.170846] BUG: KASAN: stack-out-of-bounds in iov_iter_revert+0x329/0x38b at addr ffff880078647c78
[ 175.174119] Read of size 8 by task mkfs.ocfs2/9842
[ 175.174119] Read of size 8 by task mkfs.ocfs2/9842
[ 175.175859] page:ffffea0001e191c0 count:0 mapcount:0 mapping: (null) index:0x1
[ 175.175859] page:ffffea0001e191c0 count:0 mapcount:0 mapping: (null) index:0x1
[ 175.179119] flags: 0x4000000000000000()
[ 175.179119] flags: 0x4000000000000000()
[ 175.180524] raw: 4000000000000000 0000000000000000 0000000000000001 00000000ffffffff
[ 175.180524] raw: 4000000000000000 0000000000000000 0000000000000001 00000000ffffffff
[ 175.183572] raw: 0000000000000000 dead000000000200 0000000000000000 0000000000000000
[ 175.183572] raw: 0000000000000000 dead000000000200 0000000000000000 0000000000000000
[ 175.186246] page dumped because: kasan: bad access detected
[ 175.186246] page dumped because: kasan: bad access detected
[ 175.188352] CPU: 0 PID: 9842 Comm: mkfs.ocfs2 Not tainted 4.11.0-rc7-00010-g5ecda13 #2
[ 175.188352] CPU: 0 PID: 9842 Comm: mkfs.ocfs2 Not tainted 4.11.0-rc7-00010-g5ecda13 #2
[ 175.191815] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 175.191815] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.3-20161025_171302-gandalf 04/01/2014
[ 175.195549] Call Trace:
[ 175.195549] Call Trace:
[ 175.196508] show_stack+0x6b/0x6e
[ 175.196508] show_stack+0x6b/0x6e
[ 175.198026] dump_stack+0x19/0x1b
[ 175.198026] dump_stack+0x19/0x1b
[ 175.199362] kasan_report+0x49b/0x5ba
[ 175.199362] kasan_report+0x49b/0x5ba
[ 175.200687] ? iov_iter_revert+0x329/0x38b
[ 175.200687] ? iov_iter_revert+0x329/0x38b
[ 175.202208] ? ftrace_likely_update+0x245/0x267
[ 175.202208] ? ftrace_likely_update+0x245/0x267
[ 175.203797] __asan_load8+0x64/0x66
[ 175.203797] __asan_load8+0x64/0x66
[ 175.205257] iov_iter_revert+0x329/0x38b
[ 175.205257] iov_iter_revert+0x329/0x38b
[ 175.206703] generic_file_read_iter+0xe8b/0xeab
[ 175.206703] generic_file_read_iter+0xe8b/0xeab
[ 175.208287] ? iov_iter_init+0xc0/0xd5
[ 175.208287] ? iov_iter_init+0xc0/0xd5
[ 175.209620] ? import_single_range+0x23e/0x272
[ 175.209620] ? import_single_range+0x23e/0x272
[ 175.211225] blkdev_read_iter+0xd8/0xe3
[ 175.211225] blkdev_read_iter+0xd8/0xe3
[ 175.212754] aio_read+0x251/0x2b2
[ 175.212754] aio_read+0x251/0x2b2
[ 175.214095] ? inc_slabs_node+0x38/0x56
[ 175.214095] ? inc_slabs_node+0x38/0x56
[ 175.215420] ? aio_ret+0x40/0x40
[ 175.215420] ? aio_ret+0x40/0x40
[ 175.216629] ? ftrace_likely_update+0x245/0x267
[ 175.216629] ? ftrace_likely_update+0x245/0x267
[ 175.218348] ? ftrace_likely_update+0x245/0x267
[ 175.218348] ? ftrace_likely_update+0x245/0x267
[ 175.219937] ? __asan_loadN+0xf/0x11
[ 175.219937] ? __asan_loadN+0xf/0x11
[ 175.221193] ? ___might_sleep+0x9a/0x233
[ 175.221193] ? ___might_sleep+0x9a/0x233
[ 175.222755] ? __might_sleep+0x16a/0x179
[ 175.222755] ? __might_sleep+0x16a/0x179
[ 175.224220] ? ftrace_likely_update+0x245/0x267
[ 175.224220] ? ftrace_likely_update+0x245/0x267
[ 175.225714] do_io_submit+0xb79/0xcec
[ 175.225714] do_io_submit+0xb79/0xcec
[ 175.227109] ? do_io_submit+0xb79/0xcec
[ 175.227109] ? do_io_submit+0xb79/0xcec
[ 175.228580] ? aio_write+0x383/0x383
[ 175.228580] ? aio_write+0x383/0x383
[ 175.229952] ? __asan_loadN+0xf/0x11
[ 175.229952] ? __asan_loadN+0xf/0x11
[ 175.231291] ? SyS_io_destroy+0x159/0x159
[ 175.231291] ? SyS_io_destroy+0x159/0x159
[ 175.232632] SyS_io_submit+0x10/0x12
[ 175.232632] SyS_io_submit+0x10/0x12
[ 175.233999] ? SyS_io_submit+0x10/0x12
[ 175.233999] ? SyS_io_submit+0x10/0x12
[ 175.235354] do_syscall_64+0x15c/0x181
[ 175.235354] do_syscall_64+0x15c/0x181
[ 175.236711] entry_SYSCALL64_slow_path+0x25/0x25
[ 175.236711] entry_SYSCALL64_slow_path+0x25/0x25
[ 175.238567] RIP: 0033:0x7f38a230b717
[ 175.238567] RIP: 0033:0x7f38a230b717
[ 175.239860] RSP: 002b:00007ffd4ee48758 EFLAGS: 00000202 ORIG_RAX: 00000000000000d1
[ 175.239860] RSP: 002b:00007ffd4ee48758 EFLAGS: 00000202 ORIG_RAX: 00000000000000d1
[ 175.242402] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 00007f38a230b717
[ 175.242402] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 00007f38a230b717
[ 175.245068] RDX: 0000562743398ee0 RSI: 0000000000000013 RDI: 00007f38a2f3e000
[ 175.245068] RDX: 0000562743398ee0 RSI: 0000000000000013 RDI: 00007f38a2f3e000
[ 175.247490] RBP: 0000562743398ee0 R08: 000000000fc00000 R09: 0000000000000200
[ 175.247490] RBP: 0000562743398ee0 R08: 000000000fc00000 R09: 0000000000000200
[ 175.249921] R10: 000000000000000f R11: 0000000000000202 R12: 0000562743382c10
[ 175.249921] R10: 000000000000000f R11: 0000000000000202 R12: 0000562743382c10
[ 175.252356] R13: 0000562743382380 R14: 0000000000000000 R15: 0000562743d185e8
[ 175.252356] R13: 0000562743382380 R14: 0000000000000000 R15: 0000562743d185e8
[ 175.254872] Memory state around the buggy address:
[ 175.254872] Memory state around the buggy address:
[ 175.256518] ffff880078647b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 175.256518] ffff880078647b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 175.258928] ffff880078647b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4
[ 175.258928] ffff880078647b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4
[ 175.261370] >ffff880078647c00: f2 f2 f2 f2 00 00 00 00 00 f4 f4 f4 f2 f2 f2 f2
[ 175.261370] >ffff880078647c00: f2 f2 f2 f2 00 00 00 00 00 f4 f4 f4 f2 f2 f2 f2
[ 175.263840] ^
[ 175.263840] ^
To reproduce:
git clone https://github.com/01org/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Xiaolong
View attachment "config-4.11.0-rc7-00010-g5ecda13" of type "text/plain" (98549 bytes)
View attachment "job-script" of type "text/plain" (4670 bytes)
Download attachment "dmesg.xz" of type "application/octet-stream" (17876 bytes)
Powered by blists - more mailing lists