lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Thu, 16 Jul 2015 09:09:12 +0800
From:	Huang Ying <ying.huang@...el.com>
To:	YOSHIFUJI Hideaki/吉藤英明 
	<hideaki.yoshifuji@...aclelinux.com>
Cc:	"David S. Miller" <davem@...emloft.net>,
	LKML <linux-kernel@...r.kernel.org>, LKP ML <lkp@...org>
Subject: [lkp] [ipv6] 9131f3de24d: BUG: KASan: out of bounds access in
 ipv6_dev_get_saddr+0x1aa/0x228 at addr ffff88003c1b54e8

FYI, we noticed the below changes on

git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git master
commit 9131f3de24db4dc12199aede7d931e6703e97f3b ("ipv6: Do not iterate over all interfaces when finding source address on specific interface.")


[  146.317245] systemd-journald[237]: Vacuuming done, freed 0 bytes

[  147.926538] ==================================================================
[  147.934162] BUG: KASan: out of bounds access in ipv6_dev_get_saddr+0x1aa/0x228 at addr ffff88003c1b54e8
[  147.934162] Read of size 16 by task sshd/333
[  147.934162] =============================================================================
[  147.934162] BUG kmalloc-1024 (Not tainted): kasan: bad access detected
[  147.934162] -----------------------------------------------------------------------------
[  147.934162] 
[  147.934162] Disabling lock debugging due to kernel taint
[  147.934162] INFO: Allocated in kzalloc+0x16/0x1f age=2596 cpu=0 pid=1
[  147.934162] INFO: Slab 0xffffea0000f06c00 objects=29 used=29 fp=0x          (null) flags=0x4000000000004080
[  147.934162] INFO: Object 0xffff88003c1b5158 @offset=20824 fp=0xffff88003c1b4d10
[  147.934162] 
[  147.934162] Bytes b4 ffff88003c1b5148: 00 00 00 00 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a  ........ZZZZZZZZ
[  147.934162] Object ffff88003c1b5158: c0 e1 61 3c 00 88 ff ff 60 51 1b 3c 00 88 ff ff  ..a<....`Q.<....
[  147.934162] Object ffff88003c1b5168: 60 51 1b 3c 00 88 ff ff 58 eb 22 3c 00 88 ff ff  `Q.<....X."<....
[  147.934162] Object ffff88003c1b5178: 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5188: 00 00 00 00 00 00 00 00 d4 30 00 00 00 00 00 00  .........0......
[  147.934162] Object ffff88003c1b5198: e8 03 00 00 00 00 00 00 64 00 00 00 00 00 00 00  ........d.......
[  147.934162] Object ffff88003c1b51a8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b51b8: 00 00 00 00 00 00 00 00 02 1c 2c 82 ff ff ff ff  ..........,.....
[  147.934162] Object ffff88003c1b51c8: 58 51 1b 3c 00 88 ff ff 00 00 00 00 ff ff ff ff  XQ.<............
[  147.934162] Object ffff88003c1b51d8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b51e8: 00 00 00 00 00 00 00 00 cb 1d 2c 82 ff ff ff ff  ..........,.....
[  147.934162] Object ffff88003c1b51f8: 58 51 1b 3c 00 88 ff ff 00 00 00 00 ff ff ff ff  XQ.<............
[  147.934162] Object ffff88003c1b5208: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5218: 00 00 00 00 00 00 00 00 41 1d 2c 82 ff ff ff ff  ........A.,.....
[  147.934162] Object ffff88003c1b5228: 58 51 1b 3c 00 88 ff ff 00 00 00 00 ff ff ff ff  XQ.<............
[  147.934162] Object ffff88003c1b5238: 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5248: 00 00 00 00 85 92 90 17 65 ba ef b7 00 00 00 00  ........e.......
[  147.934162] Object ffff88003c1b5258: 00 00 00 00 00 00 00 00 10 4e 1b 3c 00 88 ff ff  .........N.<....
[  147.934162] Object ffff88003c1b5268: 00 00 83 00 01 00 00 00 74 f0 28 82 ff ff ff ff  ........t.(.....
[  147.934162] Object ffff88003c1b5278: 58 51 1b 3c 00 88 ff ff 00 00 00 00 ff ff ff ff  XQ.<............
[  147.934162] Object ffff88003c1b5288: 88 52 1b 3c 00 88 ff ff 88 52 1b 3c 00 88 ff ff  .R.<.....R.<....
[  147.934162] Object ffff88003c1b5298: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b52a8: 10 e2 22 3c 00 88 ff ff 00 00 00 00 40 00 00 00  .."<........@...
[  147.934162] Object ffff88003c1b52b8: dc 05 00 00 01 00 00 00 01 00 00 00 01 00 00 00  ................
[  147.934162] Object ffff88003c1b52c8: 01 00 00 00 03 00 00 00 90 01 00 00 64 00 00 00  ............d...
[  147.934162] Object ffff88003c1b52d8: 00 00 00 00 e8 03 00 00 64 00 00 00 00 00 00 00  ........d.......
[  147.934162] Object ffff88003c1b52e8: 80 3a 09 00 80 51 01 00 03 00 00 00 58 02 00 00  .:...Q......X...
[  147.934162] Object ffff88003c1b52f8: 10 00 00 00 01 00 00 00 01 00 00 00 01 00 00 00  ................
[  147.934162] Object ffff88003c1b5308: 70 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00  p...............
[  147.934162] Object ffff88003c1b5318: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5328: 00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5338: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5348: 48 10 25 3c 00 88 ff ff 60 ec 22 3c 00 88 ff ff  H.%<....`."<....
[  147.934162] Object ffff88003c1b5358: 20 3f ba 2e 00 88 ff ff 58 7e 22 3c 00 88 ff ff   ?......X~"<....
[  147.934162] Object ffff88003c1b5368: b0 61 25 3c 00 88 ff ff 00 00 00 00 00 00 00 00  .a%<............
[  147.934162] Object ffff88003c1b5378: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5388: f6 5b 29 82 ff ff ff ff 58 51 1b 3c 00 88 ff ff  .[).....XQ.<....
[  147.934162] Object ffff88003c1b5398: 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b53a8: eb bc ff ff 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b53b8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b53c8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b53d8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b53e8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b53f8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5408: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5418: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5428: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5438: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5448: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5458: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5468: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5478: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5488: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5498: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b54a8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b54b8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b54c8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b54d8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b54e8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b54f8: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5508: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5518: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5528: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5538: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Object ffff88003c1b5548: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  147.934162] Redzone ffff88003c1b5558: cc cc cc cc cc cc cc cc                          ........
[  147.934162] Padding ffff88003c1b5598: 5a 5a 5a 5a 5a 5a 5a 5a                          ZZZZZZZZ
[  147.934162] CPU: 0 PID: 333 Comm: sshd Tainted: G    B           4.1.0-12254-g9131f3d #3
[  147.934162] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[  147.934162]  ffffea0000f06c00 ffff8800063c7a88 ffffffff824f28f1 ffff8800063c7ab8
[  147.934162]  ffffffff81207e52 ffff88002e801780 ffffea0000f06c00 ffff88003c1b5158
[  147.934162]  ffff8800063c7dec ffff8800063c7ae8 ffffffff8120a674 000000000000001d
[  147.934162] Call Trace:
[  147.934162]  [<ffffffff824f28f1>] dump_stack+0x2e/0x3e
[  147.934162]  [<ffffffff81207e52>] print_trailer+0x156/0x166
[  147.934162]  [<ffffffff8120a674>] object_err+0x40/0x4f
[  147.934162]  [<ffffffff812104cc>] kasan_report_error+0x313/0x5b9
[  147.934162]  [<ffffffff8120f2e4>] ? __asan_load4+0x6d/0x10c
[  147.934162]  [<ffffffff812108a4>] kasan_report+0x46/0x57
[  147.934162]  [<ffffffff822959fb>] ? ipv6_dev_get_saddr+0x1aa/0x228
[  147.934162]  [<ffffffff8120f760>] __asan_load16+0xab/0xff
[  147.934162]  [<ffffffff822959fb>] ipv6_dev_get_saddr+0x1aa/0x228
[  147.934162]  [<ffffffff8120f503>] ? __asan_load8+0x6d/0x10c
[  147.934162]  [<ffffffff822da879>] ? fib6_rule_lookup+0x58/0x9d
[  147.934162]  [<ffffffff822a48dc>] ip6_route_get_saddr+0xdc/0xf2
[  147.934162]  [<ffffffff82285c16>] ip6_dst_lookup_tail+0x12c/0x261
[  147.934162]  [<ffffffff8228b855>] ip6_dst_lookup_flow+0x31/0xaa
[  147.934162]  [<ffffffff822d0d34>] ip6_datagram_connect+0x5a2/0x963
[  147.934162]  [<ffffffff820833b1>] ? spin_unlock_bh+0x1c/0x25
[  147.934162]  [<ffffffff8221e01c>] ? inet_sendmsg+0xc7/0xc7
[  147.934162]  [<ffffffff8221e0fa>] inet_dgram_connect+0xde/0xee
[  147.934162]  [<ffffffff8207f6ed>] SYSC_connect+0xc9/0x111
[  147.934162]  [<ffffffff8124d0c0>] ? fd_install+0x3d/0x4c
[  147.934162]  [<ffffffff82080e85>] ? SYSC_socket+0xa5/0x102
[  147.934162]  [<ffffffff82080fb7>] SyS_connect+0x10/0x19
[  147.934162]  [<ffffffff825038ab>] entry_SYSCALL_64_fastpath+0x12/0x71



Thanks,
Ying Huang
-------------------------------------
lkp@...ists.intel.com
https://eclists.intel.com/sympa/info/lkp
Unsubscribe by sending email to sympa@...ists.intel.com with subject "Unsubscribe lkp"
View attachment "config-4.1.0-12254-g9131f3d" of type "text/plain" (93121 bytes)

Download attachment "dmesg.xz" of type "application/octet-stream" (17572 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ