lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <87zizc7ljz.fsf@yhuang-dev.intel.com>
Date:	Wed, 21 Oct 2015 15:00:48 +0800
From:	kernel test robot <ying.huang@...ux.intel.com>
TO:	Ingo Molnar <mingo@...nel.org>
CC:	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [lkp] [string] 3fda0fa0f5: BUG: KASan: out of bounds access in
 strscpy+0xc2/0x290 at addr ffff880016b83ee0

FYI, we noticed the below changes on

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git WIP.core/strings
commit 3fda0fa0f5ed4ef634e043c65709482aea0a37f6 ("string: Improve the generic strlcpy() implementation")


+------------------------------------------------------+------------+------------+
|                                                      | 314edb34c9 | 3fda0fa0f5 |
+------------------------------------------------------+------------+------------+
| boot_successes                                       | 15         | 11         |
| boot_failures                                        | 0          | 4          |
| BUG:KASan:out_of_bounds_access                       | 0          | 4          |
| BUG_kmalloc-#(Not_tainted):kasan:bad_access_detected | 0          | 4          |
| INFO:Slab#objects=#used=#fp=0x(null)flags=           | 0          | 4          |
| INFO:Object#@...set=#fp=                             | 0          | 4          |
| backtrace:vfs_write                                  | 0          | 4          |
| backtrace:SyS_write                                  | 0          | 4          |
+------------------------------------------------------+------------+------------+


Failed to configure loopback device: Operation not supported
Using cgroup controller name=systemd. File system hierarchy is at /sys/fs/cgroup/systemd.
[   57.599568] ==================================================================
[   57.600517] BUG: KASan: out of bounds access in strscpy+0xc2/0x290 at addr ffff880016b83ee0
[   57.601541] Read of size 8 by task systemd/1
[   57.602068] =============================================================================
[   57.603081] BUG kmalloc-64 (Not tainted): kasan: bad access detected
[   57.603907] -----------------------------------------------------------------------------
[   57.603907] 
[   57.607113] Disabling lock debugging due to kernel taint
[   57.607113] INFO: Slab 0xffffea00005ae0c0 objects=64 used=64 fp=0x          (null) flags=0x4000000000000080
[   57.607113] INFO: Object 0xffff880016b83ec0 @offset=3776 fp=0x7379732f62696c2f
[   57.607113] 
[   57.607113] Bytes b4 ffff880016b83eb0: 64 2f 73 6f 63 2f 78 74 65 6e 73 61 00 00 00 00  d/soc/xtensa....
[   57.607113] Object ffff880016b83ec0: 2f 6c 69 62 2f 73 79 73 74 65 6d 64 2f 73 79 73  /lib/systemd/sys
[   57.607113] Object ffff880016b83ed0: 74 65 6d 64 2d 63 67 72 6f 75 70 73 2d 61 67 65  temd-cgroups-age
[   57.607113] Object ffff880016b83ee0: 6e 74 00 00 00 00 00 00 a0 95 bf 3f 00 88 ff ff  nt.........?....
[   57.607113] Object ffff880016b83ef0: 00 00 00 00 00 00 00 00 e7 60 49 f8 07 00 00 00  .........`I.....
[   57.607113] CPU: 0 PID: 1 Comm: systemd Tainted: G    B           4.3.0-rc4-00262-g3fda0fa #1
[   57.607113]  0000000000001000 ffff88002e86fb80 ffffffff8133a029 ffff88002e86fbb0
[   57.607113]  ffffffff81198982 ffff88002e801b00 ffffea00005ae0c0 ffff880016b83ec0
[   57.607113]  0000000000000020 ffff88002e86fbd8 ffffffff8119de31 ffff88002e86fc68
[   57.607113] Call Trace:
[   57.607113]  [<ffffffff8133a029>] dump_stack+0x19/0x20
[   57.607113]  [<ffffffff81198982>] print_trailer+0xd2/0x120
[   57.607113]  [<ffffffff8119de31>] object_err+0x31/0x40
[   57.607113]  [<ffffffff8119fa4d>] kasan_report_error+0x1dd/0x400
[   57.607113]  [<ffffffff811a0053>] kasan_report+0x33/0x40
[   57.607113]  [<ffffffff813467a2>] ? strscpy+0xc2/0x290
[   57.607113]  [<ffffffff8119ec44>] __asan_load8+0x64/0xa0
[   57.607113]  [<ffffffff813467a2>] strscpy+0xc2/0x290
[   57.607113]  [<ffffffff81346984>] strlcpy+0x14/0x60
[   57.607113]  [<ffffffff81115d77>] cgroup_release_agent_write+0x67/0xa0
[   57.607113]  [<ffffffff811150d1>] cgroup_file_write+0x81/0x1d0
[   57.607113]  [<ffffffff81115050>] ? allocate_cgrp_cset_links+0xf0/0xf0
[   57.607113]  [<ffffffff81227fea>] kernfs_fop_write+0x18a/0x210
[   57.607113]  [<ffffffff811b6127>] __vfs_write+0x57/0x170
[   57.607113]  [<ffffffff810cea15>] ? percpu_down_read+0x55/0x90
[   57.607113]  [<ffffffff811b92e0>] ? __sb_start_write+0xc0/0xe0
[   57.607113]  [<ffffffff811b92e0>] ? __sb_start_write+0xc0/0xe0
[   57.607113]  [<ffffffff811b695c>] vfs_write+0xec/0x240
[   57.607113]  [<ffffffff811b75bd>] SyS_write+0x5d/0xc0
[   57.607113]  [<ffffffff81acacef>] entry_SYSCALL_64_fastpath+0x12/0x76
[   57.607113] Memory state around the buggy address:


Thanks,
Ying Huang

View attachment "config-4.3.0-rc4-00262-g3fda0fa" of type "text/plain" (84411 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (13996 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ