lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20180419013855.4tyssb556l4lkgba@wfg-t540p.sh.intel.com>
Date:   Thu, 19 Apr 2018 09:38:55 +0800
From:   Fengguang Wu <fengguang.wu@...el.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com,
        linux-kbuild@...r.kernel.org, LKP <lkp@...org>
Subject: [gcc-plugins] c61f13eaa1 BUG: KASAN: use-after-scope in ep_poll at
 addr ffff88001ee87d00

Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

commit c61f13eaa1ee17728c41370100d2d45c254ce76f
Author:     Kees Cook <keescook@...omium.org>
AuthorDate: Fri Jan 13 11:14:39 2017 -0800
Commit:     Kees Cook <keescook@...omium.org>
CommitDate: Wed Jan 18 12:02:35 2017 -0800

     gcc-plugins: Add structleak for more stack initialization
     
     This plugin detects any structures that contain __user attributes and
     makes sure it is being fully initialized so that a specific class of
     information exposure is eliminated. (This plugin was originally designed
     to block the exposure of siginfo in CVE-2013-2141.)
     
     Ported from grsecurity/PaX. This version adds a verbose option to the
     plugin and the Kconfig.
     
     Signed-off-by: Kees Cook <keescook@...omium.org>

8d4973a1c0  gcc-plugins: add PASS_INFO and build_const_char_string()
c61f13eaa1  gcc-plugins: Add structleak for more stack initialization
c4e0ca7fa2  Merge tag 'riscv-for-linus-4.15-maintainers' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux
f0701bf7db  Add linux-next specific files for 20180126
+--------------------------------+------------+------------+------------+---------------+
|                                | 8d4973a1c0 | c61f13eaa1 | c4e0ca7fa2 | next-20180126 |
+--------------------------------+------------+------------+------------+---------------+
| boot_successes                 | 39         | 0          | 1          | 13            |
| boot_failures                  | 0          | 13         | 20         |               |
| BUG:KASAN:use-after-scope_in_e | 0          | 13         | 20         |               |
+--------------------------------+------------+------------+------------+---------------+

[   28.855033] init: Temporary process spawn error: No such file or directory
[   28.863505] init: Failed to create pty - disabling logging for job
[   28.864418] init: Temporary process spawn error: No such file or directory
udevd[253]: failed to execute '/sbin/modprobe' '/sbin/modprobe -bv acpi:LNXSYSTM:': No such file or directory
[   28.975924] ==================================================================
[   28.976803] BUG: KASAN: use-after-scope in ep_poll+0xb51/0xc33 at addr ffff88001ee87d00
[   28.977751] Write of size 16 by task udevadm/248
[   28.978321] page:ffffea00007ba1c0 count:0 mapcount:0 mapping:          (null) index:0x1
[   28.979273] flags: 0x0()
[   28.979600] raw: 0000000000000000 0000000000000000 0000000000000001 00000000ffffffff
[   28.980537] raw: 0000000000000000 dead000000000200 0000000000000000 0000000000000000
[   28.981458] page dumped because: kasan: bad access detected
[   28.982135] CPU: 0 PID: 248 Comm: udevadm Not tainted 4.10.0-rc2-00004-gc61f13e #1
[   28.983038] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[   28.984135] Call Trace:
[   28.984611]  dump_stack+0x1e/0x20
[   28.985172]  kasan_report+0x32e/0x435
[   28.985625]  ? ep_poll+0xb51/0xc33
[   28.986053]  ? ep_poll+0xb13/0xc33
[   28.986478]  __asan_report_store16_noabort+0x1c/0x1e
[   28.987286]  ep_poll+0xb51/0xc33
[   28.987803]  ? ep_poll_readyevents_proc+0x86/0x86
[   28.988551]  ? sock_enable_timestamp+0xa1/0xa1
[   28.989255]  ? bit_waitqueue+0x34/0x34
[   28.989831]  ? get_usage_char+0x3b/0x3b
[   28.990398]  ? get_usage_char+0x3b/0x3b
[   28.991120]  ? __lock_acquire+0x113d/0x1245
[   28.991675]  ? __context_tracking_exit+0xe4/0x266
[   28.992348]  ? lock_acquire+0x318/0x318
[   28.992963]  ? __fget_light+0x2e6/0x318
[   28.993566]  ? __fget+0x35b/0x35b
[   28.994101]  ? syscall_slow_exit_work+0x591/0x591
[   28.994850]  ? __this_cpu_preempt_check+0x1c/0x1f
[   28.995590]  ? do_task_dead+0x1cb/0x1cb
[   28.996204]  SyS_epoll_wait+0x16e/0x1a2
[   28.996811]  ? SyS_epoll_ctl+0x1571/0x1571
[   28.997461]  do_syscall_64+0x307/0x522
[   28.998060]  ? check_preemption_disabled+0x198/0x1a1
[   28.998866]  ? syscall_return_slowpath+0x25b/0x25b
[   28.999733]  ? context_tracking_user_enter+0x30/0x30
[   29.000486]  ? prepare_exit_to_usermode+0x13e/0x166
[   29.001217]  ? enter_from_user_mode+0x72/0x72
[   29.001909]  entry_SYSCALL64_slow_path+0x25/0x25
[   29.002627] RIP: 0033:0x7ffb5675cb33
[   29.003196] RSP: 002b:00007ffe90b896a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e8
[   29.004363] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007ffb5675cb33
[   29.005460] RDX: 0000000000000004 RSI: 00007ffe90b89850 RDI: 0000000000000003
[   29.006556] RBP: 000055e3eed8e2d0 R08: 000000000000000a R09: 0000000000000000
[   29.007660] R10: 00000000ffffffff R11: 0000000000000246 R12: 000055e3eed8e110
[   29.008758] R13: 0000000000000001 R14: 00007ffe90b8985c R15: 0000000000000004
[   29.009872] Memory state around the buggy address:
[   29.010618]  ffff88001ee87c00: f8 f2 f2 f2 f2 f2 f2 f2 f8 f2 f2 f2 f2 f2 f2 f2
[   29.011730]  ffff88001ee87c80: 00 00 f2 f2 f2 f2 f2 f2 00 00 f2 f2 f2 f2 f2 f2

                                                           # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start v4.11 v4.10 --
git bisect  bad ce70df089143c49385b4f32f39d41fb50fbf6a7c  # 11:07  B      0     3   16   0  mm, gup: fix typo in gup_p4d_range()
git bisect  bad 94eae8034002401d71ae950106659e16add36e77  # 11:38  B      0    11   24   0  Merge tag 'platform-drivers-x86-v4.11-1' of git://git.infradead.org/linux-platform-drivers-x86
git bisect good 7bb033829ef3ecfc491c0ed0197966e8f197fbdc  # 12:12  G     13     0   13  13  Merge tag 'rodata-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect  bad a3919caaa27a5fde1cbda46e394bb17953e104a1  # 12:52  B      0     4   17   0  Merge tag 'rproc-v4.11' of git://github.com/andersson/remoteproc
git bisect  bad a27fcb0cd1bcc812017192bdde41cc456dcd6afe  # 13:05  B      0    12   25   0  Merge tag 'xfs-4.11-merge-7' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
git bisect  bad 8ff546b801e5cca0337c0f0a7234795d0a6309a1  # 13:22  B      0     3   16   0  Merge tag 'usb-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
git bisect  bad ff47d8c05019d6e7753cef270d6399cb5a33be57  # 13:42  B      0     7   20   0  Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
git bisect  bad 1e74a2eb1f5cc7f2f2b5aa9c9eeecbcf352220a3  # 13:56  B      0     1   14   0  Merge tag 'gcc-plugins-v4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
git bisect good e7e04c0c8c7ea931d966e5bd349a0b1c836b1ebf  # 14:16  G     12     0    0   0  Merge branch 'for-next/gcc-plugin-infrastructure' into for-linus/gcc-plugins
git bisect  bad c054ee3bbf69ebcabb1f3218b7faf4b1b37a8eb6  # 14:32  B      0     3   16   0  Merge branch 'for-next/gcc-plugin/structleak' into for-linus/gcc-plugins
git bisect  bad c61f13eaa1ee17728c41370100d2d45c254ce76f  # 14:50  B      0    10   23   0  gcc-plugins: Add structleak for more stack initialization
# first bad commit: [c61f13eaa1ee17728c41370100d2d45c254ce76f] gcc-plugins: Add structleak for more stack initialization
git bisect good 8d4973a1c01d4b38871fbc6631e1fdd20e6c9e90  # 15:06  G     39     0    0   0  gcc-plugins: add PASS_INFO and build_const_char_string()
# extra tests with debug options
git bisect  bad c61f13eaa1ee17728c41370100d2d45c254ce76f  # 15:42  B      0     9   22   0  gcc-plugins: Add structleak for more stack initialization
# extra tests on HEAD of linux-devel/devel-hourly-2018012623
git bisect  bad 053f055c57c24ecc91e16dc1056be540bec47d3e  # 15:42  B      0    13   29   0  0day head guard for 'devel-hourly-2018012623'
# extra tests on tree/branch linus/master
git bisect  bad c4e0ca7fa24137e372d6135fe16e8df8e123f116  # 16:24  B      1    12    0   0  Merge tag 'riscv-for-linus-4.15-maintainers' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux
# extra tests on tree/branch linux-next/master
git bisect good f0701bf7db7ab816244aed52d28ac49f32c8c2c9  # 16:46  G     13     0    0   0  Add linux-next specific files for 20180126

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/lkp                          Intel Corporation

Download attachment "dmesg-quantal-intel12-10:20180127145039:x86_64-randconfig-s5-01270457:4.10.0-rc2-00004-gc61f13e:1.gz" of type "application/gzip" (92392 bytes)

View attachment "reproduce-quantal-intel12-10:20180127145039:x86_64-randconfig-s5-01270457:4.10.0-rc2-00004-gc61f13e:1" of type "text/plain" (909 bytes)

View attachment "config-4.10.0-rc2-00004-gc61f13e" of type "text/plain" (100927 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ