| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 Jun 2020 21:30:03 +0800
From: kernel test robot <rong.a.chen@...el.com>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: Stephen Rothwell <sfr@...b.auug.org.au>,
LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org
Subject: [linux] ae329a355b:
UBSAN:array-index-out-of-bounds_in_arch/x86/mm/dump_pagetables.c
Greeting,
FYI, we noticed the following commit (built with gcc-7):
commit: ae329a355bc5b276729e7e0afc2ad55e6834050d ("linux-next-pre")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: trinity
with following parameters:
runtime: 300s
test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------------------------------+------------+------------+
| | ac1ec6103d | ae329a355b |
+------------------------------------------------------------------+------------+------------+
| boot_successes | 4 | 0 |
| boot_failures | 0 | 4 |
| UBSAN:array-index-out-of-bounds_in_arch/x86/mm/dump_pagetables.c | 0 | 4 |
| UBSAN:signed-integer-overflow_in_include/linux/ktime.h | 0 | 4 |
| UBSAN:signed-integer-overflow_in_arch/x86/include/asm/atomic.h | 0 | 2 |
| UBSAN:signed-integer-overflow_in_mm/filemap.c | 0 | 3 |
| UBSAN:signed-integer-overflow_in_fs/read_write.c | 0 | 1 |
+------------------------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen@...el.com>
[ 157.922014] UBSAN: array-index-out-of-bounds in arch/x86/mm/dump_pagetables.c:285:27
[ 157.923573] index -1 is out of range for type 'pgprotval_t [5]'
[ 157.924523] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.7.0-rc7-00449-gae329a355bc5b #1
[ 157.925741] Call Trace:
[ 157.926123] dump_stack+0x73/0x9e
[ 157.926606] ubsan_epilogue+0xa/0x4e
[ 157.927182] __ubsan_handle_out_of_bounds+0x86/0x94
[ 157.927940] note_page+0xea5/0xeb0
[ 157.936581] ? ptdump_walk_pgd+0x83/0xb0
[ 157.937261] ptdump_walk_pgd_level_core+0xf8/0x160
[ 157.938055] ? ptdump_walk_pgd_level_debugfs+0x30/0x30
[ 157.938933] ? ptdump_walk_pgd_level_core+0x160/0x160
[ 157.939782] ? kernel_init+0x4b/0x1a0
[ 157.940405] ? ptdump_walk_pgd_level_core+0x5/0x160
[ 157.941173] kernel_init+0x4b/0x1a0
[ 157.941722] ? _raw_spin_unlock_irq+0x1f/0x30
[ 157.942382] ? rest_init+0x180/0x180
[ 157.942927] ret_from_fork+0x35/0x40
[ 157.943525] ================================================================================
[ 157.944767] x86/mm: Checked W+X mappings: passed, no W+X pages found.
[ 157.945773] rodata_test: all tests were successful
[ 157.946519] Run /init as init process
[ 157.947110] with arguments:
[ 157.947640] /init
[ 157.948019] with environment:
[ 157.948577] HOME=/
[ 157.948970] TERM=linux
[ 157.949400] user=lkp
[ 157.949796] job=/lkp/jobs/scheduled/vm-snb-8/trinity-300s-yocto-x86_64-minimal-20190520.cgz-ae329a355bc5b276729e7e0afc2ad55e6834050d-20200622-4963-1redtaq-3.yaml
[ 157.952203] ARCH=x86_64
[ 157.952670] kconfig=x86_64-randconfig-a003-20200603
[ 157.953498] branch=linux-review/Rishabh-Bhatnagar/Extend-SSR-notifications-framework/20200528-115948
[ 157.955056] commit=ae329a355bc5b276729e7e0afc2ad55e6834050d
[ 157.955992] BOOT_IMAGE=/pkg/linux/x86_64-randconfig-a003-20200603/gcc-7/ae329a355bc5b276729e7e0afc2ad55e6834050d/vmlinuz-5.7.0-rc7-00449-gae329a355bc5b
[ 157.958229] max_uptime=1500
[ 157.958744] RESULT_ROOT=/result/trinity/300s/vm-snb/yocto-x86_64-minimal-20190520.cgz/x86_64-randconfig-a003-20200603/gcc-7/ae329a355bc5b276729e7e0afc2ad55e6834050d/3
[ 157.961182] LKP_SERVER=inn
[ 157.961701] selinux=0
[ 157.962151] vga=normal
[ 157.963478] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 157.968916] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 157.994694] mount (438) used greatest stack depth: 14024 bytes left
[ 158.007524] rc (442) used greatest stack depth: 13960 bytes left
[ 158.041966] rc (443) used greatest stack depth: 13824 bytes left
Starting udev
[ 158.111616] udevd[464]: starting version 3.2.7
[ 158.114095] random: udevd: uninitialized urandom read (16 bytes read)
[ 158.115283] random: udevd: uninitialized urandom read (16 bytes read)
[ 158.116245] random: udevd: uninitialized urandom read (16 bytes read)
[ 158.119812] udevd[464]: specified group 'kvm' unknown
[ 158.124365] udevd[465]: starting eudev-3.2.7
[ 158.264590] udevd[465]: specified group 'kvm' unknown
[ 158.368957] cfg80211: failed to load regulatory.db
[ 158.383892] _warn_unseeded_randomness: 204 callbacks suppressed
[ 158.383903] random: get_random_u64 called from arch_rnd+0x1c/0x50 with crng_init=0
[ 158.383916] random: get_random_u64 called from randomize_stack_top+0x2e/0x80 with crng_init=0
[ 158.383942] random: get_random_u64 called from arch_rnd+0x1c/0x50 with crng_init=0
[ 158.490811] udevadm (477) used greatest stack depth: 13776 bytes left
[ 159.097806] ip (636) used greatest stack depth: 13568 bytes left
LKP: HOSTNAME vm-snb-8, MAC 52:54:00:12:34:56, kernel 5.7.0-rc7-00449-gae329a355bc5b 1, serial console /dev/ttyS0
[ 159.385112] _warn_unseeded_randomness: 1536 callbacks suppressed
[ 159.385122] random: get_random_u64 called from arch_rnd+0x1c/0x50 with crng_init=0
[ 159.385134] random: get_random_u64 called from randomize_stack_top+0x2e/0x80 with crng_init=0
[ 159.385158] random: get_random_u64 called from arch_rnd+0x1c/0x50 with crng_init=0
Poky (Yocto Project Reference Distro) 2.7+snapshot vm-snb-8 /dev/ttyS0
[ 160.235428] Kernel tests: Boot OK!
[ 160.235428] /lkp/lkp/src/bin/run-lkp
[ 160.235428] RESULT_ROOT=/result/trinity/300s/vm-snb/yocto-x86_64-minimal-20190520.cgz/x86_64-randconfig-a003-20200603/gcc-7/ae329a355bc5b276729e7e0afc2ad55e6834050d/3
[ 160.235428] job=/lkp/jobs/scheduled/vm-snb-8/trinity-300s-yocto-x86_64-minimal-20190520.cgz-ae329a355bc5b276729e7e0afc2ad55e6834050d-20200622-4963-1redtaq-3.yaml
[ 160.235428] result_service=raw_upload, RESULT_MNT=/inn/result, RESULT_ROOT=/inn/result/trinity/300s/vm-snb/yocto-x86_64-minimal-20190520.cgz/x86_64-randconfig-a003-20200603/gcc-7/ae329a355bc5b276729e7e0afc2ad55e6834050d/3
[ 160.235428] run-job /lkp/jobs/scheduled/vm-snb-8/trinity-300s-yocto-x86_64-minimal-20190520.cgz-ae329a355bc5b276729e7e0afc2ad55e6834050d-20200622-4963-1redtaq-3.yaml
[ 161.057953] _warn_unseeded_randomness: 442 callbacks suppressed
[ 161.057964] random: get_random_u64 called from copy_process+0x330/0x1ce0 with crng_init=0
[ 161.062932] random: get_random_u64 called from arch_rnd+0x1c/0x50 with crng_init=0
[ 161.062946] random: get_random_u64 called from randomize_stack_top+0x2e/0x80 with crng_init=0
[ 162.134055] _warn_unseeded_randomness: 119 callbacks suppressed
[ 162.134066] random: get_random_u64 called from arch_rnd+0x1c/0x50 with crng_init=0
[ 162.134080] random: get_random_u64 called from randomize_stack_top+0x2e/0x80 with crng_init=0
[ 162.134086] random: get_random_u32 called from arch_align_stack+0x3a/0x60 with crng_init=0
[ 163.152679] _warn_unseeded_randomness: 24 callbacks suppressed
[ 163.152691] random: get_random_u64 called from copy_process+0x330/0x1ce0 with crng_init=0
[ 163.156592] random: get_random_u64 called from arch_rnd+0x1c/0x50 with crng_init=0
[ 163.156606] random: get_random_u64 called from randomize_stack_top+0x2e/0x80 with crng_init=0
[ 164.171866] _warn_unseeded_randomness: 17 callbacks suppressed
[ 164.171877] random: get_random_u64 called from copy_process+0x330/0x1ce0 with crng_init=0
[ 164.176895] random: get_random_u64 called from arch_rnd+0x1c/0x50 with crng_init=0
[ 164.176910] random: get_random_u64 called from randomize_stack_top+0x2e/0x80 with crng_init=0
[ 165.193622] _warn_unseeded_randomness: 18 callbacks suppressed
[ 165.193632] random: get_random_u64 called from arch_rnd+0x1c/0x50 with crng_init=0
[ 165.193647] random: get_random_u64 called from randomize_stack_top+0x2e/0x80 with crng_init=0
[ 165.193673] random: get_random_u64 called from arch_rnd+0x1c/0x50 with crng_init=0
[ 166.208046] _warn_unseeded_randomness: 16 callbacks suppressed
[ 166.208056] random: get_random_u64 called from copy_process+0x330/0x1ce0 with crng_init=0
[ 166.214410] random: get_random_u64 called from arch_rnd+0x1c/0x50 with crng_init=0
[ 166.214426] random: get_random_u64 called from randomize_stack_top+0x2e/0x80 with crng_init=0
[ 167.224844] _warn_unseeded_randomness: 17 callbacks suppressed
[ 167.224854] random: get_random_u64 called from copy_process+0x330/0x1ce0 with crng_init=0
[ 167.230569] random: get_random_u64 called from arch_rnd+0x1c/0x50 with crng_init=0
[ 167.230583] random: get_random_u64 called from randomize_stack_top+0x2e/0x80 with crng_init=0
[ 168.242126] _warn_unseeded_randomness: 18 callbacks suppressed
[ 168.242138] random: get_random_u64 called from arch_rnd+0x1c/0x50 with crng_init=0
To reproduce:
# build kernel
cd linux
cp config-5.7.0-rc7-00449-gae329a355bc5b .config
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
Rong Chen
View attachment "config-5.7.0-rc7-00449-gae329a355bc5b" of type "text/plain" (180269 bytes)
View attachment "job-script" of type "text/plain" (4539 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (26968 bytes)
View attachment "trinity" of type "text/plain" (3661 bytes)
Powered by blists - more mailing lists