lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Sat, 19 Dec 2020 10:48:50 +0100
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     Kees Cook <keescook@...omium.org>
Cc:     syzbot <syzbot+73d662376f16e2a7336d@...kaller.appspotmail.com>,
        LKML <linux-kernel@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: upstream boot error: UBSAN: null-ptr-deref in corrupted

On Fri, Dec 18, 2020 at 8:47 PM Kees Cook <keescook@...omium.org> wrote:
>
> On Thu, Dec 17, 2020 at 11:38:30AM +0100, Dmitry Vyukov wrote:
> > On Thu, Dec 17, 2020 at 11:14 AM syzbot
> > <syzbot+73d662376f16e2a7336d@...kaller.appspotmail.com> wrote:
> > >
> > > Hello,
> > >
> > > syzbot found the following issue on:
> > >
> > > HEAD commit:    accefff5 Merge tag 'arm-soc-omap-genpd-5.11' of git://git...
> > > git tree:       upstream
> > > console output: https://syzkaller.appspot.com/x/log.txt?x=14567b7f500000
> > > kernel config:  https://syzkaller.appspot.com/x/.config?x=1e6efc730c219bd4
> > > dashboard link: https://syzkaller.appspot.com/bug?extid=73d662376f16e2a7336d
> > > compiler:       clang version 11.0.0 (https://github.com/llvm/llvm-project.git ca2dcbd030eadbf0aa9b660efe864ff08af6e18b)
> > >
> > > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > > Reported-by: syzbot+73d662376f16e2a7336d@...kaller.appspotmail.com
> >
> > +Kees
> >
> > Not sure if it's related to UBSAN or not, but we didn't used to get
> > empty stack traces.
> > Either way syzbot can't boot the upstream kernel anymore.
>
> _none_ of them? :(
>
> Are you able to see which UBSAN config is tweaking this?


It seems that so far this is triggered only only 1 instances and that
instance is the only one that uses clang:
https://syzkaller.appspot.com/upstream

There is some difference in config between clang/gcc instances, but I
don't see anything obvious that mentions null pointers:

failing clang instance:
CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
CONFIG_UBSAN=y
# CONFIG_UBSAN_TRAP is not set
CONFIG_CC_HAS_UBSAN_BOUNDS=y
CONFIG_CC_HAS_UBSAN_ARRAY_BOUNDS=y
CONFIG_UBSAN_BOUNDS=y
CONFIG_UBSAN_ARRAY_BOUNDS=y
CONFIG_UBSAN_SHIFT=y
# CONFIG_UBSAN_DIV_ZERO is not set
CONFIG_UBSAN_SIGNED_OVERFLOW=y
# CONFIG_UBSAN_UNSIGNED_OVERFLOW is not set
CONFIG_UBSAN_OBJECT_SIZE=y
CONFIG_UBSAN_BOOL=y
CONFIG_UBSAN_ENUM=y
# CONFIG_UBSAN_ALIGNMENT is not set
CONFIG_UBSAN_SANITIZE_ALL=y
# CONFIG_TEST_UBSAN is not set

working gcc instance:
CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
CONFIG_UBSAN=y
# CONFIG_UBSAN_TRAP is not set
CONFIG_CC_HAS_UBSAN_BOUNDS=y
CONFIG_UBSAN_BOUNDS=y
CONFIG_UBSAN_ONLY_BOUNDS=y
CONFIG_UBSAN_SHIFT=y
# CONFIG_UBSAN_DIV_ZERO is not set
CONFIG_UBSAN_SIGNED_OVERFLOW=y
CONFIG_UBSAN_BOOL=y
CONFIG_UBSAN_ENUM=y
# CONFIG_UBSAN_ALIGNMENT is not set
CONFIG_UBSAN_SANITIZE_ALL=y
# CONFIG_TEST_UBSAN is not set

Powered by blists - more mailing lists