| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Nov 2021 15:47:30 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Alexey Gladkov <legion@...nel.org>
Cc: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
lkp@...ts.01.org, Linux Containers <containers@...ts.linux.dev>,
"Eric W . Biederman" <ebiederm@...ssion.com>
Subject: [ucounts] dc7e5f9d41:
UBSAN:array-index-out-of-bounds_in_kernel/ucount.c
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: dc7e5f9d419cb31b7751e87cf576f23a0153147c ("[PATCH v1 2/2] ucounts: Move rlimit max values from ucounts max")
url: https://github.com/0day-ci/linux/commits/Alexey-Gladkov/ucounts-Fix-rlimit-max-values-check/20211126-224059
base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git 136057256686de39cc3a07c2e39ef6bc43003ff6
in testcase: boot
on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+--------------------------------------------------------------------+------------+------------+
| | 98e4b47106 | dc7e5f9d41 |
+--------------------------------------------------------------------+------------+------------+
| boot_successes | 32 | 0 |
| boot_failures | 20 | 55 |
| UBSAN:array-index-out-of-bounds_in_kernel/ucount.c | 0 | 36 |
+--------------------------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 2.559359][ T1] UBSAN: array-index-out-of-bounds in kernel/ucount.c:109:33
[ 2.561796][ T1] index 13 is out of range for type 'long int [12]'
[ 2.563347][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.16.0-rc2-00002-gdc7e5f9d419c #1
[ 2.565651][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2.567267][ T1] Call Trace:
[ 2.567267][ T1] dump_stack_lvl (lib/dump_stack.c:107)
[ 2.567267][ T1] dump_stack (lib/dump_stack.c:114)
[ 2.567267][ T1] ubsan_epilogue (lib/ubsan.c:152)
[ 2.567267][ T1] __ubsan_handle_out_of_bounds.cold (lib/ubsan.c:291 lib/ubsan.c:278)
[ 2.567267][ T1] ? kmemdup (mm/util.c:132)
[ 2.567267][ T1] setup_userns_sysctls (kernel/ucount.c:109)
[ 2.567267][ T1] ? idle_threads_init (kernel/ucount.c:359)
[ 2.567267][ T1] user_namespace_sysctl_init (kernel/ucount.c:371 (discriminator 2))
[ 2.567267][ T1] ? idle_threads_init (kernel/ucount.c:359)
[ 2.567267][ T1] do_one_initcall (init/main.c:1297)
[ 2.567267][ T1] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67)
[ 2.567267][ T1] ? lock_is_held_type (kernel/locking/lockdep.c:438 kernel/locking/lockdep.c:5681)
[ 2.567267][ T1] ? rcu_read_lock_sched_held (include/linux/lockdep.h:283 kernel/rcu/update.c:125)
[ 2.567267][ T1] kernel_init_freeable (init/main.c:1369 init/main.c:1386 init/main.c:1405 init/main.c:1610)
[ 2.567267][ T1] ? rest_init (init/main.c:1491)
[ 2.567267][ T1] kernel_init (init/main.c:1501)
[ 2.567267][ T1] ret_from_fork (arch/x86/entry/entry_32.S:775)
[ 2.567347][ T1] ================================================================================
[ 2.570153][ T1] kprobes: kprobe jump-optimization is enabled. All kprobes are optimized if possible.
[ 2.571601][ T1] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
[ 2.579937][ T1] ACPI: Added _OSI(Module Device)
[ 2.581413][ T1] ACPI: Added _OSI(Processor Device)
[ 2.582830][ T1] ACPI: Added _OSI(3.0 _SCP Extensions)
[ 2.583285][ T1] ACPI: Added _OSI(Processor Aggregator Device)
[ 2.584940][ T1] ACPI: Added _OSI(Linux-Dell-Video)
[ 2.586372][ T1] ACPI: Added _OSI(Linux-Lenovo-NV-HDMI-Audio)
[ 2.587290][ T1] ACPI: Added _OSI(Linux-HPI-Hybrid-Graphics)
[ 2.596108][ T1] ACPI: 1 ACPI AML tables successfully acquired and loaded
[ 2.599386][ T9] Callback from call_rcu_tasks() invoked.
[ 2.605503][ T1] ACPI: Interpreter enabled
[ 2.606945][ T1] ACPI: PM: (supports S0 S3 S4 S5)
[ 2.607284][ T1] ACPI: Using IOAPIC for interrupt routing
[ 2.609116][ T1] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[ 2.612350][ T1] ACPI: Enabled 2 GPEs in block 00 to 0F
[ 2.643022][ T1] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[ 2.643298][ T1] acpi PNP0A03:00: _OSC: OS supports [ASPM ClockPM Segments MSI HPX-Type3]
[ 2.645668][ T1] acpi PNP0A03:00: _OSC: not requesting OS control; OS requires [ExtendedConfig ASPM ClockPM MSI]
[ 2.647392][ T1] acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended PCI configuration space under this bridge.
[ 2.654525][ T1] acpiphp: Slot [3] registered
[ 2.655430][ T1] acpiphp: Slot [4] registered
[ 2.656809][ T1] acpiphp: Slot [5] registered
[ 2.658207][ T1] acpiphp: Slot [6] registered
[ 2.659411][ T1] acpiphp: Slot [7] registered
[ 2.660914][ T1] acpiphp: Slot [8] registered
[ 2.662430][ T1] acpiphp: Slot [9] registered
[ 2.663430][ T1] acpiphp: Slot [10] registered
[ 2.664892][ T1] acpiphp: Slot [11] registered
[ 2.666269][ T1] acpiphp: Slot [12] registered
[ 2.667416][ T1] acpiphp: Slot [13] registered
[ 2.669191][ T1] acpiphp: Slot [14] registered
[ 2.670666][ T1] acpiphp: Slot [15] registered
[ 2.671408][ T1] acpiphp: Slot [16] registered
[ 2.672829][ T1] acpiphp: Slot [17] registered
[ 2.674311][ T1] acpiphp: Slot [18] registered
[ 2.675427][ T1] acpiphp: Slot [19] registered
[ 2.676842][ T1] acpiphp: Slot [20] registered
[ 2.678323][ T1] acpiphp: Slot [21] registered
[ 2.679419][ T1] acpiphp: Slot [22] registered
[ 2.680822][ T1] acpiphp: Slot [23] registered
[ 2.682305][ T1] acpiphp: Slot [24] registered
[ 2.683418][ T1] acpiphp: Slot [25] registered
[ 2.684928][ T1] acpiphp: Slot [26] registered
[ 2.686387][ T1] acpiphp: Slot [27] registered
[ 2.687409][ T1] acpiphp: Slot [28] registered
[ 2.688886][ T1] acpiphp: Slot [29] registered
[ 2.690319][ T1] acpiphp: Slot [30] registered
[ 2.691400][ T1] acpiphp: Slot [31] registered
[ 2.692745][ T1] PCI host bridge to bus 0000:00
[ 2.694068][ T1] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window]
[ 2.695285][ T1] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window]
[ 2.697287][ T1] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window]
[ 2.699286][ T1] pci_bus 0000:00: root bus resource [mem 0xc0000000-0xfebfffff window]
[ 2.701613][ T1] pci_bus 0000:00: root bus resource [mem 0x140000000-0x1bfffffff window]
[ 2.703362][ T1] pci_bus 0000:00: root bus resource [bus 00-ff]
[ 2.705158][ T1] pci 0000:00:00.0: [8086:1237] type 00 class 0x060000
[ 2.708313][ T1] pci 0000:00:01.0: [8086:7000] type 00 class 0x060100
[ 2.711484][ T1] pci 0000:00:01.1: [8086:7010] type 00 class 0x010180
[ 2.718382][ T1] pci 0000:00:01.1: reg 0x20: [io 0xc040-0xc04f]
[ 2.721586][ T1] pci 0000:00:01.1: legacy IDE quirk: reg 0x10: [io 0x01f0-0x01f7]
[ 2.723286][ T1] pci 0000:00:01.1: legacy IDE quirk: reg 0x14: [io 0x03f6]
[ 2.725270][ T1] pci 0000:00:01.1: legacy IDE quirk: reg 0x18: [io 0x0170-0x0177]
[ 2.727282][ T1] pci 0000:00:01.1: legacy IDE quirk: reg 0x1c: [io 0x0376]
[ 2.729813][ T1] pci 0000:00:01.3: [8086:7113] type 00 class 0x068000
[ 2.731875][ T1] pci 0000:00:01.3: quirk: [io 0x0600-0x063f] claimed by PIIX4 ACPI
[ 2.735311][ T1] pci 0000:00:01.3: quirk: [io 0x0700-0x070f] claimed by PIIX4 SMB
[ 2.738460][ T1] pci 0000:00:02.0: [1234:1111] type 00 class 0x030000
[ 2.742150][ T1] pci 0000:00:02.0: reg 0x10: [mem 0xfd000000-0xfdffffff pref]
[ 2.747291][ T1] pci 0000:00:02.0: reg 0x18: [mem 0xfebf0000-0xfebf0fff]
[ 2.757450][ T1] pci 0000:00:02.0: reg 0x30: [mem 0xfebe0000-0xfebeffff pref]
[ 2.760228][ T1] pci 0000:00:03.0: [8086:100e] type 00 class 0x020000
[ 2.763282][ T1] pci 0000:00:03.0: reg 0x10: [mem 0xfebc0000-0xfebdffff]
[ 2.766577][ T1] pci 0000:00:03.0: reg 0x14: [io 0xc000-0xc03f]
[ 2.776442][ T1] pci 0000:00:03.0: reg 0x30: [mem 0xfeb80000-0xfebbffff pref]
[ 2.780153][ T1] pci 0000:00:04.0: [8086:25ab] type 00 class 0x088000
[ 2.782788][ T1] pci 0000:00:04.0: reg 0x10: [mem 0xfebf1000-0xfebf100f]
[ 2.789260][ T1] pci_bus 0000:00: on NUMA node 0
To reproduce:
# build kernel
cd linux
cp config-5.16.0-rc2-00002-gdc7e5f9d419c .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=gcc-9 CC=gcc-9 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.16.0-rc2-00002-gdc7e5f9d419c" of type "text/plain" (153049 bytes)
View attachment "job-script" of type "text/plain" (4822 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (13240 bytes)
Powered by blists - more mailing lists