| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Feb 2022 15:28:21 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Kees Cook <keescook@...omium.org>
Cc: Miguel Ojeda <ojeda@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Nathan Chancellor <nathan@...nel.org>,
George Burgess IV <gbiv@...gle.com>,
LKML <linux-kernel@...r.kernel.org>,
Linux Memory Management List <linux-mm@...ck.org>,
lkp@...ts.01.org, lkp@...el.com
Subject: [fortify] 4cfbda15d6: kernel_BUG_at_lib/string_helpers.c
Greeting,
FYI, we noticed the following commit (built with clang-15):
commit: 4cfbda15d6578759c0157b18698e0c10ba598856 ("fortify: Add Clang support")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu Icelake-Server -smp 4 -m 16G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------+------------+------------+
| | d3b2dc20b4 | 4cfbda15d6 |
+------------------------------------------+------------+------------+
| boot_successes | 22 | 0 |
| boot_failures | 0 | 22 |
| kernel_BUG_at_lib/string_helpers.c | 0 | 22 |
| invalid_opcode:#[##] | 0 | 22 |
| RIP:fortify_panic | 0 | 22 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 22 |
+------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 92.405851][ T1] kernel BUG at lib/string_helpers.c:980!
[ 92.406535][ T1] invalid opcode: 0000 [#1] PTI
[ 92.407149][ T1] CPU: 0 PID: 1 Comm: swapper Not tainted 5.17.0-rc2-00015-g4cfbda15d657 #1
[ 92.408207][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 92.409141][ T1] RIP: 0010:fortify_panic (fbdev.c:?)
[ 92.409752][ T1] Code: 24 10 02 5b 41 5e 41 5f 5d c3 c3 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 cc c3 48 89 fe 48 c7 c7 08 f2 a9 9f e8 f3 d3 66 ff <0f> 0b 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 8d 47 d0 3c 09 77
All code
========
0: 24 10 and $0x10,%al
2: 02 5b 41 add 0x41(%rbx),%bl
5: 5e pop %rsi
6: 41 5f pop %r15
8: 5d pop %rbp
9: c3 retq
a: c3 retq
b: 00 00 add %al,(%rax)
d: cc int3
e: cc int3
f: 00 00 add %al,(%rax)
11: cc int3
12: cc int3
13: 00 00 add %al,(%rax)
15: cc int3
16: cc int3
17: 00 00 add %al,(%rax)
19: cc int3
1a: c3 retq
1b: 48 89 fe mov %rdi,%rsi
1e: 48 c7 c7 08 f2 a9 9f mov $0xffffffff9fa9f208,%rdi
25: e8 f3 d3 66 ff callq 0xffffffffff66d41d
2a:* 0f 0b ud2 <-- trapping instruction
2c: 00 00 add %al,(%rax)
2e: cc int3
2f: cc int3
30: 00 00 add %al,(%rax)
32: cc int3
33: cc int3
34: 00 00 add %al,(%rax)
36: cc int3
37: cc int3
38: 00 00 add %al,(%rax)
3a: 8d 47 d0 lea -0x30(%rdi),%eax
3d: 3c 09 cmp $0x9,%al
3f: 77 .byte 0x77
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 00 00 add %al,(%rax)
4: cc int3
5: cc int3
6: 00 00 add %al,(%rax)
8: cc int3
9: cc int3
a: 00 00 add %al,(%rax)
c: cc int3
d: cc int3
e: 00 00 add %al,(%rax)
10: 8d 47 d0 lea -0x30(%rdi),%eax
13: 3c 09 cmp $0x9,%al
15: 77 .byte 0x77
[ 92.410056][ T1] RSP: 0018:ffff888100213c90 EFLAGS: 00010286
[ 92.410056][ T1] RAX: 0000000000000022 RBX: ffffffff9fbf5eec RCX: ffffffff9c1ce33f
[ 92.410056][ T1] RDX: 0000000000000004 RSI: 0000000080000001 RDI: ffffffffa0831840
[ 92.410056][ T1] RBP: ffff888100213ed0 R08: 0001ffffffffffff R09: 0000000000000000
[ 92.410056][ T1] R10: 0001ffffa0831847 R11: 0001ffffffffffff R12: ffffffffa2a2f320
[ 92.410056][ T1] R13: 0000000000000007 R14: 0000000000000000 R15: ffffffff9fb5128b
[ 92.410056][ T1] FS: 0000000000000000(0000) GS:ffffffffa0633000(0000) knlGS:0000000000000000
[ 92.410056][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 92.410056][ T1] CR2: 00007f61b2f55114 CR3: 00000003d6026002 CR4: 00000000003706f0
[ 92.410056][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 92.410056][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 92.410056][ T1] Call Trace:
[ 92.410056][ T1] <TASK>
[ 92.410056][ T1] ni_assign_device_routes (fbdev.c:?)
[ 92.410056][ T1] ? unittest_enter (fbdev.c:?)
[ 92.410056][ T1] ni_routes_unittest (ni_routes_test.c:?)
[ 92.410056][ T1] ? unittest_enter (fbdev.c:?)
[ 92.410056][ T1] __initstub__kmod_ni_routes_test__505_604_ni_routes_unittest6 (fbdev.c:?)
[ 92.410056][ T1] do_one_initcall (fbdev.c:?)
[ 92.410056][ T1] ? do_initcall_level (main.c:?)
[ 92.410056][ T1] do_initcall_level (main.c:?)
[ 92.410056][ T1] do_initcalls (main.c:?)
[ 92.410056][ T1] do_basic_setup (main.c:?)
[ 92.410056][ T1] kernel_init_freeable (main.c:?)
[ 92.410056][ T1] ? rest_init (main.c:?)
[ 92.410056][ T1] kernel_init (main.c:?)
[ 92.410056][ T1] ? rest_init (main.c:?)
[ 92.410056][ T1] ret_from_fork (??:?)
[ 92.410056][ T1] </TASK>
[ 92.410056][ T1] Modules linked in:
[ 92.432241][ T1] ---[ end trace 0000000000000000 ]---
[ 92.432880][ T1] RIP: 0010:fortify_panic (fbdev.c:?)
[ 92.433440][ T1] Code: 24 10 02 5b 41 5e 41 5f 5d c3 c3 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 cc c3 48 89 fe 48 c7 c7 08 f2 a9 9f e8 f3 d3 66 ff <0f> 0b 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 8d 47 d0 3c 09 77
All code
========
0: 24 10 and $0x10,%al
2: 02 5b 41 add 0x41(%rbx),%bl
5: 5e pop %rsi
6: 41 5f pop %r15
8: 5d pop %rbp
9: c3 retq
a: c3 retq
b: 00 00 add %al,(%rax)
d: cc int3
e: cc int3
f: 00 00 add %al,(%rax)
11: cc int3
12: cc int3
13: 00 00 add %al,(%rax)
15: cc int3
16: cc int3
17: 00 00 add %al,(%rax)
19: cc int3
1a: c3 retq
1b: 48 89 fe mov %rdi,%rsi
1e: 48 c7 c7 08 f2 a9 9f mov $0xffffffff9fa9f208,%rdi
25: e8 f3 d3 66 ff callq 0xffffffffff66d41d
2a:* 0f 0b ud2 <-- trapping instruction
2c: 00 00 add %al,(%rax)
2e: cc int3
2f: cc int3
30: 00 00 add %al,(%rax)
32: cc int3
33: cc int3
34: 00 00 add %al,(%rax)
36: cc int3
37: cc int3
38: 00 00 add %al,(%rax)
3a: 8d 47 d0 lea -0x30(%rdi),%eax
3d: 3c 09 cmp $0x9,%al
3f: 77 .byte 0x77
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: 00 00 add %al,(%rax)
4: cc int3
5: cc int3
6: 00 00 add %al,(%rax)
8: cc int3
9: cc int3
a: 00 00 add %al,(%rax)
c: cc int3
d: cc int3
e: 00 00 add %al,(%rax)
10: 8d 47 d0 lea -0x30(%rdi),%eax
13: 3c 09 cmp $0x9,%al
15: 77 .byte 0x77
To reproduce:
# build kernel
cd linux
cp config-5.17.0-rc2-00015-g4cfbda15d657 .config
make HOSTCC=clang-15 CC=clang-15 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=clang-15 CC=clang-15 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org Intel Corporation
Thanks,
Oliver Sang
View attachment "config-5.17.0-rc2-00015-g4cfbda15d657" of type "text/plain" (187006 bytes)
View attachment "job-script" of type "text/plain" (4921 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (16216 bytes)
Powered by blists - more mailing lists