lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20220225030655.GB30182@xsang-OptiPlex-9020>
Date:   Fri, 25 Feb 2022 11:06:55 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Meng Tang <tangmeng@...ontech.com>
Cc:     0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
        lkp@...ts.01.org, mcgrof@...nel.org, keescook@...omium.org,
        yzaikin@...gle.com, guoren@...nel.org, nickhu@...estech.com,
        green.hu@...il.com, deanbo422@...il.com, ebiggers@...nel.org,
        tytso@....edu, wad@...omium.org, john.johansen@...onical.com,
        jmorris@...ei.org, serge@...lyn.com, linux-csky@...r.kernel.org,
        linux-fscrypt@...r.kernel.org,
        linux-security-module@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, Meng Tang <tangmeng@...ontech.com>
Subject: [fs/proc]  99f251040f:
 BUG:KASAN:global-out-of-bounds_in__register_sysctl_paths



Greeting,

FYI, we noticed the following commit (built with clang-15):

commit: 99f251040f9933fcdb4d9a6bf9af130a53fb5556 ("[PATCH] fs/proc: Optimize arrays defined by struct ctl_path")
url: https://github.com/0day-ci/linux/commits/Meng-Tang/fs-proc-Optimize-arrays-defined-by-struct-ctl_path/20220223-175046
base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git 5c1ee569660d4a205dced9cb4d0306b907fb7599
patch link: https://lore.kernel.org/linux-csky/20220223094837.20337-1-tangmeng@uniontech.com

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):



If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


[ 63.585952][ T1] BUG: KASAN: global-out-of-bounds in __register_sysctl_paths (??:?) 
[   63.585952][    T1] Read of size 8 at addr ffffffff851eaab0 by task swapper/0/1
[   63.585952][    T1]
[   63.585952][    T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.17.0-rc5-00012-g99f251040f99 #1 d6725855da240bf400bb169b9fd6300ffdd774d1
[   63.585952][    T1] Call Trace:
[   63.585952][    T1]  <TASK>
[ 63.585952][ T1] dump_stack_lvl (??:?) 
[ 63.585952][ T1] print_address_description (report.c:?) 
[ 63.585952][ T1] ? __register_sysctl_paths (??:?) 
[ 63.585952][ T1] __kasan_report (report.c:?) 
[ 63.585952][ T1] ? __register_sysctl_paths (??:?) 
[ 63.585952][ T1] kasan_report (??:?) 
[ 63.585952][ T1] __asan_report_load8_noabort (??:?) 
[ 63.585952][ T1] __register_sysctl_paths (??:?) 
[ 63.585952][ T1] register_sysctl_paths (??:?) 
[ 63.585952][ T1] ? hardlockup_detector_perf_init (seccomp.c:?) 
[ 63.585952][ T1] seccomp_sysctl_init (seccomp.c:?) 
[ 63.585952][ T1] do_one_initcall (??:?) 
[ 63.585952][ T1] do_initcall_level (main.c:?) 
[ 63.585952][ T1] do_initcalls (main.c:?) 
[ 63.585952][ T1] do_basic_setup (main.c:?) 
[ 63.585952][ T1] kernel_init_freeable (main.c:?) 
[ 63.585952][ T1] ? rest_init (main.c:?) 
[ 63.585952][ T1] kernel_init (main.c:?) 
[ 63.585952][ T1] ? rest_init (main.c:?) 
[ 63.585952][ T1] ret_from_fork (??:?) 
[   63.585952][    T1]  </TASK>
[   63.585952][    T1]
[   63.585952][    T1] The buggy address belongs to the variable:
[ 63.585952][ T1] seccomp_sysctl_path+0x10/0x20 
[   63.585952][    T1]
[   63.585952][    T1] Memory state around the buggy address:
[   63.585952][    T1]  ffffffff851ea980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   63.585952][    T1]  ffffffff851eaa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   63.585952][    T1] >ffffffff851eaa80: 04 f9 f9 f9 00 00 f9 f9 00 00 00 00 00 00 00 00
[   63.585952][    T1]                                      ^
[   63.585952][    T1]  ffffffff851eab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   63.585952][    T1]  ffffffff851eab80: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
[   63.585952][    T1] ==================================================================
[   63.585952][    T1] Disabling lock debugging due to kernel taint
[   63.619393][    T1] Initialise system trusted keyrings
[   63.620021][    T1] _warn_unseeded_randomness: 6 callbacks suppressed


To reproduce:

        # build kernel
	cd linux
	cp config-5.17.0-rc5-00012-g99f251040f99 .config
	make HOSTCC=clang-15 CC=clang-15 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=clang-15 CC=clang-15 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



---
0DAY/LKP+ Test Infrastructure                   Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org       Intel Corporation

Thanks,
Oliver Sang


View attachment "config-5.17.0-rc5-00012-g99f251040f99" of type "text/plain" (112467 bytes)

View attachment "job-script" of type "text/plain" (4784 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (10912 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ