| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Yu9YSjbnBF9IXmNB@xsang-OptiPlex-9020>
Date: Sun, 7 Aug 2022 14:14:34 +0800
From: kernel test robot <oliver.sang@...el.com>
To: "Jason A. Donenfeld" <Jason@...c4.com>
CC: Ammar Faizi <ammarfaizi2@...weeb.org>,
<linux-kernel@...r.kernel.org>, <lkp@...ts.01.org>, <lkp@...el.com>
Subject: [random] 99a314f603: kernel_BUG_at_mm/usercopy.c
Greeting,
FYI, we noticed the following commit (built with clang-16):
commit: 99a314f603c9cd173e6db2e3776eb76477283e1a ("random: batch getrandom() output per-task")
https://github.com/ammarfaizi2/linux-block crng/random/jd/getrandom-batch
in testcase: boot
on test machine: qemu-system-i386 -enable-kvm -cpu SandyBridge -smp 2 -m 4G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------+------------+------------+
| | 9c8358be41 | 99a314f603 |
+------------------------------------------+------------+------------+
| boot_successes | 10 | 0 |
| boot_failures | 0 | 6 |
| kernel_BUG_at_mm/usercopy.c | 0 | 6 |
| invalid_opcode:#[##] | 0 | 6 |
| EIP:usercopy_abort | 0 | 6 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 6 |
+------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 50.563555][ T156] usercopy: Kernel memory exposure attempt detected from SLUB object 'task_struct' (offset 1436, size 4)!
[ 50.571899][ T37] rcu-scale: 0 writer-duration: 13 12292663
[ 50.595826][ T156] ------------[ cut here ]------------
[ 50.602886][ T37] rcu-scale: 0 writer-duration: 14 15706237
[ 50.604708][ T156] kernel BUG at mm/usercopy.c:101!
[ 50.606688][ T37] rcu-scale: 0 writer-duration: 15 116401087
[ 50.607952][ T156] invalid opcode: 0000 [#1] SMP
[ 50.609436][ T37] rcu-scale: 0 writer-duration: 16 119806774
[ 50.610519][ T156] CPU: 1 PID: 156 Comm: ubusd Tainted: G T 5.19.0-rc6-00375-g99a314f603c9 #3
[ 50.610529][ T156] EIP: usercopy_abort+0x6a/0x70
[ 50.610544][ T156] Code: 44 d0 b8 9e b8 08 42 bb 7a 88 05 42 0f 44 c3 ff 75 0c ff 75 08 50 52 51 57 56 ff 75 f0 68 59 b1 05 42 e8 b5 bd 8e 00 83 c4
24 <0f> 0b 90 90 90 90 55 89 e5 53 57 56 83 ec 0c 89 4d ec 3e 8d 74 26
[ 50.610549][ T156] EAX: 00000067 EBX: 4205887a ECX: ecb8f76b EDX: 4110fc3f
[ 50.610554][ T156] ESI: 420cd5fe EDI: 42003135 EBP: 44eb7e14 ESP: 44eb7e04
[ 50.610558][ T156] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010202
[ 50.610564][ T156] CR0: 80050033 CR2: 37ef9844 CR3: 002371a0 CR4: 000006b0
[ 50.611858][ T37] rcu-scale: 0 writer-duration: 17 75994492
[ 50.613521][ T156] Call Trace:
[ 50.614518][ T37] rcu-scale: 0 writer-duration: 18 39719609
[ 50.617791][ T156] ? __check_heap_object+0x8e/0xd0
[ 50.619151][ T37] rcu-scale: 0 writer-duration: 19 24013177
[ 50.620149][ T156] ? __check_object_size+0x23e/0x360
[ 50.621640][ T37] rcu-scale: 0 writer-duration: 20 116012906
[ 50.622921][ T156] ? get_random_bytes_user+0x234/0x500
[ 50.622941][ T156] ? urandom_read_iter+0x11/0x90
[ 50.622947][ T156] ? new_sync_read+0xe5/0x140
[ 50.622960][ T156] ? vfs_read+0x12a/0x1c0
[ 50.624109][ T37] rcu-scale: 0 writer-duration: 21 19988271
[ 50.624742][ T156] ? ksys_read+0x66/0xd0
[ 50.625908][ T37] rcu-scale: 0 writer-duration: 22 15974944
[ 50.626912][ T156] ? do_int80_syscall_32+0xf/0x70
[ 50.626928][ T156] ? syscall_enter_from_user_mode+0x163/0x340
[ 50.626939][ T156] ? __ia32_sys_read+0x13/0x20
[ 50.626947][ T156] ? do_int80_syscall_32+0x4a/0x70
[ 50.626953][ T156] ? entry_INT80_32+0x108/0x108
[ 50.626969][ T156] Modules linked in:
[ 50.628191][ T37] rcu-scale: 0 writer-duration: 23 20001203
[ 50.629181][ T156]
[ 50.629269][ T156] ---[ end trace 0000000000000000 ]---
[ 50.630349][ T37] rcu-scale: 0 writer-duration: 24 16019833
[ 50.631417][ T156] EIP: usercopy_abort+0x6a/0x70
[ 50.632329][ T37] rcu-scale: 0 writer-duration: 25 15978147
[ 50.633237][ T156] Code: 44 d0 b8 9e b8 08 42 bb 7a 88 05 42 0f 44 c3 ff 75 0c ff 75 08 50 52 51 57 56 ff 75 f0 68 59 b1 05 42 e8 b5 bd 8e 00 83 c4 24 <0f> 0b 90 90 90 90 55 89 e5 53 57 56 83 ec 0c 89 4d ec 3e 8d 74 26
[ 50.634027][ T37] rcu-scale: 0 writer-duration: 26 16011746
[ 50.635232][ T156] EAX: 00000067 EBX: 4205887a ECX: ecb8f76b EDX: 4110fc3f
[ 50.636030][ T37] rcu-scale: 0 writer-duration: 27 15988856
[ 50.637108][ T156] ESI: 420cd5fe EDI: 42003135 EBP: 44eb7e14 ESP: 44eb7e04
[ 50.638101][ T37] rcu-scale: 0 writer-duration: 28 18472275
[ 50.639245][ T156] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 EFLAGS: 00010202
[ 50.639252][ T156] CR0: 80050033 CR2: 37ef9844 CR3: 002371a0 CR4: 000006b0
[ 50.639264][ T156] Kernel panic - not syncing: Fatal exception
[ 50.640223][ T156] Kernel Offset: disabled
To reproduce:
# build kernel
cd linux
cp config-5.19.0-rc6-00375-g99a314f603c9 .config
make HOSTCC=clang-16 CC=clang-16 ARCH=i386 olddefconfig prepare modules_prepare bzImage modules
make HOSTCC=clang-16 CC=clang-16 ARCH=i386 INSTALL_MOD_PATH=<mod-install-dir> modules_install
cd <mod-install-dir>
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.19.0-rc6-00375-g99a314f603c9" of type "text/plain" (146528 bytes)
View attachment "job-script" of type "text/plain" (4838 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (13172 bytes)
Powered by blists - more mailing lists