lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 04 Aug 2023 18:32:48 +0200
From:   Sven Schnelle <svens@...ux.ibm.com>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     linux-kernel@...r.kernel.org
Subject: Re: BUG: KASAN: slab-out-of-bounds in print_synth_event+0xa68/0xa78

Steven Rostedt <rostedt@...dmis.org> writes:

> On Fri, 04 Aug 2023 08:20:23 +0200
> Sven Schnelle <svens@...ux.ibm.com> wrote:
>
>> Hi Steven,
>> 
>> i noticed the following KASAN splat in CI (on s390):
>> 
>> [  218.586476] /home/svens/linux/tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-stack.tc
>> [  221.610410] ==================================================================
>> [  221.610424] BUG: KASAN: slab-out-of-bounds in print_synth_event+0xa68/0xa78
>> [  221.610440] Read of size 8 at addr 0000000087753ebc by task grep/1321
>> [  221.610445]
>> [  221.610451] CPU: 9 PID: 1321 Comm: grep Not tainted 6.4.0-rc3-00008-g4b512860bdbd #716
>> [  221.610457] Hardware name: IBM 3906 M04 704 (z/VM 7.1.0)
>> [  221.610462] Call Trace:
>> [  221.610466]  [<00000000026026e6>] dump_stack_lvl+0x106/0x1c8
>> [  221.610479]  [<00000000009cdbbc>] print_address_description.constprop.0+0x34/0x378
>> [  221.610488]  [<00000000009cdfac>] print_report+0xac/0x240
>> [  221.610494]  [<00000000009ce32a>] kasan_report+0xf2/0x130
>> [  221.610501]  [<00000000005e4f60>] print_synth_event+0xa68/0xa78
>
> Can you show where exactly the above line is?

It is:

(gdb) list *(print_synth_event+0xa68)
0x5e4f60 is in print_synth_event (/home/svens/ibmgit/linux/kernel/trace/trace_events_synth.c:410).
405                             p = (void *)entry + data_offset;
406                             end = (void *)p + len - (sizeof(long) - 1);
407
408                             trace_seq_printf(s, "%s=STACK:\n", se->fields[i]->name);
409
410                             for (; *p && p < end; p++)
411                                     trace_seq_printf(s, "=> %pS\n", (void *)*p);
412                             n_u64++;
413
414                     } else {

>> For reproducing, the following script is good enough to trigger it
>> reliably on my system:
>> 
>> cd /home/svens/linux/tools/testing/selftests/ftrace
>> for i in $(seq 1 10); do
>> 	./ftracetest -v /home/svens/linux/tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-stack.tc
>
> It's probably because that code has:
>
>   #!/bin/sh
>   # SPDX-License-Identifier: GPL-2.0
>   # description: event trigger - test inter-event histogram trigger trace action with dynamic string param
>   # requires: set_event synthetic_events events/sched/sched_process_exec/hist "can be any field, or the special string 'common_stacktrace'":README
>
> Where it looks for "common_stacktrace" in the README file, and will not run
> if it does not exist. That "common_stacktrace" was added to the README file
> by that commit.

Thanks, i'll try to bisect again with the changed test.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ