lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000000000000681a20061a81a6c3@google.com>
Date: Sun, 09 Jun 2024 21:33:25 -0700
From: syzbot <syzbot+33bce7b14333572224b2@...kaller.appspotmail.com>
To: andrii@...nel.org, ast@...nel.org, bpf@...r.kernel.org, 
	daniel@...earbox.net, eddyz87@...il.com, haoluo@...gle.com, 
	john.fastabend@...il.com, jolsa@...nel.org, kpsingh@...nel.org, 
	linux-kernel@...r.kernel.org, martin.lau@...ux.dev, sdf@...gle.com, 
	song@...nel.org, syzkaller-bugs@...glegroups.com, yonghong.song@...ux.dev
Subject: [syzbot] [bpf?] KMSAN: uninit-value in strnchr (2)

Hello,

syzbot found the following issue on:

HEAD commit:    614da38e2f7a Merge tag 'hid-for-linus-2024051401' of git:/..
git tree:       upstream
console+strace: https://syzkaller.appspot.com/x/log.txt?x=1106eaba980000
kernel config:  https://syzkaller.appspot.com/x/.config?x=f5d2cbf33633f507
dashboard link: https://syzkaller.appspot.com/bug?extid=33bce7b14333572224b2
compiler:       Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=11604222980000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=14adcdba980000

Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/89eafb874b71/disk-614da38e.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/356000512ad9/vmlinux-614da38e.xz
kernel image: https://storage.googleapis.com/syzbot-assets/839c73939115/bzImage-614da38e.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+33bce7b14333572224b2@...kaller.appspotmail.com

=====================================================
BUG: KMSAN: uninit-value in strnchr+0x90/0xd0 lib/string.c:387
 strnchr+0x90/0xd0 lib/string.c:387
 bpf_bprintf_prepare+0x1c2/0x23c0 kernel/bpf/helpers.c:829
 ____bpf_trace_printk kernel/trace/bpf_trace.c:385 [inline]
 bpf_trace_printk+0xec/0x3e0 kernel/trace/bpf_trace.c:375
 ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997
 __bpf_prog_run32+0xb2/0xe0 kernel/bpf/core.c:2236
 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
 __bpf_prog_run include/linux/filter.h:657 [inline]
 bpf_prog_run include/linux/filter.h:664 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
 bpf_trace_run2+0x116/0x300 kernel/trace/bpf_trace.c:2420
 __bpf_trace_tlb_flush+0x2c/0x40 include/trace/events/tlb.h:38
 trace_tlb_flush include/trace/events/tlb.h:38 [inline]
 switch_mm_irqs_off+0x9d2/0x1010 arch/x86/mm/tlb.c:642
 unuse_temporary_mm arch/x86/kernel/alternative.c:1815 [inline]
 __text_poke+0xb4e/0xfb0 arch/x86/kernel/alternative.c:1925
 text_poke arch/x86/kernel/alternative.c:1968 [inline]
 text_poke_bp_batch+0x17f/0x960 arch/x86/kernel/alternative.c:2276
 text_poke_flush arch/x86/kernel/alternative.c:2470 [inline]
 text_poke_finish+0x7d/0xd0 arch/x86/kernel/alternative.c:2477
 arch_jump_label_transform_apply+0x23/0x40 arch/x86/kernel/jump_label.c:146
 __jump_label_update+0x6af/0x6d0 kernel/jump_label.c:483
 jump_label_update+0x6a0/0x7a0 kernel/jump_label.c:882
 static_key_enable_cpuslocked+0x229/0x260 kernel/jump_label.c:205
 static_key_enable+0x23/0x30 kernel/jump_label.c:218
 tracepoint_add_func+0x1084/0x1280 kernel/tracepoint.c:361
 tracepoint_probe_register_prio_may_exist+0xa8/0xf0 kernel/tracepoint.c:482
 tracepoint_probe_register_may_exist include/linux/tracepoint.h:52 [inline]
 __bpf_probe_register kernel/trace/bpf_trace.c:2446 [inline]
 bpf_probe_register+0x201/0x250 kernel/trace/bpf_trace.c:2452
 bpf_raw_tp_link_attach+0x627/0x8a0 kernel/bpf/syscall.c:3865
 bpf_raw_tracepoint_open+0x485/0x8a0 kernel/bpf/syscall.c:3892
 __sys_bpf+0x5a6/0xd90 kernel/bpf/syscall.c:5702
 __do_sys_bpf kernel/bpf/syscall.c:5767 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5765 [inline]
 __x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5765
 x64_sys_call+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:322
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Local variable stack created at:
 __bpf_prog_run32+0x43/0xe0 kernel/bpf/core.c:2236
 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline]
 __bpf_prog_run include/linux/filter.h:657 [inline]
 bpf_prog_run include/linux/filter.h:664 [inline]
 __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline]
 bpf_trace_run2+0x116/0x300 kernel/trace/bpf_trace.c:2420

CPU: 1 PID: 5048 Comm: syz-executor406 Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
=====================================================


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@...glegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want syzbot to run the reproducer, reply with:
#syz test: git://repo/address.git branch-or-commit-hash
If you attach or paste a git patch, syzbot will apply it before testing.

If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ