| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 09 Jun 2024 21:33:25 -0700 From: syzbot <syzbot+33bce7b14333572224b2@...kaller.appspotmail.com> To: andrii@...nel.org, ast@...nel.org, bpf@...r.kernel.org, daniel@...earbox.net, eddyz87@...il.com, haoluo@...gle.com, john.fastabend@...il.com, jolsa@...nel.org, kpsingh@...nel.org, linux-kernel@...r.kernel.org, martin.lau@...ux.dev, sdf@...gle.com, song@...nel.org, syzkaller-bugs@...glegroups.com, yonghong.song@...ux.dev Subject: [syzbot] [bpf?] KMSAN: uninit-value in strnchr (2) Hello, syzbot found the following issue on: HEAD commit: 614da38e2f7a Merge tag 'hid-for-linus-2024051401' of git:/.. git tree: upstream console+strace: https://syzkaller.appspot.com/x/log.txt?x=1106eaba980000 kernel config: https://syzkaller.appspot.com/x/.config?x=f5d2cbf33633f507 dashboard link: https://syzkaller.appspot.com/bug?extid=33bce7b14333572224b2 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11604222980000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=14adcdba980000 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/89eafb874b71/disk-614da38e.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/356000512ad9/vmlinux-614da38e.xz kernel image: https://storage.googleapis.com/syzbot-assets/839c73939115/bzImage-614da38e.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+33bce7b14333572224b2@...kaller.appspotmail.com ===================================================== BUG: KMSAN: uninit-value in strnchr+0x90/0xd0 lib/string.c:387 strnchr+0x90/0xd0 lib/string.c:387 bpf_bprintf_prepare+0x1c2/0x23c0 kernel/bpf/helpers.c:829 ____bpf_trace_printk kernel/trace/bpf_trace.c:385 [inline] bpf_trace_printk+0xec/0x3e0 kernel/trace/bpf_trace.c:375 ___bpf_prog_run+0x13fe/0xe0f0 kernel/bpf/core.c:1997 __bpf_prog_run32+0xb2/0xe0 kernel/bpf/core.c:2236 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x116/0x300 kernel/trace/bpf_trace.c:2420 __bpf_trace_tlb_flush+0x2c/0x40 include/trace/events/tlb.h:38 trace_tlb_flush include/trace/events/tlb.h:38 [inline] switch_mm_irqs_off+0x9d2/0x1010 arch/x86/mm/tlb.c:642 unuse_temporary_mm arch/x86/kernel/alternative.c:1815 [inline] __text_poke+0xb4e/0xfb0 arch/x86/kernel/alternative.c:1925 text_poke arch/x86/kernel/alternative.c:1968 [inline] text_poke_bp_batch+0x17f/0x960 arch/x86/kernel/alternative.c:2276 text_poke_flush arch/x86/kernel/alternative.c:2470 [inline] text_poke_finish+0x7d/0xd0 arch/x86/kernel/alternative.c:2477 arch_jump_label_transform_apply+0x23/0x40 arch/x86/kernel/jump_label.c:146 __jump_label_update+0x6af/0x6d0 kernel/jump_label.c:483 jump_label_update+0x6a0/0x7a0 kernel/jump_label.c:882 static_key_enable_cpuslocked+0x229/0x260 kernel/jump_label.c:205 static_key_enable+0x23/0x30 kernel/jump_label.c:218 tracepoint_add_func+0x1084/0x1280 kernel/tracepoint.c:361 tracepoint_probe_register_prio_may_exist+0xa8/0xf0 kernel/tracepoint.c:482 tracepoint_probe_register_may_exist include/linux/tracepoint.h:52 [inline] __bpf_probe_register kernel/trace/bpf_trace.c:2446 [inline] bpf_probe_register+0x201/0x250 kernel/trace/bpf_trace.c:2452 bpf_raw_tp_link_attach+0x627/0x8a0 kernel/bpf/syscall.c:3865 bpf_raw_tracepoint_open+0x485/0x8a0 kernel/bpf/syscall.c:3892 __sys_bpf+0x5a6/0xd90 kernel/bpf/syscall.c:5702 __do_sys_bpf kernel/bpf/syscall.c:5767 [inline] __se_sys_bpf kernel/bpf/syscall.c:5765 [inline] __x64_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5765 x64_sys_call+0x96b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Local variable stack created at: __bpf_prog_run32+0x43/0xe0 kernel/bpf/core.c:2236 bpf_dispatcher_nop_func include/linux/bpf.h:1234 [inline] __bpf_prog_run include/linux/filter.h:657 [inline] bpf_prog_run include/linux/filter.h:664 [inline] __bpf_trace_run kernel/trace/bpf_trace.c:2381 [inline] bpf_trace_run2+0x116/0x300 kernel/trace/bpf_trace.c:2420 CPU: 1 PID: 5048 Comm: syz-executor406 Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 ===================================================== --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@...glegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want syzbot to run the reproducer, reply with: #syz test: git://repo/address.git branch-or-commit-hash If you attach or paste a git patch, syzbot will apply it before testing. If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup
Powered by blists - more mailing lists