| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <679a131a.050a0220.ac840.02d2.GAE@google.com>
Date: Wed, 29 Jan 2025 03:38:02 -0800
From: syzbot <syzbot+08d8956768c96a2c52cf@...kaller.appspotmail.com>
To: gauthamgujjula@...il.com, linux-kernel@...r.kernel.org,
syzkaller-bugs@...glegroups.com
Subject: Re: [syzbot] [ntfs3?] KMSAN: uninit-value in longest_match_std (2)
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
fff888048f41a78 RSI: ffff88813fffab50 RDI: 00006c656e72656b
RBP: ffff88811a573880 R08: ffffea000000000f R09: ffffffff82d145f0
R10: 0000000000000002 R11: ffff888115eca0c0 R12: 0000000000000001
R13: 0000000000000000 R14: ffffffffffffffff R15: ffff888115ecac08
FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00006c656e72656b CR3: 0000000013118000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 41 54 push %r12
2: 53 push %rbx
3: 48 89 fb mov %rdi,%rbx
6: 49 c7 c6 ff ff ff ff mov $0xffffffffffffffff,%r14
d: e8 d0 68 5c f2 call 0xf25c68e2
12: 49 89 c7 mov %rax,%r15
15: 41 b4 01 mov $0x1,%r12b
18: eb 0b jmp 0x25
1a: 48 ff c3 inc %rbx
1d: 49 ff c6 inc %r14
20: 45 84 ed test %r13b,%r13b
23: 74 31 je 0x56
25: 45 84 e4 test %r12b,%r12b
28: 74 23 je 0x4d
* 2a: 44 0f b6 2b movzbl (%rbx),%r13d <-- trapping instruction
2e: 48 89 df mov %rbx,%rdi
31: e8 6c 5a 5c f2 call 0xf25c5aa2
36: 0f b6 00 movzbl (%rax),%eax
39: 84 c0 test %al,%al
3b: 74 dd je 0x1a
3d: f6 d0 not %al
3f: 44 rex.R
Warning: Permanently added '10.128.10.46' (ED25519) to the list of known hosts.
2025/01/29 11:35:41 ignoring optional flag "sandboxArg"="0"
2025/01/29 11:35:42 parsed 1 programs
[ 210.397041][ T5771] cgroup: Unknown subsys name 'net'
[ 210.541829][ T5771] cgroup: Unknown subsys name 'cpuset'
[ 210.556943][ T5771] cgroup: Unknown subsys name 'rlimit'
[ 219.249389][ T1270] ieee802154 phy0 wpan0: encryption failed: -22
[ 219.256165][ T1270] ieee802154 phy1 wpan1: encryption failed: -22
[ 255.518781][ T5771] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 259.778955][ T5786] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@...ck.org if you depend on this functionality.
[ 260.392425][ T5792] chnl_net:caif_netlink_parms(): no params data found
[ 260.684988][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state
[ 260.692646][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state
[ 260.700323][ T5792] bridge_slave_0: entered allmulticast mode
[ 260.708890][ T5792] bridge_slave_0: entered promiscuous mode
[ 260.721122][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state
[ 260.728670][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state
[ 260.736414][ T5792] bridge_slave_1: entered allmulticast mode
[ 260.744677][ T5792] bridge_slave_1: entered promiscuous mode
[ 260.806288][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 260.822609][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 260.886475][ T5792] team0: Port device team_slave_0 added
[ 260.899614][ T5792] team0: Port device team_slave_1 added
[ 260.957752][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 260.966228][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 260.992481][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 261.007468][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 261.014991][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 261.042301][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 261.128176][ T5792] hsr_slave_0: entered promiscuous mode
[ 261.136510][ T5792] hsr_slave_1: entered promiscuous mode
[ 261.426933][ T5792] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 261.445515][ T5792] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 261.462326][ T5792] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 261.481632][ T5792] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 261.731046][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0
[ 261.776448][ T5792] 8021q: adding VLAN 0 to HW filter on device team0
[ 261.800359][ T752] bridge0: port 1(bridge_slave_0) entered blocking state
[ 261.808231][ T752] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 261.840232][ T2898] bridge0: port 2(bridge_slave_1) entered blocking state
[ 261.848032][ T2898] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 262.289321][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 262.412526][ T5792] veth0_vlan: entered promiscuous mode
[ 262.438440][ T5792] veth1_vlan: entered promiscuous mode
[ 262.524326][ T5792] veth0_macvtap: entered promiscuous mode
[ 262.542134][ T5792] veth1_macvtap: entered promiscuous mode
[ 262.585637][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 262.620516][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 262.646314][ T5792] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 262.655388][ T5792] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 262.664545][ T5792] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 262.673774][ T5792] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 264.083640][ T4115] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 264.102207][ T5826] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 264.114737][ T5826] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 264.126829][ T5826] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 264.139707][ T5826] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 264.150659][ T5826] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[ 264.159895][ T5826] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 265.251327][ T4115] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 265.639301][ T4115] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 265.778978][ T4115] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 266.192674][ T4115] bridge_slave_1: left allmulticast mode
[ 266.198979][ T4115] bridge_slave_1: left promiscuous mode
[ 266.206045][ T4115] bridge0: port 2(bridge_slave_1) entered disabled state
[ 266.258055][ T4115] bridge_slave_0: left allmulticast mode
[ 266.264237][ T4115] bridge_slave_0: left promiscuous mode
[ 266.270813][ T4115] bridge0: port 1(bridge_slave_0) entered disabled state
[ 266.749152][ T4115] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 266.778091][ T4115] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 266.798206][ T4115] bond0 (unregistering): Released all slaves
[ 267.147046][ T4115] hsr_slave_0: left promiscuous mode
[ 267.164800][ T4115] hsr_slave_1: left promiscuous mode
[ 267.172592][ T4115] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 267.181346][ T4115] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 267.196520][ T4115] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 267.204271][ T4115] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 267.222196][ T4115] veth1_macvtap: left promiscuous mode
[ 267.229027][ T4115] veth0_macvtap: left promiscuous mode
[ 267.235333][ T4115] veth1_vlan: left promiscuous mode
[ 267.241037][ T4115] veth0_vlan: left promiscuous mode
[ 268.004819][ T4115] team0 (unregistering): Port device team_slave_1 removed
[ 268.049156][ T4115] team0 (unregistering): Port device team_slave_0 removed
[ 268.853984][ T5132] BUG: unable to handle page fault for address: 00006c656e72656b
[ 268.861951][ T5132] #PF: supervisor read access in kernel mode
[ 268.868136][ T5132] #PF: error_code(0x0000) - not-present page
[ 268.874355][ T5132] PGD 0 P4D 0
[ 268.878050][ T5132] Oops: Oops: 0000 [#1] PREEMPT SMP PTI
[ 268.883822][ T5132] CPU: 1 UID: 0 PID: 5132 Comm: kworker/1:2 Not tainted 6.13.0-syzkaller-09338-g05dbaf8dd8bf-dirty #0
[ 268.895026][ T5132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[ 268.905340][ T5132] Workqueue: events free_ipc
[ 268.910239][ T5132] RIP: 0010:strlen+0x38/0x90
[ 268.915071][ T5132] Code: 41 54 53 48 89 fb 49 c7 c6 ff ff ff ff e8 d0 68 5c f2 49 89 c7 41 b4 01 eb 0b 48 ff c3 49 ff c6 45 84 ed 74 31 45 84 e4 74 23 <44> 0f b6 2b 48 89 df e8 6c 5a 5c f2 0f b6 00 84 c0 74 dd f6 d0 44
[ 268.935282][ T5132] RSP: 0018:ffff88811a573858 EFLAGS: 00010202
[ 268.941604][ T5132] RAX: ffff888115ecac08 RBX: 00006c656e72656b RCX: 0000000000000000
[ 268.949959][ T5132] RDX: ffff888048f41a78 RSI: ffff88813fffab50 RDI: 00006c656e72656b
[ 268.958234][ T5132] RBP: ffff88811a573880 R08: ffffea000000000f R09: ffffffff82d145f0
[ 268.966405][ T5132] R10: 0000000000000002 R11: ffff888115eca0c0 R12: 0000000000000001
[ 268.974569][ T5132] R13: 0000000000000000 R14: ffffffffffffffff R15: ffff888115ecac08
[ 268.982734][ T5132] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
[ 268.991891][ T5132] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 268.998659][ T5132] CR2: 00006c656e72656b CR3: 0000000013118000 CR4: 00000000003526f0
[ 269.006820][ T5132] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 269.014985][ T5132] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 269.023149][ T5132] Call Trace:
[ 269.026620][ T5132] <TASK>
[ 269.029703][ T5132] ? show_trace_log_lvl+0x268/0x3d0
[ 269.035297][ T5132] ? put_links+0x226/0x9d0
[ 269.039964][ T5132] ? __die_body+0xce/0x1a0
[ 269.044657][ T5132] ? __die+0x22a/0x290
[ 269.048985][ T5132] ? page_fault_oops+0xe58/0xfb0
[ 269.054212][ T5132] ? exc_page_fault+0x56c/0x700
[ 269.059363][ T5132] ? asm_exc_page_fault+0x2b/0x30
[ 269.064668][ T5132] ? put_links+0x680/0x9d0
[ 269.069315][ T5132] ? strlen+0x38/0x90
[ 269.073549][ T5132] ? strlen+0x20/0x90
[ 269.077738][ T5132] put_links+0x226/0x9d0
[ 269.082272][ T5132] drop_sysctl_table+0x10d/0x4f0
[ 269.087455][ T5132] ? kvfree_call_rcu+0xcdc/0xea0
[ 269.092610][ T5132] ? rb_erase+0x20e/0x23b0
[ 269.097297][ T5132] drop_sysctl_table+0x4b6/0x4f0
[ 269.102500][ T5132] unregister_sysctl_table+0x48/0x70
[ 269.108021][ T5132] retire_ipc_sysctls+0x67/0xc0
[ 269.113164][ T5132] free_ipc+0x1d6/0x4c0
[ 269.117549][ T5132] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 269.123729][ T5132] ? __pfx_free_ipc+0x10/0x10
[ 269.128640][ T5132] process_scheduled_works+0xae0/0x1c40
[ 269.134501][ T5132] worker_thread+0xea7/0x14f0
[ 269.139428][ T5132] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[ 269.145530][ T5132] kthread+0x6b9/0xef0
[ 269.149843][ T5132] ? __pfx_worker_thread+0x10/0x10
[ 269.155205][ T5132] ? __pfx_kthread+0x10/0x10
[ 269.160040][ T5132] ret_from_fork+0x6d/0x90
[ 269.164707][ T5132] ? __pfx_kthread+0x10/0x10
[ 269.169547][ T5132] ret_from_fork_asm+0x1a/0x30
[ 269.174561][ T5132] </TASK>
[ 269.177769][ T5132] Modules linked in:
[ 269.181934][ T5132] CR2: 00006c656e72656b
[ 269.186244][ T5132] ---[ end trace 0000000000000000 ]---
[ 269.191949][ T5132] RIP: 0010:strlen+0x38/0x90
[ 269.196815][ T5132] Code: 41 54 53 48 89 fb 49 c7 c6 ff ff ff ff e8 d0 68 5c f2 49 89 c7 41 b4 01 eb 0b 48 ff c3 49 ff c6 45 84 ed 74 31 45 84 e4 74 23 <44> 0f b6 2b 48 89 df e8 6c 5a 5c f2 0f b6 00 84 c0 74 dd f6 d0 44
[ 269.216699][ T5132] RSP: 0018:ffff88811a573858 EFLAGS: 00010202
[ 269.223017][ T5132] RAX: ffff888115ecac08 RBX: 00006c656e72656b RCX: 0000000000000000
[ 269.231202][ T5132] RDX: ffff888048f41a78 RSI: ffff88813fffab50 RDI: 00006c656e72656b
[ 269.239384][ T5132] RBP: ffff88811a573880 R08: ffffea000000000f R09: ffffffff82d145f0
[ 269.247576][ T5132] R10: 0000000000000002 R11: ffff888115eca0c0 R12: 0000000000000001
[ 269.255762][ T5132] R13: 0000000000000000 R14: ffffffffffffffff R15: ffff888115ecac08
[ 269.263942][ T5132] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000
[ 269.273089][ T5132] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 269.279950][ T5132] CR2: 00006c656e72656b CR3: 0000000013118000 CR4: 00000000003526f0
[ 269.288262][ T5132] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 269.296470][ T5132] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 269.304648][ T5132] Kernel panic - not syncing: Fatal exception
[ 269.311344][ T5132] Kernel Offset: disabled
[ 269.315801][ T5132] Rebooting in 86400 seconds..
syzkaller build log:
go env (err=<nil>)
GO111MODULE='auto'
GOARCH='amd64'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/syzkaller/jobs-2/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs-2/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.7'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/syzkaller/jobs-2/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build945646003=/tmp/go-build -gno-record-gcc-switches'
git status (err=<nil>)
HEAD detached at f3558dbf03
nothing to commit, working tree clean
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
go fmt ./sys/... >/dev/null
touch .descriptions
GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=f3558dbf032eab2b77c1cb11b9ce2baffe7838d3 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20250103-110009'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \
-DHOSTGOOS_linux=1 -DGIT_REVISION=\"f3558dbf032eab2b77c1cb11b9ce2baffe7838d3\"
/usr/bin/ld: /tmp/ccHWldzr.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x104): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
Error text is too large and was truncated, full error text is at:
https://syzkaller.appspot.com/x/error.txt?x=10991524580000
Tested on:
commit: 05dbaf8d Merge tag 'x86-urgent-2025-01-28' of git://gi..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=ccb9b8c423893ece
dashboard link: https://syzkaller.appspot.com/bug?extid=08d8956768c96a2c52cf
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
patch: https://syzkaller.appspot.com/x/patch.diff?x=1549a924580000
Powered by blists - more mailing lists