| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202511281452.35e03947-lkp@intel.com>
Date: Fri, 28 Nov 2025 14:59:38 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Ard Biesheuvel <ardb@...nel.org>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <linux-kernel@...r.kernel.org>,
<oliver.sang@...el.com>
Subject: [ardb:lockless-random] [random] c0aebac6f3:
UBSAN:array-index-out-of-bounds_in_drivers/char/random.c
Hello,
kernel test robot noticed "UBSAN:array-index-out-of-bounds_in_drivers/char/random.c" on:
commit: c0aebac6f39092e97ad08db32f80ccbc27049097 ("random: Use a lockless fast path for get_random_uXX()")
https://git.kernel.org/cgit/linux/kernel/git/ardb/linux.git lockless-random
in testcase: boot
config: x86_64-randconfig-072-20251128
compiler: gcc-14
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 32G
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202511281452.35e03947-lkp@intel.com
[ 52.009601][ T72] ------------[ cut here ]------------
[ 52.010137][ T72] UBSAN: array-index-out-of-bounds in drivers/char/random.c:573:1
[ 52.010925][ T72] index 4294967294 is out of range for type 'u64 [12]'
[ 52.011514][ T72] CPU: 0 UID: 0 PID: 72 Comm: rc.local Tainted: G T 6.18.0-rc7-00004-gc0aebac6f390 #1 VOLUNTARY
[ 52.012639][ T72] Tainted: [T]=RANDSTRUCT
[ 52.013077][ T72] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 52.013922][ T72] Call Trace:
[ 52.014197][ T72] <TASK>
[ 52.014452][ T72] dump_stack_lvl (lib/dump_stack.c:122)
[ 52.014954][ T72] dump_stack (lib/dump_stack.c:129)
[ 52.015381][ T72] ubsan_epilogue (lib/ubsan.c:234)
[ 52.015816][ T72] __ubsan_handle_out_of_bounds (lib/ubsan.c:456)
[ 52.016332][ T72] ? commit_creds (kernel/cred.c:459)
[ 52.016876][ T72] get_random_u64 (drivers/char/random.c:573 (discriminator 1))
[ 52.017252][ T72] arch_rnd (arch/x86/mm/mmap.c:74 (discriminator 1))
[ 52.017680][ T72] arch_pick_mmap_layout (arch/x86/mm/mmap.c:129 (discriminator 2))
[ 52.018086][ T72] setup_new_exec (fs/exec.c:1331)
[ 52.018474][ T72] load_elf_binary (fs/binfmt_elf.c:1037)
[ 52.019000][ T72] ? local_clock_noinstr (kernel/sched/clock.c:304 (discriminator 1))
[ 52.019437][ T72] ? __lock_release+0xb5/0x180
[ 52.019965][ T72] exec_binprm (fs/exec.c:1672 fs/exec.c:1702)
[ 52.020467][ T72] bprm_execve (fs/exec.c:1754)
[ 52.021007][ T72] do_execveat_common+0x299/0x300
[ 52.021489][ T72] __do_compat_sys_execve (fs/exec.c:1961 fs/exec.c:2029)
[ 52.021995][ T72] __ia32_compat_sys_execve (fs/exec.c:2025 fs/exec.c:2025)
[ 52.022435][ T72] ia32_sys_call (kbuild/obj/consumer/x86_64-randconfig-072-20251128/./arch/x86/include/generated/asm/syscalls_32.h:12)
[ 52.022874][ T72] __do_fast_syscall_32 (arch/x86/entry/syscall_32.c:83 arch/x86/entry/syscall_32.c:306)
[ 52.023296][ T72] ? __lock_acquire (kernel/locking/lockdep.c:5237 (discriminator 1))
[ 52.023731][ T72] ? vtime_user_enter (kernel/sched/cputime.c:726)
[ 52.024147][ T72] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91 (discriminator 2))
[ 52.024718][ T72] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:272)
[ 52.025218][ T72] ? local_clock_noinstr (kernel/sched/clock.c:304 (discriminator 1))
[ 52.025657][ T72] ? local_clock (arch/x86/include/asm/preempt.h:85 (discriminator 13) kernel/sched/clock.c:319 (discriminator 13))
[ 52.026072][ T72] ? __lock_release+0xb5/0x180
[ 52.026526][ T72] ? vtime_user_enter (kernel/sched/cputime.c:726)
[ 52.027184][ T72] ? do_write_seqcount_end (include/linux/seqlock.h:523 (discriminator 1))
[ 52.027644][ T72] ? vtime_user_enter (kernel/sched/cputime.c:726)
[ 52.028105][ T72] ? __do_fast_syscall_32 (arch/x86/entry/syscall_32.c:310)
[ 52.028710][ T72] do_fast_syscall_32 (arch/x86/entry/syscall_32.c:331 (discriminator 1))
[ 52.029126][ T72] do_SYSENTER_32 (arch/x86/entry/syscall_32.c:370)
[ 52.029532][ T72] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:127)
[ 52.030017][ T72] RIP: 0023:0xf7f84589
[ 52.030370][ T72] Code: Unable to access opcode bytes at 0xf7f8455f.
Code starting with the faulting instruction
===========================================
[ 52.030954][ T72] RSP: 002b:00000000ff8eef64 EFLAGS: 00000206 ORIG_RAX: 000000000000000b
[ 52.031617][ T72] RAX: ffffffffffffffda RBX: 00000000565d3928 RCX: 00000000565d2778
[ 52.032295][ T72] RDX: 00000000565bcf20 RSI: 00000000565bcf20 RDI: 00000000f7effff4
[ 52.032999][ T72] RBP: 00000000ff8eefd8 R08: 0000000000000000 R09: 0000000000000000
[ 52.034464][ T72] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 52.035166][ T72] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 52.035905][ T72] </TASK>
[ 52.036330][ T72] ---[ end trace ]---
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20251128/202511281452.35e03947-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists