lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Oct 2022 21:10:46 +0800 From: kernel test robot <oliver.sang@...el.com> To: "Eric W. Biederman" <ebiederm@...ssion.com> CC: <lkp@...ts.01.org>, <lkp@...el.com>, <linux-kernel@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Al Viro <viro@...iv.linux.org.uk>, "David Laight" <David.Laight@...lab.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "Serge E. Hallyn" <serge@...lyn.com> Subject: [proc] 5336f1902b: BUG:KASAN:global-out-of-bounds_in_memchr Greeting, FYI, we noticed the following commit (built with gcc-11): commit: 5336f1902b4ba8a646f082f32fbb183850a13080 ("[CFT][PATCH] proc: Update /proc/net to point at the accessing threads network namespace") url: https://github.com/intel-lab-lkp/linux/commits/Eric-W-Biederman/proc-Update-proc-net-to-point-at-the-accessing-threads-network-namespace/20220930-065017 base: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git 987a926c1d8a40e4256953b04771fbdb63bc7938 patch link: https://lore.kernel.org/lkml/87ill53igy.fsf_-_@email.froward.int.ebiederm.org in testcase: xfstests version: xfstests-x86_64-5a5e419-1_20220927 with following parameters: disk: 6HDD fs: btrfs test: btrfs-group-21 test-description: xfstests is a regression test suite for xfs and other files ystems. test-url: git://git.kernel.org/pub/scm/fs/xfs/xfstests-dev.git on test machine: 8 threads 1 sockets Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz (Haswell) with 8G memory caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace): +------------------------------------------+------------+------------+ | | 987a926c1d | 5336f1902b | +------------------------------------------+------------+------------+ | BUG:KASAN:global-out-of-bounds_in_memchr | 0 | 78 | +------------------------------------------+------------+------------+ If you fix the issue, kindly add following tag | Reported-by: kernel test robot <oliver.sang@...el.com> | Link: https://lore.kernel.org/r/202210052104.561159b8-oliver.sang@intel.com [ 71.510417][ T7965] BUG: KASAN: global-out-of-bounds in memchr (lib/string.c:883) [ 71.517984][ T7965] Read of size 1 at addr ffffffff83b51604 by task killall/7965 [ 71.526948][ T7965] [ 71.530801][ T7965] CPU: 1 PID: 7965 Comm: killall Tainted: G S 6.0.0-rc7-00133-g5336f1902b4b #1 [ 71.541870][ T7965] Hardware name: Dell Inc. OptiPlex 9020/0DNKMN, BIOS A05 12/05/2013 [ 71.550663][ T7965] Call Trace: [ 71.554659][ T7965] <TASK> [ 71.558263][ T7965] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1)) [ 71.563451][ T7965] print_address_description+0x1f/0x200 [ 71.570717][ T7965] print_report.cold (mm/kasan/report.c:434) [ 71.576191][ T7965] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 71.582283][ T7965] ? memchr (lib/string.c:883) [ 71.586903][ T7965] kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:497) [ 71.591946][ T7965] ? memchr (lib/string.c:883) [ 71.596524][ T7965] memchr (lib/string.c:883) [ 71.600908][ T7965] verify_dirent_name (include/linux/fortify-string.h:432 fs/readdir.c:114) [ 71.606310][ T7965] filldir64 (fs/readdir.c:320) [ 71.611049][ T7965] ? folio_add_lru (arch/x86/include/asm/preempt.h:85 mm/swap.c:491) [ 71.616173][ T7965] proc_pid_readdir (fs/proc/base.c:3509) [ 71.621607][ T7965] ? proc_pid_lookup (fs/proc/base.c:3486) [ 71.627090][ T7965] ? proc_readdir_de (arch/x86/include/asm/atomic.h:165 arch/x86/include/asm/atomic.h:178 include/linux/atomic/atomic-instrumented.h:147 include/asm-generic/qrwlock.h:113 include/linux/rwlock_api_smp.h:232 fs/proc/generic.c:321 fs/proc/generic.c:284) [ 71.632617][ T7965] iterate_dir (fs/readdir.c:65) [ 71.637581][ T7965] __x64_sys_getdents64 (fs/readdir.c:370 fs/readdir.c:354 fs/readdir.c:354) [ 71.643287][ T7965] ? __ia32_sys_getdents (fs/readdir.c:354) [ 71.649053][ T7965] ? handle_mm_fault (mm/memory.c:5157) [ 71.654497][ T7965] ? __x64_sys_getdents (fs/readdir.c:312) [ 71.660169][ T7965] ? do_user_addr_fault (arch/x86/mm/fault.c:1426) [ 71.665863][ T7965] ? exit_to_user_mode_loop (include/linux/sched.h:2305 include/linux/resume_user_mode.h:61 kernel/entry/common.c:169) [ 71.671798][ T7965] do_syscall_64 (arch/x86/entry/common.c:50 arch/x86/entry/common.c:80) [ 71.676678][ T7965] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:120) [ 71.682981][ T7965] RIP: 0033:0x7f7f3cbe5387 [ 71.687826][ T7965] Code: 0f 1f 00 48 8b 47 20 c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 81 fa ff ff ff 7f b8 ff ff ff 7f 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 d9 aa 10 00 f7 d8 64 89 02 48 All code ======== 0: 0f 1f 00 nopl (%rax) 3: 48 8b 47 20 mov 0x20(%rdi),%rax 7: c3 retq 8: 66 2e 0f 1f 84 00 00 nopw %cs:0x0(%rax,%rax,1) f: 00 00 00 12: 90 nop 13: 48 81 fa ff ff ff 7f cmp $0x7fffffff,%rdx 1a: b8 ff ff ff 7f mov $0x7fffffff,%eax 1f: 48 0f 47 d0 cmova %rax,%rdx 23: b8 d9 00 00 00 mov $0xd9,%eax 28: 0f 05 syscall 2a:* 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax <-- trapping instruction 30: 77 01 ja 0x33 32: c3 retq 33: 48 8b 15 d9 aa 10 00 mov 0x10aad9(%rip),%rdx # 0x10ab13 3a: f7 d8 neg %eax 3c: 64 89 02 mov %eax,%fs:(%rdx) 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 6: 77 01 ja 0x9 8: c3 retq 9: 48 8b 15 d9 aa 10 00 mov 0x10aad9(%rip),%rdx # 0x10aae9 10: f7 d8 neg %eax 12: 64 89 02 mov %eax,%fs:(%rdx) 15: 48 rex.W [ 71.708650][ T7965] RSP: 002b:00007ffe0194edd8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9 [ 71.717564][ T7965] RAX: ffffffffffffffda RBX: 00005566e677e3a0 RCX: 00007f7f3cbe5387 [ 71.726016][ T7965] RDX: 0000000000008000 RSI: 00005566e677e3d0 RDI: 0000000000000004 [ 71.734485][ T7965] RBP: 00005566e677e3d0 R08: 0000000000000030 R09: 00007f7f3ccf0be0 [ 71.742941][ T7965] R10: fffffffffffffd18 R11: 0000000000000293 R12: ffffffffffffff80 [ 71.751511][ T7965] R13: 00005566e677e3a4 R14: 0000000000000000 R15: 00005566e67863e0 [ 71.759971][ T7965] </TASK> [ 71.763468][ T7965] [ 71.766290][ T7965] The buggy address belongs to the variable: [ 71.772827][ T7965] proc_fs_parameters+0xcc4/0xd60 [ 71.778272][ T7965] [ 71.780980][ T7965] Memory state around the buggy address: [ 71.787003][ T7965] ffffffff83b51500: 03 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 71.795510][ T7965] ffffffff83b51580: 05 f9 f9 f9 f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 [ 71.803973][ T7965] >ffffffff83b51600: 04 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 04 f9 f9 f9 [ 71.812459][ T7965] ^ [ 71.816899][ T7965] ffffffff83b51680: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 [ 71.825394][ T7965] ffffffff83b51700: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 07 f9 f9 f9 [ 71.833858][ T7965] ================================================================== [ 71.842353][ T7965] Disabling lock debugging due to kernel taint [ 73.113893][ T7993] BTRFS info (device sdb2): using crc32c (crc32c-intel) checksum algorithm [ 73.122970][ T7993] BTRFS info (device sdb2): disk space caching is enabled [ 73.249734][ T353] btrfs/212 _check_dmesg: something found in dmesg (see /lkp/benchmarks/xfstests/results//btrfs/212.dmesg) [ 73.249753][ T353] [ 73.265812][ T353] [ 73.265821][ T353] [ 73.290165][ T1650] run fstests btrfs/213 at 2022-10-02 03:09:04 [ 73.975400][ T8186] BTRFS info (device sdb1): using crc32c (crc32c-intel) checksum algorithm [ 73.984538][ T8186] BTRFS info (device sdb1): disk space caching is enabled [ 74.305018][ T8250] BTRFS: device fsid 7b1643d2-a0ef-4a60-a3a1-7dfaa39dabb2 devid 1 transid 5 /dev/sdb2 scanned by mkfs.btrfs (8250) [ 74.338350][ T8261] BTRFS info (device sdb2): using crc32c (crc32c-intel) checksum algorithm [ 74.347523][ T8261] BTRFS info (device sdb2): disk space caching is enabled [ 74.359821][ T8261] BTRFS info (device sdb2): checking UUID tree [ 78.669924][ T8302] BTRFS info (device sdb2): balance: start -d [ 78.676960][ T8302] BTRFS info (device sdb2): relocating block group 2177892352 flags data [ 80.486450][ T8302] BTRFS info (device sdb2): balance: canceled [ 80.569587][ T8311] BTRFS info (device sdb2): balance: start -m -s [ 80.578570][ T8311] BTRFS info (device sdb2): relocating block group 30408704 flags metadata|dup [ 80.728132][ T8311] BTRFS info (device sdb2): found 74 extents, stage: move data extents [ 80.845157][ T8311] BTRFS info (device sdb2): relocating block group 22020096 flags system|dup [ 81.002861][ T8311] BTRFS info (device sdb2): found 1 extents, stage: move data extents [ 81.161533][ T8311] BTRFS info (device sdb2): balance: ended with status: 0 [ 83.031379][ T8342] BTRFS info (device sdb2): using crc32c (crc32c-intel) checksum algorithm [ 83.040869][ T8342] BTRFS info (device sdb2): disk space caching is enabled [ 83.140497][ T353] btrfs/213 10s [ 83.140507][ T353] [ 83.177038][ T1650] run fstests btrfs/214 at 2022-10-02 03:09:14 [ 83.520920][ T8539] BTRFS info (device sdb1): using crc32c (crc32c-intel) checksum algorithm [ 83.530034][ T8539] BTRFS info (device sdb1): disk space caching is enabled [ 83.795491][ T8591] BTRFS: device fsid 047db66e-9c5a-43b9-a0ed-a59a5a54c01a devid 1 transid 5 /dev/sdb2 scanned by mkfs.btrfs (8591) [ 83.828333][ T8602] BTRFS info (device sdb2): using crc32c (crc32c-intel) checksum algorithm [ 83.837501][ T8602] BTRFS info (device sdb2): disk space caching is enabled [ 83.849771][ T8602] BTRFS info (device sdb2): checking UUID tree [ 84.553095][ T8643] BTRFS: device fsid 2b3475c1-7363-46bb-b5be-3b7de42f32b5 devid 1 transid 5 /dev/sdb2 scanned by mkfs.btrfs (8643) [ 84.587062][ T8657] BTRFS info (device sdb2): using crc32c (crc32c-intel) checksum algorithm [ 84.596436][ T8657] BTRFS info (device sdb2): disk space caching is enabled [ 84.609434][ T8657] BTRFS info (device sdb2): checking UUID tree [ 85.519592][ T8718] BTRFS: device fsid 1489ff22-2c49-4e57-9c0b-ec0e45befbb1 devid 1 transid 5 /dev/sdb2 scanned by mkfs.btrfs (8718) [ 85.552817][ T8732] BTRFS info (device sdb2): using crc32c (crc32c-intel) checksum algorithm [ 85.562090][ T8732] BTRFS info (device sdb2): disk space caching is enabled [ 85.574899][ T8732] BTRFS info (device sdb2): checking UUID tree [ 86.469477][ T8795] BTRFS: device fsid e3efb665-e701-41d2-a531-ffb2423afdc9 devid 1 transid 5 /dev/sdb2 scanned by mkfs.btrfs (8795) [ 86.503705][ T8809] BTRFS info (device sdb2): using crc32c (crc32c-intel) checksum algorithm [ 86.513013][ T8809] BTRFS info (device sdb2): disk space caching is enabled [ 86.525302][ T8809] BTRFS info (device sdb2): checking UUID tree [ 87.419276][ T8872] BTRFS: device fsid 2e2cffbe-0236-4737-889d-f93e6a2de77b devid 1 transid 5 /dev/sdb2 scanned by mkfs.btrfs (8872) [ 87.452360][ T8886] BTRFS info (device sdb2): using crc32c (crc32c-intel) checksum algorithm [ 87.461728][ T8886] BTRFS info (device sdb2): disk space caching is enabled [ 87.474447][ T8886] BTRFS info (device sdb2): checking UUID tree [ 88.348072][ T353] btrfs/214 5s [ 88.348082][ T353] [ 88.384248][ T1650] run fstests btrfs/215 at 2022-10-02 03:09:19 [ 88.728498][ T9138] BTRFS info (device sdb1): using crc32c (crc32c-intel) checksum algorithm [ 88.737813][ T9138] BTRFS info (device sdb1): disk space caching is enabled [ 88.994029][ T9188] BTRFS: device fsid c723a7a3-6fd5-4421-bee8-2f5ae485be5d devid 1 transid 5 /dev/sdb2 scanned by mkfs.btrfs (9188) [ 89.035307][ T9202] BTRFS info (device sdb2): using crc32c (crc32c-intel) checksum algorithm [ 89.044653][ T9202] BTRFS info (device sdb2): disabling disk space caching [ 89.057213][ T9202] BTRFS info (device sdb2): cleaning free space cache v1 [ 89.093093][ T9202] BTRFS info (device sdb2): checking UUID tree [ 89.231074][ T9248] BTRFS info (device sdb2): using crc32c (crc32c-intel) checksum algorithm [ 89.251683][ T59] BTRFS warning (device sdb2): csum failed root 5 ino 257 off 0 csum 0x656bd64e expected csum 0x4ef41b07 mirror 1 [ 89.265224][ T59] BTRFS error (device sdb2): bdev /dev/sdb2 errs: wr 0, rd 0, flush 0, corrupt 1, gen 0 [ 89.275939][ T59] BTRFS warning (device sdb2): csum failed root 5 ino 257 off 0 csum 0x656bd64e expected csum 0x4ef41b07 mirror 1 [ 89.289527][ T59] BTRFS error (device sdb2): bdev /dev/sdb2 errs: wr 0, rd 0, flush 0, corrupt 2, gen 0 [ 89.312524][ T59] BTRFS warning (device sdb2): csum failed root 5 ino 257 off 0 csum 0x656bd64e expected csum 0x4ef41b07 mirror 1 [ 89.326147][ T59] BTRFS error (device sdb2): bdev /dev/sdb2 errs: wr 0, rd 0, flush 0, corrupt 3, gen 0 [ 89.336731][ T59] BTRFS warning (device sdb2): csum failed root 5 ino 257 off 4096 csum 0x656bd64e expected csum 0x4ef41b07 mirror 1 [ 89.350710][ T59] BTRFS error (device sdb2): bdev /dev/sdb2 errs: wr 0, rd 0, flush 0, corrupt 4, gen 0 [ 89.361254][ T59] BTRFS warning (device sdb2): csum failed root 5 ino 257 off 8192 csum 0x656bd64e expected csum 0x4ef41b07 mirror 1 To reproduce: git clone https://github.com/intel/lkp-tests.git cd lkp-tests sudo bin/lkp install job.yaml # job file is attached in this email bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run sudo bin/lkp run generated-yaml-file # if come across any failure that blocks the test, # please remove ~/.lkp and /lkp dir to run from a clean state. -- 0-DAY CI Kernel Test Service https://01.org/lkp View attachment "config-6.0.0-rc7-00133-g5336f1902b4b" of type "text/plain" (168357 bytes) View attachment "job-script" of type "text/plain" (6001 bytes) Download attachment "dmesg.xz" of type "application/x-xz" (29932 bytes) View attachment "xfstests" of type "text/plain" (2506 bytes) View attachment "job.yaml" of type "text/plain" (4761 bytes) View attachment "reproduce" of type "text/plain" (1015 bytes)
Powered by blists - more mailing lists