Bug 1368670 - BUG: KASAN: stack-out-of-bounds in mpi_write_to_sgl+0x2eb/0x4a2 at addr ffff88038cc4f789
Summary: BUG: KASAN: stack-out-of-bounds in mpi_write_to_sgl+0x2eb/0x4a2 at addr ffff8...
Keywords:
Status: CLOSED DUPLICATE of bug 126342
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 24
Hardware: x86_64
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-20 14:03 UTC by Vittorio
Modified: 2016-08-21 04:30 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-08-20 14:20:52 UTC


Attachments (Terms of Use)

Description Vittorio 2016-08-20 14:03:03 UTC
Description of problem: KASAN stack-out-of-bounds


Version-Release number of selected component (if applicable):
4.6.6-300

How reproducible:Boot the kernel


Aug 19 15:56:53 nero21 kernel: BUG: KASAN: stack-out-of-bounds in mpi_write_to_sgl+0x2eb/0x4a2 at addr ffff88038cc4f789
Aug 19 15:56:53 nero21 kernel: Read of size 8 by task swapper/0/1
Aug 19 15:56:53 nero21 kernel: page:ffffea000e3313c0 count:0 mapcount:0 mapping:          (null) index:0x0
Aug 19 15:56:53 nero21 kernel: flags: 0x5fff8000000000()
Aug 19 15:56:53 nero21 kernel: page dumped because: kasan: bad access detected
Aug 19 15:56:53 nero21 kernel: CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.6.6sanitized #1
Aug 19 15:56:53 nero21 kernel: Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./H81M-DGS R2.0, BIOS P1.30 07/02/2014
Aug 19 15:56:53 nero21 kernel:  ffff88038cc4f789 000000001f40e448 ffff88038cc4f638 ffffffff815d9ac7
Aug 19 15:56:53 nero21 kernel:  0000000000000001 ffff88038cc4f6c8 ffff88038cc4f6b8 ffffffff81327d89
Aug 19 15:56:53 nero21 kernel:  ffff88038cc4f738 00000000000001f8 0000000000000297 0000008000000000
Aug 19 15:56:53 nero21 kernel: Call Trace:
Aug 19 15:56:53 nero21 kernel:  [<ffffffff815d9ac7>] dump_stack+0x63/0x81
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81327d89>] kasan_report_error+0x499/0x567
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81328387>] kasan_report+0x58/0x61
Aug 19 15:56:53 nero21 kernel:  [<ffffffff8162523f>] ? mpi_write_to_sgl+0x2eb/0x4a2
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81326cd6>] __asan_load8+0x65/0x67
Aug 19 15:56:53 nero21 kernel:  [<ffffffff8162523f>] mpi_write_to_sgl+0x2eb/0x4a2
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81624f54>] ? mpi_set_buffer+0x305/0x305
Aug 19 15:56:53 nero21 kernel:  [<ffffffff8154e02d>] rsa_verify+0x183/0x1b4
Aug 19 15:56:53 nero21 kernel:  [<ffffffff8154deaa>] ? _rsa_dec.isra.2+0x76/0x76
Aug 19 15:56:53 nero21 kernel:  [<ffffffff8154eaa8>] ? pkcs1pad_sg_set_buf+0xc6/0x2a5
Aug 19 15:56:53 nero21 kernel:  [<ffffffff813237ff>] ? __kmalloc+0x114/0x265
Aug 19 15:56:53 nero21 kernel:  [<ffffffff8154f4fb>] pkcs1pad_verify+0x1c9/0x215
Aug 19 15:56:53 nero21 kernel:  [<ffffffff815764a4>] public_key_verify_signature+0x40a/0x4d0
Aug 19 15:56:53 nero21 kernel:  [<ffffffff8157609a>] ? public_key_describe+0x5f/0x5f
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81323b09>] ? __slab_free+0x93/0x259
Aug 19 15:56:53 nero21 kernel:  [<ffffffff813271ec>] ? kasan_unpoison_shadow+0x35/0x43
Aug 19 15:56:53 nero21 kernel:  [<ffffffff812c77a6>] ? kzfree+0x2d/0x31
Aug 19 15:56:53 nero21 kernel:  [<ffffffff812c77a6>] ? kzfree+0x2d/0x31
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81540c8f>] ? crypto_destroy_tfm+0x90/0xb9
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81577fd9>] ? x509_get_sig_params+0x1aa/0x22f
Aug 19 15:56:53 nero21 kernel:  [<ffffffff8157808c>] x509_check_signature+0x2e/0x84
Aug 19 15:56:53 nero21 kernel:  [<ffffffff815781d1>] x509_key_preparse+0xef/0x4be
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81170559>] ? msg_print_text+0xf4/0x1ca
Aug 19 15:56:53 nero21 kernel:  [<ffffffff815758f8>] asymmetric_key_preparse+0x67/0xf6
Aug 19 15:56:53 nero21 kernel:  [<ffffffff814fb771>] key_create_or_update+0x256/0x61c
Aug 19 15:56:53 nero21 kernel:  [<ffffffff814fb51b>] ? key_type_lookup+0x83/0x83
Aug 19 15:56:53 nero21 kernel:  [<ffffffff811716f1>] ? vprintk_emit+0x23c/0x4c9
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81171b98>] ? vprintk_default+0x3e/0x58
Aug 19 15:56:53 nero21 kernel:  [<ffffffff829087e7>] load_system_certificate_list+0xce/0x13b
Aug 19 15:56:53 nero21 kernel:  [<ffffffff82908719>] ? system_trusted_keyring_init+0x79/0x79
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81002184>] do_one_initcall+0x11e/0x28a
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81002066>] ? try_to_run_init_process+0x39/0x39
Aug 19 15:56:53 nero21 kernel:  [<ffffffff828c8a00>] ? set_debug_rodata+0x1/0x12
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81118f1e>] ? parse_args+0x2fc/0x5bf
Aug 19 15:56:53 nero21 kernel:  [<ffffffff828c955e>] kernel_init_freeable+0x2ee/0x3b5
Aug 19 15:56:53 nero21 kernel:  [<ffffffff828c9270>] ? start_kernel+0x523/0x523
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81045778>] ? compat_start_thread+0x63/0x63
Aug 19 15:56:53 nero21 kernel:  [<ffffffff811273a8>] ? finish_task_switch+0xaa/0x345
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81c366f6>] kernel_init+0x13/0x11d
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81c49902>] ret_from_fork+0x22/0x40
Aug 19 15:56:53 nero21 kernel:  [<ffffffff81c366e3>] ? rest_init+0x8a/0x8a
Aug 19 15:56:53 nero21 kernel: Memory state around the buggy address:
Aug 19 15:56:53 nero21 kernel:  ffff88038cc4f680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Aug 19 15:56:53 nero21 kernel:  ffff88038cc4f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1
Aug 19 15:56:53 nero21 kernel: >ffff88038cc4f780: f1 00 f4 f4 f4 00 00 00 00 00 00 00 00 00 00 00
Aug 19 15:56:53 nero21 kernel:                          ^
Aug 19 15:56:53 nero21 kernel:  ffff88038cc4f800: 00 00 f1 f1 f1 f1 04 f4 f4 f4 00 00 00 00 00 00
Aug 19 15:56:53 nero21 kernel:  ffff88038cc4f880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Aug 19 15:56:53 nero21 kernel: ==================================================================

Comment 1 Josh Boyer 2016-08-20 14:20:52 UTC
Fedora doesn't build with KASAN set.  Please report your findings upstream.

*** This bug has been marked as a duplicate of bug 126342 ***

Comment 2 Vittorio 2016-08-20 21:45:16 UTC
Fedora builds and run with KASAN set on my workstation.
I just get those annoying messages on dmesg -e -lerr.
Now going to try KASAN on kernel 4.7.2
Who is upstream, BTW?

Comment 3 Vittorio 2016-08-21 04:30:07 UTC
I add that I installed the source code of the kernel from 
kernel-4.6.6-300.fc24.src.rpm

Concerning my question about upstream, I read REPORTING-BUGS.


Note You need to log in before you can comment on or make changes to this bug.