lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 16 Jun 2016 09:27:37 +0800
From:	kernel test robot <xiaolong.ye@...el.com>
To:	Eduardo Valentin <edubezval@...il.com>
Cc:	Zhang Rui <rui.zhang@...el.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Stephen Rothwell <sfr@...b.auug.org.au>, lkp@...org
Subject: [lkp] [thermal]  24bc2fa031: BUG: KASAN: slab-out-of-bounds in
 thermal_zone_device_register+0x749/0x10a0 at addr ffff880000134140


FYI, we noticed the following commit:

https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
commit 24bc2fa031f094c05c017a862732924cb46ad2c1 ("thermal: core: move trips attributes to tz->device.groups")


on test machine: vm-lkp-wsx03-quantal-x86_64: 2 threads qemu-system-x86_64 -enable-kvm -cpu Haswell,+smep,+smap with 360M memory

caused below changes:


+----------------------------------------------------------------------+------------+------------+
|                                                                      | 79f34853ba | 24bc2fa031 |
+----------------------------------------------------------------------+------------+------------+
| boot_successes                                                       | 2          | 0          |
| boot_failures                                                        | 6          | 8          |
| IP-Config:Auto-configuration_of_network_failed                       | 6          | 4          |
| BUG:KASAN:slab-out-of-bounds_in_thermal_zone_device_register_at_addr | 0          | 8          |
| BUG:KASAN:slab-out-of-bounds_in_internal_create_group_at_addr        | 0          | 8          |
| backtrace:power_supply_register                                      | 0          | 8          |
| backtrace:test_power_init                                            | 0          | 8          |
| backtrace:kernel_init_freeable                                       | 0          | 8          |
+----------------------------------------------------------------------+------------+------------+



[    7.103767] __power_supply_register: Expected proper parent device for 'test_ac'
[    7.105699] __power_supply_register: Expected proper parent device for 'test_battery'
[    7.108318] ==================================================================
[    7.109325] BUG: KASAN: slab-out-of-bounds in thermal_zone_device_register+0x749/0x10a0 at addr ffff880000134140
[    7.110709] Write of size 8 by task swapper/1
[    7.111312] CPU: 0 PID: 1 Comm: swapper Not tainted 4.7.0-rc3-00014-g24bc2fa0 #1
[    7.112309] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
[    7.113506]  ffff880000134160 ffff880010897b58 ffffffff817356d9 ffff880010897bd8
[    7.114588]  ffffffff811ebffc 0000000000000000 0000000000000000 0000000000000297
[    7.115652]  ffffffff811eadf5 ffff88000013415f 1ffff1000002682c ffff880010897bd8
[    7.116720] Call Trace:
[    7.117080]  [<ffffffff817356d9>] dump_stack+0x19/0x20
[    7.117777]  [<ffffffff811ebffc>] kasan_report_error+0x1ec/0x5a0
[    7.118598]  [<ffffffff811eadf5>] ? kasan_unpoison_shadow+0x35/0x50
[    7.119454]  [<ffffffff811eb4a9>] ? kasan_kmalloc+0xd9/0x100
[    7.120239]  [<ffffffff811ec3e3>] kasan_report+0x33/0x40
[    7.120967]  [<ffffffff81d44e39>] ? thermal_zone_device_register+0x749/0x10a0
[    7.121949]  [<ffffffff811ebc81>] __asan_store8+0x61/0x70
[    7.122699]  [<ffffffff81d44e39>] thermal_zone_device_register+0x749/0x10a0
[    7.123646]  [<ffffffff81d446f0>] ? thermal_notify_framework+0x10/0x10
[    7.124545]  [<ffffffff818f0640>] ? dev_warn+0xe0/0xe0
[    7.125259]  [<ffffffff821c5d49>] ? _raw_spin_unlock_irq+0x9/0x20
[    7.126104]  [<ffffffff8190959c>] ? device_wakeup_enable+0xbc/0x110
[    7.126956]  [<ffffffff81ca1179>] __power_supply_register+0x5c9/0x700
[    7.127840]  [<ffffffff81ca185e>] power_supply_register+0xe/0x10
[    7.128663]  [<ffffffff83269716>] test_power_init+0x35/0xeb
[    7.129433]  [<ffffffff832696e1>] ? wm8350_power_driver_init+0x14/0x14
[    7.130328]  [<ffffffff832222cd>] do_one_initcall+0xef/0x1a1
[    7.131111]  [<ffffffff83221aae>] ? repair_env_string+0x2f/0x73
[    7.131912]  [<ffffffff832221de>] ? start_kernel+0x447/0x447
[    7.132689]  [<ffffffff810fca00>] ? parameq+0xa0/0xa0
[    7.133385]  [<ffffffff83221a7f>] ? set_debug_rodata+0x12/0x12
[    7.134192]  [<ffffffff83222516>] kernel_init_freeable+0x197/0x228
[    7.135042]  [<ffffffff821b4d2e>] kernel_init+0xe/0x110
[    7.135751]  [<ffffffff821c629f>] ret_from_fork+0x1f/0x40
[    7.136488]  [<ffffffff821b4d20>] ? rest_init+0x90/0x90
[    7.137207] Object at ffff880000134140, in cache kmalloc-32
[    7.137952] Object allocated with size 1 bytes.
[    7.138572] Allocation:
[    7.138909] PID = 1
[    7.139216]  [<ffffffff81032e55>] save_stack_trace+0x25/0x40
[    7.139993]  [<ffffffff811ead36>] save_stack+0x46/0xd0
[    7.140714]  [<ffffffff811eb4a9>] kasan_kmalloc+0xd9/0x100
[    7.141479]  [<ffffffff811e92a6>] __kmalloc+0xe6/0x1d0
[    7.142201]  [<ffffffff81d44a9c>] thermal_zone_device_register+0x3ac/0x10a0
[    7.143162]  [<ffffffff81ca1179>] __power_supply_register+0x5c9/0x700
[    7.144076]  [<ffffffff81ca185e>] power_supply_register+0xe/0x10
[    7.144913]  [<ffffffff83269716>] test_power_init+0x35/0xeb
[    7.145698]  [<ffffffff832222cd>] do_one_initcall+0xef/0x1a1
[    7.146487]  [<ffffffff83222516>] kernel_init_freeable+0x197/0x228
[    7.147359]  [<ffffffff821b4d2e>] kernel_init+0xe/0x110
[    7.148105]  [<ffffffff821c629f>] ret_from_fork+0x1f/0x40
[    7.148860] Memory state around the buggy address:
[    7.149548]  ffff880000134000: 00 fc fc fc fc fc fc fc 00 03 fc fc fc fc fc fc
[    7.150578]  ffff880000134080: 06 fc fc fc fc fc fc fc 03 fc fc fc fc fc fc fc


FYI, raw QEMU command line is:

	qemu-system-x86_64 -enable-kvm -cpu Haswell,+smep,+smap -kernel /pkg/linux/x86_64-randconfig-s1-06151451/gcc-6/24bc2fa031f094c05c017a862732924cb46ad2c1/vmlinuz-4.7.0-rc3-00014-g24bc2fa0 -append 'root=/dev/ram0 user=lkp job=/lkp/scheduled/vm-lkp-wsx03-quantal-x86_64-8/bisect_boot-1-quantal-core-x86_64.cgz-x86_64-randconfig-s1-06151451-24bc2fa031f094c05c017a862732924cb46ad2c1-20160615-110339-ip9qk6-0.yaml~ ARCH=x86_64 kconfig=x86_64-randconfig-s1-06151451 branch=linux-devel/devel-spot-201606151338 commit=24bc2fa031f094c05c017a862732924cb46ad2c1 BOOT_IMAGE=/pkg/linux/x86_64-randconfig-s1-06151451/gcc-6/24bc2fa031f094c05c017a862732924cb46ad2c1/vmlinuz-4.7.0-rc3-00014-g24bc2fa0 max_uptime=600 RESULT_ROOT=/result/boot/1/vm-lkp-wsx03-quantal-x86_64/quantal-core-x86_64.cgz/x86_64-randconfig-s1-06151451/gcc-6/24bc2fa031f094c05c017a862732924cb46ad2c1/0 LKP_SERVER=inn earlyprintk=ttyS0,115200 systemd.log_level=err debug apic=debug sysrq_always_enabled rcupdate.rcu_cpu_stall_timeout=100 panic=-1 softlockup_panic=1 nmi_watchdog=panic oops=panic load_ramdisk=2 prompt_ramdisk=0 console=ttyS0,115200 console=tty0 vga=normal rw ip=::::vm-lkp-wsx03-quantal-x86_64-8::dhcp drbd.minor_count=8'  -initrd /fs/sdc1/initrd-vm-lkp-wsx03-quantal-x86_64-8 -m 360 -smp 2 -device e1000,netdev=net0 -netdev user,id=net0 -boot order=nc -no-reboot -watchdog i6300esb -rtc base=localtime -pidfile /dev/shm/kboot/pid-vm-lkp-wsx03-quantal-x86_64-8 -serial file:/dev/shm/kboot/serial-vm-lkp-wsx03-quantal-x86_64-8 -daemonize -display none -monitor null 





Thanks,
Xiaolong

View attachment "config-4.7.0-rc3-00014-g24bc2fa0" of type "text/plain" (95050 bytes)

Download attachment "dmesg.xz" of type "application/octet-stream" (15640 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ