lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20171110024255.GF22793@yexl-desktop>
Date:   Fri, 10 Nov 2017 10:42:55 +0800
From:   kernel test robot <xiaolong.ye@...el.com>
To:     Prarit Bhargava <prarit@...hat.com>
Cc:     linux-kernel@...r.kernel.org, Andi Kleen <ak@...ux.intel.com>,
        Prarit Bhargava <prarit@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
        Peter Zijlstra <peterz@...radead.org>,
        Dave Hansen <dave.hansen@...el.com>,
        Piotr Luc <piotr.luc@...el.com>,
        Kan Liang <kan.liang@...el.com>, Borislav Petkov <bp@...e.de>,
        Stephane Eranian <eranian@...gle.com>,
        Arvind Yadav <arvind.yadav.cs@...il.com>,
        Andy Lutomirski <luto@...nel.org>,
        Christian Borntraeger <borntraeger@...ibm.com>,
        "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>,
        Tom Lendacky <thomas.lendacky@....com>,
        He Chen <he.chen@...ux.intel.com>,
        Mathias Krause <minipli@...glemail.com>,
        Tim Chen <tim.c.chen@...ux.intel.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>, lkp@...org
Subject: [lkp-robot] [x86/topology]  4b5ebf8be9: BUG:KASAN:slab-out-of-bounds


FYI, we noticed the following commit (built with gcc-6):

commit: 4b5ebf8be96f75fbdd95ecf7db732142f2df3c04 ("x86/topology: Avoid wasting 128k for package id array")
url: https://github.com/0day-ci/linux/commits/Prarit-Bhargava/perf-x86-intel-uncore-Cache-logical-pkg-id-in-uncore-driver/20171107-030032


in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu IvyBridge -smp 4 -m 2G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


+------------------------------+------------+------------+
|                              | 599e195495 | 4b5ebf8be9 |
+------------------------------+------------+------------+
| boot_successes               | 8          | 0          |
| boot_failures                | 0          | 8          |
| BUG:KASAN:slab-out-of-bounds | 0          | 8          |
+------------------------------+------------+------------+



[    0.010000] BUG: KASAN: slab-out-of-bounds in topology_update_package_map+0xcc/0x15d
[    0.010000] Read of size 4 at addr ffff8800614ea000 by task swapper/1/0
[    0.010000] 
[    0.010000] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.12.0-rc7-00079-g4b5ebf8 #1
[    0.010000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[    0.010000] Call Trace:
[    0.010000]  dump_stack+0xb8/0x10e
[    0.010000]  print_address_description+0x76/0x233
[    0.010000]  ? topology_phys_to_logical_pkg+0x6e/0x7f
[    0.010000]  kasan_report+0x20f/0x23c
[    0.010000]  ? topology_update_package_map+0xcc/0x15d
[    0.010000]  check_memory_region+0x12b/0x130
[    0.010000]  memcpy+0x23/0x4c
[    0.010000]  topology_update_package_map+0xcc/0x15d
[    0.010000]  identify_secondary_cpu+0xc2/0xe9
[    0.010000]  smp_store_cpu_info+0x78/0x7f
[    0.010000]  start_secondary+0x9d/0x196
[    0.010000]  secondary_startup_64+0x9f/0x9f
[    0.010000] 
[    0.010000] Allocated by task 1:
[    0.010000]  save_stack_trace+0x1b/0x1d
[    0.010000]  kasan_kmalloc+0xd7/0x173
[    0.010000]  __kmalloc+0x258/0x3cd
[    0.010000]  topology_update_package_map+0x75/0x15d
[    0.010000]  smp_store_boot_cpu_info+0x115/0x13a
[    0.010000]  native_smp_prepare_cpus+0xdd/0x766
[    0.010000]  kernel_init_freeable+0xc9/0x3a9
[    0.010000]  kernel_init+0x16/0x15c
[    0.010000]  ret_from_fork+0x2a/0x40
[    0.010000] 
[    0.010000] Freed by task 0:
[    0.010000] (stack is not available)
[    0.010000] 
[    0.010000] The buggy address belongs to the object at ffff8800614ea000
[    0.010000]  which belongs to the cache kmalloc-32 of size 32
[    0.010000] The buggy address is located 0 bytes inside of
[    0.010000]  32-byte region [ffff8800614ea000, ffff8800614ea020)
[    0.010000] The buggy address belongs to the page:
[    0.010000] page:ffffea0001853a80 count:1 mapcount:0 mapping:ffff8800614ea000 index:0xffff8800614eafc1
[    0.010000] flags: 0x100(slab)
[    0.010000] raw: 0000000000000100 ffff8800614ea000 ffff8800614eafc1 000000010000003f
[    0.010000] raw: ffffea0001852fa0 ffff880000080248 ffff8800000981c0 0000000000000000
[    0.010000] page dumped because: kasan: bad access detected
[    0.010000] 
[    0.010000] Memory state around the buggy address:
[    0.010000]  ffff8800614e9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    0.010000]  ffff8800614e9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[    0.010000] >ffff8800614ea000: 02 fc fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[    0.010000]                    ^
[    0.010000]  ffff8800614ea080: 00 00 07 fc fc fc fc fc 00 00 03 fc fc fc fc fc
[    0.010000]  ffff8800614ea100: 00 05 fc fc fc fc fc fc 00 fc fc fc fc fc fc fc
[    0.010000] ==================================================================
[    0.010000] Disabling lock debugging due to kernel taint
[    0.390208] KVM setup async PF for cpu 1
[    0.391245] kvm-stealtime: cpu 1, msr 61e96640
[    0.477011]  #2
[    0.010000] kvm-clock: cpu 2, msr 0:7544e081, secondary cpu clock
[    0.010000] masked ExtINT on CPU#2
[    0.480126] KVM setup async PF for cpu 2
[    0.481171] kvm-stealtime: cpu 2, msr 61f16640
[    0.567243]  #3
[    0.010000] kvm-clock: cpu 3, msr 0:7544e0c1, secondary cpu clock
[    0.010000] masked ExtINT on CPU#3
[    0.580189] KVM setup async PF for cpu 3
[    0.580875] kvm-stealtime: cpu 3, msr 61f96640
[    0.581666] smp: Brought up 1 node, 4 CPUs
[    0.581666] ----------------
[    0.581666] | NMI testsuite:
[    0.581892] --------------------
[    0.582498]   remote IPI:  ok  |
[    0.583395]    local IPI:  ok  |
[    0.584044] --------------------
[    0.584651] Good, all   2 testcases passed! |
[    0.585460] ---------------------------------
[    0.586269] smpboot: Total of 4 processors activated (21548.06 BogoMIPS)
[    0.591653] sched_clock: Marking stable (590000000, 0)->(1275641729, -685641729)
[    0.595608] devtmpfs: initialized
[    0.619788] workqueue: round-robin CPU selection forced, expect performance impact
[    0.640549] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns
[    0.642262] futex hash table entries: 1024 (order: 5, 131072 bytes)
[    0.644448] prandom: seed boundary self test passed
[    0.648684] prandom: 100 self tests passed
[    0.649429] pinctrl core: initialized pinctrl subsystem
[    0.653263] regulator-dummy: Failed to create debugfs directory
[    0.657222] NET: Registered protocol family 16
[    0.669167] cpuidle: using governor ladder
[    0.670061] cpuidle: using governor menu
[    0.677219] ACPI: bus type PCI registered
[    0.677939] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
[    0.679699] PCI: Using configuration type 1 for base access
[    0.912144] HugeTLB registered 2 MB page size, pre-allocated 0 pages
[    0.915778] ACPI: Added _OSI(Module Device)
[    0.916242] ACPI: Added _OSI(Processor Device)
[    0.916724] ACPI: Added _OSI(3.0 _SCP Extensions)
[    0.917366] ACPI: Added _OSI(Processor Aggregator Device)
[    0.958057] ACPI: Interpreter enabled
[    0.958616] ACPI: (supports S0 S5)
[    0.959196] ACPI: Using IOAPIC for interrupt routing
[    0.960350] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[    1.124639] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[    1.125358] acpi PNP0A03:00: _OSC: OS supports [Segments MSI]


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script  # job-script is attached in this email



Thanks,
Xiaolong

View attachment "config-4.12.0-rc7-00079-g4b5ebf8" of type "text/plain" (109810 bytes)

View attachment "job-script" of type "text/plain" (4253 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (8072 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ