| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190620014604.GL7221@shao2-debian>
Date: Thu, 20 Jun 2019 09:46:04 +0800
From: kernel test robot <rong.a.chen@...el.com>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: LKML <linux-kernel@...r.kernel.org>,
Ingo Molnar <mingo@...nel.org>,
"H. Peter Anvin" <hpa@...or.com>,
Thomas Gleixner <tglx@...utronix.de>, tipbuild@...or.com,
lkp@...org
Subject: [x86/hpet] 286b15db78: BUG:KASAN:wild-memory-access_in_t
FYI, we noticed the following commit (built with gcc-7):
commit: 286b15db78dc9741a47d082016dfc5fbcc31bd46 ("x86/hpet: Use channel for legacy clockevent storage")
https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git WIP.x86/hpet
in testcase: locktorture
with following parameters:
runtime: 300s
test: default
test-description: This torture test consists of creating a number of kernel threads which acquire the lock and hold it for specific amount of time, thus simulating different critical region behaviors.
test-url: https://www.kernel.org/doc/Documentation/locking/locktorture.txt
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 2G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+------------------------------------------+------------+------------+
| | dfd001e50c | 286b15db78 |
+------------------------------------------+------------+------------+
| boot_successes | 14 | 0 |
| boot_failures | 0 | 16 |
| BUG:KASAN:wild-memory-access_in_t | 0 | 16 |
| general_protection_fault:#[##] | 0 | 16 |
| RIP:try_module_get | 0 | 16 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 16 |
+------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <rong.a.chen@...el.com>
[ 2.801166] BUG: KASAN: wild-memory-access in try_module_get+0x78/0x1bf
[ 2.803334] Read of size 4 at addr 6b6b6b6b6b6b6b6b by task swapper/0
[ 2.805479]
[ 2.806045] CPU: 0 PID: 0 Comm: swapper Not tainted 5.2.0-rc5-00029-g286b15d #1
[ 2.808444] Call Trace:
[ 2.809272] dump_stack+0x19/0x1b
[ 2.810385] __kasan_report+0x151/0x167
[ 2.811724] ? try_module_get+0x78/0x1bf
[ 2.813002] kasan_report+0x33/0x3f
[ 2.814187] ? try_module_get+0x78/0x1bf
[ 2.815457] __asan_load4+0x8a/0x8c
[ 2.816740] try_module_get+0x78/0x1bf
[ 2.817985] ? free_modinfo_version+0x3d/0x3d
[ 2.819919] tick_check_new_device+0x47/0x98
[ 2.821370] clockevents_register_device+0xfe/0x1f5
[ 2.822983] clockevents_config_and_register+0x5f/0x67
[ 2.824682] hpet_enable+0x5bc/0x693
[ 2.825947] hpet_time_init+0x21/0x9c
[ 2.827129] x86_late_time_init+0x1e/0x59
[ 2.828472] start_kernel+0x5f8/0x6ec
[ 2.829661] ? thread_stack_cache_init+0x2e/0x2e
[ 2.831245] ? x86_early_init_platform_quirks+0x9b/0x172
[ 2.832966] ? __asan_loadN+0x23/0x25
[ 2.834211] x86_64_start_reservations+0x4f/0x70
[ 2.835747] x86_64_start_kernel+0x7f/0xa2
[ 2.837061] secondary_startup_64+0xa4/0xb0
[ 2.838447] ==================================================================
[ 2.840861] Disabling lock debugging due to kernel taint
[ 2.842663] general protection fault: 0000 [#1] KASAN
[ 2.844382] CPU: 0 PID: 0 Comm: swapper Tainted: G B 5.2.0-rc5-00029-g286b15d #1
[ 2.847271] RIP: 0010:try_module_get+0x78/0x1bf
[ 2.848790] Code: 40 04 04 f2 f2 f2 c7 40 08 f3 f3 f3 f3 4d 85 ed b2 01 0f 84 2f 01 00 00 4c 8d 7d d8 ff 05 f8 04 9a 01 4c 89 ef e8 ef 7e 10 00 <41> 83 7d 00 02 75 07 31 d2 e9 09 01 00 00 49 8d 9d 78 03 00 00 be
[ 2.854808] RSP: 0000:ffffffffafe07ce0 EFLAGS: 00010082
[ 2.856502] RAX: ffffffffafe96880 RBX: ffff888062890008 RCX: ffffffffae4ca1c8
[ 2.858889] RDX: fffffbfff5fc0f6c RSI: 0000000000000007 RDI: ffffffffb056fdf4
[ 2.861155] RBP: ffffffffafe07d68 R08: dffffc0000000000 R09: 0000000000000001
[ 2.863504] R10: fffffbfff60adfbe R11: 6775626564206b63 R12: 1ffffffff5fc0f9c
[ 2.865873] R13: 6b6b6b6b6b6b6b6b R14: ffffffffb00e93e0 R15: ffffffffafe07d40
[ 2.868589] FS: 0000000000000000(0000) GS:ffffffffafeb7000(0000) knlGS:0000000000000000
[ 2.871247] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2.873104] CR2: 00000000ffffffff CR3: 0000000070e8b000 CR4: 00000000000006b0
[ 2.875445] Call Trace:
[ 2.876304] ? free_modinfo_version+0x3d/0x3d
[ 2.877791] tick_check_new_device+0x47/0x98
[ 2.879164] clockevents_register_device+0xfe/0x1f5
[ 2.880818] clockevents_config_and_register+0x5f/0x67
[ 2.882473] hpet_enable+0x5bc/0x693
[ 2.883634] hpet_time_init+0x21/0x9c
[ 2.885233] x86_late_time_init+0x1e/0x59
[ 2.886634] start_kernel+0x5f8/0x6ec
[ 2.887795] ? thread_stack_cache_init+0x2e/0x2e
[ 2.889262] ? x86_early_init_platform_quirks+0x9b/0x172
[ 2.890931] ? __asan_loadN+0x23/0x25
[ 2.892123] x86_64_start_reservations+0x4f/0x70
[ 2.893602] x86_64_start_kernel+0x7f/0xa2
[ 2.895030] secondary_startup_64+0xa4/0xb0
[ 2.896402] Modules linked in:
[ 2.897510] ---[ end trace 9fb9fcfe81bfae10 ]---
To reproduce:
# build kernel
cd linux
cp config-5.2.0-rc5-00029-g286b15d .config
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 olddefconfig
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 modules_prepare
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 SHELL=/bin/bash
make HOSTCC=gcc-7 CC=gcc-7 ARCH=x86_64 bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz
bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email
Thanks,
Rong Chen
View attachment "config-5.2.0-rc5-00029-g286b15d" of type "text/plain" (121520 bytes)
View attachment "job-script" of type "text/plain" (4686 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (6020 bytes)
Powered by blists - more mailing lists