| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 30 Aug 2020 10:28:42 +0800
From: kernel test robot <lkp@...el.com>
To: Thomas Pedersen <thomas@...pt-ip.com>
Cc: Johannes Berg <johannes@...solutions.net>,
linux-wireless <linux-wireless@...r.kernel.org>,
Thomas Pedersen <thomas@...pt-ip.com>,
0day robot <lkp@...el.com>,
LKML <linux-kernel@...r.kernel.org>, lkp@...ts.01.org
Subject: [mac80211_hwsim] dc5ef7078b:
BUG:KASAN:stack-out-of-bounds_in__freq_reg_info
Greeting,
FYI, we noticed the following commit (built with gcc-9):
commit: dc5ef7078b77772b5e2ff5a57cd87144c4c9a583 ("mac80211_hwsim: indicate support for S1G")
url: https://github.com/0day-ci/linux/commits/Thomas-Pedersen/add-initial-S1G-support/20200828-063630
in testcase: boot
on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
+-------------------------------------------------+------------+------------+
| | d86026ca9a | dc5ef7078b |
+-------------------------------------------------+------------+------------+
| boot_successes | 8 | 0 |
| boot_failures | 0 | 8 |
| BUG:KASAN:stack-out-of-bounds_in__freq_reg_info | 0 | 8 |
+-------------------------------------------------+------------+------------+
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <lkp@...el.com>
[ 16.018498] BUG: KASAN: stack-out-of-bounds in __freq_reg_info+0x14b/0x170
[ 16.019402] Read of size 4 at addr ffffc9000001f8e4 by task swapper/0/1
[ 16.020281]
[ 16.020387] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.9.0-rc2-next-20200827-00021-gdc5ef7078b7777 #1
[ 16.020387] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 16.020387] Call Trace:
[ 16.020387] dump_stack+0xbf/0x110
[ 16.020387] print_address_description.cold+0x5/0x4b3
[ 16.020387] ? log_store.cold+0x11/0x11
[ 16.020387] ? trace_hardirqs_off+0x29/0x110
[ 16.020387] ? _raw_spin_lock_irqsave+0x8c/0xd0
[ 16.020387] ? _raw_read_lock_irq+0x50/0x50
[ 16.020387] ? trace_hardirqs_on+0x2e/0x120
[ 16.020387] ? __freq_reg_info+0x14b/0x170
[ 16.020387] kasan_report.cold+0x1f/0x38
[ 16.020387] ? __freq_reg_info+0x14b/0x170
[ 16.020387] __freq_reg_info+0x14b/0x170
[ 16.020387] ? freq_reg_info_regd+0x110/0x110
[ 16.020387] ? mutex_is_locked+0x1b/0x30
[ 16.020387] wiphy_update_regulatory+0x338/0x6b0
[ 16.020387] wiphy_regulatory_register+0x3b/0xa0
[ 16.020387] wiphy_register+0xcf3/0x1020
[ 16.020387] ? wiphy_unregister+0x570/0x570
[ 16.020387] ? register_netdev+0x40/0x40
[ 16.020387] ? minstrel_ht_alloc+0x1a7/0x230
[ 16.020387] ieee80211_register_hw+0xf05/0x1460
[ 16.020387] ? ieee80211_ifa6_changed+0x230/0x230
[ 16.020387] ? memset+0x20/0x40
[ 16.020387] ? __hrtimer_init+0xbb/0xf0
[ 16.020387] mac80211_hwsim_new_radio+0xd89/0x1830
[ 16.020387] ? hwsim_virtio_rx_work+0x1f0/0x1f0
[ 16.020387] init_mac80211_hwsim+0x315/0x42c
[ 16.020387] ? printk+0x96/0xb2
[ 16.020387] ? rndis_wlan_driver_init+0x1a/0x1a
[ 16.020387] do_one_initcall+0x75/0x294
[ 16.020387] ? perf_trace_initcall_level+0x1f0/0x1f0
[ 16.020387] ? parameqn+0x80/0x90
[ 16.020387] ? kasan_unpoison_shadow+0x33/0x40
[ 16.020387] kernel_init_freeable+0x2b8/0x313
[ 16.020387] ? rest_init+0xd6/0xd6
[ 16.020387] kernel_init+0xd/0x11a
[ 16.020387] ret_from_fork+0x22/0x30
[ 16.020387]
[ 16.020387] addr ffffc9000001f8e4 is located in stack of task swapper/0/1 at offset 28 in frame:
[ 16.020387] __freq_reg_info+0x0/0x170
[ 16.020387]
[ 16.020387] this frame has 1 object:
[ 16.020387] [32, 64) 'bws'
[ 16.020387]
[ 16.020387] Memory state around the buggy address:
[ 16.020387] ffffc9000001f780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 16.020387] ffffc9000001f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 16.020387] >ffffc9000001f880: 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00
[ 16.020387] ^
[ 16.020387] ffffc9000001f900: 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00
[ 16.020387] ffffc9000001f980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 16.020387] ==================================================================
[ 16.020387] Disabling lock debugging due to kernel taint
[ 16.065939] ieee80211 phy1: Selected rate control algorithm 'minstrel_ht'
[ 16.073468] usbcore: registered new interface driver catc
[ 16.074373] usbcore: registered new interface driver kaweth
[ 16.075147] pegasus: v0.9.3 (2013/04/25), Pegasus/Pegasus II USB Ethernet driver
[ 16.076356] usbcore: registered new interface driver pegasus
[ 16.077286] usbcore: registered new interface driver rtl8150
[ 16.078066] hso: drivers/net/usb/hso.c: Option Wireless
[ 16.079118] usbcore: registered new interface driver hso
[ 16.080014] usbcore: registered new interface driver lan78xx
[ 16.080941] usbcore: registered new interface driver cdc_ether
[ 16.081861] usbcore: registered new interface driver cdc_eem
[ 16.082776] usbcore: registered new interface driver dm9601
[ 16.083759] usbcore: registered new interface driver CoreChips
[ 16.084773] usbcore: registered new interface driver smsc95xx
[ 16.085703] usbcore: registered new interface driver gl620a
[ 16.086632] usbcore: registered new interface driver net1080
[ 16.087543] usbcore: registered new interface driver rndis_host
[ 16.088503] usbcore: registered new interface driver cdc_subset
[ 16.089446] usbcore: registered new interface driver kalmia
[ 16.090365] usbcore: registered new interface driver ipheth
[ 16.091315] usbcore: registered new interface driver sierra_net
[ 16.092269] usbcore: registered new interface driver cx82310_eth
[ 16.093306] usbcore: registered new interface driver cdc_ncm
[ 16.094224] usbcore: registered new interface driver huawei_cdc_ncm
[ 16.095202] usbcore: registered new interface driver lg-vl600
[ 16.096151] usbcore: registered new interface driver qmi_wwan
[ 16.097078] usbcore: registered new interface driver cdc_mbim
[ 16.100599] usbcore: registered new interface driver ch9200
[ 16.102062] parport0: cannot grant exclusive access for device ks0108
[ 16.102925] ks0108: ERROR: parport didn't register new device
[ 16.247986] panel: panel driver registered on parport0 (io=0x378).
[ 16.252248] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 16.253129] ehci-pci: EHCI PCI platform driver
[ 16.253917] ehci-platform: EHCI generic platform driver
[ 16.254894] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[ 16.255875] ohci-pci: OHCI PCI platform driver
[ 16.256689] ohci-platform: OHCI generic platform driver
[ 16.257770] driver u132_hcd
[ 16.258888] fotg210_hcd: FOTG210 Host Controller (EHCI) Driver
[ 16.259689] Warning! fotg210_hcd should always be loaded before uhci_hcd and ohci_hcd, not after
[ 16.261402] usbcore: registered new interface driver cdc_acm
[ 16.262181] cdc_acm: USB Abstract Control Model driver for USB modems and ISDN adapters
[ 16.263434] usbcore: registered new interface driver cdc_wdm
To reproduce:
# build kernel
cd linux
cp config-5.9.0-rc2-next-20200827-00021-gdc5ef7078b7777 .config
make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email
Thanks,
lkp
View attachment "config-5.9.0-rc2-next-20200827-00021-gdc5ef7078b7777" of type "text/plain" (159627 bytes)
View attachment "job-script" of type "text/plain" (4810 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (18316 bytes)
Powered by blists - more mailing lists