lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 13 Apr 2021 22:42:49 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Václav Kubernát <kubernat@...net.cz>
Cc:     0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
        lkp@...ts.01.org
Subject: [hwmon]  a2399dc913: BUG:KASAN:global-out-of-bounds_in_i2c_match_id



Greeting,

FYI, we noticed the following commit (built with gcc-9):

commit: a2399dc913380b2a13dbc197f346f64aa5229f6e ("hwmon: Add driver for fsp-3y PSUs and PDUs")
url: https://github.com/0day-ci/linux/commits/UPDATE-20210409-093123/V-clav-Kubern-t/hwmon-Add-driver-for-fsp-3y-PSUs-and-PDUs/20210329-224216


in testcase: trinity
version: trinity-i386-4d2343bd-1_20200320
with following parameters:

	number: 99999
	group: group-04

test-description: Trinity is a linux system call fuzz tester.
test-url: http://codemonkey.org.uk/projects/trinity/


on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):



If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


[  331.852857] ==================================================================
[  331.854364] BUG: KASAN: global-out-of-bounds in i2c_match_id+0x62/0xc0
[  331.854364] Read of size 1 at addr ffffffff97211a60 by task swapper/0/1
[  331.854364]
[  331.854364] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G        W         5.12.0-rc2-00321-ga2399dc91338 #1
[  331.854364] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[  331.854364] Call Trace:
[  331.854364]  dump_stack+0x179/0x218
[  331.854364]  print_address_description.cold+0x5/0x326
[  331.854364]  ? i2c_match_id+0x62/0xc0
[  331.854364]  kasan_report.cold+0x7f/0x111
[  331.854364]  ? i2c_match_id+0x62/0xc0
[  331.854364]  i2c_match_id+0x62/0xc0
[  331.854364]  i2c_device_match+0xa8/0xc0
[  331.854364]  ? i2c_device_remove+0x140/0x140
[  331.854364]  __driver_attach+0x47/0x240
[  331.854364]  ? device_driver_attach+0xc0/0xc0
[  331.854364]  bus_for_each_dev+0x114/0x180
[  331.854364]  ? subsys_dev_iter_exit+0x20/0x20
[  331.854364]  ? __sanitizer_cov_trace_pc+0x1d/0x60
[  331.854364]  bus_add_driver+0x2af/0x3c0
[  331.854364]  driver_register+0x105/0x1a0
[  331.854364]  ? pfe_pmbus_driver_init+0x18/0x18
[  331.854364]  i2c_register_driver+0x86/0x120
[  331.854364]  do_one_initcall+0x11b/0x660
[  331.854364]  ? perf_trace_initcall_level+0x260/0x260
[  331.854364]  ? rcu_read_lock_sched_held+0xa1/0x100
[  331.854364]  ? trace_event_raw_event_rcu_torture_read+0x1c0/0x1c0
[  331.854364]  ? write_comp_data+0x2a/0xa0
[  331.854364]  ? __sanitizer_cov_trace_pc+0x1d/0x60
[  331.854364]  kernel_init_freeable+0x47f/0x53d
[  331.854364]  ? console_on_rootfs+0x77/0x77
[  331.854364]  ? tracer_hardirqs_on+0x33/0x400
[  331.854364]  ? mark_held_locks+0x23/0xa0
[  331.854364]  ? rest_init+0x350/0x350
[  331.854364]  kernel_init+0x12/0x1d0
[  331.854364]  ret_from_fork+0x22/0x30
[  331.854364]
[  331.854364] The buggy address belongs to the variable:
[  331.854364]  fsp3y_id+0x40/0x700
[  331.854364]
[  331.854364] Memory state around the buggy address:
[  331.854364]  ffffffff97211900: f9 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 00 00 00 00
[  331.854364]  ffffffff97211980: f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 06 f9 f9 f9
[  331.854364] >ffffffff97211a00: f9 f9 f9 f9 00 00 00 00 00 00 00 00 f9 f9 f9 f9
[  331.854364]                                                        ^
[  331.854364]  ffffffff97211a80: 03 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9
[  331.854364]  ffffffff97211b00: 05 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9
[  331.854364] ==================================================================



To reproduce:

        # build kernel
	cd linux
	cp config-5.12.0-rc2-00321-ga2399dc91338 .config
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



---
0DAY/LKP+ Test Infrastructure                   Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org       Intel Corporation

Thanks,
Oliver Sang


View attachment "config-5.12.0-rc2-00321-ga2399dc91338" of type "text/plain" (269923 bytes)

View attachment "job-script" of type "text/plain" (4300 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (52700 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ