lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date:   Tue, 1 Mar 2022 22:46:22 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Dan Williams <dan.j.williams@...el.com>
Cc:     lkp@...ts.01.org, lkp@...el.com,
        LKML <linux-kernel@...r.kernel.org>
Subject: [device]  5bc8110e53:
 UBSAN:array-index-out-of-bounds_in_include/linux/device.h



Greeting,

FYI, we noticed the following commit (built with gcc-9):

commit: 5bc8110e536d2b1c9a18777eb7576fb4c9dac8a3 ("device-core: Introduce a per-subsystem lockdep_mutex")
https://git.kernel.org/cgit/linux/kernel/git/cxl/cxl.git preview

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):



If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


[    1.536315][    T1] UBSAN: array-index-out-of-bounds in include/linux/device.h:816:2
[    1.539096][    T1] index -1 is out of range for type 'mutex [1]'
[    1.539649][    T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.0-rc2-00077-g5bc8110e536d #1
[    1.542075][    T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[    1.542964][    T1] Call Trace:
[    1.542964][    T1]  <TASK>
[ 1.542964][ T1] dump_stack_lvl (lib/dump_stack.c:107) 
[ 1.542964][ T1] ubsan_epilogue (lib/ubsan.c:152) 
[ 1.542964][ T1] __ubsan_handle_out_of_bounds (lib/ubsan.c:291) 
[ 1.542964][ T1] __device_attach (include/linux/device.h:816 drivers/base/dd.c:945) 
[ 1.542964][ T1] bus_probe_device (drivers/base/bus.c:487) 
[ 1.542964][ T1] device_add (drivers/base/core.c:3409) 
[ 1.542964][ T1] ? dev_set_name (drivers/base/core.c:3193) 
[ 1.542964][ T1] ? lockdep_init_map_type (kernel/locking/lockdep.c:4810) 
[ 1.542964][ T1] platform_device_add (drivers/base/platform.c:713 (discriminator 3)) 
[ 1.542964][ T1] regulator_dummy_init (drivers/regulator/dummy.c:78) 
[ 1.542964][ T1] ? regulator_init_complete (drivers/regulator/core.c:5988) 
[ 1.542964][ T1] regulator_init (drivers/regulator/core.c:6006) 
[ 1.542964][ T1] do_one_initcall (init/main.c:1300) 
[ 1.542964][ T1] kernel_init_freeable (init/main.c:1372 init/main.c:1389 init/main.c:1408 init/main.c:1613) 
[ 1.542964][ T1] ? rest_init (init/main.c:1494) 
[ 1.542964][ T1] kernel_init (init/main.c:1504) 
[ 1.542964][ T1] ret_from_fork (arch/x86/entry/entry_64.S:301) 
[    1.542964][    T1]  </TASK>
[    1.543035][    T1] ================================================================================
[    1.546626][   T12] Callback from call_rcu_tasks_trace() invoked.
[    1.548651][    T1] ================================================================================
[    1.549646][    T1] UBSAN: array-index-out-of-bounds in include/linux/device.h:816:2
[    1.552528][    T1] index -1 is out of range for type 'mutex [1]'
[    1.552986][    T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.17.0-rc2-00077-g5bc8110e536d #1
[    1.555684][    T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[    1.556297][    T1] Call Trace:
[    1.556297][    T1]  <TASK>
[    1.556297][   T11] Callback from call_rcu_tasks_rude() invoked.
[ 1.556297][ T1] dump_stack_lvl (lib/dump_stack.c:107) 
[ 1.556297][ T1] ubsan_epilogue (lib/ubsan.c:152) 
[ 1.556297][ T1] __ubsan_handle_out_of_bounds (lib/ubsan.c:291) 
[ 1.556297][ T1] ? acpi_driver_match_device (drivers/acpi/bus.c:919) 
[ 1.556297][ T1] ? parse_option_str (lib/cmdline.c:219) 
[ 1.556297][ T1] __device_driver_lock (include/linux/device.h:816 drivers/base/dd.c:1033) 
[ 1.556297][ T1] __driver_attach (drivers/base/dd.c:1141) 
[ 1.556297][ T1] ? __device_attach_driver (drivers/base/dd.c:1094) 
[ 1.556297][ T1] bus_for_each_dev (drivers/base/bus.c:301) 
[ 1.556297][ T1] bus_add_driver (drivers/base/bus.c:619) 
[ 1.556297][ T1] driver_register (drivers/base/driver.c:171) 
[ 1.556297][ T1] regulator_dummy_init (drivers/regulator/dummy.c:85) 
[ 1.556297][ T1] ? regulator_init_complete (drivers/regulator/core.c:5988) 
[ 1.556297][ T1] regulator_init (drivers/regulator/core.c:6006) 
[ 1.556297][ T1] do_one_initcall (init/main.c:1300) 
[ 1.556297][ T1] kernel_init_freeable (init/main.c:1372 init/main.c:1389 init/main.c:1408 init/main.c:1613) 
[ 1.556297][ T1] ? rest_init (init/main.c:1494) 
[ 1.556297][ T1] kernel_init (init/main.c:1504) 
[ 1.556297][ T1] ret_from_fork (arch/x86/entry/entry_64.S:301) 
[    1.556297][    T1]  </TASK>
[    1.556317][    T1] ================================================================================
[    1.560428][    T1]
[    1.561431][    T1] *************************************************************
[    1.562983][    T1] **     NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE    **
[    1.565456][    T1] **                                                         **
[    1.566321][    T1] **  IOMMU DebugFS SUPPORT HAS BEEN ENABLED IN THIS KERNEL  **
[    1.568973][    T1] **                                                         **
[    1.569650][    T1] ** This means that this kernel is built to expose internal **
[    1.572023][    T1] ** IOMMU data structures, which may compromise security on **
[    1.572983][    T1] ** your system.                                            **
[    1.575320][    T1] **                                                         **
[    1.576316][    T1] ** If you see this message and you are not debugging the   **
[    1.578919][    T1] ** kernel, report this immediately to your vendor!         **
[    1.579652][    T1] **                                                         **
[    1.582067][    T1] **     NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE    **
[    1.582985][    T1] *************************************************************
[    1.585500][    T1] PM: RTC time: 20:56:05, date: 2022-03-01
[    1.587488][    T1] NET: Registered PF_NETLINK/PF_ROUTE protocol family
[    1.594466][    T1] thermal_sys: Registered thermal governor 'step_wise'
[    1.594483][    T1] thermal_sys: Registered thermal governor 'user_space'
[    1.596447][    T1] EISA bus registered
[    1.599796][    T1] cpuidle: using governor ladder
[    1.604024][    T1] PCI: Using configuration type 1 for base access
[    1.654535][    T1] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
[    1.657165][    T1] cryptd: max_cpu_qlen set to 1000
[    1.659977][   T10] Callback from call_rcu_tasks() invoked.
[    1.660266][    T1] ACPI: Added _OSI(Module Device)
[    1.663027][    T1] ACPI: Added _OSI(Processor Device)
[    1.664655][    T1] ACPI: Added _OSI(3.0 _SCP Extensions)
[    1.666333][    T1] ACPI: Added _OSI(Processor Aggregator Device)
[    1.668436][    T1] ACPI: Added _OSI(Linux-Dell-Video)
[    1.669669][    T1] ACPI: Added _OSI(Linux-Lenovo-NV-HDMI-Audio)
[    1.671495][    T1] ACPI: Added _OSI(Linux-HPI-Hybrid-Graphics)
[    1.684279][    T1] ACPI: 1 ACPI AML tables successfully acquired and loaded
[    1.694958][    T1] ACPI: Interpreter enabled
[    1.696516][    T1] ACPI: PM: (supports S0 S3 S4 S5)
[    1.698172][    T1] ACPI: Using IOAPIC for interrupt routing
[    1.699794][    T1] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[    1.704677][    T1] ACPI: Enabled 2 GPEs in block 00 to 0F
[    1.753933][    T1] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[    1.756342][    T1] acpi PNP0A03:00: _OSC: OS supports [ASPM ClockPM Segments MSI HPX-Type3]
[    1.759086][    T1] acpi PNP0A03:00: PCIe port services disabled; not requesting _OSC control
[    1.760601][    T1] PCI host bridge to bus 0000:00
[    1.762244][    T1] pci_bus 0000:00: root bus resource [io  0x0000-0x0cf7 window]
[    1.762991][    T1] pci_bus 0000:00: root bus resource [io  0x0d00-0xffff window]
[    1.765426][    T1] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window]
[    1.766321][    T1] pci_bus 0000:00: root bus resource [mem 0xc0000000-0xfebfffff window]
[    1.768816][    T1] pci_bus 0000:00: root bus resource [mem 0x440000000-0x4bfffffff window]
[    1.769659][    T1] pci_bus 0000:00: root bus resource [bus 00-ff]
[    1.771978][    T1] pci 0000:00:00.0: [8086:1237] type 00 class 0x060000
[    1.775188][    T1] pci 0000:00:01.0: [8086:7000] type 00 class 0x060100
[    1.778210][    T1] pci 0000:00:01.1: [8086:7010] type 00 class 0x010180
[    1.784500][    T1] pci 0000:00:01.1: reg 0x20: [io  0xc040-0xc04f]
[    1.788482][    T1] pci 0000:00:01.1: legacy IDE quirk: reg 0x10: [io  0x01f0-0x01f7]
[    1.789656][    T1] pci 0000:00:01.1: legacy IDE quirk: reg 0x14: [io  0x03f6]
[    1.791905][    T1] pci 0000:00:01.1: legacy IDE quirk: reg 0x18: [io  0x0170-0x0177]
[    1.792986][    T1] pci 0000:00:01.1: legacy IDE quirk: reg 0x1c: [io  0x0376]
[    1.796146][    T1] pci 0000:00:01.3: [8086:7113] type 00 class 0x068000
[    1.797014][    T1] pci 0000:00:01.3: quirk: [io  0x0600-0x063f] claimed by PIIX4 ACPI
[    1.799766][    T1] pci 0000:00:01.3: quirk: [io  0x0700-0x070f] claimed by PIIX4 SMB
[    1.803539][    T1] pci 0000:00:02.0: [1234:1111] type 00 class 0x030000
[    1.807401][    T1] pci 0000:00:02.0: reg 0x10: [mem 0xfd000000-0xfdffffff pref]
[    1.814019][    T1] pci 0000:00:02.0: reg 0x18: [mem 0xfebf0000-0xfebf0fff]
[    1.822999][    T1] pci 0000:00:02.0: reg 0x30: [mem 0xfebe0000-0xfebeffff pref]
[    1.826312][    T1] pci 0000:00:02.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff]
[    1.830459][    T1] pci 0000:00:03.0: [8086:100e] type 00 class 0x020000
[    1.833761][    T1] pci 0000:00:03.0: reg 0x10: [mem 0xfebc0000-0xfebdffff]
[    1.837068][    T1] pci 0000:00:03.0: reg 0x14: [io  0xc000-0xc03f]
[    1.847017][    T1] pci 0000:00:03.0: reg 0x30: [mem 0xfeb80000-0xfebbffff pref]
[    1.851261][    T1] pci 0000:00:04.0: [8086:25ab] type 00 class 0x088000
[    1.853805][    T1] pci 0000:00:04.0: reg 0x10: [mem 0xfebf1000-0xfebf100f]
[    1.868257][    T1] ACPI: PCI: Interrupt link LNKA configured for IRQ 10
[    1.870677][    T1] ACPI: PCI: Interrupt link LNKB configured for IRQ 10
[    1.873988][    T1] ACPI: PCI: Interrupt link LNKC configured for IRQ 11


To reproduce:

        # build kernel
	cd linux
	cp config-5.17.0-rc2-00077-g5bc8110e536d .config
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-9 CC=gcc-9 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



---
0DAY/LKP+ Test Infrastructure                   Open Source Technology Center
https://lists.01.org/hyperkitty/list/lkp@lists.01.org       Intel Corporation

Thanks,
Oliver Sang


View attachment "config-5.17.0-rc2-00077-g5bc8110e536d" of type "text/plain" (149237 bytes)

View attachment "job-script" of type "text/plain" (4635 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (14656 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ