lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 18 Apr 2022 17:55:34 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Jani Nikula <jani.nikula@...el.com>
Cc:     Jani Nikula <jani.nikula@...el.com>, lkp@...ts.01.org,
        lkp@...el.com, ltp@...ts.linux.it,
        LKML <linux-kernel@...r.kernel.org>
Subject: [drm/edid]  b548e9ae2e:
 BUG:KASAN:slab-out-of-bounds_in_drm_do_get_edid



Greeting,

FYI, we noticed the following commit (built with gcc-11):

commit: b548e9ae2ec691e59462f823bce4da759adc9b35 ("drm/edid: add HF-EEODB support to EDID read and allocation")
git://people.freedesktop.org/~jani/drm edid-hfeeodb

in testcase: ltp
version: ltp-x86_64-14c1f76-1_20220415
with following parameters:

	disk: 1HDD
	fs: xfs
	test: syscalls-06
	ucode: 0xec

test-description: The LTP testsuite contains a collection of tools for testing the Linux kernel and related features.
test-url: http://linux-test-project.github.io/


on test machine: 4 threads Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz with 32G memory

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):



If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>



[   32.974169][  T261] ==================================================================
[   32.986458][  T251] ata1.00: NCQ Send/Recv Log not supported
[   32.989581][  T261] BUG: KASAN: slab-out-of-bounds in _drm_do_get_edid+0x772/0x800 [drm]
[   32.995257][  T251] ata1.00: configured for UDMA/133
[   33.003338][  T261] Read of size 1 at addr ffff8888517eab00 by task kworker/u8:5/261
[   33.003343][  T261]
[   33.003345][  T261] CPU: 1 PID: 261 Comm: kworker/u8:5 Tainted: G          I       5.18.0-rc2-00680-gb548e9ae2ec6 #1
[   33.008619][   T35] scsi 0:0:0:0: Direct-Access     ATA      ST2000NM0033-9ZM SN06 PQ: 0 ANSI: 5
[   33.016052][  T261] Hardware name: Dell Inc. OptiPlex 7040/0Y7WYT, BIOS 1.1.1 10/07/2015
[   33.016055][  T261] Workqueue: events_unbound async_run_entry_fn
[   33.051672][  T261] Call Trace:
[   33.051676][  T261]  <TASK>
[   33.051678][  T261]  ? _drm_do_get_edid+0x772/0x800 [drm]
[   33.063026][  T261]  dump_stack_lvl+0x34/0x44
[   33.067401][  T261]  print_address_description+0x1f/0x200
         Startin[   33.073855][  T261]  ? _drm_do_get_edid+0x772/0x800 [drm]
[   33.086777][  T261]  ? _raw_spin_lock_irqsave+0x87/0x100

[   33.097761][  T261]  ? _drm_do_get_edid+0x772/0x800 [drm]
[   33.103255][  T261]  _drm_do_get_edid+0x772/0x800 [drm]
[   33.108533][  T261]  ? drm_edid_duplicate+0x80/0x80 [drm]
[   33.113979][  T261]  ? drm_parse_cea_ext+0x1540/0x1540 [drm]
         Startin[   33.119686][  T261]  ? drm_edid_duplicate+0x80/0x80 [drm]
SD Secure Shell [   33.133356][  T261]  ? drm_get_edid_switcheroo+0x180/0x180 [drm]
[   33.140758][  T261]  ? __cond_resched+0x1c/0xc0
[   33.146598][  T261]  drm_edid_read_ddc+0xa3/0x100 [drm]
[   33.151875][  T261]  ? drm_edid_read_custom+0x280/0x280 [drm]
1;39mPermit User[   33.171911][  T261]  intel_hdmi_detect+0x377/0x600 [i915]
[   33.178708][  T261]  ? drm_modeset_lock+0xb9/0x300 [drm]
[   33.185417][  T261]  drm_helper_probe_detect+0x17b/0x200 [drm_kms_helper]
[   33.192240][  T261]  drm_helper_probe_single_connector_modes+0x1040/0x1a00 [drm_kms_helper]
[   33.200624][  T261]  ? drm_connector_mode_valid+0x1c0/0x1c0 [drm_kms_helper]
[   33.207698][  T261]  ? __mutex_lock_slowpath+0x40/0x40
1;39m/etc/rc.loc[   33.229645][  T261]  ? mutex_lock+0x9f/0x100
al Compatibility[   33.235309][  T261]  ? __mutex_lock_slowpath+0x40/0x40
[   33.241843][  T261]  ? intel_fbdev_unregister+0x100/0x100 [i915]
[   33.248463][  T261]  __drm_fb_helper_initial_config_and_unlock+0xae/0x2c0 [drm_kms_helper]
[   33.256757][  T261]  intel_fbdev_initial_config+0x3b/0x80 [i915]
[   33.262960][  T261]  async_run_entry_fn+0x96/0x500
[   33.267761][  T261]  process_one_work+0x689/0x1040
[   33.272558][  T261]  worker_thread+0x5b3/0xf00
1;39mLSB: Load k[   33.288691][  T261]  ? process_one_work+0x1040/0x1040
ernel image with[   33.295142][  T261]  ? process_one_work+0x1040/0x1040
[   33.301588][  T261]  kthread+0x292/0x340
[   33.306650][  T261]  ? kthread_complete_and_exit+0x40/0x40
[   33.312155][  T261]  ret_from_fork+0x22/0x30
[   33.316449][  T261]  </TASK>
[   33.316452][  T261]
[   33.316453][  T261] Allocated by task 0:
[   33.316455][  T261] (stack is not available)
[   33.316456][  T261]
[   33.331939][  T261] The buggy address belongs to the object at ffff8888517eaa00
[   33.331939][  T261]  which belongs to the cache kmalloc-256 of size 256
[   33.331944][  T261] The buggy address is located 0 bytes to the right of
[   33.331944][  T261]  256-byte region [ffff8888517eaa00, ffff8888517eab00)
[   33.331947][  T261]
[   33.331947][  T261] The buggy address belongs to the physical page:
[   33.346664][    T8] scsi 1:0:0:0: Direct-Access     ATA      INTEL SSDSC2KG96 0110 PQ: 0 ANSI: 5
[   33.359346][  T261] page:000000009802dbb5 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8517ea
[   33.359354][  T261] head:000000009802dbb5 order:1 compound_mapcount:0 compound_pincount:0
[   33.359356][  T261] flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff)
1;39mGetty on tt[   33.422643][  T261] page dumped because: kasan: bad access detected
[   33.430302][  T261]
[   33.432492][  T261] Memory state around the buggy address:
[   33.438758][  T261]  ffff8888517eaa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.446689][  T261]  ffff8888517eaa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.454615][  T261] >ffff8888517eab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.462538][  T261]                    ^
[   33.475784][  T261]  ffff8888517eac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0m] Reached targ[   33.483706][  T261] ==================================================================
[   33.519370][  T261] fbcon: i915drmfb (fb0) is primary device
[   33.537414][  T261] Console: switching to colour frame buffer device 160x64
[   33.569314][  T261] i915 0000:00:02.0: [drm] fb0: i915drmfb frame buffer device



To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        sudo bin/lkp install job.yaml           # job file is attached in this email
        bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
        sudo bin/lkp run generated-yaml-file

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



-- 
0-DAY CI Kernel Test Service
https://01.org/lkp



View attachment "config-5.18.0-rc2-00680-gb548e9ae2ec6" of type "text/plain" (166951 bytes)

View attachment "job-script" of type "text/plain" (5770 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (85812 bytes)

View attachment "ltp" of type "text/plain" (211757 bytes)

View attachment "job.yaml" of type "text/plain" (4876 bytes)

View attachment "reproduce" of type "text/plain" (235 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ