lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 24 Jul 2022 21:26:11 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Daniel Lezcano <daniel.lezcano@...aro.org>
CC:     0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
        <linux-pm@...r.kernel.org>, <lkp@...ts.01.org>,
        <daniel.lezcano@...aro.org>, <rafael@...nel.org>,
        <quic_manafm@...cinc.com>, <rui.zhang@...el.com>,
        <amitk@...nel.org>, <lukasz.luba@....com>
Subject: [thermal/core]  3c3e786e2b:
 BUG:KASAN:slab-out-of-bounds_in_handle_thermal_trip



Greeting,

FYI, we noticed the following commit (built with gcc-11):

commit: 3c3e786e2b4fa279eb3a36088ea0df4fe4452e8d ("[PATCH v3 4/4] thermal/core: Fix thermal trip cross point")
url: https://github.com/intel-lab-lkp/linux/commits/Daniel-Lezcano/thermal-core-Encapsulate-the-trip-point-crossed-function/20220716-224303
base: https://git.kernel.org/cgit/linux/kernel/git/rafael/linux-pm.git thermal
patch link: https://lore.kernel.org/linux-pm/20220715210911.714479-4-daniel.lezcano@linaro.org

in testcase: nvml
version: nvml-x86_64-3de7d358f-1_20211217
with following parameters:

	group: out
	test: none
	ucode: 0xec



on test machine: 8 threads 1 sockets Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz with 32G memory

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>


[ 116.868361][ T216] BUG: KASAN: slab-out-of-bounds in handle_thermal_trip (drivers/thermal/thermal_core.c:398) 
[  116.876213][  T216] Read of size 4 at addr ffff888160684198 by task kworker/0:2/216
[  116.883890][  T216]
[  116.886087][  T216] CPU: 0 PID: 216 Comm: kworker/0:2 Tainted: G          I       5.18.0-02060-g3c3e786e2b4f #1
[  116.896194][  T216] Hardware name: Dell Inc. OptiPlex 7050/062KRH, BIOS 1.2.0 12/22/2016
[  116.904302][  T216] Workqueue: events pkg_temp_thermal_threshold_work_fn [x86_pkg_temp_thermal]
[  116.913026][  T216] Call Trace:
[  116.916180][  T216]  <TASK>
[ 116.918985][ T216] ? handle_thermal_trip (drivers/thermal/thermal_core.c:398) 
[ 116.924144][ T216] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1)) 
[ 116.928520][ T216] print_address_description+0x1f/0x200 
[ 116.934982][ T216] ? handle_thermal_trip (drivers/thermal/thermal_core.c:398) 
[ 116.940138][ T216] print_report.cold (mm/kasan/report.c:430) 
[ 116.944860][ T216] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:82 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) 
[ 116.950190][ T216] kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493) 
[ 116.954477][ T216] ? handle_thermal_trip (drivers/thermal/thermal_core.c:398) 
[ 116.959632][ T216] handle_thermal_trip (drivers/thermal/thermal_core.c:398) 
[ 116.964615][ T216] ? perf_trace_cdev_update (drivers/thermal/thermal_core.c:395) 
[ 116.970033][ T216] ? mutex_unlock (arch/x86/include/asm/atomic64_64.h:190 include/linux/atomic/atomic-long.h:449 include/linux/atomic/atomic-instrumented.h:1790 kernel/locking/mutex.c:181 kernel/locking/mutex.c:540) 
[ 116.974496][ T216] ? __mutex_unlock_slowpath+0x2c0/0x2c0 
[ 116.981046][ T216] thermal_zone_device_update (drivers/thermal/thermal_core.c:538 drivers/thermal/thermal_core.c:513) 
[ 116.986639][ T216] ? handle_thermal_trip (drivers/thermal/thermal_core.c:515) 
[ 116.991797][ T216] ? _raw_spin_lock_irq (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:82 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:120 kernel/locking/spinlock.c:170) 
[ 116.996690][ T216] ? _raw_spin_lock_bh (kernel/locking/spinlock.c:169) 
[ 117.001675][ T216] pkg_temp_thermal_threshold_work_fn (drivers/thermal/intel/x86_pkg_temp_thermal.c:300) x86_pkg_temp_thermal
[ 117.009961][ T216] process_one_work (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 include/trace/events/workqueue.h:108 kernel/workqueue.c:2294) 
[ 117.014771][ T216] worker_thread (include/linux/list.h:292 kernel/workqueue.c:2437) 
[ 117.019233][ T216] ? __kthread_parkme (arch/x86/include/asm/bitops.h:207 (discriminator 4) include/asm-generic/bitops/instrumented-non-atomic.h:135 (discriminator 4) kernel/kthread.c:270 (discriminator 4)) 
[ 117.024049][ T216] ? schedule (arch/x86/include/asm/bitops.h:207 (discriminator 1) include/asm-generic/bitops/instrumented-non-atomic.h:135 (discriminator 1) include/linux/thread_info.h:118 (discriminator 1) include/linux/sched.h:2198 (discriminator 1) kernel/sched/core.c:6465 (discriminator 1)) 
[ 117.028169][ T216] ? process_one_work (kernel/workqueue.c:2379) 
[ 117.033246][ T216] ? process_one_work (kernel/workqueue.c:2379) 
[ 117.038326][ T216] kthread (kernel/kthread.c:376) 
[ 117.042270][ T216] ? kthread_complete_and_exit (kernel/kthread.c:331) 
[ 117.047785][ T216] ret_from_fork (arch/x86/entry/entry_64.S:308) 
[  117.052075][  T216]  </TASK>
[  117.054966][  T216]
[  117.057159][  T216] Allocated by task 18:
[ 117.061179][ T216] kasan_save_stack (mm/kasan/common.c:39) 
[ 117.065723][ T216] __kasan_kmalloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515 mm/kasan/common.c:524) 
[ 117.070180][ T216] thermal_zone_device_trip_init (include/linux/slab.h:586 include/linux/slab.h:714 drivers/thermal/thermal_core.c:1218) 
[ 117.075944][ T216] thermal_zone_device_register (drivers/thermal/thermal_core.c:1337) 
[ 117.081707][ T216] pkg_temp_thermal_device_add (drivers/thermal/intel/x86_pkg_temp_thermal.c:359) x86_pkg_temp_thermal
[ 117.089387][ T216] cpuhp_invoke_callback (kernel/cpu.c:192) 
[ 117.094545][ T216] cpuhp_thread_fun (kernel/cpu.c:785) 
[ 117.099268][ T216] smpboot_thread_fn (kernel/smpboot.c:164 (discriminator 4)) 
[ 117.104078][ T216] kthread (kernel/kthread.c:376) 
[ 117.108018][ T216] ret_from_fork (arch/x86/entry/entry_64.S:308) 
[  117.112305][  T216]
[  117.114501][  T216] The buggy address belongs to the object at ffff888160684190
[  117.114501][  T216]  which belongs to the cache kmalloc-8 of size 8
[  117.128083][  T216] The buggy address is located 0 bytes to the right of
[  117.128083][  T216]  8-byte region [ffff888160684190, ffff888160684198)
[  117.141405][  T216]
[  117.143601][  T216] The buggy address belongs to the physical page:
[  117.149880][  T216] page:00000000a8af6427 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888160684000 pfn:0x160684
[  117.161302][  T216] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[  117.168978][  T216] raw: 0017ffffc0000200 ffffea002014f188 ffffea0020070c08 ffff888100042280
[  117.177434][  T216] raw: ffff888160684000 0000000000660023 00000001ffffffff 0000000000000000
[  117.185890][  T216] page dumped because: kasan: bad access detected
[  117.192167][  T216]
[  117.194358][  T216] Memory state around the buggy address:
[  117.199856][  T216]  ffff888160684080: fc fc fc fc 00 fc fc fc fc fb fc fc fc fc fb fc
[  117.207790][  T216]  ffff888160684100: fc fc fc fb fc fc fc fc fb fc fc fc fc fb fc fc
[  117.215724][  T216] >ffff888160684180: fc fc 00 fc fc fc fc 00 fc fc fc fc fb fc fc fc
[  117.223656][  T216]                             ^
[  117.228376][  T216]  ffff888160684200: fc fb fc fc fc fc fb fc fc fc fc fb fc fc fc fc
[  117.236311][  T216]  ffff888160684280: 00 fc fc fc fc fb fc fc fc fc 00 fc fc fc fc fb
[  117.244244][  T216] ==================================================================
[  117.252268][  T216] Disabling lock debugging due to kernel taint
[  121.513688][  T391] clang -MD -c -o ../nondebug/librpmem/alloc.o -std=gnu99 -Wall -Werror -Wmissing-prototypes -Wpointer-arith -Wsign-conversion -Wsign-compare -Wunused-parameter -Wconversion -Wunused-macros -Wmissing-field-initializers -Wunreachable-code-return -Wmissing-variable-declarations -Wfloat-equal -Wswitch-default -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -std=gnu99 -fno-common -pthread -DSRCVERSION="1.11.0+git148.gfe27e1033" -fno-lto -DSDS_ENABLED -DNDCTL_ENABLED=1 -DPAGE_SIZE=4096 -DUSE_VALGRIND -Wno-error  -I/usr/local/include -I. -I../rpmem_common -DRPMEMC_LOG_RPMEM -I../include -I../common/ -I../core/  -fPIC  ../../src/../src/core/alloc.c
[  121.513705][  T391]
[  140.327169][  T391] clang -MD -c -o ../nondebug/common/ctl.o -std=gnu99 -Wall -Werror -Wmissing-prototypes -Wpointer-arith -Wsign-conversion -Wsign-compare -Wunused-parameter -Wconversion -Wunused-macros -Wmissing-field-initializers -Wunreachable-code-return -Wmissing-variable-declarations -Wfloat-equal -Wswitch-default -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -std=gnu99 -fno-common -pthread -DSRCVERSION="1.11.0+git148.gfe27e1033" -fno-lto -DSDS_ENABLED -DNDCTL_ENABLED=1 -DPAGE_SIZE=4096 -DUSE_VALGRIND -Wno-error  -I/usr/local/include -DUSE_LIBDL -I../include -I../common/ -I../core/  -fPIC  ctl.c
[  140.327186][  T391]
[  146.103295][  T391] ../../src/../utils/check-os.sh ../../src/../utils/os-banned  ../nondebug/core/alloc.o  alloc.c
[  146.103309][  T391]
[  146.435828][  T391] ../../src/../utils/check-os.sh ../../src/../utils/os-banned  ../nondebug/core/fs_posix.o  fs_posix.c
[  146.435840][  T391]
[  146.752768][  T391] ../../src/../utils/check-os.sh ../../src/../utils/os-banned  ../nondebug/common/bad_blocks.o  bad_blocks.c
[  146.752783][  T391]
[  147.317604][  T391] ../../src/../utils/check-os.sh ../../src/../utils/os-banned  ../nondebug/librpmem/alloc.o  ../../src/../src/core/alloc.c
[  147.317614][  T391]
[  147.335464][  T391] ../../src/../utils/check-os.sh ../../src/../utils/os-banned  ../nondebug/common/set_badblocks.o  set_badblocks.c
[  147.335484][  T391]
[  155.193789][  T393] ../../src/../src/libpmem2/deep_flush_other.c:38:33: warning: unused parameter 'region_id' [-Wunused-parameter]
[  155.193798][  T393]
[  155.208897][  T393] pmem2_deep_flush_write(unsigned region_id)
[  155.208904][  T393]
[  155.217849][  T393]                                 ^
[  155.217856][  T393]
[  155.225694][  T393] 1 warning generated.
[  155.225701][  T393]
[  155.234634][  T393] ../../src/../src/libpmem2/pmem2_utils_other.c:38:50: warning: unused parameter 'src' [-Wunused-parameter]
[  155.234642][  T393]
[  155.249984][  T393] pmem2_device_dax_size(const struct pmem2_source *src, size_t *size)
[  155.249992][  T393]
[  155.261566][  T393]                                                  ^
[  155.261573][  T393]
[  155.273080][  T393] ../../src/../src/libpmem2/pmem2_utils_other.c:38:63: warning: unused parameter 'size' [-Wunused-parameter]
[  155.273086][  T393]
[  155.288567][  T393] pmem2_device_dax_size(const struct pmem2_source *src, size_t *size)
[  155.288575][  T393]


To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        sudo bin/lkp install job.yaml           # job file is attached in this email
        bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
        sudo bin/lkp run generated-yaml-file

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



-- 
0-DAY CI Kernel Test Service
https://01.org/lkp



View attachment "config-5.18.0-02060-g3c3e786e2b4f" of type "text/plain" (166868 bytes)

View attachment "job-script" of type "text/plain" (5598 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (29232 bytes)

View attachment "job.yaml" of type "text/plain" (4457 bytes)

View attachment "reproduce" of type "text/plain" (2046 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ