| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Yt1Ic36NPYbAQBXJ@xsang-OptiPlex-9020>
Date: Sun, 24 Jul 2022 21:26:11 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Daniel Lezcano <daniel.lezcano@...aro.org>
CC: 0day robot <lkp@...el.com>, LKML <linux-kernel@...r.kernel.org>,
<linux-pm@...r.kernel.org>, <lkp@...ts.01.org>,
<daniel.lezcano@...aro.org>, <rafael@...nel.org>,
<quic_manafm@...cinc.com>, <rui.zhang@...el.com>,
<amitk@...nel.org>, <lukasz.luba@....com>
Subject: [thermal/core] 3c3e786e2b:
BUG:KASAN:slab-out-of-bounds_in_handle_thermal_trip
Greeting,
FYI, we noticed the following commit (built with gcc-11):
commit: 3c3e786e2b4fa279eb3a36088ea0df4fe4452e8d ("[PATCH v3 4/4] thermal/core: Fix thermal trip cross point")
url: https://github.com/intel-lab-lkp/linux/commits/Daniel-Lezcano/thermal-core-Encapsulate-the-trip-point-crossed-function/20220716-224303
base: https://git.kernel.org/cgit/linux/kernel/git/rafael/linux-pm.git thermal
patch link: https://lore.kernel.org/linux-pm/20220715210911.714479-4-daniel.lezcano@linaro.org
in testcase: nvml
version: nvml-x86_64-3de7d358f-1_20211217
with following parameters:
group: out
test: none
ucode: 0xec
on test machine: 8 threads 1 sockets Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz with 32G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
Reported-by: kernel test robot <oliver.sang@...el.com>
[ 116.868361][ T216] BUG: KASAN: slab-out-of-bounds in handle_thermal_trip (drivers/thermal/thermal_core.c:398)
[ 116.876213][ T216] Read of size 4 at addr ffff888160684198 by task kworker/0:2/216
[ 116.883890][ T216]
[ 116.886087][ T216] CPU: 0 PID: 216 Comm: kworker/0:2 Tainted: G I 5.18.0-02060-g3c3e786e2b4f #1
[ 116.896194][ T216] Hardware name: Dell Inc. OptiPlex 7050/062KRH, BIOS 1.2.0 12/22/2016
[ 116.904302][ T216] Workqueue: events pkg_temp_thermal_threshold_work_fn [x86_pkg_temp_thermal]
[ 116.913026][ T216] Call Trace:
[ 116.916180][ T216] <TASK>
[ 116.918985][ T216] ? handle_thermal_trip (drivers/thermal/thermal_core.c:398)
[ 116.924144][ T216] dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))
[ 116.928520][ T216] print_address_description+0x1f/0x200
[ 116.934982][ T216] ? handle_thermal_trip (drivers/thermal/thermal_core.c:398)
[ 116.940138][ T216] print_report.cold (mm/kasan/report.c:430)
[ 116.944860][ T216] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:82 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)
[ 116.950190][ T216] kasan_report (mm/kasan/report.c:162 mm/kasan/report.c:493)
[ 116.954477][ T216] ? handle_thermal_trip (drivers/thermal/thermal_core.c:398)
[ 116.959632][ T216] handle_thermal_trip (drivers/thermal/thermal_core.c:398)
[ 116.964615][ T216] ? perf_trace_cdev_update (drivers/thermal/thermal_core.c:395)
[ 116.970033][ T216] ? mutex_unlock (arch/x86/include/asm/atomic64_64.h:190 include/linux/atomic/atomic-long.h:449 include/linux/atomic/atomic-instrumented.h:1790 kernel/locking/mutex.c:181 kernel/locking/mutex.c:540)
[ 116.974496][ T216] ? __mutex_unlock_slowpath+0x2c0/0x2c0
[ 116.981046][ T216] thermal_zone_device_update (drivers/thermal/thermal_core.c:538 drivers/thermal/thermal_core.c:513)
[ 116.986639][ T216] ? handle_thermal_trip (drivers/thermal/thermal_core.c:515)
[ 116.991797][ T216] ? _raw_spin_lock_irq (arch/x86/include/asm/atomic.h:202 include/linux/atomic/atomic-instrumented.h:543 include/asm-generic/qspinlock.h:82 include/linux/spinlock.h:185 include/linux/spinlock_api_smp.h:120 kernel/locking/spinlock.c:170)
[ 116.996690][ T216] ? _raw_spin_lock_bh (kernel/locking/spinlock.c:169)
[ 117.001675][ T216] pkg_temp_thermal_threshold_work_fn (drivers/thermal/intel/x86_pkg_temp_thermal.c:300) x86_pkg_temp_thermal
[ 117.009961][ T216] process_one_work (arch/x86/include/asm/jump_label.h:27 include/linux/jump_label.h:207 include/trace/events/workqueue.h:108 kernel/workqueue.c:2294)
[ 117.014771][ T216] worker_thread (include/linux/list.h:292 kernel/workqueue.c:2437)
[ 117.019233][ T216] ? __kthread_parkme (arch/x86/include/asm/bitops.h:207 (discriminator 4) include/asm-generic/bitops/instrumented-non-atomic.h:135 (discriminator 4) kernel/kthread.c:270 (discriminator 4))
[ 117.024049][ T216] ? schedule (arch/x86/include/asm/bitops.h:207 (discriminator 1) include/asm-generic/bitops/instrumented-non-atomic.h:135 (discriminator 1) include/linux/thread_info.h:118 (discriminator 1) include/linux/sched.h:2198 (discriminator 1) kernel/sched/core.c:6465 (discriminator 1))
[ 117.028169][ T216] ? process_one_work (kernel/workqueue.c:2379)
[ 117.033246][ T216] ? process_one_work (kernel/workqueue.c:2379)
[ 117.038326][ T216] kthread (kernel/kthread.c:376)
[ 117.042270][ T216] ? kthread_complete_and_exit (kernel/kthread.c:331)
[ 117.047785][ T216] ret_from_fork (arch/x86/entry/entry_64.S:308)
[ 117.052075][ T216] </TASK>
[ 117.054966][ T216]
[ 117.057159][ T216] Allocated by task 18:
[ 117.061179][ T216] kasan_save_stack (mm/kasan/common.c:39)
[ 117.065723][ T216] __kasan_kmalloc (mm/kasan/common.c:45 mm/kasan/common.c:436 mm/kasan/common.c:515 mm/kasan/common.c:524)
[ 117.070180][ T216] thermal_zone_device_trip_init (include/linux/slab.h:586 include/linux/slab.h:714 drivers/thermal/thermal_core.c:1218)
[ 117.075944][ T216] thermal_zone_device_register (drivers/thermal/thermal_core.c:1337)
[ 117.081707][ T216] pkg_temp_thermal_device_add (drivers/thermal/intel/x86_pkg_temp_thermal.c:359) x86_pkg_temp_thermal
[ 117.089387][ T216] cpuhp_invoke_callback (kernel/cpu.c:192)
[ 117.094545][ T216] cpuhp_thread_fun (kernel/cpu.c:785)
[ 117.099268][ T216] smpboot_thread_fn (kernel/smpboot.c:164 (discriminator 4))
[ 117.104078][ T216] kthread (kernel/kthread.c:376)
[ 117.108018][ T216] ret_from_fork (arch/x86/entry/entry_64.S:308)
[ 117.112305][ T216]
[ 117.114501][ T216] The buggy address belongs to the object at ffff888160684190
[ 117.114501][ T216] which belongs to the cache kmalloc-8 of size 8
[ 117.128083][ T216] The buggy address is located 0 bytes to the right of
[ 117.128083][ T216] 8-byte region [ffff888160684190, ffff888160684198)
[ 117.141405][ T216]
[ 117.143601][ T216] The buggy address belongs to the physical page:
[ 117.149880][ T216] page:00000000a8af6427 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888160684000 pfn:0x160684
[ 117.161302][ T216] flags: 0x17ffffc0000200(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 117.168978][ T216] raw: 0017ffffc0000200 ffffea002014f188 ffffea0020070c08 ffff888100042280
[ 117.177434][ T216] raw: ffff888160684000 0000000000660023 00000001ffffffff 0000000000000000
[ 117.185890][ T216] page dumped because: kasan: bad access detected
[ 117.192167][ T216]
[ 117.194358][ T216] Memory state around the buggy address:
[ 117.199856][ T216] ffff888160684080: fc fc fc fc 00 fc fc fc fc fb fc fc fc fc fb fc
[ 117.207790][ T216] ffff888160684100: fc fc fc fb fc fc fc fc fb fc fc fc fc fb fc fc
[ 117.215724][ T216] >ffff888160684180: fc fc 00 fc fc fc fc 00 fc fc fc fc fb fc fc fc
[ 117.223656][ T216] ^
[ 117.228376][ T216] ffff888160684200: fc fb fc fc fc fc fb fc fc fc fc fb fc fc fc fc
[ 117.236311][ T216] ffff888160684280: 00 fc fc fc fc fb fc fc fc fc 00 fc fc fc fc fb
[ 117.244244][ T216] ==================================================================
[ 117.252268][ T216] Disabling lock debugging due to kernel taint
[ 121.513688][ T391] clang -MD -c -o ../nondebug/librpmem/alloc.o -std=gnu99 -Wall -Werror -Wmissing-prototypes -Wpointer-arith -Wsign-conversion -Wsign-compare -Wunused-parameter -Wconversion -Wunused-macros -Wmissing-field-initializers -Wunreachable-code-return -Wmissing-variable-declarations -Wfloat-equal -Wswitch-default -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -std=gnu99 -fno-common -pthread -DSRCVERSION="1.11.0+git148.gfe27e1033" -fno-lto -DSDS_ENABLED -DNDCTL_ENABLED=1 -DPAGE_SIZE=4096 -DUSE_VALGRIND -Wno-error -I/usr/local/include -I. -I../rpmem_common -DRPMEMC_LOG_RPMEM -I../include -I../common/ -I../core/ -fPIC ../../src/../src/core/alloc.c
[ 121.513705][ T391]
[ 140.327169][ T391] clang -MD -c -o ../nondebug/common/ctl.o -std=gnu99 -Wall -Werror -Wmissing-prototypes -Wpointer-arith -Wsign-conversion -Wsign-compare -Wunused-parameter -Wconversion -Wunused-macros -Wmissing-field-initializers -Wunreachable-code-return -Wmissing-variable-declarations -Wfloat-equal -Wswitch-default -O2 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -std=gnu99 -fno-common -pthread -DSRCVERSION="1.11.0+git148.gfe27e1033" -fno-lto -DSDS_ENABLED -DNDCTL_ENABLED=1 -DPAGE_SIZE=4096 -DUSE_VALGRIND -Wno-error -I/usr/local/include -DUSE_LIBDL -I../include -I../common/ -I../core/ -fPIC ctl.c
[ 140.327186][ T391]
[ 146.103295][ T391] ../../src/../utils/check-os.sh ../../src/../utils/os-banned ../nondebug/core/alloc.o alloc.c
[ 146.103309][ T391]
[ 146.435828][ T391] ../../src/../utils/check-os.sh ../../src/../utils/os-banned ../nondebug/core/fs_posix.o fs_posix.c
[ 146.435840][ T391]
[ 146.752768][ T391] ../../src/../utils/check-os.sh ../../src/../utils/os-banned ../nondebug/common/bad_blocks.o bad_blocks.c
[ 146.752783][ T391]
[ 147.317604][ T391] ../../src/../utils/check-os.sh ../../src/../utils/os-banned ../nondebug/librpmem/alloc.o ../../src/../src/core/alloc.c
[ 147.317614][ T391]
[ 147.335464][ T391] ../../src/../utils/check-os.sh ../../src/../utils/os-banned ../nondebug/common/set_badblocks.o set_badblocks.c
[ 147.335484][ T391]
[ 155.193789][ T393] ../../src/../src/libpmem2/deep_flush_other.c:38:33: warning: unused parameter 'region_id' [-Wunused-parameter]
[ 155.193798][ T393]
[ 155.208897][ T393] pmem2_deep_flush_write(unsigned region_id)
[ 155.208904][ T393]
[ 155.217849][ T393] ^
[ 155.217856][ T393]
[ 155.225694][ T393] 1 warning generated.
[ 155.225701][ T393]
[ 155.234634][ T393] ../../src/../src/libpmem2/pmem2_utils_other.c:38:50: warning: unused parameter 'src' [-Wunused-parameter]
[ 155.234642][ T393]
[ 155.249984][ T393] pmem2_device_dax_size(const struct pmem2_source *src, size_t *size)
[ 155.249992][ T393]
[ 155.261566][ T393] ^
[ 155.261573][ T393]
[ 155.273080][ T393] ../../src/../src/libpmem2/pmem2_utils_other.c:38:63: warning: unused parameter 'size' [-Wunused-parameter]
[ 155.273086][ T393]
[ 155.288567][ T393] pmem2_device_dax_size(const struct pmem2_source *src, size_t *size)
[ 155.288575][ T393]
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
sudo bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
sudo bin/lkp run generated-yaml-file
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-5.18.0-02060-g3c3e786e2b4f" of type "text/plain" (166868 bytes)
View attachment "job-script" of type "text/plain" (5598 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (29232 bytes)
View attachment "job.yaml" of type "text/plain" (4457 bytes)
View attachment "reproduce" of type "text/plain" (2046 bytes)
Powered by blists - more mailing lists