| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202210312248.4040feba-oliver.sang@intel.com>
Date: Mon, 31 Oct 2022 23:22:48 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Benjamin Tissoires <benjamin.tissoires@...hat.com>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
<linux-input@...r.kernel.org>, Jiri Kosina <jikos@...nel.org>,
Jonathan Corbet <corbet@....net>,
Shuah Khan <shuah@...nel.org>,
Tero Kristo <tero.kristo@...ux.intel.com>,
<linux-kernel@...r.kernel.org>, <bpf@...r.kernel.org>,
<linux-kselftest@...r.kernel.org>, <linux-doc@...r.kernel.org>,
"Benjamin Tissoires" <benjamin.tissoires@...hat.com>
Subject: Re: [PATCH hid v11 09/14] HID: bpf: allow to change the report
descriptor
Greeting,
FYI, we noticed BUG:KASAN:slab-out-of-bounds_in_kmemdup due to commit (built with gcc-11):
commit: 885b4af99f79cf1e1f3afb0323f9b6cb8b265fee ("[PATCH hid v11 09/14] HID: bpf: allow to change the report descriptor")
url: https://github.com/intel-lab-lkp/linux/commits/Benjamin-Tissoires/Introduce-eBPF-support-for-HID-devices/20221025-173852
base: https://git.kernel.org/cgit/linux/kernel/git/hid/hid.git master
patch link: https://lore.kernel.org/lkml/20221025093458.457089-10-benjamin.tissoires@redhat.com
patch subject: [PATCH hid v11 09/14] HID: bpf: allow to change the report descriptor
in testcase: kernel-selftests
version: kernel-selftests-x86_64-9313ba54-1_20221017
with following parameters:
sc_nr_hugepages: 2
group: vm
test-description: The kernel contains a set of "self tests" under the tools/testing/selftests/ directory. These are intended to be small unit tests to exercise individual code paths in the kernel.
test-url: https://www.kernel.org/doc/Documentation/kselftest.txt
on test machine: 128 threads 2 sockets Intel(R) Xeon(R) Platinum 8358 CPU @ 2.60GHz (Ice Lake) with 128G memory
caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202210312248.4040feba-oliver.sang@intel.com
[ 52.216359][ T712] BUG: KASAN: slab-out-of-bounds in kmemdup (??:?)
[ 52.216359][ T712] Read of size 4096 at addr ff11001095bf1600 by task kworker/0:2/712
[ 52.216359][ T712]
[ 52.216359][ T712] CPU: 0 PID: 712 Comm: kworker/0:2 Not tainted 6.1.0-rc1-00225-g885b4af99f79 #1
[ 52.233046][ T1] pin0d, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] Workqueue: usb_hub_wq hub_event
[ 52.216359][ T712] Call Trace:
[ 52.216359][ T712] <TASK>
[ 52.216359][ T712] dump_stack_lvl (??:?)
[ 52.216359][ T712] print_address_description+0x87/0x2a1
[ 52.247482][ T1] pin0e, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] print_report (report.c:?)
[ 52.216359][ T712] ? kasan_addr_to_slab (??:?)
[ 52.258662][ T1] pin0f, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? kmemdup (??:?)
[ 52.216359][ T712] kasan_report (??:?)
[ 52.272200][ T1] pin10, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? kmemdup (??:?)
[ 52.216359][ T712] kasan_check_range (??:?)
[ 52.278146][ T1] pin11, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] memcpy (??:?)
[ 52.216359][ T712] kmemdup (??:?)
[ 52.288942][ T1] pin12, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] call_hid_bpf_rdesc_fixup (??:?)
[ 52.216359][ T712] ? hid_bpf_disconnect_device (??:?)
[ 52.302011][ T1] pin13, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? hid_lookup_quirk (??:?)
[ 52.216359][ T712] ? lock_release (??:?)
[ 52.216359][ T712] ? __mutex_unlock_slowpath (mutex.c:?)
[ 52.216359][ T712] ? mutex_lock_io_nested (??:?)
[ 52.315484][ T1] pin14, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] hid_open_report (??:?)
[ 52.216359][ T712] ? hid_process_report (??:?)
[ 52.323592][ T1] pin15, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] hid_generic_probe (hid-generic.c:?)
[ 52.216359][ T712] hid_device_probe (hid-core.c:?)
[ 52.216359][ T712] really_probe (dd.c:?)
[ 52.336327][ T1] pin16, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] __driver_probe_device (dd.c:?)
[ 52.216359][ T712] driver_probe_device (dd.c:?)
[ 52.216359][ T712] __device_attach_driver (dd.c:?)
[ 52.216359][ T712] ? driver_allows_async_probing (dd.c:?)
[ 52.216359][ T712] bus_for_each_drv (??:?)
[ 52.349636][ T1] pin17, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? bus_for_each_dev (??:?)
[ 52.216359][ T712] ? lockdep_hardirqs_on_prepare (lockdep.c:?)
[ 52.357053][ T1] pin18, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? lockdep_hardirqs_on (??:?)
[ 52.216359][ T712] ? _raw_spin_unlock_irqrestore (??:?)
[ 52.371058][ T1] pin19, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] __device_attach (dd.c:?)
[ 52.216359][ T712] ? device_driver_attach (dd.c:?)
[ 52.385237][ T1] pin1a, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] bus_probe_device (??:?)
[ 52.394562][ T1] pin1b, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] device_add (??:?)
[ 52.216359][ T712] ? __up_write (rwsem.c:?)
[ 52.405466][ T1] pin1c, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? __debugfs_create_file (inode.c:?)
[ 52.216359][ T712] ? __fw_devlink_link_to_suppliers (??:?)
[ 52.216359][ T712] ? __debugfs_create_file (inode.c:?)
[ 52.216359][ T712] hid_add_device (??:?)
[ 52.418760][ T1] pin1d, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? lockdep_init_map_type (??:?)
[ 52.216359][ T712] ? modalias_show (pci-sysfs.c:?)
[ 52.432504][ T1] pin1e, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? lockdep_count_forward_deps (??:?)
[ 52.216359][ T712] usbhid_probe (hid-core.c:?)
[ 52.441830][ T1] pin1f, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] usb_probe_interface (driver.c:?)
[ 52.454895][ T1] pin20, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] really_probe (dd.c:?)
[ 52.216359][ T712] __driver_probe_device (dd.c:?)
[ 52.465003][ T1] pin21, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? usb_match_id (driver.c:?)
[ 52.216359][ T712] driver_probe_device (dd.c:?)
[ 52.216359][ T712] __device_attach_driver (dd.c:?)
[ 52.216359][ T712] ? driver_allows_async_probing (dd.c:?)
[ 52.216359][ T712] bus_for_each_drv (??:?)
[ 52.216359][ T712] ? bus_for_each_dev (??:?)
[ 52.475962][ T1] pin22, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? lockdep_hardirqs_on_prepare (lockdep.c:?)
[ 52.216359][ T712] ? lockdep_hardirqs_on (??:?)
[ 52.489358][ T1] pin23, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? _raw_spin_unlock_irqrestore (??:?)
[ 52.216359][ T712] __device_attach (dd.c:?)
[ 52.500677][ T1] pin24, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? device_driver_attach (dd.c:?)
[ 52.216359][ T712] bus_probe_device (??:?)
[ 52.514423][ T1] pin25, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] device_add (??:?)
[ 52.216359][ T712] ? __fw_devlink_link_to_suppliers (??:?)
[ 52.528774][ T1] pin26, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? usb_cache_string (??:?)
[ 52.216359][ T712] usb_set_configuration (??:?)
[ 52.538619][ T1] pin27, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? kernfs_create_link (??:?)
[ 52.552017][ T1] pin28, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
[ 52.216359][ T712] ? do_raw_spin_unlock (??:?)
[ 52.216359][ T712] usb_generic_driver_probe (??:?)
[ 52.564984][ T1] pin29, disabled, edge , high, V(00), IRR(0), S(0), physical, D(0000), M(0)
To reproduce:
git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
sudo bin/lkp install job.yaml # job file is attached in this email
bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
sudo bin/lkp run generated-yaml-file
# if come across any failure that blocks the test,
# please remove ~/.lkp and /lkp dir to run from a clean state.
--
0-DAY CI Kernel Test Service
https://01.org/lkp
View attachment "config-6.1.0-rc1-00225-g885b4af99f79" of type "text/plain" (172329 bytes)
View attachment "job-script" of type "text/plain" (6141 bytes)
Download attachment "dmesg.xz" of type "application/x-xz" (37268 bytes)
View attachment "kernel-selftests" of type "text/plain" (287074 bytes)
View attachment "job.yaml" of type "text/plain" (4982 bytes)
View attachment "reproduce" of type "text/plain" (273 bytes)
Powered by blists - more mailing lists