lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 1 May 2023 21:56:38 +0800
From:   kernel test robot <oliver.sang@...el.com>
To:     Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>
CC:     <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
        <linux-kernel@...r.kernel.org>,
        "Rafael J. Wysocki" <rafael.j.wysocki@...el.com>,
        <linux-pm@...r.kernel.org>, <ltp@...ts.linux.it>,
        <oliver.sang@...el.com>
Subject: [linus:master] [thermal]  ebf5197102:
 BUG:KASAN:global-out-of-bounds_in_param_get_int


Hello,

kernel test robot noticed "BUG:KASAN:global-out-of-bounds_in_param_get_int" on:

commit: ebf519710218814cf827adbf9111af081344c969 ("thermal: intel: powerclamp: Add two module parameters")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master

[test failed on linus/master 825a0714d2b3883d4f8ff64f6933fb73ee3f1834]
[test failed on linux-next/master 92e815cf07ed24ee1c51b122f24ffcf2964b4b13]
[test failed on fix commit ae817e618d4b5d221daae34d32a39476e4bdcb36]

in testcase: ltp
version: ltp-x86_64-14c1f76-1_20230429
with following parameters:

	disk: 1HDD
	fs: xfs
	test: fs-02

test-description: The LTP testsuite contains a collection of tools for testing the Linux kernel and related features.
test-url: http://linux-test-project.github.io/


compiler: gcc-11
test machine: 8 threads Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz (Skylake) with 16G memory

(please refer to attached dmesg/kmsg for entire log/backtrace)



If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202305012111.e6c28043-oliver.sang@intel.com


[  352.566353][ T8555] ==================================================================
[  352.574251][ T8555] BUG: KASAN: global-out-of-bounds in param_get_int+0x7b/0x90
[  352.581539][ T8555] Read of size 4 at addr ffffffffa04fa4a0 by task read_all/8555
[  352.588988][ T8555]
[  352.591169][ T8555] CPU: 4 PID: 8555 Comm: read_all Tainted: G S                 6.2.0-rc5-00083-gebf519710218 #1
[  352.601391][ T8555] Hardware name: HP HP Z240 SFF Workstation/802E, BIOS N51 Ver. 01.63 10/05/2017
[  352.610305][ T8555] Call Trace:
[  352.613441][ T8555]  <TASK>
[  352.616229][ T8555]  dump_stack_lvl+0x38/0x48
[  352.616993][  T309] read_all.c:447: TINFO: Worker 8543 (6): Stuck for 2242278us, restarting it
[  352.620567][ T8555]  print_address_description+0x87/0x2a1
[  352.620573][ T8555]  print_report+0x103/0x1e9
[  352.629148][  T309]
[  352.635544][ T8555]  ? kasan_addr_to_slab+0xd/0xa0
[  352.635548][ T8555]  ? param_get_int+0x7b/0x90
[  352.635551][ T8555]  kasan_report+0xb2/0xe0
[  352.635554][ T8555]  ? param_get_int+0x7b/0x90
[  352.635557][ T8555]  param_get_int+0x7b/0x90
[  352.664152][ T8555]  param_attr_show+0x132/0x1f0
[  352.668762][ T8555]  ? __mutex_lock_slowpath+0x10/0x10
[  352.673882][ T8555]  module_attr_show+0x42/0x70
[  352.678403][ T8555]  sysfs_kf_seq_show+0x1ff/0x3d0
[  352.683183][ T8555]  seq_read_iter+0x3f2/0xff0
[  352.687610][ T8555]  ? fsnotify_perm+0x13b/0x4a0
[  352.692821][ T8555]  ? kasan_save_free_info+0x2e/0x40
[  352.697855][ T8555]  vfs_read+0x577/0x800
[  352.701855][ T8555]  ? kernel_read+0x130/0x130
[  352.706288][ T8555]  ? build_open_flags+0x450/0x450
[  352.711152][ T8555]  ? rseq_get_rseq_cs+0x5d0/0x5d0
[  352.716013][ T8555]  ? task_work_run+0x156/0x220
[  352.720633][ T8555]  ? __fget_light+0x51/0x220
[  352.725076][ T8555]  ksys_read+0xf1/0x1c0
[  352.729066][ T8555]  ? __ia32_sys_pwrite64+0x1e0/0x1e0
[  352.734189][ T8555]  ? switch_fpu_return+0xeb/0x1e0
[  352.739048][ T8555]  do_syscall_64+0x39/0x80
[  352.743309][ T8555]  entry_SYSCALL_64_after_hwframe+0x5e/0xc8
[  352.749037][ T8555] RIP: 0033:0x7fd8b5b0303d
[  352.753299][ T8555] Code: 31 c0 e9 c6 fe ff ff 50 48 8d 3d a6 55 0a 00 e8 39 fe 01 00 66 0f 1f 84 00 00 00 00 00 80 3d a1 25 0e 00 00 74 17 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 5b c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec
[  352.772668][ T8555] RSP: 002b:00007ffdba193298 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  352.780892][ T8555] RAX: ffffffffffffffda RBX: 00007fd8b59f8028 RCX: 00007fd8b5b0303d
[  352.788678][ T8555] RDX: 00000000000003ff RSI: 00007ffdba193360 RDI: 000000000000000a
[  352.796465][ T8555] RBP: 000055d829ca77e8 R08: 0000000000000000 R09: 00007ffdba192a30
[  352.804260][ T8555] R10: 00007ffdba1cb170 R11: 0000000000000246 R12: 000055d829c96012
[  352.812052][ T8555] R13: 000000000000000a R14: 0000000000000060 R15: 00007fd8b59f4000
[  352.819844][ T8555]  </TASK>
[  352.822720][ T8555]
[  352.824903][ T8555] The buggy address belongs to the variable:
[  352.830711][ T8555]  max_idle+0x0/0xffffffffffffcb60 [intel_powerclamp]
[  352.837305][ T8555]
[  352.839490][ T8555] Memory state around the buggy address:
[  352.844960][ T8555]  ffffffffa04fa380: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 f9
[  352.852845][ T8555]  ffffffffa04fa400: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
[  352.860719][ T8555] >ffffffffa04fa480: f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
[  352.868593][ T8555]                                ^
[  352.873532][ T8555]  ffffffffa04fa500: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
[  352.881422][ T8555]  ffffffffa04fa580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  352.889293][ T8555] ==================================================================
[  352.897201][ T8555] Disabling lock debugging due to kernel taint
[  352.908094][  T309] read_all.c:383: TINFO: Worker 8543 (6): Last popped '/sys/module/intel_powerclamp/parameters/window_size'
[  352.908106][  T309]
[  352.938523][  T309] read_all.c:687: TPASS: Finished reading files
[  352.938533][  T309]
[  352.938661][ T3642] LTP: starting fs_racer (fs_racer.sh -t 5)



To reproduce:

        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        sudo bin/lkp install job.yaml           # job file is attached in this email
        bin/lkp split-job --compatible job.yaml # generate the yaml file for lkp run
        sudo bin/lkp run generated-yaml-file

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests



View attachment "config-6.2.0-rc5-00083-gebf519710218" of type "text/plain" (160076 bytes)

View attachment "job-script" of type "text/plain" (5728 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (57588 bytes)

View attachment "ltp" of type "text/plain" (27782 bytes)

View attachment "job.yaml" of type "text/plain" (5032 bytes)

View attachment "reproduce" of type "text/plain" (300 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ