| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202410281338.59203d1a-oliver.sang@intel.com>
Date: Mon, 28 Oct 2024 14:10:14 +0800
From: kernel test robot <oliver.sang@...el.com>
To: Namhyung Kim <namhyung@...nel.org>
CC: <oe-lkp@...ts.linux.dev>, <lkp@...el.com>,
<linux-perf-users@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
<oliver.sang@...el.com>
Subject: [namhyung-perf:perf/ibs-swfilt-v4] [perf/core] 5c5371bf97:
BUG:KASAN:slab-out-of-bounds_in__perf_read_group_add
Hello,
kernel test robot noticed "BUG:KASAN:slab-out-of-bounds_in__perf_read_group_add" on:
commit: 5c5371bf97a3e321d5e032779f1996a0dd054cc0 ("perf/core: Add PERF_FORMAT_DROPPED")
https://git.kernel.org/cgit/linux/kernel/git/namhyung/linux-perf.git perf/ibs-swfilt-v4
in testcase: trinity
version: trinity-i386-abe9de86-1_20230429
with following parameters:
runtime: 300s
group: group-02
nr_groups: 5
config: x86_64-randconfig-121-20241024
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+------------------------------------------------------+------------+------------+
| | de20037e1b | 5c5371bf97 |
+------------------------------------------------------+------------+------------+
| boot_successes | 6 | 0 |
| boot_failures | 0 | 6 |
| BUG:KASAN:slab-out-of-bounds_in__perf_read_group_add | 0 | 6 |
+------------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@...el.com>
| Closes: https://lore.kernel.org/oe-lkp/202410281338.59203d1a-oliver.sang@intel.com
[ 142.100293][ T3684] BUG: KASAN: slab-out-of-bounds in __perf_read_group_add (kernel/events/core.c:5701)
[ 142.101343][ T3684] Write of size 8 at addr ffff88810b667d68 by task trinity-c0/3684
[ 142.102099][ T3690] module: module-autoload: duplicate request for module net-pf-8
[ 142.102283][ T3684]
[ 142.102322][ T3684] CPU: 0 UID: 65534 PID: 3684 Comm: trinity-c0 Not tainted 6.12.0-rc2-00016-g5c5371bf97a3 #1 36c1eff993709d0a36f75e4a1cd3187be70e0857
[ 142.105131][ T3684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 142.106411][ T3684] Call Trace:
[ 142.106907][ T3684] <TASK>
[ 142.107367][ T3684] dump_stack_lvl (lib/dump_stack.c:123)
[ 142.108032][ T3684] print_address_description+0x53/0x2d5
[ 142.108745][ T3684] ? __perf_read_group_add (kernel/events/core.c:5701)
[ 142.109300][ T3684] print_report (mm/kasan/report.c:489)
[ 142.109568][ T3690] module: module-autoload: duplicate request for module net-pf-43
[ 142.109627][ T3684] ? virt_to_folio (include/linux/mm.h:1282)
[ 142.109639][ T3684] ? virt_to_slab (mm/slab.h:209)
[ 142.111632][ T3684] ? kmem_cache_debug_flags (mm/slab.h:544)
[ 142.112072][ T3684] ? kasan_complete_mode_report_info (mm/kasan/report_generic.c:172)
[ 142.112649][ T3684] ? __perf_read_group_add (kernel/events/core.c:5701)
[ 142.113134][ T3684] kasan_report (mm/kasan/report.c:603)
[ 142.113513][ T3684] ? __perf_read_group_add (kernel/events/core.c:5701)
[ 142.114066][ T3684] __asan_report_store8_noabort (mm/kasan/report_generic.c:386)
[ 142.114548][ T3684] __perf_read_group_add (kernel/events/core.c:5701)
[ 142.115189][ T3684] perf_read_group (kernel/events/core.c:5737)
[ 142.118413][ T3684] perf_read (kernel/events/core.c:5820 kernel/events/core.c:5839)
[ 142.118976][ T3684] do_loop_readv_writev+0x1e4/0x2b0
[ 142.119468][ T3684] ? perf_read_one (kernel/events/core.c:5829)
[ 142.119866][ T3684] vfs_readv (fs/read_write.c:1029)
[ 142.120240][ T3684] ? check_prev_add (kernel/locking/lockdep.c:3860)
[ 142.120844][ T3684] ? __ia32_compat_sys_sendfile64 (fs/read_write.c:999)
[ 142.121591][ T3684] ? fdget (fs/file.c:1129)
[ 142.122022][ T3684] do_readv (fs/read_write.c:1088)
[ 142.122378][ T3684] ? vfs_readv (fs/read_write.c:1077)
[ 142.122799][ T3684] ? syscall_enter_from_user_mode_prepare (arch/x86/include/asm/irqflags.h:42 arch/x86/include/asm/irqflags.h:97 kernel/entry/common.c:78)
[ 142.123307][ T3684] __ia32_sys_readv (fs/read_write.c:1175)
[ 142.123734][ T3684] ia32_sys_call (kbuild/obj/consumer/x86_64-randconfig-121-20241024/./arch/x86/include/generated/asm/syscalls_32.h:146)
[ 142.124147][ T3684] __do_fast_syscall_32 (arch/x86/entry/common.c:165 arch/x86/entry/common.c:386)
[ 142.124558][ T3684] do_fast_syscall_32 (arch/x86/entry/common.c:411)
[ 142.124963][ T3684] do_SYSENTER_32 (arch/x86/entry/common.c:450)
[ 142.125341][ T3684] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:127)
[ 142.125840][ T3684] RIP: 0023:0xf7f50579
[ 142.126207][ T3684] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
All code
========
0: b8 01 10 06 03 mov $0x3061001,%eax
5: 74 b4 je 0xffffffffffffffbb
7: 01 10 add %edx,(%rax)
9: 07 (bad)
a: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
e: 10 08 adc %cl,(%rax)
10: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24:* 89 e5 mov %esp,%ebp <-- trapping instruction
26: 0f 34 sysenter
28: cd 80 int $0x80
2a: 5d pop %rbp
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 retq
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
39: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 retq
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
f: 8d b4 26 00 00 00 00 lea 0x0(%rsi,%riz,1),%esi
[ 142.127543][ T3684] RSP: 002b:00000000ff9a427c EFLAGS: 00000292 ORIG_RAX: 0000000000000091
[ 142.128188][ T3684] RAX: ffffffffffffffda RBX: 0000000000000120 RCX: 000000005710a850
[ 142.128806][ T3684] RDX: 0000000000000001 RSI: 0000000000010000 RDI: 00000000ffffffff
[ 142.129417][ T3684] RBP: 00000000a000009c R08: 0000000000000000 R09: 0000000000000000
[ 142.130027][ T3684] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 142.130637][ T3684] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 142.131268][ T3684] </TASK>
[ 142.131551][ T3684]
[ 142.131789][ T3684] Allocated by task 3684:
[ 142.132155][ T3684] stack_trace_save (kernel/stacktrace.c:114)
[ 142.132540][ T3684] kasan_save_stack (mm/kasan/common.c:48)
[ 142.132928][ T3684] kasan_save_track (arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69)
[ 142.133306][ T3684] kasan_save_alloc_info (mm/kasan/generic.c:566)
[ 142.133710][ T3684] poison_kmalloc_redzone (mm/kasan/common.c:379)
[ 142.134115][ T3684] __kasan_kmalloc (mm/kasan/common.c:398)
[ 142.134489][ T3684] __kmalloc_noprof (mm/slub.c:4265 mm/slub.c:4276)
[ 142.134877][ T3684] kzalloc_noprof (include/linux/slab.h:882 include/linux/slab.h:1014)
[ 142.135297][ T3684] perf_read_group (kernel/events/core.c:5728 (discriminator 9))
[ 142.135773][ T3684] perf_read (kernel/events/core.c:5820 kernel/events/core.c:5839)
[ 142.136282][ T3684] do_loop_readv_writev+0x1e4/0x2b0
[ 142.136956][ T3684] vfs_readv (fs/read_write.c:1029)
[ 142.137484][ T3684] do_readv (fs/read_write.c:1088)
[ 142.138001][ T3684] __ia32_sys_readv (fs/read_write.c:1175)
[ 142.138565][ T3684] ia32_sys_call (kbuild/obj/consumer/x86_64-randconfig-121-20241024/./arch/x86/include/generated/asm/syscalls_32.h:146)
[ 142.139070][ T3684] __do_fast_syscall_32 (arch/x86/entry/common.c:165 arch/x86/entry/common.c:386)
[ 142.139246][ T3689] module: module-autoload: duplicate request for module net-pf-14
[ 142.139329][ T3684] do_fast_syscall_32 (arch/x86/entry/common.c:411)
[ 142.139334][ T3684] do_SYSENTER_32 (arch/x86/entry/common.c:450)
[ 142.141382][ T3684] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:127)
[ 142.141559][ T3689] module: module-autoload: duplicate request for module net-pf-18
[ 142.141824][ T3684]
[ 142.141830][ T3684] The buggy address belongs to the object at ffff88810b667d40
[ 142.141830][ T3684] which belongs to the cache kmalloc-rnd-11-64 of size 64
[ 142.141837][ T3684] The buggy address is located 0 bytes to the right of
[ 142.141837][ T3684] allocated 40-byte region [ffff88810b667d40, ffff88810b667d68)
[ 142.141844][ T3684]
[ 142.141848][ T3684] The buggy address belongs to the physical page:
[ 142.141853][ T3684] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810b667c40 pfn:0x10b667
[ 142.141859][ T3684] flags: 0x4000000000000200(workingset|zone=2)
[ 142.149380][ T3684] page_type: f5(slab)
[ 142.149887][ T3684] raw: 4000000000000200 ffff8881000644c0 ffffea00058f9150 ffff888100062810
[ 142.150834][ T3684] raw: ffff88810b667c40 0000000000100003 00000001f5000000 0000000000000000
[ 142.151803][ T3684] page dumped because: kasan: bad access detected
[ 142.152528][ T3684] page_owner tracks the page as allocated
[ 142.153360][ T3684] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 11494771432, free_ts 0
[ 142.155275][ T3684] __set_page_owner (mm/page_owner.c:322)
[ 142.155879][ T3684] post_alloc_hook (mm/page_alloc.c:1539)
[ 142.156485][ T3684] get_page_from_freelist (mm/page_alloc.c:1547 mm/page_alloc.c:3457)
[ 142.157133][ T3684] __alloc_pages_noprof (mm/page_alloc.c:4734)
[ 142.157761][ T3684] __alloc_pages_node_noprof (include/linux/gfp.h:265)
[ 142.158343][ T3684] alloc_slab_page (mm/slub.c:2416)
[ 142.158884][ T3684] allocate_slab (mm/slub.c:2579)
[ 142.159439][ T3684] new_slab (mm/slub.c:2633 (discriminator 9))
[ 142.159917][ T3684] ___slab_alloc (mm/slub.c:3819 (discriminator 3))
[ 142.160482][ T3684] __slab_alloc+0x68/0xd7
[ 142.161121][ T3684] __kmalloc_noprof (mm/slub.c:3961 mm/slub.c:4122 mm/slub.c:4263 mm/slub.c:4276)
[ 142.161718][ T3684] kzalloc_noprof (include/linux/slab.h:1015)
[ 142.162323][ T3684] acpi_evaluate_object (drivers/acpi/acpica/nsxfeval.c:247 (discriminator 4))
[ 142.162974][ T3684] acpi_evaluate_dsm (drivers/acpi/utils.c:799)
[ 142.163625][ T3684] acpi_evaluate_dsm_typed+0x1f/0x6c
[ 142.164399][ T3684] pci_acpi_preserve_config (drivers/pci/pci-acpi.c:137)
[ 142.165061][ T3684] page_owner free stack trace missing
[ 142.165716][ T3684]
[ 142.166092][ T3684] Memory state around the buggy address:
[ 142.166790][ T3684] ffff88810b667c00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 142.167816][ T3684] ffff88810b667c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 142.168826][ T3684] >ffff88810b667d00: fc fc fc fc fc fc fc fc 00 00 00 00 00 fc fc fc
[ 142.169800][ T3684] ^
[ 142.170756][ T3684] ffff88810b667d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 142.171758][ T3684] ffff88810b667e00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[ 142.172753][ T3684] ==================================================================
[ 142.173487][ T3690] module: module-autoload: duplicate request for module net-pf-13
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241028/202410281338.59203d1a-oliver.sang@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
Powered by blists - more mailing lists