2022-05-03 00:21:32

by Naresh Kamboju

[permalink] [raw]
Subject: [arm] lib: bitmap.sh: BUG: KFENCE: out-of-bounds read in _find_next_bit_le+0x10/0x48

Following kernel BUG KFENCE noticed on qemu_arm while testing lib: bitmap.sh
with kselftest merge config build image [1] & [2].

metadata:
git_ref: master
git_repo: https://gitlab.com/Linaro/lkft/mirrors/torvalds/linux-mainline
git_sha: 672c0c5173427e6b3e2a9bbb7be51ceeec78093a
git_describe: v5.18-rc5
kernel_version: 5.18.0-rc5
kernel-config: https://builds.tuxbuild.com/28a2wdk3XzmLVGqD5njLS4uX1tm/config
artifact-location: https://builds.tuxbuild.com/28a2wdk3XzmLVGqD5njLS4uX1tm
toolchain: gcc-10


Test log:
---------
# selftests: lib: bitmap.sh
[ 36.266913] test_bitmap: loaded.
[ 36.269151] test_bitmap: parselist: 14: input is '0-2047:128/256'
OK, Time: 4600
[ 36.273024] ==================================================================
[ 36.275942] BUG: KFENCE: out-of-bounds read in _find_next_bit_le+0x10/0x48
[ 36.275942]
[ 36.279808] Out-of-bounds read at 0x9ec8e937 (4096B right of kfence-#29):
[ 36.283046] _find_next_bit_le+0x10/0x48
[ 36.285030]
[ 36.285816] kfence-#29: 0xf28dd28d-0x0b305c8e, size=4096, cache=kmalloc-4k
[ 36.285816]
[ 36.289807] allocated by task 498 on cpu 1 at 36.272960s:
[ 36.292432] test_bitmap_printlist+0x2c/0x13c [test_bitmap]
[ 36.295174] test_bitmap_init+0x5c/0xefc [test_bitmap]
[ 36.297709] do_one_initcall+0x70/0x330
[ 36.299605] do_init_module+0x4c/0x26c
[ 36.301484] sys_finit_module+0xdc/0x138
[ 36.303452] ret_fast_syscall+0x0/0x1c
[ 36.305294] 0xbebec788
[ 36.306516]
[ 36.307264] CPU: 1 PID: 498 Comm: modprobe Not tainted 5.18.0-rc5 #1
[ 36.310304] Hardware name: Generic DT based system
[ 36.312658] ==================================================================
[ 36.316609] test_bitmap: bitmap_print_to_pagebuf: input is '0-32767
[ 36.316609] ', Time: 43635540
[ 36.333605] test_bitmap: all 1945 tests passed
[ 36.360116] test_bitmap: unloaded.
# bitmap: ok

Reported-by: Linux Kernel Functional Testing <[email protected]>

--
Linaro LKFT
https://lkft.linaro.org

[1] https://lkft.validation.linaro.org/scheduler/job/4975877#L995
[2] https://qa-reports.linaro.org/lkft/linux-mainline-master/build/v5.18-rc5/testrun/9320073/suite/linux-log-parser/test/check-kernel-bug-4975877/log