2021-07-27 14:41:57

by kernel test robot

[permalink] [raw]
Subject: [lib] 50f530e176: UBSAN:shift-out-of-bounds_in_lib/test_scanf.c



Greeting,

FYI, we noticed the following commit (built with gcc-10):

commit: 50f530e176eac808e64416732e54c0686ce2c39b ("lib: test_scanf: Add tests for sscanf number conversion")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master


in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):



If you fix the issue, kindly add following tag
Reported-by: kernel test robot <[email protected]>


[ 11.021349][ T1] UBSAN: shift-out-of-bounds in lib/test_scanf.c:275:51
[ 11.022782][ T1] shift exponent 32 is too large for 32-bit type 'unsigned int'
[ 11.024106][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.12.0-g50f530e176ea #1
[ 11.025414][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 11.026876][ T1] Call Trace:
[ 11.027426][ T1] ? show_stack (kbuild/src/consumer/arch/x86/kernel/dumpstack.c:319)
[ 11.027426][ T1] dump_stack (kbuild/src/consumer/lib/dump_stack.c:122)
[ 11.027426][ T1] ubsan_epilogue (kbuild/src/consumer/lib/ubsan.c:149)
[ 11.027426][ T1] __ubsan_handle_shift_out_of_bounds.cold (kbuild/src/consumer/lib/ubsan.c:327)
[ 11.027426][ T1] ? set_attr_rdpmc (kbuild/src/consumer/arch/x86/include/asm/atomic.h:95 kbuild/src/consumer/include/asm-generic/atomic-instrumented.h:241 kbuild/src/consumer/include/linux/jump_label.h:279 kbuild/src/consumer/arch/x86/events/core.c:2388)
[ 11.027426][ T1] ? check_ushort (kbuild/src/consumer/lib/test_scanf.c:120)
[ 11.027426][ T1] ? _test (kbuild/src/consumer/lib/test_scanf.c:51)
[ 11.027426][ T1] ? numbers_list (kbuild/src/consumer/lib/test_scanf.c:425 (discriminator 17))
[ 11.027426][ T1] ? check_ushort (kbuild/src/consumer/lib/test_scanf.c:120)
[ 11.027426][ T1] next_test_random (kbuild/src/consumer/lib/test_scanf.c:275 (discriminator 3))
[ 11.027426][ T1] numbers_list (kbuild/src/consumer/lib/test_scanf.c:425 (discriminator 6))
[ 11.027426][ T1] selftest (kbuild/src/consumer/lib/test_scanf.c:712 kbuild/src/consumer/lib/test_scanf.c:738)
[ 11.027426][ T1] ? selftest (kbuild/src/consumer/lib/test_scanf.c:712 kbuild/src/consumer/lib/test_scanf.c:738)
[ 11.027426][ T1] ? selftest (kbuild/src/consumer/lib/test_scanf.c:749)
[ 11.027426][ T1] test_scanf_init (kbuild/src/consumer/lib/test_scanf.c:749)
[ 11.027426][ T1] do_one_initcall (kbuild/src/consumer/init/main.c:1249)
[ 11.027426][ T1] ? __this_cpu_preempt_check (kbuild/src/consumer/lib/smp_processor_id.c:71)
[ 11.027426][ T1] ? lock_is_held_type (kbuild/src/consumer/kernel/locking/lockdep.c:437 kbuild/src/consumer/kernel/locking/lockdep.c:5551)
[ 11.027426][ T1] ? rcu_read_lock_sched_held (kbuild/src/consumer/kernel/rcu/update.c:125)
[ 11.027426][ T1] do_initcalls (kbuild/src/consumer/init/main.c:1321 kbuild/src/consumer/init/main.c:1338)
[ 11.027426][ T1] kernel_init_freeable (kbuild/src/consumer/init/main.c:1562)
[ 11.027426][ T1] ? rest_init (kbuild/src/consumer/init/main.c:1444)
[ 11.027426][ T1] kernel_init (kbuild/src/consumer/init/main.c:1449)
[ 11.027426][ T1] ret_from_fork (kbuild/src/consumer/arch/x86/entry/entry_32.S:775)
[ 11.046736][ T1] ================================================================================
[ 11.050494][ T1] test_scanf: all 2252 tests passed
[ 11.051403][ T1] test_bitmap: loaded.
[ 11.052375][ T1] test_bitmap: parselist: 14: input is '0-2047:128/256' OK, Time: 1119
[ 11.056428][ T1] test_bitmap: all 1679 tests passed
[ 11.057390][ T1] test_free_pages: Testing with GFP_KERNEL
[ 24.109118][ T1] test_free_pages: Testing with GFP_KERNEL | __GFP_COMP
[ 31.510495][ T1] test_free_pages: Test completed
[ 31.511833][ T1] glob: 64 self-tests passed, 0 failed
[ 31.516991][ T1] gpio_winbond: chip ID at 2e is ffff
[ 31.517992][ T1] gpio_winbond: not an our chip
[ 31.518884][ T1] gpio_winbond: chip ID at 4e is ffff
[ 31.519829][ T1] gpio_winbond: not an our chip
[ 31.523356][ T1] hgafb: HGA card not detected.
[ 31.524306][ T1] hgafb: probe of hgafb.0 failed with error -22
[ 31.525782][ T1] usbcore: registered new interface driver udlfb
[ 31.527007][ T1] usbcore: registered new interface driver smscufx
[ 31.532071][ T1] uvesafb: failed to execute /sbin/v86d
[ 31.533152][ T1] uvesafb: make sure that the v86d helper is installed and executable
[ 31.534603][ T1] uvesafb: Getting VBE info block failed (eax=0x4f00, err=-2)
[ 31.535963][ T1] uvesafb: vbe_init() failed with -22
[ 31.537048][ T1] uvesafb: probe of uvesafb.0 failed with error -22
[ 31.538328][ T1] IPMI message handler: version 39.2
[ 31.539362][ T1] ipmi_si: IPMI System Interface driver
[ 31.540885][ T1] ipmi_si: Unable to find any System Interface(s)
[ 31.543057][ T1] IPMI Watchdog: driver initialized
[ 31.544692][ T1] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 31.546299][ T1] ACPI: button: Power Button [PWRF]
[ 31.552949][ T1] Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled
[ 31.581725][ T1] 00:05: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
[ 31.611867][ T1] 00:06: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
[ 31.616871][ T1] toshiba: not a supported Toshiba laptop
[ 31.620046][ T155] _warn_unseeded_randomness: 3 callbacks suppressed
[ 31.620052][ T155] random: get_random_u32 called from arch_pick_mmap_layout+0x64/0x160 with crng_init=0
[ 31.620073][ T155] random: get_random_u32 called from randomize_stack_top+0x35/0x50 with crng_init=0
[ 31.620082][ T155] random: get_random_u32 called from arch_align_stack+0x35/0x50 with crng_init=0
[ 31.630742][ T1] ppdev: user-space parallel port driver
[ 31.631940][ T1] platform pc8736x_gpio.0: NatSemi pc8736x GPIO Driver Initializing
[ 31.633337][ T1] platform pc8736x_gpio.0: no device found
[ 31.634464][ T1] nsc_gpio initializing
[ 31.635237][ T1] telclk_interrupt = 0xf non-mcpbl0010 hw.
[ 31.636366][ T1] smapi::smapi_init, ERROR invalid usSmapiID
[ 31.637350][ T1] mwave: tp3780i::tp3780I_InitializeBoardData: Error: SMAPI is not available on this machine
[ 31.638970][ T1] mwave: mwavedd::mwave_init: Error: Failed to initialize board data
[ 31.640355][ T1] mwave: mwavedd::mwave_init: Error: Failed to initialize
[ 31.641494][ T1] Hangcheck: starting hangcheck timer 0.9.1 (tick is 180 seconds, margin is 60 seconds).
[ 31.648554][ T1] [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0
[ 31.650039][ T1] usbcore: registered new interface driver udl
[ 31.651623][ T1] usbcore: registered new interface driver gm12u320
[ 31.653272][ T1] parport_pc 00:04: reported by Plug and Play ACPI
[ 31.654722][ T1] parport0: PC-style at 0x378, irq 7 [PCSPP,TRISTATE]
[ 31.808468][ T1] dummy-irq: no IRQ given. Use irq=N
[ 31.810513][ T1] usbcore: registered new interface driver rtsx_usb
[ 31.813402][ T1] usbcore: registered new interface driver dln2
[ 31.814860][ T1] usbcore: registered new interface driver pn533_usb
[ 31.816224][ T1] usbcore: registered new interface driver port100
[ 31.817360][ T1] usbcore: registered new interface driver nfcmrvl
[ 31.818386][ T1] NCI uart driver 'nfcmrvl_uart [0]' registered
[ 31.857388][ T1] st: Version 20160209, fixed bufsize 32768, s/g segs 256
[ 31.859509][ T1] SCSI Media Changer driver v0.25
[ 31.876799][ T1] Rounding down aligned max_sectors from 4294967295 to 4294967288
[ 31.878605][ T1] db_root: cannot open: /etc/target
[ 31.880683][ T1] SSFDC read-only Flash Translation layer
[ 31.882191][ T1] SBC-GXx flash: IO:0x258-0x259 MEM:0xdc000-0xdffff
[ 31.883531][ T1] slram: not enough parameters.
[ 31.884607][ T1] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[ 31.893698][ T1] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[ 31.895369][ T1] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[ 31.897034][ T1] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[ 31.898715][ T1] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[ 31.900396][ T1] [nandsim] warning: read_byte: unexpected data output cycle, state is STATE_READY return 0x0
[ 31.902027][ T1] nand: device found, Manufacturer ID: 0x98, Chip ID: 0x39


To reproduce:

# build kernel
cd linux
cp config-5.12.0-g50f530e176ea .config
make HOSTCC=gcc-10 CC=gcc-10 ARCH=i386 olddefconfig prepare modules_prepare bzImage

git clone https://github.com/intel/lkp-tests.git
cd lkp-tests
bin/lkp qemu -k <bzImage> job-script # job-script is attached in this email



---
0DAY/LKP+ Test Infrastructure Open Source Technology Center
https://lists.01.org/hyperkitty/list/[email protected] Intel Corporation

Thanks,
Oliver Sang


Attachments:
(No filename) (9.11 kB)
config-5.12.0-g50f530e176ea (153.98 kB)
job-script (4.51 kB)
dmesg.xz (20.00 kB)
Download all attachments