From: Naresh Kamboju <naresh.kamboju@linaro.org>
To: open list <linux-kernel@vger.kernel.org>,
linux- stable <stable@vger.kernel.org>,
lkft-triage@lists.linaro.org, linux-mm <linux-mm@kvack.org>
Cc: Masami Hiramatsu <mhiramat@kernel.org>,
Steven Rostedt <rostedt@goodmis.org>,
Leo Yan <leo.yan@linaro.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Sasha Levin <sashal@kernel.org>
Subject: BUG: KASAN: use-after-free in prepare_ftrace_return+0x88/0x140
Date: Wed, 2 Sep 2020 12:42:01 +0530 [thread overview]
Message-ID: <CA+G9fYu6p_UuQ5=ZozAMz8XgFfedWPFJ0VRj=9CaZ-zRSuyJkA@mail.gmail.com> (raw)
While running LTP tracing on arm64 juno with kasan config enabled
this kernel BUG triggered.
metadata:
git branch: linux-4.14.y
git repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
kernel-config:
https://builds.tuxbuild.com/oTHtWrmNsVQa9iuCfXJTQA/kernel.config
steps to reproduce:
# Boot arm64 juno with trace configs enabled ^.
# cd /opt/ltp
# ./runltp -f tracing
ftrace_buffer_size_kb.sh: line 33: echo: write error: Cannot allocate memory
ftrace_buffer_size_kb.sh: line 33: echo: write error: Cannot allocate memory
[ 137.218462] ==================================================================
[ 137.225924] BUG: KASAN: use-after-free in prepare_ftrace_return+0x88/0x140
[ 137.232999] Read of size 8 at addr ffff80090202e0c8 by task sh/3123
[ 137.239460]
[ 137.241144] CPU: 2 PID: 3123 Comm: sh Not tainted 4.14.194 #1
[ 137.247086] Hardware name: ARM Juno development board (r2) (DT)
[ 137.253202] Call trace:
[ 137.255850] dump_backtrace+0x0/0x230
[ 137.259703]
[ 137.261381] Allocated by task 297879680:
[ 137.265510] Unable to handle kernel paging request at virtual
address ffff20000bf29bc0
[ 137.273626] Mem abort info:
[ 137.276609] Exception class = DABT (current EL), IL = 32 bits
[ 137.282721] SET = 0, FnV = 0
[ 137.285963] EA = 0, S1PTW = 0
[ 137.289289] Data abort info:
[ 137.292357] ISV = 0, ISS = 0x00000007
[ 137.296380] CM = 0, WnR = 0
[ 137.299537] swapper pgtable: 4k pages, 48-bit VAs, pgd = ffff20000afb8000
[ 137.306520] [ffff20000bf29bc0] *pgd=00000009ffffe003,
*pud=00000009ffffd003, *pmd=0000000994f00003, *pte=0000000000000000
[ 137.318072] Internal error: Oops: 96000007 [#1] PREEMPT SMP
[ 137.323849] Modules linked in: crc32_ce crct10dif_ce fuse
[ 137.329831] Process sh (pid: 3123, stack limit = 0xffff800902050000)
[ 137.336389] CPU: 2 PID: 3123 Comm: sh Not tainted 4.14.194 #1
[ 137.342328] Hardware name: ARM Juno development board (r2) (DT)
[ 137.348444] task: ffff800911c14880 task.stack: ffff800902050000
[ 137.354572] pc : depot_fetch_stack+0x14/0x38
[ 137.359045] lr : print_track.isra.0+0x48/0x74
[ 137.363593] sp : ffff80090202df20 pstate : 200001c5
[ 137.368661] x29: ffff80090202df20 x28: ffff200009e0e090
[ 137.374356] x27: ffff8009096ec200 x26: ffff200009e0e1c4
[ 137.380052] x25: ffff80090202e0ec x24: ffff80090202e0e0
[ 137.385746] x23: ffff8009365b6e00 x22: ffff200009adc7d0
[ 137.391441] x21: 0000000011c14880 x20: ffff200009ac76b0
[ 137.397136] x19: ffff80090202e0e4 x18: 0000000000000000
[ 137.402830] x17: 0000000000000000 x16: 0000000000000000
[ 137.408523] x15: 0000000000000000 x14: 3d3d3d3d3d3d3d3d
[ 137.414218] x13: 3d3d3d3d3d3d3d3d x12: 1ffff00120405b89
[ 137.419912] x11: ffff100120405b89 x10: dfff200000000000
[ 137.425606] x9 : ffff100120405b8a x8 : 0000000000000004
[ 137.431301] x7 : 0000000000000001 x6 : 0000000000000003
[ 137.436994] x5 : ffff100120405b89 x4 : 0000000000000000
[ 137.442688] x3 : 00000000001f8009 x2 : ffff20000af69b78
[ 137.448382] x1 : ffff80090202df58 x0 : 0000000000003ff0
[ 137.454079] Call trace:
[ 137.456722] Code: f0014322 912de042 d3557800 d37c2400 (f8637842)
[ 137.463087] ---[ end trace 81665fb4c270025f ]---
[ 137.467908] note: sh[3123] exited with preempt_count 2
full test log,
https://qa-reports.linaro.org/lkft/linux-stable-rc-4.14-oe/build/v4.14.195-92-g54fa008d06cd/testrun/3149565/suite/linux-log-parser/test/check-kernel-bug-1727638/log
--
Linaro LKFT
https://lkft.linaro.org
reply other threads:[~2020-09-02 7:12 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+G9fYu6p_UuQ5=ZozAMz8XgFfedWPFJ0VRj=9CaZ-zRSuyJkA@mail.gmail.com' \
--to=naresh.kamboju@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=leo.yan@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lkft-triage@lists.linaro.org \
--cc=mhiramat@kernel.org \
--cc=rostedt@goodmis.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox