From: Naresh Kamboju <naresh.kamboju@linaro.org>
To: Linux ARM <linux-arm-kernel@lists.infradead.org>,
Linux-Next Mailing List <linux-next@vger.kernel.org>,
open list <linux-kernel@vger.kernel.org>,
linux-mm <linux-mm@kvack.org>,
lkft-triage@lists.linaro.org
Cc: Linus Walleij <linus.walleij@linaro.org>,
Arnd Bergmann <arnd@arndb.de>,
Andrew Morton <akpm@linux-foundation.org>,
Ard Biesheuvel <ardb@kernel.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Steven Rostedt <rostedt@goodmis.org>
Subject: [ arm ] BUG: KASAN: stack-out-of-bounds in save_trace+0xf8/0x14c
Date: Mon, 16 Nov 2020 20:36:10 +0530 [thread overview]
Message-ID: <CA+G9fYvbcYvGP90VDuxHHTRSpc+yh=uZxUC5ZOzDm-7dcmkQnA@mail.gmail.com> (raw)
The following kernel warning noticed on arm KASAN enabled config while
booting on qemu arm on Linux next 20201116 tag.
[ 10.811824] BUG: KASAN: stack-out-of-bounds in save_trace+0xf8/0x14c
[ 10.814330] Read of size 4 at addr c7aa37bc by task udevadm/192
[ 10.816669]
[ 10.817310] CPU: 0 PID: 192 Comm: udevadm Not tainted
5.10.0-rc3-next-20201116 #2
[ 10.820576] Hardware name: Generic DT based system
[ 10.822886] [<c0315abc>] (unwind_backtrace) from [<c030ebf8>]
(show_stack+0x10/0x14)
[ 10.827114] [<c030ebf8>] (show_stack) from [<c16c91cc>]
(dump_stack+0xc8/0xe0)
[ 10.830696] [<c16c91cc>] (dump_stack) from [<c051b4ec>]
(print_address_description.constprop.0+0x34/0x2dc)
[ 10.835673] [<c051b4ec>] (print_address_description.constprop.0)
from [<c051b9e0>] (kasan_report+0x1a8/0x1c4)
[ 10.840888] [<c051b9e0>] (kasan_report) from [<c030e624>]
(save_trace+0xf8/0x14c)
[ 10.844773] [<c030e624>] (save_trace) from [<c030e50c>]
(walk_stackframe+0x1c/0x3c)
[ 10.848513] [<c030e50c>] (walk_stackframe) from [<c030e79c>]
(__save_stack_trace+0x124/0x12c)
[ 10.852745] [<c030e79c>] (__save_stack_trace) from [<c040bc9c>]
(stack_trace_save+0x90/0xc0)
[ 10.856653] [<c040bc9c>] (stack_trace_save) from [<c051aeb8>]
(kasan_save_stack+0x1c/0x40)
[ 10.860463] [<c051aeb8>] (kasan_save_stack) from [<c051afac>]
(kasan_set_track+0x28/0x30)
[ 10.864263] [<c051afac>] (kasan_set_track) from [<c051c748>]
(kasan_set_free_info+0x20/0x34)
[ 10.868176] [<c051c748>] (kasan_set_free_info) from [<c051ae74>]
(____kasan_slab_free+0xd4/0xfc)
[ 10.872253] [<c051ae74>] (____kasan_slab_free) from [<c0519194>]
(kmem_cache_free+0x80/0x4a0)
[ 10.876217] [<c0519194>] (kmem_cache_free) from [<c040032c>]
(rcu_core+0x384/0x7f4)
[ 10.879852] [<c040032c>] (rcu_core) from [<c03014d8>]
(__do_softirq+0x188/0x3d0)
[ 10.883309] [<c03014d8>] (__do_softirq) from [<c0361f88>]
(irq_exit+0x100/0x124)
[ 10.886748] [<c0361f88>] (irq_exit) from [<c03e712c>]
(__handle_domain_irq+0x7c/0xdc)
[ 10.890378] [<c03e712c>] (__handle_domain_irq) from [<c09a8e04>]
(gic_handle_irq+0xb4/0xe0)
[ 10.894268] [<c09a8e04>] (gic_handle_irq) from [<c0300b8c>]
(__irq_svc+0x6c/0x94)
[ 10.897739] Exception stack(0xc7aa3698 to 0xc7aa36e0)
[ 10.900109] 3680:
c03000c0 c25e6660
[ 10.903902] 36a0: c263bb70BUG: KASAN: stack-out-of-bounds in
save_trace+0xf8/0x14c c263fd88 c7aa37e0 c315c5e0 c312d9a0 c7aa3880
c040bc9c c03000c0
[ 10.907859] 36c0: a0030013 c7aa38ec c312d9a0 c7aa36e8 c0315330
c031508c a0030013 ffffffff
[ 10.912344] [<c0300b8c>] (__irq_svc) from [<c031508c>]
(search_index+0x8/0xec)
[ 10.916050] [<c031508c>] (search_index) from [<c0564990>]
(__d_lookup_rcu+0x58/0x2a8)
[ 10.920147] [<c0564990>] (__d_lookup_rcu) from [<c03000c0>]
(ret_fast_syscall+0x0/0x58)
[ 10.924242] Exception stack(0xc7aa3780 to 0xc7aa37c8)
[ 10.926923] 3780: c25f18a0 c7aa4000 00000000 00000000 00000003
1312d000 5fb25e68 00000000
[ 10.931004] 37a0: 00000000 80000000 ffffffff 7fffffff 5fb25e68
00000000 ee7e2590 00000000
[ 10.935188] 37c0: 41b58ab3 c247c3ec
[ 10.936910]
[ 10.937652] The buggy address belongs to the page:
[ 10.939933] page:(ptrval) refcount:0 mapcount:0 mapping:00000000
index:0x0 pfn:0x47aa3
[ 10.943733] flags: 0x0()
[ 10.944995] raw: 00000000 ee60cef0 ee60cef0 00000000 00000000
00000000 ffffffff 00000000
[ 10.948786] raw: 00000000
[ 10.950037] page dumped because: kasan: bad access detected
[ 10.952655]
[ 10.953405] addr c7aa37bc is located in stack of task udevadm/192
at offset 156 in frame:
[ 10.957194] unwind_frame+0x0/0x8c0
[ 10.958853]
[ 10.959616] this frame has 1 object:
[ 10.961322] [32, 116) 'ctrl'
[ 10.961329]
[ 10.963476] Memory state around the buggy address:
[ 10.965699] c7aa3680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 10.968752] c7aa3700: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00
[ 10.971846] >c7aa3780: 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[ 10.974831] ^
[ 10.976883] c7aa3800: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 04 f2 f2
[ 10.979907] c7aa3880: 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[ 10.982919] ==================================================================
[ 10.986244] Disabling lock debugging due to kernel taint
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
full boot log link,
https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20201116/testrun/3445674/suite/linux-log-parser/test/check-kernel-bug-1944975/log
metadata:
git branch: master
git repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next
git describe: next-20201116
kernel-config: https://builds.tuxbuild.com/1kMYEMmo35DocMgHZ9AtJReL3rN/config
--
Linaro LKFT
https://lkft.linaro.org
next reply other threads:[~2020-11-16 15:06 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-16 15:06 Naresh Kamboju [this message]
2020-11-18 9:05 ` Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+G9fYvbcYvGP90VDuxHHTRSpc+yh=uZxUC5ZOzDm-7dcmkQnA@mail.gmail.com' \
--to=naresh.kamboju@linaro.org \
--cc=akpm@linux-foundation.org \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=linus.walleij@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-next@vger.kernel.org \
--cc=lkft-triage@lists.linaro.org \
--cc=mhiramat@kernel.org \
--cc=rostedt@goodmis.org \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox