From: Dmitry Osipenko <digetx@gmail.com>
To: Linus Walleij <linus.walleij@linaro.org>,
Florian Fainelli <f.fainelli@gmail.com>,
Abbott Liu <liuwenliang@huawei.com>,
Russell King <linux@armlinux.org.uk>,
Ard Biesheuvel <ardb@kernel.org>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Mike Rapoport <rppt@linux.ibm.com>
Cc: "linux-tegra@vger.kernel.org" <linux-tegra@vger.kernel.org>,
Peter Chen <Peter.Chen@nxp.com>,
linux-arm-kernel@lists.infradead.org,
Arnd Bergmann <arnd@arndb.de>
Subject: Re: [PATCH 0/5 v16] KASan for Arm
Date: Thu, 29 Oct 2020 20:45:06 +0300 [thread overview]
Message-ID: <c3a17f70-4c7b-55b5-a7ce-373c4ff46b29@gmail.com> (raw)
In-Reply-To: <20201019084140.4532-1-linus.walleij@linaro.org>
19.10.2020 11:41, Linus Walleij пишет:
> This is the 16th and final (knock on wood) version of
> KASan for ARM32.
Hi,
I tried KASAN on NVIDIA Tegra using next-20201029 and getting a (seems)
bogus bug report saying that the bug is in the KASAN code (note
udc_irq() belongs to the ChipIdea USB driver), this problem doesn't
happen using one of older versions of the KASAN patches.
[ 27.700859]
==================================================================
[ 27.720575] BUG: KASAN: stack-out-of-bounds in save_trace+0xbf/0xf8
[ 27.740119] Read of size 4 at addr c4dc7038 by task kworker/0:1H/124
[ 27.778724] CPU: 0 PID: 124 Comm: kworker/0:1H Tainted: G W
5.10.0-rc1-next-20201029-00144-g367ba7b6ebb4 #4327
[ 27.818361] Hardware name: NVIDIA Tegra SoC (Flattened Device Tree)
[ 27.838599] Workqueue: mmc_complete mmc_blk_mq_complete_work
[ 27.858795] [<c0111a05>] (unwind_backtrace) from [<c010c26d>]
(show_stack+0x11/0x14)
[ 27.879038] [<c010c26d>] (show_stack) from [<c0f42e5b>]
(dump_stack+0x8b/0xa0)
[ 27.899374] [<c0f42e5b>] (dump_stack) from [<c031d8f7>]
(print_address_description.constprop.0+0x2b/0x360)
[ 27.939249] [<c031d8f7>] (print_address_description.constprop.0) from
[<c031ddab>] (kasan_report+0x103/0x11c)
[ 27.979769] [<c031ddab>] (kasan_report) from [<c010bddb>]
(save_trace+0xbf/0xf8)
[ 28.000506] [<c010bddb>] (save_trace) from [<c010bd11>]
(walk_stackframe+0x19/0x24)
[ 28.021501] [<c010bd11>] (walk_stackframe) from [<c010bf07>]
(__save_stack_trace+0xf3/0xf8)
[ 28.042658] [<c010bf07>] (__save_stack_trace) from [<c01b8c4d>]
(stack_trace_save+0x75/0x8c)
[ 28.063740] [<c01b8c4d>] (stack_trace_save) from [<c031d019>]
(kasan_save_stack+0x11/0x28)
[ 28.084979] [<c031d019>] (kasan_save_stack) from [<c031d04d>]
(kasan_set_track+0x1d/0x20)
[ 28.106135] [<c031d04d>] (kasan_set_track) from [<c031e461>]
(kasan_set_free_info+0x19/0x20)
[ 28.127351] [<c031e461>] (kasan_set_free_info) from [<c031cfe5>]
(__kasan_slab_free+0xa5/0xc8)
[ 28.148491] [<c031cfe5>] (__kasan_slab_free) from [<c0318b7f>]
(kfree+0x7b/0x374)
[ 28.169910] [<c0318b7f>] (kfree) from [<c09bbe7f>] (udc_irq+0x477/0xe18)
[ 28.191214] [<c09bbe7f>] (udc_irq) from [<c019cb09>]
(__handle_irq_event_percpu+0x71/0x2d4)
[ 28.212693] [<c019cb09>] (__handle_irq_event_percpu) from
[<c019cde1>] (handle_irq_event_percpu+0x75/0xb8)
[ 28.255076] [<c019cde1>] (handle_irq_event_percpu) from [<c019ce67>]
(handle_irq_event+0x43/0x64)
[ 28.277174] [<c019ce67>] (handle_irq_event) from [<c01a1bbb>]
(handle_fasteoi_irq+0xcf/0x18c)
[ 28.299436] [<c01a1bbb>] (handle_fasteoi_irq) from [<c019bd4b>]
(generic_handle_irq+0x3b/0x44)
[ 28.321825] [<c019bd4b>] (generic_handle_irq) from [<c019c34b>]
(__handle_domain_irq+0x5f/0xa8)
[ 28.344383] [<c019c34b>] (__handle_domain_irq) from [<c06b30cf>]
(gic_handle_irq+0x87/0x9c)
[ 28.367176] [<c06b30cf>] (gic_handle_irq) from [<c0100b23>]
(__irq_svc+0x63/0xb0)
[ 28.390118] Exception stack(0xc4dc6f58 to 0xc4dc6fa0)
[ 28.413200] 6f40:
c1fa88c4 00000000
[ 28.436622] 6f60: c1fa88c4 00000000 c5557800 00000000 00000001
c5557808 00000001 c1fa88c0
[ 28.460176] 6f80: 00000000 c466c000 b782c97b c4dc6fac c0bdcfa1
c0bdd51e 60070133 ffffffff
[ 28.484070] [<c0100b23>] (__irq_svc) from [<c0bdd51e>]
(__qdisc_run+0x6d2/0x7b8)
[ 28.508082] [<c0bdd51e>] (__qdisc_run) from [<c0100155>]
(ret_from_fork+0x11/0x1c)
[ 28.532185] Exception stack(0xc4dc6ffc to 0xc4dc7044)
[ 28.556578] 6fe0:
00000000
[ 28.581249] 7000: c1902d18 c4dc8000 00000000 00000000 00000003
00000000 00000000 00000001
[ 28.605909] 7020: 41b58ab3 c1864c40 c0b94e6c 00000800 00000000
c2c01e00 00000001 c09bbe7f
[ 28.630740] 7040: fffffff4
[ 28.679636] The buggy address belongs to the page:
[ 28.704480] page:bc50e6d8 refcount:0 mapcount:0 mapping:00000000
index:0x0 pfn:0x84dc7
[ 28.729687] flags: 0x0()
[ 28.754372] raw: 00000000 defa7000 defa7000 00000000 00000000
00000000 ffffffff 00000000
[ 28.779394] raw: 00000000
[ 28.804339] page dumped because: kasan: bad access detected
[ 28.854326] addr c4dc7038 is located in stack of task
kworker/0:1H/124 at offset 24 in frame:
[ 28.880073] __dev_queue_xmit+0x0/0x9cc
[ 28.931135] this frame has 4 objects:
[ 28.956624] [32, 36) 'rc'
[ 28.956638] [48, 52) 'to_free'
[ 28.981922] [64, 72) '_udphdr'
[ 29.007038] [96, 116) '_tcphdr'
[ 29.081989] Memory state around the buggy address:
[ 29.106884] c4dc6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.132106] c4dc6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 29.157134] >c4dc7000: 00 00 00 00 f1 f1 f1 f1 04 f2 04 f2 00 f2 f2 f2
[ 29.181980] ^
[ 29.206867] c4dc7080: 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[ 29.231827] c4dc7100: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f3 f3 f3
[ 29.257034]
==================================================================
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2020-10-29 17:46 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-19 8:41 [PATCH 0/5 v16] KASan for Arm Linus Walleij
2020-10-19 8:41 ` [PATCH 1/5 v16] ARM: Disable KASan instrumentation for some code Linus Walleij
2020-10-19 8:41 ` [PATCH 2/5 v16] ARM: Replace string mem* functions for KASan Linus Walleij
2020-11-06 7:49 ` Naresh Kamboju
2020-11-06 8:26 ` Linus Walleij
2020-11-06 8:28 ` Ard Biesheuvel
2020-11-06 9:44 ` Nathan Chancellor
2020-11-06 13:37 ` Linus Walleij
2020-11-06 15:15 ` Russell King - ARM Linux admin
2020-11-06 15:18 ` Ard Biesheuvel
2020-11-06 18:09 ` Nathan Chancellor
2020-11-09 16:02 ` Linus Walleij
2020-11-09 16:06 ` Russell King - ARM Linux admin
2020-11-10 12:04 ` Ard Biesheuvel
2020-11-12 13:51 ` Linus Walleij
2020-11-12 15:05 ` Ard Biesheuvel
2020-11-12 17:52 ` Nathan Chancellor
2020-11-16 15:16 ` Ard Biesheuvel
2020-11-09 16:05 ` Linus Walleij
2020-10-19 8:41 ` [PATCH 3/5 v16] ARM: Define the virtual space of KASan's shadow region Linus Walleij
2020-10-19 8:41 ` [PATCH 4/5 v16] ARM: Initialize the mapping of KASan shadow memory Linus Walleij
2020-10-19 8:54 ` Ard Biesheuvel
2020-10-19 9:34 ` Mike Rapoport
2020-10-19 9:42 ` Ard Biesheuvel
2020-10-19 10:04 ` Mike Rapoport
2020-10-19 12:57 ` Linus Walleij
2020-10-19 8:41 ` [PATCH 5/5 v16] ARM: Enable KASan for ARM Linus Walleij
2020-10-29 17:45 ` Dmitry Osipenko [this message]
2020-10-29 18:10 ` [PATCH 0/5 v16] KASan for Arm Ard Biesheuvel
2020-10-29 19:41 ` Dmitry Osipenko
2020-11-02 18:10 ` Dmitry Osipenko
2020-10-30 0:29 ` Nathan Chancellor
2020-10-30 0:38 ` Nick Desaulniers
2020-10-30 1:32 ` Nathan Chancellor
2020-10-30 7:52 ` Ard Biesheuvel
2020-10-30 7:56 ` Nathan Chancellor
2020-10-30 7:58 ` Ard Biesheuvel
2020-10-30 8:04 ` Nathan Chancellor
2020-10-30 8:10 ` Ard Biesheuvel
2020-10-30 8:45 ` Nathan Chancellor
2020-10-30 8:51 ` Arnd Bergmann
2020-10-30 9:09 ` Nathan Chancellor
2020-11-05 0:30 ` Fāng-ruì Sòng
2020-11-05 0:38 ` Nick Desaulniers
2020-11-05 7:52 ` Ard Biesheuvel
2020-11-05 10:24 ` Mike Rapoport
2020-11-09 23:47 ` Nick Desaulniers
2020-11-10 1:56 ` [PATCH] ARM: Link with '-z norelro' Nathan Chancellor
2020-11-10 2:05 ` Nick Desaulniers
2020-11-10 18:49 ` Nick Desaulniers
2020-11-12 2:52 ` Nathan Chancellor
2020-12-02 23:05 ` Nick Desaulniers
2020-11-05 22:10 ` [PATCH 0/5 v16] KASan for Arm Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c3a17f70-4c7b-55b5-a7ce-373c4ff46b29@gmail.com \
--to=digetx@gmail.com \
--cc=Peter.Chen@nxp.com \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=aryabinin@virtuozzo.com \
--cc=f.fainelli@gmail.com \
--cc=linus.walleij@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-tegra@vger.kernel.org \
--cc=linux@armlinux.org.uk \
--cc=liuwenliang@huawei.com \
--cc=rppt@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).