From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6C2AAC56202 for ; Wed, 18 Nov 2020 09:05:27 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id C42F224654 for ; Wed, 18 Nov 2020 09:05:26 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="LXiWVCsS" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C42F224654 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 266796B0036; Wed, 18 Nov 2020 04:05:26 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 23B5A6B005C; Wed, 18 Nov 2020 04:05:26 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 12A9F6B0070; Wed, 18 Nov 2020 04:05:26 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0156.hostedemail.com [216.40.44.156]) by kanga.kvack.org (Postfix) with ESMTP id DA0D56B0036 for ; Wed, 18 Nov 2020 04:05:25 -0500 (EST) Received: from smtpin23.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 8C5475847 for ; Wed, 18 Nov 2020 09:05:25 +0000 (UTC) X-FDA: 77496955410.23.kitty44_0f177ca27339 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin23.hostedemail.com (Postfix) with ESMTP id 2E60137610 for ; Wed, 18 Nov 2020 09:05:25 +0000 (UTC) X-HE-Tag: kitty44_0f177ca27339 X-Filterd-Recvd-Size: 8043 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf18.hostedemail.com (Postfix) with ESMTP for ; Wed, 18 Nov 2020 09:05:24 +0000 (UTC) Received: from mail-ot1-f53.google.com (mail-ot1-f53.google.com [209.85.210.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 580932467D for ; Wed, 18 Nov 2020 09:05:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1605690323; bh=hpHhzpr+59/pVi/V2wsNVtiUe8IEmf1kPxNf7ZU+56s=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=LXiWVCsSLAcGQvV9EOuYYkL+U9fswuQ7JSyrpdIbCrasX1q5Tj1Fog1UOwdBMPsEi A1fLmw4pL3evgyU+oUH5F8sZrafJppvuFFbEbQLiAAqfDkp0cd5Brmbqo5kZ1Z6jGB GKBZYP8OLlN/Jm3/zLtZKhFI9vajiaH8ckbcI3eE= Received: by mail-ot1-f53.google.com with SMTP id j14so1073663ots.1 for ; Wed, 18 Nov 2020 01:05:23 -0800 (PST) X-Gm-Message-State: AOAM530HFnkcD6e5ktbhrYWlrorP8HkkrNk1ggBMJERJPsiGCIwoJY0E 4GeYSS2woKZsI10Gx/VMAPvjlu1rn9MSHaukeOk= X-Google-Smtp-Source: ABdhPJz20jU1s8vpNJHiAQRe2MQNQEjjU5Zv6NpjEVZCZF74sWGAwHKqUf8MB3YYV+CAw8O9WqjWEejR9lichNenR/0= X-Received: by 2002:a05:6830:214c:: with SMTP id r12mr5577412otd.90.1605690322509; Wed, 18 Nov 2020 01:05:22 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Ard Biesheuvel Date: Wed, 18 Nov 2020 10:05:09 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [ arm ] BUG: KASAN: stack-out-of-bounds in save_trace+0xf8/0x14c To: Naresh Kamboju Cc: Linux ARM , Linux-Next Mailing List , open list , linux-mm , lkft-triage@lists.linaro.org, Linus Walleij , Arnd Bergmann , Andrew Morton , Masami Hiramatsu , Stephen Rothwell , Steven Rostedt Content-Type: text/plain; charset="UTF-8" X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, 16 Nov 2020 at 16:06, Naresh Kamboju wrote: > > The following kernel warning noticed on arm KASAN enabled config while > booting on qemu arm on Linux next 20201116 tag. > > [ 10.811824] BUG: KASAN: stack-out-of-bounds in save_trace+0xf8/0x14c This looks like the same false positive we have seen before - the code that captures the call stack when allocating or freeing memory may inadvertently do an out of bound access, but this is kind of ok for diagnostic code so my suggestion was to just disable the instrumentation here (like other architectures do as well): https://www.armlinux.org.uk/developer/patches/viewpatch.php?id=9028/1 > [ 10.814330] Read of size 4 at addr c7aa37bc by task udevadm/192 > [ 10.816669] > [ 10.817310] CPU: 0 PID: 192 Comm: udevadm Not tainted > 5.10.0-rc3-next-20201116 #2 > [ 10.820576] Hardware name: Generic DT based system > [ 10.822886] [] (unwind_backtrace) from [] > (show_stack+0x10/0x14) > [ 10.827114] [] (show_stack) from [] > (dump_stack+0xc8/0xe0) > [ 10.830696] [] (dump_stack) from [] > (print_address_description.constprop.0+0x34/0x2dc) > [ 10.835673] [] (print_address_description.constprop.0) > from [] (kasan_report+0x1a8/0x1c4) > [ 10.840888] [] (kasan_report) from [] > (save_trace+0xf8/0x14c) > [ 10.844773] [] (save_trace) from [] > (walk_stackframe+0x1c/0x3c) > [ 10.848513] [] (walk_stackframe) from [] > (__save_stack_trace+0x124/0x12c) > [ 10.852745] [] (__save_stack_trace) from [] > (stack_trace_save+0x90/0xc0) > [ 10.856653] [] (stack_trace_save) from [] > (kasan_save_stack+0x1c/0x40) > [ 10.860463] [] (kasan_save_stack) from [] > (kasan_set_track+0x28/0x30) > [ 10.864263] [] (kasan_set_track) from [] > (kasan_set_free_info+0x20/0x34) > [ 10.868176] [] (kasan_set_free_info) from [] > (____kasan_slab_free+0xd4/0xfc) > [ 10.872253] [] (____kasan_slab_free) from [] > (kmem_cache_free+0x80/0x4a0) > [ 10.876217] [] (kmem_cache_free) from [] > (rcu_core+0x384/0x7f4) > [ 10.879852] [] (rcu_core) from [] > (__do_softirq+0x188/0x3d0) > [ 10.883309] [] (__do_softirq) from [] > (irq_exit+0x100/0x124) > [ 10.886748] [] (irq_exit) from [] > (__handle_domain_irq+0x7c/0xdc) > [ 10.890378] [] (__handle_domain_irq) from [] > (gic_handle_irq+0xb4/0xe0) > [ 10.894268] [] (gic_handle_irq) from [] > (__irq_svc+0x6c/0x94) > [ 10.897739] Exception stack(0xc7aa3698 to 0xc7aa36e0) > [ 10.900109] 3680: > c03000c0 c25e6660 > [ 10.903902] 36a0: c263bb70BUG: KASAN: stack-out-of-bounds in > save_trace+0xf8/0x14c c263fd88 c7aa37e0 c315c5e0 c312d9a0 c7aa3880 > c040bc9c c03000c0 > [ 10.907859] 36c0: a0030013 c7aa38ec c312d9a0 c7aa36e8 c0315330 > c031508c a0030013 ffffffff > [ 10.912344] [] (__irq_svc) from [] > (search_index+0x8/0xec) > [ 10.916050] [] (search_index) from [] > (__d_lookup_rcu+0x58/0x2a8) > [ 10.920147] [] (__d_lookup_rcu) from [] > (ret_fast_syscall+0x0/0x58) > [ 10.924242] Exception stack(0xc7aa3780 to 0xc7aa37c8) > [ 10.926923] 3780: c25f18a0 c7aa4000 00000000 00000000 00000003 > 1312d000 5fb25e68 00000000 > [ 10.931004] 37a0: 00000000 80000000 ffffffff 7fffffff 5fb25e68 > 00000000 ee7e2590 00000000 > [ 10.935188] 37c0: 41b58ab3 c247c3ec > [ 10.936910] > [ 10.937652] The buggy address belongs to the page: > [ 10.939933] page:(ptrval) refcount:0 mapcount:0 mapping:00000000 > index:0x0 pfn:0x47aa3 > [ 10.943733] flags: 0x0() > [ 10.944995] raw: 00000000 ee60cef0 ee60cef0 00000000 00000000 > 00000000 ffffffff 00000000 > [ 10.948786] raw: 00000000 > [ 10.950037] page dumped because: kasan: bad access detected > [ 10.952655] > [ 10.953405] addr c7aa37bc is located in stack of task udevadm/192 > at offset 156 in frame: > [ 10.957194] unwind_frame+0x0/0x8c0 > [ 10.958853] > [ 10.959616] this frame has 1 object: > [ 10.961322] [32, 116) 'ctrl' > [ 10.961329] > [ 10.963476] Memory state around the buggy address: > [ 10.965699] c7aa3680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > [ 10.968752] c7aa3700: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 > [ 10.971846] >c7aa3780: 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 > [ 10.974831] ^ > [ 10.976883] c7aa3800: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 04 f2 f2 > [ 10.979907] c7aa3880: 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 > [ 10.982919] ================================================================== > [ 10.986244] Disabling lock debugging due to kernel taint > > Reported-by: Naresh Kamboju > > full boot log link, > https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20201116/testrun/3445674/suite/linux-log-parser/test/check-kernel-bug-1944975/log > > metadata: > git branch: master > git repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next > git describe: next-20201116 > kernel-config: https://builds.tuxbuild.com/1kMYEMmo35DocMgHZ9AtJReL3rN/config > > -- > Linaro LKFT > https://lkft.linaro.org