BUG: KFENCE: memory corruption in usb_get_device_descriptor

* BUG: KFENCE: memory corruption in usb_get_device_descriptor
@ 2021-03-17  8:58 Naresh Kamboju
  2021-03-17 10:04 ` Greg Kroah-Hartman
  0 siblings, 1 reply; 4+ messages in thread
From: Naresh Kamboju @ 2021-03-17  8:58 UTC (permalink / raw)
  To: open list, linux-usb, lkft-triage
  Cc: Greg Kroah-Hartman, Alan Stern, Gustavo A. R. Silva, Jason Yan,
	Ahmed S. Darwish, Oliver Neukum, Eugeniu Rosca, Arnd Bergmann,
	Anders Roxell

While booting Linux mainline master 5.12.0-rc2 and 5.12.0-rc3 on arm64
Hikey device the following KFENCE bug was found.

Recently, we have enabled CONFIG_KFENCE=y and started seeing this crash.
kernel BUG log:

[   18.243075] BUG: KFENCE: memory corruption in
usb_get_device_descriptor+0x80/0xb0
[   18.243075]
[   18.253016] Corrupted memory at 0x00000000bb4567e7 [ ! ! . . . . .
. . . . . . . . . ] (in kfence-#118):
[   18.263817]  usb_get_device_descriptor+0x80/0xb0
[   18.268978]  hub_port_init+0x3e8/0xb70
[   18.273189]  hub_event+0x578/0x1628
[   18.277109]  process_one_work+0x1c8/0x488
[   18.281593]  worker_thread+0x54/0x428
[   18.285692]  kthread+0x120/0x158
[   18.289320]  ret_from_fork+0x10/0x34
[   18.293330]
[   18.295018] kfence-#118 [0x00000000b55b54e8-0x000000001fc57965,
size=18, cache=kmalloc-128] allocated by task 204:

[   18.306534]  usb_get_device_descriptor+0x40/0xb0
[   18.311693]  hub_port_init+0x3e8/0xb70
[   18.315900]  hub_event+0x578/0x1628
[   18.319819]  process_one_work+0x1c8/0x488
[   18.324301]  worker_thread+0x54/0x428
[   18.328397]  kthread+0x120/0x158
[   18.332024]  ret_from_fork+0x10/0x34
root@hikey:~# [   18.33603. /lava-2388200/environment
3]
[   18.338544] CPU: 7 PID: 204 Comm: kworker/7:2 Not tainted 5.12.0-rc2 #2
[   18.345902] Hardware name: HiKey Development Board (DT)
[   18.351715] Workqueue: usb_hub_wq hub_event
[   18.356428] ==================================================================
. /lava[   18.805771]
==================================================================
[   18.813861] BUG: KFENCE: memory corruption in
__usbnet_read_cmd.isra.0+0xd0/0x1a0
[   18.813861]
[   18.823804] Corrupted memory at 0x000000007cedde53 [ ! ! ! . . . .
. . . . . . . . . ] (in kfence-#121):
[   18.834603]  __usbnet_read_cmd.isra.0+0xd0/0x1a0
[   18.839765]  usbnet_read_cmd+0x70/0xa8
[   18.843965]  asix_read_cmd+0x60/0xa0
[   18.847981]  ax88772a_hw_reset+0x148/0x468
[   18.852570]  ax88772_bind+0x1c8/0x310
[   18.856683]  usbnet_probe+0x29c/0x7d8
[   18.860788]  usb_probe_interface+0xe0/0x2c0
-[   18.865236]  really_probe+0xf0/0x4d8
[   18.869016]  driver_probe_device+0xfc/0x168
[   18.873430]  __device_attach_driver+0x94/0x120
[   18.878116]  bus_for_each_drv+0x80/0xd8
[   18.882165]  __device_attach+0xfc/0x180
[   18.886214]  device_initial_probe+0x1c/0x28
[   18.890627]  bus_probe_device+0xa4/0xb0
[   18.894676]  device_add+0x3a8/0x7e8
[   18.898357]  usb_set_configuration+0x488/0x8e8
[   18.903044]  usb_generic_driver_probe+0x58/0x98
[   18.907823]  usb_probe_device+0x44/0x108
[   18.911964]  really_probe+0xf0/0x4d8
2[   18.924600]  driver_probe_device+0xfc/0x168
[   18.937379]  __device_attach_driver+0x94/0x120
[   18.950406]  bus_for_each_drv+0x80/0xd8
[   18.960383]  __device_attach+0xfc/0x180
[   18.969078]  device_initial_probe+0x1c/0x28
3[   18.977855]  bus_probe_device+0xa4/0xb0
[   18.986226]  device_add+0x3a8/0x7e8
[   18.994190]  usb_new_device+0x1e0/0x590
[   19.002475]  hub_event+0x5ec/0x1628
[   19.010352]  process_one_work+0x1c8/0x488
[   19.018792]  worker_thread+0x54/0x428
[   19.026921]  kthread+0x120/0x158
[   19.034614]  ret_from_fork+0x10/0x34
8[   19.042712]
[   19.048623] kfence-#121 [0x000000008a763b3c-0x000000008a763b3c,
size=1, cache=kmalloc-128] allocated by task 204:
[   19.063612]  __usbnet_read_cmd.isra.0+0x60/0x1a0
[   19.072924]  usbnet_read_cmd+0x70/0xa8
[   19.081325]  asix_read_cmd+0x60/0xa0
[   19.089503]  ax88772a_hw_reset+0x148/0x468
8[   19.098163]  ax88772_bind+0x1c8/0x310
[   19.106312]  usbnet_probe+0x29c/0x7d8
[   19.114407]  usb_probe_interface+0xe0/0x2c0
[   19.122950]  really_probe+0xf0/0x4d8
[   19.130811]  driver_probe_device+0xfc/0x168
[   19.139273]  __device_attach_driver+0x94/0x120
[   19.148025]  bus_for_each_drv+0x80/0xd8
[   19.156148]  __device_attach+0xfc/0x180
2[   19.164287]  device_initial_probe+0x1c/0x28
[   19.172782]  bus_probe_device+0xa4/0xb0
[   19.180948]  device_add+0x3a8/0x7e8
[   19.188758]  usb_set_configuration+0x488/0x8e8
[   19.197455]  usb_generic_driver_probe+0x58/0x98
[   19.206120]  usb_probe_device+0x44/0x108
[   19.214175]  really_probe+0xf0/0x4d8
0[   19.221885]  driver_probe_device+0xfc/0x168
[   19.230202]  __device_attach_driver+0x94/0x120
[   19.238794]  bus_for_each_drv+0x80/0xd8
[   19.246780]  __device_attach+0xfc/0x180
[   19.254790]  device_initial_probe+0x1c/0x28
[   19.263145]  bus_probe_device+0xa4/0xb0
[   19.271111]  device_add+0x3a8/0x7e8
0[   19.278682]  usb_new_device+0x1e0/0x590
[   19.286583]  hub_event+0x5ec/0x1628
[   19.294055]  process_one_work+0x1c8/0x488
[   19.302102]  worker_thread+0x54/0x428
[   19.309743]  kthread+0x120/0x158
[   19.316894]  ret_from_fork+0x10/0x34
[   19.324306]
[   19.329495] CPU: 7 PID: 204 Comm: kworker/7:2 Tainted: G    B
      5.12.0-rc2 #2
/[   19.341360] Hardware name: HiKey Development Board (DT)
[   19.350439] Workqueue: usb_hub_wq hub_event

Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>

metadata:
  git branch: master
  git repo: https://gitlab.com/Linaro/lkft/mirrors/torvalds/linux-mainline
  git commit: f296bfd5cd04cbb49b8fc9585adc280ab2b58624
  git describe: v5.12-rc2-487-gf296bfd5cd04
  make_kernelversion: 5.12.0-rc2
  kernel-config: https://builds.tuxbuild.com/1pfztfszUNcDwOAyMrw2wPMKNfc/config

-- 
Linaro LKFT
https://lkft.linaro.org

^ permalink raw reply	[flat|nested] 4+ messages in thread