[ arm ] BUG: KASAN: stack-out-of-bounds in save_trace+0xf8/0x14c

From: Naresh Kamboju
Date: Mon Nov 16 2020 - 10:06:52 EST


The following kernel warning noticed on arm KASAN enabled config while
booting on qemu arm on Linux next 20201116 tag.

[ 10.811824] BUG: KASAN: stack-out-of-bounds in save_trace+0xf8/0x14c
[ 10.814330] Read of size 4 at addr c7aa37bc by task udevadm/192
[ 10.816669]
[ 10.817310] CPU: 0 PID: 192 Comm: udevadm Not tainted
5.10.0-rc3-next-20201116 #2
[ 10.820576] Hardware name: Generic DT based system
[ 10.822886] [<c0315abc>] (unwind_backtrace) from [<c030ebf8>]
(show_stack+0x10/0x14)
[ 10.827114] [<c030ebf8>] (show_stack) from [<c16c91cc>]
(dump_stack+0xc8/0xe0)
[ 10.830696] [<c16c91cc>] (dump_stack) from [<c051b4ec>]
(print_address_description.constprop.0+0x34/0x2dc)
[ 10.835673] [<c051b4ec>] (print_address_description.constprop.0)
from [<c051b9e0>] (kasan_report+0x1a8/0x1c4)
[ 10.840888] [<c051b9e0>] (kasan_report) from [<c030e624>]
(save_trace+0xf8/0x14c)
[ 10.844773] [<c030e624>] (save_trace) from [<c030e50c>]
(walk_stackframe+0x1c/0x3c)
[ 10.848513] [<c030e50c>] (walk_stackframe) from [<c030e79c>]
(__save_stack_trace+0x124/0x12c)
[ 10.852745] [<c030e79c>] (__save_stack_trace) from [<c040bc9c>]
(stack_trace_save+0x90/0xc0)
[ 10.856653] [<c040bc9c>] (stack_trace_save) from [<c051aeb8>]
(kasan_save_stack+0x1c/0x40)
[ 10.860463] [<c051aeb8>] (kasan_save_stack) from [<c051afac>]
(kasan_set_track+0x28/0x30)
[ 10.864263] [<c051afac>] (kasan_set_track) from [<c051c748>]
(kasan_set_free_info+0x20/0x34)
[ 10.868176] [<c051c748>] (kasan_set_free_info) from [<c051ae74>]
(____kasan_slab_free+0xd4/0xfc)
[ 10.872253] [<c051ae74>] (____kasan_slab_free) from [<c0519194>]
(kmem_cache_free+0x80/0x4a0)
[ 10.876217] [<c0519194>] (kmem_cache_free) from [<c040032c>]
(rcu_core+0x384/0x7f4)
[ 10.879852] [<c040032c>] (rcu_core) from [<c03014d8>]
(__do_softirq+0x188/0x3d0)
[ 10.883309] [<c03014d8>] (__do_softirq) from [<c0361f88>]
(irq_exit+0x100/0x124)
[ 10.886748] [<c0361f88>] (irq_exit) from [<c03e712c>]
(__handle_domain_irq+0x7c/0xdc)
[ 10.890378] [<c03e712c>] (__handle_domain_irq) from [<c09a8e04>]
(gic_handle_irq+0xb4/0xe0)
[ 10.894268] [<c09a8e04>] (gic_handle_irq) from [<c0300b8c>]
(__irq_svc+0x6c/0x94)
[ 10.897739] Exception stack(0xc7aa3698 to 0xc7aa36e0)
[ 10.900109] 3680:
c03000c0 c25e6660
[ 10.903902] 36a0: c263bb70BUG: KASAN: stack-out-of-bounds in
save_trace+0xf8/0x14c c263fd88 c7aa37e0 c315c5e0 c312d9a0 c7aa3880
c040bc9c c03000c0
[ 10.907859] 36c0: a0030013 c7aa38ec c312d9a0 c7aa36e8 c0315330
c031508c a0030013 ffffffff
[ 10.912344] [<c0300b8c>] (__irq_svc) from [<c031508c>]
(search_index+0x8/0xec)
[ 10.916050] [<c031508c>] (search_index) from [<c0564990>]
(__d_lookup_rcu+0x58/0x2a8)
[ 10.920147] [<c0564990>] (__d_lookup_rcu) from [<c03000c0>]
(ret_fast_syscall+0x0/0x58)
[ 10.924242] Exception stack(0xc7aa3780 to 0xc7aa37c8)
[ 10.926923] 3780: c25f18a0 c7aa4000 00000000 00000000 00000003
1312d000 5fb25e68 00000000
[ 10.931004] 37a0: 00000000 80000000 ffffffff 7fffffff 5fb25e68
00000000 ee7e2590 00000000
[ 10.935188] 37c0: 41b58ab3 c247c3ec
[ 10.936910]
[ 10.937652] The buggy address belongs to the page:
[ 10.939933] page:(ptrval) refcount:0 mapcount:0 mapping:00000000
index:0x0 pfn:0x47aa3
[ 10.943733] flags: 0x0()
[ 10.944995] raw: 00000000 ee60cef0 ee60cef0 00000000 00000000
00000000 ffffffff 00000000
[ 10.948786] raw: 00000000
[ 10.950037] page dumped because: kasan: bad access detected
[ 10.952655]
[ 10.953405] addr c7aa37bc is located in stack of task udevadm/192
at offset 156 in frame:
[ 10.957194] unwind_frame+0x0/0x8c0
[ 10.958853]
[ 10.959616] this frame has 1 object:
[ 10.961322] [32, 116) 'ctrl'
[ 10.961329]
[ 10.963476] Memory state around the buggy address:
[ 10.965699] c7aa3680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 10.968752] c7aa3700: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00
[ 10.971846] >c7aa3780: 00 00 04 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00
[ 10.974831] ^
[ 10.976883] c7aa3800: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 04 f2 f2
[ 10.979907] c7aa3880: 00 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
[ 10.982919] ==================================================================
[ 10.986244] Disabling lock debugging due to kernel taint

Reported-by: Naresh Kamboju <naresh.kamboju@xxxxxxxxxx>

full boot log link,
https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20201116/testrun/3445674/suite/linux-log-parser/test/check-kernel-bug-1944975/log

metadata:
git branch: master
git repo: https://gitlab.com/Linaro/lkft/mirrors/next/linux-next
git describe: next-20201116
kernel-config: https://builds.tuxbuild.com/1kMYEMmo35DocMgHZ9AtJReL3rN/config

--
Linaro LKFT
https://lkft.linaro.org