Re: BUG: KASAN: global-out-of-bounds in is_midr_in_range_list+0x29c/0x2e0

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Catalin Marinas <catalin.marinas@arm.com>
To: Zorro Lang <zlang@redhat.com>
Cc: linux-arm-kernel@lists.infradead.org,
	Will Deacon <will@kernel.org>,
	dianders@chromium.org
Subject: Re: BUG: KASAN: global-out-of-bounds in is_midr_in_range_list+0x29c/0x2e0
Date: Thu, 1 May 2025 15:01:22 +0100	[thread overview]
Message-ID: <aBN-smRV0G5nVPlB@arm.com> (raw)
In-Reply-To: <20250427141540.yyh4lht6tzg2l4is@dell-per750-06-vm-08.rhts.eng.pek2.redhat.com>

On Sun, Apr 27, 2025 at 10:15:40PM +0800, Zorro Lang wrote:
> I'm from fstests@ maillist, my latest fstests [2] regression test on
> mainline linux v6.15-rc3+ (HEAD=f1a3944c860b0615d0513110d8cf62bb94adbb41)
> sometimes hit below KASAN bug [1] on aarch64 by running generic/650 [3].
> So report this issue to arm64 list to get review :)
> 
> Thanks,
> Zorro
> 
> 
> [1]
> [16982.135841] run fstests generic/650 at 2025-04-26 15:57:03
> [16983.655106] evm: overlay not supported
> [16983.838316] psci: CPU114 killed (polled 0 ms)
> [16984.610264] psci: CPU32 killed (polled 0 ms)
> [16985.855711] psci: CPU19 killed (polled 0 ms)
> [16986.578909] psci: CPU48 killed (polled 0 ms)
> [16987.329376] psci: CPU1 killed (polled 0 ms)
> [16988.071610] psci: CPU0 killed (polled 0 ms)
> [16989.675527] XFS (sda5): Unmounting Filesystem 73595b5c-b0eb-4f47-9d60-41cba8eb626c
> [16989.894868] XFS (sda5): Mounting V5 Filesystem 73595b5c-b0eb-4f47-9d60-41cba8eb626c
> [16989.935608] XFS (sda5): Ending clean mount
> [16990.913789] psci: CPU98 killed (polled 0 ms)
> [16991.624018] psci: CPU94 killed (polled 0 ms)
> [16992.334849] ==================================================================
> [16992.334865] BUG: KASAN: global-out-of-bounds in is_midr_in_range_list+0x29c/0x2e0
> [16992.334888] Read of size 4 at addr ffffd4ca56f8fb18 by task swapper/94/0
> 
> [16992.334905] CPU: 94 UID: 0 PID: 0 Comm: swapper/94 Kdump: loaded Tainted: G        W           6.15.0-rc3+ #1 PREEMPT(voluntary) 
> [16992.334922] Tainted: [W]=WARN
> [16992.334926] Hardware name: GIGABYTE R152-P31-00/MP32-AR1-00, BIOS F31n (SCP: 2.10.20220810) 09/30/2022
> [16992.334932] Call trace:
> [16992.334937]  show_stack+0x34/0x98 (C)
> [16992.334952]  dump_stack_lvl+0xa8/0xe8
> [16992.334965]  print_address_description.constprop.0+0x90/0x370
> [16992.334983]  print_report+0x108/0x1f8
> [16992.334996]  kasan_report+0x8c/0x1b0
> [16992.335007]  __asan_report_load4_noabort+0x20/0x30
> [16992.335019]  is_midr_in_range_list+0x29c/0x2e0
> [16992.335034]  spectre_bhb_loop_affected+0x28/0xa0
> [16992.335047]  is_spectre_bhb_affected+0x128/0x160
> [16992.335060]  verify_local_cpu_caps+0x140/0x358
> [16992.335070]  verify_local_cpu_capabilities+0x20/0x2a8
> [16992.335081]  check_local_cpu_capabilities+0x28/0x58
> [16992.335092]  secondary_start_kernel+0x80/0x180
> [16992.335104]  __secondary_switched+0xc0/0xc8
> 
> [16992.335120] The buggy address belongs to the variable:
> [16992.335124]  spectre_bhb_k132_list.10+0x18/0x40
> 
> [16992.335339] The buggy address belongs to the virtual mapping at
>                 [ffffd4ca56f70000, ffffd4ca57df0000) created by:
>                 paging_init+0x3b4/0x480

Hopefully this fixes it (found independently):

https://lore.kernel.org/all/20250501104747.28431-1-will@kernel.org/

-- 
Catalin

     prev parent reply	other threads:[~2025-05-01 14:03 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-04-27 14:15 BUG: KASAN: global-out-of-bounds in is_midr_in_range_list+0x29c/0x2e0 Zorro Lang
2025-05-01 14:01 ` Catalin Marinas [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aBN-smRV0G5nVPlB@arm.com \
    --to=catalin.marinas@arm.com \
    --cc=dianders@chromium.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=will@kernel.org \
    --cc=zlang@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.