From: kernel test robot <oliver.sang@intel.com>
To: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>,
Linux Memory Management List <linux-mm@kvack.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Shuah Khan" <skhan@linuxfoundation.org>,
<linux-usb@vger.kernel.org>, <oliver.sang@intel.com>
Subject: [linux-next:master] [usbip] b8aaf639b4: BUG:KASAN:slab-out-of-bounds_in_lockdep_init_map_type
Date: Tue, 17 Oct 2023 16:30:26 +0800 [thread overview]
Message-ID: <202310171658.eceb99b8-oliver.sang@intel.com> (raw)
hi, Andy Shevchenko,
we reported
"[usb:usb-next] [usbip] b8aaf639b4: BUG:KASAN:slab-out-of-bounds_in_vhci_setup"
on
https://lore.kernel.org/all/202310111714.cb804a0c-oliver.sang@intel.com/
when this commit is still in
https://git.kernel.org/cgit/linux/kernel/git/gregkh/usb.git usb-next
now we noticed it's in linux-next/master, below report FYI.
Hello,
kernel test robot noticed "BUG:KASAN:slab-out-of-bounds_in_lockdep_init_map_type" on:
commit: b8aaf639b403f01d132c9ac1e906c45debfb0218 ("usbip: Use platform_device_register_full()")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
[test failed on linux-next/master f9a6bea131849702d591d18d5c8b8a0eda6f62b3]
in testcase: boot
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202310171658.eceb99b8-oliver.sang@intel.com
[ 124.077874][ T1] BUG: KASAN: slab-out-of-bounds in lockdep_init_map_type (kernel/locking/lockdep.c:4862)
[ 124.077913][ T1] Write of size 8 at addr ffff88811506ce58 by task swapper/0/1
[ 124.077913][ T1]
[ 124.077913][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.0-rc4-00066-gb8aaf639b403 #1 b7f5a4e58d773035f956074c1d632e313715f9ac
[ 124.077913][ T1] Call Trace:
[ 124.077913][ T1] <TASK>
[ 124.077913][ T1] dump_stack_lvl (lib/dump_stack.c:107)
[ 124.077913][ T1] print_address_description+0x2b/0x3d0
[ 124.077913][ T1] ? lockdep_init_map_type (kernel/locking/lockdep.c:4862)
[ 124.077913][ T1] print_report (mm/kasan/report.c:476)
[ 124.077913][ T1] ? lock_acquired (include/trace/events/lock.h:85 kernel/locking/lockdep.c:6026)
[ 124.077913][ T1] ? kasan_addr_to_slab (mm/kasan/common.c:35)
[ 124.077913][ T1] ? lockdep_init_map_type (kernel/locking/lockdep.c:4862)
[ 124.077913][ T1] kasan_report (mm/kasan/report.c:590)
[ 124.077913][ T1] ? lockdep_init_map_type (kernel/locking/lockdep.c:4862)
[ 124.077913][ T1] lockdep_init_map_type (kernel/locking/lockdep.c:4862)
[ 124.077913][ T1] __raw_spin_lock_init (kernel/locking/spinlock_debug.c:26)
[ 124.077913][ T1] vhci_start (drivers/usb/usbip/vhci_hcd.c:1185)
[ 124.077913][ T1] ? vhci_setup (drivers/usb/usbip/vhci_hcd.c:1173)
[ 124.077913][ T1] usb_add_hcd (drivers/usb/core/hcd.c:2944)
[ 124.077913][ T1] vhci_hcd_probe (drivers/usb/usbip/vhci_hcd.c:1363)
[ 124.077913][ T1] platform_probe (drivers/base/platform.c:1410)
[ 124.077913][ T1] really_probe (drivers/base/dd.c:579 drivers/base/dd.c:658)
[ 124.077913][ T1] ? acpi_driver_match_device (drivers/acpi/bus.c:956)
[ 124.077913][ T1] driver_probe_device (drivers/base/dd.c:830)
[ 124.077913][ T1] __device_attach_driver (drivers/base/dd.c:959)
[ 124.077913][ T1] ? driver_probe_device (drivers/base/dd.c:922)
[ 124.077913][ T1] bus_for_each_drv (drivers/base/bus.c:414 drivers/base/bus.c:456)
[ 124.077913][ T1] ? bus_for_each_dev (drivers/base/bus.c:445)
[ 124.077913][ T1] ? __lock_acquired (kernel/locking/lockdep.c:339 kernel/locking/lockdep.c:5990)
[ 124.077913][ T1] __device_attach (drivers/base/dd.c:1032)
[ 124.077913][ T1] ? device_driver_attach (drivers/base/dd.c:1001)
[ 124.077913][ T1] ? preempt_count_sub (kernel/sched/core.c:5863 kernel/sched/core.c:5859 kernel/sched/core.c:5881)
[ 124.077913][ T1] ? _raw_spin_unlock (arch/x86/include/asm/preempt.h:104 include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186)
[ 124.077913][ T1] bus_probe_device (drivers/base/bus.c:532)
[ 124.077913][ T1] device_add (drivers/base/core.c:3631)
[ 124.077913][ T1] ? __fw_devlink_link_to_consumers+0x1f0/0x1f0
[ 124.077913][ T1] ? kasan_set_track (mm/kasan/common.c:52)
[ 124.077913][ T1] ? __kasan_kmalloc (mm/kasan/common.c:374 mm/kasan/common.c:383)
[ 124.077913][ T1] platform_device_add (drivers/base/platform.c:717)
[ 124.077913][ T1] platform_device_register_full (drivers/base/platform.c:844)
[ 124.077913][ T1] ? driver_register (drivers/base/driver.c:258)
[ 124.077913][ T1] vhci_hcd_init (drivers/usb/usbip/vhci_hcd.c:1532)
[ 124.077913][ T1] ? _raw_spin_unlock_irqrestore (arch/x86/include/asm/preempt.h:104 include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194)
[ 124.077913][ T1] ? usbip_core_init (drivers/usb/usbip/vhci_hcd.c:1507)
[ 124.077913][ T1] ? rng_is_initialized (drivers/char/random.c:918)
[ 124.077913][ T1] ? usbip_core_init (drivers/usb/usbip/vhci_hcd.c:1507)
[ 124.077913][ T1] do_one_initcall (init/main.c:1232)
[ 124.077913][ T1] ? trace_initcall_level (init/main.c:1223)
[ 124.077913][ T1] ? parse_one (kernel/params.c:138)
[ 124.077913][ T1] ? __kmem_cache_alloc_node (mm/slab.h:761 mm/slub.c:3478 mm/slub.c:3517)
[ 124.077913][ T1] ? kasan_set_track (mm/kasan/common.c:52)
[ 124.077913][ T1] ? __kasan_kmalloc (mm/kasan/common.c:374 mm/kasan/common.c:383)
[ 124.077913][ T1] do_initcalls (init/main.c:1293 init/main.c:1310)
[ 124.077913][ T1] kernel_init_freeable (init/main.c:1549)
[ 124.077913][ T1] ? rest_init (init/main.c:1429)
[ 124.077913][ T1] kernel_init (init/main.c:1439)
[ 124.077913][ T1] ? _raw_spin_unlock_irq (arch/x86/include/asm/preempt.h:104 include/linux/spinlock_api_smp.h:160 kernel/locking/spinlock.c:202)
[ 124.077913][ T1] ret_from_fork (arch/x86/kernel/process.c:153)
[ 124.077913][ T1] ? rest_init (init/main.c:1429)
[ 124.077913][ T1] ret_from_fork_asm (arch/x86/entry/entry_64.S:312)
[ 124.077913][ T1] </TASK>
[ 124.077913][ T1]
[ 124.077913][ T1] Allocated by task 1:
[ 124.077913][ T1] kasan_save_stack (mm/kasan/common.c:46)
[ 124.077913][ T1] kasan_set_track (mm/kasan/common.c:52)
[ 124.077913][ T1] __kasan_kmalloc (mm/kasan/common.c:374 mm/kasan/common.c:383)
[ 124.077913][ T1] __kmalloc_node_track_caller (mm/slab_common.c:1024 mm/slab_common.c:1043)
[ 124.077913][ T1] kmemdup (mm/util.c:131)
[ 124.077913][ T1] platform_device_add_data (include/linux/fortify-string.h:765 drivers/base/platform.c:638)
[ 124.077913][ T1] platform_device_register_full (drivers/base/platform.c:832)
[ 124.077913][ T1] vhci_hcd_init (drivers/usb/usbip/vhci_hcd.c:1532)
[ 124.077913][ T1] do_one_initcall (init/main.c:1232)
[ 124.077913][ T1] do_initcalls (init/main.c:1293 init/main.c:1310)
[ 124.077913][ T1] kernel_init_freeable (init/main.c:1549)
[ 124.077913][ T1] kernel_init (init/main.c:1439)
[ 124.077913][ T1] ret_from_fork (arch/x86/kernel/process.c:153)
[ 124.077913][ T1] ret_from_fork_asm (arch/x86/entry/entry_64.S:312)
[ 124.077913][ T1]
[ 124.077913][ T1] The buggy address belongs to the object at ffff88811506ce38
[ 124.077913][ T1] which belongs to the cache kmalloc-8 of size 8
[ 124.077913][ T1] The buggy address is located 24 bytes to the right of
[ 124.077913][ T1] allocated 8-byte region [ffff88811506ce38, ffff88811506ce40)
[ 124.077913][ T1]
[ 124.077913][ T1] The buggy address belongs to the physical page:
[ 124.077913][ T1] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11506c
[ 124.077913][ T1] flags: 0x20000000000800(slab|node=0|zone=2)
[ 124.077913][ T1] page_type: 0xffffffff()
[ 124.077913][ T1] raw: 0020000000000800 ffff888100041280 dead000000000122 0000000000000000
[ 124.077913][ T1] raw: 0000000000000000 0000000080660066 00000001ffffffff 0000000000000000
[ 124.077913][ T1] page dumped because: kasan: bad access detected
[ 124.077913][ T1] page_owner tracks the page as allocated
[ 124.077913][ T1] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 27, tgid 27 (kworker/u4:1), ts 45269241050, free_ts 0
[ 124.077913][ T1] get_page_from_freelist (mm/page_alloc.c:1545 mm/page_alloc.c:3170)
[ 124.077913][ T1] __alloc_pages (mm/page_alloc.c:4426)
[ 124.077913][ T1] allocate_slab (mm/slub.c:1870 mm/slub.c:2017)
[ 124.077913][ T1] ___slab_alloc (mm/slub.c:3224 (discriminator 3))
[ 124.077913][ T1] __kmem_cache_alloc_node (mm/slub.c:3322 mm/slub.c:3375 mm/slub.c:3468 mm/slub.c:3517)
[ 124.077913][ T1] __kmalloc_node_track_caller (include/linux/kasan.h:198 mm/slab_common.c:1023 mm/slab_common.c:1043)
[ 124.077913][ T1] kstrdup (mm/util.c:62)
[ 124.077913][ T1] eventfs_prepare_ef+0x6a/0x300
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20231017/202310171658.eceb99b8-oliver.sang@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2023-10-17 8:30 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202310171658.eceb99b8-oliver.sang@intel.com \
--to=oliver.sang@intel.com \
--cc=andriy.shevchenko@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-mm@kvack.org \
--cc=linux-usb@vger.kernel.org \
--cc=lkp@intel.com \
--cc=oe-lkp@lists.linux.dev \
--cc=skhan@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).