Re: BUG: KASAN: slab-out-of-bounds in print_synth_event+0xa68/0xa78

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Sven Schnelle <svens@linux.ibm.com>
To: Steven Rostedt <rostedt@goodmis.org>
Cc: linux-kernel@vger.kernel.org
Subject: Re: BUG: KASAN: slab-out-of-bounds in print_synth_event+0xa68/0xa78
Date: Fri, 04 Aug 2023 18:32:48 +0200	[thread overview]
Message-ID: <yt9da5v66a4v.fsf@linux.ibm.com> (raw)
In-Reply-To: <20230804115033.34c2b5af@gandalf.local.home> (Steven Rostedt's message of "Fri, 4 Aug 2023 11:50:33 -0400")

Steven Rostedt <rostedt@goodmis.org> writes:

> On Fri, 04 Aug 2023 08:20:23 +0200
> Sven Schnelle <svens@linux.ibm.com> wrote:
>
>> Hi Steven,
>> 
>> i noticed the following KASAN splat in CI (on s390):
>> 
>> [  218.586476] /home/svens/linux/tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-stack.tc
>> [  221.610410] ==================================================================
>> [  221.610424] BUG: KASAN: slab-out-of-bounds in print_synth_event+0xa68/0xa78
>> [  221.610440] Read of size 8 at addr 0000000087753ebc by task grep/1321
>> [  221.610445]
>> [  221.610451] CPU: 9 PID: 1321 Comm: grep Not tainted 6.4.0-rc3-00008-g4b512860bdbd #716
>> [  221.610457] Hardware name: IBM 3906 M04 704 (z/VM 7.1.0)
>> [  221.610462] Call Trace:
>> [  221.610466]  [<00000000026026e6>] dump_stack_lvl+0x106/0x1c8
>> [  221.610479]  [<00000000009cdbbc>] print_address_description.constprop.0+0x34/0x378
>> [  221.610488]  [<00000000009cdfac>] print_report+0xac/0x240
>> [  221.610494]  [<00000000009ce32a>] kasan_report+0xf2/0x130
>> [  221.610501]  [<00000000005e4f60>] print_synth_event+0xa68/0xa78
>
> Can you show where exactly the above line is?

It is:

(gdb) list *(print_synth_event+0xa68)
0x5e4f60 is in print_synth_event (/home/svens/ibmgit/linux/kernel/trace/trace_events_synth.c:410).
405                             p = (void *)entry + data_offset;
406                             end = (void *)p + len - (sizeof(long) - 1);
407
408                             trace_seq_printf(s, "%s=STACK:\n", se->fields[i]->name);
409
410                             for (; *p && p < end; p++)
411                                     trace_seq_printf(s, "=> %pS\n", (void *)*p);
412                             n_u64++;
413
414                     } else {

>> For reproducing, the following script is good enough to trigger it
>> reliably on my system:
>> 
>> cd /home/svens/linux/tools/testing/selftests/ftrace
>> for i in $(seq 1 10); do
>> 	./ftracetest -v /home/svens/linux/tools/testing/selftests/ftrace/test.d/trigger/inter-event/trigger-synthetic-event-stack.tc
>
> It's probably because that code has:
>
>   #!/bin/sh
>   # SPDX-License-Identifier: GPL-2.0
>   # description: event trigger - test inter-event histogram trigger trace action with dynamic string param
>   # requires: set_event synthetic_events events/sched/sched_process_exec/hist "can be any field, or the special string 'common_stacktrace'":README
>
> Where it looks for "common_stacktrace" in the README file, and will not run
> if it does not exist. That "common_stacktrace" was added to the README file
> by that commit.

Thanks, i'll try to bisect again with the changed test.

next prev parent reply	other threads:[~2023-08-04 16:33 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-04  6:20 BUG: KASAN: slab-out-of-bounds in print_synth_event+0xa68/0xa78 Sven Schnelle
2023-08-04 15:50 ` Steven Rostedt
2023-08-04 16:32   ` Sven Schnelle [this message]
2023-08-04 17:36     ` Steven Rostedt
2023-08-07  6:08       ` Sven Schnelle
2023-08-08  1:53 ` Steven Rostedt
2023-08-08  5:58   ` Sven Schnelle
2023-08-08  9:44   ` Sven Schnelle
2023-08-08 10:14     ` Steven Rostedt
2023-08-08 14:28       ` Sven Schnelle
2023-08-08 17:20         ` Steven Rostedt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=yt9da5v66a4v.fsf@linux.ibm.com \
    --to=svens@linux.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rostedt@goodmis.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox