Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757543AbcK3ONU (ORCPT ); Wed, 30 Nov 2016 09:13:20 -0500 Received: from smtprelay0129.hostedemail.com ([216.40.44.129]:50569 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1754198AbcK3ONL (ORCPT ); Wed, 30 Nov 2016 09:13:11 -0500 X-Session-Marker: 726F737465647440676F6F646D69732E6F7267 X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,rostedt@goodmis.org,:::::::::::,RULES_HIT:2:41:355:379:541:599:800:960:973:988:989:1260:1277:1311:1313:1314:1345:1359:1437:1515:1516:1518:1535:1593:1594:1605:1730:1747:1777:1792:1801:2393:2553:2559:2562:2901:2904:3138:3139:3140:3141:3142:3622:3865:3866:3868:3870:3871:3872:3873:3874:4051:4120:4321:4605:5007:6119:6261:7875:7903:7904:8603:8660:8784:9121:9149:9163:9165:10004:10848:10967:11026:11232:11658:11914:12043:12438:12555:12663:12697:12737:12740:12760:12986:13148:13161:13229:13230:13439:14659:21060:21080:21324:21451:30003:30029:30045:30054:30056:30090:30091,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:fn,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:6,LUA_SUMMARY:none X-HE-Tag: drain37_1b5cb375b451e X-Filterd-Recvd-Size: 9062 Date: Wed, 30 Nov 2016 09:13:06 -0500 From: Steven Rostedt To: Xishi Qiu Cc: , Linux MM , LKML , Yisheng Xie , wangwei Subject: Re: [RFC] kasan: is it a wrong report from kasan? Message-ID: <20161130091306.3c4ce99e@gandalf.local.home> In-Reply-To: <583E8864.9000305@huawei.com> References: <583E8864.9000305@huawei.com> X-Mailer: Claws Mail 3.14.0 (GTK+ 2.24.31; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 8085 Lines: 93 On Wed, 30 Nov 2016 16:05:56 +0800 Xishi Qiu wrote: > The kernel version is v4.1, and I find some error reports from kasan. First off, this is an ancient kernel. Can you reproduce this on 4.9-rc? > I'm not sure whether it is a wrong report. No idea, and it may not even be an issue with ftrace, but with the caller of the tracepoint. > > 11-29 07:57:26.513 <3>[12507.758056s][pid:0,cpu3,swapper/3]BUG: KASAN: stack-out-of-bounds in trace_event_buffer_lock_reserve+0x50/0x170 at addr ffffffc035903bf0 Use gdb on your vmlinux that ran this kernel, and see exactly where ffffffc035903bf0 is. > 11-29 07:57:26.513 <3>[12507.758087s][pid:0,cpu3,swapper/3]Write of size 8 by task swapper/3/0 > 11-29 07:57:26.513 <0>[12507.758117s][pid:0,cpu3,swapper/3]page:ffffffbdc0d740c0 count:0 mapcount:0 mapping: (null) index:0x0 > 11-29 07:57:26.513 <0>[12507.758117s][pid:0,cpu3,swapper/3]flags: 0x0() > 11-29 07:57:26.513 <1>[12507.758148s][pid:0,cpu3,swapper/3]page dumped because: kasan: bad access detected > 11-29 07:57:26.513 <4>[12507.758178s][pid:0,cpu3,swapper/3]CPU: 3 PID: 0 Comm: swapper/3 Tainted: G B 4.1.18-gd8679e8 #1 > 11-29 07:57:26.513 <4>[12507.758209s][pid:0,cpu3,swapper/3]TGID: 0 Comm: swapper/3 > 11-29 07:57:26.513 <4>[12507.758239s][pid:0,cpu3,swapper/3]Hardware name: hi6250 (DT) > 11-29 07:57:26.514 <0>[12507.758239s][pid:0,cpu3,swapper/3]Call trace: > 11-29 07:57:26.514 <4>[12507.758270s][pid:0,cpu3,swapper/3][] dump_backtrace+0x0/0x1f4 > 11-29 07:57:26.515 <4>[12507.758300s][pid:0,cpu3,swapper/3][] show_stack+0x20/0x28 > 11-29 07:57:26.516 <4>[12507.758331s][pid:0,cpu3,swapper/3][] dump_stack+0x84/0xa8 > 11-29 07:57:26.516 <4>[12507.758361s][pid:0,cpu3,swapper/3][] kasan_report+0x54c/0x574 > 11-29 07:57:26.517 <4>[12507.758361s][pid:0,cpu3,swapper/3][] __asan_store8+0x6c/0x84 > 11-29 07:57:26.517 <4>[12507.758392s][pid:0,cpu3,swapper/3][] trace_event_buffer_lock_reserve+0x50/0x170 > 11-29 07:57:26.517 <4>[12507.758422s][pid:0,cpu3,swapper/3][] ftrace_event_buffer_reserve+0x8c/0xd8 > 11-29 07:57:26.517 <4>[12507.758453s][pid:0,cpu3,swapper/3][] ftrace_raw_event_sched_wakeup_template+0xe0/0x194 > 11-29 07:57:26.517 <4>[12507.758483s][pid:0,cpu3,swapper/3][] ttwu_do_wakeup+0x19c/0x200 > 11-29 07:57:26.517 <4>[12507.758514s][pid:0,cpu3,swapper/3][] try_to_wake_up+0x558/0x638 > 11-29 07:57:26.517 <4>[12507.758514s][pid:0,cpu3,swapper/3][] wake_up_process+0x3c/0x78 > 11-29 07:57:26.517 <4>[12507.758544s][pid:0,cpu3,swapper/3][] raise_softirq+0xa0/0xb4 > 11-29 07:57:26.517 <4>[12507.758575s][pid:0,cpu3,swapper/3][] invoke_rcu_core+0x5c/0x6c > 11-29 07:57:26.518 <4>[12507.758605s][pid:0,cpu3,swapper/3][] rcu_needs_cpu+0x190/0x198 The interrupt came in from idle. How did the stack get corrupted? -- Steve > 11-29 07:57:26.518 <4>[12507.758636s][pid:0,cpu3,swapper/3][] __tick_nohz_idle_enter+0x220/0x814 > 11-29 07:57:26.518 <4>[12507.758666s][pid:0,cpu3,swapper/3][] tick_nohz_idle_enter+0x68/0xa8 > 11-29 07:57:26.518 <4>[12507.758697s][pid:0,cpu3,swapper/3][] cpu_startup_entry+0x88/0x51c > 11-29 07:57:26.518 <4>[12507.758697s][pid:0,cpu3,swapper/3][] secondary_start_kernel+0x1d8/0x22c > 11-29 07:57:26.518 <3>[12507.758728s][pid:0,cpu3,swapper/3]Memory state around the buggy address: > 11-29 07:57:26.518 <3>[12507.758758s][pid:0,cpu3,swapper/3] ffffffc035903a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 11-29 07:57:26.518 <3>[12507.758758s][pid:0,cpu3,swapper/3] ffffffc035903b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 11-29 07:57:26.518 <3>[12507.758789s][pid:0,cpu3,swapper/3]>ffffffc035903b80: 00 00 00 00 f1 f1 f1 f1 00 00 f1 f1 f1 f1 f3 f3 > 11-29 07:57:26.518 <3>[12507.758819s][pid:0,cpu3,swapper/3] ^ > 11-29 07:57:26.519 <3>[12507.758850s][pid:0,cpu3,swapper/3] ffffffc035903c00: 00 00 00 00 f4 f4 00 00 00 00 00 00 00 00 00 00 > 11-29 07:57:26.519 <3>[12507.758850s][pid:0,cpu3,swapper/3] ffffffc035903c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > > > 11-29 07:57:26.523 <3>[12507.759735s][pid:0,cpu3,swapper/3]BUG: KASAN: stack-out-of-bounds in ftrace_event_buffer_reserve+0x98/0xd8 at addr ffffffc035903bf8 > 11-29 07:57:26.523 <3>[12507.759765s][pid:0,cpu3,swapper/3]Write of size 8 by task swapper/3/0 > 11-29 07:57:26.523 <0>[12507.759765s][pid:0,cpu3,swapper/3]page:ffffffbdc0d740c0 count:0 mapcount:0 mapping: (null) index:0x0 > 11-29 07:57:26.523 <0>[12507.759796s][pid:0,cpu3,swapper/3]flags: 0x0() > 11-29 07:57:26.523 <1>[12507.759826s][pid:0,cpu3,swapper/3]page dumped because: kasan: bad access detected > 11-29 07:57:26.523 <4>[12507.759857s][pid:0,cpu3,swapper/3]CPU: 3 PID: 0 Comm: swapper/3 Tainted: G B 4.1.18-gd8679e8 #1 > 11-29 07:57:26.524 <4>[12507.759857s][pid:0,cpu3,swapper/3]TGID: 0 Comm: swapper/3 > 11-29 07:57:26.524 <4>[12507.759887s][pid:0,cpu3,swapper/3]Hardware name: hi6250 (DT) > 11-29 07:57:26.524 <0>[12507.759887s][pid:0,cpu3,swapper/3]Call trace: > 11-29 07:57:26.524 <4>[12507.759918s][pid:0,cpu3,swapper/3][] dump_backtrace+0x0/0x1f4 > 11-29 07:57:26.524 <4>[12507.759948s][pid:0,cpu3,swapper/3][] show_stack+0x20/0x28 > 11-29 07:57:26.524 <4>[12507.759979s][pid:0,cpu3,swapper/3][] dump_stack+0x84/0xa8 > 11-29 07:57:26.524 <4>[12507.760009s][pid:0,cpu3,swapper/3][] kasan_report+0x54c/0x574 > 11-29 07:57:26.524 <4>[12507.760009s][pid:0,cpu3,swapper/3][] __asan_store8+0x6c/0x84 > 11-29 07:57:26.524 <4>[12507.760040s][pid:0,cpu3,swapper/3][] ftrace_event_buffer_reserve+0x98/0xd8 > 11-29 07:57:26.525 <4>[12507.760070s][pid:0,cpu3,swapper/3][] ftrace_raw_event_sched_wakeup_template+0xe0/0x194 > 11-29 07:57:26.525 <4>[12507.760101s][pid:0,cpu3,swapper/3][] ttwu_do_wakeup+0x19c/0x200 > 11-29 07:57:26.525 <4>[12507.760131s][pid:0,cpu3,swapper/3][] try_to_wake_up+0x558/0x638 > 11-29 07:57:26.525 <4>[12507.760131s][pid:0,cpu3,swapper/3][] wake_up_process+0x3c/0x78 > 11-29 07:57:26.525 <4>[12507.760162s][pid:0,cpu3,swapper/3][] raise_softirq+0xa0/0xb4 > 11-29 07:57:26.525 <4>[12507.760192s][pid:0,cpu3,swapper/3][] invoke_rcu_core+0x5c/0x6c > 11-29 07:57:26.525 <4>[12507.760223s][pid:0,cpu3,swapper/3][] rcu_needs_cpu+0x190/0x198 > 11-29 07:57:26.525 <4>[12507.760253s][pid:0,cpu3,swapper/3][] __tick_nohz_idle_enter+0x220/0x814 > 11-29 07:57:26.525 <4>[12507.760253s][pid:0,cpu3,swapper/3][] tick_nohz_idle_enter+0x68/0xa8 > 11-29 07:57:26.526 <4>[12507.760284s][pid:0,cpu3,swapper/3][] cpu_startup_entry+0x88/0x51c > 11-29 07:57:26.526 <4>[12507.760314s][pid:0,cpu3,swapper/3][] secondary_start_kernel+0x1d8/0x22c > 11-29 07:57:26.526 <3>[12507.760345s][pid:0,cpu3,swapper/3]Memory state around the buggy address: > 11-29 07:57:26.526 <3>[12507.760345s][pid:0,cpu3,swapper/3] ffffffc035903a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 11-29 07:57:26.526 <3>[12507.760375s][pid:0,cpu3,swapper/3] ffffffc035903b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > 11-29 07:57:26.526 <3>[12507.760406s][pid:0,cpu3,swapper/3]>ffffffc035903b80: 00 00 00 00 f1 f1 f1 f1 00 00 f1 f1 f1 f1 f3 f3 > 11-29 07:57:26.526 <3>[12507.760406s][pid:0,cpu3,swapper/3] ^ > 11-29 07:57:26.526 <3>[12507.760437s][pid:0,cpu3,swapper/3] ffffffc035903c00: 00 00 00 00 f4 f4 00 00 00 00 00 00 00 00 00 00 > 11-29 07:57:26.526 <3>[12507.760467s][pid:0,cpu3,swapper/3] ffffffc035903c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00