BUG: KASAN: global-out-of-bounds in is_midr_in_range_list+0x29c/0x2e0
Catalin Marinas
catalin.marinas at arm.com
Thu May 1 07:01:22 PDT 2025
On Sun, Apr 27, 2025 at 10:15:40PM +0800, Zorro Lang wrote:
> I'm from fstests@ maillist, my latest fstests [2] regression test on
> mainline linux v6.15-rc3+ (HEAD=f1a3944c860b0615d0513110d8cf62bb94adbb41)
> sometimes hit below KASAN bug [1] on aarch64 by running generic/650 [3].
> So report this issue to arm64 list to get review :)
>
> Thanks,
> Zorro
>
>
> [1]
> [16982.135841] run fstests generic/650 at 2025-04-26 15:57:03
> [16983.655106] evm: overlay not supported
> [16983.838316] psci: CPU114 killed (polled 0 ms)
> [16984.610264] psci: CPU32 killed (polled 0 ms)
> [16985.855711] psci: CPU19 killed (polled 0 ms)
> [16986.578909] psci: CPU48 killed (polled 0 ms)
> [16987.329376] psci: CPU1 killed (polled 0 ms)
> [16988.071610] psci: CPU0 killed (polled 0 ms)
> [16989.675527] XFS (sda5): Unmounting Filesystem 73595b5c-b0eb-4f47-9d60-41cba8eb626c
> [16989.894868] XFS (sda5): Mounting V5 Filesystem 73595b5c-b0eb-4f47-9d60-41cba8eb626c
> [16989.935608] XFS (sda5): Ending clean mount
> [16990.913789] psci: CPU98 killed (polled 0 ms)
> [16991.624018] psci: CPU94 killed (polled 0 ms)
> [16992.334849] ==================================================================
> [16992.334865] BUG: KASAN: global-out-of-bounds in is_midr_in_range_list+0x29c/0x2e0
> [16992.334888] Read of size 4 at addr ffffd4ca56f8fb18 by task swapper/94/0
>
> [16992.334905] CPU: 94 UID: 0 PID: 0 Comm: swapper/94 Kdump: loaded Tainted: G W 6.15.0-rc3+ #1 PREEMPT(voluntary)
> [16992.334922] Tainted: [W]=WARN
> [16992.334926] Hardware name: GIGABYTE R152-P31-00/MP32-AR1-00, BIOS F31n (SCP: 2.10.20220810) 09/30/2022
> [16992.334932] Call trace:
> [16992.334937] show_stack+0x34/0x98 (C)
> [16992.334952] dump_stack_lvl+0xa8/0xe8
> [16992.334965] print_address_description.constprop.0+0x90/0x370
> [16992.334983] print_report+0x108/0x1f8
> [16992.334996] kasan_report+0x8c/0x1b0
> [16992.335007] __asan_report_load4_noabort+0x20/0x30
> [16992.335019] is_midr_in_range_list+0x29c/0x2e0
> [16992.335034] spectre_bhb_loop_affected+0x28/0xa0
> [16992.335047] is_spectre_bhb_affected+0x128/0x160
> [16992.335060] verify_local_cpu_caps+0x140/0x358
> [16992.335070] verify_local_cpu_capabilities+0x20/0x2a8
> [16992.335081] check_local_cpu_capabilities+0x28/0x58
> [16992.335092] secondary_start_kernel+0x80/0x180
> [16992.335104] __secondary_switched+0xc0/0xc8
>
> [16992.335120] The buggy address belongs to the variable:
> [16992.335124] spectre_bhb_k132_list.10+0x18/0x40
>
> [16992.335339] The buggy address belongs to the virtual mapping at
> [ffffd4ca56f70000, ffffd4ca57df0000) created by:
> paging_init+0x3b4/0x480
Hopefully this fixes it (found independently):
https://lore.kernel.org/all/20250501104747.28431-1-will@kernel.org/
--
Catalin
More information about the linux-arm-kernel
mailing list