[linus:master] [trace_seq] 40fc60e36c: BUG:KASAN:global-out-of-bounds_in_hex_string

[kernel test robot]

Hello,

kernel test robot noticed "BUG:KASAN:global-out-of-bounds_in_hex_string" on:

commit: 40fc60e36c60ba85b2974e507b67df40c94e9578 ("trace_seq: Increase the 
buffer size to almost two pages")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master

[test failed on linus/master 6c6e47d69d821047097909288b6d7f1aafb3b9b1]
[test failed on linux-next/master 8568bb2ccc278f344e6ac44af6ed010a90aa88dc]

in testcase: rcuscale
version: 
with following parameters:

        runtime: 300s
        scale_type: tasks



compiler: clang-17
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


we also noticed this issue does not always happen. we observed it 17 times
out of 30 runs as below, but did not observe it on parent.


8ec90be7f15fac42 40fc60e36c60ba85b2974e507b6
---------------- ---------------------------
       fail:runs  %reproduction    fail:runs
           |             |             |
           :30          57%          17:30    
dmesg.BUG:KASAN:global-out-of-bounds_in_hex_string


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.s...@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202404101431.bb9742bf-...@intel.com


[ 413.751080][ T494] BUG: KASAN: global-out-of-bounds in hex_string 
(lib/vsprintf.c:?) 
[  413.752115][  T494] Read of size 1 at addr ffffffff960c19c4 by task 
rcu_scale_write/494
[  413.753237][  T494]
[  413.753659][  T494] CPU: 0 PID: 494 Comm: rcu_scale_write Tainted: G         
       T  6.7.0-rc2-00035-g40fc60e36c60 #1 
a4d5f5b4375fec29a5dddc8a474a6031f87af2c2
[  413.755544][  T494] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), 
BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  413.756859][  T494] Call Trace:
[  413.757375][  T494]  <TASK>
[ 413.757850][ T494] dump_stack_lvl (lib/dump_stack.c:?) 
[ 413.758486][ T494] print_report (mm/kasan/report.c:365) 
[ 413.759147][ T494] ? hex_string (lib/vsprintf.c:?) 
[ 413.759803][ T494] kasan_report (mm/kasan/report.c:590) 
[ 413.760455][ T494] ? hex_string (lib/vsprintf.c:?) 
[ 413.761099][ T494] hex_string (lib/vsprintf.c:?) 
[ 413.761719][ T494] pointer (lib/vsprintf.c:?) 
[ 413.762328][ T494] vsnprintf (lib/vsprintf.c:2823) 
[ 413.762978][ T494] seq_buf_vprintf (lib/seq_buf.c:64) 
[ 413.763647][ T494] trace_seq_vprintf (include/linux/seq_buf.h:53 
kernel/trace/trace_seq.c:151) 
[ 413.764351][ T494] trace_event_printf (kernel/trace/trace_output.c:325) 
[ 413.765043][ T494] trace_raw_output_i2c_write (include/trace/events/i2c.h:25) 
i2c_core
[ 413.766410][ T494] ? i2c_put_dma_safe_msg_buf (include/trace/events/i2c.h:25) 
i2c_core
[ 413.767794][ T494] ftrace_dump (kernel/trace/trace.c:10262) 
[ 413.768472][ T494] rcu_scale_writer (kernel/rcu/rcuscale.c:535) rcuscale
[ 413.769741][ T494] ? rcu_scale_writer (kernel/rcu/rcuscale.c:526) rcuscale
[ 413.771241][ T494] kthread (kernel/kthread.c:390) 
[ 413.771847][ T494] ? rcu_scale_reader (kernel/rcu/rcuscale.c:453) rcuscale
[ 413.773073][ T494] ? kthread_unuse_mm (kernel/kthread.c:341) 
[ 413.773791][ T494] ret_from_fork (arch/x86/kernel/process.c:153) 
[ 413.774441][ T494] ? kthread_unuse_mm (kernel/kthread.c:341) 
[ 413.775186][ T494] ret_from_fork_asm (arch/x86/entry/entry_64.S:250) 
[  413.775893][  T494]  </TASK>
[  413.776406][  T494]
[  413.776859][  T494] The buggy address belongs to the variable:
[ 413.777635][ T494] btf_allowlist_d_path+0x4/0x20 
[  413.778325][  T494]
[  413.778740][  T494] The buggy address belongs to the physical page:
[  413.779592][  T494] page:ffffea00074c3040 refcount:1 mapcount:0 
mapping:0000000000000000 index:0x0 pfn:0x1d30c1
[  413.780914][  T494] flags: 0x8000000000004000(reserved|zone=2)
[  413.781710][  T494] page_type: 0xffffffff()
[  413.782341][  T494] raw: 8000000000004000 ffffea00074c3048 ffffea00074c3048 
0000000000000000
[  413.783501][  T494] raw: 0000000000000000 0000000000000000 00000001ffffffff 
0000000000000000
[  413.784669][  T494] page dumped because: kasan: bad access detected
[  413.785556][  T494] page_owner info is not present (never set?)
[  413.786370][  T494]
[  413.786789][  T494] Memory state around the buggy address:
[  413.787550][  T494]  ffffffff960c1880: 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00
[  413.788643][  T494]  ffffffff960c1900: 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9 
00 f9 f9 f9
[  413.789739][  T494] >ffffffff960c1980: 04 f9 f9 f9 04 f9 f9 f9 04 f9 f9 f9 
00 00 00 f9
[  413.790848][  T494]                                            ^
[  413.791705][  T494]  ffffffff960c1a00: f9 f9 f9 f9 00 f9 f9 f9 00 f9 f9 f9 
04 f9 f9 f9
[  413.792789][  T494]  ffffffff960c1a80: 01 f9 f9 f9 01 f9 f9 f9 00 00 f9 f9 
00 00 f9 f9
[  413.797442][  T494] 
==================================================================
[  413.798544][  T494] Disabling lock debugging due to kernel taint
[  413.799401][  T494]  swapper-1         0dNZ.. 118977266us : i2c_write: 
i2c--1868734768 #65535 a=ffff f=7b28 l=4231 
[00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00]
[  413.802715][  T494]  swapper-1         0.N.1. 118977275us : i2c_read: 
i2c--1868734768 #65535 a=ffff f=36fb l=38182
[  413.804088][  T494] ---------------------------------
[  413.804885][  T494] tasks-scale: Test complete



The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240410/202404101431.bb9742bf-...@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki