lkft/linux-mainline-master - v6.15-rc3-1-g9d7a0577c9db - log-parser-test/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16

Date

April 20, 2025, 11:09 p.m.

Environment
x15
x86

[   53.472595] ==================================================================
[   53.483306] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x4b0/0x520
[   53.490051] Write of size 16 at addr cc22b180 by task kunit_try_catch/222
[   53.496887] 
[   53.498382] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G    B   W        N  6.15.0-rc3 #1 NONE 
[   53.498413] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   53.498413] Hardware name: Generic DRA74X (Flattened Device Tree)
[   53.498443] Call trace: 
[   53.498443]  unwind_backtrace from show_stack+0x18/0x1c
[   53.498474]  show_stack from dump_stack_lvl+0x70/0x90
[   53.498504]  dump_stack_lvl from print_report+0x158/0x528
[   53.498504]  print_report from kasan_report+0xdc/0x118
[   53.498535]  kasan_report from kmalloc_oob_16+0x4b0/0x520
[   53.498565]  kmalloc_oob_16 from kunit_try_run_case+0x22c/0x5a8
[   53.498596]  kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128
[   53.498596]  kunit_generic_run_threadfn_adapter from kthread+0x464/0x810
[   53.498626]  kthread from ret_from_fork+0x14/0x20
[   53.498657] Exception stack(0xf240bfb0 to 0xf240bff8)
[   53.498657] bfa0:                                     00000000 00000000 00000000 00000000
[   53.498687] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   53.498687] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000
[   53.498718] 
[   53.603057] Allocated by task 222:
[   53.606475]  kasan_save_track+0x30/0x5c
[   53.610351]  __kasan_kmalloc+0x8c/0x94
[   53.614135]  kmalloc_oob_16+0xcc/0x520
[   53.617919]  kunit_try_run_case+0x22c/0x5a8
[   53.622131]  kunit_generic_run_threadfn_adapter+0xc4/0x128
[   53.627655]  kthread+0x464/0x810
[   53.630920]  ret_from_fork+0x14/0x20
[   53.634521] 
[   53.636016] The buggy address belongs to the object at cc22b180
[   53.636016]  which belongs to the cache kmalloc-64 of size 64
[   53.647735] The buggy address is located 0 bytes inside of
[   53.647735]  allocated 13-byte region [cc22b180, cc22b18d)
[   53.658782] 
[   53.660278] The buggy address belongs to the physical page:
[   53.665893] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c22b
[   53.673156] flags: 0x0(zone=0)
[   53.676239] page_type: f5(slab)
[   53.679412] raw: 00000000 c7001300 00000122 00000000 00000000 80200020 f5000000 00000000
[   53.687561] raw: 00000000
[   53.690185] page dumped because: kasan: bad access detected
[   53.695800] 
[   53.697296] Memory state around the buggy address:
[   53.702117]  cc22b080: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.708679]  cc22b100: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.715270] >cc22b180: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.721832]               ^
[   53.724639]  cc22b200: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.731231]  cc22b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   53.737792] ==================================================================

Metadata Full log Test run details

[   23.663724] ==================================================================
[   23.674359] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0
[   23.681064] Write of size 16 at addr ffff888105b98500 by task kunit_try_catch/209
[   23.688546] 
[   23.690045] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   23.690054] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.690056] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   23.690059] Call Trace:
[   23.690061]  <TASK>
[   23.690063]  dump_stack_lvl+0x73/0xb0
[   23.690067]  print_report+0xd1/0x650
[   23.690071]  ? __virt_addr_valid+0x1db/0x2d0
[   23.690075]  ? kmalloc_oob_16+0x452/0x4a0
[   23.690078]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.690083]  ? kmalloc_oob_16+0x452/0x4a0
[   23.690087]  kasan_report+0x141/0x180
[   23.690091]  ? kmalloc_oob_16+0x452/0x4a0
[   23.690095]  __asan_report_store16_noabort+0x1b/0x30
[   23.690099]  kmalloc_oob_16+0x452/0x4a0
[   23.690103]  ? __pfx_kmalloc_oob_16+0x10/0x10
[   23.690107]  ? __schedule+0x10cc/0x2b30
[   23.690112]  ? ktime_get_ts64+0x83/0x230
[   23.690116]  kunit_try_run_case+0x1a2/0x480
[   23.690121]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.690125]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.690129]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.690134]  ? __kthread_parkme+0x82/0x180
[   23.690138]  ? preempt_count_sub+0x50/0x80
[   23.690142]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.690147]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   23.690151]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.690155]  kthread+0x334/0x6f0
[   23.690159]  ? trace_preempt_on+0x20/0xc0
[   23.690163]  ? __pfx_kthread+0x10/0x10
[   23.690167]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.690171]  ? calculate_sigpending+0x7b/0xa0
[   23.690175]  ? __pfx_kthread+0x10/0x10
[   23.690179]  ret_from_fork+0x3e/0x80
[   23.690183]  ? __pfx_kthread+0x10/0x10
[   23.690187]  ret_from_fork_asm+0x1a/0x30
[   23.690193]  </TASK>
[   23.690195] 
[   23.851885] Allocated by task 209:
[   23.855291]  kasan_save_stack+0x45/0x70
[   23.859132]  kasan_save_track+0x18/0x40
[   23.862971]  kasan_save_alloc_info+0x3b/0x50
[   23.867243]  __kasan_kmalloc+0xb7/0xc0
[   23.870994]  __kmalloc_cache_noprof+0x189/0x420
[   23.875529]  kmalloc_oob_16+0xa8/0x4a0
[   23.879287]  kunit_try_run_case+0x1a2/0x480
[   23.883474]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   23.888875]  kthread+0x334/0x6f0
[   23.892115]  ret_from_fork+0x3e/0x80
[   23.895701]  ret_from_fork_asm+0x1a/0x30
[   23.899654] 
[   23.901155] The buggy address belongs to the object at ffff888105b98500
[   23.901155]  which belongs to the cache kmalloc-16 of size 16
[   23.913494] The buggy address is located 0 bytes inside of
[   23.913494]  allocated 13-byte region [ffff888105b98500, ffff888105b9850d)
[   23.925836] 
[   23.927336] The buggy address belongs to the physical page:
[   23.932908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b98
[   23.940914] flags: 0x200000000000000(node=0|zone=2)
[   23.945795] page_type: f5(slab)
[   23.948940] raw: 0200000000000000 ffff888100042640 dead000000000122 0000000000000000
[   23.956704] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   23.964469] page dumped because: kasan: bad access detected
[   23.970040] 
[   23.971532] Memory state around the buggy address:
[   23.976325]  ffff888105b98400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   23.983544]  ffff888105b98480: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 06 fc fc
[   23.990763] >ffff888105b98500: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc
[   23.997983]                       ^
[   24.001473]  ffff888105b98580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.008703]  ffff888105b98600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.015922] ==================================================================

Metadata Full log Test run details

Metadata

Failure - x15 - gcc-13-lkftconfig-kunit

Failure - x86 - gcc-13-lkftconfig-kunit