lkft/linux-mainline-master - v6.15-rc3-1-g9d7a0577c9db - log-parser-test/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset

Date

April 20, 2025, 11:09 p.m.

Environment
x15
x86

[   54.059204] ==================================================================
[   54.070068] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x1a4/0x350
[   54.077423] Write of size 128 at addr cc228900 by task kunit_try_catch/226
[   54.084350] 
[   54.085845] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G    B   W        N  6.15.0-rc3 #1 NONE 
[   54.085876] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   54.085906] Hardware name: Generic DRA74X (Flattened Device Tree)
[   54.085906] Call trace: 
[   54.085906]  unwind_backtrace from show_stack+0x18/0x1c
[   54.085937]  show_stack from dump_stack_lvl+0x70/0x90
[   54.085968]  dump_stack_lvl from print_report+0x158/0x528
[   54.085998]  print_report from kasan_report+0xdc/0x118
[   54.085998]  kasan_report from kasan_check_range+0x14c/0x198
[   54.086029]  kasan_check_range from __asan_memset+0x20/0x3c
[   54.086059]  __asan_memset from kmalloc_oob_in_memset+0x1a4/0x350
[   54.086059]  kmalloc_oob_in_memset from kunit_try_run_case+0x22c/0x5a8
[   54.086090]  kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128
[   54.086120]  kunit_generic_run_threadfn_adapter from kthread+0x464/0x810
[   54.086151]  kthread from ret_from_fork+0x14/0x20
[   54.086181] Exception stack(0xf242bfb0 to 0xf242bff8)
[   54.086181] bfa0:                                     00000000 00000000 00000000 00000000
[   54.086212] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   54.086212] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000
[   54.086242] 
[   54.203155] Allocated by task 226:
[   54.206573]  kasan_save_track+0x30/0x5c
[   54.210449]  __kasan_kmalloc+0x8c/0x94
[   54.214233]  kmalloc_oob_in_memset+0xd0/0x350
[   54.218627]  kunit_try_run_case+0x22c/0x5a8
[   54.222839]  kunit_generic_run_threadfn_adapter+0xc4/0x128
[   54.228363]  kthread+0x464/0x810
[   54.231628]  ret_from_fork+0x14/0x20
[   54.235229] 
[   54.236724] The buggy address belongs to the object at cc228900
[   54.236724]  which belongs to the cache kmalloc-128 of size 128
[   54.248626] The buggy address is located 0 bytes inside of
[   54.248626]  allocated 120-byte region [cc228900, cc228978)
[   54.259735] 
[   54.261230] The buggy address belongs to the physical page:
[   54.266845] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c228
[   54.274108] flags: 0x0(zone=0)
[   54.277191] page_type: f5(slab)
[   54.280364] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000
[   54.288513] raw: 00000000
[   54.291137] page dumped because: kasan: bad access detected
[   54.296752] 
[   54.298248] Memory state around the buggy address:
[   54.303070]  cc228800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.309661]  cc228880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.316223] >cc228900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   54.322784]                                                         ^
[   54.329284]  cc228980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.335845]  cc228a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.342407] ==================================================================

Metadata Full log Test run details

[   24.432623] ==================================================================
[   24.443429] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320
[   24.450742] Write of size 128 at addr ffff888104ee9100 by task kunit_try_catch/213
[   24.458316] 
[   24.459817] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   24.459825] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.459827] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   24.459831] Call Trace:
[   24.459832]  <TASK>
[   24.459834]  dump_stack_lvl+0x73/0xb0
[   24.459838]  print_report+0xd1/0x650
[   24.459842]  ? __virt_addr_valid+0x1db/0x2d0
[   24.459846]  ? kmalloc_oob_in_memset+0x15f/0x320
[   24.459850]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.459854]  ? kmalloc_oob_in_memset+0x15f/0x320
[   24.459859]  kasan_report+0x141/0x180
[   24.459863]  ? kmalloc_oob_in_memset+0x15f/0x320
[   24.459868]  kasan_check_range+0x10c/0x1c0
[   24.459872]  __asan_memset+0x27/0x50
[   24.459876]  kmalloc_oob_in_memset+0x15f/0x320
[   24.459880]  ? __pfx_kmalloc_oob_in_memset+0x10/0x10
[   24.459884]  ? __schedule+0x10cc/0x2b30
[   24.459889]  ? ktime_get_ts64+0x83/0x230
[   24.459893]  kunit_try_run_case+0x1a2/0x480
[   24.459898]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.459902]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.459906]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.459911]  ? __kthread_parkme+0x82/0x180
[   24.459915]  ? preempt_count_sub+0x50/0x80
[   24.459919]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.459923]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   24.459927]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.459932]  kthread+0x334/0x6f0
[   24.459936]  ? trace_preempt_on+0x20/0xc0
[   24.459940]  ? __pfx_kthread+0x10/0x10
[   24.459944]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.459948]  ? calculate_sigpending+0x7b/0xa0
[   24.459952]  ? __pfx_kthread+0x10/0x10
[   24.459956]  ret_from_fork+0x3e/0x80
[   24.459960]  ? __pfx_kthread+0x10/0x10
[   24.459964]  ret_from_fork_asm+0x1a/0x30
[   24.459970]  </TASK>
[   24.459971] 
[   24.627455] Allocated by task 213:
[   24.630863]  kasan_save_stack+0x45/0x70
[   24.634702]  kasan_save_track+0x18/0x40
[   24.638592]  kasan_save_alloc_info+0x3b/0x50
[   24.642865]  __kasan_kmalloc+0xb7/0xc0
[   24.646617]  __kmalloc_cache_noprof+0x189/0x420
[   24.651148]  kmalloc_oob_in_memset+0xac/0x320
[   24.655507]  kunit_try_run_case+0x1a2/0x480
[   24.659702]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   24.665144]  kthread+0x334/0x6f0
[   24.668377]  ret_from_fork+0x3e/0x80
[   24.671957]  ret_from_fork_asm+0x1a/0x30
[   24.675883] 
[   24.677381] The buggy address belongs to the object at ffff888104ee9100
[   24.677381]  which belongs to the cache kmalloc-128 of size 128
[   24.689888] The buggy address is located 0 bytes inside of
[   24.689888]  allocated 120-byte region [ffff888104ee9100, ffff888104ee9178)
[   24.702315] 
[   24.703814] The buggy address belongs to the physical page:
[   24.709387] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ee9
[   24.717393] flags: 0x200000000000000(node=0|zone=2)
[   24.722274] page_type: f5(slab)
[   24.725420] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000
[   24.733158] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   24.740898] page dumped because: kasan: bad access detected
[   24.746469] 
[   24.747970] Memory state around the buggy address:
[   24.752762]  ffff888104ee9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   24.759982]  ffff888104ee9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.767210] >ffff888104ee9100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   24.774426]                                                                 ^
[   24.781560]  ffff888104ee9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.788780]  ffff888104ee9200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.796007] ==================================================================

Metadata Full log Test run details

Metadata

Failure - x15 - gcc-13-lkftconfig-kunit

Failure - x86 - gcc-13-lkftconfig-kunit