lkft/linux-mainline-master - v6.15-rc3-1-g9d7a0577c9db - log-parser-test/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4

Date

April 20, 2025, 11:09 p.m.

Environment
x15
x86

[   54.642669] ==================================================================
[   54.654052] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x1b0/0x35c
[   54.661346] Write of size 4 at addr cc228b75 by task kunit_try_catch/230
[   54.668090] 
[   54.669586] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G    B   W        N  6.15.0-rc3 #1 NONE 
[   54.669616] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   54.669616] Hardware name: Generic DRA74X (Flattened Device Tree)
[   54.669647] Call trace: 
[   54.669647]  unwind_backtrace from show_stack+0x18/0x1c
[   54.669677]  show_stack from dump_stack_lvl+0x70/0x90
[   54.669677]  dump_stack_lvl from print_report+0x158/0x528
[   54.669708]  print_report from kasan_report+0xdc/0x118
[   54.669738]  kasan_report from kasan_check_range+0x14c/0x198
[   54.669769]  kasan_check_range from __asan_memset+0x20/0x3c
[   54.669769]  __asan_memset from kmalloc_oob_memset_4+0x1b0/0x35c
[   54.669799]  kmalloc_oob_memset_4 from kunit_try_run_case+0x22c/0x5a8
[   54.669830]  kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128
[   54.669860]  kunit_generic_run_threadfn_adapter from kthread+0x464/0x810
[   54.669860]  kthread from ret_from_fork+0x14/0x20
[   54.669891] Exception stack(0xf244bfb0 to 0xf244bff8)
[   54.669921] bfa0:                                     00000000 00000000 00000000 00000000
[   54.669921] bfc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   54.669952] bfe0: 00000000 00000000 00000000 00000000 00000013 00000000
[   54.669952] 
[   54.786712] Allocated by task 230:
[   54.790130]  kasan_save_track+0x30/0x5c
[   54.794006]  __kasan_kmalloc+0x8c/0x94
[   54.797790]  kmalloc_oob_memset_4+0xcc/0x35c
[   54.802093]  kunit_try_run_case+0x22c/0x5a8
[   54.806304]  kunit_generic_run_threadfn_adapter+0xc4/0x128
[   54.811828]  kthread+0x464/0x810
[   54.815093]  ret_from_fork+0x14/0x20
[   54.818695] 
[   54.820190] The buggy address belongs to the object at cc228b00
[   54.820190]  which belongs to the cache kmalloc-128 of size 128
[   54.832092] The buggy address is located 117 bytes inside of
[   54.832092]  allocated 120-byte region [cc228b00, cc228b78)
[   54.843383] 
[   54.844879] The buggy address belongs to the physical page:
[   54.850494] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c228
[   54.857757] flags: 0x0(zone=0)
[   54.860839] page_type: f5(slab)
[   54.864013] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000
[   54.872161] raw: 00000000
[   54.874786] page dumped because: kasan: bad access detected
[   54.880401] 
[   54.881896] Memory state around the buggy address:
[   54.886718]  cc228a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   54.893310]  cc228a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.899871] >cc228b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   54.906433]                                                         ^
[   54.912902]  cc228b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.919494]  cc228c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   54.926055] ==================================================================

Metadata Full log Test run details

[   25.174505] ==================================================================
[   25.185832] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330
[   25.193060] Write of size 4 at addr ffff888104ee9275 by task kunit_try_catch/217
[   25.200453] 
[   25.201952] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   25.201961] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.201963] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   25.201966] Call Trace:
[   25.201968]  <TASK>
[   25.201970]  dump_stack_lvl+0x73/0xb0
[   25.201974]  print_report+0xd1/0x650
[   25.201978]  ? __virt_addr_valid+0x1db/0x2d0
[   25.201982]  ? kmalloc_oob_memset_4+0x166/0x330
[   25.201986]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.201990]  ? kmalloc_oob_memset_4+0x166/0x330
[   25.201994]  kasan_report+0x141/0x180
[   25.201998]  ? kmalloc_oob_memset_4+0x166/0x330
[   25.202003]  kasan_check_range+0x10c/0x1c0
[   25.202008]  __asan_memset+0x27/0x50
[   25.202011]  kmalloc_oob_memset_4+0x166/0x330
[   25.202015]  ? __pfx_kmalloc_oob_memset_4+0x10/0x10
[   25.202020]  ? __schedule+0x10cc/0x2b30
[   25.202024]  ? ktime_get_ts64+0x83/0x230
[   25.202029]  kunit_try_run_case+0x1a2/0x480
[   25.202033]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.202037]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.202042]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.202046]  ? __kthread_parkme+0x82/0x180
[   25.202050]  ? preempt_count_sub+0x50/0x80
[   25.202055]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.202059]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   25.202063]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.202067]  kthread+0x334/0x6f0
[   25.202071]  ? trace_preempt_on+0x20/0xc0
[   25.202075]  ? __pfx_kthread+0x10/0x10
[   25.202080]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.202084]  ? calculate_sigpending+0x7b/0xa0
[   25.202087]  ? __pfx_kthread+0x10/0x10
[   25.202092]  ret_from_fork+0x3e/0x80
[   25.202096]  ? __pfx_kthread+0x10/0x10
[   25.202100]  ret_from_fork_asm+0x1a/0x30
[   25.202105]  </TASK>
[   25.202107] 
[   25.369115] Allocated by task 217:
[   25.372522]  kasan_save_stack+0x45/0x70
[   25.376369]  kasan_save_track+0x18/0x40
[   25.380209]  kasan_save_alloc_info+0x3b/0x50
[   25.384481]  __kasan_kmalloc+0xb7/0xc0
[   25.388234]  __kmalloc_cache_noprof+0x189/0x420
[   25.392765]  kmalloc_oob_memset_4+0xac/0x330
[   25.397037]  kunit_try_run_case+0x1a2/0x480
[   25.401224]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   25.406624]  kthread+0x334/0x6f0
[   25.409863]  ret_from_fork+0x3e/0x80
[   25.413441]  ret_from_fork_asm+0x1a/0x30
[   25.417368] 
[   25.418869] The buggy address belongs to the object at ffff888104ee9200
[   25.418869]  which belongs to the cache kmalloc-128 of size 128
[   25.431381] The buggy address is located 117 bytes inside of
[   25.431381]  allocated 120-byte region [ffff888104ee9200, ffff888104ee9278)
[   25.443982] 
[   25.445482] The buggy address belongs to the physical page:
[   25.451053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104ee9
[   25.459055] flags: 0x200000000000000(node=0|zone=2)
[   25.463932] page_type: f5(slab)
[   25.467081] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000
[   25.474828] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.482574] page dumped because: kasan: bad access detected
[   25.488146] 
[   25.489644] Memory state around the buggy address:
[   25.494439]  ffff888104ee9100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.501684]  ffff888104ee9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.508911] >ffff888104ee9200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   25.516128]                                                                 ^
[   25.523262]  ffff888104ee9280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.530481]  ffff888104ee9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.537707] ==================================================================

Metadata Full log Test run details

Metadata

Failure - x15 - gcc-13-lkftconfig-kunit

Failure - x86 - gcc-13-lkftconfig-kunit