lkft/linux-mainline-master - v6.15-rc3-1-g9d7a0577c9db - log-parser-test/kasan-bug-kasan-slab-out-of-bounds-in-memcmp

Date

April 20, 2025, 11:09 p.m.

Environment
x15
x86

[   67.292022] ==================================================================
[   67.303039] BUG: KASAN: slab-out-of-bounds in memcmp+0x19c/0x1b0
[   67.309112] Read of size 1 at addr cc23b718 by task kunit_try_catch/313
[   67.315765] 
[   67.317291] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G    B   W        N  6.15.0-rc3 #1 NONE 
[   67.317321] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   67.317321] Hardware name: Generic DRA74X (Flattened Device Tree)
[   67.317321] Call trace: 
[   67.317352]  unwind_backtrace from show_stack+0x18/0x1c
[   67.317382]  show_stack from dump_stack_lvl+0x70/0x90
[   67.317382]  dump_stack_lvl from print_report+0x158/0x528
[   67.317413]  print_report from kasan_report+0xdc/0x118
[   67.317443]  kasan_report from memcmp+0x19c/0x1b0
[   67.317474]  memcmp from kasan_memcmp+0x1d0/0x388
[   67.317504]  kasan_memcmp from kunit_try_run_case+0x22c/0x5a8
[   67.317504]  kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128
[   67.317535]  kunit_generic_run_threadfn_adapter from kthread+0x464/0x810
[   67.317565]  kthread from ret_from_fork+0x14/0x20
[   67.317596] Exception stack(0xf26b3fb0 to 0xf26b3ff8)
[   67.317596] 3fa0:                                     00000000 00000000 00000000 00000000
[   67.317626] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[   67.317626] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[   67.317657] 
[   67.425842] Allocated by task 313:
[   67.429290]  kasan_save_track+0x30/0x5c
[   67.433135]  __kasan_kmalloc+0x8c/0x94
[   67.436920]  kasan_memcmp+0xe0/0x388
[   67.440551]  kunit_try_run_case+0x22c/0x5a8
[   67.444763]  kunit_generic_run_threadfn_adapter+0xc4/0x128
[   67.450286]  kthread+0x464/0x810
[   67.453552]  ret_from_fork+0x14/0x20
[   67.457153] 
[   67.458648] The buggy address belongs to the object at cc23b700
[   67.458648]  which belongs to the cache kmalloc-64 of size 64
[   67.470367] The buggy address is located 0 bytes to the right of
[   67.470367]  allocated 24-byte region [cc23b700, cc23b718)
[   67.481933] 
[   67.483428] The buggy address belongs to the physical page:
[   67.489044] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c23b
[   67.496307] flags: 0x0(zone=0)
[   67.499389] page_type: f5(slab)
[   67.502563] raw: 00000000 c7001300 00000122 00000000 00000000 80200020 f5000000 00000000
[   67.510711] raw: 00000000
[   67.513366] page dumped because: kasan: bad access detected
[   67.518951] 
[   67.520477] Memory state around the buggy address:
[   67.525299]  cc23b600: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   67.531860]  cc23b680: 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   67.538421] >cc23b700: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   67.545013]                     ^
[   67.548339]  cc23b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   67.554931]  cc23b800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   67.561492] ==================================================================

Metadata Full log Test run details

[   41.413347] ==================================================================
[   41.424326] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0
[   41.430341] Read of size 1 at addr ffff888107fedc18 by task kunit_try_catch/300
[   41.437653] 
[   41.439154] CPU: 1 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc3 #1 PREEMPT(voluntary) 
[   41.439163] Tainted: [B]=BAD_PAGE, [N]=TEST
[   41.439165] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   41.439168] Call Trace:
[   41.439170]  <TASK>
[   41.439171]  dump_stack_lvl+0x73/0xb0
[   41.439175]  print_report+0xd1/0x650
[   41.439180]  ? __virt_addr_valid+0x1db/0x2d0
[   41.439184]  ? memcmp+0x1b4/0x1d0
[   41.439187]  ? kasan_complete_mode_report_info+0x2a/0x200
[   41.439191]  ? memcmp+0x1b4/0x1d0
[   41.439195]  kasan_report+0x141/0x180
[   41.439199]  ? memcmp+0x1b4/0x1d0
[   41.439203]  __asan_report_load1_noabort+0x18/0x20
[   41.439207]  memcmp+0x1b4/0x1d0
[   41.439211]  kasan_memcmp+0x18f/0x390
[   41.439214]  ? trace_hardirqs_on+0x37/0xe0
[   41.439219]  ? __pfx_kasan_memcmp+0x10/0x10
[   41.439223]  ? finish_task_switch.isra.0+0x153/0x700
[   41.439227]  ? __switch_to+0x5d9/0xf60
[   41.439231]  ? dequeue_task_fair+0x166/0x4e0
[   41.439236]  ? ktime_get_ts64+0x83/0x230
[   41.439241]  kunit_try_run_case+0x1a2/0x480
[   41.439245]  ? __pfx_kunit_try_run_case+0x10/0x10
[   41.439249]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   41.439254]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   41.439259]  ? __kthread_parkme+0x82/0x180
[   41.439263]  ? preempt_count_sub+0x50/0x80
[   41.439267]  ? __pfx_kunit_try_run_case+0x10/0x10
[   41.439272]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   41.439276]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   41.439280]  kthread+0x334/0x6f0
[   41.439284]  ? trace_preempt_on+0x20/0xc0
[   41.439288]  ? __pfx_kthread+0x10/0x10
[   41.439293]  ? _raw_spin_unlock_irq+0x47/0x80
[   41.439297]  ? calculate_sigpending+0x7b/0xa0
[   41.439301]  ? __pfx_kthread+0x10/0x10
[   41.439305]  ret_from_fork+0x3e/0x80
[   41.439309]  ? __pfx_kthread+0x10/0x10
[   41.439313]  ret_from_fork_asm+0x1a/0x30
[   41.439319]  </TASK>
[   41.439321] 
[   41.614739] Allocated by task 300:
[   41.618147]  kasan_save_stack+0x45/0x70
[   41.621985]  kasan_save_track+0x18/0x40
[   41.625826]  kasan_save_alloc_info+0x3b/0x50
[   41.630096]  __kasan_kmalloc+0xb7/0xc0
[   41.633850]  __kmalloc_cache_noprof+0x189/0x420
[   41.638382]  kasan_memcmp+0xb7/0x390
[   41.641961]  kunit_try_run_case+0x1a2/0x480
[   41.646147]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   41.651546]  kthread+0x334/0x6f0
[   41.654778]  ret_from_fork+0x3e/0x80
[   41.658359]  ret_from_fork_asm+0x1a/0x30
[   41.662285] 
[   41.663783] The buggy address belongs to the object at ffff888107fedc00
[   41.663783]  which belongs to the cache kmalloc-32 of size 32
[   41.676125] The buggy address is located 0 bytes to the right of
[   41.676125]  allocated 24-byte region [ffff888107fedc00, ffff888107fedc18)
[   41.688994] 
[   41.690494] The buggy address belongs to the physical page:
[   41.696066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107fed
[   41.704072] flags: 0x200000000000000(node=0|zone=2)
[   41.708952] page_type: f5(slab)
[   41.712098] raw: 0200000000000000 ffff888100042780 dead000000000122 0000000000000000
[   41.719837] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000
[   41.727577] page dumped because: kasan: bad access detected
[   41.733147] 
[   41.734640] Memory state around the buggy address:
[   41.739431]  ffff888107fedb00: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc
[   41.746649]  ffff888107fedb80: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc
[   41.753870] >ffff888107fedc00: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.761088]                             ^
[   41.765100]  ffff888107fedc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.772321]  ffff888107fedd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   41.779548] ==================================================================

Metadata Full log Test run details

Metadata

Failure - x15 - gcc-13-lkftconfig-kunit

Failure - x86 - gcc-13-lkftconfig-kunit