Re: [linus:master] [kasan] 4e76c8cc33: BUG:KASAN:slab-out-of-bounds_in_kasan_atomics_helper
From: Mark Rutland
Date: Tue Apr 02 2024 - 13:35:49 EST
On Sun, Mar 31, 2024 at 10:18:17AM +0800, kernel test robot wrote:
>
>
> Hello,
>
> kernel test robot noticed "BUG:KASAN:slab-out-of-bounds_in_kasan_atomics_helper" on:
>
> commit: 4e76c8cc3378a20923965e3345f40f6b8ae0bdba ("kasan: add atomic tests")
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master
This is expected; it's the point of the test...
Is there something this should depend on such that the test robot doesn't build
this? Otherwise, can we please avoid reporting KASAN splates from this KASAN test module?
Mark.
> [test failed on linus/master 8d025e2092e29bfd13e56c78e22af25fac83c8ec]
> [test failed on linux-next/master a6bd6c9333397f5a0e2667d4d82fef8c970108f2]
>
> in testcase: kunit
> version:
> with following parameters:
>
> group: group-00
>
>
>
> compiler: gcc-12
> test machine: 16 threads 1 sockets Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz (Broadwell-DE) with 48G memory
>
> (please refer to attached dmesg/kmsg for entire log/backtrace)
>
>
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
> | Closes: https://lore.kernel.org/oe-lkp/202403310849.3bb9f3d2-lkp@xxxxxxxxx
>
>
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20240331/202403310849.3bb9f3d2-lkp@xxxxxxxxx
>
>
>
> [ 306.028382][ T4480] ==================================================================
> [ 306.047117][ T4480] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x25d0/0x26b0 [kasan_test]
> [ 306.057673][ T4480] Read of size 4 at addr ffff888168de7330 by task kunit_try_catch/4480
> [ 306.067074][ T4480]
> [ 306.070605][ T4480] CPU: 2 PID: 4480 Comm: kunit_try_catch Tainted: G S B N 6.8.0-rc5-00151-g4e76c8cc3378 #1
> [ 306.082834][ T4480] Hardware name: Supermicro SYS-5018D-FN4T/X10SDV-8C-TLN4F, BIOS 1.1 03/02/2016
> [ 306.093195][ T4480] Call Trace:
> [ 306.097725][ T4480] <TASK>
> [ 306.101846][ T4480] dump_stack_lvl+0x36/0x50
> [ 306.107696][ T4480] print_address_description+0x2c/0x3a0
> [ 306.115489][ T4480] ? kasan_atomics_helper+0x25d0/0x26b0 [kasan_test]
> [ 306.123367][ T4480] print_report+0xba/0x2b0
> [ 306.129115][ T4480] ? kasan_addr_to_slab+0xd/0x90
> [ 306.135383][ T4480] ? kasan_atomics_helper+0x25d0/0x26b0 [kasan_test]
> [ 306.143412][ T4480] kasan_report+0xe7/0x120
> [ 306.149087][ T4480] ? kasan_atomics_helper+0x25d0/0x26b0 [kasan_test]
> [ 306.157076][ T4480] kasan_atomics_helper+0x25d0/0x26b0 [kasan_test]
> [ 306.164966][ T4480] ? kmalloc_oob_right+0x3e0/0x3e0 [kasan_test]
> [ 306.172608][ T4480] ? kasan_save_track+0x14/0x30
> [ 306.178787][ T4480] kasan_atomics+0xeb/0x190 [kasan_test]
> [ 306.185724][ T4480] ? kasan_bitops_generic+0x140/0x140 [kasan_test]
> [ 306.193520][ T4480] ? ktime_get_ts64+0x83/0x1b0
> [ 306.199669][ T4480] kunit_try_run_case+0x1ab/0x480
> [ 306.206017][ T4480] ? kunit_try_run_case_cleanup+0xe0/0xe0
> [ 306.213174][ T4480] ? _raw_read_unlock_irqrestore+0x50/0x50
> [ 306.220337][ T4480] ? set_cpus_allowed_ptr+0x85/0xb0
> [ 306.226821][ T4480] ? migrate_enable+0x2a0/0x2a0
> [ 306.232966][ T4480] ? kunit_try_catch_throw+0x80/0x80
> [ 306.239549][ T4480] ? kunit_try_run_case_cleanup+0xe0/0xe0
> [ 306.246540][ T4480] kunit_generic_run_threadfn_adapter+0x4e/0xa0
> [ 306.254054][ T4480] kthread+0x2dd/0x3c0
> [ 306.259312][ T4480] ? kthread_complete_and_exit+0x30/0x30
> [ 306.266147][ T4480] ret_from_fork+0x31/0x70
> [ 306.271775][ T4480] ? kthread_complete_and_exit+0x30/0x30
> [ 306.278575][ T4480] ret_from_fork_asm+0x11/0x20
> [ 306.284413][ T4480] </TASK>
> [ 306.288653][ T4480]
> [ 306.292149][ T4480] Allocated by task 4480:
> [ 306.297686][ T4480] kasan_save_stack+0x33/0x50
> [ 306.303495][ T4480] kasan_save_track+0x14/0x30
> [ 306.309255][ T4480] __kasan_kmalloc+0xa2/0xb0
> [ 306.314945][ T4480] kasan_atomics+0x8c/0x190 [kasan_test]
> [ 306.321745][ T4480] kunit_try_run_case+0x1ab/0x480
> [ 306.327860][ T4480] kunit_generic_run_threadfn_adapter+0x4e/0xa0
> [ 306.335239][ T4480] kthread+0x2dd/0x3c0
> [ 306.340469][ T4480] ret_from_fork+0x31/0x70
> [ 306.346020][ T4480] ret_from_fork_asm+0x11/0x20
> [ 306.351815][ T4480]
> [ 306.355163][ T4480] The buggy address belongs to the object at ffff888168de7300
> [ 306.355163][ T4480] which belongs to the cache kmalloc-64 of size 64
> [ 306.371174][ T4480] The buggy address is located 0 bytes to the right of
> [ 306.371174][ T4480] allocated 48-byte region [ffff888168de7300, ffff888168de7330)
> [ 306.387688][ T4480]
> [ 306.390884][ T4480] The buggy address belongs to the physical page:
> [ 306.398313][ T4480] page:000000005ccb3a22 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x168de7
> [ 306.409549][ T4480] flags: 0x17ffffc0000800(slab|node=0|zone=2|lastcpupid=0x1fffff)
> [ 306.418339][ T4480] page_type: 0xffffffff()
> [ 306.423762][ T4480] raw: 0017ffffc0000800 ffff888100042640 dead000000000100 dead000000000122
> [ 306.433384][ T4480] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
> [ 306.443077][ T4480] page dumped because: kasan: bad access detected
> [ 306.450608][ T4480]
> [ 306.454016][ T4480] Memory state around the buggy address:
> [ 306.460748][ T4480] ffff888168de7200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
> [ 306.469821][ T4480] ffff888168de7280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
> [ 306.478894][ T4480] >ffff888168de7300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
> [ 306.488019][ T4480] ^
> [ 306.494672][ T4480] ffff888168de7380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
> [ 306.503812][ T4480] ffff888168de7400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
> [ 306.512946][ T4480] ==================================================================
>
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>
>