[linus:master] [kasan] 4e76c8cc33: BUG:KASAN:slab-out-of-bounds_in_kasan_atomics_helper

From: kernel test robot
Date: Sat Mar 30 2024 - 22:18:39 EST

Next message: Shresth Prasad: "Re: [PATCH] staging: axis-fifo: align arguments to open parenthesis in axis-fifo.c"
Previous message: Shenghao Ding: "[PATCH v12] ASoc: tas2783: Add tas2783 codec driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

kernel test robot noticed "BUG:KASAN:slab-out-of-bounds_in_kasan_atomics_helper" on:

commit: 4e76c8cc3378a20923965e3345f40f6b8ae0bdba ("kasan: add atomic tests")
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git master

[test failed on linus/master 8d025e2092e29bfd13e56c78e22af25fac83c8ec]
[test failed on linux-next/master a6bd6c9333397f5a0e2667d4d82fef8c970108f2]

in testcase: kunit
version:
with following parameters:

group: group-00

compiler: gcc-12
test machine: 16 threads 1 sockets Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz (Broadwell-DE) with 48G memory

(please refer to attached dmesg/kmsg for entire log/backtrace)

If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202403310849.3bb9f3d2-lkp@xxxxxxxxx

The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240331/202403310849.3bb9f3d2-lkp@xxxxxxxxx

[ 306.028382][ T4480] ==================================================================
[ 306.047117][ T4480] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x25d0/0x26b0 [kasan_test]
[ 306.057673][ T4480] Read of size 4 at addr ffff888168de7330 by task kunit_try_catch/4480
[ 306.067074][ T4480]
[ 306.070605][ T4480] CPU: 2 PID: 4480 Comm: kunit_try_catch Tainted: G S B N 6.8.0-rc5-00151-g4e76c8cc3378 #1
[ 306.082834][ T4480] Hardware name: Supermicro SYS-5018D-FN4T/X10SDV-8C-TLN4F, BIOS 1.1 03/02/2016
[ 306.093195][ T4480] Call Trace:
[ 306.097725][ T4480] <TASK>
[ 306.101846][ T4480] dump_stack_lvl+0x36/0x50
[ 306.107696][ T4480] print_address_description+0x2c/0x3a0
[ 306.115489][ T4480] ? kasan_atomics_helper+0x25d0/0x26b0 [kasan_test]
[ 306.123367][ T4480] print_report+0xba/0x2b0
[ 306.129115][ T4480] ? kasan_addr_to_slab+0xd/0x90
[ 306.135383][ T4480] ? kasan_atomics_helper+0x25d0/0x26b0 [kasan_test]
[ 306.143412][ T4480] kasan_report+0xe7/0x120
[ 306.149087][ T4480] ? kasan_atomics_helper+0x25d0/0x26b0 [kasan_test]
[ 306.157076][ T4480] kasan_atomics_helper+0x25d0/0x26b0 [kasan_test]
[ 306.164966][ T4480] ? kmalloc_oob_right+0x3e0/0x3e0 [kasan_test]
[ 306.172608][ T4480] ? kasan_save_track+0x14/0x30
[ 306.178787][ T4480] kasan_atomics+0xeb/0x190 [kasan_test]
[ 306.185724][ T4480] ? kasan_bitops_generic+0x140/0x140 [kasan_test]
[ 306.193520][ T4480] ? ktime_get_ts64+0x83/0x1b0
[ 306.199669][ T4480] kunit_try_run_case+0x1ab/0x480
[ 306.206017][ T4480] ? kunit_try_run_case_cleanup+0xe0/0xe0
[ 306.213174][ T4480] ? _raw_read_unlock_irqrestore+0x50/0x50
[ 306.220337][ T4480] ? set_cpus_allowed_ptr+0x85/0xb0
[ 306.226821][ T4480] ? migrate_enable+0x2a0/0x2a0
[ 306.232966][ T4480] ? kunit_try_catch_throw+0x80/0x80
[ 306.239549][ T4480] ? kunit_try_run_case_cleanup+0xe0/0xe0
[ 306.246540][ T4480] kunit_generic_run_threadfn_adapter+0x4e/0xa0
[ 306.254054][ T4480] kthread+0x2dd/0x3c0
[ 306.259312][ T4480] ? kthread_complete_and_exit+0x30/0x30
[ 306.266147][ T4480] ret_from_fork+0x31/0x70
[ 306.271775][ T4480] ? kthread_complete_and_exit+0x30/0x30
[ 306.278575][ T4480] ret_from_fork_asm+0x11/0x20
[ 306.284413][ T4480] </TASK>
[ 306.288653][ T4480]
[ 306.292149][ T4480] Allocated by task 4480:
[ 306.297686][ T4480] kasan_save_stack+0x33/0x50
[ 306.303495][ T4480] kasan_save_track+0x14/0x30
[ 306.309255][ T4480] __kasan_kmalloc+0xa2/0xb0
[ 306.314945][ T4480] kasan_atomics+0x8c/0x190 [kasan_test]
[ 306.321745][ T4480] kunit_try_run_case+0x1ab/0x480
[ 306.327860][ T4480] kunit_generic_run_threadfn_adapter+0x4e/0xa0
[ 306.335239][ T4480] kthread+0x2dd/0x3c0
[ 306.340469][ T4480] ret_from_fork+0x31/0x70
[ 306.346020][ T4480] ret_from_fork_asm+0x11/0x20
[ 306.351815][ T4480]
[ 306.355163][ T4480] The buggy address belongs to the object at ffff888168de7300
[ 306.355163][ T4480] which belongs to the cache kmalloc-64 of size 64
[ 306.371174][ T4480] The buggy address is located 0 bytes to the right of
[ 306.371174][ T4480] allocated 48-byte region [ffff888168de7300, ffff888168de7330)
[ 306.387688][ T4480]
[ 306.390884][ T4480] The buggy address belongs to the physical page:
[ 306.398313][ T4480] page:000000005ccb3a22 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x168de7
[ 306.409549][ T4480] flags: 0x17ffffc0000800(slab|node=0|zone=2|lastcpupid=0x1fffff)
[ 306.418339][ T4480] page_type: 0xffffffff()
[ 306.423762][ T4480] raw: 0017ffffc0000800 ffff888100042640 dead000000000100 dead000000000122
[ 306.433384][ T4480] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000
[ 306.443077][ T4480] page dumped because: kasan: bad access detected
[ 306.450608][ T4480]
[ 306.454016][ T4480] Memory state around the buggy address:
[ 306.460748][ T4480] ffff888168de7200: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 306.469821][ T4480] ffff888168de7280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
[ 306.478894][ T4480] >ffff888168de7300: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc
[ 306.488019][ T4480] ^
[ 306.494672][ T4480] ffff888168de7380: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 306.503812][ T4480] ffff888168de7400: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[ 306.512946][ T4480] ==================================================================

--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

Next message: Shresth Prasad: "Re: [PATCH] staging: axis-fifo: align arguments to open parenthesis in axis-fifo.c"
Previous message: Shenghao Ding: "[PATCH v12] ASoc: tas2783: Add tas2783 codec driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]