[vbabka:slub-reservations] [mm, mempool] 5cc815e628: UBSAN:array-index-out-of-bounds_in_mm/slab.h

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

From: kernel test robot <oliver.sang@intel.com>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>, <linux-mm@kvack.org>,
	<oliver.sang@intel.com>
Subject: [vbabka:slub-reservations] [mm, mempool]  5cc815e628: UBSAN:array-index-out-of-bounds_in_mm/slab.h
Date: Fri, 14 Jun 2024 10:57:41 +0800	[thread overview]
Message-ID: <202406141007.1d556925-lkp@intel.com> (raw)



Hello,

kernel test robot noticed "UBSAN:array-index-out-of-bounds_in_mm/slab.h" on:

commit: 5cc815e628b86839f757b37f7d175044493010d4 ("mm, mempool: reimplement kmalloc pool as slab pool")
https://git.kernel.org/cgit/linux/kernel/git/vbabka/linux.git slub-reservations

in testcase: boot

compiler: clang-18
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+----------------------------------------------+------------+------------+
|                                              | a0e111f656 | 5cc815e628 |
+----------------------------------------------+------------+------------+
| UBSAN:array-index-out-of-bounds_in_mm/slab.h | 0          | 6          |
| BUG:kernel_NULL_pointer_dereference,address  | 0          | 6          |
| Oops                                         | 0          | 6          |
| EIP:do_raw_spin_trylock                      | 0          | 6          |
| Kernel_panic-not_syncing:Fatal_exception     | 0          | 6          |
+----------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202406141007.1d556925-lkp@intel.com


[   11.396435][    T1] ------------[ cut here ]------------
[   11.397649][    T1] UBSAN: array-index-out-of-bounds in mm/slab.h:428:9
[   11.399568][    T1] index 14 is out of range for type 'struct kmem_cache *[14]'
[   11.401151][    T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc1-00009-g5cc815e628b8 #1
[   11.403035][    T1] Call Trace:
[ 11.403833][ T1] dump_stack_lvl (lib/dump_stack.c:116) 
[ 11.404927][ T1] ? init_caches (fs/ceph/super.c:964) 
[ 11.405112][ T1] dump_stack (lib/dump_stack.c:123) 
[ 11.405112][ T1] __ubsan_handle_out_of_bounds (lib/ubsan.c:232 lib/ubsan.c:429) 
[ 11.405112][ T1] ? mempool_create_kmalloc_pool (mm/mempool.c:356) 
[ 11.405112][ T1] ? v4l2_ctrl_get_name (drivers/media/v4l2-core/v4l2-ctrls-defs.c:789) 
[ 11.405112][ T1] ? init_caches (fs/ceph/super.c:964) 
[ 11.405112][ T1] mempool_create_kmalloc_pool (mm/slab.h:428) 
[ 11.405112][ T1] init_caches (fs/ceph/super.c:964) 
[ 11.405112][ T1] init_ceph (fs/ceph/super.c:1619) 
[ 11.405112][ T1] do_one_initcall (init/main.c:1267) 
[ 11.405112][ T1] ? bcachefs_init (fs/ceph/super.c:1618) 
[ 11.405112][ T1] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91) 
[ 11.405112][ T1] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:266) 
[ 11.405112][ T1] ? local_clock_noinstr (kernel/sched/clock.c:269 kernel/sched/clock.c:306) 
[ 11.405112][ T1] ? _raw_spin_unlock_irqrestore (arch/x86/include/asm/irqflags.h:19 arch/x86/include/asm/irqflags.h:67 arch/x86/include/asm/irqflags.h:127 include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194) 
[ 11.405112][ T1] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67) 
[ 11.405112][ T1] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4421) 
[ 11.405112][ T1] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91) 
[ 11.405112][ T1] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:266) 
[ 11.405112][ T1] ? local_clock_noinstr (kernel/sched/clock.c:269 kernel/sched/clock.c:306) 
[ 11.405112][ T1] ? __lock_acquire (kernel/locking/lockdep.c:4599) 
[ 11.405112][ T1] ? prep_new_page (mm/page_alloc.c:1478) 
[ 11.405112][ T1] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91) 
[ 11.405112][ T1] ? __should_fail_alloc_page (mm/fail_page_alloc.c:42) 
[ 11.405112][ T1] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91) 
[ 11.405112][ T1] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:266) 
[ 11.405112][ T1] ? local_clock_noinstr (kernel/sched/clock.c:269 kernel/sched/clock.c:306) 
[ 11.405112][ T1] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67) 
[ 11.405112][ T1] ? ___slab_alloc (arch/x86/include/asm/irqflags.h:19 arch/x86/include/asm/irqflags.h:67 arch/x86/include/asm/irqflags.h:127 mm/slub.c:3594) 
[ 11.405112][ T1] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67) 
[ 11.405112][ T1] ? next_arg (lib/cmdline.c:273) 
[ 11.405112][ T1] ? parse_args (kernel/params.c:153) 
[ 11.405112][ T1] do_initcall_level (init/main.c:1328) 
[ 11.405112][ T1] ? rest_init (init/main.c:1459) 
[ 11.405112][ T1] do_initcalls (init/main.c:1342) 
[ 11.405112][ T1] ? rest_init (init/main.c:1459) 
[ 11.405112][ T1] do_basic_setup (init/main.c:1365) 
[ 11.405112][ T1] kernel_init_freeable (init/main.c:1582) 
[ 11.405112][ T1] kernel_init (init/main.c:1469) 
[ 11.405112][ T1] ret_from_fork (arch/x86/kernel/process.c:153) 
[ 11.405112][ T1] ret_from_fork_asm (arch/x86/entry/entry_32.S:737) 
[ 11.405112][ T1] entry_INT80_32 (arch/x86/entry/entry_32.S:944) 
[   11.450934][    T1] ---[ end trace ]---


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240614/202406141007.1d556925-lkp@intel.com



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki

                 reply	other threads:[~2024-06-14  2:58 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202406141007.1d556925-lkp@intel.com \
    --to=oliver.sang@intel.com \
    --cc=linux-mm@kvack.org \
    --cc=lkp@intel.com \
    --cc=oe-lkp@lists.linux.dev \
    --cc=vbabka@suse.cz \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox