From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1E84FC369C2 for ; Mon, 21 Apr 2025 10:04:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 65E406B0006; Mon, 21 Apr 2025 06:04:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 60AF26B0007; Mon, 21 Apr 2025 06:04:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4D47D6B0008; Mon, 21 Apr 2025 06:04:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 336AB6B0006 for ; Mon, 21 Apr 2025 06:04:17 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id B600781D87 for ; Mon, 21 Apr 2025 10:04:17 +0000 (UTC) X-FDA: 83357615754.18.0733BD1 Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [80.241.56.151]) by imf09.hostedemail.com (Postfix) with ESMTP id 53C8F140006 for ; Mon, 21 Apr 2025 10:04:15 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=mailbox.org header.s=mail20150812 header.b=kccPDBOQ; dmarc=pass (policy=reject) header.from=mailbox.org; spf=pass (imf09.hostedemail.com: domain of erhard_f@mailbox.org designates 80.241.56.151 as permitted sender) smtp.mailfrom=erhard_f@mailbox.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1745229856; a=rsa-sha256; cv=none; b=s9qB06ydHsiCmUUfSnDN0aKJGTle74tGngkglo0/TTqeE2Cn+aFkpzuk11RMGNEZ+MoocW 7rDmuf7ONIhof2YfO8GRr4mnwEWg7Rgslih46uWdDYk9t2HfWS1CGmI/WZo21DVX53Pkvi 1keju+Hqqs5eTcp4dNK6UzNLTeYx9oM= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=mailbox.org header.s=mail20150812 header.b=kccPDBOQ; dmarc=pass (policy=reject) header.from=mailbox.org; spf=pass (imf09.hostedemail.com: domain of erhard_f@mailbox.org designates 80.241.56.151 as permitted sender) smtp.mailfrom=erhard_f@mailbox.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1745229856; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=XfvxI0+i7Z1YuQZARp14sno/p3pBL2EyWOlCeZKZQL4=; b=mdjyUDjg4EGf2cbeCmuaBWROYWviyBCTeTYH2L6MkNR/N1YTdACHOhpruYm37X+2rjtUaJ sTOOsZVYVFrXl91iycwJ3dGrOmX7/Urs/tKjAQSzaPkP5v/0SLvddbI9HHdNHFUDbHtgJi 1Mx9xTKV5RDWjwN4Or8jjeubdO33WWA= Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:b231:465::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4Zh1DV52H2z9sFn; Mon, 21 Apr 2025 12:04:10 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mailbox.org; s=mail20150812; t=1745229850; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XfvxI0+i7Z1YuQZARp14sno/p3pBL2EyWOlCeZKZQL4=; b=kccPDBOQ1p7fm7xW4DlUGYdXTQ+QDVA+XX/txY6qdYlkE43kD9IGuzWD1p0dL5VjSc3tlU nhNq46xLBT+lp3cAg5TDC3sY52fYkQiXOHQPtLMJoN+6UMyfT6s6S6MsNt9F5vUUKUajDv 1WuzoF41z8ayKMWZDJQi8o4H3nVQtVSnzPlpy7pOujmve7AlY4kvDupmYiGJUx/h7oKl2L LbDP449WyUXTIaPp/+hgl6WAAt/jHuBeQQC3OD9+XEmZLuazVkNVcukYgN7Jc++WGn/lkr T4EU7OsSHpBcpN54oLTO0VO6adAM55qkRooDE7J2L9Akuj6N++0Og7bpyNmF7Q== Date: Mon, 21 Apr 2025 12:04:08 +0200 From: Erhard Furtner To: linux-mm@kvack.org Cc: kasan-dev@googlegroups.com, kees@kernel.org Subject: Re: BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x195/0x220 at running fortify_kunit (v6.15-rc1, x86_64) Message-ID: <20250421120408.04d7abdf@outsider.home> In-Reply-To: <20250408192503.6149a816@outsider.home> References: <20250408192503.6149a816@outsider.home> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-MBO-RS-META: zxwokzf37mfzxf5g5g1rwfuugfp7cjje X-MBO-RS-ID: fc43cb995263aa00757 X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 53C8F140006 X-Stat-Signature: n5f44m6xp9d8n83f61nnyqn7dwcx9m76 X-Rspam-User: X-HE-Tag: 1745229855-643042 X-HE-Meta: U2FsdGVkX18TIKstSj71QiLN5vKGDA8GwI3hztDU3SWDQy1m347TkFWBpoGkTdV2jFO9ZfFfgIisQFn5a5XMx5tWRPJVNodSYbMdWD3syvisaNZUxrdGJ/DIuPg37IX1itsxKY8xcpa6YkKtTfK5YfvPcCzKRD04TpqQNW0cNuNAHN0kOkCoc7/iq5qOvKHka72pPKITvyjFMjpKv+LrlboYvsuCSd9srFOvKNQzOxrTlgemIN+9PIo21a6d9AqZSZxFeGYfoAtOEiyhk5nQ2dQS3vEG5PjSQuIRYzoT2Qw3JUeeZTVX/IeaLnKPZzaignVofOzzRg4TR71eWyO4Cw8VgQ33rmaZhBEv1dAVVAZHrZEfn2yHPf7rA0JbLS7l+U1xVG+tSRIAfh2PMBR7kOPRkkMBElPRbRamwAqrP1EOQI0+2hrqIZP9RhnR2NHpbM6lvIR/LRAvRHVJYYSN0GI7FWvu8zn2NPRmJRzUc8JT8Z6CG2pa4RsQXfu6B9WvZigrHJCCiH9FkWrF+ojQIJXRmyRJzcRJZ+p6FkNBN0f+NCNHnNQNQ4/hXWEVWHknTM7HeIJB6MfvVdjwbGHVzoDAR7VEJLnOfzikqtj13093+LwvAsq8XCv0NM5x7epWJiWz0Os7ftTW27vcdtXUFVNqbNWy26MXYayopCVC0fu5U/vaxYwgkSOQtS6f0mQubvFecqRfEu0NHhBh954oWMC+yNj9a2aIC35eCcxxJ8Sg+22pbQlkoQ0Zf6nXIEcwp+w9yGf0zQbndkjP0SeNBgYBGm2dG/PyMv6thbrU1iWYTZzywjHMg2WoqjxwAN3W8pmSaW9qU3AI9FkeJFgRVH5yB0ve0hG44gVL77x6NUfvO5gSgRyxOtMO1KyQxPfReIe7jKXrT9L3nTYnDKlnUds525nO2m1DDmiBTJGZPBaBo7GBjwE9F55e8jaa5cnO+phodXImcSZE7zXcwez c1lOrQRc /CrBoAaYFXN7KtpG9dTfAukmuPsxnr+243ic1txRHy+4uan+3GiWd0D/LL2tljW25xEz+yKBP75+gDPkef0aK+r0tHmy0wMkn/vHA9oJ7v5R/brIqNHJ04EC8qmf8tpSk0ESOicBGMXYWO3wMdvLd87izQJkClZHJ6OxGQp1KZA5jWBY449zWlspYwJRcgSRSJMg8XMoDKM+5Xw+7IvnbqiIfF6nNkGLGs6VSq1fTiFnYNObBNBrZ3R22za2UrMAXnwkJikbz6Fmlw5Xyul4J+sDeQdzC7J42RDgqDObrpFW22lIA1bpiUgcKXamTwD6vRJDy X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Greetings! fortify_test_alloc_size_kvmalloc_const test failure still in v6.15-rc3, also with a 'GCC14 -O2'-built kernel: ================================================================== BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x2a2/0x370 Read of size 6291456 at addr ffffc9000e200000 by task kunit_try_catch/4317 CPU: 21 UID: 0 PID: 4317 Comm: kunit_try_catch Tainted: G N 6.15.0-rc3-Zen3 #11 PREEMPT Tainted: [N]=TEST Hardware name: To Be Filled By O.E.M. B550M Pro4/B550M Pro4, BIOS L3.46 08/20/2024 Call Trace: dump_stack_lvl+0x4a/0x70 print_report+0x132/0x4e0 ? __rwlock_init+0x120/0x120 ? vrealloc_noprof+0x2a2/0x370 kasan_report+0xd9/0x110 ? vrealloc_noprof+0x2a2/0x370 ? fortify_test_alloc_size_kvmalloc_const+0x4892/0xa3d0 [fortify_kunit] kasan_check_range+0x113/0x210 __asan_memcpy+0x1f/0x70 vrealloc_noprof+0x2a2/0x370 ? srso_alias_return_thunk+0x5/0xfbef5 fortify_test_alloc_size_kvmalloc_const+0x4892/0xa3d0 [fortify_kunit] ? fortify_test_alloc_size_vmalloc_const+0x2a30/0x2a30 [fortify_kunit] ? srso_alias_return_thunk+0x5/0xfbef5 ? srso_alias_return_thunk+0x5/0xfbef5 ? ktime_get_ts64+0x7a/0x220 ? fortify_test_init+0x2be/0x460 [fortify_kunit] kunit_try_run_case+0x199/0x2b0 [kunit] ? kunit_try_run_case_cleanup+0xe0/0xe0 [kunit] ? srso_alias_return_thunk+0x5/0xfbef5 ? do_raw_spin_unlock+0x4f/0x220 ? kunit_try_run_case_cleanup+0xe0/0xe0 [kunit] ? kunit_mem_assert_format+0x460/0x460 [kunit] kunit_generic_run_threadfn_adapter+0x7b/0xe0 [kunit] kthread+0x349/0x6c0 ? kthread_is_per_cpu+0xd0/0xd0 ? kthread_is_per_cpu+0xd0/0xd0 ? kthread_is_per_cpu+0xd0/0xd0 ret_from_fork+0x2b/0x70 ? kthread_is_per_cpu+0xd0/0xd0 ret_from_fork_asm+0x11/0x20 The buggy address belongs to the virtual mapping at [ffffc9000e200000, ffffc9000e801000) created by: fortify_test_alloc_size_kvmalloc_const+0x4788/0xa3d0 [fortify_kunit] The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7fab41f0a pfn:0x128000 flags: 0x4000000000000000(zone=1) raw: 4000000000000000 0000000000000000 dead000000000122 0000000000000000 raw: 00000007fab41f0a 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffc9000e600f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffc9000e600f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc9000e601000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc9000e601080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc9000e601100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ================================================================== Disabling lock debugging due to kernel taint not ok 7 fortify_test_alloc_size_kvmalloc_const [...] Regards, Erhard On Tue, 8 Apr 2025 19:25:03 +0200 Erhard Furtner wrote: > Greetings! > > I gave v6.15-rc1 a test ride on my Ryzen 5950 system with some debugging options turned on, getting a KASAN vmalloc-out-of-bounds hit at running fortify_kunit test: > > [...] > TAP version 1 > 1..1 > KTAP version 1 > # Subtest: fortify > # module: fortify_kunit > 1..26 > ok 1 fortify_test_known_sizes > ok 2 fortify_test_control_flow_split > ok 3 fortify_test_alloc_size_kmalloc_const > ok 4 fortify_test_alloc_size_kmalloc_dynamic > ok 5 fortify_test_alloc_size_vmalloc_const > ok 6 fortify_test_alloc_size_vmalloc_dynamic > ================================================================== > BUG: KASAN: vmalloc-out-of-bounds in vrealloc_noprof+0x195/0x220 > Read of size 6291456 at addr ffffc90015c00000 by task kunit_try_catch/4334 > > CPU: 15 UID: 0 PID: 4334 Comm: kunit_try_catch Tainted: G N 6.15.0-rc1-Zen3 #6 PREEMPT > Tainted: [N]=TEST > Hardware name: To Be Filled By O.E.M. B550M Pro4/B550M Pro4, BIOS L3.46 08/20/2024 > Call Trace: > > dump_stack_lvl+0x2a/0x90 > print_report+0x17a/0x520 > ? srso_alias_return_thunk+0x5/0xfbef5 > ? vrealloc_noprof+0x195/0x220 > kasan_report+0xb9/0x100 > ? vrealloc_noprof+0x195/0x220 > kasan_check_range+0x184/0x190 > ? vrealloc_noprof+0x195/0x220 > __asan_memcpy+0x25/0x70 > vrealloc_noprof+0x195/0x220 > ? fortify_test_alloc_size_kvmalloc_const+0x2eae/0x7170 [fortify_kunit] > fortify_test_alloc_size_kvmalloc_const+0x2eae/0x7170 [fortify_kunit] > kunit_try_run_case+0x119/0x340 [kunit] > ? kunit_cleanup+0x120/0x120 [kunit] > kunit_generic_run_threadfn_adapter+0x73/0x100 [kunit] > kthread+0x46a/0x570 > ? kunit_try_catch_run+0x620/0x620 [kunit] > ? kthread_blkcg+0xb0/0xb0 > ret_from_fork+0x3c/0x70 > ? kthread_blkcg+0xb0/0xb0 > ret_from_fork_asm+0x11/0x20 > > > The buggy address belongs to the virtual mapping at > [ffffc90015c00000, ffffc90016201000) created by: > fortify_test_alloc_size_kvmalloc_const+0x2dfb/0x7170 [fortify_kunit] > > The buggy address belongs to the physical page: > page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7f281927d pfn:0x128600 > flags: 0x4000000000000000(zone=1) > raw: 4000000000000000 0000000000000000 dead000000000122 0000000000000000 > raw: 00000007f281927d 0000000000000000 00000001ffffffff 0000000000000000 > page dumped because: kasan: bad access detected > > Memory state around the buggy address: > ffffc90016000f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > ffffc90016000f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 > >ffffc90016001000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 > ^ > ffffc90016001080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 > ffffc90016001100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 > ================================================================== > Disabling lock debugging due to kernel taint > not ok 7 fortify_test_alloc_size_kvmalloc_const > ok 8 fortify_test_alloc_size_kvmalloc_dynamic > ok 9 fortify_test_alloc_size_devm_kmalloc_const > ok 10 fortify_test_alloc_size_devm_kmalloc_dynamic > ok 11 fortify_test_realloc_size > ok 12 fortify_test_strlen > ok 13 fortify_test_strnlen > ok 14 fortify_test_strcpy > ok 15 fortify_test_strncpy > ok 16 fortify_test_strscpy > ok 17 fortify_test_strcat > ok 18 fortify_test_strncat > ok 19 fortify_test_strlcat > ok 20 fortify_test_memcpy > ok 21 fortify_test_memmove > ok 22 fortify_test_memscan > ok 23 fortify_test_memchr > ok 24 fortify_test_memchr_inv > ok 25 fortify_test_memcmp > ok 26 fortify_test_kmemdup > # fortify: pass:25 fail:1 skip:0 total:26 > # Totals: pass:25 fail:1 skip:0 total:26 > not ok 1 fortify > > > Kernel .config attached.