[vbabka:slub-reservations] [mm, mempool] 5cc815e628: UBSAN:array-index-out-of-bounds_in_mm/slab.h

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Hello,

kernel test robot noticed "UBSAN:array-index-out-of-bounds_in_mm/slab.h" on:

commit: 5cc815e628b86839f757b37f7d175044493010d4 ("mm, mempool: reimplement kmalloc pool as slab pool")
https://git.kernel.org/cgit/linux/kernel/git/vbabka/linux.git slub-reservations

in testcase: boot

compiler: clang-18
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

(please refer to attached dmesg/kmsg for entire log/backtrace)


+----------------------------------------------+------------+------------+
|                                              | a0e111f656 | 5cc815e628 |
+----------------------------------------------+------------+------------+
| UBSAN:array-index-out-of-bounds_in_mm/slab.h | 0          | 6          |
| BUG:kernel_NULL_pointer_dereference,address  | 0          | 6          |
| Oops                                         | 0          | 6          |
| EIP:do_raw_spin_trylock                      | 0          | 6          |
| Kernel_panic-not_syncing:Fatal_exception     | 0          | 6          |
+----------------------------------------------+------------+------------+


If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@xxxxxxxxx>
| Closes: https://lore.kernel.org/oe-lkp/202406141007.1d556925-lkp@xxxxxxxxx


[   11.396435][    T1] ------------[ cut here ]------------
[   11.397649][    T1] UBSAN: array-index-out-of-bounds in mm/slab.h:428:9
[   11.399568][    T1] index 14 is out of range for type 'struct kmem_cache *[14]'
[   11.401151][    T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-rc1-00009-g5cc815e628b8 #1
[   11.403035][    T1] Call Trace:
[ 11.403833][ T1] dump_stack_lvl (lib/dump_stack.c:116) 
[ 11.404927][ T1] ? init_caches (fs/ceph/super.c:964) 
[ 11.405112][ T1] dump_stack (lib/dump_stack.c:123) 
[ 11.405112][ T1] __ubsan_handle_out_of_bounds (lib/ubsan.c:232 lib/ubsan.c:429) 
[ 11.405112][ T1] ? mempool_create_kmalloc_pool (mm/mempool.c:356) 
[ 11.405112][ T1] ? v4l2_ctrl_get_name (drivers/media/v4l2-core/v4l2-ctrls-defs.c:789) 
[ 11.405112][ T1] ? init_caches (fs/ceph/super.c:964) 
[ 11.405112][ T1] mempool_create_kmalloc_pool (mm/slab.h:428) 
[ 11.405112][ T1] init_caches (fs/ceph/super.c:964) 
[ 11.405112][ T1] init_ceph (fs/ceph/super.c:1619) 
[ 11.405112][ T1] do_one_initcall (init/main.c:1267) 
[ 11.405112][ T1] ? bcachefs_init (fs/ceph/super.c:1618) 
[ 11.405112][ T1] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91) 
[ 11.405112][ T1] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:266) 
[ 11.405112][ T1] ? local_clock_noinstr (kernel/sched/clock.c:269 kernel/sched/clock.c:306) 
[ 11.405112][ T1] ? _raw_spin_unlock_irqrestore (arch/x86/include/asm/irqflags.h:19 arch/x86/include/asm/irqflags.h:67 arch/x86/include/asm/irqflags.h:127 include/linux/spinlock_api_smp.h:151 kernel/locking/spinlock.c:194) 
[ 11.405112][ T1] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67) 
[ 11.405112][ T1] ? lockdep_hardirqs_on (kernel/locking/lockdep.c:4421) 
[ 11.405112][ T1] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91) 
[ 11.405112][ T1] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:266) 
[ 11.405112][ T1] ? local_clock_noinstr (kernel/sched/clock.c:269 kernel/sched/clock.c:306) 
[ 11.405112][ T1] ? __lock_acquire (kernel/locking/lockdep.c:4599) 
[ 11.405112][ T1] ? prep_new_page (mm/page_alloc.c:1478) 
[ 11.405112][ T1] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91) 
[ 11.405112][ T1] ? __should_fail_alloc_page (mm/fail_page_alloc.c:42) 
[ 11.405112][ T1] ? kvm_sched_clock_read (arch/x86/kernel/kvmclock.c:91) 
[ 11.405112][ T1] ? sched_clock_noinstr (arch/x86/kernel/tsc.c:266) 
[ 11.405112][ T1] ? local_clock_noinstr (kernel/sched/clock.c:269 kernel/sched/clock.c:306) 
[ 11.405112][ T1] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67) 
[ 11.405112][ T1] ? ___slab_alloc (arch/x86/include/asm/irqflags.h:19 arch/x86/include/asm/irqflags.h:67 arch/x86/include/asm/irqflags.h:127 mm/slub.c:3594) 
[ 11.405112][ T1] ? __this_cpu_preempt_check (lib/smp_processor_id.c:67) 
[ 11.405112][ T1] ? next_arg (lib/cmdline.c:273) 
[ 11.405112][ T1] ? parse_args (kernel/params.c:153) 
[ 11.405112][ T1] do_initcall_level (init/main.c:1328) 
[ 11.405112][ T1] ? rest_init (init/main.c:1459) 
[ 11.405112][ T1] do_initcalls (init/main.c:1342) 
[ 11.405112][ T1] ? rest_init (init/main.c:1459) 
[ 11.405112][ T1] do_basic_setup (init/main.c:1365) 
[ 11.405112][ T1] kernel_init_freeable (init/main.c:1582) 
[ 11.405112][ T1] kernel_init (init/main.c:1469) 
[ 11.405112][ T1] ret_from_fork (arch/x86/kernel/process.c:153) 
[ 11.405112][ T1] ret_from_fork_asm (arch/x86/entry/entry_32.S:737) 
[ 11.405112][ T1] entry_INT80_32 (arch/x86/entry/entry_32.S:944) 
[   11.450934][    T1] ---[ end trace ]---


The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20240614/202406141007.1d556925-lkp@xxxxxxxxx



-- 
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux