BUG: KASAN: slab-out-of-bounds in amdgpu_cs_parser_bos.isra.0+0x16a0/0x1ed0 [amdgpu]
Yesterday KASAN catch yet another slab-out-of-bounds problem.
Unfortunately I can't reproduce it again.
So I can't check potential fix 
[54316.019020] BUG: KASAN: slab-out-of-bounds in amdgpu_cs_parser_bos.isra.0+0x16a0/0x1ed0 [amdgpu]
[54316.019234] Read of size 8 at addr ffff8882799ed000 by task steamwebhe:cs0/190470
[54316.019238] CPU: 25 PID: 190470 Comm: steamwebhe:cs0 Tainted: G W L ------- --- 6.6.0-0.rc0.20230906git65d6e954e378.8.fc40.x86_64+debug #1
[54316.019240] Hardware name: Micro-Star International Co., Ltd. MS-7D73/MPG B650I EDGE WIFI (MS-7D73), BIOS 1.40 08/14/2023
[54316.019242] Call Trace:
[54316.019243] <TASK>
[54316.019245] dump_stack_lvl+0x76/0xd0
[54316.019250] print_report+0xcf/0x670
[54316.019255] ? amdgpu_cs_parser_bos.isra.0+0x16a0/0x1ed0 [amdgpu]
[54316.019448] kasan_report+0xa6/0xe0
[54316.019452] ? amdgpu_cs_parser_bos.isra.0+0x16a0/0x1ed0 [amdgpu]
[54316.019647] amdgpu_cs_parser_bos.isra.0+0x16a0/0x1ed0 [amdgpu]
[54316.019847] ? __pfx_amdgpu_cs_parser_bos.isra.0+0x10/0x10 [amdgpu]
[54316.020040] ? amdgpu_cs_ioctl+0xe6b/0x48f0 [amdgpu]
[54316.020233] ? __kmem_cache_free+0xc9/0x2f0
[54316.020237] amdgpu_cs_ioctl+0x1d56/0x48f0 [amdgpu]
[54316.020431] ? mark_lock+0x101/0x1700
[54316.020434] ? __pfx_amdgpu_cs_ioctl+0x10/0x10 [amdgpu]
[54316.020626] ? mark_lock+0x101/0x1700
[54316.020628] ? __pfx_mark_lock+0x10/0x10
[54316.020630] ? __pfx_mark_lock+0x10/0x10
[54316.020637] ? local_clock_noinstr+0xd/0xc0
[54316.020642] ? __pfx_amdgpu_cs_ioctl+0x10/0x10 [amdgpu]
[54316.020841] drm_ioctl_kernel+0x1ff/0x3e0
[54316.020845] ? __pfx_drm_ioctl_kernel+0x10/0x10
[54316.020849] drm_ioctl+0x4ce/0xab0
[54316.020851] ? __pfx_amdgpu_cs_ioctl+0x10/0x10 [amdgpu]
[54316.021043] ? __pfx_drm_ioctl+0x10/0x10
[54316.021048] ? _raw_spin_unlock_irqrestore+0x66/0x80
[54316.021051] ? lockdep_hardirqs_on+0x81/0x110
[54316.021053] ? _raw_spin_unlock_irqrestore+0x4f/0x80
[54316.021056] amdgpu_drm_ioctl+0xd8/0x1c0 [amdgpu]
[54316.021241] __x64_sys_ioctl+0x134/0x1b0
[54316.021245] do_syscall_64+0x5d/0x90
[54316.021248] ? do_syscall_64+0x6c/0x90
[54316.021250] ? lockdep_hardirqs_on+0x81/0x110
[54316.021253] ? do_syscall_64+0x6c/0x90
[54316.021255] ? do_syscall_64+0x6c/0x90
[54316.021257] ? lockdep_hardirqs_on+0x81/0x110
[54316.021259] ? do_syscall_64+0x6c/0x90
[54316.021261] ? do_syscall_64+0x6c/0x90
[54316.021263] ? lockdep_hardirqs_on+0x81/0x110
[54316.021265] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[54316.021268] RIP: 0033:0x7efcf83112dd
[54316.021287] Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1a 48 8b 45 c8 64 48 2b 04 25 28 00 00 00
[54316.021289] RSP: 002b:00007efcdb3fc490 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[54316.021292] RAX: ffffffffffffffda RBX: 00007efcdb3fd5e8 RCX: 00007efcf83112dd
[54316.021293] RDX: 00007efcdb3fc560 RSI: 00000000c0186444 RDI: 0000000000000019
[54316.021295] RBP: 00007efcdb3fc4e0 R08: 00007efcdb3fd650 R09: 00007efcdb3fc530
[54316.021296] R10: 000020a6703a4000 R11: 0000000000000246 R12: 00007efcdb3fc560
[54316.021297] R13: 00000000c0186444 R14: 0000000000000019 R15: 00007efcdb3fd5e8
[54316.021300] </TASK>
[54316.021302] Allocated by task 190470:
[54316.021303] kasan_save_stack+0x33/0x60
[54316.021306] kasan_set_track+0x25/0x30
[54316.021307] __kasan_kmalloc+0x8f/0xa0
[54316.021308] drm_exec_init+0x6a/0x1b0 [drm_exec]
[54316.021312] amdgpu_cs_ioctl+0x28c/0x48f0 [amdgpu]
[54316.021503] drm_ioctl_kernel+0x1ff/0x3e0
[54316.021505] drm_ioctl+0x4ce/0xab0
[54316.021507] amdgpu_drm_ioctl+0xd8/0x1c0 [amdgpu]
[54316.021692] __x64_sys_ioctl+0x134/0x1b0
[54316.021694] do_syscall_64+0x5d/0x90
[54316.021696] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
[54316.021700] The buggy address belongs to the object at ffff8882799ec000
which belongs to the cache kmalloc-4k of size 4096
[54316.021702] The buggy address is located 0 bytes to the right of
allocated 4096-byte region [ffff8882799ec000, ffff8882799ed000)
[54316.021705] The buggy address belongs to the physical page:
[54316.021706] page:000000007a208db8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2799e8
[54316.021708] head:000000007a208db8 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[54316.021709] flags: 0x17ffffc0000840(slab|head|node=0|zone=2|lastcpupid=0x1fffff)
[54316.021712] page_type: 0xffffffff()
[54316.021714] raw: 0017ffffc0000840 ffff88810004d040 ffffea00052c4c00 dead000000000002
[54316.021716] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[54316.021717] page dumped because: kasan: bad access detected
[54316.021719] Memory state around the buggy address:
[54316.021720] ffff8882799ecf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[54316.021721] ffff8882799ecf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[54316.021722] >ffff8882799ed000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[54316.021723] ^
[54316.021724] ffff8882799ed080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[54316.021725] ffff8882799ed100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[54316.021726] ==================================================================Full kernel log: dmesg-BUG-KASAN-slab-out-of-bounds-in-amdgpu_cs_parser_bos.isra.txt
Build .config: config-6.6.0-0.rc0.20230906git65d6e954e378.8.fc40.x86_64+debug
My hardware: https://linux-hardware.org/?probe=dd5735f315
Activity
[ 43.887823] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:306
same as #3058
Please register or sign in to reply