Description of problem: The following issue is seen in dmesg: BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x91c/0xe80 [ses] Version-Release number of selected component (if applicable): distro: RHEL-8.5.0-20210621.n.0 kernel-debug: 4.18.0-314.el8 debug How reproducible: Steps to Reproduce: 1. Install target system listed in comment #1 with RHEL-8.5.0-20210621.n.0 2. Install and boot kernel-debug: 4.18.0-314.el8 3. Actual results: https://beaker.engineering.redhat.com/recipes/10176443#task127726617 https://beaker-archive.host.prod.eng.bos.redhat.com/beaker-logs/2021/06/54924/5492400/10176443/127726617/600641870/resultoutputfile.log ---%<-snip->%--- [ 59.126790] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x91c/0xe80 [ses] ---%<-snip->%--- https://beaker-archive.host.prod.eng.bos.redhat.com/beaker-logs/2021/06/54924/5492400/10176443/console.log ---%<-snip->%--- ] Started udev Coldplug all Devices. [ 59.070287] ipmi_si dmi-ipmi-si.0: Removing SMBIOS-specified kcs state machine in favor of ACPI [ 59.070830] RAPL PMU: API unit is 2^-32 Joules, 1 fixed counters, 163840 ms ovfl timer [ 59.079164] ipmi_si: Adding ACPI-specified kcs state machine [ 59.087091] RAPL PMU: hw unit of domain package 2^-16 Joules [ 59.102515] ipmi_si: Trying ACPI-specified kcs state machine at i/o address 0xca2, slave address 0x20, irq 0 [ 59.119310] ================================================================== [ 59.126790] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x91c/0xe80 [ses] [ 59.135137] Read of size 1 at addr ffff888205991451 by task systemd-udevd/3100 [ 59.142412] [ 59.143925] CPU: 53 PID: 3100 Comm: systemd-udevd Not tainted 4.18.0-314.el8.x86_64+debug #1 [ 59.152421] Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/17/2020 [ 59.161011] Call Trace: [ 59.163667] dump_stack+0x8e/0xd0 [ 59.167091] ? ses_enclosure_data_process+0x91c/0xe80 [ses] [ 59.172715] print_address_description.constprop.5+0x1e/0x230 [ 59.178508] ? kmsg_dump_rewind_nolock+0xd9/0xd9 [ 59.183162] ? do_raw_spin_unlock+0x54/0x230 [ 59.187488] ? ses_enclosure_data_process+0x91c/0xe80 [ses] [ 59.193105] ? ses_enclosure_data_process+0x91c/0xe80 [ses] [ 59.196123] ipmi_si IPI0001:00: The BMC does not support clearing the recv irq bit, compensating, but the BMC needs to be fixed. [ 59.198725] ? ses_enclosure_data_process+0x91c/0xe80 [ses] [ 59.215994] __kasan_report.cold.7+0x37/0x86 [ 59.220351] ? ses_enclosure_data_process+0x91c/0xe80 [ses] [ 59.225975] kasan_report+0x37/0x50 [ 59.229507] ses_enclosure_data_process+0x91c/0xe80 [ses] [ 59.234981] ses_intf_add+0xa5b/0xf71 [ses] [ 59.239214] ? class_dev_iter_next+0x6c/0xc0 [ 59.243534] class_interface_register+0x298/0x400 [ 59.248286] ? class_dev_iter_next+0xc0/0xc0 [ 59.252611] ? rcu_read_lock_bh_held+0xc0/0xc0 [ 59.257098] ? 0xffffffffc1978000 [ 59.260451] ses_init+0x12/0x1000 [ses] [ 59.264322] do_one_initcall+0xe9/0x57d [ 59.268199] ? perf_trace_initcall_level+0x460/0x460 [ 59.269095] ipmi_si IPI0001:00: Found new BMC (man_id: 0x00b85c, prod_id: 0x2000, dev_id: 0x13) [ 59.273209] ? kasan_unpoison_shadow+0x30/0x40 [ 59.273219] ? __kasan_kmalloc.constprop.9+0xc1/0xd0 [ 59.273238] ? do_init_module+0x4e/0x6f0 [ 59.295516] ? kmem_cache_alloc_trace+0x122/0x210 [ 59.300261] ? kasan_unpoison_shadow+0x30/0x40 [ 59.304757] do_init_module+0x1d1/0x6f0 [ 59.308644] load_module+0x36bd/0x4f50 [ 59.312497] ? layout_and_allocate+0x3950/0x3950 [ 59.317164] ? sched_clock+0x5/0x10 [ 59.320683] ? sched_clock_cpu+0x18/0x1e0 [ 59.324733] ? find_held_lock+0x3a/0x1c0 [ 59.328761] ? __do_sys_init_module+0x1db/0x260 [ 59.333327] __do_sys_init_module+0x1db/0x260 [ 59.337726] ? load_module+0x4f50/0x4f50 [ 59.341714] ? lockdep_hardirqs_on_prepare+0x294/0x3e0 [ 59.346892] ? do_syscall_64+0x22/0x430 [ 59.350774] do_syscall_64+0xa5/0x430 [ 59.354478] entry_SYSCALL_64_after_hwframe+0x6a/0xdf [ 59.356698] ipmi_si IPI0001:00: IPMI kcs interface initialized [ 59.359570] RIP: 0033:0x7f2b74c2180e [ 59.359579] Code: 48 8b 0d 7d 16 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 af 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 4a 16 2c 00 f7 d8 64 89 01 48 ---%<-snip->%--- Expected results: no "BUG: KASAN:" are expected. Additional info:
All, This issue is reproducible with RHEL-8.7 on target system: distro :RHEL-8.7.0 kernel: 4.18.0-425.3.1.el8 debug host: hpe-dl385gen10-02.hpe2.lab.eng.bos.redhat.com bios: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/08/2021 https://beaker.engineering.redhat.com/jobs/7269721 https://beaker-archive.host.prod.eng.bos.redhat.com/beaker-logs/2022/11/72697/7269721/12991857/console.log ---%<-snip->%--- [ 65.071375] input: PC Speaker as /devices/platform/pcspkr/input/input2 [ 65.088436] ================================================================== [ 65.095912] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x91c/0xe80 [ses] [ 65.104249] Read of size 1 at addr ffff88a1227ec451 by task systemd-udevd/3418 [ 65.111527] [ 65.111551] CPU: 124 PID: 3418 Comm: systemd-udevd Not tainted 4.18.0-425.3.1.el8.x86_64+debug #1 [ 65.111561] Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/08/2021 [ 65.130644] Call Trace: [ 65.133118] dump_stack+0x5c/0x80 [ 65.136485] print_address_description.constprop.6+0x1a/0x150 [ 65.140516] ptdma 0000:e1:00.2: enabling device (0140 -> 0142) [ 65.142286] ? ses_enclosure_data_process+0x91c/0xe80 [ses] [ 65.142298] ? ses_enclosure_data_process+0x91c/0xe80 [ses] [ 65.142313] kasan_report.cold.11+0x7f/0x118 [ 65.163761] ? ses_enclosure_data_process+0x91c/0xe80 [ses] [ 65.169395] ses_enclosure_data_process+0x91c/0xe80 [ses] [ 65.174858] ? kfree+0x1/0x2b0 [ 65.177953] ? enclosure_register+0x288/0x398 [enclosure] [ 65.183412] ses_intf_add+0xa5f/0xf75 [ses] [ 65.187645] ? class_dev_iter_next+0x6c/0xd0 [ 65.191977] class_interface_register+0x298/0x400 [ 65.196736] ? class_dev_iter_next+0xd0/0xd0 [ 65.201057] ? rcu_read_lock_bh_held+0xd0/0xd0 [ 65.205549] ? 0xffffffffc2720000 [ 65.208903] ses_init+0x12/0x1000 [ses] [ 65.212779] do_one_initcall+0x103/0x5f0 [ 65.216748] ? perf_trace_initcall_level+0x420/0x420 [ 65.216768] ? do_init_module+0x4e/0x700 [ 65.225712] ? __kasan_kmalloc+0x7d/0xa0 [ 65.229677] ? kmem_cache_alloc_trace+0x188/0x2b0 [ 65.229730] ptdma 0000:c2:00.2: enabling device (0140 -> 0142) [ 65.234424] ? kasan_unpoison+0x21/0x50 [ 65.234451] do_init_module+0x1d1/0x700 [ 65.248065] load_module+0x3867/0x5260 [ 65.251352] ptdma 0000:c1:00.2: enabling device (0140 -> 0142) [ 65.251938] ? layout_and_allocate+0x3990/0x3990 [ 65.262434] ? sched_clock+0x5/0x10 [ 65.265999] ? sched_clock_cpu+0x18/0x1e0 [ 65.266015] ? find_held_lock+0x3a/0x1d0 [ 65.272790] ptdma 0000:a2:00.2: enabling device (0140 -> 0142) [ 65.274033] ? hlock_class+0x4e/0x120 [ 65.274064] ? alloc_vm_area+0x120/0x120 [ 65.287558] ? selinux_kernel_module_from_file+0x2a5/0x300 [ 65.293140] ? __do_sys_init_module+0x1db/0x260 [ 65.295806] ptdma 0000:a1:00.2: enabling device (0140 -> 0142) [ 65.297708] __do_sys_init_module+0x1db/0x260 [ 65.297725] ? load_module+0x5260/0x5260 [ 65.297768] ? lockdep_hardirqs_on_prepare+0x298/0x3f0 [ 65.317130] ? do_syscall_64+0x22/0x450 [ 65.317156] do_syscall_64+0xa5/0x450 [ 65.324525] ptdma 0000:82:00.2: enabling device (0140 -> 0142) [ 65.324727] entry_SYSCALL_64_after_hwframe+0x66/0xdb [ 65.335684] RIP: 0033:0x7fcdf1b0c23e [ 65.339292] Code: 48 8b 0d 4d 5c 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 af 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1a 5c 38 00 f7 d8 64 89 01 48 [ 65.339301] RSP: 002b:00007ffe83a17858 EFLAGS: 00000246 ORIG_RAX: 00000000000000af [ 65.339312] RAX: ffffffffffffffda RBX: 000055b688f912d0 RCX: 00007fcdf1b0c23e [ 65.339320] RDX: 00007fcdf273e86d RSI: 000000000000c6f0 RDI: 000055b6890b2c40 [ 65.361186] ptdma 0000:81:00.2: enabling device (0140 -> 0142) [ 65.365863] RBP: 00007fcdf273e86d R08: 000055b688f2801a R09: 0000000000000003 [ 65.365871] R10: 000055b688f28010 R11: 0000000000000246 R12: 000055b6890b2c40 [ 65.365877] R13: 000055b688f91010 R14: 0000000000020000 R15: 0000000000000000 [ 65.365927] [ 65.380345] Allocated by task 3418: [ 65.380353] kasan_save_stack+0x19/0x40 [ 65.380360] __kasan_kmalloc+0x7d/0xa0 [ 65.380366] __kmalloc+0x153/0x260 [ 65.423875] ses_intf_add+0x7a6/0xf75 [ses] [ 65.428097] class_interface_register+0x298/0x400 [ 65.432841] ses_init+0x12/0x1000 [ses] [ 65.436713] do_one_initcall+0x103/0x5f0 [ 65.440670] do_init_module+0x1d1/0x700 [ 65.444536] load_module+0x3867/0x5260 [ 65.448317] __do_sys_init_module+0x1db/0x260 [ 65.452708] do_syscall_64+0xa5/0x450 [ 65.456401] entry_SYSCALL_64_after_hwframe+0x66/0xdb ---%<-snip->%--- Tomas - any thoughts? Best, pbunyan
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.
(In reply to PaulB from comment #3) > > > Tomas - any thoughts? This is a real bug which is around for a long time but it shows only when in memory debugging is used. I plan to fix it. > > > Best, > pbunyan
*** Bug 2096182 has been marked as a duplicate of this bug. ***
reproduce this issue on 4.18.0-488.el8.x86_64+debug, and verified this issue has been fixed on 4.18.0-478.el8.4420_810232341.x86_64+debug. [ 60.197879] ================================================================== [ 60.205369] BUG: KASAN: slab-out-of-bounds in ses_enclosure_data_process+0x91c/0xe80 [ses] [ 60.213713] Read of size 1 at addr ffff88b8b63e8451 by task systemd-udevd/3445 [ 60.220993] [ 60.222506] CPU: 225 PID: 3445 Comm: systemd-udevd Not tainted 4.18.0-488.el8.x86_64+debug #1 [ 60.231098] Hardware name: HPE ProLiant DL385 Gen10/ProLiant DL385 Gen10, BIOS A40 07/08/2021 [ 60.239684] Call Trace: [ 60.242159] dump_stack+0x5c/0x80 [ 60.245517] print_address_description.constprop.6+0x1a/0x150 [ 60.251319] ? ses_enclosure_data_process+0x91c/0xe80 [ses] [ 60.256942] ? ses_enclosure_data_process+0x91c/0xe80 [ses] [ 60.262570] kasan_report.cold.11+0x7f/0x118 [ 60.266893] ? ses_enclosure_data_process+0x91c/0xe80 [ses] [ 60.272527] ses_enclosure_data_process+0x91c/0xe80 [ses] [ 60.277995] ? __slab_free+0x2c1/0x2d0 [ 60.281796] ? enclosure_register+0x288/0x398 [enclosure] [ 60.287258] ses_intf_add+0xa5f/0xf75 [ses] [ 60.291498] ? class_dev_iter_next+0x6c/0xd0 [ 60.295829] class_interface_register+0x298/0x400 [ 60.300589] ? class_dev_iter_next+0xd0/0xd0 [ 60.304978] ? rcu_read_lock_bh_held+0xd0/0xd0 [ 60.309472] ? 0xffffffffc2369000 [ 60.312829] ses_init+0x12/0x1000 [ses] [ 60.316705] do_one_initcall+0x103/0x5f0 [ 60.320678] ? perf_trace_initcall_level+0x420/0x420 [ 60.325703] ? __kasan_kmalloc+0x82/0xa0 [ 60.329669] ? kmem_cache_alloc_trace+0x188/0x2b0 [ 60.334418] ? kasan_unpoison+0x21/0x50 [ 60.338311] do_init_module+0x1d1/0x700 [ 60.342211] load_module+0x37f6/0x5100 [ 60.346113] ? layout_and_allocate+0x3990/0x3990 [ 60.350784] ? sched_clock+0x5/0x10 [ 60.354307] ? sched_clock_cpu+0x18/0x1e0 [ 60.358358] ? find_held_lock+0x3a/0x1d0 [ 60.362332] ? hlock_class+0x4e/0x120 [ 60.366056] ? alloc_vm_area+0x120/0x120 [ 60.370017] ? selinux_kernel_module_from_file+0x2a5/0x300 [ 60.375608] ? __do_sys_init_module+0x1db/0x260 [ 60.380177] __do_sys_init_module+0x1db/0x260 [ 60.384581] ? load_module+0x5100/0x5100 [ 60.388585] ? lockdep_hardirqs_on_prepare+0x298/0x3f0 [ 60.393769] ? do_syscall_64+0x22/0x450 [ 60.397657] do_syscall_64+0xa5/0x450 [ 60.401360] entry_SYSCALL_64_after_hwframe+0x66/0xdb [ 60.406458] RIP: 0033:0x7f20c5ea823e [ 60.410069] Code: 48 8b 0d 4d 4c 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 af 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 1a 4c 38 00 f7 d8 64 89 01 48 [ 60.428964] RSP: 002b:00007ffdab0edde8 EFLAGS: 00000246 ORIG_RAX: 00000000000000af [ 60.436597] RAX: ffffffffffffffda RBX: 000055ee1d8b3aa0 RCX: 00007f20c5ea823e [ 60.443788] RDX: 00007f20c6ad986d RSI: 000000000000c6f0 RDI: 000055ee1d7903f0 [ 60.450978] RBP: 00007f20c6ad986d R08: 000055ee1d871cf0 R09: 000055ee1d5c101a [ 60.458167] R10: 0000000000000005 R11: 0000000000000246 R12: 000055ee1d7903f0 [ 60.465354] R13: 000055ee1d813490 R14: 0000000000020000 R15: 0000000000000000 [ 60.472593] [ 60.474103] Allocated by task 3445: [ 60.477623] kasan_save_stack+0x1c/0x50 [ 60.481496] __kasan_kmalloc+0x82/0xa0 [ 60.485278] __kmalloc+0x157/0x270 [ 60.488715] ses_intf_add+0x7a6/0xf75 [ses] [ 60.492938] class_interface_register+0x298/0x400 [ 60.497683] ses_init+0x12/0x1000 [ses] [ 60.501554] do_one_initcall+0x103/0x5f0 [ 60.505512] do_init_module+0x1d1/0x700 [ 60.509380] load_module+0x37f6/0x5100 [ 60.513162] __do_sys_init_module+0x1db/0x260 [ 60.517556] do_syscall_64+0xa5/0x450 [ 60.521251] entry_SYSCALL_64_after_hwframe+0x66/0xdb [ 60.526347] [ 60.527858] The buggy address belongs to the object at ffff88b8b63e8000 [ 60.527858] which belongs to the cache kmalloc-2k of size 2048 [ 60.540465] The buggy address is located 1105 bytes inside of [ 60.540465] 2048-byte region [ffff88b8b63e8000, ffff88b8b63e8800) [ 60.552463] The buggy address belongs to the page: [ 60.557293] page:ffffea00e2d8fa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 head:ffffea00e2d8fa00 order:3 compound_mapcount:0 compound_pincount:0 [ 60.571738] flags: 0x57ffffc0008100(slab|head|node=1|zone=2|lastcpupid=0x1fffff) [ 60.579200] raw: 0057ffffc0008100 dead000000000100 dead000000000200 ffff888100012100 [ 60.587005] raw: 0000000000000000 0000000080080008 00000001ffffffff 0000000000000000 [ 60.594807] page dumped because: kasan: bad access detected [ 60.600421] [ 60.601928] Memory state around the buggy address: [ 60.606756] ffff88b8b63e8300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.614034] ffff88b8b63e8380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 60.621307] >ffff88b8b63e8400: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 60.628584] ^ [ 60.634462] ffff88b8b63e8480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.641735] ffff88b8b63e8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 60.649012] ==================================================================
verified this issue has been fixed on 4.18.0-489.el8.x86_64+debug