Slab out-of-bound on sendmsg() failure

Solution Verified - Updated -

Issue

  • Slab out-of-bound on sendmsg() failure causes the redzone being overwritten:
[66199.102505] =============================================================================
[66199.201050] BUG kmalloc-4k (Tainted: G          I      --------- -  -): Redzone overwritten
[66199.301680] -----------------------------------------------------------------------------

[66199.418034] Disabling lock debugging due to kernel taint
[66199.418036] Kernel panic - not syncing: panic_on_taint set ...
[66199.488271] CPU: 0 PID: 568543 Comm: qemu-kvm Kdump: loaded Tainted: G    B     I      --------- -  - 4.18.0-305.28.1.el8_4.x86_64 #1
[66199.632928] Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 07/16/2020
[66199.735655] Call Trace:
[66199.765018]  dump_stack+0x5c/0x80
[66199.804861]  panic+0xe7/0x2a9
[66199.840508]  add_taint.cold.10+0x28/0x28
[66199.887688]  slab_bug+0xa0/0xbc
[66199.925435]  check_bytes_and_report.cold.102+0x19/0x6e
[66199.987293]  check_object+0x198/0x280
[66200.031327]  free_debug_processing+0x132/0x210
[66200.084797]  ? vhost_net_release+0x96/0xd0 [vhost_net]
[66200.146650]  __slab_free+0x1eb/0x330
[66200.189632]  ? __wait_rcu_gp+0x112/0x140
[66200.236812]  ? rcu_accelerate_cbs_unlocked+0x80/0x80
[66200.296564]  vhost_net_release+0x96/0xd0 [vhost_net]
[66200.356319]  __fput+0xbe/0x250
[66200.393019]  task_work_run+0x8a/0xb0
[66200.436007]  exit_to_usermode_loop+0xeb/0xf0
[66200.487377]  do_syscall_64+0x198/0x1a0
[66200.532458]  entry_SYSCALL_64_after_hwframe+0x65/0xca
[66200.593261] RIP: 0033:0x7f1dce8bb977
[66200.636244] Code: 12 b8 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 3b c3 66 90 53 89 fb 48 83 ec 10 e8 e4 fb ff ff 89 df 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 2b 89 d7 89 44 24 0c e8 26 fc ff ff 8b 44 24
[66200.862659] RSP: 002b:00007ffffc6aa810 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[66200.953857] RAX: 0000000000000000 RBX: 0000000000000067 RCX: 00007f1dce8bb977
[66201.039813] RDX: 0000000000000000 RSI: 0000564f05dd5c20 RDI: 0000000000000067
[66201.125768] RBP: 0000000000000002 R08: 0000564f06ed83c0 R09: 0000000000000007
[66201.211727] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[66201.297682] R13: 0000564f05c43f70 R14: 0000000000000000 R15: 0000000000000000

Environment

  • Red Hat Enterprise Linux 8.5 and older

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content