Date
Nov. 20, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 36.833158] ================================================================== [ 36.834378] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 36.835051] Write of size 8 at addr fff00000c657f971 by task kunit_try_catch/165 [ 36.836221] [ 36.836667] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 36.838437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.839115] Hardware name: linux,dummy-virt (DT) [ 36.839833] Call trace: [ 36.840261] show_stack+0x20/0x38 (C) [ 36.840805] dump_stack_lvl+0x8c/0xd0 [ 36.841388] print_report+0x118/0x5e0 [ 36.842343] kasan_report+0xc8/0x118 [ 36.842880] kasan_check_range+0x100/0x1a8 [ 36.843432] __asan_memset+0x34/0x78 [ 36.844328] kmalloc_oob_memset_8+0x150/0x2f8 [ 36.844866] kunit_try_run_case+0x14c/0x3d0 [ 36.845807] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.846659] kthread+0x24c/0x2d0 [ 36.847283] ret_from_fork+0x10/0x20 [ 36.847962] [ 36.848268] Allocated by task 165: [ 36.848773] kasan_save_stack+0x3c/0x68 [ 36.849613] kasan_save_track+0x20/0x40 [ 36.850176] kasan_save_alloc_info+0x40/0x58 [ 36.850686] __kasan_kmalloc+0xd4/0xd8 [ 36.851242] __kmalloc_cache_noprof+0x15c/0x3c8 [ 36.851993] kmalloc_oob_memset_8+0xb0/0x2f8 [ 36.852603] kunit_try_run_case+0x14c/0x3d0 [ 36.853862] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.854476] kthread+0x24c/0x2d0 [ 36.854976] ret_from_fork+0x10/0x20 [ 36.855530] [ 36.855849] The buggy address belongs to the object at fff00000c657f900 [ 36.855849] which belongs to the cache kmalloc-128 of size 128 [ 36.856960] The buggy address is located 113 bytes inside of [ 36.856960] allocated 120-byte region [fff00000c657f900, fff00000c657f978) [ 36.858165] [ 36.858518] The buggy address belongs to the physical page: [ 36.859153] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10657f [ 36.860501] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.861621] page_type: f5(slab) [ 36.862114] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.862911] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 36.863687] page dumped because: kasan: bad access detected [ 36.864353] [ 36.864702] Memory state around the buggy address: [ 36.865718] fff00000c657f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 36.866430] fff00000c657f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.867216] >fff00000c657f900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.867876] ^ [ 36.868739] fff00000c657f980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.869742] fff00000c657fa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.870552] ================================================================== [ 36.730905] ================================================================== [ 36.731847] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 36.732673] Write of size 2 at addr fff00000c6575a77 by task kunit_try_catch/161 [ 36.733322] [ 36.733992] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 36.735056] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.736747] Hardware name: linux,dummy-virt (DT) [ 36.737268] Call trace: [ 36.737797] show_stack+0x20/0x38 (C) [ 36.738414] dump_stack_lvl+0x8c/0xd0 [ 36.738983] print_report+0x118/0x5e0 [ 36.739822] kasan_report+0xc8/0x118 [ 36.740381] kasan_check_range+0x100/0x1a8 [ 36.741029] __asan_memset+0x34/0x78 [ 36.741955] kmalloc_oob_memset_2+0x150/0x2f8 [ 36.742505] kunit_try_run_case+0x14c/0x3d0 [ 36.743225] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.744046] kthread+0x24c/0x2d0 [ 36.744688] ret_from_fork+0x10/0x20 [ 36.745463] [ 36.745880] Allocated by task 161: [ 36.746482] kasan_save_stack+0x3c/0x68 [ 36.747008] kasan_save_track+0x20/0x40 [ 36.747606] kasan_save_alloc_info+0x40/0x58 [ 36.748266] __kasan_kmalloc+0xd4/0xd8 [ 36.748915] __kmalloc_cache_noprof+0x15c/0x3c8 [ 36.749666] kmalloc_oob_memset_2+0xb0/0x2f8 [ 36.750537] kunit_try_run_case+0x14c/0x3d0 [ 36.751001] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.751797] kthread+0x24c/0x2d0 [ 36.752264] ret_from_fork+0x10/0x20 [ 36.752818] [ 36.753162] The buggy address belongs to the object at fff00000c6575a00 [ 36.753162] which belongs to the cache kmalloc-128 of size 128 [ 36.755032] The buggy address is located 119 bytes inside of [ 36.755032] allocated 120-byte region [fff00000c6575a00, fff00000c6575a78) [ 36.756219] [ 36.756802] The buggy address belongs to the physical page: [ 36.757583] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106575 [ 36.758398] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.758951] page_type: f5(slab) [ 36.759512] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.760789] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 36.762211] page dumped because: kasan: bad access detected [ 36.763024] [ 36.763510] Memory state around the buggy address: [ 36.764039] fff00000c6575900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 36.764827] fff00000c6575980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.765756] >fff00000c6575a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.767010] ^ [ 36.767573] fff00000c6575a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.767990] fff00000c6575b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.768335] ================================================================== [ 36.884585] ================================================================== [ 36.885544] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 36.887665] Write of size 16 at addr fff00000c6575d69 by task kunit_try_catch/167 [ 36.889060] [ 36.889569] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 36.890819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.891171] Hardware name: linux,dummy-virt (DT) [ 36.891779] Call trace: [ 36.892138] show_stack+0x20/0x38 (C) [ 36.892772] dump_stack_lvl+0x8c/0xd0 [ 36.893346] print_report+0x118/0x5e0 [ 36.894500] kasan_report+0xc8/0x118 [ 36.895101] kasan_check_range+0x100/0x1a8 [ 36.895704] __asan_memset+0x34/0x78 [ 36.896194] kmalloc_oob_memset_16+0x150/0x2f8 [ 36.897653] kunit_try_run_case+0x14c/0x3d0 [ 36.898390] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.899174] kthread+0x24c/0x2d0 [ 36.899779] ret_from_fork+0x10/0x20 [ 36.900315] [ 36.900671] Allocated by task 167: [ 36.901122] kasan_save_stack+0x3c/0x68 [ 36.902075] kasan_save_track+0x20/0x40 [ 36.902485] kasan_save_alloc_info+0x40/0x58 [ 36.902904] __kasan_kmalloc+0xd4/0xd8 [ 36.903660] __kmalloc_cache_noprof+0x15c/0x3c8 [ 36.904502] kmalloc_oob_memset_16+0xb0/0x2f8 [ 36.905211] kunit_try_run_case+0x14c/0x3d0 [ 36.905819] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.906891] kthread+0x24c/0x2d0 [ 36.907402] ret_from_fork+0x10/0x20 [ 36.907968] [ 36.908309] The buggy address belongs to the object at fff00000c6575d00 [ 36.908309] which belongs to the cache kmalloc-128 of size 128 [ 36.910222] The buggy address is located 105 bytes inside of [ 36.910222] allocated 120-byte region [fff00000c6575d00, fff00000c6575d78) [ 36.911392] [ 36.911754] The buggy address belongs to the physical page: [ 36.912410] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106575 [ 36.914019] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.914809] page_type: f5(slab) [ 36.915365] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.916349] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 36.917346] page dumped because: kasan: bad access detected [ 36.917970] [ 36.918290] Memory state around the buggy address: [ 36.919230] fff00000c6575c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 36.920520] fff00000c6575c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.921077] >fff00000c6575d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.922167] ^ [ 36.923132] fff00000c6575d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.923874] fff00000c6575e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.924622] ================================================================== [ 36.780346] ================================================================== [ 36.781864] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 36.783373] Write of size 4 at addr fff00000c6575b75 by task kunit_try_catch/163 [ 36.784123] [ 36.784523] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 36.786118] Tainted: [B]=BAD_PAGE, [N]=TEST [ 36.786898] Hardware name: linux,dummy-virt (DT) [ 36.787676] Call trace: [ 36.788018] show_stack+0x20/0x38 (C) [ 36.788570] dump_stack_lvl+0x8c/0xd0 [ 36.789171] print_report+0x118/0x5e0 [ 36.790356] kasan_report+0xc8/0x118 [ 36.790932] kasan_check_range+0x100/0x1a8 [ 36.791476] __asan_memset+0x34/0x78 [ 36.791893] kmalloc_oob_memset_4+0x150/0x300 [ 36.792640] kunit_try_run_case+0x14c/0x3d0 [ 36.793688] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.794232] kthread+0x24c/0x2d0 [ 36.794829] ret_from_fork+0x10/0x20 [ 36.795500] [ 36.795902] Allocated by task 163: [ 36.796479] kasan_save_stack+0x3c/0x68 [ 36.797087] kasan_save_track+0x20/0x40 [ 36.797948] kasan_save_alloc_info+0x40/0x58 [ 36.798979] __kasan_kmalloc+0xd4/0xd8 [ 36.799880] __kmalloc_cache_noprof+0x15c/0x3c8 [ 36.800606] kmalloc_oob_memset_4+0xb0/0x300 [ 36.801380] kunit_try_run_case+0x14c/0x3d0 [ 36.802051] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 36.802665] kthread+0x24c/0x2d0 [ 36.803254] ret_from_fork+0x10/0x20 [ 36.804069] [ 36.804400] The buggy address belongs to the object at fff00000c6575b00 [ 36.804400] which belongs to the cache kmalloc-128 of size 128 [ 36.805680] The buggy address is located 117 bytes inside of [ 36.805680] allocated 120-byte region [fff00000c6575b00, fff00000c6575b78) [ 36.807664] [ 36.808257] The buggy address belongs to the physical page: [ 36.808874] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106575 [ 36.810041] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 36.810714] page_type: f5(slab) [ 36.811180] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 36.812092] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 36.812911] page dumped because: kasan: bad access detected [ 36.813715] [ 36.813955] Memory state around the buggy address: [ 36.814481] fff00000c6575a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 36.815266] fff00000c6575a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.816422] >fff00000c6575b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 36.817161] ^ [ 36.818047] fff00000c6575b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.819207] fff00000c6575c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.820206] ==================================================================
[ 28.290368] ================================================================== [ 28.291914] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x167/0x330 [ 28.293007] Write of size 8 at addr ffff8881029e2f71 by task kunit_try_catch/183 [ 28.294158] [ 28.295040] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 28.296010] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.297216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.298074] Call Trace: [ 28.298848] <TASK> [ 28.299256] dump_stack_lvl+0x73/0xb0 [ 28.299863] print_report+0xd1/0x640 [ 28.300683] ? __virt_addr_valid+0x1db/0x2d0 [ 28.301401] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.302150] kasan_report+0x102/0x140 [ 28.302932] ? kmalloc_oob_memset_8+0x167/0x330 [ 28.303611] ? kmalloc_oob_memset_8+0x167/0x330 [ 28.304118] kasan_check_range+0x10c/0x1c0 [ 28.304556] __asan_memset+0x27/0x50 [ 28.305462] kmalloc_oob_memset_8+0x167/0x330 [ 28.306304] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 28.306835] ? __schedule+0xc3e/0x2790 [ 28.307445] ? __pfx_read_tsc+0x10/0x10 [ 28.307763] ? ktime_get_ts64+0x84/0x230 [ 28.308161] kunit_try_run_case+0x1b3/0x490 [ 28.308641] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.309538] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.310046] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.311083] ? __kthread_parkme+0x82/0x160 [ 28.311608] ? preempt_count_sub+0x50/0x80 [ 28.312359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.313058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.314086] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.315442] kthread+0x257/0x310 [ 28.316447] ? __pfx_kthread+0x10/0x10 [ 28.317322] ret_from_fork+0x41/0x80 [ 28.318169] ? __pfx_kthread+0x10/0x10 [ 28.318840] ret_from_fork_asm+0x1a/0x30 [ 28.319206] </TASK> [ 28.319499] [ 28.319709] Allocated by task 183: [ 28.320065] kasan_save_stack+0x3d/0x60 [ 28.320409] kasan_save_track+0x18/0x40 [ 28.321233] kasan_save_alloc_info+0x3b/0x50 [ 28.321633] __kasan_kmalloc+0xb7/0xc0 [ 28.322195] __kmalloc_cache_noprof+0x184/0x410 [ 28.323397] kmalloc_oob_memset_8+0xad/0x330 [ 28.324757] kunit_try_run_case+0x1b3/0x490 [ 28.325828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.326388] kthread+0x257/0x310 [ 28.327094] ret_from_fork+0x41/0x80 [ 28.327916] ret_from_fork_asm+0x1a/0x30 [ 28.328332] [ 28.328529] The buggy address belongs to the object at ffff8881029e2f00 [ 28.328529] which belongs to the cache kmalloc-128 of size 128 [ 28.331347] The buggy address is located 113 bytes inside of [ 28.331347] allocated 120-byte region [ffff8881029e2f00, ffff8881029e2f78) [ 28.332650] [ 28.333026] The buggy address belongs to the physical page: [ 28.333584] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 28.334954] flags: 0x200000000000000(node=0|zone=2) [ 28.335530] page_type: f5(slab) [ 28.335981] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.337786] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 28.338759] page dumped because: kasan: bad access detected [ 28.339329] [ 28.339527] Memory state around the buggy address: [ 28.340280] ffff8881029e2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 28.342222] ffff8881029e2e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.343384] >ffff8881029e2f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.344249] ^ [ 28.345205] ffff8881029e2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.346384] ffff8881029e3000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.347294] ================================================================== [ 28.353323] ================================================================== [ 28.354570] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x167/0x330 [ 28.355816] Write of size 16 at addr ffff8881029e4169 by task kunit_try_catch/185 [ 28.356916] [ 28.357029] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 28.358437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.358631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.358993] Call Trace: [ 28.359229] <TASK> [ 28.359894] dump_stack_lvl+0x73/0xb0 [ 28.360500] print_report+0xd1/0x640 [ 28.361410] ? __virt_addr_valid+0x1db/0x2d0 [ 28.362296] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.362962] kasan_report+0x102/0x140 [ 28.363854] ? kmalloc_oob_memset_16+0x167/0x330 [ 28.364843] ? kmalloc_oob_memset_16+0x167/0x330 [ 28.365475] kasan_check_range+0x10c/0x1c0 [ 28.366077] __asan_memset+0x27/0x50 [ 28.366857] kmalloc_oob_memset_16+0x167/0x330 [ 28.367589] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 28.368441] ? __schedule+0xc3e/0x2790 [ 28.368961] ? __pfx_read_tsc+0x10/0x10 [ 28.369518] ? ktime_get_ts64+0x84/0x230 [ 28.370347] kunit_try_run_case+0x1b3/0x490 [ 28.371362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.372092] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.372913] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.373484] ? __kthread_parkme+0x82/0x160 [ 28.374522] ? preempt_count_sub+0x50/0x80 [ 28.375059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.375823] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.376421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.376941] kthread+0x257/0x310 [ 28.377276] ? __pfx_kthread+0x10/0x10 [ 28.378420] ret_from_fork+0x41/0x80 [ 28.378985] ? __pfx_kthread+0x10/0x10 [ 28.379727] ret_from_fork_asm+0x1a/0x30 [ 28.380130] </TASK> [ 28.380388] [ 28.380537] Allocated by task 185: [ 28.380902] kasan_save_stack+0x3d/0x60 [ 28.381356] kasan_save_track+0x18/0x40 [ 28.381673] kasan_save_alloc_info+0x3b/0x50 [ 28.382797] __kasan_kmalloc+0xb7/0xc0 [ 28.383352] __kmalloc_cache_noprof+0x184/0x410 [ 28.383876] kmalloc_oob_memset_16+0xad/0x330 [ 28.384554] kunit_try_run_case+0x1b3/0x490 [ 28.385013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.385755] kthread+0x257/0x310 [ 28.386518] ret_from_fork+0x41/0x80 [ 28.387063] ret_from_fork_asm+0x1a/0x30 [ 28.387835] [ 28.388080] The buggy address belongs to the object at ffff8881029e4100 [ 28.388080] which belongs to the cache kmalloc-128 of size 128 [ 28.389437] The buggy address is located 105 bytes inside of [ 28.389437] allocated 120-byte region [ffff8881029e4100, ffff8881029e4178) [ 28.390990] [ 28.391416] The buggy address belongs to the physical page: [ 28.392019] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e4 [ 28.393013] flags: 0x200000000000000(node=0|zone=2) [ 28.393585] page_type: f5(slab) [ 28.394077] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.395096] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 28.396150] page dumped because: kasan: bad access detected [ 28.396419] [ 28.396515] Memory state around the buggy address: [ 28.397021] ffff8881029e4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 28.398835] ffff8881029e4080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.399603] >ffff8881029e4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.400288] ^ [ 28.401922] ffff8881029e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.403200] ffff8881029e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.403837] ================================================================== [ 28.186728] ================================================================== [ 28.188059] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x167/0x330 [ 28.188850] Write of size 2 at addr ffff888101ac5977 by task kunit_try_catch/179 [ 28.189634] [ 28.189911] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 28.190851] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.191255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.192484] Call Trace: [ 28.193283] <TASK> [ 28.193598] dump_stack_lvl+0x73/0xb0 [ 28.194233] print_report+0xd1/0x640 [ 28.194649] ? __virt_addr_valid+0x1db/0x2d0 [ 28.195873] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.196276] kasan_report+0x102/0x140 [ 28.196979] ? kmalloc_oob_memset_2+0x167/0x330 [ 28.197825] ? kmalloc_oob_memset_2+0x167/0x330 [ 28.198464] kasan_check_range+0x10c/0x1c0 [ 28.199033] __asan_memset+0x27/0x50 [ 28.199567] kmalloc_oob_memset_2+0x167/0x330 [ 28.200242] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 28.200808] ? __schedule+0xc3e/0x2790 [ 28.201249] ? __pfx_read_tsc+0x10/0x10 [ 28.201992] ? ktime_get_ts64+0x84/0x230 [ 28.202540] kunit_try_run_case+0x1b3/0x490 [ 28.203335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.203800] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.204419] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.204986] ? __kthread_parkme+0x82/0x160 [ 28.205505] ? preempt_count_sub+0x50/0x80 [ 28.206086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.206591] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.207411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.208298] kthread+0x257/0x310 [ 28.208674] ? __pfx_kthread+0x10/0x10 [ 28.209102] ret_from_fork+0x41/0x80 [ 28.209589] ? __pfx_kthread+0x10/0x10 [ 28.210290] ret_from_fork_asm+0x1a/0x30 [ 28.210720] </TASK> [ 28.211056] [ 28.211416] Allocated by task 179: [ 28.212108] kasan_save_stack+0x3d/0x60 [ 28.212406] kasan_save_track+0x18/0x40 [ 28.213186] kasan_save_alloc_info+0x3b/0x50 [ 28.213640] __kasan_kmalloc+0xb7/0xc0 [ 28.214637] __kmalloc_cache_noprof+0x184/0x410 [ 28.216078] kmalloc_oob_memset_2+0xad/0x330 [ 28.216342] kunit_try_run_case+0x1b3/0x490 [ 28.216594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.216910] kthread+0x257/0x310 [ 28.217123] ret_from_fork+0x41/0x80 [ 28.217355] ret_from_fork_asm+0x1a/0x30 [ 28.217777] [ 28.217932] The buggy address belongs to the object at ffff888101ac5900 [ 28.217932] which belongs to the cache kmalloc-128 of size 128 [ 28.219306] The buggy address is located 119 bytes inside of [ 28.219306] allocated 120-byte region [ffff888101ac5900, ffff888101ac5978) [ 28.219923] [ 28.220057] The buggy address belongs to the physical page: [ 28.220343] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ac5 [ 28.220770] flags: 0x200000000000000(node=0|zone=2) [ 28.221378] page_type: f5(slab) [ 28.221624] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.222341] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 28.223164] page dumped because: kasan: bad access detected [ 28.223613] [ 28.223886] Memory state around the buggy address: [ 28.224151] ffff888101ac5800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.224500] ffff888101ac5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.225289] >ffff888101ac5900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.225746] ^ [ 28.226433] ffff888101ac5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.226858] ffff888101ac5a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.227252] ================================================================== [ 28.239536] ================================================================== [ 28.240490] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x167/0x330 [ 28.241269] Write of size 4 at addr ffff8881029e2c75 by task kunit_try_catch/181 [ 28.242163] [ 28.242415] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 28.243810] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.244096] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.245108] Call Trace: [ 28.245637] <TASK> [ 28.246051] dump_stack_lvl+0x73/0xb0 [ 28.246623] print_report+0xd1/0x640 [ 28.247087] ? __virt_addr_valid+0x1db/0x2d0 [ 28.247661] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.248288] kasan_report+0x102/0x140 [ 28.248750] ? kmalloc_oob_memset_4+0x167/0x330 [ 28.249606] ? kmalloc_oob_memset_4+0x167/0x330 [ 28.250309] kasan_check_range+0x10c/0x1c0 [ 28.250677] __asan_memset+0x27/0x50 [ 28.251302] kmalloc_oob_memset_4+0x167/0x330 [ 28.251747] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 28.252092] ? __schedule+0xc3e/0x2790 [ 28.252733] ? __pfx_read_tsc+0x10/0x10 [ 28.253635] ? ktime_get_ts64+0x84/0x230 [ 28.254093] kunit_try_run_case+0x1b3/0x490 [ 28.254661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.255362] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.255765] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.256635] ? __kthread_parkme+0x82/0x160 [ 28.257524] ? preempt_count_sub+0x50/0x80 [ 28.257977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.258718] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.259219] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.260271] kthread+0x257/0x310 [ 28.260549] ? __pfx_kthread+0x10/0x10 [ 28.261251] ret_from_fork+0x41/0x80 [ 28.261973] ? __pfx_kthread+0x10/0x10 [ 28.262579] ret_from_fork_asm+0x1a/0x30 [ 28.263114] </TASK> [ 28.263511] [ 28.263946] Allocated by task 181: [ 28.264203] kasan_save_stack+0x3d/0x60 [ 28.265264] kasan_save_track+0x18/0x40 [ 28.265537] kasan_save_alloc_info+0x3b/0x50 [ 28.266433] __kasan_kmalloc+0xb7/0xc0 [ 28.266970] __kmalloc_cache_noprof+0x184/0x410 [ 28.267551] kmalloc_oob_memset_4+0xad/0x330 [ 28.268365] kunit_try_run_case+0x1b3/0x490 [ 28.268682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.269311] kthread+0x257/0x310 [ 28.269949] ret_from_fork+0x41/0x80 [ 28.270250] ret_from_fork_asm+0x1a/0x30 [ 28.271013] [ 28.271253] The buggy address belongs to the object at ffff8881029e2c00 [ 28.271253] which belongs to the cache kmalloc-128 of size 128 [ 28.272774] The buggy address is located 117 bytes inside of [ 28.272774] allocated 120-byte region [ffff8881029e2c00, ffff8881029e2c78) [ 28.273859] [ 28.274174] The buggy address belongs to the physical page: [ 28.275116] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 28.276021] flags: 0x200000000000000(node=0|zone=2) [ 28.276394] page_type: f5(slab) [ 28.276823] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.277829] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 28.278299] page dumped because: kasan: bad access detected [ 28.279175] [ 28.279422] Memory state around the buggy address: [ 28.280108] ffff8881029e2b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 28.280615] ffff8881029e2b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.281584] >ffff8881029e2c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.282399] ^ [ 28.283527] ffff8881029e2c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.284373] ffff8881029e2d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.285292] ==================================================================