Hay
Sign in
Date
Nov. 20, 2024, 6:35 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   35.603762] ==================================================================
[   35.605480] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x414/0x490
[   35.606399] Write of size 1 at addr fff00000c653a678 by task kunit_try_catch/131
[   35.608097] 
[   35.608504] CPU: 0 UID: 0 PID: 131 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241120 #1
[   35.609894] Tainted: [B]=BAD_PAGE, [N]=TEST
[   35.610515] Hardware name: linux,dummy-virt (DT)
[   35.611023] Call trace:
[   35.611497]  show_stack+0x20/0x38 (C)
[   35.612223]  dump_stack_lvl+0x8c/0xd0
[   35.612855]  print_report+0x118/0x5e0
[   35.613431]  kasan_report+0xc8/0x118
[   35.613993]  __asan_report_store1_noabort+0x20/0x30
[   35.614563]  kmalloc_track_caller_oob_right+0x414/0x490
[   35.615289]  kunit_try_run_case+0x14c/0x3d0
[   35.615938]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.617506]  kthread+0x24c/0x2d0
[   35.618564]  ret_from_fork+0x10/0x20
[   35.619167] 
[   35.619506] Allocated by task 131:
[   35.620050]  kasan_save_stack+0x3c/0x68
[   35.620702]  kasan_save_track+0x20/0x40
[   35.621383]  kasan_save_alloc_info+0x40/0x58
[   35.621944]  __kasan_kmalloc+0xd4/0xd8
[   35.622415]  __kmalloc_node_track_caller_noprof+0x184/0x4b8
[   35.623498]  kmalloc_track_caller_oob_right+0xa8/0x490
[   35.624982]  kunit_try_run_case+0x14c/0x3d0
[   35.625577]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   35.626093]  kthread+0x24c/0x2d0
[   35.626543]  ret_from_fork+0x10/0x20
[   35.627092] 
[   35.627437] The buggy address belongs to the object at fff00000c653a600
[   35.627437]  which belongs to the cache kmalloc-128 of size 128
[   35.628426] The buggy address is located 0 bytes to the right of
[   35.628426]  allocated 120-byte region [fff00000c653a600, fff00000c653a678)
[   35.629567] 
[   35.630232] The buggy address belongs to the physical page:
[   35.631273] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10653a
[   35.631967] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   35.633218] page_type: f5(slab)
[   35.633970] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   35.635072] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   35.635972] page dumped because: kasan: bad access detected
[   35.636686] 
[   35.637017] Memory state around the buggy address:
[   35.637913]  fff00000c653a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[   35.638954]  fff00000c653a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.639863] >fff00000c653a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   35.640640]                                                                 ^
[   35.641744]  fff00000c653a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.642472]  fff00000c653a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   35.643307] ==================================================================
Metadata Full log Test run details 

[   26.812650] ==================================================================
[   26.813662] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4ca/0x530
[   26.815202] Write of size 1 at addr ffff888101abf878 by task kunit_try_catch/149
[   26.817108] 
[   26.817351] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241120 #1
[   26.818402] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.819114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.820090] Call Trace:
[   26.820827]  <TASK>
[   26.821104]  dump_stack_lvl+0x73/0xb0
[   26.821850]  print_report+0xd1/0x640
[   26.822553]  ? __virt_addr_valid+0x1db/0x2d0
[   26.823290]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.823910]  kasan_report+0x102/0x140
[   26.824669]  ? kmalloc_track_caller_oob_right+0x4ca/0x530
[   26.825434]  ? kmalloc_track_caller_oob_right+0x4ca/0x530
[   26.826205]  __asan_report_store1_noabort+0x1b/0x30
[   26.826670]  kmalloc_track_caller_oob_right+0x4ca/0x530
[   26.827044]  ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10
[   26.827614]  ? __schedule+0xc3e/0x2790
[   26.828200]  ? __pfx_read_tsc+0x10/0x10
[   26.829024]  ? ktime_get_ts64+0x84/0x230
[   26.829904]  kunit_try_run_case+0x1b3/0x490
[   26.830503]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.831181]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   26.831992]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.832429]  ? __kthread_parkme+0x82/0x160
[   26.833337]  ? preempt_count_sub+0x50/0x80
[   26.833741]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.834534]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.835278]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.836064]  kthread+0x257/0x310
[   26.836489]  ? __pfx_kthread+0x10/0x10
[   26.836968]  ret_from_fork+0x41/0x80
[   26.837291]  ? __pfx_kthread+0x10/0x10
[   26.837887]  ret_from_fork_asm+0x1a/0x30
[   26.838349]  </TASK>
[   26.838654] 
[   26.838875] Allocated by task 149:
[   26.839412]  kasan_save_stack+0x3d/0x60
[   26.839729]  kasan_save_track+0x18/0x40
[   26.840242]  kasan_save_alloc_info+0x3b/0x50
[   26.840747]  __kasan_kmalloc+0xb7/0xc0
[   26.841277]  __kmalloc_node_track_caller_noprof+0x1c6/0x500
[   26.841626]  kmalloc_track_caller_oob_right+0x9a/0x530
[   26.842358]  kunit_try_run_case+0x1b3/0x490
[   26.843008]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.843629]  kthread+0x257/0x310
[   26.843948]  ret_from_fork+0x41/0x80
[   26.844603]  ret_from_fork_asm+0x1a/0x30
[   26.845057] 
[   26.845210] The buggy address belongs to the object at ffff888101abf800
[   26.845210]  which belongs to the cache kmalloc-128 of size 128
[   26.846661] The buggy address is located 0 bytes to the right of
[   26.846661]  allocated 120-byte region [ffff888101abf800, ffff888101abf878)
[   26.847404] 
[   26.847775] The buggy address belongs to the physical page:
[   26.848619] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101abf
[   26.849431] flags: 0x200000000000000(node=0|zone=2)
[   26.849840] page_type: f5(slab)
[   26.850352] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   26.850804] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000
[   26.851586] page dumped because: kasan: bad access detected
[   26.852225] 
[   26.852461] Memory state around the buggy address:
[   26.852929]  ffff888101abf700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.853653]  ffff888101abf780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.854458] >ffff888101abf800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   26.854966]                                                                 ^
[   26.855368]  ffff888101abf880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.857179]  ffff888101abf900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.858044] ==================================================================
Metadata Full log Test run details