Date
Nov. 20, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 39.454783] ================================================================== [ 39.456158] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x230/0x268 [ 39.456821] Read of size 1 at addr ffff800080a87cba by task kunit_try_catch/238 [ 39.457498] [ 39.457863] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 39.459072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 39.459548] Hardware name: linux,dummy-virt (DT) [ 39.460407] Call trace: [ 39.460854] show_stack+0x20/0x38 (C) [ 39.462199] dump_stack_lvl+0x8c/0xd0 [ 39.462746] print_report+0x2fc/0x5e0 [ 39.463408] kasan_report+0xc8/0x118 [ 39.464121] __asan_report_load1_noabort+0x20/0x30 [ 39.464963] kasan_stack_oob+0x230/0x268 [ 39.465699] kunit_try_run_case+0x14c/0x3d0 [ 39.466209] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 39.467087] kthread+0x24c/0x2d0 [ 39.467613] ret_from_fork+0x10/0x20 [ 39.468279] [ 39.468756] The buggy address belongs to stack of task kunit_try_catch/238 [ 39.469974] and is located at offset 138 in frame: [ 39.470539] kasan_stack_oob+0x0/0x268 [ 39.471327] [ 39.471702] This frame has 4 objects: [ 39.472416] [48, 49) '__assertion' [ 39.472612] [64, 72) 'array' [ 39.473075] [96, 112) '__assertion' [ 39.473840] [128, 138) 'stack_array' [ 39.474304] [ 39.475121] The buggy address belongs to the virtual mapping at [ 39.475121] [ffff800080a80000, ffff800080a89000) created by: [ 39.475121] kernel_clone+0x140/0x790 [ 39.476664] [ 39.476998] The buggy address belongs to the physical page: [ 39.478677] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10658c [ 39.479782] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 39.480754] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 39.482117] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 39.482908] page dumped because: kasan: bad access detected [ 39.483516] [ 39.483821] Memory state around the buggy address: [ 39.484393] ffff800080a87b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 39.485192] ffff800080a87c00: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 00 f2 [ 39.486287] >ffff800080a87c80: f2 f2 00 00 f2 f2 00 02 f3 f3 00 00 00 00 00 00 [ 39.487370] ^ [ 39.488170] ffff800080a87d00: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 [ 39.489135] ffff800080a87d80: f2 f2 00 00 f2 f2 00 00 f3 f3 00 00 00 00 00 00 [ 39.490143] ==================================================================
[ 31.037745] ================================================================== [ 31.039953] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2ae/0x300 [ 31.040795] Read of size 1 at addr ffff888102d57d72 by task kunit_try_catch/256 [ 31.042499] [ 31.042971] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241120 #1 [ 31.044038] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.044555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.045378] Call Trace: [ 31.045953] <TASK> [ 31.046570] dump_stack_lvl+0x73/0xb0 [ 31.047826] print_report+0xd1/0x640 [ 31.048332] ? __virt_addr_valid+0x1db/0x2d0 [ 31.049072] ? kasan_addr_to_slab+0x11/0xa0 [ 31.049772] kasan_report+0x102/0x140 [ 31.050457] ? kasan_stack_oob+0x2ae/0x300 [ 31.051083] ? kasan_stack_oob+0x2ae/0x300 [ 31.052057] __asan_report_load1_noabort+0x18/0x20 [ 31.052827] kasan_stack_oob+0x2ae/0x300 [ 31.053250] ? __pfx_kasan_stack_oob+0x10/0x10 [ 31.053607] ? finish_task_switch.isra.0+0x153/0x700 [ 31.054192] ? __switch_to+0x5d9/0xf60 [ 31.054670] ? __schedule+0xc3e/0x2790 [ 31.055378] ? __pfx_read_tsc+0x10/0x10 [ 31.055972] ? ktime_get_ts64+0x84/0x230 [ 31.056813] kunit_try_run_case+0x1b3/0x490 [ 31.057891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.058643] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 31.059357] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 31.059956] ? __kthread_parkme+0x82/0x160 [ 31.060636] ? preempt_count_sub+0x50/0x80 [ 31.061253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 31.062080] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 31.063061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 31.064159] kthread+0x257/0x310 [ 31.064439] ? __pfx_kthread+0x10/0x10 [ 31.065264] ret_from_fork+0x41/0x80 [ 31.065563] ? __pfx_kthread+0x10/0x10 [ 31.066466] ret_from_fork_asm+0x1a/0x30 [ 31.067077] </TASK> [ 31.068035] [ 31.068263] The buggy address belongs to stack of task kunit_try_catch/256 [ 31.069589] and is located at offset 138 in frame: [ 31.070749] kasan_stack_oob+0x0/0x300 [ 31.072000] [ 31.072793] This frame has 4 objects: [ 31.073278] [48, 49) '__assertion' [ 31.073326] [64, 72) 'array' [ 31.074080] [96, 112) '__assertion' [ 31.074447] [128, 138) 'stack_array' [ 31.075547] [ 31.076646] The buggy address belongs to the physical page: [ 31.077346] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d57 [ 31.078208] flags: 0x200000000000000(node=0|zone=2) [ 31.079085] raw: 0200000000000000 ffffea00040b55c8 ffffea00040b55c8 0000000000000000 [ 31.080843] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 31.081646] page dumped because: kasan: bad access detected [ 31.082474] [ 31.082649] Memory state around the buggy address: [ 31.083831] ffff888102d57c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.084617] ffff888102d57c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 31.085257] >ffff888102d57d00: f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 02 f3 [ 31.086376] ^ [ 31.087273] ffff888102d57d80: f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 31.088339] ffff888102d57e00: f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 00 00 [ 31.089461] ==================================================================