Date
Nov. 22, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.740314] ================================================================== [ 33.741810] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 33.743560] Write of size 4 at addr fff00000c6357475 by task kunit_try_catch/163 [ 33.744963] [ 33.745593] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 33.746833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.747381] Hardware name: linux,dummy-virt (DT) [ 33.748799] Call trace: [ 33.749584] show_stack+0x20/0x38 (C) [ 33.750278] dump_stack_lvl+0x8c/0xd0 [ 33.750724] print_report+0x118/0x5e0 [ 33.751465] kasan_report+0xc8/0x118 [ 33.751975] kasan_check_range+0x100/0x1a8 [ 33.752995] __asan_memset+0x34/0x78 [ 33.753808] kmalloc_oob_memset_4+0x150/0x300 [ 33.754422] kunit_try_run_case+0x14c/0x3d0 [ 33.755084] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.755743] kthread+0x24c/0x2d0 [ 33.756342] ret_from_fork+0x10/0x20 [ 33.757525] [ 33.757889] Allocated by task 163: [ 33.758656] kasan_save_stack+0x3c/0x68 [ 33.759319] kasan_save_track+0x20/0x40 [ 33.759988] kasan_save_alloc_info+0x40/0x58 [ 33.760731] __kasan_kmalloc+0xd4/0xd8 [ 33.761527] __kmalloc_cache_noprof+0x15c/0x3c8 [ 33.762277] kmalloc_oob_memset_4+0xb0/0x300 [ 33.763214] kunit_try_run_case+0x14c/0x3d0 [ 33.763957] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.765033] kthread+0x24c/0x2d0 [ 33.765964] ret_from_fork+0x10/0x20 [ 33.766516] [ 33.766806] The buggy address belongs to the object at fff00000c6357400 [ 33.766806] which belongs to the cache kmalloc-128 of size 128 [ 33.769734] The buggy address is located 117 bytes inside of [ 33.769734] allocated 120-byte region [fff00000c6357400, fff00000c6357478) [ 33.771624] [ 33.771956] The buggy address belongs to the physical page: [ 33.773038] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106357 [ 33.774273] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.775323] page_type: f5(slab) [ 33.776019] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.777336] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 33.778260] page dumped because: kasan: bad access detected [ 33.778935] [ 33.779216] Memory state around the buggy address: [ 33.779733] fff00000c6357300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.781189] fff00000c6357380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.783635] >fff00000c6357400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.785090] ^ [ 33.786338] fff00000c6357480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.787244] fff00000c6357500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.788108] ================================================================== [ 33.800134] ================================================================== [ 33.801756] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 33.804522] Write of size 8 at addr fff00000c6357571 by task kunit_try_catch/165 [ 33.806032] [ 33.806557] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 33.807864] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.808382] Hardware name: linux,dummy-virt (DT) [ 33.809832] Call trace: [ 33.810060] show_stack+0x20/0x38 (C) [ 33.810369] dump_stack_lvl+0x8c/0xd0 [ 33.810806] print_report+0x118/0x5e0 [ 33.811714] kasan_report+0xc8/0x118 [ 33.812227] kasan_check_range+0x100/0x1a8 [ 33.813057] __asan_memset+0x34/0x78 [ 33.813975] kmalloc_oob_memset_8+0x150/0x2f8 [ 33.815062] kunit_try_run_case+0x14c/0x3d0 [ 33.815820] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.817144] kthread+0x24c/0x2d0 [ 33.817644] ret_from_fork+0x10/0x20 [ 33.818214] [ 33.818522] Allocated by task 165: [ 33.819038] kasan_save_stack+0x3c/0x68 [ 33.819658] kasan_save_track+0x20/0x40 [ 33.820106] kasan_save_alloc_info+0x40/0x58 [ 33.821310] __kasan_kmalloc+0xd4/0xd8 [ 33.821896] __kmalloc_cache_noprof+0x15c/0x3c8 [ 33.823235] kmalloc_oob_memset_8+0xb0/0x2f8 [ 33.823870] kunit_try_run_case+0x14c/0x3d0 [ 33.824976] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.825735] kthread+0x24c/0x2d0 [ 33.826253] ret_from_fork+0x10/0x20 [ 33.826808] [ 33.827253] The buggy address belongs to the object at fff00000c6357500 [ 33.827253] which belongs to the cache kmalloc-128 of size 128 [ 33.828721] The buggy address is located 113 bytes inside of [ 33.828721] allocated 120-byte region [fff00000c6357500, fff00000c6357578) [ 33.830492] [ 33.830933] The buggy address belongs to the physical page: [ 33.831841] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106357 [ 33.833260] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.834422] page_type: f5(slab) [ 33.835242] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.836272] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 33.837793] page dumped because: kasan: bad access detected [ 33.838373] [ 33.838633] Memory state around the buggy address: [ 33.839267] fff00000c6357400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.840027] fff00000c6357480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.841133] >fff00000c6357500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.841960] ^ [ 33.843268] fff00000c6357580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.845109] fff00000c6357600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.846482] ================================================================== [ 33.859218] ================================================================== [ 33.860589] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 33.861679] Write of size 16 at addr fff00000c6a6f469 by task kunit_try_catch/167 [ 33.862495] [ 33.863937] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 33.865219] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.865861] Hardware name: linux,dummy-virt (DT) [ 33.867124] Call trace: [ 33.867933] show_stack+0x20/0x38 (C) [ 33.869175] dump_stack_lvl+0x8c/0xd0 [ 33.870475] print_report+0x118/0x5e0 [ 33.871246] kasan_report+0xc8/0x118 [ 33.871907] kasan_check_range+0x100/0x1a8 [ 33.872692] __asan_memset+0x34/0x78 [ 33.873473] kmalloc_oob_memset_16+0x150/0x2f8 [ 33.874715] kunit_try_run_case+0x14c/0x3d0 [ 33.875522] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.876382] kthread+0x24c/0x2d0 [ 33.877396] ret_from_fork+0x10/0x20 [ 33.878252] [ 33.878780] Allocated by task 167: [ 33.879628] kasan_save_stack+0x3c/0x68 [ 33.880780] kasan_save_track+0x20/0x40 [ 33.881384] kasan_save_alloc_info+0x40/0x58 [ 33.882398] __kasan_kmalloc+0xd4/0xd8 [ 33.883022] __kmalloc_cache_noprof+0x15c/0x3c8 [ 33.883826] kmalloc_oob_memset_16+0xb0/0x2f8 [ 33.884613] kunit_try_run_case+0x14c/0x3d0 [ 33.885667] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.886283] kthread+0x24c/0x2d0 [ 33.886753] ret_from_fork+0x10/0x20 [ 33.887247] [ 33.887715] The buggy address belongs to the object at fff00000c6a6f400 [ 33.887715] which belongs to the cache kmalloc-128 of size 128 [ 33.891858] The buggy address is located 105 bytes inside of [ 33.891858] allocated 120-byte region [fff00000c6a6f400, fff00000c6a6f478) [ 33.893759] [ 33.894066] The buggy address belongs to the physical page: [ 33.897989] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106a6f [ 33.898830] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.899407] page_type: f5(slab) [ 33.901746] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.902769] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 33.903560] page dumped because: kasan: bad access detected [ 33.904187] [ 33.905061] Memory state around the buggy address: [ 33.905535] fff00000c6a6f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 33.906126] fff00000c6a6f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.906759] >fff00000c6a6f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.907367] ^ [ 33.909128] fff00000c6a6f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.911281] fff00000c6a6f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.912211] ================================================================== [ 33.680265] ================================================================== [ 33.683006] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 33.683781] Write of size 2 at addr fff00000c6357377 by task kunit_try_catch/161 [ 33.685362] [ 33.685984] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 33.687358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.687950] Hardware name: linux,dummy-virt (DT) [ 33.688713] Call trace: [ 33.689107] show_stack+0x20/0x38 (C) [ 33.689821] dump_stack_lvl+0x8c/0xd0 [ 33.690877] print_report+0x118/0x5e0 [ 33.691568] kasan_report+0xc8/0x118 [ 33.691985] kasan_check_range+0x100/0x1a8 [ 33.693036] __asan_memset+0x34/0x78 [ 33.693906] kmalloc_oob_memset_2+0x150/0x2f8 [ 33.694762] kunit_try_run_case+0x14c/0x3d0 [ 33.695526] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.696357] kthread+0x24c/0x2d0 [ 33.697133] ret_from_fork+0x10/0x20 [ 33.698096] [ 33.698548] Allocated by task 161: [ 33.699309] kasan_save_stack+0x3c/0x68 [ 33.699928] kasan_save_track+0x20/0x40 [ 33.701050] kasan_save_alloc_info+0x40/0x58 [ 33.702062] __kasan_kmalloc+0xd4/0xd8 [ 33.702375] __kmalloc_cache_noprof+0x15c/0x3c8 [ 33.702978] kmalloc_oob_memset_2+0xb0/0x2f8 [ 33.703730] kunit_try_run_case+0x14c/0x3d0 [ 33.704400] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.705121] kthread+0x24c/0x2d0 [ 33.705758] ret_from_fork+0x10/0x20 [ 33.706910] [ 33.707363] The buggy address belongs to the object at fff00000c6357300 [ 33.707363] which belongs to the cache kmalloc-128 of size 128 [ 33.709114] The buggy address is located 119 bytes inside of [ 33.709114] allocated 120-byte region [fff00000c6357300, fff00000c6357378) [ 33.710699] [ 33.711376] The buggy address belongs to the physical page: [ 33.712279] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106357 [ 33.713987] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.714976] page_type: f5(slab) [ 33.715553] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.716865] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 33.718030] page dumped because: kasan: bad access detected [ 33.718600] [ 33.718994] Memory state around the buggy address: [ 33.719621] fff00000c6357200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.720689] fff00000c6357280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.722621] >fff00000c6357300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.723568] ^ [ 33.724528] fff00000c6357380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.726249] fff00000c6357400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.726931] ==================================================================
[ 25.284649] ================================================================== [ 25.285623] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x167/0x330 [ 25.286393] Write of size 16 at addr ffff888101aaf469 by task kunit_try_catch/186 [ 25.287286] [ 25.287590] CPU: 0 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 25.288430] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.288685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.290142] Call Trace: [ 25.290557] <TASK> [ 25.291041] dump_stack_lvl+0x73/0xb0 [ 25.291699] print_report+0xd1/0x640 [ 25.292339] ? __virt_addr_valid+0x1db/0x2d0 [ 25.292889] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.293709] kasan_report+0x102/0x140 [ 25.294367] ? kmalloc_oob_memset_16+0x167/0x330 [ 25.295091] ? kmalloc_oob_memset_16+0x167/0x330 [ 25.295676] kasan_check_range+0x10c/0x1c0 [ 25.296374] __asan_memset+0x27/0x50 [ 25.296616] kmalloc_oob_memset_16+0x167/0x330 [ 25.297513] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 25.298045] ? __schedule+0xc3e/0x2790 [ 25.299327] ? __pfx_read_tsc+0x10/0x10 [ 25.299671] ? ktime_get_ts64+0x84/0x230 [ 25.300352] kunit_try_run_case+0x1b3/0x490 [ 25.300734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.301658] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.302027] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.303100] ? __kthread_parkme+0x82/0x160 [ 25.303725] ? preempt_count_sub+0x50/0x80 [ 25.304460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.304948] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.305359] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.305921] kthread+0x257/0x310 [ 25.306307] ? __pfx_kthread+0x10/0x10 [ 25.306656] ret_from_fork+0x41/0x80 [ 25.307091] ? __pfx_kthread+0x10/0x10 [ 25.307781] ret_from_fork_asm+0x1a/0x30 [ 25.308348] </TASK> [ 25.308538] [ 25.308680] Allocated by task 186: [ 25.309301] kasan_save_stack+0x3d/0x60 [ 25.309720] kasan_save_track+0x18/0x40 [ 25.310364] kasan_save_alloc_info+0x3b/0x50 [ 25.311071] __kasan_kmalloc+0xb7/0xc0 [ 25.311517] __kmalloc_cache_noprof+0x184/0x410 [ 25.312129] kmalloc_oob_memset_16+0xad/0x330 [ 25.312458] kunit_try_run_case+0x1b3/0x490 [ 25.313112] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.313697] kthread+0x257/0x310 [ 25.314732] ret_from_fork+0x41/0x80 [ 25.315469] ret_from_fork_asm+0x1a/0x30 [ 25.316067] [ 25.316329] The buggy address belongs to the object at ffff888101aaf400 [ 25.316329] which belongs to the cache kmalloc-128 of size 128 [ 25.317525] The buggy address is located 105 bytes inside of [ 25.317525] allocated 120-byte region [ffff888101aaf400, ffff888101aaf478) [ 25.318643] [ 25.319078] The buggy address belongs to the physical page: [ 25.319523] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101aaf [ 25.320329] flags: 0x200000000000000(node=0|zone=2) [ 25.321007] page_type: f5(slab) [ 25.321346] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.322188] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 25.322726] page dumped because: kasan: bad access detected [ 25.323501] [ 25.323710] Memory state around the buggy address: [ 25.324229] ffff888101aaf300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 25.324655] ffff888101aaf380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.325160] >ffff888101aaf400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.325619] ^ [ 25.326465] ffff888101aaf480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.327155] ffff888101aaf500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.327791] ================================================================== [ 25.232414] ================================================================== [ 25.233424] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x167/0x330 [ 25.234128] Write of size 8 at addr ffff888101aaf171 by task kunit_try_catch/184 [ 25.235372] [ 25.235621] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 25.236725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.237303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.238233] Call Trace: [ 25.238557] <TASK> [ 25.238946] dump_stack_lvl+0x73/0xb0 [ 25.239481] print_report+0xd1/0x640 [ 25.240137] ? __virt_addr_valid+0x1db/0x2d0 [ 25.240613] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.241102] kasan_report+0x102/0x140 [ 25.241748] ? kmalloc_oob_memset_8+0x167/0x330 [ 25.242415] ? kmalloc_oob_memset_8+0x167/0x330 [ 25.242761] kasan_check_range+0x10c/0x1c0 [ 25.243502] __asan_memset+0x27/0x50 [ 25.244109] kmalloc_oob_memset_8+0x167/0x330 [ 25.244615] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 25.245298] ? __schedule+0xc3e/0x2790 [ 25.245748] ? __pfx_read_tsc+0x10/0x10 [ 25.246394] ? ktime_get_ts64+0x84/0x230 [ 25.246919] kunit_try_run_case+0x1b3/0x490 [ 25.247239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.247713] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.248499] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.249185] ? __kthread_parkme+0x82/0x160 [ 25.249703] ? preempt_count_sub+0x50/0x80 [ 25.250303] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.250818] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.251591] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.252338] kthread+0x257/0x310 [ 25.252760] ? __pfx_kthread+0x10/0x10 [ 25.253213] ret_from_fork+0x41/0x80 [ 25.253605] ? __pfx_kthread+0x10/0x10 [ 25.253975] ret_from_fork_asm+0x1a/0x30 [ 25.254281] </TASK> [ 25.254556] [ 25.254773] Allocated by task 184: [ 25.255352] kasan_save_stack+0x3d/0x60 [ 25.255767] kasan_save_track+0x18/0x40 [ 25.256511] kasan_save_alloc_info+0x3b/0x50 [ 25.257114] __kasan_kmalloc+0xb7/0xc0 [ 25.257581] __kmalloc_cache_noprof+0x184/0x410 [ 25.258237] kmalloc_oob_memset_8+0xad/0x330 [ 25.258721] kunit_try_run_case+0x1b3/0x490 [ 25.259259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.259848] kthread+0x257/0x310 [ 25.260365] ret_from_fork+0x41/0x80 [ 25.260814] ret_from_fork_asm+0x1a/0x30 [ 25.261677] [ 25.261864] The buggy address belongs to the object at ffff888101aaf100 [ 25.261864] which belongs to the cache kmalloc-128 of size 128 [ 25.262616] The buggy address is located 113 bytes inside of [ 25.262616] allocated 120-byte region [ffff888101aaf100, ffff888101aaf178) [ 25.264435] [ 25.264664] The buggy address belongs to the physical page: [ 25.265442] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101aaf [ 25.266356] flags: 0x200000000000000(node=0|zone=2) [ 25.266740] page_type: f5(slab) [ 25.267453] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.268495] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 25.269470] page dumped because: kasan: bad access detected [ 25.270157] [ 25.270426] Memory state around the buggy address: [ 25.270792] ffff888101aaf000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.271706] ffff888101aaf080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.272542] >ffff888101aaf100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.273418] ^ [ 25.274107] ffff888101aaf180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.274789] ffff888101aaf200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.275668] ================================================================== [ 25.132136] ================================================================== [ 25.133102] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x167/0x330 [ 25.133785] Write of size 2 at addr ffff888101aabf77 by task kunit_try_catch/180 [ 25.134285] [ 25.134531] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 25.135110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.135567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.136346] Call Trace: [ 25.136548] <TASK> [ 25.137063] dump_stack_lvl+0x73/0xb0 [ 25.137591] print_report+0xd1/0x640 [ 25.138305] ? __virt_addr_valid+0x1db/0x2d0 [ 25.138701] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.139129] kasan_report+0x102/0x140 [ 25.139400] ? kmalloc_oob_memset_2+0x167/0x330 [ 25.139977] ? kmalloc_oob_memset_2+0x167/0x330 [ 25.140473] kasan_check_range+0x10c/0x1c0 [ 25.140936] __asan_memset+0x27/0x50 [ 25.142795] kmalloc_oob_memset_2+0x167/0x330 [ 25.143599] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 25.144516] ? __schedule+0xc3e/0x2790 [ 25.144874] ? __pfx_read_tsc+0x10/0x10 [ 25.145391] ? ktime_get_ts64+0x84/0x230 [ 25.146458] kunit_try_run_case+0x1b3/0x490 [ 25.146816] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.147377] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.147707] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.148225] ? __kthread_parkme+0x82/0x160 [ 25.149327] ? preempt_count_sub+0x50/0x80 [ 25.150311] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.150745] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.151315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.151775] kthread+0x257/0x310 [ 25.152618] ? __pfx_kthread+0x10/0x10 [ 25.152940] ret_from_fork+0x41/0x80 [ 25.153930] ? __pfx_kthread+0x10/0x10 [ 25.154562] ret_from_fork_asm+0x1a/0x30 [ 25.154869] </TASK> [ 25.155210] [ 25.155421] Allocated by task 180: [ 25.155950] kasan_save_stack+0x3d/0x60 [ 25.156986] kasan_save_track+0x18/0x40 [ 25.157143] kasan_save_alloc_info+0x3b/0x50 [ 25.157395] __kasan_kmalloc+0xb7/0xc0 [ 25.158481] __kmalloc_cache_noprof+0x184/0x410 [ 25.158654] kmalloc_oob_memset_2+0xad/0x330 [ 25.158862] kunit_try_run_case+0x1b3/0x490 [ 25.159336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.160176] kthread+0x257/0x310 [ 25.160610] ret_from_fork+0x41/0x80 [ 25.161366] ret_from_fork_asm+0x1a/0x30 [ 25.162114] [ 25.162441] The buggy address belongs to the object at ffff888101aabf00 [ 25.162441] which belongs to the cache kmalloc-128 of size 128 [ 25.163371] The buggy address is located 119 bytes inside of [ 25.163371] allocated 120-byte region [ffff888101aabf00, ffff888101aabf78) [ 25.164246] [ 25.164579] The buggy address belongs to the physical page: [ 25.165217] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101aab [ 25.166432] flags: 0x200000000000000(node=0|zone=2) [ 25.167117] page_type: f5(slab) [ 25.167272] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.167499] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 25.167710] page dumped because: kasan: bad access detected [ 25.167939] [ 25.168127] Memory state around the buggy address: [ 25.168582] ffff888101aabe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 25.169293] ffff888101aabe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.169870] >ffff888101aabf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.170266] ^ [ 25.171259] ffff888101aabf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.171726] ffff888101aac000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.172172] ================================================================== [ 25.180760] ================================================================== [ 25.181956] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x167/0x330 [ 25.182738] Write of size 4 at addr ffff888102a09775 by task kunit_try_catch/182 [ 25.183360] [ 25.183569] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241122 #1 [ 25.184595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.185173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.185990] Call Trace: [ 25.186215] <TASK> [ 25.186409] dump_stack_lvl+0x73/0xb0 [ 25.187385] print_report+0xd1/0x640 [ 25.187812] ? __virt_addr_valid+0x1db/0x2d0 [ 25.188487] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.189095] kasan_report+0x102/0x140 [ 25.189559] ? kmalloc_oob_memset_4+0x167/0x330 [ 25.190241] ? kmalloc_oob_memset_4+0x167/0x330 [ 25.190789] kasan_check_range+0x10c/0x1c0 [ 25.191472] __asan_memset+0x27/0x50 [ 25.191839] kmalloc_oob_memset_4+0x167/0x330 [ 25.192818] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 25.193424] ? __schedule+0xc3e/0x2790 [ 25.193706] ? __pfx_read_tsc+0x10/0x10 [ 25.194314] ? ktime_get_ts64+0x84/0x230 [ 25.194812] kunit_try_run_case+0x1b3/0x490 [ 25.195534] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.196176] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.196729] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.197705] ? __kthread_parkme+0x82/0x160 [ 25.198336] ? preempt_count_sub+0x50/0x80 [ 25.198849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.199389] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.200155] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.200678] kthread+0x257/0x310 [ 25.201285] ? __pfx_kthread+0x10/0x10 [ 25.201735] ret_from_fork+0x41/0x80 [ 25.202723] ? __pfx_kthread+0x10/0x10 [ 25.203172] ret_from_fork_asm+0x1a/0x30 [ 25.203663] </TASK> [ 25.203922] [ 25.204087] Allocated by task 182: [ 25.204700] kasan_save_stack+0x3d/0x60 [ 25.205317] kasan_save_track+0x18/0x40 [ 25.205764] kasan_save_alloc_info+0x3b/0x50 [ 25.206414] __kasan_kmalloc+0xb7/0xc0 [ 25.206723] __kmalloc_cache_noprof+0x184/0x410 [ 25.207393] kmalloc_oob_memset_4+0xad/0x330 [ 25.208617] kunit_try_run_case+0x1b3/0x490 [ 25.209144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.209488] kthread+0x257/0x310 [ 25.209744] ret_from_fork+0x41/0x80 [ 25.210387] ret_from_fork_asm+0x1a/0x30 [ 25.211002] [ 25.211243] The buggy address belongs to the object at ffff888102a09700 [ 25.211243] which belongs to the cache kmalloc-128 of size 128 [ 25.212425] The buggy address is located 117 bytes inside of [ 25.212425] allocated 120-byte region [ffff888102a09700, ffff888102a09778) [ 25.213484] [ 25.213720] The buggy address belongs to the physical page: [ 25.215034] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a09 [ 25.215526] flags: 0x200000000000000(node=0|zone=2) [ 25.216169] page_type: f5(slab) [ 25.216587] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.217370] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 25.218158] page dumped because: kasan: bad access detected [ 25.218656] [ 25.218917] Memory state around the buggy address: [ 25.219193] ffff888102a09600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 25.219743] ffff888102a09680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.221363] >ffff888102a09700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.222158] ^ [ 25.222590] ffff888102a09780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.223440] ffff888102a09800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.224053] ==================================================================