Hay
Sign in
Date
Nov. 26, 2024, 6:09 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   30.186462] ==================================================================
[   30.187569] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0
[   30.188260] Write of size 1 at addr fff00000c1645f00 by task kunit_try_catch/133
[   30.189152] 
[   30.189535] CPU: 0 UID: 0 PID: 133 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   30.190435] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.192045] Hardware name: linux,dummy-virt (DT)
[   30.193028] Call trace:
[   30.193467]  show_stack+0x20/0x38 (C)
[   30.194100]  dump_stack_lvl+0x8c/0xd0
[   30.194713]  print_report+0x118/0x5e0
[   30.195365]  kasan_report+0xc8/0x118
[   30.195996]  __asan_report_store1_noabort+0x20/0x30
[   30.197527]  kmalloc_big_oob_right+0x2a4/0x2f0
[   30.198194]  kunit_try_run_case+0x14c/0x3d0
[   30.198740]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.199635]  kthread+0x24c/0x2d0
[   30.200154]  ret_from_fork+0x10/0x20
[   30.201169] 
[   30.201491] Allocated by task 133:
[   30.202051]  kasan_save_stack+0x3c/0x68
[   30.202627]  kasan_save_track+0x20/0x40
[   30.203253]  kasan_save_alloc_info+0x40/0x58
[   30.203842]  __kasan_kmalloc+0xd4/0xd8
[   30.205155]  __kmalloc_cache_noprof+0x15c/0x3c8
[   30.205892]  kmalloc_big_oob_right+0xb8/0x2f0
[   30.206439]  kunit_try_run_case+0x14c/0x3d0
[   30.207107]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.207793]  kthread+0x24c/0x2d0
[   30.208956]  ret_from_fork+0x10/0x20
[   30.209484] 
[   30.209786] The buggy address belongs to the object at fff00000c1644000
[   30.209786]  which belongs to the cache kmalloc-8k of size 8192
[   30.211077] The buggy address is located 0 bytes to the right of
[   30.211077]  allocated 7936-byte region [fff00000c1644000, fff00000c1645f00)
[   30.213297] 
[   30.213674] The buggy address belongs to the physical page:
[   30.214350] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101640
[   30.215205] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.216185] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.217483] page_type: f5(slab)
[   30.218005] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   30.218890] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   30.219818] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   30.221351] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   30.222211] head: 0bfffe0000000003 ffffc1ffc3059001 ffffffffffffffff 0000000000000000
[   30.223088] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   30.223881] page dumped because: kasan: bad access detected
[   30.225149] 
[   30.225507] Memory state around the buggy address:
[   30.226042]  fff00000c1645e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.226869]  fff00000c1645e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.227679] >fff00000c1645f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.229067]                    ^
[   30.229607]  fff00000c1645f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.230759]  fff00000c1646000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.231606] ==================================================================
Metadata Full log Test run details 

[   30.135202] ==================================================================
[   30.136381] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0
[   30.137168] Write of size 1 at addr fff00000c6531f00 by task kunit_try_catch/133
[   30.138084] 
[   30.138767] CPU: 1 UID: 0 PID: 133 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   30.139852] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.140511] Hardware name: linux,dummy-virt (DT)
[   30.141076] Call trace:
[   30.141625]  show_stack+0x20/0x38 (C)
[   30.142293]  dump_stack_lvl+0x8c/0xd0
[   30.143108]  print_report+0x118/0x5e0
[   30.143811]  kasan_report+0xc8/0x118
[   30.144456]  __asan_report_store1_noabort+0x20/0x30
[   30.145297]  kmalloc_big_oob_right+0x2a4/0x2f0
[   30.146322]  kunit_try_run_case+0x14c/0x3d0
[   30.146969]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.147778]  kthread+0x24c/0x2d0
[   30.148358]  ret_from_fork+0x10/0x20
[   30.148972] 
[   30.149385] Allocated by task 133:
[   30.150232]  kasan_save_stack+0x3c/0x68
[   30.150718]  kasan_save_track+0x20/0x40
[   30.151339]  kasan_save_alloc_info+0x40/0x58
[   30.152061]  __kasan_kmalloc+0xd4/0xd8
[   30.152732]  __kmalloc_cache_noprof+0x15c/0x3c8
[   30.153417]  kmalloc_big_oob_right+0xb8/0x2f0
[   30.154412]  kunit_try_run_case+0x14c/0x3d0
[   30.155044]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.155780]  kthread+0x24c/0x2d0
[   30.156391]  ret_from_fork+0x10/0x20
[   30.156980] 
[   30.157350] The buggy address belongs to the object at fff00000c6530000
[   30.157350]  which belongs to the cache kmalloc-8k of size 8192
[   30.159236] The buggy address is located 0 bytes to the right of
[   30.159236]  allocated 7936-byte region [fff00000c6530000, fff00000c6531f00)
[   30.160968] 
[   30.161392] The buggy address belongs to the physical page:
[   30.162243] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106530
[   30.163316] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.164400] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.165477] page_type: f5(slab)
[   30.166261] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   30.167366] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   30.168174] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   30.169140] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   30.170018] head: 0bfffe0000000003 ffffc1ffc3194c01 ffffffffffffffff 0000000000000000
[   30.170964] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   30.171871] page dumped because: kasan: bad access detected
[   30.172512] 
[   30.172942] Memory state around the buggy address:
[   30.173577]  fff00000c6531e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.174440]  fff00000c6531e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.175364] >fff00000c6531f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.176259]                    ^
[   30.176864]  fff00000c6531f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.177674]  fff00000c6532000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.178627] ==================================================================
Metadata Full log Test run details 

[   24.139928] ==================================================================
[   24.141724] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x318/0x370
[   24.142692] Write of size 1 at addr ffff8881021a5f00 by task kunit_try_catch/151
[   24.143713] 
[   24.143942] CPU: 1 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   24.145758] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.146062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.147173] Call Trace:
[   24.147461]  <TASK>
[   24.147964]  dump_stack_lvl+0x73/0xb0
[   24.148530]  print_report+0xd1/0x640
[   24.149335]  ? __virt_addr_valid+0x1db/0x2d0
[   24.150001]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.151387]  kasan_report+0x102/0x140
[   24.151894]  ? kmalloc_big_oob_right+0x318/0x370
[   24.152585]  ? kmalloc_big_oob_right+0x318/0x370
[   24.153121]  __asan_report_store1_noabort+0x1b/0x30
[   24.153567]  kmalloc_big_oob_right+0x318/0x370
[   24.153913]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   24.154260]  ? __schedule+0xc3e/0x2790
[   24.154556]  ? __pfx_read_tsc+0x10/0x10
[   24.155033]  ? ktime_get_ts64+0x84/0x230
[   24.155456]  kunit_try_run_case+0x1b3/0x490
[   24.155989]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.156342]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   24.157396]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.158107]  ? __kthread_parkme+0x82/0x160
[   24.158653]  ? preempt_count_sub+0x50/0x80
[   24.159511]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.160229]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.161119]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.162604]  kthread+0x257/0x310
[   24.163212]  ? __pfx_kthread+0x10/0x10
[   24.163875]  ret_from_fork+0x41/0x80
[   24.164516]  ? __pfx_kthread+0x10/0x10
[   24.165204]  ret_from_fork_asm+0x1a/0x30
[   24.165784]  </TASK>
[   24.166005] 
[   24.166270] Allocated by task 151:
[   24.167625]  kasan_save_stack+0x3d/0x60
[   24.168974]  kasan_save_track+0x18/0x40
[   24.169800]  kasan_save_alloc_info+0x3b/0x50
[   24.170679]  __kasan_kmalloc+0xb7/0xc0
[   24.171288]  __kmalloc_cache_noprof+0x184/0x410
[   24.172235]  kmalloc_big_oob_right+0xaa/0x370
[   24.172953]  kunit_try_run_case+0x1b3/0x490
[   24.173751]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.174557]  kthread+0x257/0x310
[   24.175063]  ret_from_fork+0x41/0x80
[   24.176018]  ret_from_fork_asm+0x1a/0x30
[   24.176629] 
[   24.177131] The buggy address belongs to the object at ffff8881021a4000
[   24.177131]  which belongs to the cache kmalloc-8k of size 8192
[   24.179301] The buggy address is located 0 bytes to the right of
[   24.179301]  allocated 7936-byte region [ffff8881021a4000, ffff8881021a5f00)
[   24.180792] 
[   24.181329] The buggy address belongs to the physical page:
[   24.182577] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1021a0
[   24.183493] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.184473] flags: 0x200000000000040(head|node=0|zone=2)
[   24.185147] page_type: f5(slab)
[   24.185549] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   24.186958] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   24.188327] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   24.189247] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   24.190325] head: 0200000000000003 ffffea0004086801 ffffffffffffffff 0000000000000000
[   24.191452] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   24.192300] page dumped because: kasan: bad access detected
[   24.192681] 
[   24.193292] Memory state around the buggy address:
[   24.194231]  ffff8881021a5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.195476]  ffff8881021a5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.196381] >ffff8881021a5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.197450]                    ^
[   24.197714]  ffff8881021a5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.199190]  ffff8881021a6000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.199764] ==================================================================
Metadata Full log Test run details 

[   19.361519] ==================================================================
[   19.362679] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x318/0x370
[   19.363362] Write of size 1 at addr ffff888102a99f00 by task kunit_try_catch/151
[   19.364091] 
[   19.364435] CPU: 0 UID: 0 PID: 151 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   19.365200] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.365781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   19.366907] Call Trace:
[   19.367297]  <TASK>
[   19.367529]  dump_stack_lvl+0x73/0xb0
[   19.368198]  print_report+0xd1/0x640
[   19.368996]  ? __virt_addr_valid+0x1db/0x2d0
[   19.369661]  ? kasan_complete_mode_report_info+0x2a/0x200
[   19.370436]  kasan_report+0x102/0x140
[   19.371002]  ? kmalloc_big_oob_right+0x318/0x370
[   19.371623]  ? kmalloc_big_oob_right+0x318/0x370
[   19.372547]  __asan_report_store1_noabort+0x1b/0x30
[   19.373121]  kmalloc_big_oob_right+0x318/0x370
[   19.373629]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   19.374353]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   19.375034]  kunit_try_run_case+0x1b3/0x490
[   19.375742]  ? __pfx_kunit_try_run_case+0x10/0x10
[   19.376268]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   19.376530]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   19.376901]  ? __kthread_parkme+0x82/0x160
[   19.377918]  ? preempt_count_sub+0x50/0x80
[   19.378574]  ? __pfx_kunit_try_run_case+0x10/0x10
[   19.378999]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   19.379444]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.379821]  kthread+0x257/0x310
[   19.380203]  ? __pfx_kthread+0x10/0x10
[   19.380847]  ret_from_fork+0x41/0x80
[   19.381292]  ? __pfx_kthread+0x10/0x10
[   19.381774]  ret_from_fork_asm+0x1a/0x30
[   19.382371]  </TASK>
[   19.382630] 
[   19.382861] Allocated by task 151:
[   19.383684]  kasan_save_stack+0x3d/0x60
[   19.384225]  kasan_save_track+0x18/0x40
[   19.384698]  kasan_save_alloc_info+0x3b/0x50
[   19.385147]  __kasan_kmalloc+0xb7/0xc0
[   19.385570]  __kmalloc_cache_noprof+0x184/0x410
[   19.386213]  kmalloc_big_oob_right+0xaa/0x370
[   19.386639]  kunit_try_run_case+0x1b3/0x490
[   19.387003]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.387476]  kthread+0x257/0x310
[   19.387774]  ret_from_fork+0x41/0x80
[   19.388166]  ret_from_fork_asm+0x1a/0x30
[   19.388532] 
[   19.388697] The buggy address belongs to the object at ffff888102a98000
[   19.388697]  which belongs to the cache kmalloc-8k of size 8192
[   19.389823] The buggy address is located 0 bytes to the right of
[   19.389823]  allocated 7936-byte region [ffff888102a98000, ffff888102a99f00)
[   19.391376] 
[   19.391693] The buggy address belongs to the physical page:
[   19.392360] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a98
[   19.393611] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.395428] flags: 0x200000000000040(head|node=0|zone=2)
[   19.395965] page_type: f5(slab)
[   19.396360] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   19.397030] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   19.397566] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   19.398251] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   19.399269] head: 0200000000000003 ffffea00040aa601 ffffffffffffffff 0000000000000000
[   19.399812] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   19.400468] page dumped because: kasan: bad access detected
[   19.400945] 
[   19.401146] Memory state around the buggy address:
[   19.401821]  ffff888102a99e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.402746]  ffff888102a99e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.403536] >ffff888102a99f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.404267]                    ^
[   19.404640]  ffff888102a99f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.405330]  ffff888102a9a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.406097] ==================================================================
Metadata Full log Test run details