Hay
Sign in
Date
Nov. 26, 2024, 6:09 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   30.046311] ==================================================================
[   30.047284] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330
[   30.048117] Read of size 1 at addr fff00000c6407000 by task kunit_try_catch/129
[   30.049344] 
[   30.049806] CPU: 1 UID: 0 PID: 129 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   30.051056] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.051687] Hardware name: linux,dummy-virt (DT)
[   30.052614] Call trace:
[   30.053107]  show_stack+0x20/0x38 (C)
[   30.053734]  dump_stack_lvl+0x8c/0xd0
[   30.054419]  print_report+0x118/0x5e0
[   30.055032]  kasan_report+0xc8/0x118
[   30.055718]  __asan_report_load1_noabort+0x20/0x30
[   30.056739]  kmalloc_node_oob_right+0x2f4/0x330
[   30.057344]  kunit_try_run_case+0x14c/0x3d0
[   30.058066]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.058820]  kthread+0x24c/0x2d0
[   30.059457]  ret_from_fork+0x10/0x20
[   30.060023] 
[   30.060444] Allocated by task 129:
[   30.061383]  kasan_save_stack+0x3c/0x68
[   30.062065]  kasan_save_track+0x20/0x40
[   30.062589]  kasan_save_alloc_info+0x40/0x58
[   30.063257]  __kasan_kmalloc+0xd4/0xd8
[   30.063785]  __kmalloc_cache_node_noprof+0x164/0x3d0
[   30.064707]  kmalloc_node_oob_right+0xbc/0x330
[   30.065484]  kunit_try_run_case+0x14c/0x3d0
[   30.066082]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.066661]  kthread+0x24c/0x2d0
[   30.067265]  ret_from_fork+0x10/0x20
[   30.067892] 
[   30.068276] The buggy address belongs to the object at fff00000c6406000
[   30.068276]  which belongs to the cache kmalloc-4k of size 4096
[   30.070501] The buggy address is located 0 bytes to the right of
[   30.070501]  allocated 4096-byte region [fff00000c6406000, fff00000c6407000)
[   30.071736] 
[   30.072156] The buggy address belongs to the physical page:
[   30.073113] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106400
[   30.074482] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.075365] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.076248] page_type: f5(slab)
[   30.077085] raw: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000
[   30.078013] raw: 0000000000000000 0000000080040004 00000001f5000000 0000000000000000
[   30.079031] head: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000
[   30.079929] head: 0000000000000000 0000000080040004 00000001f5000000 0000000000000000
[   30.080955] head: 0bfffe0000000003 ffffc1ffc3190001 ffffffffffffffff 0000000000000000
[   30.082241] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   30.083352] page dumped because: kasan: bad access detected
[   30.084205] 
[   30.084882] Memory state around the buggy address:
[   30.085427]  fff00000c6406f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.086269]  fff00000c6406f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.087150] >fff00000c6407000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.087976]                    ^
[   30.088883]  fff00000c6407080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.089793]  fff00000c6407100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.090676] ==================================================================
Metadata Full log Test run details 

[   29.991383] ==================================================================
[   29.992580] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330
[   29.993433] Read of size 1 at addr fff00000c6483000 by task kunit_try_catch/129
[   29.994737] 
[   29.995142] CPU: 0 UID: 0 PID: 129 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   29.996393] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.996947] Hardware name: linux,dummy-virt (DT)
[   29.997550] Call trace:
[   29.997989]  show_stack+0x20/0x38 (C)
[   29.998506]  dump_stack_lvl+0x8c/0xd0
[   29.999205]  print_report+0x118/0x5e0
[   30.000124]  kasan_report+0xc8/0x118
[   30.000763]  __asan_report_load1_noabort+0x20/0x30
[   30.001423]  kmalloc_node_oob_right+0x2f4/0x330
[   30.002340]  kunit_try_run_case+0x14c/0x3d0
[   30.002998]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.003804]  kthread+0x24c/0x2d0
[   30.004338]  ret_from_fork+0x10/0x20
[   30.004897] 
[   30.005269] Allocated by task 129:
[   30.006126]  kasan_save_stack+0x3c/0x68
[   30.006774]  kasan_save_track+0x20/0x40
[   30.007372]  kasan_save_alloc_info+0x40/0x58
[   30.008058]  __kasan_kmalloc+0xd4/0xd8
[   30.008654]  __kmalloc_cache_node_noprof+0x164/0x3d0
[   30.009282]  kmalloc_node_oob_right+0xbc/0x330
[   30.011004]  kunit_try_run_case+0x14c/0x3d0
[   30.011612]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.012292]  kthread+0x24c/0x2d0
[   30.012902]  ret_from_fork+0x10/0x20
[   30.013509] 
[   30.014186] The buggy address belongs to the object at fff00000c6482000
[   30.014186]  which belongs to the cache kmalloc-4k of size 4096
[   30.015382] The buggy address is located 0 bytes to the right of
[   30.015382]  allocated 4096-byte region [fff00000c6482000, fff00000c6483000)
[   30.016628] 
[   30.016997] The buggy address belongs to the physical page:
[   30.018112] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106480
[   30.019345] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.020278] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.021131] page_type: f5(slab)
[   30.021923] raw: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000
[   30.022901] raw: 0000000000000000 0000000080040004 00000001f5000000 0000000000000000
[   30.023799] head: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000
[   30.024637] head: 0000000000000000 0000000080040004 00000001f5000000 0000000000000000
[   30.025544] head: 0bfffe0000000003 ffffc1ffc3192001 ffffffffffffffff 0000000000000000
[   30.026818] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   30.027646] page dumped because: kasan: bad access detected
[   30.028342] 
[   30.028730] Memory state around the buggy address:
[   30.029401]  fff00000c6482f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.031279]  fff00000c6482f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.032063] >fff00000c6483000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.033014]                    ^
[   30.033608]  fff00000c6483080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.034669]  fff00000c6483100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.035816] ==================================================================
Metadata Full log Test run details 

[   23.976391] ==================================================================
[   23.977412] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x36b/0x3d0
[   23.978265] Read of size 1 at addr ffff888102a5b000 by task kunit_try_catch/147
[   23.978781] 
[   23.979084] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   23.980001] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.980373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.981280] Call Trace:
[   23.981822]  <TASK>
[   23.982126]  dump_stack_lvl+0x73/0xb0
[   23.982680]  print_report+0xd1/0x640
[   23.982986]  ? __virt_addr_valid+0x1db/0x2d0
[   23.983610]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.984577]  kasan_report+0x102/0x140
[   23.985144]  ? kmalloc_node_oob_right+0x36b/0x3d0
[   23.985785]  ? kmalloc_node_oob_right+0x36b/0x3d0
[   23.986113]  __asan_report_load1_noabort+0x18/0x20
[   23.986581]  kmalloc_node_oob_right+0x36b/0x3d0
[   23.987154]  ? __pfx_kmalloc_node_oob_right+0x10/0x10
[   23.987684]  ? __schedule+0xc3e/0x2790
[   23.988257]  ? __pfx_read_tsc+0x10/0x10
[   23.988587]  ? ktime_get_ts64+0x84/0x230
[   23.989129]  kunit_try_run_case+0x1b3/0x490
[   23.989644]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.990120]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   23.990762]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.991276]  ? __kthread_parkme+0x82/0x160
[   23.991866]  ? preempt_count_sub+0x50/0x80
[   23.992459]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.992931]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.993300]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.993744]  kthread+0x257/0x310
[   23.994372]  ? __pfx_kthread+0x10/0x10
[   23.995006]  ret_from_fork+0x41/0x80
[   23.995508]  ? __pfx_kthread+0x10/0x10
[   23.996037]  ret_from_fork_asm+0x1a/0x30
[   23.996501]  </TASK>
[   23.996970] 
[   23.997310] Allocated by task 147:
[   23.997682]  kasan_save_stack+0x3d/0x60
[   23.998204]  kasan_save_track+0x18/0x40
[   23.998741]  kasan_save_alloc_info+0x3b/0x50
[   23.999034]  __kasan_kmalloc+0xb7/0xc0
[   23.999289]  __kmalloc_cache_node_noprof+0x183/0x420
[   23.999585]  kmalloc_node_oob_right+0xac/0x3d0
[   24.000148]  kunit_try_run_case+0x1b3/0x490
[   24.000861]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.001601]  kthread+0x257/0x310
[   24.002098]  ret_from_fork+0x41/0x80
[   24.002663]  ret_from_fork_asm+0x1a/0x30
[   24.003148] 
[   24.003373] The buggy address belongs to the object at ffff888102a5a000
[   24.003373]  which belongs to the cache kmalloc-4k of size 4096
[   24.004647] The buggy address is located 0 bytes to the right of
[   24.004647]  allocated 4096-byte region [ffff888102a5a000, ffff888102a5b000)
[   24.005506] 
[   24.005669] The buggy address belongs to the physical page:
[   24.006634] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a58
[   24.007823] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.008767] flags: 0x200000000000040(head|node=0|zone=2)
[   24.009757] page_type: f5(slab)
[   24.010087] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000
[   24.010465] raw: 0000000000000000 0000000080040004 00000001f5000000 0000000000000000
[   24.011243] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000
[   24.012344] head: 0000000000000000 0000000080040004 00000001f5000000 0000000000000000
[   24.013222] head: 0200000000000003 ffffea00040a9601 ffffffffffffffff 0000000000000000
[   24.013991] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   24.014425] page dumped because: kasan: bad access detected
[   24.014753] 
[   24.014908] Memory state around the buggy address:
[   24.015492]  ffff888102a5af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.016270]  ffff888102a5af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.017796] >ffff888102a5b000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.018381]                    ^
[   24.019236]  ffff888102a5b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.019771]  ffff888102a5b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.020656] ==================================================================
Metadata Full log Test run details 

[   19.223721] ==================================================================
[   19.224574] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x36b/0x3d0
[   19.225829] Read of size 1 at addr ffff88810296d000 by task kunit_try_catch/147
[   19.226931] 
[   19.227511] CPU: 1 UID: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.12.0-next-20241126 #1
[   19.228793] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.229174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   19.230696] Call Trace:
[   19.230909]  <TASK>
[   19.231240]  dump_stack_lvl+0x73/0xb0
[   19.232074]  print_report+0xd1/0x640
[   19.232512]  ? __virt_addr_valid+0x1db/0x2d0
[   19.233557]  ? kasan_complete_mode_report_info+0x2a/0x200
[   19.234363]  kasan_report+0x102/0x140
[   19.234821]  ? kmalloc_node_oob_right+0x36b/0x3d0
[   19.235264]  ? kmalloc_node_oob_right+0x36b/0x3d0
[   19.235644]  __asan_report_load1_noabort+0x18/0x20
[   19.236650]  kmalloc_node_oob_right+0x36b/0x3d0
[   19.237454]  ? __pfx_kmalloc_node_oob_right+0x10/0x10
[   19.238217]  ? __schedule+0xc3e/0x2790
[   19.238747]  ? __pfx_read_tsc+0x10/0x10
[   19.239032]  ? ktime_get_ts64+0x84/0x230
[   19.239633]  kunit_try_run_case+0x1b3/0x490
[   19.240682]  ? __pfx_kunit_try_run_case+0x10/0x10
[   19.241230]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   19.241613]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   19.242184]  ? __kthread_parkme+0x82/0x160
[   19.242713]  ? preempt_count_sub+0x50/0x80
[   19.243235]  ? __pfx_kunit_try_run_case+0x10/0x10
[   19.243661]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   19.244249]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.244670]  kthread+0x257/0x310
[   19.245059]  ? __pfx_kthread+0x10/0x10
[   19.245468]  ret_from_fork+0x41/0x80
[   19.246161]  ? __pfx_kthread+0x10/0x10
[   19.246569]  ret_from_fork_asm+0x1a/0x30
[   19.247805]  </TASK>
[   19.248308] 
[   19.248552] Allocated by task 147:
[   19.249101]  kasan_save_stack+0x3d/0x60
[   19.249426]  kasan_save_track+0x18/0x40
[   19.249907]  kasan_save_alloc_info+0x3b/0x50
[   19.250682]  __kasan_kmalloc+0xb7/0xc0
[   19.251098]  __kmalloc_cache_node_noprof+0x183/0x420
[   19.251430]  kmalloc_node_oob_right+0xac/0x3d0
[   19.252147]  kunit_try_run_case+0x1b3/0x490
[   19.252620]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   19.253190]  kthread+0x257/0x310
[   19.253578]  ret_from_fork+0x41/0x80
[   19.253967]  ret_from_fork_asm+0x1a/0x30
[   19.254401] 
[   19.255218] The buggy address belongs to the object at ffff88810296c000
[   19.255218]  which belongs to the cache kmalloc-4k of size 4096
[   19.256196] The buggy address is located 0 bytes to the right of
[   19.256196]  allocated 4096-byte region [ffff88810296c000, ffff88810296d000)
[   19.257418] 
[   19.257712] The buggy address belongs to the physical page:
[   19.258754] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102968
[   19.259867] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.260787] flags: 0x200000000000040(head|node=0|zone=2)
[   19.261740] page_type: f5(slab)
[   19.262100] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000
[   19.262783] raw: 0000000000000000 0000000080040004 00000001f5000000 0000000000000000
[   19.263311] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000
[   19.264556] head: 0000000000000000 0000000080040004 00000001f5000000 0000000000000000
[   19.265391] head: 0200000000000003 ffffea00040a5a01 ffffffffffffffff 0000000000000000
[   19.266221] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   19.266807] page dumped because: kasan: bad access detected
[   19.267892] 
[   19.268379] Memory state around the buggy address:
[   19.268874]  ffff88810296cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.270128]  ffff88810296cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.270564] >ffff88810296d000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.271356]                    ^
[   19.272415]  ffff88810296d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.273471]  ffff88810296d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.273842] ==================================================================
Metadata Full log Test run details