Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 31.247266] ================================================================== [ 31.248719] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 31.249530] Write of size 128 at addr fff00000c5685000 by task kunit_try_catch/159 [ 31.249954] [ 31.250306] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 31.251335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.251845] Hardware name: linux,dummy-virt (DT) [ 31.252529] Call trace: [ 31.252957] show_stack+0x20/0x38 (C) [ 31.253521] dump_stack_lvl+0x8c/0xd0 [ 31.254483] print_report+0x118/0x5e0 [ 31.255144] kasan_report+0xc8/0x118 [ 31.255764] kasan_check_range+0x100/0x1a8 [ 31.256655] __asan_memset+0x34/0x78 [ 31.257283] kmalloc_oob_in_memset+0x144/0x2d0 [ 31.257989] kunit_try_run_case+0x14c/0x3d0 [ 31.258578] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.259380] kthread+0x24c/0x2d0 [ 31.259986] ret_from_fork+0x10/0x20 [ 31.260869] [ 31.261239] Allocated by task 159: [ 31.261655] kasan_save_stack+0x3c/0x68 [ 31.262282] kasan_save_track+0x20/0x40 [ 31.262897] kasan_save_alloc_info+0x40/0x58 [ 31.263504] __kasan_kmalloc+0xd4/0xd8 [ 31.264119] __kmalloc_cache_noprof+0x15c/0x3c8 [ 31.265979] kmalloc_oob_in_memset+0xb0/0x2d0 [ 31.266533] kunit_try_run_case+0x14c/0x3d0 [ 31.267182] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.267866] kthread+0x24c/0x2d0 [ 31.268627] ret_from_fork+0x10/0x20 [ 31.269149] [ 31.269515] The buggy address belongs to the object at fff00000c5685000 [ 31.269515] which belongs to the cache kmalloc-128 of size 128 [ 31.270713] The buggy address is located 0 bytes inside of [ 31.270713] allocated 120-byte region [fff00000c5685000, fff00000c5685078) [ 31.272004] [ 31.272327] The buggy address belongs to the physical page: [ 31.273292] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105685 [ 31.274187] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.275722] page_type: f5(slab) [ 31.276236] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.277429] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 31.278522] page dumped because: kasan: bad access detected [ 31.279119] [ 31.279481] Memory state around the buggy address: [ 31.280149] fff00000c5684f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.281057] fff00000c5684f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 31.281857] >fff00000c5685000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.282755] ^ [ 31.283484] fff00000c5685080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.284960] fff00000c5685100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.285530] ==================================================================
[ 31.223054] ================================================================== [ 31.224110] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 31.224955] Write of size 128 at addr fff00000c64d9c00 by task kunit_try_catch/159 [ 31.225685] [ 31.226073] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 31.227662] Tainted: [B]=BAD_PAGE, [N]=TEST [ 31.228131] Hardware name: linux,dummy-virt (DT) [ 31.228822] Call trace: [ 31.229240] show_stack+0x20/0x38 (C) [ 31.229961] dump_stack_lvl+0x8c/0xd0 [ 31.230634] print_report+0x118/0x5e0 [ 31.231160] kasan_report+0xc8/0x118 [ 31.232029] kasan_check_range+0x100/0x1a8 [ 31.232750] __asan_memset+0x34/0x78 [ 31.233379] kmalloc_oob_in_memset+0x144/0x2d0 [ 31.234591] kunit_try_run_case+0x14c/0x3d0 [ 31.235171] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.235896] kthread+0x24c/0x2d0 [ 31.236501] ret_from_fork+0x10/0x20 [ 31.237108] [ 31.237447] Allocated by task 159: [ 31.237913] kasan_save_stack+0x3c/0x68 [ 31.238799] kasan_save_track+0x20/0x40 [ 31.239427] kasan_save_alloc_info+0x40/0x58 [ 31.240103] __kasan_kmalloc+0xd4/0xd8 [ 31.240736] __kmalloc_cache_noprof+0x15c/0x3c8 [ 31.241348] kmalloc_oob_in_memset+0xb0/0x2d0 [ 31.242920] kunit_try_run_case+0x14c/0x3d0 [ 31.243596] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 31.244404] kthread+0x24c/0x2d0 [ 31.244778] ret_from_fork+0x10/0x20 [ 31.245370] [ 31.245967] The buggy address belongs to the object at fff00000c64d9c00 [ 31.245967] which belongs to the cache kmalloc-128 of size 128 [ 31.247207] The buggy address is located 0 bytes inside of [ 31.247207] allocated 120-byte region [fff00000c64d9c00, fff00000c64d9c78) [ 31.248442] [ 31.248944] The buggy address belongs to the physical page: [ 31.250067] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064d9 [ 31.251250] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 31.252147] page_type: f5(slab) [ 31.252882] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 31.254164] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 31.255255] page dumped because: kasan: bad access detected [ 31.256172] [ 31.256774] Memory state around the buggy address: [ 31.257478] fff00000c64d9b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 31.258762] fff00000c64d9b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.259870] >fff00000c64d9c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.260983] ^ [ 31.262011] fff00000c64d9c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.263576] fff00000c64d9d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.264421] ==================================================================
[ 25.376604] ================================================================== [ 25.377210] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x160/0x320 [ 25.377210] Write of size 128 at addr ffff888102938700 by task kunit_try_catch/179 [ 25.377210] [ 25.377210] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 25.377210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.377210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.377210] Call Trace: [ 25.377210] <TASK> [ 25.377210] dump_stack_lvl+0x73/0xb0 [ 25.377210] print_report+0xd1/0x640 [ 25.377210] ? __virt_addr_valid+0x1db/0x2d0 [ 25.377210] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.377210] kasan_report+0x102/0x140 [ 25.377210] ? kmalloc_oob_in_memset+0x160/0x320 [ 25.377210] ? kmalloc_oob_in_memset+0x160/0x320 [ 25.377210] kasan_check_range+0x10c/0x1c0 [ 25.377210] __asan_memset+0x27/0x50 [ 25.377210] kmalloc_oob_in_memset+0x160/0x320 [ 25.377210] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 25.377210] ? __schedule+0xc3e/0x2790 [ 25.377210] ? ktime_get_ts64+0x84/0x230 [ 25.377210] kunit_try_run_case+0x1b3/0x490 [ 25.377210] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.377210] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.377210] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.377210] ? __kthread_parkme+0x82/0x160 [ 25.377210] ? preempt_count_sub+0x50/0x80 [ 25.377210] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.377210] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.377210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.377210] kthread+0x257/0x310 [ 25.377210] ? __pfx_kthread+0x10/0x10 [ 25.377210] ret_from_fork+0x41/0x80 [ 25.377210] ? __pfx_kthread+0x10/0x10 [ 25.377210] ret_from_fork_asm+0x1a/0x30 [ 25.377210] </TASK> [ 25.377210] [ 25.377210] Allocated by task 179: [ 25.377210] kasan_save_stack+0x3d/0x60 [ 25.377210] kasan_save_track+0x18/0x40 [ 25.377210] kasan_save_alloc_info+0x3b/0x50 [ 25.377210] __kasan_kmalloc+0xb7/0xc0 [ 25.377210] __kmalloc_cache_noprof+0x184/0x410 [ 25.377210] kmalloc_oob_in_memset+0xad/0x320 [ 25.377210] kunit_try_run_case+0x1b3/0x490 [ 25.377210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.377210] kthread+0x257/0x310 [ 25.377210] ret_from_fork+0x41/0x80 [ 25.377210] ret_from_fork_asm+0x1a/0x30 [ 25.377210] [ 25.377210] The buggy address belongs to the object at ffff888102938700 [ 25.377210] which belongs to the cache kmalloc-128 of size 128 [ 25.377210] The buggy address is located 0 bytes inside of [ 25.377210] allocated 120-byte region [ffff888102938700, ffff888102938778) [ 25.377210] [ 25.377210] The buggy address belongs to the physical page: [ 25.377210] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102938 [ 25.377210] flags: 0x200000000000000(node=0|zone=2) [ 25.377210] page_type: f5(slab) [ 25.377210] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.377210] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 25.377210] page dumped because: kasan: bad access detected [ 25.377210] [ 25.377210] Memory state around the buggy address: [ 25.377210] ffff888102938600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 25.377210] ffff888102938680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.377210] >ffff888102938700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.377210] ^ [ 25.377210] ffff888102938780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.377210] ffff888102938800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.377210] ==================================================================
[ 20.405805] ================================================================== [ 20.406800] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x160/0x320 [ 20.407863] Write of size 128 at addr ffff8881028b7600 by task kunit_try_catch/177 [ 20.408340] [ 20.408620] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 20.409477] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.410016] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.410785] Call Trace: [ 20.411103] <TASK> [ 20.411849] dump_stack_lvl+0x73/0xb0 [ 20.412335] print_report+0xd1/0x640 [ 20.412743] ? __virt_addr_valid+0x1db/0x2d0 [ 20.413549] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.414037] kasan_report+0x102/0x140 [ 20.414335] ? kmalloc_oob_in_memset+0x160/0x320 [ 20.415403] ? kmalloc_oob_in_memset+0x160/0x320 [ 20.415934] kasan_check_range+0x10c/0x1c0 [ 20.416679] __asan_memset+0x27/0x50 [ 20.417091] kmalloc_oob_in_memset+0x160/0x320 [ 20.417766] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 20.418284] ? __schedule+0xc3e/0x2790 [ 20.419867] ? __pfx_read_tsc+0x10/0x10 [ 20.420547] ? ktime_get_ts64+0x84/0x230 [ 20.421007] kunit_try_run_case+0x1b3/0x490 [ 20.421321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.421926] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 20.422463] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.423070] ? __kthread_parkme+0x82/0x160 [ 20.423617] ? preempt_count_sub+0x50/0x80 [ 20.424348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.425314] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.426603] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.427242] kthread+0x257/0x310 [ 20.427636] ? __pfx_kthread+0x10/0x10 [ 20.427922] ret_from_fork+0x41/0x80 [ 20.428322] ? __pfx_kthread+0x10/0x10 [ 20.429133] ret_from_fork_asm+0x1a/0x30 [ 20.429757] </TASK> [ 20.430012] [ 20.430214] Allocated by task 177: [ 20.430548] kasan_save_stack+0x3d/0x60 [ 20.431265] kasan_save_track+0x18/0x40 [ 20.431859] kasan_save_alloc_info+0x3b/0x50 [ 20.432345] __kasan_kmalloc+0xb7/0xc0 [ 20.432940] __kmalloc_cache_noprof+0x184/0x410 [ 20.433346] kmalloc_oob_in_memset+0xad/0x320 [ 20.434351] kunit_try_run_case+0x1b3/0x490 [ 20.434796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.435530] kthread+0x257/0x310 [ 20.436133] ret_from_fork+0x41/0x80 [ 20.436608] ret_from_fork_asm+0x1a/0x30 [ 20.437269] [ 20.437773] The buggy address belongs to the object at ffff8881028b7600 [ 20.437773] which belongs to the cache kmalloc-128 of size 128 [ 20.439967] The buggy address is located 0 bytes inside of [ 20.439967] allocated 120-byte region [ffff8881028b7600, ffff8881028b7678) [ 20.441082] [ 20.441312] The buggy address belongs to the physical page: [ 20.441713] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028b7 [ 20.442304] flags: 0x200000000000000(node=0|zone=2) [ 20.443298] page_type: f5(slab) [ 20.443652] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.444550] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 20.445283] page dumped because: kasan: bad access detected [ 20.445812] [ 20.446293] Memory state around the buggy address: [ 20.446856] ffff8881028b7500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.447550] ffff8881028b7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.448121] >ffff8881028b7600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.448707] ^ [ 20.449786] ffff8881028b7680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.450707] ffff8881028b7700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.451825] ==================================================================