Date
Nov. 26, 2024, 6:09 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 29.991427] ================================================================== [ 29.992820] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 29.994601] Read of size 1 at addr fff00000c599a7ff by task kunit_try_catch/127 [ 29.995386] [ 29.995870] CPU: 1 UID: 0 PID: 127 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 29.997137] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.998098] Hardware name: linux,dummy-virt (DT) [ 29.998597] Call trace: [ 29.999066] show_stack+0x20/0x38 (C) [ 29.999700] dump_stack_lvl+0x8c/0xd0 [ 30.000618] print_report+0x118/0x5e0 [ 30.001217] kasan_report+0xc8/0x118 [ 30.001773] __asan_report_load1_noabort+0x20/0x30 [ 30.002404] kmalloc_oob_left+0x2ec/0x320 [ 30.003068] kunit_try_run_case+0x14c/0x3d0 [ 30.003707] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.004724] kthread+0x24c/0x2d0 [ 30.005285] ret_from_fork+0x10/0x20 [ 30.005858] [ 30.006185] Allocated by task 28: [ 30.006732] kasan_save_stack+0x3c/0x68 [ 30.007260] kasan_save_track+0x20/0x40 [ 30.007862] kasan_save_alloc_info+0x40/0x58 [ 30.009022] __kasan_kmalloc+0xd4/0xd8 [ 30.009438] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 30.009979] kstrdup+0x54/0xc8 [ 30.010375] devtmpfs_work_loop+0x384/0x590 [ 30.011051] devtmpfsd+0x50/0x58 [ 30.011614] kthread+0x24c/0x2d0 [ 30.012196] ret_from_fork+0x10/0x20 [ 30.012842] [ 30.013261] Freed by task 28: [ 30.013806] kasan_save_stack+0x3c/0x68 [ 30.014457] kasan_save_track+0x20/0x40 [ 30.015088] kasan_save_free_info+0x4c/0x78 [ 30.015821] __kasan_slab_free+0x6c/0x98 [ 30.016470] kfree+0x114/0x3d0 [ 30.017052] devtmpfs_work_loop+0x498/0x590 [ 30.017620] devtmpfsd+0x50/0x58 [ 30.018185] kthread+0x24c/0x2d0 [ 30.018752] ret_from_fork+0x10/0x20 [ 30.019397] [ 30.019736] The buggy address belongs to the object at fff00000c599a7e0 [ 30.019736] which belongs to the cache kmalloc-16 of size 16 [ 30.021157] The buggy address is located 15 bytes to the right of [ 30.021157] allocated 16-byte region [fff00000c599a7e0, fff00000c599a7f0) [ 30.022356] [ 30.022739] The buggy address belongs to the physical page: [ 30.023456] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10599a [ 30.024365] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.025095] page_type: f5(slab) [ 30.025692] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 30.026626] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000 [ 30.027560] page dumped because: kasan: bad access detected [ 30.028231] [ 30.028590] Memory state around the buggy address: [ 30.029222] fff00000c599a680: fa fb fc fc fa fb fc fc fa fb fc fc 00 02 fc fc [ 30.029986] fff00000c599a700: 00 02 fc fc 00 00 fc fc 00 07 fc fc 00 07 fc fc [ 30.030788] >fff00000c599a780: 00 00 fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 30.031438] ^ [ 30.032365] fff00000c599a800: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.033036] fff00000c599a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.033948] ==================================================================
[ 29.931058] ================================================================== [ 29.932311] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 29.933022] Read of size 1 at addr fff00000c5e081ff by task kunit_try_catch/127 [ 29.934594] [ 29.934923] CPU: 1 UID: 0 PID: 127 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 29.936429] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.937207] Hardware name: linux,dummy-virt (DT) [ 29.938232] Call trace: [ 29.938862] show_stack+0x20/0x38 (C) [ 29.939383] dump_stack_lvl+0x8c/0xd0 [ 29.940464] print_report+0x118/0x5e0 [ 29.941194] kasan_report+0xc8/0x118 [ 29.942143] __asan_report_load1_noabort+0x20/0x30 [ 29.942848] kmalloc_oob_left+0x2ec/0x320 [ 29.943332] kunit_try_run_case+0x14c/0x3d0 [ 29.944020] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.944780] kthread+0x24c/0x2d0 [ 29.945372] ret_from_fork+0x10/0x20 [ 29.946363] [ 29.946690] Allocated by task 28: [ 29.947246] kasan_save_stack+0x3c/0x68 [ 29.947787] kasan_save_track+0x20/0x40 [ 29.948423] kasan_save_alloc_info+0x40/0x58 [ 29.949133] __kasan_kmalloc+0xd4/0xd8 [ 29.949632] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 29.950758] kstrdup+0x54/0xc8 [ 29.951636] devtmpfs_work_loop+0x384/0x590 [ 29.952191] devtmpfsd+0x50/0x58 [ 29.952760] kthread+0x24c/0x2d0 [ 29.953263] ret_from_fork+0x10/0x20 [ 29.954113] [ 29.954441] Freed by task 28: [ 29.954887] kasan_save_stack+0x3c/0x68 [ 29.955516] kasan_save_track+0x20/0x40 [ 29.956599] kasan_save_free_info+0x4c/0x78 [ 29.957283] __kasan_slab_free+0x6c/0x98 [ 29.958171] kfree+0x114/0x3d0 [ 29.958660] devtmpfs_work_loop+0x498/0x590 [ 29.959242] devtmpfsd+0x50/0x58 [ 29.959839] kthread+0x24c/0x2d0 [ 29.960414] ret_from_fork+0x10/0x20 [ 29.961376] [ 29.962189] The buggy address belongs to the object at fff00000c5e081e0 [ 29.962189] which belongs to the cache kmalloc-16 of size 16 [ 29.963383] The buggy address is located 15 bytes to the right of [ 29.963383] allocated 16-byte region [fff00000c5e081e0, fff00000c5e081f0) [ 29.965511] [ 29.965845] The buggy address belongs to the physical page: [ 29.966591] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e08 [ 29.967458] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.968606] page_type: f5(slab) [ 29.969192] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 29.970873] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000 [ 29.971680] page dumped because: kasan: bad access detected [ 29.972382] [ 29.972956] Memory state around the buggy address: [ 29.973581] fff00000c5e08080: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 29.974881] fff00000c5e08100: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.975802] >fff00000c5e08180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 29.976669] ^ [ 29.977559] fff00000c5e08200: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.979376] fff00000c5e08280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.980196] ==================================================================
[ 23.917020] ================================================================== [ 23.918351] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x363/0x3c0 [ 23.919419] Read of size 1 at addr ffff888101a4681f by task kunit_try_catch/145 [ 23.920759] [ 23.921382] CPU: 0 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 23.922533] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.923422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.924528] Call Trace: [ 23.924823] <TASK> [ 23.925210] dump_stack_lvl+0x73/0xb0 [ 23.925869] print_report+0xd1/0x640 [ 23.926395] ? __virt_addr_valid+0x1db/0x2d0 [ 23.927042] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.927900] kasan_report+0x102/0x140 [ 23.928388] ? kmalloc_oob_left+0x363/0x3c0 [ 23.928920] ? kmalloc_oob_left+0x363/0x3c0 [ 23.929637] __asan_report_load1_noabort+0x18/0x20 [ 23.930465] kmalloc_oob_left+0x363/0x3c0 [ 23.930870] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 23.931612] ? __schedule+0xc3e/0x2790 [ 23.932136] ? __pfx_read_tsc+0x10/0x10 [ 23.932640] ? ktime_get_ts64+0x84/0x230 [ 23.933376] kunit_try_run_case+0x1b3/0x490 [ 23.933905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.934682] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 23.935116] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.935625] ? __kthread_parkme+0x82/0x160 [ 23.936203] ? preempt_count_sub+0x50/0x80 [ 23.936640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.937977] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.938798] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.939683] kthread+0x257/0x310 [ 23.940431] ? __pfx_kthread+0x10/0x10 [ 23.941171] ret_from_fork+0x41/0x80 [ 23.941579] ? __pfx_kthread+0x10/0x10 [ 23.942005] ret_from_fork_asm+0x1a/0x30 [ 23.942446] </TASK> [ 23.942825] [ 23.943081] Allocated by task 1: [ 23.943409] kasan_save_stack+0x3d/0x60 [ 23.943972] kasan_save_track+0x18/0x40 [ 23.944408] kasan_save_alloc_info+0x3b/0x50 [ 23.944917] __kasan_kmalloc+0xb7/0xc0 [ 23.945457] __kmalloc_node_track_caller_noprof+0x1c6/0x500 [ 23.946153] kvasprintf+0xc6/0x150 [ 23.946516] __kthread_create_on_node+0x18c/0x3a0 [ 23.947070] kthread_create_on_node+0xa8/0xe0 [ 23.947604] create_worker+0x3c8/0x7a0 [ 23.948165] alloc_unbound_pwq+0x8ea/0xdb0 [ 23.948727] apply_wqattrs_prepare+0x332/0xd40 [ 23.949250] apply_workqueue_attrs_locked+0x4d/0xa0 [ 23.949947] alloc_workqueue+0xcc4/0x1ad0 [ 23.950333] latency_fsnotify_init+0x1b/0x50 [ 23.950981] do_one_initcall+0xb5/0x370 [ 23.951556] kernel_init_freeable+0x425/0x6f0 [ 23.952184] kernel_init+0x23/0x1e0 [ 23.952738] ret_from_fork+0x41/0x80 [ 23.953379] ret_from_fork_asm+0x1a/0x30 [ 23.954048] [ 23.954423] The buggy address belongs to the object at ffff888101a46800 [ 23.954423] which belongs to the cache kmalloc-16 of size 16 [ 23.955878] The buggy address is located 18 bytes to the right of [ 23.955878] allocated 13-byte region [ffff888101a46800, ffff888101a4680d) [ 23.957365] [ 23.957694] The buggy address belongs to the physical page: [ 23.958432] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a46 [ 23.959432] flags: 0x200000000000000(node=0|zone=2) [ 23.960043] page_type: f5(slab) [ 23.960447] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 23.961421] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000 [ 23.962070] page dumped because: kasan: bad access detected [ 23.962343] [ 23.962442] Memory state around the buggy address: [ 23.962630] ffff888101a46700: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 23.963725] ffff888101a46780: 00 05 fc fc 00 05 fc fc 00 02 fc fc fa fb fc fc [ 23.964815] >ffff888101a46800: 00 05 fc fc 00 07 fc fc fc fc fc fc fc fc fc fc [ 23.965749] ^ [ 23.966385] ffff888101a46880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.967254] ffff888101a46900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.967934] ==================================================================
[ 19.159946] ================================================================== [ 19.160880] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x363/0x3c0 [ 19.161651] Read of size 1 at addr ffff8881028a701f by task kunit_try_catch/145 [ 19.162380] [ 19.163111] CPU: 0 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241126 #1 [ 19.163964] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.164533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.165053] Call Trace: [ 19.165415] <TASK> [ 19.165784] dump_stack_lvl+0x73/0xb0 [ 19.166188] print_report+0xd1/0x640 [ 19.166677] ? __virt_addr_valid+0x1db/0x2d0 [ 19.167021] ? kasan_complete_mode_report_info+0x64/0x200 [ 19.167536] kasan_report+0x102/0x140 [ 19.167903] ? kmalloc_oob_left+0x363/0x3c0 [ 19.168284] ? kmalloc_oob_left+0x363/0x3c0 [ 19.168794] __asan_report_load1_noabort+0x18/0x20 [ 19.169307] kmalloc_oob_left+0x363/0x3c0 [ 19.169905] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 19.170281] ? __schedule+0xc3e/0x2790 [ 19.170777] ? __pfx_read_tsc+0x10/0x10 [ 19.171140] ? ktime_get_ts64+0x84/0x230 [ 19.171441] kunit_try_run_case+0x1b3/0x490 [ 19.171945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.172471] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 19.173070] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.173430] ? __kthread_parkme+0x82/0x160 [ 19.173985] ? preempt_count_sub+0x50/0x80 [ 19.174461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.175620] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.176133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.176507] kthread+0x257/0x310 [ 19.176935] ? __pfx_kthread+0x10/0x10 [ 19.177382] ret_from_fork+0x41/0x80 [ 19.177755] ? __pfx_kthread+0x10/0x10 [ 19.178504] ret_from_fork_asm+0x1a/0x30 [ 19.178995] </TASK> [ 19.179379] [ 19.179889] Allocated by task 1: [ 19.180350] kasan_save_stack+0x3d/0x60 [ 19.180661] kasan_save_track+0x18/0x40 [ 19.180968] kasan_save_alloc_info+0x3b/0x50 [ 19.181509] __kasan_kmalloc+0xb7/0xc0 [ 19.182237] __kmalloc_node_track_caller_noprof+0x1c6/0x500 [ 19.183095] kvasprintf+0xc6/0x150 [ 19.183463] __kthread_create_on_node+0x18c/0x3a0 [ 19.184182] kthread_create_on_node+0xa8/0xe0 [ 19.184687] cryptomgr_notify+0x704/0x9f0 [ 19.184975] notifier_call_chain+0xcb/0x250 [ 19.185298] blocking_notifier_call_chain+0x64/0x90 [ 19.185782] crypto_alg_mod_lookup+0x214/0x420 [ 19.186337] crypto_alloc_tfm_node+0xc5/0x1f0 [ 19.187468] crypto_alloc_sig+0x23/0x30 [ 19.188310] public_key_verify_signature+0x1b1/0x990 [ 19.188983] x509_check_for_self_signed+0x2cb/0x480 [ 19.189645] x509_cert_parse+0x59c/0x830 [ 19.190167] x509_key_preparse+0x68/0x8a0 [ 19.190666] asymmetric_key_preparse+0xb1/0x160 [ 19.191180] __key_create_or_update+0x407/0xc90 [ 19.191703] key_create_or_update+0x17/0x20 [ 19.192259] x509_load_certificate_list+0x174/0x200 [ 19.192857] regulatory_init_db+0xee/0x3a0 [ 19.193282] do_one_initcall+0xb5/0x370 [ 19.193824] kernel_init_freeable+0x425/0x6f0 [ 19.194248] kernel_init+0x23/0x1e0 [ 19.194697] ret_from_fork+0x41/0x80 [ 19.195182] ret_from_fork_asm+0x1a/0x30 [ 19.195751] [ 19.196033] Freed by task 0: [ 19.196448] kasan_save_stack+0x3d/0x60 [ 19.197105] kasan_save_track+0x18/0x40 [ 19.197551] kasan_save_free_info+0x3f/0x60 [ 19.198387] __kasan_slab_free+0x56/0x70 [ 19.198973] kfree+0x123/0x3f0 [ 19.199396] free_kthread_struct+0xeb/0x150 [ 19.199985] free_task+0xf3/0x130 [ 19.200440] __put_task_struct+0x1c8/0x480 [ 19.201020] delayed_put_task_struct+0x10a/0x150 [ 19.201468] rcu_core+0x680/0x1d70 [ 19.201922] rcu_core_si+0x12/0x20 [ 19.202277] handle_softirqs+0x209/0x720 [ 19.202799] __irq_exit_rcu+0xc9/0x110 [ 19.203201] irq_exit_rcu+0x12/0x20 [ 19.203678] sysvec_apic_timer_interrupt+0x81/0x90 [ 19.204163] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 19.204644] [ 19.204848] The buggy address belongs to the object at ffff8881028a7000 [ 19.204848] which belongs to the cache kmalloc-16 of size 16 [ 19.205928] The buggy address is located 15 bytes to the right of [ 19.205928] allocated 16-byte region [ffff8881028a7000, ffff8881028a7010) [ 19.206828] [ 19.207104] The buggy address belongs to the physical page: [ 19.207524] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028a7 [ 19.207983] flags: 0x200000000000000(node=0|zone=2) [ 19.208506] page_type: f5(slab) [ 19.208944] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 19.209674] raw: 0000000000000000 0000000080800080 00000001f5000000 0000000000000000 [ 19.210278] page dumped because: kasan: bad access detected [ 19.210667] [ 19.210932] Memory state around the buggy address: [ 19.211432] ffff8881028a6f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.212118] ffff8881028a6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.212620] >ffff8881028a7000: fa fb fc fc 00 07 fc fc fc fc fc fc fc fc fc fc [ 19.212991] ^ [ 19.213403] ffff8881028a7080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.214128] ffff8881028a7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.214820] ==================================================================