Date
Nov. 27, 2024, 3:37 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 47.982611] ================================================================== [ 47.983817] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 47.984431] Write of size 8 at addr fff00000c6189971 by task kunit_try_catch/165 [ 47.985027] [ 47.986445] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 47.988239] Tainted: [B]=BAD_PAGE, [N]=TEST [ 47.989735] Hardware name: linux,dummy-virt (DT) [ 47.990793] Call trace: [ 47.991137] show_stack+0x20/0x38 (C) [ 47.991758] dump_stack_lvl+0x8c/0xd0 [ 47.992397] print_report+0x118/0x5e0 [ 47.992932] kasan_report+0xc8/0x118 [ 47.993787] kasan_check_range+0x100/0x1a8 [ 47.994697] __asan_memset+0x34/0x78 [ 47.995502] kmalloc_oob_memset_8+0x150/0x2f8 [ 47.996457] kunit_try_run_case+0x14c/0x3d0 [ 47.997051] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.997974] kthread+0x24c/0x2d0 [ 47.998375] ret_from_fork+0x10/0x20 [ 47.999444] [ 47.999776] Allocated by task 165: [ 48.000060] kasan_save_stack+0x3c/0x68 [ 48.000403] kasan_save_track+0x20/0x40 [ 48.002101] kasan_save_alloc_info+0x40/0x58 [ 48.002798] __kasan_kmalloc+0xd4/0xd8 [ 48.003366] __kmalloc_cache_noprof+0x15c/0x3c0 [ 48.004004] kmalloc_oob_memset_8+0xb0/0x2f8 [ 48.004570] kunit_try_run_case+0x14c/0x3d0 [ 48.005090] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.006081] kthread+0x24c/0x2d0 [ 48.006480] ret_from_fork+0x10/0x20 [ 48.006825] [ 48.007034] The buggy address belongs to the object at fff00000c6189900 [ 48.007034] which belongs to the cache kmalloc-128 of size 128 [ 48.007848] The buggy address is located 113 bytes inside of [ 48.007848] allocated 120-byte region [fff00000c6189900, fff00000c6189978) [ 48.008739] [ 48.009012] The buggy address belongs to the physical page: [ 48.010064] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106189 [ 48.012491] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 48.014490] page_type: f5(slab) [ 48.014829] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 48.015407] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 48.017271] page dumped because: kasan: bad access detected [ 48.018682] [ 48.019326] Memory state around the buggy address: [ 48.020339] fff00000c6189800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 48.021666] fff00000c6189880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.022780] >fff00000c6189900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 48.023730] ^ [ 48.024315] fff00000c6189980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.024913] fff00000c6189a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.026860] ================================================================== [ 47.884213] ================================================================== [ 47.885747] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 47.886614] Write of size 2 at addr fff00000c6189577 by task kunit_try_catch/161 [ 47.887913] [ 47.888427] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 47.889856] Tainted: [B]=BAD_PAGE, [N]=TEST [ 47.890669] Hardware name: linux,dummy-virt (DT) [ 47.891162] Call trace: [ 47.891601] show_stack+0x20/0x38 (C) [ 47.892147] dump_stack_lvl+0x8c/0xd0 [ 47.892804] print_report+0x118/0x5e0 [ 47.893765] kasan_report+0xc8/0x118 [ 47.894532] kasan_check_range+0x100/0x1a8 [ 47.895133] __asan_memset+0x34/0x78 [ 47.895675] kmalloc_oob_memset_2+0x150/0x2f8 [ 47.896324] kunit_try_run_case+0x14c/0x3d0 [ 47.897007] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.897905] kthread+0x24c/0x2d0 [ 47.898711] ret_from_fork+0x10/0x20 [ 47.899201] [ 47.899694] Allocated by task 161: [ 47.900170] kasan_save_stack+0x3c/0x68 [ 47.900946] kasan_save_track+0x20/0x40 [ 47.901900] kasan_save_alloc_info+0x40/0x58 [ 47.902655] __kasan_kmalloc+0xd4/0xd8 [ 47.903100] __kmalloc_cache_noprof+0x15c/0x3c0 [ 47.903689] kmalloc_oob_memset_2+0xb0/0x2f8 [ 47.904265] kunit_try_run_case+0x14c/0x3d0 [ 47.904887] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.905777] kthread+0x24c/0x2d0 [ 47.906336] ret_from_fork+0x10/0x20 [ 47.906898] [ 47.907261] The buggy address belongs to the object at fff00000c6189500 [ 47.907261] which belongs to the cache kmalloc-128 of size 128 [ 47.908578] The buggy address is located 119 bytes inside of [ 47.908578] allocated 120-byte region [fff00000c6189500, fff00000c6189578) [ 47.910164] [ 47.910501] The buggy address belongs to the physical page: [ 47.911233] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106189 [ 47.912221] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 47.913346] page_type: f5(slab) [ 47.913811] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 47.914739] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 47.916025] page dumped because: kasan: bad access detected [ 47.916758] [ 47.917112] Memory state around the buggy address: [ 47.917769] fff00000c6189400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 47.918635] fff00000c6189480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.919468] >fff00000c6189500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 47.920498] ^ [ 47.921552] fff00000c6189580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.922538] fff00000c6189600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.923394] ================================================================== [ 48.037880] ================================================================== [ 48.039490] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 48.040375] Write of size 16 at addr fff00000c60dcf69 by task kunit_try_catch/167 [ 48.041713] [ 48.042162] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 48.043399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.044144] Hardware name: linux,dummy-virt (DT) [ 48.044981] Call trace: [ 48.045689] show_stack+0x20/0x38 (C) [ 48.046533] dump_stack_lvl+0x8c/0xd0 [ 48.047166] print_report+0x118/0x5e0 [ 48.047934] kasan_report+0xc8/0x118 [ 48.048467] kasan_check_range+0x100/0x1a8 [ 48.049097] __asan_memset+0x34/0x78 [ 48.049759] kmalloc_oob_memset_16+0x150/0x2f8 [ 48.050677] kunit_try_run_case+0x14c/0x3d0 [ 48.051389] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.052168] kthread+0x24c/0x2d0 [ 48.052776] ret_from_fork+0x10/0x20 [ 48.053475] [ 48.054036] Allocated by task 167: [ 48.054602] kasan_save_stack+0x3c/0x68 [ 48.055270] kasan_save_track+0x20/0x40 [ 48.055817] kasan_save_alloc_info+0x40/0x58 [ 48.056508] __kasan_kmalloc+0xd4/0xd8 [ 48.057456] __kmalloc_cache_noprof+0x15c/0x3c0 [ 48.058123] kmalloc_oob_memset_16+0xb0/0x2f8 [ 48.058771] kunit_try_run_case+0x14c/0x3d0 [ 48.059437] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 48.060189] kthread+0x24c/0x2d0 [ 48.060859] ret_from_fork+0x10/0x20 [ 48.062042] [ 48.062498] The buggy address belongs to the object at fff00000c60dcf00 [ 48.062498] which belongs to the cache kmalloc-128 of size 128 [ 48.063729] The buggy address is located 105 bytes inside of [ 48.063729] allocated 120-byte region [fff00000c60dcf00, fff00000c60dcf78) [ 48.065184] [ 48.065474] The buggy address belongs to the physical page: [ 48.066342] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 48.067269] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 48.068131] page_type: f5(slab) [ 48.068697] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 48.069933] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 48.070777] page dumped because: kasan: bad access detected [ 48.071424] [ 48.071754] Memory state around the buggy address: [ 48.072410] fff00000c60dce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 48.073240] fff00000c60dce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.074073] >fff00000c60dcf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 48.075047] ^ [ 48.076163] fff00000c60dcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.077265] fff00000c60dd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 48.078192] ================================================================== [ 47.932317] ================================================================== [ 47.933607] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 47.934769] Write of size 4 at addr fff00000c60dcc75 by task kunit_try_catch/163 [ 47.935934] [ 47.936231] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 47.937650] Tainted: [B]=BAD_PAGE, [N]=TEST [ 47.938268] Hardware name: linux,dummy-virt (DT) [ 47.938918] Call trace: [ 47.939282] show_stack+0x20/0x38 (C) [ 47.940026] dump_stack_lvl+0x8c/0xd0 [ 47.940766] print_report+0x118/0x5e0 [ 47.941772] kasan_report+0xc8/0x118 [ 47.942659] kasan_check_range+0x100/0x1a8 [ 47.942973] __asan_memset+0x34/0x78 [ 47.943255] kmalloc_oob_memset_4+0x150/0x300 [ 47.943889] kunit_try_run_case+0x14c/0x3d0 [ 47.944823] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.945864] kthread+0x24c/0x2d0 [ 47.946683] ret_from_fork+0x10/0x20 [ 47.947341] [ 47.947728] Allocated by task 163: [ 47.948394] kasan_save_stack+0x3c/0x68 [ 47.949060] kasan_save_track+0x20/0x40 [ 47.949973] kasan_save_alloc_info+0x40/0x58 [ 47.950663] __kasan_kmalloc+0xd4/0xd8 [ 47.951245] __kmalloc_cache_noprof+0x15c/0x3c0 [ 47.951948] kmalloc_oob_memset_4+0xb0/0x300 [ 47.952619] kunit_try_run_case+0x14c/0x3d0 [ 47.953288] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 47.954328] kthread+0x24c/0x2d0 [ 47.955015] ret_from_fork+0x10/0x20 [ 47.955720] [ 47.956140] The buggy address belongs to the object at fff00000c60dcc00 [ 47.956140] which belongs to the cache kmalloc-128 of size 128 [ 47.958015] The buggy address is located 117 bytes inside of [ 47.958015] allocated 120-byte region [fff00000c60dcc00, fff00000c60dcc78) [ 47.959279] [ 47.959626] The buggy address belongs to the physical page: [ 47.960273] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 47.961471] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 47.962386] page_type: f5(slab) [ 47.962891] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 47.963871] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 47.964785] page dumped because: kasan: bad access detected [ 47.965689] [ 47.966032] Memory state around the buggy address: [ 47.966691] fff00000c60dcb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 47.967628] fff00000c60dcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.968416] >fff00000c60dcc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 47.969250] ^ [ 47.970704] fff00000c60dcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.971763] fff00000c60dcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.972645] ==================================================================
[ 25.259772] ================================================================== [ 25.260961] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x167/0x330 [ 25.261688] Write of size 16 at addr ffff888102a4a369 by task kunit_try_catch/186 [ 25.263755] [ 25.263970] CPU: 0 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 25.264782] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.265166] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.266164] Call Trace: [ 25.266803] <TASK> [ 25.267819] dump_stack_lvl+0x73/0xb0 [ 25.268332] print_report+0xd1/0x640 [ 25.268689] ? __virt_addr_valid+0x1db/0x2d0 [ 25.269303] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.269757] kasan_report+0x102/0x140 [ 25.270807] ? kmalloc_oob_memset_16+0x167/0x330 [ 25.271828] ? kmalloc_oob_memset_16+0x167/0x330 [ 25.272450] kasan_check_range+0x10c/0x1c0 [ 25.272849] __asan_memset+0x27/0x50 [ 25.273437] kmalloc_oob_memset_16+0x167/0x330 [ 25.274160] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 25.274717] ? __schedule+0x1ba9/0x2790 [ 25.275860] ? __pfx_read_tsc+0x10/0x10 [ 25.276636] ? ktime_get_ts64+0x84/0x230 [ 25.277253] kunit_try_run_case+0x1b3/0x490 [ 25.277705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.278664] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.279594] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.280458] ? __kthread_parkme+0x82/0x160 [ 25.280821] ? preempt_count_sub+0x50/0x80 [ 25.281798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.282605] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.283425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.284409] kthread+0x257/0x310 [ 25.284762] ? __pfx_kthread+0x10/0x10 [ 25.285470] ret_from_fork+0x41/0x80 [ 25.285777] ? __pfx_kthread+0x10/0x10 [ 25.286745] ret_from_fork_asm+0x1a/0x30 [ 25.287408] </TASK> [ 25.287728] [ 25.288122] Allocated by task 186: [ 25.288490] kasan_save_stack+0x3d/0x60 [ 25.289358] kasan_save_track+0x18/0x40 [ 25.289817] kasan_save_alloc_info+0x3b/0x50 [ 25.290358] __kasan_kmalloc+0xb7/0xc0 [ 25.290762] __kmalloc_cache_noprof+0x184/0x410 [ 25.291576] kmalloc_oob_memset_16+0xad/0x330 [ 25.292172] kunit_try_run_case+0x1b3/0x490 [ 25.292678] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.293511] kthread+0x257/0x310 [ 25.294064] ret_from_fork+0x41/0x80 [ 25.294557] ret_from_fork_asm+0x1a/0x30 [ 25.294878] [ 25.295390] The buggy address belongs to the object at ffff888102a4a300 [ 25.295390] which belongs to the cache kmalloc-128 of size 128 [ 25.296530] The buggy address is located 105 bytes inside of [ 25.296530] allocated 120-byte region [ffff888102a4a300, ffff888102a4a378) [ 25.297974] [ 25.298384] The buggy address belongs to the physical page: [ 25.298840] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a4a [ 25.299718] flags: 0x200000000000000(node=0|zone=2) [ 25.300392] page_type: f5(slab) [ 25.300810] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.301827] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 25.302615] page dumped because: kasan: bad access detected [ 25.303412] [ 25.303597] Memory state around the buggy address: [ 25.304071] ffff888102a4a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.304628] ffff888102a4a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.305575] >ffff888102a4a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.306483] ^ [ 25.307350] ffff888102a4a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.308242] ffff888102a4a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.308831] ================================================================== [ 25.104401] ================================================================== [ 25.105522] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x167/0x330 [ 25.106647] Write of size 2 at addr ffff888101aa3477 by task kunit_try_catch/180 [ 25.107576] [ 25.108438] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 25.109761] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.110205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.111069] Call Trace: [ 25.111412] <TASK> [ 25.112054] dump_stack_lvl+0x73/0xb0 [ 25.113324] print_report+0xd1/0x640 [ 25.113729] ? __virt_addr_valid+0x1db/0x2d0 [ 25.114772] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.115331] kasan_report+0x102/0x140 [ 25.116156] ? kmalloc_oob_memset_2+0x167/0x330 [ 25.116864] ? kmalloc_oob_memset_2+0x167/0x330 [ 25.117512] kasan_check_range+0x10c/0x1c0 [ 25.117945] __asan_memset+0x27/0x50 [ 25.118907] kmalloc_oob_memset_2+0x167/0x330 [ 25.119542] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 25.119953] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 25.121340] kunit_try_run_case+0x1b3/0x490 [ 25.121717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.122650] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.123525] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.124158] ? __kthread_parkme+0x82/0x160 [ 25.125144] ? preempt_count_sub+0x50/0x80 [ 25.125372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.125582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.125827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.126328] kthread+0x257/0x310 [ 25.126780] ? __pfx_kthread+0x10/0x10 [ 25.127317] ret_from_fork+0x41/0x80 [ 25.127822] ? __pfx_kthread+0x10/0x10 [ 25.128241] ret_from_fork_asm+0x1a/0x30 [ 25.128755] </TASK> [ 25.128943] [ 25.129115] Allocated by task 180: [ 25.129929] kasan_save_stack+0x3d/0x60 [ 25.130861] kasan_save_track+0x18/0x40 [ 25.131266] kasan_save_alloc_info+0x3b/0x50 [ 25.131569] __kasan_kmalloc+0xb7/0xc0 [ 25.131835] __kmalloc_cache_noprof+0x184/0x410 [ 25.132778] kmalloc_oob_memset_2+0xad/0x330 [ 25.133680] kunit_try_run_case+0x1b3/0x490 [ 25.134255] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.135101] kthread+0x257/0x310 [ 25.135374] ret_from_fork+0x41/0x80 [ 25.135641] ret_from_fork_asm+0x1a/0x30 [ 25.135934] [ 25.136420] The buggy address belongs to the object at ffff888101aa3400 [ 25.136420] which belongs to the cache kmalloc-128 of size 128 [ 25.137760] The buggy address is located 119 bytes inside of [ 25.137760] allocated 120-byte region [ffff888101aa3400, ffff888101aa3478) [ 25.138905] [ 25.139183] The buggy address belongs to the physical page: [ 25.139821] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101aa3 [ 25.140654] flags: 0x200000000000000(node=0|zone=2) [ 25.141081] page_type: f5(slab) [ 25.141508] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.142649] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 25.143417] page dumped because: kasan: bad access detected [ 25.143846] [ 25.144227] Memory state around the buggy address: [ 25.144815] ffff888101aa3300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.145571] ffff888101aa3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.146192] >ffff888101aa3400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.147005] ^ [ 25.148329] ffff888101aa3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.149170] ffff888101aa3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.149714] ================================================================== [ 25.155340] ================================================================== [ 25.156597] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x167/0x330 [ 25.157702] Write of size 4 at addr ffff888101aa3575 by task kunit_try_catch/182 [ 25.158437] [ 25.159193] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 25.160099] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.160493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.161466] Call Trace: [ 25.161671] <TASK> [ 25.162353] dump_stack_lvl+0x73/0xb0 [ 25.162868] print_report+0xd1/0x640 [ 25.163532] ? __virt_addr_valid+0x1db/0x2d0 [ 25.163841] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.164709] kasan_report+0x102/0x140 [ 25.165338] ? kmalloc_oob_memset_4+0x167/0x330 [ 25.165822] ? kmalloc_oob_memset_4+0x167/0x330 [ 25.166724] kasan_check_range+0x10c/0x1c0 [ 25.167411] __asan_memset+0x27/0x50 [ 25.167822] kmalloc_oob_memset_4+0x167/0x330 [ 25.168503] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 25.169103] ? __schedule+0xc3e/0x2790 [ 25.169541] ? __pfx_read_tsc+0x10/0x10 [ 25.170261] ? ktime_get_ts64+0x84/0x230 [ 25.170714] kunit_try_run_case+0x1b3/0x490 [ 25.171435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.172119] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.172633] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.173355] ? __kthread_parkme+0x82/0x160 [ 25.173749] ? preempt_count_sub+0x50/0x80 [ 25.174569] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.175194] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.175827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.176534] kthread+0x257/0x310 [ 25.177126] ? __pfx_kthread+0x10/0x10 [ 25.177530] ret_from_fork+0x41/0x80 [ 25.177880] ? __pfx_kthread+0x10/0x10 [ 25.178624] ret_from_fork_asm+0x1a/0x30 [ 25.179306] </TASK> [ 25.179614] [ 25.179889] Allocated by task 182: [ 25.180433] kasan_save_stack+0x3d/0x60 [ 25.181079] kasan_save_track+0x18/0x40 [ 25.181513] kasan_save_alloc_info+0x3b/0x50 [ 25.182093] __kasan_kmalloc+0xb7/0xc0 [ 25.182853] __kmalloc_cache_noprof+0x184/0x410 [ 25.183607] kmalloc_oob_memset_4+0xad/0x330 [ 25.184231] kunit_try_run_case+0x1b3/0x490 [ 25.184658] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.185342] kthread+0x257/0x310 [ 25.185747] ret_from_fork+0x41/0x80 [ 25.186267] ret_from_fork_asm+0x1a/0x30 [ 25.186586] [ 25.186843] The buggy address belongs to the object at ffff888101aa3500 [ 25.186843] which belongs to the cache kmalloc-128 of size 128 [ 25.188131] The buggy address is located 117 bytes inside of [ 25.188131] allocated 120-byte region [ffff888101aa3500, ffff888101aa3578) [ 25.189523] [ 25.189760] The buggy address belongs to the physical page: [ 25.190585] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101aa3 [ 25.191598] flags: 0x200000000000000(node=0|zone=2) [ 25.192196] page_type: f5(slab) [ 25.192622] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.193472] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 25.194306] page dumped because: kasan: bad access detected [ 25.194871] [ 25.195403] Memory state around the buggy address: [ 25.195833] ffff888101aa3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.196805] ffff888101aa3480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.198274] >ffff888101aa3500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.199612] ^ [ 25.200682] ffff888101aa3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.201384] ffff888101aa3600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.202472] ================================================================== [ 25.208544] ================================================================== [ 25.209800] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x167/0x330 [ 25.210459] Write of size 8 at addr ffff888102a4a271 by task kunit_try_catch/184 [ 25.211035] [ 25.212222] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 25.213024] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.213814] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.214825] Call Trace: [ 25.215128] <TASK> [ 25.215809] dump_stack_lvl+0x73/0xb0 [ 25.216251] print_report+0xd1/0x640 [ 25.217142] ? __virt_addr_valid+0x1db/0x2d0 [ 25.217760] ? kasan_complete_mode_report_info+0x2a/0x200 [ 25.218508] kasan_report+0x102/0x140 [ 25.219177] ? kmalloc_oob_memset_8+0x167/0x330 [ 25.219408] ? kmalloc_oob_memset_8+0x167/0x330 [ 25.219622] kasan_check_range+0x10c/0x1c0 [ 25.219816] __asan_memset+0x27/0x50 [ 25.220015] kmalloc_oob_memset_8+0x167/0x330 [ 25.221262] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 25.222244] ? __schedule+0xc3e/0x2790 [ 25.222872] ? __pfx_read_tsc+0x10/0x10 [ 25.223622] ? ktime_get_ts64+0x84/0x230 [ 25.224084] kunit_try_run_case+0x1b3/0x490 [ 25.224881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.225620] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 25.226090] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 25.226760] ? __kthread_parkme+0x82/0x160 [ 25.227431] ? preempt_count_sub+0x50/0x80 [ 25.228091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 25.228793] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 25.229498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.230028] kthread+0x257/0x310 [ 25.230664] ? __pfx_kthread+0x10/0x10 [ 25.231210] ret_from_fork+0x41/0x80 [ 25.231833] ? __pfx_kthread+0x10/0x10 [ 25.232321] ret_from_fork_asm+0x1a/0x30 [ 25.233021] </TASK> [ 25.233255] [ 25.233669] Allocated by task 184: [ 25.233913] kasan_save_stack+0x3d/0x60 [ 25.234578] kasan_save_track+0x18/0x40 [ 25.235086] kasan_save_alloc_info+0x3b/0x50 [ 25.235423] __kasan_kmalloc+0xb7/0xc0 [ 25.236213] __kmalloc_cache_noprof+0x184/0x410 [ 25.236730] kmalloc_oob_memset_8+0xad/0x330 [ 25.237044] kunit_try_run_case+0x1b3/0x490 [ 25.237688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.238329] kthread+0x257/0x310 [ 25.239022] ret_from_fork+0x41/0x80 [ 25.239472] ret_from_fork_asm+0x1a/0x30 [ 25.239757] [ 25.240102] The buggy address belongs to the object at ffff888102a4a200 [ 25.240102] which belongs to the cache kmalloc-128 of size 128 [ 25.241656] The buggy address is located 113 bytes inside of [ 25.241656] allocated 120-byte region [ffff888102a4a200, ffff888102a4a278) [ 25.242681] [ 25.242838] The buggy address belongs to the physical page: [ 25.243745] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a4a [ 25.244726] flags: 0x200000000000000(node=0|zone=2) [ 25.245064] page_type: f5(slab) [ 25.245546] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.246747] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 25.247454] page dumped because: kasan: bad access detected [ 25.248119] [ 25.248529] Memory state around the buggy address: [ 25.248942] ffff888102a4a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.249620] ffff888102a4a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.250482] >ffff888102a4a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.251399] ^ [ 25.252393] ffff888102a4a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.253211] ffff888102a4a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.254057] ==================================================================