Date
Nov. 27, 2024, 3:37 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 46.719802] ================================================================== [ 46.720584] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x420/0x490 [ 46.721525] Write of size 1 at addr fff00000c60dc478 by task kunit_try_catch/131 [ 46.722548] [ 46.722987] CPU: 1 UID: 0 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 46.724466] Tainted: [B]=BAD_PAGE, [N]=TEST [ 46.725377] Hardware name: linux,dummy-virt (DT) [ 46.726047] Call trace: [ 46.726531] show_stack+0x20/0x38 (C) [ 46.727058] dump_stack_lvl+0x8c/0xd0 [ 46.727697] print_report+0x118/0x5e0 [ 46.728344] kasan_report+0xc8/0x118 [ 46.728848] __asan_report_store1_noabort+0x20/0x30 [ 46.729821] kmalloc_track_caller_oob_right+0x420/0x490 [ 46.730522] kunit_try_run_case+0x14c/0x3d0 [ 46.731125] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.732082] kthread+0x24c/0x2d0 [ 46.732711] ret_from_fork+0x10/0x20 [ 46.733527] [ 46.733876] Allocated by task 131: [ 46.734326] kasan_save_stack+0x3c/0x68 [ 46.734945] kasan_save_track+0x20/0x40 [ 46.735573] kasan_save_alloc_info+0x40/0x58 [ 46.736162] __kasan_kmalloc+0xd4/0xd8 [ 46.736680] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 46.737461] kmalloc_track_caller_oob_right+0x184/0x490 [ 46.738095] kunit_try_run_case+0x14c/0x3d0 [ 46.738718] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.739852] kthread+0x24c/0x2d0 [ 46.740814] ret_from_fork+0x10/0x20 [ 46.741577] [ 46.741962] The buggy address belongs to the object at fff00000c60dc400 [ 46.741962] which belongs to the cache kmalloc-128 of size 128 [ 46.743270] The buggy address is located 0 bytes to the right of [ 46.743270] allocated 120-byte region [fff00000c60dc400, fff00000c60dc478) [ 46.744966] [ 46.745260] The buggy address belongs to the physical page: [ 46.746269] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 46.747355] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 46.748129] page_type: f5(slab) [ 46.748630] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 46.749527] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 46.750262] page dumped because: kasan: bad access detected [ 46.751264] [ 46.751562] Memory state around the buggy address: [ 46.752184] fff00000c60dc300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 46.753283] fff00000c60dc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.754152] >fff00000c60dc400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 46.755007] ^ [ 46.755832] fff00000c60dc480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.756652] fff00000c60dc500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.757673] ================================================================== [ 46.678544] ================================================================== [ 46.679710] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x414/0x490 [ 46.680540] Write of size 1 at addr fff00000c60dc378 by task kunit_try_catch/131 [ 46.681945] [ 46.682261] CPU: 1 UID: 0 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 46.683406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 46.683953] Hardware name: linux,dummy-virt (DT) [ 46.684947] Call trace: [ 46.685495] show_stack+0x20/0x38 (C) [ 46.686058] dump_stack_lvl+0x8c/0xd0 [ 46.686877] print_report+0x118/0x5e0 [ 46.687935] kasan_report+0xc8/0x118 [ 46.688681] __asan_report_store1_noabort+0x20/0x30 [ 46.689700] kmalloc_track_caller_oob_right+0x414/0x490 [ 46.690508] kunit_try_run_case+0x14c/0x3d0 [ 46.691167] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.691920] kthread+0x24c/0x2d0 [ 46.692556] ret_from_fork+0x10/0x20 [ 46.693384] [ 46.693737] Allocated by task 131: [ 46.694327] kasan_save_stack+0x3c/0x68 [ 46.694955] kasan_save_track+0x20/0x40 [ 46.695599] kasan_save_alloc_info+0x40/0x58 [ 46.696256] __kasan_kmalloc+0xd4/0xd8 [ 46.696839] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 46.697753] kmalloc_track_caller_oob_right+0xa8/0x490 [ 46.698674] kunit_try_run_case+0x14c/0x3d0 [ 46.699122] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 46.699876] kthread+0x24c/0x2d0 [ 46.700438] ret_from_fork+0x10/0x20 [ 46.700960] [ 46.701268] The buggy address belongs to the object at fff00000c60dc300 [ 46.701268] which belongs to the cache kmalloc-128 of size 128 [ 46.702664] The buggy address is located 0 bytes to the right of [ 46.702664] allocated 120-byte region [fff00000c60dc300, fff00000c60dc378) [ 46.703974] [ 46.704289] The buggy address belongs to the physical page: [ 46.705073] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060dc [ 46.706285] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 46.707051] page_type: f5(slab) [ 46.707731] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 46.708647] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 46.709846] page dumped because: kasan: bad access detected [ 46.710588] [ 46.710904] Memory state around the buggy address: [ 46.711489] fff00000c60dc200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 46.712422] fff00000c60dc280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.713574] >fff00000c60dc300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 46.714340] ^ [ 46.715230] fff00000c60dc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.716106] fff00000c60dc400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 46.717002] ==================================================================
[ 23.793454] ================================================================== [ 23.794396] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b3/0x530 [ 23.795231] Write of size 1 at addr ffff888101a9d678 by task kunit_try_catch/150 [ 23.795749] [ 23.796212] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 23.797178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.797557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.798577] Call Trace: [ 23.798812] <TASK> [ 23.799636] dump_stack_lvl+0x73/0xb0 [ 23.800343] print_report+0xd1/0x640 [ 23.800716] ? __virt_addr_valid+0x1db/0x2d0 [ 23.801159] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.801661] kasan_report+0x102/0x140 [ 23.802239] ? kmalloc_track_caller_oob_right+0x4b3/0x530 [ 23.803234] ? kmalloc_track_caller_oob_right+0x4b3/0x530 [ 23.803670] __asan_report_store1_noabort+0x1b/0x30 [ 23.804246] kmalloc_track_caller_oob_right+0x4b3/0x530 [ 23.804692] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 23.805531] ? __schedule+0xc3e/0x2790 [ 23.806067] ? __pfx_read_tsc+0x10/0x10 [ 23.806527] ? ktime_get_ts64+0x84/0x230 [ 23.807070] kunit_try_run_case+0x1b3/0x490 [ 23.807505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.808034] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 23.808624] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.809257] ? __kthread_parkme+0x82/0x160 [ 23.809573] ? preempt_count_sub+0x50/0x80 [ 23.810407] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.810810] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.811560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.812313] kthread+0x257/0x310 [ 23.812627] ? __pfx_kthread+0x10/0x10 [ 23.813241] ret_from_fork+0x41/0x80 [ 23.813652] ? __pfx_kthread+0x10/0x10 [ 23.814036] ret_from_fork_asm+0x1a/0x30 [ 23.814395] </TASK> [ 23.814672] [ 23.814926] Allocated by task 150: [ 23.815258] kasan_save_stack+0x3d/0x60 [ 23.815601] kasan_save_track+0x18/0x40 [ 23.816229] kasan_save_alloc_info+0x3b/0x50 [ 23.816579] __kasan_kmalloc+0xb7/0xc0 [ 23.817356] __kmalloc_node_track_caller_noprof+0x1c6/0x500 [ 23.817844] kmalloc_track_caller_oob_right+0x19b/0x530 [ 23.818600] kunit_try_run_case+0x1b3/0x490 [ 23.819010] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.819656] kthread+0x257/0x310 [ 23.820102] ret_from_fork+0x41/0x80 [ 23.820563] ret_from_fork_asm+0x1a/0x30 [ 23.820878] [ 23.821319] The buggy address belongs to the object at ffff888101a9d600 [ 23.821319] which belongs to the cache kmalloc-128 of size 128 [ 23.822599] The buggy address is located 0 bytes to the right of [ 23.822599] allocated 120-byte region [ffff888101a9d600, ffff888101a9d678) [ 23.823723] [ 23.824150] The buggy address belongs to the physical page: [ 23.824673] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a9d [ 23.825455] flags: 0x200000000000000(node=0|zone=2) [ 23.826130] page_type: f5(slab) [ 23.826390] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.827537] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 23.828216] page dumped because: kasan: bad access detected [ 23.828816] [ 23.829260] Memory state around the buggy address: [ 23.829675] ffff888101a9d500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.830452] ffff888101a9d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.831134] >ffff888101a9d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.831590] ^ [ 23.832422] ffff888101a9d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.833152] ffff888101a9d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.833891] ================================================================== [ 23.750861] ================================================================== [ 23.752798] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4ca/0x530 [ 23.753676] Write of size 1 at addr ffff888101a9d578 by task kunit_try_catch/150 [ 23.754429] [ 23.755068] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241127 #1 [ 23.756218] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.756590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.757229] Call Trace: [ 23.757571] <TASK> [ 23.757818] dump_stack_lvl+0x73/0xb0 [ 23.758407] print_report+0xd1/0x640 [ 23.758843] ? __virt_addr_valid+0x1db/0x2d0 [ 23.759389] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.760050] kasan_report+0x102/0x140 [ 23.760513] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 23.761196] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 23.761742] __asan_report_store1_noabort+0x1b/0x30 [ 23.762473] kmalloc_track_caller_oob_right+0x4ca/0x530 [ 23.763231] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 23.763672] ? __schedule+0xc3e/0x2790 [ 23.764297] ? __pfx_read_tsc+0x10/0x10 [ 23.764650] ? ktime_get_ts64+0x84/0x230 [ 23.765243] kunit_try_run_case+0x1b3/0x490 [ 23.765740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.766416] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 23.766838] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.767742] ? __kthread_parkme+0x82/0x160 [ 23.768428] ? preempt_count_sub+0x50/0x80 [ 23.768874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.769436] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.769931] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.770439] kthread+0x257/0x310 [ 23.770845] ? __pfx_kthread+0x10/0x10 [ 23.771385] ret_from_fork+0x41/0x80 [ 23.771692] ? __pfx_kthread+0x10/0x10 [ 23.772347] ret_from_fork_asm+0x1a/0x30 [ 23.772681] </TASK> [ 23.773285] [ 23.773535] Allocated by task 150: [ 23.773841] kasan_save_stack+0x3d/0x60 [ 23.774412] kasan_save_track+0x18/0x40 [ 23.774690] kasan_save_alloc_info+0x3b/0x50 [ 23.775368] __kasan_kmalloc+0xb7/0xc0 [ 23.775701] __kmalloc_node_track_caller_noprof+0x1c6/0x500 [ 23.776411] kmalloc_track_caller_oob_right+0x9a/0x530 [ 23.776774] kunit_try_run_case+0x1b3/0x490 [ 23.777407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.777837] kthread+0x257/0x310 [ 23.778202] ret_from_fork+0x41/0x80 [ 23.778577] ret_from_fork_asm+0x1a/0x30 [ 23.778957] [ 23.779471] The buggy address belongs to the object at ffff888101a9d500 [ 23.779471] which belongs to the cache kmalloc-128 of size 128 [ 23.780653] The buggy address is located 0 bytes to the right of [ 23.780653] allocated 120-byte region [ffff888101a9d500, ffff888101a9d578) [ 23.781822] [ 23.782220] The buggy address belongs to the physical page: [ 23.782740] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a9d [ 23.783491] flags: 0x200000000000000(node=0|zone=2) [ 23.784362] page_type: f5(slab) [ 23.784683] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.785545] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 23.786362] page dumped because: kasan: bad access detected [ 23.786883] [ 23.787303] Memory state around the buggy address: [ 23.787776] ffff888101a9d400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 23.788675] ffff888101a9d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.789520] >ffff888101a9d500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.790073] ^ [ 23.790546] ffff888101a9d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.791461] ffff888101a9d600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.792136] ==================================================================