Date
Nov. 28, 2024, 2:36 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.580329] ================================================================== [ 30.581923] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 30.582620] Write of size 2 at addr fff00000c5b58b77 by task kunit_try_catch/160 [ 30.583402] [ 30.583776] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 30.584803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.585339] Hardware name: linux,dummy-virt (DT) [ 30.585945] Call trace: [ 30.586384] show_stack+0x20/0x38 (C) [ 30.586887] dump_stack_lvl+0x8c/0xd0 [ 30.587570] print_report+0x118/0x5e0 [ 30.588176] kasan_report+0xc8/0x118 [ 30.588710] kasan_check_range+0x100/0x1a8 [ 30.589591] __asan_memset+0x34/0x78 [ 30.590167] kmalloc_oob_memset_2+0x150/0x2f8 [ 30.590704] kunit_try_run_case+0x14c/0x3d0 [ 30.591364] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.592095] kthread+0x24c/0x2d0 [ 30.592628] ret_from_fork+0x10/0x20 [ 30.593503] [ 30.593837] Allocated by task 160: [ 30.594352] kasan_save_stack+0x3c/0x68 [ 30.594858] kasan_save_track+0x20/0x40 [ 30.595437] kasan_save_alloc_info+0x40/0x58 [ 30.595917] __kasan_kmalloc+0xd4/0xd8 [ 30.596504] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.597471] kmalloc_oob_memset_2+0xb0/0x2f8 [ 30.597908] kunit_try_run_case+0x14c/0x3d0 [ 30.598542] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.599164] kthread+0x24c/0x2d0 [ 30.599700] ret_from_fork+0x10/0x20 [ 30.600198] [ 30.600550] The buggy address belongs to the object at fff00000c5b58b00 [ 30.600550] which belongs to the cache kmalloc-128 of size 128 [ 30.602003] The buggy address is located 119 bytes inside of [ 30.602003] allocated 120-byte region [fff00000c5b58b00, fff00000c5b58b78) [ 30.603193] [ 30.603511] The buggy address belongs to the physical page: [ 30.604200] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105b58 [ 30.605237] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.606049] page_type: f5(slab) [ 30.606582] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.607300] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.608214] page dumped because: kasan: bad access detected [ 30.608848] [ 30.609439] Memory state around the buggy address: [ 30.610004] fff00000c5b58a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 30.610826] fff00000c5b58a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.611598] >fff00000c5b58b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.612430] ^ [ 30.613348] fff00000c5b58b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.614145] fff00000c5b58c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.614837] ================================================================== [ 30.628646] ================================================================== [ 30.630318] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 30.631011] Write of size 4 at addr fff00000c638e775 by task kunit_try_catch/162 [ 30.631809] [ 30.632168] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 30.633073] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.634134] Hardware name: linux,dummy-virt (DT) [ 30.634711] Call trace: [ 30.635157] show_stack+0x20/0x38 (C) [ 30.635738] dump_stack_lvl+0x8c/0xd0 [ 30.636280] print_report+0x118/0x5e0 [ 30.636870] kasan_report+0xc8/0x118 [ 30.637492] kasan_check_range+0x100/0x1a8 [ 30.638077] __asan_memset+0x34/0x78 [ 30.639233] kmalloc_oob_memset_4+0x150/0x300 [ 30.639795] kunit_try_run_case+0x14c/0x3d0 [ 30.640390] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.641296] kthread+0x24c/0x2d0 [ 30.642087] ret_from_fork+0x10/0x20 [ 30.642612] [ 30.642954] Allocated by task 162: [ 30.643486] kasan_save_stack+0x3c/0x68 [ 30.644071] kasan_save_track+0x20/0x40 [ 30.644564] kasan_save_alloc_info+0x40/0x58 [ 30.645457] __kasan_kmalloc+0xd4/0xd8 [ 30.645955] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.646489] kmalloc_oob_memset_4+0xb0/0x300 [ 30.647108] kunit_try_run_case+0x14c/0x3d0 [ 30.648387] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.648990] kthread+0x24c/0x2d0 [ 30.649701] ret_from_fork+0x10/0x20 [ 30.650435] [ 30.650778] The buggy address belongs to the object at fff00000c638e700 [ 30.650778] which belongs to the cache kmalloc-128 of size 128 [ 30.651870] The buggy address is located 117 bytes inside of [ 30.651870] allocated 120-byte region [fff00000c638e700, fff00000c638e778) [ 30.653018] [ 30.653343] The buggy address belongs to the physical page: [ 30.654007] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638e [ 30.654941] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.656411] page_type: f5(slab) [ 30.657133] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.658066] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.659100] page dumped because: kasan: bad access detected [ 30.659782] [ 30.660411] Memory state around the buggy address: [ 30.661544] fff00000c638e600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 30.662158] fff00000c638e680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.662854] >fff00000c638e700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.663841] ^ [ 30.664769] fff00000c638e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.665736] fff00000c638e800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.666480] ================================================================== [ 30.677708] ================================================================== [ 30.678866] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 30.679724] Write of size 8 at addr fff00000c638e971 by task kunit_try_catch/164 [ 30.680561] [ 30.681013] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 30.682066] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.682538] Hardware name: linux,dummy-virt (DT) [ 30.683039] Call trace: [ 30.683982] show_stack+0x20/0x38 (C) [ 30.684549] dump_stack_lvl+0x8c/0xd0 [ 30.685044] print_report+0x118/0x5e0 [ 30.685594] kasan_report+0xc8/0x118 [ 30.686086] kasan_check_range+0x100/0x1a8 [ 30.687249] __asan_memset+0x34/0x78 [ 30.687938] kmalloc_oob_memset_8+0x150/0x2f8 [ 30.688680] kunit_try_run_case+0x14c/0x3d0 [ 30.689653] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.690442] kthread+0x24c/0x2d0 [ 30.691091] ret_from_fork+0x10/0x20 [ 30.691743] [ 30.692127] Allocated by task 164: [ 30.692700] kasan_save_stack+0x3c/0x68 [ 30.693528] kasan_save_track+0x20/0x40 [ 30.694412] kasan_save_alloc_info+0x40/0x58 [ 30.695086] __kasan_kmalloc+0xd4/0xd8 [ 30.695692] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.696409] kmalloc_oob_memset_8+0xb0/0x2f8 [ 30.697032] kunit_try_run_case+0x14c/0x3d0 [ 30.697600] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.698612] kthread+0x24c/0x2d0 [ 30.699263] ret_from_fork+0x10/0x20 [ 30.699877] [ 30.700319] The buggy address belongs to the object at fff00000c638e900 [ 30.700319] which belongs to the cache kmalloc-128 of size 128 [ 30.701995] The buggy address is located 113 bytes inside of [ 30.701995] allocated 120-byte region [fff00000c638e900, fff00000c638e978) [ 30.703338] [ 30.703753] The buggy address belongs to the physical page: [ 30.704538] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638e [ 30.705556] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.706626] page_type: f5(slab) [ 30.707166] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.708082] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.708957] page dumped because: kasan: bad access detected [ 30.709946] [ 30.710272] Memory state around the buggy address: [ 30.710824] fff00000c638e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 30.711628] fff00000c638e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.712347] >fff00000c638e900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.713509] ^ [ 30.714386] fff00000c638e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.715233] fff00000c638ea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.716045] ================================================================== [ 30.728475] ================================================================== [ 30.729513] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 30.730646] Write of size 16 at addr fff00000c638ea69 by task kunit_try_catch/166 [ 30.731531] [ 30.732504] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 30.734110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.734855] Hardware name: linux,dummy-virt (DT) [ 30.735619] Call trace: [ 30.736226] show_stack+0x20/0x38 (C) [ 30.736956] dump_stack_lvl+0x8c/0xd0 [ 30.738063] print_report+0x118/0x5e0 [ 30.738610] kasan_report+0xc8/0x118 [ 30.739270] kasan_check_range+0x100/0x1a8 [ 30.739880] __asan_memset+0x34/0x78 [ 30.740489] kmalloc_oob_memset_16+0x150/0x2f8 [ 30.741156] kunit_try_run_case+0x14c/0x3d0 [ 30.741890] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.742675] kthread+0x24c/0x2d0 [ 30.743248] ret_from_fork+0x10/0x20 [ 30.743866] [ 30.744216] Allocated by task 166: [ 30.744642] kasan_save_stack+0x3c/0x68 [ 30.745343] kasan_save_track+0x20/0x40 [ 30.746107] kasan_save_alloc_info+0x40/0x58 [ 30.746730] __kasan_kmalloc+0xd4/0xd8 [ 30.747309] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.747979] kmalloc_oob_memset_16+0xb0/0x2f8 [ 30.748915] kunit_try_run_case+0x14c/0x3d0 [ 30.749915] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.750692] kthread+0x24c/0x2d0 [ 30.751279] ret_from_fork+0x10/0x20 [ 30.751869] [ 30.752222] The buggy address belongs to the object at fff00000c638ea00 [ 30.752222] which belongs to the cache kmalloc-128 of size 128 [ 30.754196] The buggy address is located 105 bytes inside of [ 30.754196] allocated 120-byte region [fff00000c638ea00, fff00000c638ea78) [ 30.755266] [ 30.755616] The buggy address belongs to the physical page: [ 30.756224] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638e [ 30.757184] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.757984] page_type: f5(slab) [ 30.758564] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.759416] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 30.760258] page dumped because: kasan: bad access detected [ 30.761551] [ 30.762230] Memory state around the buggy address: [ 30.762741] fff00000c638e900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.763431] fff00000c638e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.764107] >fff00000c638ea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.765374] ^ [ 30.766250] fff00000c638ea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.767066] fff00000c638eb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.767960] ==================================================================
[ 21.500087] ================================================================== [ 21.501004] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x167/0x330 [ 21.502063] Write of size 2 at addr ffff888102a1d277 by task kunit_try_catch/180 [ 21.502741] [ 21.503105] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 21.503941] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.504710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.505470] Call Trace: [ 21.506536] <TASK> [ 21.507163] dump_stack_lvl+0x73/0xb0 [ 21.507758] print_report+0xd1/0x640 [ 21.508193] ? __virt_addr_valid+0x1db/0x2d0 [ 21.508542] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.509176] kasan_report+0x102/0x140 [ 21.509614] ? kmalloc_oob_memset_2+0x167/0x330 [ 21.510786] ? kmalloc_oob_memset_2+0x167/0x330 [ 21.511209] kasan_check_range+0x10c/0x1c0 [ 21.511816] __asan_memset+0x27/0x50 [ 21.512380] kmalloc_oob_memset_2+0x167/0x330 [ 21.513095] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 21.513766] ? __schedule+0xc3e/0x2790 [ 21.514469] ? __pfx_read_tsc+0x10/0x10 [ 21.514777] ? ktime_get_ts64+0x84/0x230 [ 21.515159] kunit_try_run_case+0x1b3/0x490 [ 21.515655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.516203] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 21.516682] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.517015] ? __kthread_parkme+0x82/0x160 [ 21.517553] ? preempt_count_sub+0x50/0x80 [ 21.518381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.518973] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.519577] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.520227] kthread+0x257/0x310 [ 21.520619] ? __pfx_kthread+0x10/0x10 [ 21.521695] ret_from_fork+0x41/0x80 [ 21.522206] ? __pfx_kthread+0x10/0x10 [ 21.523036] ret_from_fork_asm+0x1a/0x30 [ 21.523821] </TASK> [ 21.524039] [ 21.524295] Allocated by task 180: [ 21.525101] kasan_save_stack+0x3d/0x60 [ 21.525874] kasan_save_track+0x18/0x40 [ 21.526491] kasan_save_alloc_info+0x3b/0x50 [ 21.526998] __kasan_kmalloc+0xb7/0xc0 [ 21.527518] __kmalloc_cache_noprof+0x184/0x410 [ 21.528035] kmalloc_oob_memset_2+0xad/0x330 [ 21.528670] kunit_try_run_case+0x1b3/0x490 [ 21.529170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.529807] kthread+0x257/0x310 [ 21.530254] ret_from_fork+0x41/0x80 [ 21.530992] ret_from_fork_asm+0x1a/0x30 [ 21.531251] [ 21.531739] The buggy address belongs to the object at ffff888102a1d200 [ 21.531739] which belongs to the cache kmalloc-128 of size 128 [ 21.533514] The buggy address is located 119 bytes inside of [ 21.533514] allocated 120-byte region [ffff888102a1d200, ffff888102a1d278) [ 21.534791] [ 21.535046] The buggy address belongs to the physical page: [ 21.535860] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1d [ 21.537162] flags: 0x200000000000000(node=0|zone=2) [ 21.537814] page_type: f5(slab) [ 21.538308] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.538952] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 21.539562] page dumped because: kasan: bad access detected [ 21.540032] [ 21.540223] Memory state around the buggy address: [ 21.540854] ffff888102a1d100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.541628] ffff888102a1d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.542708] >ffff888102a1d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.543894] ^ [ 21.544693] ffff888102a1d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.545255] ffff888102a1d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.545846] ================================================================== [ 21.651017] ================================================================== [ 21.652216] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x167/0x330 [ 21.652905] Write of size 16 at addr ffff888101b56869 by task kunit_try_catch/186 [ 21.653646] [ 21.653920] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 21.655435] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.656035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.657475] Call Trace: [ 21.657953] <TASK> [ 21.658710] dump_stack_lvl+0x73/0xb0 [ 21.659527] print_report+0xd1/0x640 [ 21.660359] ? __virt_addr_valid+0x1db/0x2d0 [ 21.661067] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.661847] kasan_report+0x102/0x140 [ 21.662284] ? kmalloc_oob_memset_16+0x167/0x330 [ 21.663057] ? kmalloc_oob_memset_16+0x167/0x330 [ 21.663794] kasan_check_range+0x10c/0x1c0 [ 21.664330] __asan_memset+0x27/0x50 [ 21.664779] kmalloc_oob_memset_16+0x167/0x330 [ 21.665216] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 21.665899] ? __schedule+0xc3e/0x2790 [ 21.666262] ? __pfx_read_tsc+0x10/0x10 [ 21.667290] ? ktime_get_ts64+0x84/0x230 [ 21.667613] kunit_try_run_case+0x1b3/0x490 [ 21.668139] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.668925] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 21.669610] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.670159] ? __kthread_parkme+0x82/0x160 [ 21.670748] ? preempt_count_sub+0x50/0x80 [ 21.671169] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.672064] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.673159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.673622] kthread+0x257/0x310 [ 21.673985] ? __pfx_kthread+0x10/0x10 [ 21.674561] ret_from_fork+0x41/0x80 [ 21.675111] ? __pfx_kthread+0x10/0x10 [ 21.675821] ret_from_fork_asm+0x1a/0x30 [ 21.676583] </TASK> [ 21.676898] [ 21.677114] Allocated by task 186: [ 21.678016] kasan_save_stack+0x3d/0x60 [ 21.678840] kasan_save_track+0x18/0x40 [ 21.679479] kasan_save_alloc_info+0x3b/0x50 [ 21.680026] __kasan_kmalloc+0xb7/0xc0 [ 21.680574] __kmalloc_cache_noprof+0x184/0x410 [ 21.681403] kmalloc_oob_memset_16+0xad/0x330 [ 21.681951] kunit_try_run_case+0x1b3/0x490 [ 21.683061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.683879] kthread+0x257/0x310 [ 21.684242] ret_from_fork+0x41/0x80 [ 21.684624] ret_from_fork_asm+0x1a/0x30 [ 21.685032] [ 21.685234] The buggy address belongs to the object at ffff888101b56800 [ 21.685234] which belongs to the cache kmalloc-128 of size 128 [ 21.686914] The buggy address is located 105 bytes inside of [ 21.686914] allocated 120-byte region [ffff888101b56800, ffff888101b56878) [ 21.688051] [ 21.688795] The buggy address belongs to the physical page: [ 21.689958] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b56 [ 21.690850] flags: 0x200000000000000(node=0|zone=2) [ 21.691180] page_type: f5(slab) [ 21.691760] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.692659] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 21.693820] page dumped because: kasan: bad access detected [ 21.694385] [ 21.694934] Memory state around the buggy address: [ 21.695418] ffff888101b56700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 21.696680] ffff888101b56780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.697184] >ffff888101b56800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.698194] ^ [ 21.698766] ffff888101b56880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.699863] ffff888101b56900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.700436] ================================================================== [ 21.599896] ================================================================== [ 21.600774] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x167/0x330 [ 21.601372] Write of size 8 at addr ffff888101b56671 by task kunit_try_catch/184 [ 21.602100] [ 21.602322] CPU: 1 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 21.603706] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.604233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.605090] Call Trace: [ 21.605495] <TASK> [ 21.605825] dump_stack_lvl+0x73/0xb0 [ 21.606172] print_report+0xd1/0x640 [ 21.606765] ? __virt_addr_valid+0x1db/0x2d0 [ 21.607538] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.608049] kasan_report+0x102/0x140 [ 21.608537] ? kmalloc_oob_memset_8+0x167/0x330 [ 21.609056] ? kmalloc_oob_memset_8+0x167/0x330 [ 21.609427] kasan_check_range+0x10c/0x1c0 [ 21.610014] __asan_memset+0x27/0x50 [ 21.610517] kmalloc_oob_memset_8+0x167/0x330 [ 21.610805] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 21.611162] ? __schedule+0xc3e/0x2790 [ 21.611892] ? __pfx_read_tsc+0x10/0x10 [ 21.612928] ? ktime_get_ts64+0x84/0x230 [ 21.613868] kunit_try_run_case+0x1b3/0x490 [ 21.614666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.615782] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 21.616600] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.617263] ? __kthread_parkme+0x82/0x160 [ 21.617764] ? preempt_count_sub+0x50/0x80 [ 21.618152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.619263] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.619824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.620359] kthread+0x257/0x310 [ 21.620762] ? __pfx_kthread+0x10/0x10 [ 21.621388] ret_from_fork+0x41/0x80 [ 21.621875] ? __pfx_kthread+0x10/0x10 [ 21.622492] ret_from_fork_asm+0x1a/0x30 [ 21.623254] </TASK> [ 21.623590] [ 21.623804] Allocated by task 184: [ 21.624122] kasan_save_stack+0x3d/0x60 [ 21.624784] kasan_save_track+0x18/0x40 [ 21.625118] kasan_save_alloc_info+0x3b/0x50 [ 21.625681] __kasan_kmalloc+0xb7/0xc0 [ 21.626143] __kmalloc_cache_noprof+0x184/0x410 [ 21.627004] kmalloc_oob_memset_8+0xad/0x330 [ 21.627669] kunit_try_run_case+0x1b3/0x490 [ 21.628109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.628938] kthread+0x257/0x310 [ 21.629279] ret_from_fork+0x41/0x80 [ 21.629883] ret_from_fork_asm+0x1a/0x30 [ 21.630520] [ 21.630843] The buggy address belongs to the object at ffff888101b56600 [ 21.630843] which belongs to the cache kmalloc-128 of size 128 [ 21.631798] The buggy address is located 113 bytes inside of [ 21.631798] allocated 120-byte region [ffff888101b56600, ffff888101b56678) [ 21.633159] [ 21.633524] The buggy address belongs to the physical page: [ 21.633947] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b56 [ 21.634923] flags: 0x200000000000000(node=0|zone=2) [ 21.635686] page_type: f5(slab) [ 21.636034] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.636807] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 21.638121] page dumped because: kasan: bad access detected [ 21.638828] [ 21.639074] Memory state around the buggy address: [ 21.639629] ffff888101b56500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 21.640426] ffff888101b56580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.641041] >ffff888101b56600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.641746] ^ [ 21.643068] ffff888101b56680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.643951] ffff888101b56700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.644540] ================================================================== [ 21.551751] ================================================================== [ 21.552648] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x167/0x330 [ 21.553728] Write of size 4 at addr ffff888102a1d375 by task kunit_try_catch/182 [ 21.554591] [ 21.554824] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 21.555751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.556014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.557156] Call Trace: [ 21.557516] <TASK> [ 21.557775] dump_stack_lvl+0x73/0xb0 [ 21.558330] print_report+0xd1/0x640 [ 21.558711] ? __virt_addr_valid+0x1db/0x2d0 [ 21.559317] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.559831] kasan_report+0x102/0x140 [ 21.560300] ? kmalloc_oob_memset_4+0x167/0x330 [ 21.560810] ? kmalloc_oob_memset_4+0x167/0x330 [ 21.561456] kasan_check_range+0x10c/0x1c0 [ 21.561881] __asan_memset+0x27/0x50 [ 21.562300] kmalloc_oob_memset_4+0x167/0x330 [ 21.562629] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 21.563118] ? __schedule+0xc3e/0x2790 [ 21.563493] ? __pfx_read_tsc+0x10/0x10 [ 21.563882] ? ktime_get_ts64+0x84/0x230 [ 21.564293] kunit_try_run_case+0x1b3/0x490 [ 21.564875] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.565192] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 21.565525] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.566273] ? __kthread_parkme+0x82/0x160 [ 21.567007] ? preempt_count_sub+0x50/0x80 [ 21.567375] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.568500] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.569106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.569673] kthread+0x257/0x310 [ 21.570085] ? __pfx_kthread+0x10/0x10 [ 21.570465] ret_from_fork+0x41/0x80 [ 21.570941] ? __pfx_kthread+0x10/0x10 [ 21.571409] ret_from_fork_asm+0x1a/0x30 [ 21.571712] </TASK> [ 21.572200] [ 21.572635] Allocated by task 182: [ 21.573035] kasan_save_stack+0x3d/0x60 [ 21.573514] kasan_save_track+0x18/0x40 [ 21.574706] kasan_save_alloc_info+0x3b/0x50 [ 21.575572] __kasan_kmalloc+0xb7/0xc0 [ 21.576001] __kmalloc_cache_noprof+0x184/0x410 [ 21.576548] kmalloc_oob_memset_4+0xad/0x330 [ 21.577033] kunit_try_run_case+0x1b3/0x490 [ 21.578034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.578631] kthread+0x257/0x310 [ 21.579012] ret_from_fork+0x41/0x80 [ 21.579482] ret_from_fork_asm+0x1a/0x30 [ 21.579954] [ 21.580196] The buggy address belongs to the object at ffff888102a1d300 [ 21.580196] which belongs to the cache kmalloc-128 of size 128 [ 21.581174] The buggy address is located 117 bytes inside of [ 21.581174] allocated 120-byte region [ffff888102a1d300, ffff888102a1d378) [ 21.582881] [ 21.583184] The buggy address belongs to the physical page: [ 21.583998] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1d [ 21.584889] flags: 0x200000000000000(node=0|zone=2) [ 21.585562] page_type: f5(slab) [ 21.585932] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.586544] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 21.587355] page dumped because: kasan: bad access detected [ 21.587789] [ 21.588026] Memory state around the buggy address: [ 21.588567] ffff888102a1d200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.589400] ffff888102a1d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.590384] >ffff888102a1d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.591716] ^ [ 21.592777] ffff888102a1d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.593486] ffff888102a1d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.594134] ==================================================================