Date
Nov. 28, 2024, 2:36 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 29.466061] ================================================================== [ 29.467220] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x414/0x490 [ 29.468079] Write of size 1 at addr fff00000c402fb78 by task kunit_try_catch/130 [ 29.468818] [ 29.469661] CPU: 1 UID: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 29.470689] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.471209] Hardware name: linux,dummy-virt (DT) [ 29.471821] Call trace: [ 29.472235] show_stack+0x20/0x38 (C) [ 29.472741] dump_stack_lvl+0x8c/0xd0 [ 29.473583] print_report+0x118/0x5e0 [ 29.474332] kasan_report+0xc8/0x118 [ 29.475015] __asan_report_store1_noabort+0x20/0x30 [ 29.475597] kmalloc_track_caller_oob_right+0x414/0x490 [ 29.476224] kunit_try_run_case+0x14c/0x3d0 [ 29.476853] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.477732] kthread+0x24c/0x2d0 [ 29.478296] ret_from_fork+0x10/0x20 [ 29.478878] [ 29.479214] Allocated by task 130: [ 29.479727] kasan_save_stack+0x3c/0x68 [ 29.480201] kasan_save_track+0x20/0x40 [ 29.480785] kasan_save_alloc_info+0x40/0x58 [ 29.481370] __kasan_kmalloc+0xd4/0xd8 [ 29.482228] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 29.482957] kmalloc_track_caller_oob_right+0xa8/0x490 [ 29.483588] kunit_try_run_case+0x14c/0x3d0 [ 29.484212] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.484854] kthread+0x24c/0x2d0 [ 29.485437] ret_from_fork+0x10/0x20 [ 29.486169] [ 29.486480] The buggy address belongs to the object at fff00000c402fb00 [ 29.486480] which belongs to the cache kmalloc-128 of size 128 [ 29.487600] The buggy address is located 0 bytes to the right of [ 29.487600] allocated 120-byte region [fff00000c402fb00, fff00000c402fb78) [ 29.488816] [ 29.489128] The buggy address belongs to the physical page: [ 29.490041] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10402f [ 29.490968] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.492362] page_type: f5(slab) [ 29.492986] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.494009] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 29.494954] page dumped because: kasan: bad access detected [ 29.495685] [ 29.496074] Memory state around the buggy address: [ 29.496784] fff00000c402fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 29.498041] fff00000c402fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.498930] >fff00000c402fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.499730] ^ [ 29.500543] fff00000c402fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.501612] fff00000c402fc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.502334] ================================================================== [ 29.504789] ================================================================== [ 29.505650] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x420/0x490 [ 29.506361] Write of size 1 at addr fff00000c402fc78 by task kunit_try_catch/130 [ 29.507535] [ 29.507943] CPU: 1 UID: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 29.509411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.509994] Hardware name: linux,dummy-virt (DT) [ 29.510664] Call trace: [ 29.511144] show_stack+0x20/0x38 (C) [ 29.511619] dump_stack_lvl+0x8c/0xd0 [ 29.512224] print_report+0x118/0x5e0 [ 29.512816] kasan_report+0xc8/0x118 [ 29.513638] __asan_report_store1_noabort+0x20/0x30 [ 29.514275] kmalloc_track_caller_oob_right+0x420/0x490 [ 29.514982] kunit_try_run_case+0x14c/0x3d0 [ 29.515506] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.516255] kthread+0x24c/0x2d0 [ 29.516819] ret_from_fork+0x10/0x20 [ 29.517625] [ 29.517902] Allocated by task 130: [ 29.518402] kasan_save_stack+0x3c/0x68 [ 29.518972] kasan_save_track+0x20/0x40 [ 29.519563] kasan_save_alloc_info+0x40/0x58 [ 29.520067] __kasan_kmalloc+0xd4/0xd8 [ 29.520664] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 29.521605] kmalloc_track_caller_oob_right+0x184/0x490 [ 29.522244] kunit_try_run_case+0x14c/0x3d0 [ 29.522852] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.523518] kthread+0x24c/0x2d0 [ 29.524051] ret_from_fork+0x10/0x20 [ 29.524623] [ 29.525655] The buggy address belongs to the object at fff00000c402fc00 [ 29.525655] which belongs to the cache kmalloc-128 of size 128 [ 29.527243] The buggy address is located 0 bytes to the right of [ 29.527243] allocated 120-byte region [fff00000c402fc00, fff00000c402fc78) [ 29.528966] [ 29.529531] The buggy address belongs to the physical page: [ 29.530158] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10402f [ 29.530958] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.531671] page_type: f5(slab) [ 29.532215] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.533142] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 29.534159] page dumped because: kasan: bad access detected [ 29.534739] [ 29.535077] Memory state around the buggy address: [ 29.535706] fff00000c402fb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.536489] fff00000c402fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.537465] >fff00000c402fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.538274] ^ [ 29.539070] fff00000c402fc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.540209] fff00000c402fd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.541133] ==================================================================
[ 20.189871] ================================================================== [ 20.190685] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4ca/0x530 [ 20.191454] Write of size 1 at addr ffff888102a1a278 by task kunit_try_catch/150 [ 20.192058] [ 20.192275] CPU: 0 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 20.194371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.194659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.195356] Call Trace: [ 20.195710] <TASK> [ 20.195928] dump_stack_lvl+0x73/0xb0 [ 20.196588] print_report+0xd1/0x640 [ 20.196907] ? __virt_addr_valid+0x1db/0x2d0 [ 20.197552] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.197945] kasan_report+0x102/0x140 [ 20.198584] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 20.199129] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 20.199733] __asan_report_store1_noabort+0x1b/0x30 [ 20.200317] kmalloc_track_caller_oob_right+0x4ca/0x530 [ 20.200862] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 20.201550] ? __schedule+0xc3e/0x2790 [ 20.201865] ? __pfx_read_tsc+0x10/0x10 [ 20.202429] ? ktime_get_ts64+0x84/0x230 [ 20.202926] kunit_try_run_case+0x1b3/0x490 [ 20.203517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.203971] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 20.204627] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.205134] ? __kthread_parkme+0x82/0x160 [ 20.205655] ? preempt_count_sub+0x50/0x80 [ 20.206259] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.206658] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.207439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.208007] kthread+0x257/0x310 [ 20.208483] ? __pfx_kthread+0x10/0x10 [ 20.208954] ret_from_fork+0x41/0x80 [ 20.209529] ? __pfx_kthread+0x10/0x10 [ 20.209957] ret_from_fork_asm+0x1a/0x30 [ 20.210599] </TASK> [ 20.210840] [ 20.210990] Allocated by task 150: [ 20.211937] kasan_save_stack+0x3d/0x60 [ 20.212285] kasan_save_track+0x18/0x40 [ 20.212838] kasan_save_alloc_info+0x3b/0x50 [ 20.213263] __kasan_kmalloc+0xb7/0xc0 [ 20.213582] __kmalloc_node_track_caller_noprof+0x1c6/0x500 [ 20.214123] kmalloc_track_caller_oob_right+0x9a/0x530 [ 20.215029] kunit_try_run_case+0x1b3/0x490 [ 20.215956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.216861] kthread+0x257/0x310 [ 20.217747] ret_from_fork+0x41/0x80 [ 20.218243] ret_from_fork_asm+0x1a/0x30 [ 20.218817] [ 20.219031] The buggy address belongs to the object at ffff888102a1a200 [ 20.219031] which belongs to the cache kmalloc-128 of size 128 [ 20.220716] The buggy address is located 0 bytes to the right of [ 20.220716] allocated 120-byte region [ffff888102a1a200, ffff888102a1a278) [ 20.222358] [ 20.222714] The buggy address belongs to the physical page: [ 20.223659] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1a [ 20.224750] flags: 0x200000000000000(node=0|zone=2) [ 20.225602] page_type: f5(slab) [ 20.225826] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.226731] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 20.227623] page dumped because: kasan: bad access detected [ 20.228364] [ 20.228518] Memory state around the buggy address: [ 20.229683] ffff888102a1a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.230515] ffff888102a1a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.231049] >ffff888102a1a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.231948] ^ [ 20.232891] ffff888102a1a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.233807] ffff888102a1a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.234641] ================================================================== [ 20.235887] ================================================================== [ 20.237136] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b3/0x530 [ 20.238382] Write of size 1 at addr ffff888102a1a378 by task kunit_try_catch/150 [ 20.239441] [ 20.239673] CPU: 0 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.12.0-next-20241128 #1 [ 20.241064] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.241556] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.242428] Call Trace: [ 20.242737] <TASK> [ 20.242993] dump_stack_lvl+0x73/0xb0 [ 20.243448] print_report+0xd1/0x640 [ 20.243940] ? __virt_addr_valid+0x1db/0x2d0 [ 20.244603] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.244982] kasan_report+0x102/0x140 [ 20.245988] ? kmalloc_track_caller_oob_right+0x4b3/0x530 [ 20.246835] ? kmalloc_track_caller_oob_right+0x4b3/0x530 [ 20.247639] __asan_report_store1_noabort+0x1b/0x30 [ 20.248316] kmalloc_track_caller_oob_right+0x4b3/0x530 [ 20.248903] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 20.249565] ? __schedule+0xc3e/0x2790 [ 20.250043] ? __pfx_read_tsc+0x10/0x10 [ 20.250874] ? ktime_get_ts64+0x84/0x230 [ 20.251534] kunit_try_run_case+0x1b3/0x490 [ 20.252329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.252811] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 20.253494] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.254061] ? __kthread_parkme+0x82/0x160 [ 20.254864] ? preempt_count_sub+0x50/0x80 [ 20.255564] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.256198] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.256744] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.257329] kthread+0x257/0x310 [ 20.257830] ? __pfx_kthread+0x10/0x10 [ 20.258693] ret_from_fork+0x41/0x80 [ 20.259244] ? __pfx_kthread+0x10/0x10 [ 20.259906] ret_from_fork_asm+0x1a/0x30 [ 20.260613] </TASK> [ 20.260993] [ 20.261470] Allocated by task 150: [ 20.261815] kasan_save_stack+0x3d/0x60 [ 20.262810] kasan_save_track+0x18/0x40 [ 20.263295] kasan_save_alloc_info+0x3b/0x50 [ 20.264038] __kasan_kmalloc+0xb7/0xc0 [ 20.264553] __kmalloc_node_track_caller_noprof+0x1c6/0x500 [ 20.265323] kmalloc_track_caller_oob_right+0x19b/0x530 [ 20.265779] kunit_try_run_case+0x1b3/0x490 [ 20.266711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.267416] kthread+0x257/0x310 [ 20.267814] ret_from_fork+0x41/0x80 [ 20.268189] ret_from_fork_asm+0x1a/0x30 [ 20.268769] [ 20.268991] The buggy address belongs to the object at ffff888102a1a300 [ 20.268991] which belongs to the cache kmalloc-128 of size 128 [ 20.270753] The buggy address is located 0 bytes to the right of [ 20.270753] allocated 120-byte region [ffff888102a1a300, ffff888102a1a378) [ 20.272111] [ 20.272550] The buggy address belongs to the physical page: [ 20.273276] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1a [ 20.273987] flags: 0x200000000000000(node=0|zone=2) [ 20.274775] page_type: f5(slab) [ 20.275332] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.276036] raw: 0000000000000000 0000000080100010 00000001f5000000 0000000000000000 [ 20.276874] page dumped because: kasan: bad access detected [ 20.277563] [ 20.277815] Memory state around the buggy address: [ 20.278722] ffff888102a1a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.279527] ffff888102a1a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.280313] >ffff888102a1a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.280963] ^ [ 20.281968] ffff888102a1a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.282849] ffff888102a1a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.283761] ==================================================================