Date
Dec. 3, 2024, 11:38 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.464501] ================================================================== [ 30.465637] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 30.466495] Write of size 2 at addr fff00000c58d3877 by task kunit_try_catch/161 [ 30.467226] [ 30.467648] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 30.468886] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.470153] Hardware name: linux,dummy-virt (DT) [ 30.471435] Call trace: [ 30.472193] show_stack+0x20/0x38 (C) [ 30.473615] dump_stack_lvl+0x8c/0xd0 [ 30.474509] print_report+0x118/0x5e0 [ 30.475423] kasan_report+0xc8/0x118 [ 30.476416] kasan_check_range+0x100/0x1a8 [ 30.477343] __asan_memset+0x34/0x78 [ 30.477953] kmalloc_oob_memset_2+0x150/0x2f8 [ 30.478682] kunit_try_run_case+0x14c/0x3d0 [ 30.479813] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.480919] kthread+0x24c/0x2d0 [ 30.481355] ret_from_fork+0x10/0x20 [ 30.481797] [ 30.482238] Allocated by task 161: [ 30.482781] kasan_save_stack+0x3c/0x68 [ 30.483295] kasan_save_track+0x20/0x40 [ 30.484096] kasan_save_alloc_info+0x40/0x58 [ 30.484836] __kasan_kmalloc+0xd4/0xd8 [ 30.485482] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.486423] kmalloc_oob_memset_2+0xb0/0x2f8 [ 30.487753] kunit_try_run_case+0x14c/0x3d0 [ 30.488977] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.489606] kthread+0x24c/0x2d0 [ 30.490495] ret_from_fork+0x10/0x20 [ 30.491156] [ 30.491510] The buggy address belongs to the object at fff00000c58d3800 [ 30.491510] which belongs to the cache kmalloc-128 of size 128 [ 30.493592] The buggy address is located 119 bytes inside of [ 30.493592] allocated 120-byte region [fff00000c58d3800, fff00000c58d3878) [ 30.494898] [ 30.495740] The buggy address belongs to the physical page: [ 30.496404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d3 [ 30.497904] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.498915] page_type: f5(slab) [ 30.499713] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.500902] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.501963] page dumped because: kasan: bad access detected [ 30.502774] [ 30.503412] Memory state around the buggy address: [ 30.504191] fff00000c58d3700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 30.505386] fff00000c58d3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.506495] >fff00000c58d3800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.508099] ^ [ 30.509063] fff00000c58d3880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.509797] fff00000c58d3900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.511209] ================================================================== [ 30.521596] ================================================================== [ 30.522676] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 30.523608] Write of size 4 at addr fff00000c58d3975 by task kunit_try_catch/163 [ 30.524698] [ 30.525136] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 30.526789] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.527412] Hardware name: linux,dummy-virt (DT) [ 30.527991] Call trace: [ 30.528482] show_stack+0x20/0x38 (C) [ 30.529105] dump_stack_lvl+0x8c/0xd0 [ 30.529862] print_report+0x118/0x5e0 [ 30.530397] kasan_report+0xc8/0x118 [ 30.531111] kasan_check_range+0x100/0x1a8 [ 30.531893] __asan_memset+0x34/0x78 [ 30.532622] kmalloc_oob_memset_4+0x150/0x300 [ 30.533247] kunit_try_run_case+0x14c/0x3d0 [ 30.534640] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.535417] kthread+0x24c/0x2d0 [ 30.535971] ret_from_fork+0x10/0x20 [ 30.536552] [ 30.536975] Allocated by task 163: [ 30.537452] kasan_save_stack+0x3c/0x68 [ 30.538122] kasan_save_track+0x20/0x40 [ 30.538751] kasan_save_alloc_info+0x40/0x58 [ 30.540119] __kasan_kmalloc+0xd4/0xd8 [ 30.540704] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.541380] kmalloc_oob_memset_4+0xb0/0x300 [ 30.541930] kunit_try_run_case+0x14c/0x3d0 [ 30.542603] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.543633] kthread+0x24c/0x2d0 [ 30.544412] ret_from_fork+0x10/0x20 [ 30.544990] [ 30.545311] The buggy address belongs to the object at fff00000c58d3900 [ 30.545311] which belongs to the cache kmalloc-128 of size 128 [ 30.546756] The buggy address is located 117 bytes inside of [ 30.546756] allocated 120-byte region [fff00000c58d3900, fff00000c58d3978) [ 30.549746] [ 30.550176] The buggy address belongs to the physical page: [ 30.550882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d3 [ 30.552644] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.553498] page_type: f5(slab) [ 30.554160] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.555281] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.556228] page dumped because: kasan: bad access detected [ 30.557343] [ 30.557745] Memory state around the buggy address: [ 30.558491] fff00000c58d3800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.559639] fff00000c58d3880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.560947] >fff00000c58d3900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.561738] ^ [ 30.562478] fff00000c58d3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.563872] fff00000c58d3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.564992] ================================================================== [ 30.574914] ================================================================== [ 30.576739] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 30.577761] Write of size 8 at addr fff00000c58d3a71 by task kunit_try_catch/165 [ 30.578725] [ 30.579503] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 30.580721] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.581513] Hardware name: linux,dummy-virt (DT) [ 30.582234] Call trace: [ 30.582643] show_stack+0x20/0x38 (C) [ 30.583294] dump_stack_lvl+0x8c/0xd0 [ 30.584145] print_report+0x118/0x5e0 [ 30.585094] kasan_report+0xc8/0x118 [ 30.585588] kasan_check_range+0x100/0x1a8 [ 30.586309] __asan_memset+0x34/0x78 [ 30.587039] kmalloc_oob_memset_8+0x150/0x2f8 [ 30.588118] kunit_try_run_case+0x14c/0x3d0 [ 30.588939] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.589764] kthread+0x24c/0x2d0 [ 30.590417] ret_from_fork+0x10/0x20 [ 30.591574] [ 30.591848] Allocated by task 165: [ 30.592492] kasan_save_stack+0x3c/0x68 [ 30.593216] kasan_save_track+0x20/0x40 [ 30.593932] kasan_save_alloc_info+0x40/0x58 [ 30.594491] __kasan_kmalloc+0xd4/0xd8 [ 30.595724] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.596550] kmalloc_oob_memset_8+0xb0/0x2f8 [ 30.597198] kunit_try_run_case+0x14c/0x3d0 [ 30.597894] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.598556] kthread+0x24c/0x2d0 [ 30.599457] ret_from_fork+0x10/0x20 [ 30.599860] [ 30.600198] The buggy address belongs to the object at fff00000c58d3a00 [ 30.600198] which belongs to the cache kmalloc-128 of size 128 [ 30.602241] The buggy address is located 113 bytes inside of [ 30.602241] allocated 120-byte region [fff00000c58d3a00, fff00000c58d3a78) [ 30.604285] [ 30.604721] The buggy address belongs to the physical page: [ 30.605687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d3 [ 30.606864] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.607825] page_type: f5(slab) [ 30.608289] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.609451] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.610537] page dumped because: kasan: bad access detected [ 30.611343] [ 30.611601] Memory state around the buggy address: [ 30.612289] fff00000c58d3900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.613346] fff00000c58d3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.614180] >fff00000c58d3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.615504] ^ [ 30.616361] fff00000c58d3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.617435] fff00000c58d3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.618303] ================================================================== [ 30.628503] ================================================================== [ 30.629696] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 30.630585] Write of size 16 at addr fff00000c58d3b69 by task kunit_try_catch/167 [ 30.631362] [ 30.631738] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 30.632813] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.633558] Hardware name: linux,dummy-virt (DT) [ 30.634440] Call trace: [ 30.634804] show_stack+0x20/0x38 (C) [ 30.635502] dump_stack_lvl+0x8c/0xd0 [ 30.636171] print_report+0x118/0x5e0 [ 30.636893] kasan_report+0xc8/0x118 [ 30.637470] kasan_check_range+0x100/0x1a8 [ 30.638102] __asan_memset+0x34/0x78 [ 30.638790] kmalloc_oob_memset_16+0x150/0x2f8 [ 30.639440] kunit_try_run_case+0x14c/0x3d0 [ 30.640139] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.640927] kthread+0x24c/0x2d0 [ 30.641581] ret_from_fork+0x10/0x20 [ 30.642200] [ 30.642508] Allocated by task 167: [ 30.643068] kasan_save_stack+0x3c/0x68 [ 30.643791] kasan_save_track+0x20/0x40 [ 30.644405] kasan_save_alloc_info+0x40/0x58 [ 30.644975] __kasan_kmalloc+0xd4/0xd8 [ 30.645517] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.646216] kmalloc_oob_memset_16+0xb0/0x2f8 [ 30.646840] kunit_try_run_case+0x14c/0x3d0 [ 30.647451] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.648176] kthread+0x24c/0x2d0 [ 30.648634] ret_from_fork+0x10/0x20 [ 30.649225] [ 30.649588] The buggy address belongs to the object at fff00000c58d3b00 [ 30.649588] which belongs to the cache kmalloc-128 of size 128 [ 30.651036] The buggy address is located 105 bytes inside of [ 30.651036] allocated 120-byte region [fff00000c58d3b00, fff00000c58d3b78) [ 30.652431] [ 30.652745] The buggy address belongs to the physical page: [ 30.653585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058d3 [ 30.654525] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.655366] page_type: f5(slab) [ 30.655985] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.656853] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.657926] page dumped because: kasan: bad access detected [ 30.658559] [ 30.658889] Memory state around the buggy address: [ 30.659580] fff00000c58d3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.660460] fff00000c58d3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.661264] >fff00000c58d3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.662150] ^ [ 30.663023] fff00000c58d3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.663968] fff00000c58d3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.664912] ==================================================================
[ 26.109849] ================================================================== [ 26.110590] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x167/0x330 [ 26.112084] Write of size 4 at addr ffff888102985375 by task kunit_try_catch/183 [ 26.113293] [ 26.113489] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 26.115047] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.115383] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.116610] Call Trace: [ 26.117090] <TASK> [ 26.117610] dump_stack_lvl+0x73/0xb0 [ 26.118351] print_report+0xd1/0x640 [ 26.118734] ? __virt_addr_valid+0x1db/0x2d0 [ 26.119231] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.120007] kasan_report+0x102/0x140 [ 26.120254] ? kmalloc_oob_memset_4+0x167/0x330 [ 26.121260] ? kmalloc_oob_memset_4+0x167/0x330 [ 26.122218] kasan_check_range+0x10c/0x1c0 [ 26.122595] __asan_memset+0x27/0x50 [ 26.122844] kmalloc_oob_memset_4+0x167/0x330 [ 26.123598] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 26.124927] ? __schedule+0xc3e/0x2790 [ 26.125273] ? __pfx_read_tsc+0x10/0x10 [ 26.126122] ? ktime_get_ts64+0x86/0x230 [ 26.126521] kunit_try_run_case+0x1b3/0x490 [ 26.126944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.127523] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.128246] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.129217] ? __kthread_parkme+0x82/0x160 [ 26.129577] ? preempt_count_sub+0x50/0x80 [ 26.130275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.130954] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.131541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.132171] kthread+0x257/0x310 [ 26.132652] ? __pfx_kthread+0x10/0x10 [ 26.133439] ret_from_fork+0x41/0x80 [ 26.133892] ? __pfx_kthread+0x10/0x10 [ 26.134323] ret_from_fork_asm+0x1a/0x30 [ 26.135153] </TASK> [ 26.135519] [ 26.135917] Allocated by task 183: [ 26.136221] kasan_save_stack+0x3d/0x60 [ 26.137186] kasan_save_track+0x18/0x40 [ 26.137864] kasan_save_alloc_info+0x3b/0x50 [ 26.138283] __kasan_kmalloc+0xb7/0xc0 [ 26.138648] __kmalloc_cache_noprof+0x184/0x410 [ 26.139148] kmalloc_oob_memset_4+0xad/0x330 [ 26.139756] kunit_try_run_case+0x1b3/0x490 [ 26.140190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.140814] kthread+0x257/0x310 [ 26.141189] ret_from_fork+0x41/0x80 [ 26.142127] ret_from_fork_asm+0x1a/0x30 [ 26.142434] [ 26.142858] The buggy address belongs to the object at ffff888102985300 [ 26.142858] which belongs to the cache kmalloc-128 of size 128 [ 26.143676] The buggy address is located 117 bytes inside of [ 26.143676] allocated 120-byte region [ffff888102985300, ffff888102985378) [ 26.145095] [ 26.145327] The buggy address belongs to the physical page: [ 26.145839] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102985 [ 26.146809] flags: 0x200000000000000(node=0|zone=2) [ 26.148014] page_type: f5(slab) [ 26.148460] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.149094] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.149905] page dumped because: kasan: bad access detected [ 26.150524] [ 26.150684] Memory state around the buggy address: [ 26.151688] ffff888102985200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.152420] ffff888102985280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.153258] >ffff888102985300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.153856] ^ [ 26.154547] ffff888102985380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.155030] ffff888102985400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.155758] ================================================================== [ 26.210048] ================================================================== [ 26.210978] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x167/0x330 [ 26.211780] Write of size 16 at addr ffff888102a11869 by task kunit_try_catch/187 [ 26.212151] [ 26.213043] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 26.213780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.214327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.215176] Call Trace: [ 26.215669] <TASK> [ 26.215875] dump_stack_lvl+0x73/0xb0 [ 26.216203] print_report+0xd1/0x640 [ 26.217176] ? __virt_addr_valid+0x1db/0x2d0 [ 26.217710] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.218165] kasan_report+0x102/0x140 [ 26.218506] ? kmalloc_oob_memset_16+0x167/0x330 [ 26.218891] ? kmalloc_oob_memset_16+0x167/0x330 [ 26.219362] kasan_check_range+0x10c/0x1c0 [ 26.219834] __asan_memset+0x27/0x50 [ 26.220406] kmalloc_oob_memset_16+0x167/0x330 [ 26.220954] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 26.221542] ? __schedule+0xc3e/0x2790 [ 26.221874] ? __pfx_read_tsc+0x10/0x10 [ 26.222341] ? ktime_get_ts64+0x86/0x230 [ 26.222780] kunit_try_run_case+0x1b3/0x490 [ 26.223239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.223767] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.224247] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.224844] ? __kthread_parkme+0x82/0x160 [ 26.225330] ? preempt_count_sub+0x50/0x80 [ 26.225770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.226373] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.226887] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.227507] kthread+0x257/0x310 [ 26.227837] ? __pfx_kthread+0x10/0x10 [ 26.228320] ret_from_fork+0x41/0x80 [ 26.228775] ? __pfx_kthread+0x10/0x10 [ 26.229194] ret_from_fork_asm+0x1a/0x30 [ 26.229698] </TASK> [ 26.229988] [ 26.230232] Allocated by task 187: [ 26.230567] kasan_save_stack+0x3d/0x60 [ 26.230967] kasan_save_track+0x18/0x40 [ 26.231431] kasan_save_alloc_info+0x3b/0x50 [ 26.231904] __kasan_kmalloc+0xb7/0xc0 [ 26.232348] __kmalloc_cache_noprof+0x184/0x410 [ 26.232898] kmalloc_oob_memset_16+0xad/0x330 [ 26.233251] kunit_try_run_case+0x1b3/0x490 [ 26.233734] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.234240] kthread+0x257/0x310 [ 26.234671] ret_from_fork+0x41/0x80 [ 26.235126] ret_from_fork_asm+0x1a/0x30 [ 26.235543] [ 26.235853] The buggy address belongs to the object at ffff888102a11800 [ 26.235853] which belongs to the cache kmalloc-128 of size 128 [ 26.236798] The buggy address is located 105 bytes inside of [ 26.236798] allocated 120-byte region [ffff888102a11800, ffff888102a11878) [ 26.237732] [ 26.238017] The buggy address belongs to the physical page: [ 26.238412] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a11 [ 26.239187] flags: 0x200000000000000(node=0|zone=2) [ 26.239733] page_type: f5(slab) [ 26.240085] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.240703] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.241141] page dumped because: kasan: bad access detected [ 26.241419] [ 26.241561] Memory state around the buggy address: [ 26.241822] ffff888102a11700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.242585] ffff888102a11780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.243215] >ffff888102a11800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.243907] ^ [ 26.244691] ffff888102a11880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.245130] ffff888102a11900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.245521] ================================================================== [ 26.057034] ================================================================== [ 26.057666] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x167/0x330 [ 26.058237] Write of size 2 at addr ffff888102a11577 by task kunit_try_catch/181 [ 26.058685] [ 26.058861] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 26.060071] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.062006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.062972] Call Trace: [ 26.063516] <TASK> [ 26.063760] dump_stack_lvl+0x73/0xb0 [ 26.064109] print_report+0xd1/0x640 [ 26.064604] ? __virt_addr_valid+0x1db/0x2d0 [ 26.064929] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.066437] kasan_report+0x102/0x140 [ 26.066920] ? kmalloc_oob_memset_2+0x167/0x330 [ 26.067549] ? kmalloc_oob_memset_2+0x167/0x330 [ 26.068070] kasan_check_range+0x10c/0x1c0 [ 26.068434] __asan_memset+0x27/0x50 [ 26.069664] kmalloc_oob_memset_2+0x167/0x330 [ 26.070022] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 26.070870] ? __schedule+0xc3e/0x2790 [ 26.071162] ? __pfx_read_tsc+0x10/0x10 [ 26.071923] ? ktime_get_ts64+0x86/0x230 [ 26.072319] kunit_try_run_case+0x1b3/0x490 [ 26.073296] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.073641] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.074150] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.074623] ? __kthread_parkme+0x82/0x160 [ 26.075271] ? preempt_count_sub+0x50/0x80 [ 26.075634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.075990] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.076661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.077366] kthread+0x257/0x310 [ 26.078071] ? __pfx_kthread+0x10/0x10 [ 26.078439] ret_from_fork+0x41/0x80 [ 26.079433] ? __pfx_kthread+0x10/0x10 [ 26.080120] ret_from_fork_asm+0x1a/0x30 [ 26.080510] </TASK> [ 26.081331] [ 26.081466] Allocated by task 181: [ 26.081791] kasan_save_stack+0x3d/0x60 [ 26.082316] kasan_save_track+0x18/0x40 [ 26.083240] kasan_save_alloc_info+0x3b/0x50 [ 26.084132] __kasan_kmalloc+0xb7/0xc0 [ 26.084455] __kmalloc_cache_noprof+0x184/0x410 [ 26.085114] kmalloc_oob_memset_2+0xad/0x330 [ 26.085756] kunit_try_run_case+0x1b3/0x490 [ 26.086637] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.087042] kthread+0x257/0x310 [ 26.087737] ret_from_fork+0x41/0x80 [ 26.087982] ret_from_fork_asm+0x1a/0x30 [ 26.088387] [ 26.089242] The buggy address belongs to the object at ffff888102a11500 [ 26.089242] which belongs to the cache kmalloc-128 of size 128 [ 26.089971] The buggy address is located 119 bytes inside of [ 26.089971] allocated 120-byte region [ffff888102a11500, ffff888102a11578) [ 26.091443] [ 26.092136] The buggy address belongs to the physical page: [ 26.092903] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a11 [ 26.093708] flags: 0x200000000000000(node=0|zone=2) [ 26.094321] page_type: f5(slab) [ 26.094889] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.095486] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.096157] page dumped because: kasan: bad access detected [ 26.096743] [ 26.097018] Memory state around the buggy address: [ 26.097802] ffff888102a11400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.099313] ffff888102a11480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.099844] >ffff888102a11500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.100403] ^ [ 26.101345] ffff888102a11580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.102346] ffff888102a11600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.103314] ================================================================== [ 26.163835] ================================================================== [ 26.164767] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x167/0x330 [ 26.165393] Write of size 8 at addr ffff888102a11771 by task kunit_try_catch/185 [ 26.166119] [ 26.166296] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241203 #1 [ 26.168324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.168604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.169516] Call Trace: [ 26.169841] <TASK> [ 26.170226] dump_stack_lvl+0x73/0xb0 [ 26.171026] print_report+0xd1/0x640 [ 26.171452] ? __virt_addr_valid+0x1db/0x2d0 [ 26.171916] ? kasan_complete_mode_report_info+0x2a/0x200 [ 26.172357] kasan_report+0x102/0x140 [ 26.172653] ? kmalloc_oob_memset_8+0x167/0x330 [ 26.173302] ? kmalloc_oob_memset_8+0x167/0x330 [ 26.173911] kasan_check_range+0x10c/0x1c0 [ 26.174252] __asan_memset+0x27/0x50 [ 26.175029] kmalloc_oob_memset_8+0x167/0x330 [ 26.175525] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 26.176104] ? __schedule+0xc3e/0x2790 [ 26.176560] ? __pfx_read_tsc+0x10/0x10 [ 26.177144] ? ktime_get_ts64+0x86/0x230 [ 26.177534] kunit_try_run_case+0x1b3/0x490 [ 26.178129] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.178984] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.179454] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.179981] ? __kthread_parkme+0x82/0x160 [ 26.180429] ? preempt_count_sub+0x50/0x80 [ 26.181107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.181431] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.182022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.182371] kthread+0x257/0x310 [ 26.182731] ? __pfx_kthread+0x10/0x10 [ 26.183119] ret_from_fork+0x41/0x80 [ 26.183493] ? __pfx_kthread+0x10/0x10 [ 26.183753] ret_from_fork_asm+0x1a/0x30 [ 26.184937] </TASK> [ 26.185213] [ 26.185420] Allocated by task 185: [ 26.185931] kasan_save_stack+0x3d/0x60 [ 26.186314] kasan_save_track+0x18/0x40 [ 26.186606] kasan_save_alloc_info+0x3b/0x50 [ 26.187173] __kasan_kmalloc+0xb7/0xc0 [ 26.187579] __kmalloc_cache_noprof+0x184/0x410 [ 26.188462] kmalloc_oob_memset_8+0xad/0x330 [ 26.189106] kunit_try_run_case+0x1b3/0x490 [ 26.189380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.189996] kthread+0x257/0x310 [ 26.190287] ret_from_fork+0x41/0x80 [ 26.190571] ret_from_fork_asm+0x1a/0x30 [ 26.190972] [ 26.191338] The buggy address belongs to the object at ffff888102a11700 [ 26.191338] which belongs to the cache kmalloc-128 of size 128 [ 26.192704] The buggy address is located 113 bytes inside of [ 26.192704] allocated 120-byte region [ffff888102a11700, ffff888102a11778) [ 26.193525] [ 26.193750] The buggy address belongs to the physical page: [ 26.194241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a11 [ 26.194745] flags: 0x200000000000000(node=0|zone=2) [ 26.195352] page_type: f5(slab) [ 26.196033] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 26.196920] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.197756] page dumped because: kasan: bad access detected [ 26.198149] [ 26.198294] Memory state around the buggy address: [ 26.198890] ffff888102a11600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.199494] ffff888102a11680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.199863] >ffff888102a11700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.200453] ^ [ 26.201019] ffff888102a11780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.202220] ffff888102a11800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.202868] ==================================================================