Date
Dec. 4, 2024, 3:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 32.036948] ================================================================== [ 32.038575] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 32.039731] Write of size 2 at addr fff00000c6723e77 by task kunit_try_catch/160 [ 32.040613] [ 32.041201] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 32.042762] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.043403] Hardware name: linux,dummy-virt (DT) [ 32.043923] Call trace: [ 32.044297] show_stack+0x20/0x38 (C) [ 32.045001] dump_stack_lvl+0x8c/0xd0 [ 32.045567] print_report+0x118/0x5e0 [ 32.046358] kasan_report+0xc8/0x118 [ 32.047407] kasan_check_range+0x100/0x1a8 [ 32.048065] __asan_memset+0x34/0x78 [ 32.048653] kmalloc_oob_memset_2+0x150/0x2f8 [ 32.049326] kunit_try_run_case+0x14c/0x3d0 [ 32.050405] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.051216] kthread+0x24c/0x2d0 [ 32.051591] ret_from_fork+0x10/0x20 [ 32.052177] [ 32.052572] Allocated by task 160: [ 32.053395] kasan_save_stack+0x3c/0x68 [ 32.054193] kasan_save_track+0x20/0x40 [ 32.054748] kasan_save_alloc_info+0x40/0x58 [ 32.055420] __kasan_kmalloc+0xd4/0xd8 [ 32.056270] __kmalloc_cache_noprof+0x15c/0x3c0 [ 32.056985] kmalloc_oob_memset_2+0xb0/0x2f8 [ 32.057674] kunit_try_run_case+0x14c/0x3d0 [ 32.058781] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.059557] kthread+0x24c/0x2d0 [ 32.060136] ret_from_fork+0x10/0x20 [ 32.060783] [ 32.061156] The buggy address belongs to the object at fff00000c6723e00 [ 32.061156] which belongs to the cache kmalloc-128 of size 128 [ 32.063324] The buggy address is located 119 bytes inside of [ 32.063324] allocated 120-byte region [fff00000c6723e00, fff00000c6723e78) [ 32.065074] [ 32.065380] The buggy address belongs to the physical page: [ 32.066504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106723 [ 32.067530] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.068323] page_type: f5(slab) [ 32.068930] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.069868] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.070769] page dumped because: kasan: bad access detected [ 32.071531] [ 32.072179] Memory state around the buggy address: [ 32.072785] fff00000c6723d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.073871] fff00000c6723d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.074762] >fff00000c6723e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.075565] ^ [ 32.076525] fff00000c6723e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.077366] fff00000c6723f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.078290] ================================================================== [ 32.148114] ================================================================== [ 32.149309] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 32.150240] Write of size 8 at addr fff00000c6763071 by task kunit_try_catch/164 [ 32.151999] [ 32.152320] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 32.153681] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.154339] Hardware name: linux,dummy-virt (DT) [ 32.155776] Call trace: [ 32.156465] show_stack+0x20/0x38 (C) [ 32.157266] dump_stack_lvl+0x8c/0xd0 [ 32.158083] print_report+0x118/0x5e0 [ 32.158831] kasan_report+0xc8/0x118 [ 32.159465] kasan_check_range+0x100/0x1a8 [ 32.160061] __asan_memset+0x34/0x78 [ 32.160849] kmalloc_oob_memset_8+0x150/0x2f8 [ 32.161648] kunit_try_run_case+0x14c/0x3d0 [ 32.162294] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.163561] kthread+0x24c/0x2d0 [ 32.164108] ret_from_fork+0x10/0x20 [ 32.164941] [ 32.165293] Allocated by task 164: [ 32.166237] kasan_save_stack+0x3c/0x68 [ 32.166928] kasan_save_track+0x20/0x40 [ 32.167690] kasan_save_alloc_info+0x40/0x58 [ 32.168332] __kasan_kmalloc+0xd4/0xd8 [ 32.168913] __kmalloc_cache_noprof+0x15c/0x3c0 [ 32.169658] kmalloc_oob_memset_8+0xb0/0x2f8 [ 32.170938] kunit_try_run_case+0x14c/0x3d0 [ 32.171465] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.172211] kthread+0x24c/0x2d0 [ 32.173335] ret_from_fork+0x10/0x20 [ 32.173930] [ 32.174351] The buggy address belongs to the object at fff00000c6763000 [ 32.174351] which belongs to the cache kmalloc-128 of size 128 [ 32.176157] The buggy address is located 113 bytes inside of [ 32.176157] allocated 120-byte region [fff00000c6763000, fff00000c6763078) [ 32.177598] [ 32.178356] The buggy address belongs to the physical page: [ 32.179059] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106763 [ 32.180064] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.180891] page_type: f5(slab) [ 32.181403] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.182816] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.183734] page dumped because: kasan: bad access detected [ 32.184323] [ 32.184707] Memory state around the buggy address: [ 32.185277] fff00000c6762f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.186756] fff00000c6762f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.187791] >fff00000c6763000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.188670] ^ [ 32.189579] fff00000c6763080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.191198] fff00000c6763100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.191944] ================================================================== [ 32.091212] ================================================================== [ 32.092396] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 32.093115] Write of size 4 at addr fff00000c674d375 by task kunit_try_catch/162 [ 32.094173] [ 32.095910] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 32.097123] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.097692] Hardware name: linux,dummy-virt (DT) [ 32.098978] Call trace: [ 32.099433] show_stack+0x20/0x38 (C) [ 32.100200] dump_stack_lvl+0x8c/0xd0 [ 32.100782] print_report+0x118/0x5e0 [ 32.101422] kasan_report+0xc8/0x118 [ 32.102386] kasan_check_range+0x100/0x1a8 [ 32.103024] __asan_memset+0x34/0x78 [ 32.103687] kmalloc_oob_memset_4+0x150/0x300 [ 32.104160] kunit_try_run_case+0x14c/0x3d0 [ 32.105357] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.106581] kthread+0x24c/0x2d0 [ 32.107104] ret_from_fork+0x10/0x20 [ 32.107698] [ 32.108014] Allocated by task 162: [ 32.108443] kasan_save_stack+0x3c/0x68 [ 32.109141] kasan_save_track+0x20/0x40 [ 32.109604] kasan_save_alloc_info+0x40/0x58 [ 32.110741] __kasan_kmalloc+0xd4/0xd8 [ 32.111474] __kmalloc_cache_noprof+0x15c/0x3c0 [ 32.112499] kmalloc_oob_memset_4+0xb0/0x300 [ 32.113107] kunit_try_run_case+0x14c/0x3d0 [ 32.114249] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.115033] kthread+0x24c/0x2d0 [ 32.115777] ret_from_fork+0x10/0x20 [ 32.116296] [ 32.116618] The buggy address belongs to the object at fff00000c674d300 [ 32.116618] which belongs to the cache kmalloc-128 of size 128 [ 32.118988] The buggy address is located 117 bytes inside of [ 32.118988] allocated 120-byte region [fff00000c674d300, fff00000c674d378) [ 32.122710] [ 32.123468] The buggy address belongs to the physical page: [ 32.123959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10674d [ 32.124427] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.125065] page_type: f5(slab) [ 32.125616] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.126957] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.127592] page dumped because: kasan: bad access detected [ 32.128750] [ 32.129340] Memory state around the buggy address: [ 32.131405] fff00000c674d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 32.132810] fff00000c674d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.134025] >fff00000c674d300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.135526] ^ [ 32.136019] fff00000c674d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.136435] fff00000c674d400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.137076] ================================================================== [ 32.203199] ================================================================== [ 32.204475] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 32.205307] Write of size 16 at addr fff00000c6763169 by task kunit_try_catch/166 [ 32.206857] [ 32.207613] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 32.209055] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.210110] Hardware name: linux,dummy-virt (DT) [ 32.210745] Call trace: [ 32.211152] show_stack+0x20/0x38 (C) [ 32.211939] dump_stack_lvl+0x8c/0xd0 [ 32.212563] print_report+0x118/0x5e0 [ 32.213312] kasan_report+0xc8/0x118 [ 32.214262] kasan_check_range+0x100/0x1a8 [ 32.215129] __asan_memset+0x34/0x78 [ 32.215809] kmalloc_oob_memset_16+0x150/0x2f8 [ 32.216418] kunit_try_run_case+0x14c/0x3d0 [ 32.217046] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.218273] kthread+0x24c/0x2d0 [ 32.219076] ret_from_fork+0x10/0x20 [ 32.219830] [ 32.220247] Allocated by task 166: [ 32.220876] kasan_save_stack+0x3c/0x68 [ 32.222110] kasan_save_track+0x20/0x40 [ 32.222615] kasan_save_alloc_info+0x40/0x58 [ 32.223434] __kasan_kmalloc+0xd4/0xd8 [ 32.224129] __kmalloc_cache_noprof+0x15c/0x3c0 [ 32.224895] kmalloc_oob_memset_16+0xb0/0x2f8 [ 32.225568] kunit_try_run_case+0x14c/0x3d0 [ 32.227487] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 32.228191] kthread+0x24c/0x2d0 [ 32.228720] ret_from_fork+0x10/0x20 [ 32.229507] [ 32.230151] The buggy address belongs to the object at fff00000c6763100 [ 32.230151] which belongs to the cache kmalloc-128 of size 128 [ 32.231164] The buggy address is located 105 bytes inside of [ 32.231164] allocated 120-byte region [fff00000c6763100, fff00000c6763178) [ 32.231956] [ 32.232369] The buggy address belongs to the physical page: [ 32.233285] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106763 [ 32.234370] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 32.235693] page_type: f5(slab) [ 32.236158] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 32.237109] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 32.238736] page dumped because: kasan: bad access detected [ 32.239395] [ 32.239730] Memory state around the buggy address: [ 32.240456] fff00000c6763000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.241374] fff00000c6763080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.242660] >fff00000c6763100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 32.243507] ^ [ 32.244393] fff00000c6763180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.245326] fff00000c6763200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.246457] ==================================================================
[ 22.914991] ================================================================== [ 22.915930] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x167/0x330 [ 22.916946] Write of size 4 at addr ffff88810298f075 by task kunit_try_catch/182 [ 22.917685] [ 22.917992] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 22.918906] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.919529] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.921457] Call Trace: [ 22.921854] <TASK> [ 22.922159] dump_stack_lvl+0x73/0xb0 [ 22.922793] print_report+0xd1/0x640 [ 22.923524] ? __virt_addr_valid+0x1db/0x2d0 [ 22.923913] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.924738] kasan_report+0x102/0x140 [ 22.925206] ? kmalloc_oob_memset_4+0x167/0x330 [ 22.925807] ? kmalloc_oob_memset_4+0x167/0x330 [ 22.926945] kasan_check_range+0x10c/0x1c0 [ 22.927630] __asan_memset+0x27/0x50 [ 22.928558] kmalloc_oob_memset_4+0x167/0x330 [ 22.929072] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 22.929616] ? irqentry_exit+0x2a/0x60 [ 22.930014] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 22.930620] ? __pfx_read_tsc+0x10/0x10 [ 22.930944] ? ktime_get_ts64+0x86/0x230 [ 22.931706] kunit_try_run_case+0x1b3/0x490 [ 22.932969] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 22.933372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.934635] ? __kthread_parkme+0x82/0x160 [ 22.935185] ? preempt_count_sub+0x50/0x80 [ 22.936097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.936978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.937687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.939508] kthread+0x257/0x310 [ 22.939855] ? __pfx_kthread+0x10/0x10 [ 22.940325] ret_from_fork+0x41/0x80 [ 22.941066] ? __pfx_kthread+0x10/0x10 [ 22.941863] ret_from_fork_asm+0x1a/0x30 [ 22.942555] </TASK> [ 22.942976] [ 22.943113] Allocated by task 182: [ 22.943827] kasan_save_stack+0x3d/0x60 [ 22.944940] kasan_save_track+0x18/0x40 [ 22.945991] kasan_save_alloc_info+0x3b/0x50 [ 22.946297] __kasan_kmalloc+0xb7/0xc0 [ 22.946954] __kmalloc_cache_noprof+0x184/0x410 [ 22.948155] kmalloc_oob_memset_4+0xad/0x330 [ 22.949132] kunit_try_run_case+0x1b3/0x490 [ 22.950257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.951257] kthread+0x257/0x310 [ 22.951917] ret_from_fork+0x41/0x80 [ 22.952711] ret_from_fork_asm+0x1a/0x30 [ 22.953940] [ 22.954239] The buggy address belongs to the object at ffff88810298f000 [ 22.954239] which belongs to the cache kmalloc-128 of size 128 [ 22.955429] The buggy address is located 117 bytes inside of [ 22.955429] allocated 120-byte region [ffff88810298f000, ffff88810298f078) [ 22.956255] [ 22.956511] The buggy address belongs to the physical page: [ 22.957103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298f [ 22.957941] flags: 0x200000000000000(node=0|zone=2) [ 22.958454] page_type: f5(slab) [ 22.959056] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.959459] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.960434] page dumped because: kasan: bad access detected [ 22.960843] [ 22.961190] Memory state around the buggy address: [ 22.961671] ffff88810298ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.962409] ffff88810298ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.963295] >ffff88810298f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.964230] ^ [ 22.965061] ffff88810298f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.965902] ffff88810298f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.966615] ================================================================== [ 22.973544] ================================================================== [ 22.974364] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x167/0x330 [ 22.975287] Write of size 8 at addr ffff88810298f271 by task kunit_try_catch/184 [ 22.976380] [ 22.976909] CPU: 1 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 22.979067] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.979840] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.980958] Call Trace: [ 22.981696] <TASK> [ 22.982077] dump_stack_lvl+0x73/0xb0 [ 22.982656] print_report+0xd1/0x640 [ 22.983294] ? __virt_addr_valid+0x1db/0x2d0 [ 22.983750] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.984657] kasan_report+0x102/0x140 [ 22.985156] ? kmalloc_oob_memset_8+0x167/0x330 [ 22.985570] ? kmalloc_oob_memset_8+0x167/0x330 [ 22.986019] kasan_check_range+0x10c/0x1c0 [ 22.986413] __asan_memset+0x27/0x50 [ 22.986842] kmalloc_oob_memset_8+0x167/0x330 [ 22.987574] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 22.987923] ? __schedule+0xc3e/0x2790 [ 22.988338] ? __pfx_read_tsc+0x10/0x10 [ 22.988944] ? ktime_get_ts64+0x86/0x230 [ 22.989767] kunit_try_run_case+0x1b3/0x490 [ 22.990317] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.990794] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 22.991469] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.992850] ? __kthread_parkme+0x82/0x160 [ 22.993532] ? preempt_count_sub+0x50/0x80 [ 22.993942] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.994590] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.995170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.995950] kthread+0x257/0x310 [ 22.996234] ? __pfx_kthread+0x10/0x10 [ 22.996920] ret_from_fork+0x41/0x80 [ 22.997616] ? __pfx_kthread+0x10/0x10 [ 22.998004] ret_from_fork_asm+0x1a/0x30 [ 22.998689] </TASK> [ 22.998979] [ 22.999477] Allocated by task 184: [ 23.000368] kasan_save_stack+0x3d/0x60 [ 23.000978] kasan_save_track+0x18/0x40 [ 23.001491] kasan_save_alloc_info+0x3b/0x50 [ 23.001968] __kasan_kmalloc+0xb7/0xc0 [ 23.002470] __kmalloc_cache_noprof+0x184/0x410 [ 23.003018] kmalloc_oob_memset_8+0xad/0x330 [ 23.003829] kunit_try_run_case+0x1b3/0x490 [ 23.004176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.005041] kthread+0x257/0x310 [ 23.005794] ret_from_fork+0x41/0x80 [ 23.006483] ret_from_fork_asm+0x1a/0x30 [ 23.006817] [ 23.007124] The buggy address belongs to the object at ffff88810298f200 [ 23.007124] which belongs to the cache kmalloc-128 of size 128 [ 23.008291] The buggy address is located 113 bytes inside of [ 23.008291] allocated 120-byte region [ffff88810298f200, ffff88810298f278) [ 23.009529] [ 23.010502] The buggy address belongs to the physical page: [ 23.011434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298f [ 23.012187] flags: 0x200000000000000(node=0|zone=2) [ 23.013125] page_type: f5(slab) [ 23.013746] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.014650] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.015072] page dumped because: kasan: bad access detected [ 23.015475] [ 23.015842] Memory state around the buggy address: [ 23.016203] ffff88810298f100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.017146] ffff88810298f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.018560] >ffff88810298f200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.019208] ^ [ 23.020158] ffff88810298f280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.021155] ffff88810298f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.022806] ================================================================== [ 22.863269] ================================================================== [ 22.864939] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x167/0x330 [ 22.865540] Write of size 2 at addr ffff88810298be77 by task kunit_try_catch/180 [ 22.866180] [ 22.866437] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 22.867523] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.868018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.869604] Call Trace: [ 22.869968] <TASK> [ 22.870199] dump_stack_lvl+0x73/0xb0 [ 22.870791] print_report+0xd1/0x640 [ 22.871404] ? __virt_addr_valid+0x1db/0x2d0 [ 22.871857] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.872495] kasan_report+0x102/0x140 [ 22.872978] ? kmalloc_oob_memset_2+0x167/0x330 [ 22.874009] ? kmalloc_oob_memset_2+0x167/0x330 [ 22.874422] kasan_check_range+0x10c/0x1c0 [ 22.874810] __asan_memset+0x27/0x50 [ 22.875224] kmalloc_oob_memset_2+0x167/0x330 [ 22.875602] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 22.876639] ? __schedule+0xc3e/0x2790 [ 22.877455] ? __pfx_read_tsc+0x10/0x10 [ 22.878047] ? ktime_get_ts64+0x86/0x230 [ 22.878556] kunit_try_run_case+0x1b3/0x490 [ 22.879015] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.880067] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 22.880661] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.881198] ? __kthread_parkme+0x82/0x160 [ 22.881758] ? preempt_count_sub+0x50/0x80 [ 22.882127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.882724] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.883211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.883967] kthread+0x257/0x310 [ 22.884812] ? __pfx_kthread+0x10/0x10 [ 22.885519] ret_from_fork+0x41/0x80 [ 22.885900] ? __pfx_kthread+0x10/0x10 [ 22.886283] ret_from_fork_asm+0x1a/0x30 [ 22.886794] </TASK> [ 22.887390] [ 22.887573] Allocated by task 180: [ 22.887912] kasan_save_stack+0x3d/0x60 [ 22.888386] kasan_save_track+0x18/0x40 [ 22.888706] kasan_save_alloc_info+0x3b/0x50 [ 22.889230] __kasan_kmalloc+0xb7/0xc0 [ 22.889759] __kmalloc_cache_noprof+0x184/0x410 [ 22.890141] kmalloc_oob_memset_2+0xad/0x330 [ 22.890605] kunit_try_run_case+0x1b3/0x490 [ 22.892403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.892790] kthread+0x257/0x310 [ 22.893422] ret_from_fork+0x41/0x80 [ 22.893818] ret_from_fork_asm+0x1a/0x30 [ 22.894148] [ 22.894393] The buggy address belongs to the object at ffff88810298be00 [ 22.894393] which belongs to the cache kmalloc-128 of size 128 [ 22.895532] The buggy address is located 119 bytes inside of [ 22.895532] allocated 120-byte region [ffff88810298be00, ffff88810298be78) [ 22.897027] [ 22.897674] The buggy address belongs to the physical page: [ 22.898240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298b [ 22.899693] flags: 0x200000000000000(node=0|zone=2) [ 22.900113] page_type: f5(slab) [ 22.900547] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.901750] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.902459] page dumped because: kasan: bad access detected [ 22.902994] [ 22.903183] Memory state around the buggy address: [ 22.903655] ffff88810298bd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 22.905187] ffff88810298bd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.905684] >ffff88810298be00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.905985] ^ [ 22.906281] ffff88810298be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.907406] ffff88810298bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.908785] ================================================================== [ 23.028845] ================================================================== [ 23.029807] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x167/0x330 [ 23.030579] Write of size 16 at addr ffff88810298f469 by task kunit_try_catch/186 [ 23.031432] [ 23.031637] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 23.033293] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.034026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.035322] Call Trace: [ 23.036002] <TASK> [ 23.036514] dump_stack_lvl+0x73/0xb0 [ 23.036961] print_report+0xd1/0x640 [ 23.037382] ? __virt_addr_valid+0x1db/0x2d0 [ 23.038012] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.038551] kasan_report+0x102/0x140 [ 23.038988] ? kmalloc_oob_memset_16+0x167/0x330 [ 23.039533] ? kmalloc_oob_memset_16+0x167/0x330 [ 23.040080] kasan_check_range+0x10c/0x1c0 [ 23.040503] __asan_memset+0x27/0x50 [ 23.040987] kmalloc_oob_memset_16+0x167/0x330 [ 23.041362] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 23.042122] ? __schedule+0xc3e/0x2790 [ 23.042720] ? __pfx_read_tsc+0x10/0x10 [ 23.043106] ? ktime_get_ts64+0x86/0x230 [ 23.043620] kunit_try_run_case+0x1b3/0x490 [ 23.044171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.044701] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 23.045230] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.045947] ? __kthread_parkme+0x82/0x160 [ 23.046255] ? preempt_count_sub+0x50/0x80 [ 23.046851] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.047624] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.048261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.048948] kthread+0x257/0x310 [ 23.049284] ? __pfx_kthread+0x10/0x10 [ 23.049781] ret_from_fork+0x41/0x80 [ 23.050388] ? __pfx_kthread+0x10/0x10 [ 23.050733] ret_from_fork_asm+0x1a/0x30 [ 23.051298] </TASK> [ 23.051497] [ 23.051802] Allocated by task 186: [ 23.052305] kasan_save_stack+0x3d/0x60 [ 23.052685] kasan_save_track+0x18/0x40 [ 23.053166] kasan_save_alloc_info+0x3b/0x50 [ 23.053921] __kasan_kmalloc+0xb7/0xc0 [ 23.054197] __kmalloc_cache_noprof+0x184/0x410 [ 23.054790] kmalloc_oob_memset_16+0xad/0x330 [ 23.055261] kunit_try_run_case+0x1b3/0x490 [ 23.055862] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.056405] kthread+0x257/0x310 [ 23.056805] ret_from_fork+0x41/0x80 [ 23.057185] ret_from_fork_asm+0x1a/0x30 [ 23.057671] [ 23.057839] The buggy address belongs to the object at ffff88810298f400 [ 23.057839] which belongs to the cache kmalloc-128 of size 128 [ 23.058930] The buggy address is located 105 bytes inside of [ 23.058930] allocated 120-byte region [ffff88810298f400, ffff88810298f478) [ 23.060211] [ 23.060472] The buggy address belongs to the physical page: [ 23.061581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10298f [ 23.062880] flags: 0x200000000000000(node=0|zone=2) [ 23.063762] page_type: f5(slab) [ 23.064158] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.065151] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.066080] page dumped because: kasan: bad access detected [ 23.066855] [ 23.067146] Memory state around the buggy address: [ 23.068113] ffff88810298f300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 23.068727] ffff88810298f380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.069526] >ffff88810298f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.070233] ^ [ 23.071039] ffff88810298f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.072324] ffff88810298f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.072931] ==================================================================