Date
Dec. 4, 2024, 3:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.720088] ================================================================== [ 30.721336] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x414/0x490 [ 30.722231] Write of size 1 at addr fff00000c66da478 by task kunit_try_catch/130 [ 30.723033] [ 30.723403] CPU: 1 UID: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 30.724608] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.725204] Hardware name: linux,dummy-virt (DT) [ 30.726136] Call trace: [ 30.726689] show_stack+0x20/0x38 (C) [ 30.727754] dump_stack_lvl+0x8c/0xd0 [ 30.728935] print_report+0x118/0x5e0 [ 30.729858] kasan_report+0xc8/0x118 [ 30.730586] __asan_report_store1_noabort+0x20/0x30 [ 30.731879] kmalloc_track_caller_oob_right+0x414/0x490 [ 30.733254] kunit_try_run_case+0x14c/0x3d0 [ 30.734111] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.734928] kthread+0x24c/0x2d0 [ 30.735285] ret_from_fork+0x10/0x20 [ 30.735579] [ 30.735866] Allocated by task 130: [ 30.736253] kasan_save_stack+0x3c/0x68 [ 30.736735] kasan_save_track+0x20/0x40 [ 30.737301] kasan_save_alloc_info+0x40/0x58 [ 30.738408] __kasan_kmalloc+0xd4/0xd8 [ 30.739107] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 30.739874] kmalloc_track_caller_oob_right+0xa8/0x490 [ 30.740582] kunit_try_run_case+0x14c/0x3d0 [ 30.741295] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.742684] kthread+0x24c/0x2d0 [ 30.743212] ret_from_fork+0x10/0x20 [ 30.743731] [ 30.744164] The buggy address belongs to the object at fff00000c66da400 [ 30.744164] which belongs to the cache kmalloc-128 of size 128 [ 30.745557] The buggy address is located 0 bytes to the right of [ 30.745557] allocated 120-byte region [fff00000c66da400, fff00000c66da478) [ 30.747838] [ 30.748251] The buggy address belongs to the physical page: [ 30.749131] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066da [ 30.750786] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.751578] page_type: f5(slab) [ 30.752080] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.752964] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.754149] page dumped because: kasan: bad access detected [ 30.754783] [ 30.755208] Memory state around the buggy address: [ 30.756242] fff00000c66da300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 30.757227] fff00000c66da380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.758642] >fff00000c66da400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.759359] ^ [ 30.760257] fff00000c66da480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.761270] fff00000c66da500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.762467] ================================================================== [ 30.765065] ================================================================== [ 30.766381] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x420/0x490 [ 30.769091] Write of size 1 at addr fff00000c66da578 by task kunit_try_catch/130 [ 30.770852] [ 30.771311] CPU: 1 UID: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 30.773746] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.774150] Hardware name: linux,dummy-virt (DT) [ 30.774489] Call trace: [ 30.774770] show_stack+0x20/0x38 (C) [ 30.775811] dump_stack_lvl+0x8c/0xd0 [ 30.777120] print_report+0x118/0x5e0 [ 30.778120] kasan_report+0xc8/0x118 [ 30.778689] __asan_report_store1_noabort+0x20/0x30 [ 30.779202] kmalloc_track_caller_oob_right+0x420/0x490 [ 30.780239] kunit_try_run_case+0x14c/0x3d0 [ 30.781298] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.782521] kthread+0x24c/0x2d0 [ 30.783084] ret_from_fork+0x10/0x20 [ 30.783672] [ 30.784050] Allocated by task 130: [ 30.784543] kasan_save_stack+0x3c/0x68 [ 30.785248] kasan_save_track+0x20/0x40 [ 30.785776] kasan_save_alloc_info+0x40/0x58 [ 30.786495] __kasan_kmalloc+0xd4/0xd8 [ 30.787052] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 30.787905] kmalloc_track_caller_oob_right+0x184/0x490 [ 30.788919] kunit_try_run_case+0x14c/0x3d0 [ 30.790018] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.790970] kthread+0x24c/0x2d0 [ 30.792392] ret_from_fork+0x10/0x20 [ 30.792935] [ 30.793283] The buggy address belongs to the object at fff00000c66da500 [ 30.793283] which belongs to the cache kmalloc-128 of size 128 [ 30.795495] The buggy address is located 0 bytes to the right of [ 30.795495] allocated 120-byte region [fff00000c66da500, fff00000c66da578) [ 30.797464] [ 30.798212] The buggy address belongs to the physical page: [ 30.799004] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1066da [ 30.800112] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.800913] page_type: f5(slab) [ 30.801868] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.803129] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.803947] page dumped because: kasan: bad access detected [ 30.804735] [ 30.805043] Memory state around the buggy address: [ 30.805571] fff00000c66da400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.807693] fff00000c66da480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.808490] >fff00000c66da500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.809487] ^ [ 30.810494] fff00000c66da580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.811536] fff00000c66da600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.812617] ==================================================================
[ 21.399108] ================================================================== [ 21.400071] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4ca/0x530 [ 21.401674] Write of size 1 at addr ffff888101ae3878 by task kunit_try_catch/150 [ 21.402426] [ 21.402783] CPU: 0 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 21.404139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.404978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.406242] Call Trace: [ 21.406757] <TASK> [ 21.406968] dump_stack_lvl+0x73/0xb0 [ 21.408051] print_report+0xd1/0x640 [ 21.408540] ? __virt_addr_valid+0x1db/0x2d0 [ 21.409301] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.409702] kasan_report+0x102/0x140 [ 21.410491] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 21.411082] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 21.412035] __asan_report_store1_noabort+0x1b/0x30 [ 21.413096] kmalloc_track_caller_oob_right+0x4ca/0x530 [ 21.413784] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 21.414352] ? __schedule+0xc3e/0x2790 [ 21.415037] ? __pfx_read_tsc+0x10/0x10 [ 21.415552] ? ktime_get_ts64+0x86/0x230 [ 21.416354] kunit_try_run_case+0x1b3/0x490 [ 21.417062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.417918] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 21.418509] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.418985] ? __kthread_parkme+0x82/0x160 [ 21.419529] ? preempt_count_sub+0x50/0x80 [ 21.419973] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.420478] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.421602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.422429] kthread+0x257/0x310 [ 21.422798] ? __pfx_kthread+0x10/0x10 [ 21.423265] ret_from_fork+0x41/0x80 [ 21.423628] ? __pfx_kthread+0x10/0x10 [ 21.424543] ret_from_fork_asm+0x1a/0x30 [ 21.424968] </TASK> [ 21.425497] [ 21.425797] Allocated by task 150: [ 21.426146] kasan_save_stack+0x3d/0x60 [ 21.426438] kasan_save_track+0x18/0x40 [ 21.427305] kasan_save_alloc_info+0x3b/0x50 [ 21.427951] __kasan_kmalloc+0xb7/0xc0 [ 21.428288] __kmalloc_node_track_caller_noprof+0x1c6/0x500 [ 21.428902] kmalloc_track_caller_oob_right+0x9a/0x530 [ 21.430120] kunit_try_run_case+0x1b3/0x490 [ 21.431046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.431682] kthread+0x257/0x310 [ 21.432992] ret_from_fork+0x41/0x80 [ 21.433461] ret_from_fork_asm+0x1a/0x30 [ 21.433981] [ 21.434186] The buggy address belongs to the object at ffff888101ae3800 [ 21.434186] which belongs to the cache kmalloc-128 of size 128 [ 21.436688] The buggy address is located 0 bytes to the right of [ 21.436688] allocated 120-byte region [ffff888101ae3800, ffff888101ae3878) [ 21.438373] [ 21.438564] The buggy address belongs to the physical page: [ 21.439045] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ae3 [ 21.440496] flags: 0x200000000000000(node=0|zone=2) [ 21.441048] page_type: f5(slab) [ 21.441702] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.442933] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.443512] page dumped because: kasan: bad access detected [ 21.444657] [ 21.444956] Memory state around the buggy address: [ 21.445796] ffff888101ae3700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 21.446380] ffff888101ae3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.447461] >ffff888101ae3800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.448592] ^ [ 21.449952] ffff888101ae3880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.450680] ffff888101ae3900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.451293] ================================================================== [ 21.453901] ================================================================== [ 21.456002] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b3/0x530 [ 21.457454] Write of size 1 at addr ffff888101ae3978 by task kunit_try_catch/150 [ 21.458392] [ 21.458676] CPU: 0 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241204 #1 [ 21.459814] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.460214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.460878] Call Trace: [ 21.461207] <TASK> [ 21.461507] dump_stack_lvl+0x73/0xb0 [ 21.461914] print_report+0xd1/0x640 [ 21.463003] ? __virt_addr_valid+0x1db/0x2d0 [ 21.463556] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.464105] kasan_report+0x102/0x140 [ 21.464598] ? kmalloc_track_caller_oob_right+0x4b3/0x530 [ 21.465120] ? kmalloc_track_caller_oob_right+0x4b3/0x530 [ 21.465779] __asan_report_store1_noabort+0x1b/0x30 [ 21.466813] kmalloc_track_caller_oob_right+0x4b3/0x530 [ 21.467337] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 21.467934] ? __schedule+0xc3e/0x2790 [ 21.468345] ? __pfx_read_tsc+0x10/0x10 [ 21.468804] ? ktime_get_ts64+0x86/0x230 [ 21.469102] kunit_try_run_case+0x1b3/0x490 [ 21.470470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.470932] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 21.472048] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.472432] ? __kthread_parkme+0x82/0x160 [ 21.473465] ? preempt_count_sub+0x50/0x80 [ 21.473998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.475101] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.476511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.477590] kthread+0x257/0x310 [ 21.477977] ? __pfx_kthread+0x10/0x10 [ 21.478957] ret_from_fork+0x41/0x80 [ 21.479249] ? __pfx_kthread+0x10/0x10 [ 21.480671] ret_from_fork_asm+0x1a/0x30 [ 21.481127] </TASK> [ 21.481624] [ 21.481900] Allocated by task 150: [ 21.482770] kasan_save_stack+0x3d/0x60 [ 21.483133] kasan_save_track+0x18/0x40 [ 21.483647] kasan_save_alloc_info+0x3b/0x50 [ 21.483982] __kasan_kmalloc+0xb7/0xc0 [ 21.484819] __kmalloc_node_track_caller_noprof+0x1c6/0x500 [ 21.485666] kmalloc_track_caller_oob_right+0x19b/0x530 [ 21.486290] kunit_try_run_case+0x1b3/0x490 [ 21.486864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.487301] kthread+0x257/0x310 [ 21.487817] ret_from_fork+0x41/0x80 [ 21.488995] ret_from_fork_asm+0x1a/0x30 [ 21.489526] [ 21.489717] The buggy address belongs to the object at ffff888101ae3900 [ 21.489717] which belongs to the cache kmalloc-128 of size 128 [ 21.491360] The buggy address is located 0 bytes to the right of [ 21.491360] allocated 120-byte region [ffff888101ae3900, ffff888101ae3978) [ 21.492802] [ 21.493030] The buggy address belongs to the physical page: [ 21.494027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ae3 [ 21.494944] flags: 0x200000000000000(node=0|zone=2) [ 21.496021] page_type: f5(slab) [ 21.496470] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 21.496932] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.497969] page dumped because: kasan: bad access detected [ 21.498994] [ 21.499584] Memory state around the buggy address: [ 21.499995] ffff888101ae3800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.500594] ffff888101ae3880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.501642] >ffff888101ae3900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.502635] ^ [ 21.503802] ffff888101ae3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.504707] ffff888101ae3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.505063] ==================================================================