Date
Dec. 5, 2024, 2:07 p.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 |
[ 29.090504] ================================================================== [ 29.092057] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 29.093047] Write of size 1 at addr fff00000c649200a by task kunit_try_catch/135 [ 29.094315] [ 29.094807] CPU: 0 UID: 0 PID: 135 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 29.096780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.097407] Hardware name: linux,dummy-virt (DT) [ 29.098014] Call trace: [ 29.098405] show_stack+0x20/0x38 (C) [ 29.098962] dump_stack_lvl+0x8c/0xd0 [ 29.100371] print_report+0x118/0x5e0 [ 29.101009] kasan_report+0xc8/0x118 [ 29.101715] __asan_report_store1_noabort+0x20/0x30 [ 29.102567] kmalloc_large_oob_right+0x278/0x2b8 [ 29.103477] kunit_try_run_case+0x14c/0x3d0 [ 29.104432] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.105311] kthread+0x24c/0x2d0 [ 29.105942] ret_from_fork+0x10/0x20 [ 29.106593] [ 29.107015] The buggy address belongs to the physical page: [ 29.108081] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106490 [ 29.109046] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 29.110243] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 29.111127] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.112329] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 29.113261] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 29.114227] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 29.116128] head: 0bfffe0000000002 ffffc1ffc3192401 ffffffffffffffff 0000000000000000 [ 29.117003] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 29.117836] page dumped because: kasan: bad access detected [ 29.118468] [ 29.118769] Memory state around the buggy address: [ 29.119929] fff00000c6491f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.120802] fff00000c6491f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 29.121696] >fff00000c6492000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.122574] ^ [ 29.123116] fff00000c6492080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.124406] fff00000c6492100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 29.125138] ==================================================================
[ 26.650102] ================================================================== [ 26.651460] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2eb/0x340 [ 26.652708] Write of size 1 at addr ffff8881027a600a by task kunit_try_catch/153 [ 26.653815] [ 26.654427] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 26.655733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.656911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.658405] Call Trace: [ 26.658653] <TASK> [ 26.659171] dump_stack_lvl+0x73/0xb0 [ 26.659648] print_report+0xd1/0x640 [ 26.660432] ? __virt_addr_valid+0x1db/0x2d0 [ 26.661470] ? kasan_addr_to_slab+0x11/0xa0 [ 26.661908] kasan_report+0x102/0x140 [ 26.662577] ? kmalloc_large_oob_right+0x2eb/0x340 [ 26.663412] ? kmalloc_large_oob_right+0x2eb/0x340 [ 26.664356] __asan_report_store1_noabort+0x1b/0x30 [ 26.665417] kmalloc_large_oob_right+0x2eb/0x340 [ 26.665742] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 26.666215] ? __schedule+0xc70/0x27e0 [ 26.666736] ? __pfx_read_tsc+0x10/0x10 [ 26.667585] ? ktime_get_ts64+0x86/0x230 [ 26.668511] kunit_try_run_case+0x1b3/0x490 [ 26.669604] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.670201] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 26.670914] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 26.671641] ? __kthread_parkme+0x82/0x160 [ 26.672198] ? preempt_count_sub+0x50/0x80 [ 26.673187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 26.673808] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 26.674722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.675155] kthread+0x257/0x310 [ 26.676129] ? __pfx_kthread+0x10/0x10 [ 26.676552] ret_from_fork+0x41/0x80 [ 26.677737] ? __pfx_kthread+0x10/0x10 [ 26.678232] ret_from_fork_asm+0x1a/0x30 [ 26.678445] </TASK> [ 26.678571] [ 26.678733] The buggy address belongs to the physical page: [ 26.679076] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a4 [ 26.680512] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.681250] flags: 0x200000000000040(head|node=0|zone=2) [ 26.681707] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.682511] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.683591] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 26.684395] head: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.685253] head: 0200000000000002 ffffea000409e901 ffffffffffffffff 0000000000000000 [ 26.686189] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 26.686776] page dumped because: kasan: bad access detected [ 26.687506] [ 26.687724] Memory state around the buggy address: [ 26.688220] ffff8881027a5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.689540] ffff8881027a5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.690344] >ffff8881027a6000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.691255] ^ [ 26.691538] ffff8881027a6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.692395] ffff8881027a6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 26.693023] ==================================================================