Hay
Sign in
Date
Dec. 5, 2024, 2:07 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   30.088325] ==================================================================
[   30.089585] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0
[   30.090558] Write of size 128 at addr fff00000c63ed000 by task kunit_try_catch/159
[   30.091660] 
[   30.092919] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241205 #1
[   30.094094] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.094605] Hardware name: linux,dummy-virt (DT)
[   30.095577] Call trace:
[   30.095993]  show_stack+0x20/0x38 (C)
[   30.096542]  dump_stack_lvl+0x8c/0xd0
[   30.097127]  print_report+0x118/0x5e0
[   30.097716]  kasan_report+0xc8/0x118
[   30.098347]  kasan_check_range+0x100/0x1a8
[   30.098959]  __asan_memset+0x34/0x78
[   30.099686]  kmalloc_oob_in_memset+0x144/0x2d0
[   30.100240]  kunit_try_run_case+0x14c/0x3d0
[   30.101045]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.101758]  kthread+0x24c/0x2d0
[   30.102855]  ret_from_fork+0x10/0x20
[   30.103399] 
[   30.103770] Allocated by task 159:
[   30.104327]  kasan_save_stack+0x3c/0x68
[   30.105256]  kasan_save_track+0x20/0x40
[   30.105837]  kasan_save_alloc_info+0x40/0x58
[   30.106463]  __kasan_kmalloc+0xd4/0xd8
[   30.107093]  __kmalloc_cache_noprof+0x15c/0x3c0
[   30.107986]  kmalloc_oob_in_memset+0xb0/0x2d0
[   30.108689]  kunit_try_run_case+0x14c/0x3d0
[   30.109584]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.110480]  kthread+0x24c/0x2d0
[   30.111168]  ret_from_fork+0x10/0x20
[   30.111693] 
[   30.112008] The buggy address belongs to the object at fff00000c63ed000
[   30.112008]  which belongs to the cache kmalloc-128 of size 128
[   30.113762] The buggy address is located 0 bytes inside of
[   30.113762]  allocated 120-byte region [fff00000c63ed000, fff00000c63ed078)
[   30.115447] 
[   30.115814] The buggy address belongs to the physical page:
[   30.116502] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063ed
[   30.117948] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   30.118587] page_type: f5(slab)
[   30.119143] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   30.120110] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   30.121349] page dumped because: kasan: bad access detected
[   30.122046] 
[   30.122345] Memory state around the buggy address:
[   30.123098]  fff00000c63ecf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.124396]  fff00000c63ecf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.125174] >fff00000c63ed000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   30.125926]                                                                 ^
[   30.126821]  fff00000c63ed080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.127719]  fff00000c63ed100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.128554] ==================================================================
Metadata Full log Test run details 

[   27.841594] ==================================================================
[   27.842670] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x160/0x320
[   27.843328] Write of size 128 at addr ffff888101aaee00 by task kunit_try_catch/177
[   27.844049] 
[   27.845142] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N 6.13.0-rc1-next-20241205 #1
[   27.846121] Tainted: [B]=BAD_PAGE, [N]=TEST
[   27.846628] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.847599] Call Trace:
[   27.847965]  <TASK>
[   27.848713]  dump_stack_lvl+0x73/0xb0
[   27.849334]  print_report+0xd1/0x640
[   27.849734]  ? __virt_addr_valid+0x1db/0x2d0
[   27.850673]  ? kasan_complete_mode_report_info+0x2a/0x200
[   27.852013]  kasan_report+0x102/0x140
[   27.853128]  ? kmalloc_oob_in_memset+0x160/0x320
[   27.853616]  ? kmalloc_oob_in_memset+0x160/0x320
[   27.854674]  kasan_check_range+0x10c/0x1c0
[   27.855383]  __asan_memset+0x27/0x50
[   27.856111]  kmalloc_oob_in_memset+0x160/0x320
[   27.856553]  ? __pfx_kmalloc_oob_in_memset+0x10/0x10
[   27.857405]  ? __pfx_kmalloc_oob_in_memset+0x10/0x10
[   27.858302]  kunit_try_run_case+0x1b3/0x490
[   27.858738]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.859461]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   27.860503]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   27.861495]  ? __kthread_parkme+0x82/0x160
[   27.861909]  ? preempt_count_sub+0x50/0x80
[   27.862643]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.863426]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   27.864460]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.865325]  kthread+0x257/0x310
[   27.865866]  ? __pfx_kthread+0x10/0x10
[   27.866553]  ret_from_fork+0x41/0x80
[   27.866945]  ? __pfx_kthread+0x10/0x10
[   27.867847]  ret_from_fork_asm+0x1a/0x30
[   27.868302]  </TASK>
[   27.869051] 
[   27.869486] Allocated by task 177:
[   27.870347]  kasan_save_stack+0x3d/0x60
[   27.870993]  kasan_save_track+0x18/0x40
[   27.871613]  kasan_save_alloc_info+0x3b/0x50
[   27.872042]  __kasan_kmalloc+0xb7/0xc0
[   27.872374]  __kmalloc_cache_noprof+0x184/0x410
[   27.872966]  kmalloc_oob_in_memset+0xad/0x320
[   27.873365]  kunit_try_run_case+0x1b3/0x490
[   27.873918]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.874333]  kthread+0x257/0x310
[   27.874770]  ret_from_fork+0x41/0x80
[   27.875253]  ret_from_fork_asm+0x1a/0x30
[   27.875745] 
[   27.876081] The buggy address belongs to the object at ffff888101aaee00
[   27.876081]  which belongs to the cache kmalloc-128 of size 128
[   27.877008] The buggy address is located 0 bytes inside of
[   27.877008]  allocated 120-byte region [ffff888101aaee00, ffff888101aaee78)
[   27.878416] 
[   27.878646] The buggy address belongs to the physical page:
[   27.879059] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101aae
[   27.879919] flags: 0x200000000000000(node=0|zone=2)
[   27.880266] page_type: f5(slab)
[   27.880621] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   27.881626] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.882258] page dumped because: kasan: bad access detected
[   27.882709] 
[   27.882935] Memory state around the buggy address:
[   27.883496]  ffff888101aaed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[   27.884450]  ffff888101aaed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.885185] >ffff888101aaee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   27.885835]                                                                 ^
[   27.886527]  ffff888101aaee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.886962]  ffff888101aaef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.887579] ==================================================================
Metadata Full log Test run details