Date
Dec. 5, 2024, 2:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 30.286211] ================================================================== [ 30.287411] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 30.288164] Write of size 16 at addr fff00000c63de269 by task kunit_try_catch/167 [ 30.290169] [ 30.290550] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 30.291712] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.292344] Hardware name: linux,dummy-virt (DT) [ 30.292933] Call trace: [ 30.293297] show_stack+0x20/0x38 (C) [ 30.293904] dump_stack_lvl+0x8c/0xd0 [ 30.294448] print_report+0x118/0x5e0 [ 30.295121] kasan_report+0xc8/0x118 [ 30.295648] kasan_check_range+0x100/0x1a8 [ 30.296300] __asan_memset+0x34/0x78 [ 30.296896] kmalloc_oob_memset_16+0x150/0x2f8 [ 30.297497] kunit_try_run_case+0x14c/0x3d0 [ 30.298148] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.298998] kthread+0x24c/0x2d0 [ 30.299516] ret_from_fork+0x10/0x20 [ 30.300097] [ 30.300490] Allocated by task 167: [ 30.301021] kasan_save_stack+0x3c/0x68 [ 30.301593] kasan_save_track+0x20/0x40 [ 30.302231] kasan_save_alloc_info+0x40/0x58 [ 30.302866] __kasan_kmalloc+0xd4/0xd8 [ 30.303402] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.304052] kmalloc_oob_memset_16+0xb0/0x2f8 [ 30.304642] kunit_try_run_case+0x14c/0x3d0 [ 30.305306] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.306017] kthread+0x24c/0x2d0 [ 30.306619] ret_from_fork+0x10/0x20 [ 30.307080] [ 30.307487] The buggy address belongs to the object at fff00000c63de200 [ 30.307487] which belongs to the cache kmalloc-128 of size 128 [ 30.308953] The buggy address is located 105 bytes inside of [ 30.308953] allocated 120-byte region [fff00000c63de200, fff00000c63de278) [ 30.310352] [ 30.310657] The buggy address belongs to the physical page: [ 30.311363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063de [ 30.312293] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.313168] page_type: f5(slab) [ 30.313710] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.314680] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.315638] page dumped because: kasan: bad access detected [ 30.316374] [ 30.316678] Memory state around the buggy address: [ 30.317363] fff00000c63de100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.318175] fff00000c63de180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.319048] >fff00000c63de200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.319830] ^ [ 30.320643] fff00000c63de280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.321525] fff00000c63de300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.322415] ================================================================== [ 30.138478] ================================================================== [ 30.139720] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 30.140921] Write of size 2 at addr fff00000c63c0e77 by task kunit_try_catch/161 [ 30.141793] [ 30.142181] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 30.143905] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.144417] Hardware name: linux,dummy-virt (DT) [ 30.145018] Call trace: [ 30.145410] show_stack+0x20/0x38 (C) [ 30.145999] dump_stack_lvl+0x8c/0xd0 [ 30.146732] print_report+0x118/0x5e0 [ 30.147446] kasan_report+0xc8/0x118 [ 30.148079] kasan_check_range+0x100/0x1a8 [ 30.148607] __asan_memset+0x34/0x78 [ 30.149290] kmalloc_oob_memset_2+0x150/0x2f8 [ 30.149934] kunit_try_run_case+0x14c/0x3d0 [ 30.150559] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.151360] kthread+0x24c/0x2d0 [ 30.152080] ret_from_fork+0x10/0x20 [ 30.152555] [ 30.152929] Allocated by task 161: [ 30.153613] kasan_save_stack+0x3c/0x68 [ 30.154153] kasan_save_track+0x20/0x40 [ 30.154818] kasan_save_alloc_info+0x40/0x58 [ 30.156246] __kasan_kmalloc+0xd4/0xd8 [ 30.156981] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.157506] kmalloc_oob_memset_2+0xb0/0x2f8 [ 30.158105] kunit_try_run_case+0x14c/0x3d0 [ 30.158623] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.159443] kthread+0x24c/0x2d0 [ 30.159860] ret_from_fork+0x10/0x20 [ 30.160518] [ 30.160811] The buggy address belongs to the object at fff00000c63c0e00 [ 30.160811] which belongs to the cache kmalloc-128 of size 128 [ 30.162585] The buggy address is located 119 bytes inside of [ 30.162585] allocated 120-byte region [fff00000c63c0e00, fff00000c63c0e78) [ 30.164322] [ 30.164579] The buggy address belongs to the physical page: [ 30.165410] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063c0 [ 30.166508] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.167378] page_type: f5(slab) [ 30.168410] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.169332] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.170213] page dumped because: kasan: bad access detected [ 30.170945] [ 30.171275] Memory state around the buggy address: [ 30.171837] fff00000c63c0d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 30.172858] fff00000c63c0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.173808] >fff00000c63c0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.174638] ^ [ 30.175796] fff00000c63c0e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.176708] fff00000c63c0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.177549] ================================================================== [ 30.240339] ================================================================== [ 30.241485] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 30.242273] Write of size 8 at addr fff00000c63de171 by task kunit_try_catch/165 [ 30.243103] [ 30.243520] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 30.244778] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.245502] Hardware name: linux,dummy-virt (DT) [ 30.246627] Call trace: [ 30.247058] show_stack+0x20/0x38 (C) [ 30.248105] dump_stack_lvl+0x8c/0xd0 [ 30.248901] print_report+0x118/0x5e0 [ 30.249601] kasan_report+0xc8/0x118 [ 30.250188] kasan_check_range+0x100/0x1a8 [ 30.250911] __asan_memset+0x34/0x78 [ 30.251603] kmalloc_oob_memset_8+0x150/0x2f8 [ 30.252282] kunit_try_run_case+0x14c/0x3d0 [ 30.252820] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.253595] kthread+0x24c/0x2d0 [ 30.254164] ret_from_fork+0x10/0x20 [ 30.254739] [ 30.255116] Allocated by task 165: [ 30.255658] kasan_save_stack+0x3c/0x68 [ 30.256216] kasan_save_track+0x20/0x40 [ 30.256783] kasan_save_alloc_info+0x40/0x58 [ 30.257553] __kasan_kmalloc+0xd4/0xd8 [ 30.258195] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.259051] kmalloc_oob_memset_8+0xb0/0x2f8 [ 30.259618] kunit_try_run_case+0x14c/0x3d0 [ 30.260308] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.261058] kthread+0x24c/0x2d0 [ 30.261629] ret_from_fork+0x10/0x20 [ 30.262152] [ 30.262580] The buggy address belongs to the object at fff00000c63de100 [ 30.262580] which belongs to the cache kmalloc-128 of size 128 [ 30.264075] The buggy address is located 113 bytes inside of [ 30.264075] allocated 120-byte region [fff00000c63de100, fff00000c63de178) [ 30.265458] [ 30.265867] The buggy address belongs to the physical page: [ 30.266549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063de [ 30.267598] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.268418] page_type: f5(slab) [ 30.268854] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.269895] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.270792] page dumped because: kasan: bad access detected [ 30.271455] [ 30.271769] Memory state around the buggy address: [ 30.272456] fff00000c63de000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.273343] fff00000c63de080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.274170] >fff00000c63de100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.275079] ^ [ 30.275870] fff00000c63de180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.276773] fff00000c63de200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.277659] ================================================================== [ 30.189995] ================================================================== [ 30.191697] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 30.192901] Write of size 4 at addr fff00000c63de075 by task kunit_try_catch/163 [ 30.193823] [ 30.194420] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 30.195949] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.196473] Hardware name: linux,dummy-virt (DT) [ 30.197203] Call trace: [ 30.197596] show_stack+0x20/0x38 (C) [ 30.198165] dump_stack_lvl+0x8c/0xd0 [ 30.198865] print_report+0x118/0x5e0 [ 30.199495] kasan_report+0xc8/0x118 [ 30.200355] kasan_check_range+0x100/0x1a8 [ 30.201011] __asan_memset+0x34/0x78 [ 30.201675] kmalloc_oob_memset_4+0x150/0x300 [ 30.202332] kunit_try_run_case+0x14c/0x3d0 [ 30.203067] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.203799] kthread+0x24c/0x2d0 [ 30.204371] ret_from_fork+0x10/0x20 [ 30.205169] [ 30.205686] Allocated by task 163: [ 30.206221] kasan_save_stack+0x3c/0x68 [ 30.206964] kasan_save_track+0x20/0x40 [ 30.207626] kasan_save_alloc_info+0x40/0x58 [ 30.208209] __kasan_kmalloc+0xd4/0xd8 [ 30.208836] __kmalloc_cache_noprof+0x15c/0x3c0 [ 30.209943] kmalloc_oob_memset_4+0xb0/0x300 [ 30.210585] kunit_try_run_case+0x14c/0x3d0 [ 30.211205] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.211840] kthread+0x24c/0x2d0 [ 30.212619] ret_from_fork+0x10/0x20 [ 30.213066] [ 30.213420] The buggy address belongs to the object at fff00000c63de000 [ 30.213420] which belongs to the cache kmalloc-128 of size 128 [ 30.215056] The buggy address is located 117 bytes inside of [ 30.215056] allocated 120-byte region [fff00000c63de000, fff00000c63de078) [ 30.216751] [ 30.217168] The buggy address belongs to the physical page: [ 30.217817] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063de [ 30.218928] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.219972] page_type: f5(slab) [ 30.220439] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.221422] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.222384] page dumped because: kasan: bad access detected [ 30.223161] [ 30.223764] Memory state around the buggy address: [ 30.224382] fff00000c63ddf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.225257] fff00000c63ddf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.226153] >fff00000c63de000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.227023] ^ [ 30.228595] fff00000c63de080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.229463] fff00000c63de100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.230420] ==================================================================
[ 27.894496] ================================================================== [ 27.896254] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x167/0x330 [ 27.897621] Write of size 2 at addr ffff888101aaef77 by task kunit_try_catch/179 [ 27.898425] [ 27.899141] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 27.900229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.900745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.901574] Call Trace: [ 27.902348] <TASK> [ 27.902751] dump_stack_lvl+0x73/0xb0 [ 27.903241] print_report+0xd1/0x640 [ 27.903707] ? __virt_addr_valid+0x1db/0x2d0 [ 27.904542] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.905345] kasan_report+0x102/0x140 [ 27.906132] ? kmalloc_oob_memset_2+0x167/0x330 [ 27.906574] ? kmalloc_oob_memset_2+0x167/0x330 [ 27.907080] kasan_check_range+0x10c/0x1c0 [ 27.907662] __asan_memset+0x27/0x50 [ 27.908388] kmalloc_oob_memset_2+0x167/0x330 [ 27.908793] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 27.909346] ? __schedule+0xc70/0x27e0 [ 27.910134] ? __pfx_read_tsc+0x10/0x10 [ 27.910508] ? ktime_get_ts64+0x86/0x230 [ 27.910888] kunit_try_run_case+0x1b3/0x490 [ 27.911246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.911810] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.912787] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.913779] ? __kthread_parkme+0x82/0x160 [ 27.914185] ? preempt_count_sub+0x50/0x80 [ 27.914612] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.915529] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.915968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.917152] kthread+0x257/0x310 [ 27.917486] ? __pfx_kthread+0x10/0x10 [ 27.918076] ret_from_fork+0x41/0x80 [ 27.918577] ? __pfx_kthread+0x10/0x10 [ 27.919038] ret_from_fork_asm+0x1a/0x30 [ 27.919621] </TASK> [ 27.919916] [ 27.920739] Allocated by task 179: [ 27.921610] kasan_save_stack+0x3d/0x60 [ 27.922166] kasan_save_track+0x18/0x40 [ 27.922826] kasan_save_alloc_info+0x3b/0x50 [ 27.923526] __kasan_kmalloc+0xb7/0xc0 [ 27.924383] __kmalloc_cache_noprof+0x184/0x410 [ 27.925467] kmalloc_oob_memset_2+0xad/0x330 [ 27.925898] kunit_try_run_case+0x1b3/0x490 [ 27.926488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.927497] kthread+0x257/0x310 [ 27.927754] ret_from_fork+0x41/0x80 [ 27.928512] ret_from_fork_asm+0x1a/0x30 [ 27.929450] [ 27.929631] The buggy address belongs to the object at ffff888101aaef00 [ 27.929631] which belongs to the cache kmalloc-128 of size 128 [ 27.931209] The buggy address is located 119 bytes inside of [ 27.931209] allocated 120-byte region [ffff888101aaef00, ffff888101aaef78) [ 27.932818] [ 27.933281] The buggy address belongs to the physical page: [ 27.933775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101aae [ 27.935082] flags: 0x200000000000000(node=0|zone=2) [ 27.935786] page_type: f5(slab) [ 27.936456] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.937718] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.938474] page dumped because: kasan: bad access detected [ 27.938917] [ 27.939370] Memory state around the buggy address: [ 27.940388] ffff888101aaee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.941464] ffff888101aaee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.942300] >ffff888101aaef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.942574] ^ [ 27.942956] ffff888101aaef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.943737] ffff888101aaf000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.944528] ================================================================== [ 27.950487] ================================================================== [ 27.951578] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x167/0x330 [ 27.952246] Write of size 4 at addr ffff888101ab2175 by task kunit_try_catch/181 [ 27.953215] [ 27.953404] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 27.956125] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.956654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.957618] Call Trace: [ 27.958243] <TASK> [ 27.958468] dump_stack_lvl+0x73/0xb0 [ 27.959279] print_report+0xd1/0x640 [ 27.959963] ? __virt_addr_valid+0x1db/0x2d0 [ 27.960773] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.961877] kasan_report+0x102/0x140 [ 27.962476] ? kmalloc_oob_memset_4+0x167/0x330 [ 27.963295] ? kmalloc_oob_memset_4+0x167/0x330 [ 27.963517] kasan_check_range+0x10c/0x1c0 [ 27.963756] __asan_memset+0x27/0x50 [ 27.964734] kmalloc_oob_memset_4+0x167/0x330 [ 27.965536] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 27.966364] ? __schedule+0xc70/0x27e0 [ 27.966899] ? __pfx_read_tsc+0x10/0x10 [ 27.967507] ? ktime_get_ts64+0x86/0x230 [ 27.968096] kunit_try_run_case+0x1b3/0x490 [ 27.968559] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.969303] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.969701] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.970196] ? __kthread_parkme+0x82/0x160 [ 27.970668] ? preempt_count_sub+0x50/0x80 [ 27.971494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.972215] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.972914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.973512] kthread+0x257/0x310 [ 27.973889] ? __pfx_kthread+0x10/0x10 [ 27.974606] ret_from_fork+0x41/0x80 [ 27.975233] ? __pfx_kthread+0x10/0x10 [ 27.975733] ret_from_fork_asm+0x1a/0x30 [ 27.976157] </TASK> [ 27.976391] [ 27.976559] Allocated by task 181: [ 27.976940] kasan_save_stack+0x3d/0x60 [ 27.977419] kasan_save_track+0x18/0x40 [ 27.977961] kasan_save_alloc_info+0x3b/0x50 [ 27.978607] __kasan_kmalloc+0xb7/0xc0 [ 27.979150] __kmalloc_cache_noprof+0x184/0x410 [ 27.979724] kmalloc_oob_memset_4+0xad/0x330 [ 27.980357] kunit_try_run_case+0x1b3/0x490 [ 27.980832] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.981936] kthread+0x257/0x310 [ 27.982746] ret_from_fork+0x41/0x80 [ 27.983562] ret_from_fork_asm+0x1a/0x30 [ 27.983926] [ 27.984184] The buggy address belongs to the object at ffff888101ab2100 [ 27.984184] which belongs to the cache kmalloc-128 of size 128 [ 27.985127] The buggy address is located 117 bytes inside of [ 27.985127] allocated 120-byte region [ffff888101ab2100, ffff888101ab2178) [ 27.986213] [ 27.986813] The buggy address belongs to the physical page: [ 27.987314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101ab2 [ 27.988407] flags: 0x200000000000000(node=0|zone=2) [ 27.988838] page_type: f5(slab) [ 27.989504] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 27.990622] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 27.991838] page dumped because: kasan: bad access detected [ 27.992343] [ 27.992731] Memory state around the buggy address: [ 27.993429] ffff888101ab2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 27.994820] ffff888101ab2080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.995791] >ffff888101ab2100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.996713] ^ [ 27.998469] ffff888101ab2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.999985] ffff888101ab2200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.001266] ================================================================== [ 28.007640] ================================================================== [ 28.009151] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x167/0x330 [ 28.010399] Write of size 8 at addr ffff8881029fe571 by task kunit_try_catch/183 [ 28.011744] [ 28.012268] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 28.013912] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.014761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.016082] Call Trace: [ 28.016628] <TASK> [ 28.017091] dump_stack_lvl+0x73/0xb0 [ 28.017455] print_report+0xd1/0x640 [ 28.017834] ? __virt_addr_valid+0x1db/0x2d0 [ 28.019014] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.019677] kasan_report+0x102/0x140 [ 28.020167] ? kmalloc_oob_memset_8+0x167/0x330 [ 28.020597] ? kmalloc_oob_memset_8+0x167/0x330 [ 28.021258] kasan_check_range+0x10c/0x1c0 [ 28.021601] __asan_memset+0x27/0x50 [ 28.021895] kmalloc_oob_memset_8+0x167/0x330 [ 28.022509] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 28.023264] ? __schedule+0xc70/0x27e0 [ 28.024489] ? __pfx_read_tsc+0x10/0x10 [ 28.025147] ? ktime_get_ts64+0x86/0x230 [ 28.025799] kunit_try_run_case+0x1b3/0x490 [ 28.026626] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.027143] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.027755] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.028455] ? __kthread_parkme+0x82/0x160 [ 28.028929] ? preempt_count_sub+0x50/0x80 [ 28.029776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.030425] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.031301] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.032219] kthread+0x257/0x310 [ 28.032533] ? __pfx_kthread+0x10/0x10 [ 28.033184] ret_from_fork+0x41/0x80 [ 28.033883] ? __pfx_kthread+0x10/0x10 [ 28.034405] ret_from_fork_asm+0x1a/0x30 [ 28.035114] </TASK> [ 28.035622] [ 28.035914] Allocated by task 183: [ 28.036507] kasan_save_stack+0x3d/0x60 [ 28.037037] kasan_save_track+0x18/0x40 [ 28.037544] kasan_save_alloc_info+0x3b/0x50 [ 28.038144] __kasan_kmalloc+0xb7/0xc0 [ 28.038560] __kmalloc_cache_noprof+0x184/0x410 [ 28.039409] kmalloc_oob_memset_8+0xad/0x330 [ 28.040388] kunit_try_run_case+0x1b3/0x490 [ 28.041473] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.042496] kthread+0x257/0x310 [ 28.043161] ret_from_fork+0x41/0x80 [ 28.043583] ret_from_fork_asm+0x1a/0x30 [ 28.044193] [ 28.044618] The buggy address belongs to the object at ffff8881029fe500 [ 28.044618] which belongs to the cache kmalloc-128 of size 128 [ 28.045797] The buggy address is located 113 bytes inside of [ 28.045797] allocated 120-byte region [ffff8881029fe500, ffff8881029fe578) [ 28.047253] [ 28.047619] The buggy address belongs to the physical page: [ 28.048272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fe [ 28.048988] flags: 0x200000000000000(node=0|zone=2) [ 28.049560] page_type: f5(slab) [ 28.050187] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.050907] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.051646] page dumped because: kasan: bad access detected [ 28.052329] [ 28.052640] Memory state around the buggy address: [ 28.053532] ffff8881029fe400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.054359] ffff8881029fe480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.055050] >ffff8881029fe500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.055988] ^ [ 28.056533] ffff8881029fe580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.057276] ffff8881029fe600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.058138] ================================================================== [ 28.064599] ================================================================== [ 28.065979] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x167/0x330 [ 28.066953] Write of size 16 at addr ffff8881029fe769 by task kunit_try_catch/185 [ 28.067759] [ 28.068190] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241205 #1 [ 28.068970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.069603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.070561] Call Trace: [ 28.071188] <TASK> [ 28.071886] dump_stack_lvl+0x73/0xb0 [ 28.072518] print_report+0xd1/0x640 [ 28.073101] ? __virt_addr_valid+0x1db/0x2d0 [ 28.073547] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.074289] kasan_report+0x102/0x140 [ 28.074648] ? kmalloc_oob_memset_16+0x167/0x330 [ 28.075600] ? kmalloc_oob_memset_16+0x167/0x330 [ 28.076268] kasan_check_range+0x10c/0x1c0 [ 28.076755] __asan_memset+0x27/0x50 [ 28.077377] kmalloc_oob_memset_16+0x167/0x330 [ 28.077961] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 28.078591] ? __schedule+0xc70/0x27e0 [ 28.079236] ? __pfx_read_tsc+0x10/0x10 [ 28.079803] ? ktime_get_ts64+0x86/0x230 [ 28.080274] kunit_try_run_case+0x1b3/0x490 [ 28.080849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.081252] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 28.082159] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.082640] ? __kthread_parkme+0x82/0x160 [ 28.083302] ? preempt_count_sub+0x50/0x80 [ 28.083878] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.084543] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.085437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.086117] kthread+0x257/0x310 [ 28.086359] ? __pfx_kthread+0x10/0x10 [ 28.087291] ret_from_fork+0x41/0x80 [ 28.087759] ? __pfx_kthread+0x10/0x10 [ 28.088415] ret_from_fork_asm+0x1a/0x30 [ 28.089205] </TASK> [ 28.089396] [ 28.089592] Allocated by task 185: [ 28.090169] kasan_save_stack+0x3d/0x60 [ 28.090606] kasan_save_track+0x18/0x40 [ 28.091379] kasan_save_alloc_info+0x3b/0x50 [ 28.091756] __kasan_kmalloc+0xb7/0xc0 [ 28.092265] __kmalloc_cache_noprof+0x184/0x410 [ 28.093361] kmalloc_oob_memset_16+0xad/0x330 [ 28.093747] kunit_try_run_case+0x1b3/0x490 [ 28.094504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.095312] kthread+0x257/0x310 [ 28.095647] ret_from_fork+0x41/0x80 [ 28.096750] ret_from_fork_asm+0x1a/0x30 [ 28.097096] [ 28.097375] The buggy address belongs to the object at ffff8881029fe700 [ 28.097375] which belongs to the cache kmalloc-128 of size 128 [ 28.099571] The buggy address is located 105 bytes inside of [ 28.099571] allocated 120-byte region [ffff8881029fe700, ffff8881029fe778) [ 28.100487] [ 28.100596] The buggy address belongs to the physical page: [ 28.100941] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fe [ 28.102435] flags: 0x200000000000000(node=0|zone=2) [ 28.103526] page_type: f5(slab) [ 28.103925] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 28.105012] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.105629] page dumped because: kasan: bad access detected [ 28.106516] [ 28.106836] Memory state around the buggy address: [ 28.108198] ffff8881029fe600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 28.108829] ffff8881029fe680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.109813] >ffff8881029fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.110627] ^ [ 28.111417] ffff8881029fe780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.111736] ffff8881029fe800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.112330] ==================================================================