Date
Dec. 6, 2024, 3:11 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 29.983161] ================================================================== [ 29.984069] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x420/0x490 [ 29.984952] Write of size 1 at addr fff00000c69ae878 by task kunit_try_catch/131 [ 29.985774] [ 29.986097] CPU: 1 UID: 0 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 29.987540] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.988180] Hardware name: linux,dummy-virt (DT) [ 29.988816] Call trace: [ 29.989173] show_stack+0x20/0x38 (C) [ 29.989814] dump_stack_lvl+0x8c/0xd0 [ 29.990491] print_report+0x118/0x5e0 [ 29.991164] kasan_report+0xc8/0x118 [ 29.991808] __asan_report_store1_noabort+0x20/0x30 [ 29.992440] kmalloc_track_caller_oob_right+0x420/0x490 [ 29.993286] kunit_try_run_case+0x14c/0x3d0 [ 29.993933] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.995850] kthread+0x24c/0x2d0 [ 29.996400] ret_from_fork+0x10/0x20 [ 29.996950] [ 29.997312] Allocated by task 131: [ 29.997862] kasan_save_stack+0x3c/0x68 [ 29.998476] kasan_save_track+0x20/0x40 [ 29.998997] kasan_save_alloc_info+0x40/0x58 [ 30.000069] __kasan_kmalloc+0xd4/0xd8 [ 30.000621] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 30.001410] kmalloc_track_caller_oob_right+0x184/0x490 [ 30.002021] kunit_try_run_case+0x14c/0x3d0 [ 30.003390] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.004124] kthread+0x24c/0x2d0 [ 30.004674] ret_from_fork+0x10/0x20 [ 30.005259] [ 30.005664] The buggy address belongs to the object at fff00000c69ae800 [ 30.005664] which belongs to the cache kmalloc-128 of size 128 [ 30.007164] The buggy address is located 0 bytes to the right of [ 30.007164] allocated 120-byte region [fff00000c69ae800, fff00000c69ae878) [ 30.008400] [ 30.008993] The buggy address belongs to the physical page: [ 30.009689] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069ae [ 30.011780] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.012563] page_type: f5(slab) [ 30.013046] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.013840] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.015166] page dumped because: kasan: bad access detected [ 30.015791] [ 30.016152] Memory state around the buggy address: [ 30.016837] fff00000c69ae700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.017609] fff00000c69ae780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.019329] >fff00000c69ae800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.020072] ^ [ 30.020942] fff00000c69ae880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.021689] fff00000c69ae900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.022635] ================================================================== [ 29.941836] ================================================================== [ 29.943553] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x414/0x490 [ 29.944761] Write of size 1 at addr fff00000c69ae778 by task kunit_try_catch/131 [ 29.945984] [ 29.947449] CPU: 1 UID: 0 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 29.948548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.949151] Hardware name: linux,dummy-virt (DT) [ 29.949684] Call trace: [ 29.950143] show_stack+0x20/0x38 (C) [ 29.950805] dump_stack_lvl+0x8c/0xd0 [ 29.951394] print_report+0x118/0x5e0 [ 29.952382] kasan_report+0xc8/0x118 [ 29.952974] __asan_report_store1_noabort+0x20/0x30 [ 29.953567] kmalloc_track_caller_oob_right+0x414/0x490 [ 29.954563] kunit_try_run_case+0x14c/0x3d0 [ 29.955662] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.956488] kthread+0x24c/0x2d0 [ 29.957025] ret_from_fork+0x10/0x20 [ 29.957667] [ 29.958027] Allocated by task 131: [ 29.958745] kasan_save_stack+0x3c/0x68 [ 29.959391] kasan_save_track+0x20/0x40 [ 29.960033] kasan_save_alloc_info+0x40/0x58 [ 29.960864] __kasan_kmalloc+0xd4/0xd8 [ 29.961446] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 29.962766] kmalloc_track_caller_oob_right+0xa8/0x490 [ 29.963603] kunit_try_run_case+0x14c/0x3d0 [ 29.964270] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.965082] kthread+0x24c/0x2d0 [ 29.965629] ret_from_fork+0x10/0x20 [ 29.966229] [ 29.966591] The buggy address belongs to the object at fff00000c69ae700 [ 29.966591] which belongs to the cache kmalloc-128 of size 128 [ 29.967845] The buggy address is located 0 bytes to the right of [ 29.967845] allocated 120-byte region [fff00000c69ae700, fff00000c69ae778) [ 29.969135] [ 29.969526] The buggy address belongs to the physical page: [ 29.970179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1069ae [ 29.971134] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.972151] page_type: f5(slab) [ 29.972632] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.973561] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.974564] page dumped because: kasan: bad access detected [ 29.975190] [ 29.975660] Memory state around the buggy address: [ 29.976326] fff00000c69ae600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 29.977256] fff00000c69ae680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.978060] >fff00000c69ae700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.978946] ^ [ 29.979654] fff00000c69ae780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.980607] fff00000c69ae800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.981229] ==================================================================
[ 22.073396] ================================================================== [ 22.074216] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4ca/0x530 [ 22.076022] Write of size 1 at addr ffff88810246cb78 by task kunit_try_catch/150 [ 22.076953] [ 22.077570] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc1-next-20241206 #1 [ 22.078760] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.079266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.080903] Call Trace: [ 22.081301] <TASK> [ 22.082240] dump_stack_lvl+0x73/0xb0 [ 22.083056] print_report+0xd1/0x640 [ 22.083343] ? __virt_addr_valid+0x1db/0x2d0 [ 22.084194] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.085123] kasan_report+0x102/0x140 [ 22.086233] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 22.087030] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 22.087761] __asan_report_store1_noabort+0x1b/0x30 [ 22.088373] kmalloc_track_caller_oob_right+0x4ca/0x530 [ 22.089391] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.090648] ? __schedule+0xc70/0x27e0 [ 22.092025] ? __pfx_read_tsc+0x10/0x10 [ 22.092576] ? ktime_get_ts64+0x86/0x230 [ 22.093031] kunit_try_run_case+0x1b3/0x490 [ 22.093481] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.095053] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 22.096420] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.097463] ? __kthread_parkme+0x82/0x160 [ 22.097994] ? preempt_count_sub+0x50/0x80 [ 22.099215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.099805] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.101121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.101594] kthread+0x257/0x310 [ 22.102091] ? __pfx_kthread+0x10/0x10 [ 22.103106] ret_from_fork+0x41/0x80 [ 22.103722] ? __pfx_kthread+0x10/0x10 [ 22.105410] ret_from_fork_asm+0x1a/0x30 [ 22.106291] </TASK> [ 22.107545] [ 22.107725] Allocated by task 150: [ 22.108002] kasan_save_stack+0x3d/0x60 [ 22.108604] kasan_save_track+0x18/0x40 [ 22.109953] kasan_save_alloc_info+0x3b/0x50 [ 22.110327] __kasan_kmalloc+0xb7/0xc0 [ 22.111617] __kmalloc_node_track_caller_noprof+0x1c6/0x500 [ 22.112992] kmalloc_track_caller_oob_right+0x9a/0x530 [ 22.114162] kunit_try_run_case+0x1b3/0x490 [ 22.114960] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.115773] kthread+0x257/0x310 [ 22.117173] ret_from_fork+0x41/0x80 [ 22.117797] ret_from_fork_asm+0x1a/0x30 [ 22.118171] [ 22.118550] The buggy address belongs to the object at ffff88810246cb00 [ 22.118550] which belongs to the cache kmalloc-128 of size 128 [ 22.121110] The buggy address is located 0 bytes to the right of [ 22.121110] allocated 120-byte region [ffff88810246cb00, ffff88810246cb78) [ 22.122318] [ 22.122533] The buggy address belongs to the physical page: [ 22.124950] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10246c [ 22.126497] flags: 0x200000000000000(node=0|zone=2) [ 22.128261] page_type: f5(slab) [ 22.128956] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.130370] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.131315] page dumped because: kasan: bad access detected [ 22.132986] [ 22.133232] Memory state around the buggy address: [ 22.133713] ffff88810246ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 22.134398] ffff88810246ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.136287] >ffff88810246cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.136744] ^ [ 22.137795] ffff88810246cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.139231] ffff88810246cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.140446] ==================================================================