Date
Dec. 9, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 23.014117] ================================================================== [ 23.015596] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 23.016787] Read of size 1 at addr fff00000c636113f by task kunit_try_catch/126 [ 23.017559] [ 23.018089] CPU: 1 UID: 0 PID: 126 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 23.019378] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.020090] Hardware name: linux,dummy-virt (DT) [ 23.020621] Call trace: [ 23.021075] show_stack+0x20/0x38 (C) [ 23.021602] dump_stack_lvl+0x8c/0xd0 [ 23.022146] print_report+0x118/0x5e0 [ 23.022775] kasan_report+0xc8/0x118 [ 23.023727] __asan_report_load1_noabort+0x20/0x30 [ 23.024347] kmalloc_oob_left+0x2ec/0x320 [ 23.024911] kunit_try_run_case+0x14c/0x3d0 [ 23.025545] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.026254] kthread+0x24c/0x2d0 [ 23.026768] ret_from_fork+0x10/0x20 [ 23.027283] [ 23.027572] Allocated by task 1: [ 23.028251] kasan_save_stack+0x3c/0x68 [ 23.028730] kasan_save_track+0x20/0x40 [ 23.029280] kasan_save_alloc_info+0x40/0x58 [ 23.029893] __kasan_kmalloc+0xd4/0xd8 [ 23.030415] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 23.031506] kvasprintf+0xcc/0x170 [ 23.031973] kasprintf+0xa8/0xe8 [ 23.032422] input_devnode+0x84/0xb8 [ 23.033021] device_get_devnode+0x114/0x258 [ 23.033578] dev_uevent+0x334/0x5b8 [ 23.034118] kobject_uevent_env+0x424/0xc98 [ 23.034649] kobject_uevent+0x14/0x20 [ 23.035342] device_add+0xc00/0x12b8 [ 23.035855] cdev_device_add+0xdc/0x208 [ 23.036453] evdev_connect+0x2e0/0x410 [ 23.037079] input_attach_handler.isra.0+0xec/0x1d8 [ 23.037788] input_register_device+0x48c/0x9d8 [ 23.038351] gpio_keys_probe+0xabc/0x1ec8 [ 23.039079] platform_probe+0xcc/0x198 [ 23.039628] really_probe+0x188/0x7f0 [ 23.040163] __driver_probe_device+0x164/0x378 [ 23.040759] driver_probe_device+0x64/0x180 [ 23.041456] __driver_attach+0x1cc/0x478 [ 23.042034] bus_for_each_dev+0x104/0x198 [ 23.042568] driver_attach+0x44/0x68 [ 23.043047] bus_add_driver+0x23c/0x4e8 [ 23.043882] driver_register+0xf8/0x3d0 [ 23.044448] __platform_driver_register+0x64/0x98 [ 23.045126] gpio_keys_init+0x24/0x38 [ 23.045609] do_one_initcall+0xcc/0x628 [ 23.046253] kernel_init_freeable+0x3e0/0x8b0 [ 23.046871] kernel_init+0x2c/0x1f8 [ 23.047527] ret_from_fork+0x10/0x20 [ 23.048043] [ 23.048416] Freed by task 1: [ 23.048912] kasan_save_stack+0x3c/0x68 [ 23.049467] kasan_save_track+0x20/0x40 [ 23.049999] kasan_save_free_info+0x4c/0x78 [ 23.050589] __kasan_slab_free+0x6c/0x98 [ 23.051649] kfree+0x114/0x3c8 [ 23.052198] dev_uevent+0x368/0x5b8 [ 23.052756] kobject_uevent_env+0x424/0xc98 [ 23.053321] kobject_uevent+0x14/0x20 [ 23.053831] device_add+0xc00/0x12b8 [ 23.054361] cdev_device_add+0xdc/0x208 [ 23.055334] evdev_connect+0x2e0/0x410 [ 23.055967] input_attach_handler.isra.0+0xec/0x1d8 [ 23.056560] input_register_device+0x48c/0x9d8 [ 23.057262] gpio_keys_probe+0xabc/0x1ec8 [ 23.057805] platform_probe+0xcc/0x198 [ 23.058323] really_probe+0x188/0x7f0 [ 23.058820] __driver_probe_device+0x164/0x378 [ 23.059419] driver_probe_device+0x64/0x180 [ 23.060220] __driver_attach+0x1cc/0x478 [ 23.060865] bus_for_each_dev+0x104/0x198 [ 23.061378] driver_attach+0x44/0x68 [ 23.061956] bus_add_driver+0x23c/0x4e8 [ 23.062518] driver_register+0xf8/0x3d0 [ 23.062998] __platform_driver_register+0x64/0x98 [ 23.063759] gpio_keys_init+0x24/0x38 [ 23.064537] do_one_initcall+0xcc/0x628 [ 23.065040] kernel_init_freeable+0x3e0/0x8b0 [ 23.065611] kernel_init+0x2c/0x1f8 [ 23.066133] ret_from_fork+0x10/0x20 [ 23.066725] [ 23.067257] The buggy address belongs to the object at fff00000c6361120 [ 23.067257] which belongs to the cache kmalloc-16 of size 16 [ 23.068479] The buggy address is located 15 bytes to the right of [ 23.068479] allocated 16-byte region [fff00000c6361120, fff00000c6361130) [ 23.069756] [ 23.070096] The buggy address belongs to the physical page: [ 23.070681] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106361 [ 23.071691] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.072816] page_type: f5(slab) [ 23.073275] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 23.074120] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 23.075293] page dumped because: kasan: bad access detected [ 23.076028] [ 23.076348] Memory state around the buggy address: [ 23.076998] fff00000c6361000: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 23.077765] fff00000c6361080: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 23.078492] >fff00000c6361100: fa fb fc fc fa fb fc fc 00 07 fc fc fc fc fc fc [ 23.079509] ^ [ 23.080116] fff00000c6361180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.081030] fff00000c6361200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.081948] ==================================================================
[ 22.554586] ================================================================== [ 22.555971] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x363/0x3c0 [ 22.557022] Read of size 1 at addr ffff88810109471f by task kunit_try_catch/145 [ 22.559073] [ 22.559269] CPU: 1 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 22.561980] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.562871] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.563762] Call Trace: [ 22.564627] <TASK> [ 22.565072] dump_stack_lvl+0x73/0xb0 [ 22.566283] print_report+0xd1/0x640 [ 22.566985] ? __virt_addr_valid+0x1db/0x2d0 [ 22.567329] ? kasan_complete_mode_report_info+0x64/0x200 [ 22.568076] kasan_report+0x102/0x140 [ 22.568673] ? kmalloc_oob_left+0x363/0x3c0 [ 22.570006] ? kmalloc_oob_left+0x363/0x3c0 [ 22.570588] __asan_report_load1_noabort+0x18/0x20 [ 22.571043] kmalloc_oob_left+0x363/0x3c0 [ 22.571785] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 22.572202] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 22.572971] kunit_try_run_case+0x1b3/0x490 [ 22.574012] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.574981] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 22.575504] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.576626] ? __kthread_parkme+0x82/0x160 [ 22.577267] ? preempt_count_sub+0x50/0x80 [ 22.578253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.578539] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.578805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.580474] kthread+0x257/0x310 [ 22.580974] ? __pfx_kthread+0x10/0x10 [ 22.582329] ret_from_fork+0x41/0x80 [ 22.583375] ? __pfx_kthread+0x10/0x10 [ 22.583836] ret_from_fork_asm+0x1a/0x30 [ 22.584525] </TASK> [ 22.584774] [ 22.585019] Allocated by task 43: [ 22.586011] kasan_save_stack+0x3d/0x60 [ 22.587059] kasan_save_track+0x18/0x40 [ 22.588027] kasan_save_alloc_info+0x3b/0x50 [ 22.588429] __kasan_kmalloc+0xb7/0xc0 [ 22.588846] __kmalloc_node_track_caller_noprof+0x1c6/0x500 [ 22.589700] kvasprintf+0xc6/0x150 [ 22.590442] kasprintf+0xb3/0xe0 [ 22.590695] input_devnode+0x46/0x80 [ 22.591158] device_get_devnode+0x145/0x2a0 [ 22.592161] dev_uevent+0x38d/0x680 [ 22.592530] kobject_uevent_env+0x50d/0xff0 [ 22.593707] kobject_uevent+0xf/0x20 [ 22.594134] device_add+0xe49/0x1820 [ 22.594840] cdev_device_add+0xab/0x1c0 [ 22.595277] evdev_connect+0x356/0x480 [ 22.595676] input_attach_handler.isra.0+0x117/0x1f0 [ 22.596763] input_register_device+0x724/0xe00 [ 22.597533] psmouse_connect+0x6ed/0xe30 [ 22.598566] serio_driver_probe+0x7a/0xb0 [ 22.599513] really_probe+0x1d4/0x920 [ 22.599871] __driver_probe_device+0x18f/0x3e0 [ 22.600434] driver_probe_device+0x4f/0x130 [ 22.601212] __driver_attach+0x1eb/0x4b0 [ 22.601632] bus_for_each_dev+0x112/0x1a0 [ 22.602163] driver_attach+0x41/0x60 [ 22.602547] serio_handle_event+0x254/0x940 [ 22.603502] process_one_work+0x5ee/0xf60 [ 22.603991] worker_thread+0x720/0x1300 [ 22.604867] kthread+0x257/0x310 [ 22.605552] ret_from_fork+0x41/0x80 [ 22.605837] ret_from_fork_asm+0x1a/0x30 [ 22.606587] [ 22.606829] Freed by task 43: [ 22.607201] kasan_save_stack+0x3d/0x60 [ 22.607595] kasan_save_track+0x18/0x40 [ 22.608642] kasan_save_free_info+0x3f/0x60 [ 22.608954] __kasan_slab_free+0x56/0x70 [ 22.609660] kfree+0x123/0x3f0 [ 22.610491] dev_uevent+0x3db/0x680 [ 22.611033] kobject_uevent_env+0x50d/0xff0 [ 22.611562] kobject_uevent+0xf/0x20 [ 22.612001] device_add+0xe49/0x1820 [ 22.613144] cdev_device_add+0xab/0x1c0 [ 22.613895] evdev_connect+0x356/0x480 [ 22.614660] input_attach_handler.isra.0+0x117/0x1f0 [ 22.615338] input_register_device+0x724/0xe00 [ 22.616117] psmouse_connect+0x6ed/0xe30 [ 22.617176] serio_driver_probe+0x7a/0xb0 [ 22.617615] really_probe+0x1d4/0x920 [ 22.618073] __driver_probe_device+0x18f/0x3e0 [ 22.619062] driver_probe_device+0x4f/0x130 [ 22.619635] __driver_attach+0x1eb/0x4b0 [ 22.620586] bus_for_each_dev+0x112/0x1a0 [ 22.621424] driver_attach+0x41/0x60 [ 22.621754] serio_handle_event+0x254/0x940 [ 22.622131] process_one_work+0x5ee/0xf60 [ 22.622559] worker_thread+0x720/0x1300 [ 22.622942] kthread+0x257/0x310 [ 22.623261] ret_from_fork+0x41/0x80 [ 22.624790] ret_from_fork_asm+0x1a/0x30 [ 22.625408] [ 22.625625] The buggy address belongs to the object at ffff888101094700 [ 22.625625] which belongs to the cache kmalloc-16 of size 16 [ 22.627144] The buggy address is located 15 bytes to the right of [ 22.627144] allocated 16-byte region [ffff888101094700, ffff888101094710) [ 22.629337] [ 22.629712] The buggy address belongs to the physical page: [ 22.630662] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101094 [ 22.631686] flags: 0x200000000000000(node=0|zone=2) [ 22.632278] page_type: f5(slab) [ 22.632787] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 22.634152] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 22.634812] page dumped because: kasan: bad access detected [ 22.636148] [ 22.636756] Memory state around the buggy address: [ 22.637702] ffff888101094600: fa fb fc fc fa fb fc fc fa fb fc fc 00 02 fc fc [ 22.638808] ffff888101094680: 00 02 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 22.640716] >ffff888101094700: fa fb fc fc 00 07 fc fc fc fc fc fc fc fc fc fc [ 22.641088] ^ [ 22.641889] ffff888101094780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.643198] ffff888101094800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.644312] ==================================================================