Date
Dec. 9, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 24.300837] ================================================================== [ 24.301769] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 24.302474] Write of size 4 at addr fff00000c639f875 by task kunit_try_catch/162 [ 24.303433] [ 24.303827] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 24.305167] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.305664] Hardware name: linux,dummy-virt (DT) [ 24.306275] Call trace: [ 24.307988] show_stack+0x20/0x38 (C) [ 24.308497] dump_stack_lvl+0x8c/0xd0 [ 24.309052] print_report+0x118/0x5e0 [ 24.309620] kasan_report+0xc8/0x118 [ 24.310237] kasan_check_range+0x100/0x1a8 [ 24.311220] __asan_memset+0x34/0x78 [ 24.311758] kmalloc_oob_memset_4+0x150/0x300 [ 24.312357] kunit_try_run_case+0x14c/0x3d0 [ 24.313010] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.313632] kthread+0x24c/0x2d0 [ 24.314198] ret_from_fork+0x10/0x20 [ 24.314780] [ 24.315779] Allocated by task 162: [ 24.316354] kasan_save_stack+0x3c/0x68 [ 24.317074] kasan_save_track+0x20/0x40 [ 24.317685] kasan_save_alloc_info+0x40/0x58 [ 24.318357] __kasan_kmalloc+0xd4/0xd8 [ 24.318874] __kmalloc_cache_noprof+0x15c/0x3c0 [ 24.319390] kmalloc_oob_memset_4+0xb0/0x300 [ 24.319953] kunit_try_run_case+0x14c/0x3d0 [ 24.320548] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.321369] kthread+0x24c/0x2d0 [ 24.322196] ret_from_fork+0x10/0x20 [ 24.322726] [ 24.323068] The buggy address belongs to the object at fff00000c639f800 [ 24.323068] which belongs to the cache kmalloc-128 of size 128 [ 24.325021] The buggy address is located 117 bytes inside of [ 24.325021] allocated 120-byte region [fff00000c639f800, fff00000c639f878) [ 24.326337] [ 24.326690] The buggy address belongs to the physical page: [ 24.327807] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10639f [ 24.328718] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.329482] page_type: f5(slab) [ 24.330010] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.330791] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.332246] page dumped because: kasan: bad access detected [ 24.333013] [ 24.333320] Memory state around the buggy address: [ 24.333890] fff00000c639f700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.334619] fff00000c639f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.335508] >fff00000c639f800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.336742] ^ [ 24.337420] fff00000c639f880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.338095] fff00000c639f900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.339180] ================================================================== [ 24.349716] ================================================================== [ 24.350798] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 24.352573] Write of size 8 at addr fff00000c6387b71 by task kunit_try_catch/164 [ 24.353288] [ 24.353688] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 24.354814] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.355551] Hardware name: linux,dummy-virt (DT) [ 24.356185] Call trace: [ 24.356617] show_stack+0x20/0x38 (C) [ 24.357139] dump_stack_lvl+0x8c/0xd0 [ 24.357812] print_report+0x118/0x5e0 [ 24.358455] kasan_report+0xc8/0x118 [ 24.359284] kasan_check_range+0x100/0x1a8 [ 24.360057] __asan_memset+0x34/0x78 [ 24.360632] kmalloc_oob_memset_8+0x150/0x2f8 [ 24.361302] kunit_try_run_case+0x14c/0x3d0 [ 24.361930] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.362680] kthread+0x24c/0x2d0 [ 24.363381] ret_from_fork+0x10/0x20 [ 24.363961] [ 24.364249] Allocated by task 164: [ 24.364678] kasan_save_stack+0x3c/0x68 [ 24.365303] kasan_save_track+0x20/0x40 [ 24.365820] kasan_save_alloc_info+0x40/0x58 [ 24.366387] __kasan_kmalloc+0xd4/0xd8 [ 24.367071] __kmalloc_cache_noprof+0x15c/0x3c0 [ 24.368063] kmalloc_oob_memset_8+0xb0/0x2f8 [ 24.368721] kunit_try_run_case+0x14c/0x3d0 [ 24.369298] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.370069] kthread+0x24c/0x2d0 [ 24.370557] ret_from_fork+0x10/0x20 [ 24.371368] [ 24.371692] The buggy address belongs to the object at fff00000c6387b00 [ 24.371692] which belongs to the cache kmalloc-128 of size 128 [ 24.372798] The buggy address is located 113 bytes inside of [ 24.372798] allocated 120-byte region [fff00000c6387b00, fff00000c6387b78) [ 24.374659] [ 24.375125] The buggy address belongs to the physical page: [ 24.376381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106387 [ 24.377166] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.377766] page_type: f5(slab) [ 24.378263] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.379453] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.380267] page dumped because: kasan: bad access detected [ 24.380961] [ 24.381288] Memory state around the buggy address: [ 24.381939] fff00000c6387a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 24.383076] fff00000c6387a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.383802] >fff00000c6387b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.384614] ^ [ 24.385416] fff00000c6387b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.386291] fff00000c6387c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.387239] ================================================================== [ 24.394876] ================================================================== [ 24.396278] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 24.397056] Write of size 16 at addr fff00000c639fb69 by task kunit_try_catch/166 [ 24.398390] [ 24.398715] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 24.399789] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.400313] Hardware name: linux,dummy-virt (DT) [ 24.401119] Call trace: [ 24.401461] show_stack+0x20/0x38 (C) [ 24.402287] dump_stack_lvl+0x8c/0xd0 [ 24.403237] print_report+0x118/0x5e0 [ 24.403774] kasan_report+0xc8/0x118 [ 24.404278] kasan_check_range+0x100/0x1a8 [ 24.404924] __asan_memset+0x34/0x78 [ 24.405444] kmalloc_oob_memset_16+0x150/0x2f8 [ 24.406031] kunit_try_run_case+0x14c/0x3d0 [ 24.406684] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.408056] kthread+0x24c/0x2d0 [ 24.408546] ret_from_fork+0x10/0x20 [ 24.409168] [ 24.409452] Allocated by task 166: [ 24.409955] kasan_save_stack+0x3c/0x68 [ 24.410559] kasan_save_track+0x20/0x40 [ 24.411469] kasan_save_alloc_info+0x40/0x58 [ 24.411895] __kasan_kmalloc+0xd4/0xd8 [ 24.412434] __kmalloc_cache_noprof+0x15c/0x3c0 [ 24.413012] kmalloc_oob_memset_16+0xb0/0x2f8 [ 24.413561] kunit_try_run_case+0x14c/0x3d0 [ 24.414274] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.415417] kthread+0x24c/0x2d0 [ 24.415793] ret_from_fork+0x10/0x20 [ 24.416390] [ 24.416763] The buggy address belongs to the object at fff00000c639fb00 [ 24.416763] which belongs to the cache kmalloc-128 of size 128 [ 24.418002] The buggy address is located 105 bytes inside of [ 24.418002] allocated 120-byte region [fff00000c639fb00, fff00000c639fb78) [ 24.419241] [ 24.419605] The buggy address belongs to the physical page: [ 24.420180] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10639f [ 24.421090] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.422112] page_type: f5(slab) [ 24.422665] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.424255] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.425206] page dumped because: kasan: bad access detected [ 24.425889] [ 24.426206] Memory state around the buggy address: [ 24.426963] fff00000c639fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 24.427869] fff00000c639fa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.428654] >fff00000c639fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.429566] ^ [ 24.430427] fff00000c639fb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.431416] fff00000c639fc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.431967] ================================================================== [ 24.252155] ================================================================== [ 24.253347] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 24.254071] Write of size 2 at addr fff00000c639f777 by task kunit_try_catch/160 [ 24.254670] [ 24.255764] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 24.257092] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.257782] Hardware name: linux,dummy-virt (DT) [ 24.258499] Call trace: [ 24.259387] show_stack+0x20/0x38 (C) [ 24.259911] dump_stack_lvl+0x8c/0xd0 [ 24.260485] print_report+0x118/0x5e0 [ 24.261364] kasan_report+0xc8/0x118 [ 24.262035] kasan_check_range+0x100/0x1a8 [ 24.262557] __asan_memset+0x34/0x78 [ 24.263595] kmalloc_oob_memset_2+0x150/0x2f8 [ 24.264225] kunit_try_run_case+0x14c/0x3d0 [ 24.265094] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.266126] kthread+0x24c/0x2d0 [ 24.266782] ret_from_fork+0x10/0x20 [ 24.267492] [ 24.268057] Allocated by task 160: [ 24.268590] kasan_save_stack+0x3c/0x68 [ 24.269141] kasan_save_track+0x20/0x40 [ 24.269787] kasan_save_alloc_info+0x40/0x58 [ 24.270454] __kasan_kmalloc+0xd4/0xd8 [ 24.270945] __kmalloc_cache_noprof+0x15c/0x3c0 [ 24.272201] kmalloc_oob_memset_2+0xb0/0x2f8 [ 24.272912] kunit_try_run_case+0x14c/0x3d0 [ 24.273512] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.274209] kthread+0x24c/0x2d0 [ 24.274780] ret_from_fork+0x10/0x20 [ 24.275445] [ 24.275790] The buggy address belongs to the object at fff00000c639f700 [ 24.275790] which belongs to the cache kmalloc-128 of size 128 [ 24.277084] The buggy address is located 119 bytes inside of [ 24.277084] allocated 120-byte region [fff00000c639f700, fff00000c639f778) [ 24.278733] [ 24.279752] The buggy address belongs to the physical page: [ 24.280252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10639f [ 24.281106] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.281865] page_type: f5(slab) [ 24.282325] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.283269] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.284144] page dumped because: kasan: bad access detected [ 24.284805] [ 24.285108] Memory state around the buggy address: [ 24.285643] fff00000c639f600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.286445] fff00000c639f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.287588] >fff00000c639f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.288317] ^ [ 24.289224] fff00000c639f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.290282] fff00000c639f800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.291164] ==================================================================
[ 24.153670] ================================================================== [ 24.155133] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x167/0x330 [ 24.156062] Write of size 2 at addr ffff888102957177 by task kunit_try_catch/179 [ 24.157285] [ 24.157561] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 24.159148] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.159712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.160966] Call Trace: [ 24.161328] <TASK> [ 24.161990] dump_stack_lvl+0x73/0xb0 [ 24.162677] print_report+0xd1/0x640 [ 24.163419] ? __virt_addr_valid+0x1db/0x2d0 [ 24.164331] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.165128] kasan_report+0x102/0x140 [ 24.165830] ? kmalloc_oob_memset_2+0x167/0x330 [ 24.166315] ? kmalloc_oob_memset_2+0x167/0x330 [ 24.166783] kasan_check_range+0x10c/0x1c0 [ 24.167175] __asan_memset+0x27/0x50 [ 24.168528] kmalloc_oob_memset_2+0x167/0x330 [ 24.168997] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 24.169895] ? __schedule+0xc70/0x27e0 [ 24.170422] ? __pfx_read_tsc+0x10/0x10 [ 24.171139] ? ktime_get_ts64+0x86/0x230 [ 24.171698] kunit_try_run_case+0x1b3/0x490 [ 24.172120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.173047] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.173839] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.174552] ? __kthread_parkme+0x82/0x160 [ 24.175390] ? preempt_count_sub+0x50/0x80 [ 24.176438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.176963] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.177865] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.178952] kthread+0x257/0x310 [ 24.179286] ? __pfx_kthread+0x10/0x10 [ 24.180072] ret_from_fork+0x41/0x80 [ 24.180859] ? __pfx_kthread+0x10/0x10 [ 24.181290] ret_from_fork_asm+0x1a/0x30 [ 24.182089] </TASK> [ 24.182578] [ 24.182771] Allocated by task 179: [ 24.183763] kasan_save_stack+0x3d/0x60 [ 24.184324] kasan_save_track+0x18/0x40 [ 24.184707] kasan_save_alloc_info+0x3b/0x50 [ 24.185591] __kasan_kmalloc+0xb7/0xc0 [ 24.186432] __kmalloc_cache_noprof+0x184/0x410 [ 24.186736] kmalloc_oob_memset_2+0xad/0x330 [ 24.187246] kunit_try_run_case+0x1b3/0x490 [ 24.188281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.189006] kthread+0x257/0x310 [ 24.189180] ret_from_fork+0x41/0x80 [ 24.190469] ret_from_fork_asm+0x1a/0x30 [ 24.191583] [ 24.192176] The buggy address belongs to the object at ffff888102957100 [ 24.192176] which belongs to the cache kmalloc-128 of size 128 [ 24.193795] The buggy address is located 119 bytes inside of [ 24.193795] allocated 120-byte region [ffff888102957100, ffff888102957178) [ 24.195478] [ 24.195693] The buggy address belongs to the physical page: [ 24.196605] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102957 [ 24.197987] flags: 0x200000000000000(node=0|zone=2) [ 24.198489] page_type: f5(slab) [ 24.199369] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.200393] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.201336] page dumped because: kasan: bad access detected [ 24.201871] [ 24.202683] Memory state around the buggy address: [ 24.203284] ffff888102957000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 24.204347] ffff888102957080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.205219] >ffff888102957100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.206491] ^ [ 24.207837] ffff888102957180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.208701] ffff888102957200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.209771] ================================================================== [ 24.339608] ================================================================== [ 24.340820] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x167/0x330 [ 24.342348] Write of size 16 at addr ffff888102406869 by task kunit_try_catch/185 [ 24.343531] [ 24.343722] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 24.345267] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.346309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.347488] Call Trace: [ 24.348347] <TASK> [ 24.348655] dump_stack_lvl+0x73/0xb0 [ 24.349085] print_report+0xd1/0x640 [ 24.349759] ? __virt_addr_valid+0x1db/0x2d0 [ 24.350781] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.351714] kasan_report+0x102/0x140 [ 24.352515] ? kmalloc_oob_memset_16+0x167/0x330 [ 24.353172] ? kmalloc_oob_memset_16+0x167/0x330 [ 24.353500] kasan_check_range+0x10c/0x1c0 [ 24.354758] __asan_memset+0x27/0x50 [ 24.355405] kmalloc_oob_memset_16+0x167/0x330 [ 24.355829] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 24.356284] ? __schedule+0xc70/0x27e0 [ 24.356716] ? __pfx_read_tsc+0x10/0x10 [ 24.357143] ? ktime_get_ts64+0x86/0x230 [ 24.358214] kunit_try_run_case+0x1b3/0x490 [ 24.358974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.359373] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.360446] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.361092] ? __kthread_parkme+0x82/0x160 [ 24.361852] ? preempt_count_sub+0x50/0x80 [ 24.362368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.363415] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.364206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.364886] kthread+0x257/0x310 [ 24.365476] ? __pfx_kthread+0x10/0x10 [ 24.366147] ret_from_fork+0x41/0x80 [ 24.366709] ? __pfx_kthread+0x10/0x10 [ 24.367181] ret_from_fork_asm+0x1a/0x30 [ 24.368216] </TASK> [ 24.368575] [ 24.368841] Allocated by task 185: [ 24.369240] kasan_save_stack+0x3d/0x60 [ 24.370189] kasan_save_track+0x18/0x40 [ 24.370959] kasan_save_alloc_info+0x3b/0x50 [ 24.371730] __kasan_kmalloc+0xb7/0xc0 [ 24.372407] __kmalloc_cache_noprof+0x184/0x410 [ 24.373217] kmalloc_oob_memset_16+0xad/0x330 [ 24.374457] kunit_try_run_case+0x1b3/0x490 [ 24.374824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.375398] kthread+0x257/0x310 [ 24.375742] ret_from_fork+0x41/0x80 [ 24.376908] ret_from_fork_asm+0x1a/0x30 [ 24.377317] [ 24.377722] The buggy address belongs to the object at ffff888102406800 [ 24.377722] which belongs to the cache kmalloc-128 of size 128 [ 24.378862] The buggy address is located 105 bytes inside of [ 24.378862] allocated 120-byte region [ffff888102406800, ffff888102406878) [ 24.380950] [ 24.381215] The buggy address belongs to the physical page: [ 24.382195] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102406 [ 24.383106] flags: 0x200000000000000(node=0|zone=2) [ 24.383811] page_type: f5(slab) [ 24.384313] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.385189] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.385938] page dumped because: kasan: bad access detected [ 24.386822] [ 24.387078] Memory state around the buggy address: [ 24.387424] ffff888102406700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.389100] ffff888102406780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.389749] >ffff888102406800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.390674] ^ [ 24.391799] ffff888102406880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.392284] ffff888102406900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.393615] ================================================================== [ 24.216897] ================================================================== [ 24.218189] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x167/0x330 [ 24.219958] Write of size 4 at addr ffff888102406575 by task kunit_try_catch/181 [ 24.221630] [ 24.222072] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 24.223520] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.224375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.225184] Call Trace: [ 24.225575] <TASK> [ 24.226075] dump_stack_lvl+0x73/0xb0 [ 24.226695] print_report+0xd1/0x640 [ 24.227178] ? __virt_addr_valid+0x1db/0x2d0 [ 24.228134] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.229139] kasan_report+0x102/0x140 [ 24.229863] ? kmalloc_oob_memset_4+0x167/0x330 [ 24.230581] ? kmalloc_oob_memset_4+0x167/0x330 [ 24.231336] kasan_check_range+0x10c/0x1c0 [ 24.231798] __asan_memset+0x27/0x50 [ 24.232791] kmalloc_oob_memset_4+0x167/0x330 [ 24.233680] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 24.234148] ? __schedule+0xc70/0x27e0 [ 24.235039] ? __pfx_read_tsc+0x10/0x10 [ 24.235750] ? ktime_get_ts64+0x86/0x230 [ 24.236539] kunit_try_run_case+0x1b3/0x490 [ 24.237621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.238140] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.239049] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.240007] ? __kthread_parkme+0x82/0x160 [ 24.240546] ? preempt_count_sub+0x50/0x80 [ 24.242006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.242719] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.243557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.244502] kthread+0x257/0x310 [ 24.245541] ? __pfx_kthread+0x10/0x10 [ 24.246075] ret_from_fork+0x41/0x80 [ 24.246607] ? __pfx_kthread+0x10/0x10 [ 24.247171] ret_from_fork_asm+0x1a/0x30 [ 24.247691] </TASK> [ 24.248824] [ 24.248989] Allocated by task 181: [ 24.249539] kasan_save_stack+0x3d/0x60 [ 24.250672] kasan_save_track+0x18/0x40 [ 24.251473] kasan_save_alloc_info+0x3b/0x50 [ 24.252730] __kasan_kmalloc+0xb7/0xc0 [ 24.253574] __kmalloc_cache_noprof+0x184/0x410 [ 24.254715] kmalloc_oob_memset_4+0xad/0x330 [ 24.255960] kunit_try_run_case+0x1b3/0x490 [ 24.256752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.257779] kthread+0x257/0x310 [ 24.258499] ret_from_fork+0x41/0x80 [ 24.259119] ret_from_fork_asm+0x1a/0x30 [ 24.259904] [ 24.260345] The buggy address belongs to the object at ffff888102406500 [ 24.260345] which belongs to the cache kmalloc-128 of size 128 [ 24.262174] The buggy address is located 117 bytes inside of [ 24.262174] allocated 120-byte region [ffff888102406500, ffff888102406578) [ 24.264309] [ 24.264783] The buggy address belongs to the physical page: [ 24.265738] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102406 [ 24.267379] flags: 0x200000000000000(node=0|zone=2) [ 24.268499] page_type: f5(slab) [ 24.268798] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.269967] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.271014] page dumped because: kasan: bad access detected [ 24.271402] [ 24.271867] Memory state around the buggy address: [ 24.272336] ffff888102406400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 24.273892] ffff888102406480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.275409] >ffff888102406500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.276597] ^ [ 24.277525] ffff888102406580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.277813] ffff888102406600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.278090] ================================================================== [ 24.284866] ================================================================== [ 24.286083] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x167/0x330 [ 24.287220] Write of size 8 at addr ffff888102406771 by task kunit_try_catch/183 [ 24.288271] [ 24.288491] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 24.289540] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.289982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.290691] Call Trace: [ 24.291026] <TASK> [ 24.291366] dump_stack_lvl+0x73/0xb0 [ 24.292085] print_report+0xd1/0x640 [ 24.292461] ? __virt_addr_valid+0x1db/0x2d0 [ 24.293415] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.294074] kasan_report+0x102/0x140 [ 24.294528] ? kmalloc_oob_memset_8+0x167/0x330 [ 24.295431] ? kmalloc_oob_memset_8+0x167/0x330 [ 24.295766] kasan_check_range+0x10c/0x1c0 [ 24.296717] __asan_memset+0x27/0x50 [ 24.297223] kmalloc_oob_memset_8+0x167/0x330 [ 24.297606] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 24.298540] ? __schedule+0xc70/0x27e0 [ 24.299094] ? __pfx_read_tsc+0x10/0x10 [ 24.299573] ? ktime_get_ts64+0x86/0x230 [ 24.300036] kunit_try_run_case+0x1b3/0x490 [ 24.300589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.300995] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 24.301708] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.302207] ? __kthread_parkme+0x82/0x160 [ 24.302707] ? preempt_count_sub+0x50/0x80 [ 24.303800] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.304240] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.304798] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.305598] kthread+0x257/0x310 [ 24.306107] ? __pfx_kthread+0x10/0x10 [ 24.306540] ret_from_fork+0x41/0x80 [ 24.307274] ? __pfx_kthread+0x10/0x10 [ 24.308108] ret_from_fork_asm+0x1a/0x30 [ 24.308579] </TASK> [ 24.309008] [ 24.309562] Allocated by task 183: [ 24.309803] kasan_save_stack+0x3d/0x60 [ 24.310409] kasan_save_track+0x18/0x40 [ 24.311425] kasan_save_alloc_info+0x3b/0x50 [ 24.311846] __kasan_kmalloc+0xb7/0xc0 [ 24.312279] __kmalloc_cache_noprof+0x184/0x410 [ 24.313224] kmalloc_oob_memset_8+0xad/0x330 [ 24.313770] kunit_try_run_case+0x1b3/0x490 [ 24.314627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.315484] kthread+0x257/0x310 [ 24.316120] ret_from_fork+0x41/0x80 [ 24.316520] ret_from_fork_asm+0x1a/0x30 [ 24.317357] [ 24.317775] The buggy address belongs to the object at ffff888102406700 [ 24.317775] which belongs to the cache kmalloc-128 of size 128 [ 24.318875] The buggy address is located 113 bytes inside of [ 24.318875] allocated 120-byte region [ffff888102406700, ffff888102406778) [ 24.320362] [ 24.320782] The buggy address belongs to the physical page: [ 24.321377] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102406 [ 24.322336] flags: 0x200000000000000(node=0|zone=2) [ 24.322688] page_type: f5(slab) [ 24.323180] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.323855] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.324588] page dumped because: kasan: bad access detected [ 24.325324] [ 24.325580] Memory state around the buggy address: [ 24.326358] ffff888102406600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 24.327329] ffff888102406680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.328277] >ffff888102406700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.329607] ^ [ 24.330448] ffff888102406780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.331608] ffff888102406800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.332347] ==================================================================