Date
Dec. 9, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 23.178797] ================================================================== [ 23.179763] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x420/0x490 [ 23.180482] Write of size 1 at addr fff00000c6391578 by task kunit_try_catch/130 [ 23.181322] [ 23.181730] CPU: 0 UID: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 23.182835] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.183868] Hardware name: linux,dummy-virt (DT) [ 23.184446] Call trace: [ 23.184889] show_stack+0x20/0x38 (C) [ 23.185468] dump_stack_lvl+0x8c/0xd0 [ 23.186351] print_report+0x118/0x5e0 [ 23.187214] kasan_report+0xc8/0x118 [ 23.187883] __asan_report_store1_noabort+0x20/0x30 [ 23.188594] kmalloc_track_caller_oob_right+0x420/0x490 [ 23.189197] kunit_try_run_case+0x14c/0x3d0 [ 23.189954] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.190731] kthread+0x24c/0x2d0 [ 23.191429] ret_from_fork+0x10/0x20 [ 23.191976] [ 23.192308] Allocated by task 130: [ 23.193365] kasan_save_stack+0x3c/0x68 [ 23.193868] kasan_save_track+0x20/0x40 [ 23.194356] kasan_save_alloc_info+0x40/0x58 [ 23.195203] __kasan_kmalloc+0xd4/0xd8 [ 23.195626] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 23.196293] kmalloc_track_caller_oob_right+0x184/0x490 [ 23.196941] kunit_try_run_case+0x14c/0x3d0 [ 23.197552] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.198249] kthread+0x24c/0x2d0 [ 23.198723] ret_from_fork+0x10/0x20 [ 23.199880] [ 23.200206] The buggy address belongs to the object at fff00000c6391500 [ 23.200206] which belongs to the cache kmalloc-128 of size 128 [ 23.201410] The buggy address is located 0 bytes to the right of [ 23.201410] allocated 120-byte region [fff00000c6391500, fff00000c6391578) [ 23.202693] [ 23.203057] The buggy address belongs to the physical page: [ 23.204042] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106391 [ 23.204919] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.205676] page_type: f5(slab) [ 23.206253] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.207717] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.208493] page dumped because: kasan: bad access detected [ 23.209187] [ 23.209487] Memory state around the buggy address: [ 23.210573] fff00000c6391400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.211607] fff00000c6391480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.212406] >fff00000c6391500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.213178] ^ [ 23.214076] fff00000c6391580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.214751] fff00000c6391600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.215880] ================================================================== [ 23.140034] ================================================================== [ 23.141098] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x414/0x490 [ 23.141898] Write of size 1 at addr fff00000c6391478 by task kunit_try_catch/130 [ 23.142671] [ 23.143496] CPU: 0 UID: 0 PID: 130 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 23.144955] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.145660] Hardware name: linux,dummy-virt (DT) [ 23.146420] Call trace: [ 23.147382] show_stack+0x20/0x38 (C) [ 23.148190] dump_stack_lvl+0x8c/0xd0 [ 23.148907] print_report+0x118/0x5e0 [ 23.149396] kasan_report+0xc8/0x118 [ 23.149911] __asan_report_store1_noabort+0x20/0x30 [ 23.150580] kmalloc_track_caller_oob_right+0x414/0x490 [ 23.151791] kunit_try_run_case+0x14c/0x3d0 [ 23.152290] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.153161] kthread+0x24c/0x2d0 [ 23.153738] ret_from_fork+0x10/0x20 [ 23.154271] [ 23.154583] Allocated by task 130: [ 23.155172] kasan_save_stack+0x3c/0x68 [ 23.155691] kasan_save_track+0x20/0x40 [ 23.156212] kasan_save_alloc_info+0x40/0x58 [ 23.156836] __kasan_kmalloc+0xd4/0xd8 [ 23.157556] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 23.158128] kmalloc_track_caller_oob_right+0xa8/0x490 [ 23.158881] kunit_try_run_case+0x14c/0x3d0 [ 23.159429] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 23.160162] kthread+0x24c/0x2d0 [ 23.160666] ret_from_fork+0x10/0x20 [ 23.161732] [ 23.162063] The buggy address belongs to the object at fff00000c6391400 [ 23.162063] which belongs to the cache kmalloc-128 of size 128 [ 23.163605] The buggy address is located 0 bytes to the right of [ 23.163605] allocated 120-byte region [fff00000c6391400, fff00000c6391478) [ 23.164815] [ 23.165141] The buggy address belongs to the physical page: [ 23.165801] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106391 [ 23.166682] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 23.168101] page_type: f5(slab) [ 23.168556] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 23.169359] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.170264] page dumped because: kasan: bad access detected [ 23.170910] [ 23.171228] Memory state around the buggy address: [ 23.171814] fff00000c6391300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 23.172547] fff00000c6391380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.173393] >fff00000c6391400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.174483] ^ [ 23.175588] fff00000c6391480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.176341] fff00000c6391500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.177125] ==================================================================
[ 22.763157] ================================================================== [ 22.764360] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b3/0x530 [ 22.765010] Write of size 1 at addr ffff888102954778 by task kunit_try_catch/149 [ 22.765597] [ 22.765830] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 22.767747] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.768287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.769468] Call Trace: [ 22.769773] <TASK> [ 22.770477] dump_stack_lvl+0x73/0xb0 [ 22.770897] print_report+0xd1/0x640 [ 22.771260] ? __virt_addr_valid+0x1db/0x2d0 [ 22.771680] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.772713] kasan_report+0x102/0x140 [ 22.773182] ? kmalloc_track_caller_oob_right+0x4b3/0x530 [ 22.773518] ? kmalloc_track_caller_oob_right+0x4b3/0x530 [ 22.774740] __asan_report_store1_noabort+0x1b/0x30 [ 22.775234] kmalloc_track_caller_oob_right+0x4b3/0x530 [ 22.776031] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.776657] ? __schedule+0xc70/0x27e0 [ 22.777610] ? __pfx_read_tsc+0x10/0x10 [ 22.777909] ? ktime_get_ts64+0x86/0x230 [ 22.778661] kunit_try_run_case+0x1b3/0x490 [ 22.779319] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.779733] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 22.780580] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.781345] ? __kthread_parkme+0x82/0x160 [ 22.782504] ? preempt_count_sub+0x50/0x80 [ 22.782920] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.783958] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.784448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.785437] kthread+0x257/0x310 [ 22.785808] ? __pfx_kthread+0x10/0x10 [ 22.786216] ret_from_fork+0x41/0x80 [ 22.786501] ? __pfx_kthread+0x10/0x10 [ 22.786850] ret_from_fork_asm+0x1a/0x30 [ 22.787407] </TASK> [ 22.787734] [ 22.788949] Allocated by task 149: [ 22.789264] kasan_save_stack+0x3d/0x60 [ 22.790008] kasan_save_track+0x18/0x40 [ 22.790575] kasan_save_alloc_info+0x3b/0x50 [ 22.791263] __kasan_kmalloc+0xb7/0xc0 [ 22.791553] __kmalloc_node_track_caller_noprof+0x1c6/0x500 [ 22.792218] kmalloc_track_caller_oob_right+0x19b/0x530 [ 22.792876] kunit_try_run_case+0x1b3/0x490 [ 22.793360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.793800] kthread+0x257/0x310 [ 22.794252] ret_from_fork+0x41/0x80 [ 22.794791] ret_from_fork_asm+0x1a/0x30 [ 22.795331] [ 22.795584] The buggy address belongs to the object at ffff888102954700 [ 22.795584] which belongs to the cache kmalloc-128 of size 128 [ 22.796824] The buggy address is located 0 bytes to the right of [ 22.796824] allocated 120-byte region [ffff888102954700, ffff888102954778) [ 22.798228] [ 22.798428] The buggy address belongs to the physical page: [ 22.799097] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102954 [ 22.800236] flags: 0x200000000000000(node=0|zone=2) [ 22.800642] page_type: f5(slab) [ 22.801726] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.802566] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.803607] page dumped because: kasan: bad access detected [ 22.804210] [ 22.804411] Memory state around the buggy address: [ 22.804974] ffff888102954600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 22.805867] ffff888102954680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.806419] >ffff888102954700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.807241] ^ [ 22.807900] ffff888102954780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.808356] ffff888102954800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.809109] ================================================================== [ 22.722206] ================================================================== [ 22.723142] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4ca/0x530 [ 22.723946] Write of size 1 at addr ffff888102954678 by task kunit_try_catch/149 [ 22.724530] [ 22.724841] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 22.725540] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.726093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.726761] Call Trace: [ 22.727126] <TASK> [ 22.727495] dump_stack_lvl+0x73/0xb0 [ 22.727962] print_report+0xd1/0x640 [ 22.728455] ? __virt_addr_valid+0x1db/0x2d0 [ 22.728864] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.729438] kasan_report+0x102/0x140 [ 22.729740] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 22.730400] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 22.730823] __asan_report_store1_noabort+0x1b/0x30 [ 22.731418] kmalloc_track_caller_oob_right+0x4ca/0x530 [ 22.732069] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 22.732546] ? __schedule+0xc70/0x27e0 [ 22.732926] ? __pfx_read_tsc+0x10/0x10 [ 22.733427] ? ktime_get_ts64+0x86/0x230 [ 22.733962] kunit_try_run_case+0x1b3/0x490 [ 22.734514] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.735053] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 22.735429] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.736023] ? __kthread_parkme+0x82/0x160 [ 22.736344] ? preempt_count_sub+0x50/0x80 [ 22.736923] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.737474] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.738094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.738517] kthread+0x257/0x310 [ 22.739009] ? __pfx_kthread+0x10/0x10 [ 22.739507] ret_from_fork+0x41/0x80 [ 22.739980] ? __pfx_kthread+0x10/0x10 [ 22.740272] ret_from_fork_asm+0x1a/0x30 [ 22.740640] </TASK> [ 22.741011] [ 22.741253] Allocated by task 149: [ 22.741702] kasan_save_stack+0x3d/0x60 [ 22.742237] kasan_save_track+0x18/0x40 [ 22.742644] kasan_save_alloc_info+0x3b/0x50 [ 22.743189] __kasan_kmalloc+0xb7/0xc0 [ 22.743537] __kmalloc_node_track_caller_noprof+0x1c6/0x500 [ 22.744145] kmalloc_track_caller_oob_right+0x9a/0x530 [ 22.744814] kunit_try_run_case+0x1b3/0x490 [ 22.745171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.745700] kthread+0x257/0x310 [ 22.746023] ret_from_fork+0x41/0x80 [ 22.746290] ret_from_fork_asm+0x1a/0x30 [ 22.746849] [ 22.747107] The buggy address belongs to the object at ffff888102954600 [ 22.747107] which belongs to the cache kmalloc-128 of size 128 [ 22.747990] The buggy address is located 0 bytes to the right of [ 22.747990] allocated 120-byte region [ffff888102954600, ffff888102954678) [ 22.749270] [ 22.749542] The buggy address belongs to the physical page: [ 22.750040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102954 [ 22.750705] flags: 0x200000000000000(node=0|zone=2) [ 22.751081] page_type: f5(slab) [ 22.751420] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 22.752398] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 22.754057] page dumped because: kasan: bad access detected [ 22.754556] [ 22.754705] Memory state around the buggy address: [ 22.755578] ffff888102954500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 22.756551] ffff888102954580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.757471] >ffff888102954600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 22.758680] ^ [ 22.759085] ffff888102954680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.759441] ffff888102954700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.760886] ==================================================================