Date
Dec. 9, 2024, 6:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 26.796593] ================================================================== [ 26.798312] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x230/0x268 [ 26.800045] Read of size 1 at addr ffff800080b37cba by task kunit_try_catch/237 [ 26.800764] [ 26.801107] CPU: 1 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 26.802261] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.802888] Hardware name: linux,dummy-virt (DT) [ 26.803541] Call trace: [ 26.803939] show_stack+0x20/0x38 (C) [ 26.804572] dump_stack_lvl+0x8c/0xd0 [ 26.805434] print_report+0x2fc/0x5e0 [ 26.806088] kasan_report+0xc8/0x118 [ 26.806713] __asan_report_load1_noabort+0x20/0x30 [ 26.807387] kasan_stack_oob+0x230/0x268 [ 26.808071] kunit_try_run_case+0x14c/0x3d0 [ 26.808856] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.809602] kthread+0x24c/0x2d0 [ 26.810228] ret_from_fork+0x10/0x20 [ 26.811123] [ 26.811456] The buggy address belongs to stack of task kunit_try_catch/237 [ 26.812399] and is located at offset 138 in frame: [ 26.813102] kasan_stack_oob+0x0/0x268 [ 26.813935] [ 26.814252] This frame has 4 objects: [ 26.815188] [48, 49) '__assertion' [ 26.815289] [64, 72) 'array' [ 26.815691] [96, 112) '__assertion' [ 26.816227] [128, 138) 'stack_array' [ 26.816886] [ 26.817650] The buggy address belongs to the virtual mapping at [ 26.817650] [ffff800080b30000, ffff800080b39000) created by: [ 26.817650] kernel_clone+0x140/0x788 [ 26.820087] [ 26.820478] The buggy address belongs to the physical page: [ 26.821187] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1012bd [ 26.822181] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.823494] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 26.824321] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 26.825286] page dumped because: kasan: bad access detected [ 26.826000] [ 26.826328] Memory state around the buggy address: [ 26.827055] ffff800080b37b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 26.828095] ffff800080b37c00: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 00 f2 [ 26.829022] >ffff800080b37c80: f2 f2 00 00 f2 f2 00 02 f3 f3 00 00 00 00 00 00 [ 26.829828] ^ [ 26.830527] ffff800080b37d00: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 [ 26.831545] ffff800080b37d80: f2 f2 00 00 f2 f2 00 00 f3 f3 00 00 00 00 00 00 [ 26.832361] ==================================================================
[ 27.133145] ================================================================== [ 27.134570] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2ae/0x300 [ 27.135178] Read of size 1 at addr ffff888102bb7d72 by task kunit_try_catch/256 [ 27.136886] [ 27.137075] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.13.0-rc2-next-20241209 #1 [ 27.138481] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.139085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.139758] Call Trace: [ 27.140418] <TASK> [ 27.140735] dump_stack_lvl+0x73/0xb0 [ 27.141549] print_report+0xd1/0x640 [ 27.142540] ? __virt_addr_valid+0x1db/0x2d0 [ 27.143260] ? kasan_addr_to_slab+0x11/0xa0 [ 27.143715] kasan_report+0x102/0x140 [ 27.144525] ? kasan_stack_oob+0x2ae/0x300 [ 27.144953] ? kasan_stack_oob+0x2ae/0x300 [ 27.145391] __asan_report_load1_noabort+0x18/0x20 [ 27.145843] kasan_stack_oob+0x2ae/0x300 [ 27.146733] ? __pfx_kasan_stack_oob+0x10/0x10 [ 27.147375] ? finish_task_switch.isra.0+0x153/0x700 [ 27.148183] ? __switch_to+0x5d9/0xf60 [ 27.148600] ? __schedule+0xc70/0x27e0 [ 27.149404] ? __pfx_read_tsc+0x10/0x10 [ 27.149768] ? ktime_get_ts64+0x86/0x230 [ 27.150799] kunit_try_run_case+0x1b3/0x490 [ 27.151154] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.151648] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 27.152981] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.153761] ? __kthread_parkme+0x82/0x160 [ 27.154201] ? preempt_count_sub+0x50/0x80 [ 27.154678] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.155176] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.155989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.156558] kthread+0x257/0x310 [ 27.157181] ? __pfx_kthread+0x10/0x10 [ 27.158066] ret_from_fork+0x41/0x80 [ 27.158419] ? __pfx_kthread+0x10/0x10 [ 27.158719] ret_from_fork_asm+0x1a/0x30 [ 27.159249] </TASK> [ 27.159966] [ 27.160249] The buggy address belongs to stack of task kunit_try_catch/256 [ 27.160941] and is located at offset 138 in frame: [ 27.161373] kasan_stack_oob+0x0/0x300 [ 27.162399] [ 27.162588] This frame has 4 objects: [ 27.163082] [48, 49) '__assertion' [ 27.163161] [64, 72) 'array' [ 27.163489] [96, 112) '__assertion' [ 27.164312] [128, 138) 'stack_array' [ 27.164668] [ 27.165352] The buggy address belongs to the physical page: [ 27.165982] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bb7 [ 27.166388] flags: 0x200000000000000(node=0|zone=2) [ 27.166954] raw: 0200000000000000 ffffea00040aedc8 ffffea00040aedc8 0000000000000000 [ 27.167692] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 27.168535] page dumped because: kasan: bad access detected [ 27.169827] [ 27.169991] Memory state around the buggy address: [ 27.170624] ffff888102bb7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.171612] ffff888102bb7c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 27.172546] >ffff888102bb7d00: f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 02 f3 [ 27.173714] ^ [ 27.174256] ffff888102bb7d80: f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 [ 27.175028] ffff888102bb7e00: f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 00 00 [ 27.175336] ==================================================================