Date
Feb. 5, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 177.250280] ================================================================== [ 177.253148] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0xc8/0x1f0 [ 177.255085] Read of size 1 at addr ffff0000c5e9f53f by task kunit_try_catch/118 [ 177.257847] [ 177.258346] CPU: 0 PID: 118 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 177.260744] Hardware name: linux,dummy-virt (DT) [ 177.262594] Call trace: [ 177.263277] dump_backtrace+0x9c/0x128 [ 177.264508] show_stack+0x20/0x38 [ 177.265635] dump_stack_lvl+0x60/0xb0 [ 177.266758] print_report+0xf8/0x5d8 [ 177.268044] kasan_report+0xc8/0x118 [ 177.269505] __asan_load1+0x60/0x70 [ 177.270719] kmalloc_oob_left+0xc8/0x1f0 [ 177.271826] kunit_try_run_case+0xf8/0x260 [ 177.273196] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 177.275099] kthread+0x18c/0x1a8 [ 177.276213] ret_from_fork+0x10/0x20 [ 177.277759] [ 177.278211] Allocated by task 11: [ 177.279135] kasan_save_stack+0x3c/0x68 [ 177.280268] kasan_set_track+0x2c/0x40 [ 177.281589] kasan_save_alloc_info+0x24/0x38 [ 177.282716] __kasan_kmalloc+0xd4/0xd8 [ 177.283921] __kmalloc_node_track_caller+0x74/0x1d0 [ 177.285670] krealloc+0x84/0x1a0 [ 177.286601] create_trace_option_files+0x188/0x370 [ 177.287925] tracer_init_tracefs_work_func+0x1fc/0x370 [ 177.289614] process_one_work+0x2a8/0x6d0 [ 177.290980] worker_thread+0x53c/0x708 [ 177.292468] kthread+0x18c/0x1a8 [ 177.293901] ret_from_fork+0x10/0x20 [ 177.295274] [ 177.295913] Freed by task 11: [ 177.296862] kasan_save_stack+0x3c/0x68 [ 177.298160] kasan_set_track+0x2c/0x40 [ 177.299406] kasan_save_free_info+0x38/0x60 [ 177.300855] __kasan_slab_free+0x100/0x170 [ 177.302288] __kmem_cache_free+0x170/0x2e0 [ 177.303467] kfree+0x74/0x138 [ 177.304709] krealloc+0xa8/0x1a0 [ 177.305920] create_trace_option_files+0x188/0x370 [ 177.307368] tracer_init_tracefs_work_func+0x1fc/0x370 [ 177.308834] process_one_work+0x2a8/0x6d0 [ 177.310373] worker_thread+0x53c/0x708 [ 177.311284] kthread+0x18c/0x1a8 [ 177.312459] ret_from_fork+0x10/0x20 [ 177.314113] [ 177.314539] The buggy address belongs to the object at ffff0000c5e9f520 [ 177.314539] which belongs to the cache kmalloc-16 of size 16 [ 177.317375] The buggy address is located 15 bytes to the right of [ 177.317375] allocated 16-byte region [ffff0000c5e9f520, ffff0000c5e9f530) [ 177.320185] [ 177.320642] The buggy address belongs to the physical page: [ 177.322815] page:00000000a166c351 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e9f [ 177.324792] flags: 0xbfffc0000000800(slab|node=0|zone=2|lastcpupid=0xffff) [ 177.326392] page_type: 0xffffffff() [ 177.327868] raw: 0bfffc0000000800 ffff0000c00013c0 dead000000000122 0000000000000000 [ 177.329670] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 177.331856] page dumped because: kasan: bad access detected [ 177.333424] [ 177.333924] Memory state around the buggy address: [ 177.334850] ffff0000c5e9f400: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 177.337011] ffff0000c5e9f480: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 02 fc fc [ 177.338707] >ffff0000c5e9f500: 00 02 fc fc fa fb fc fc 00 07 fc fc fc fc fc fc [ 177.340343] ^ [ 177.341729] ffff0000c5e9f580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 177.343500] ffff0000c5e9f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 177.344849] ==================================================================