Date
Feb. 5, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-armv7 | |
| qemu-x86_64 |
[ 145.207221] ================================================================== [ 145.208265] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xf8/0x24c [ 145.208945] Write of size 16 at addr c4fcf100 by task kunit_try_catch/139 [ 145.209686] [ 145.210026] CPU: 0 PID: 139 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 145.210917] Hardware name: Generic DT based system [ 145.211448] unwind_backtrace from show_stack+0x18/0x1c [ 145.212220] show_stack from dump_stack_lvl+0x58/0x70 [ 145.212858] dump_stack_lvl from print_report+0x164/0x51c [ 145.213679] print_report from kasan_report+0xc8/0x104 [ 145.214503] kasan_report from kasan_check_range+0x14c/0x198 [ 145.215233] kasan_check_range from kmalloc_oob_16+0xf8/0x24c [ 145.216006] kmalloc_oob_16 from kunit_try_run_case+0x11c/0x2e4 [ 145.216773] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 145.217835] kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8 [ 145.218711] kthread from ret_from_fork+0x14/0x30 [ 145.219273] Exception stack(0xf9f63fb0 to 0xf9f63ff8) [ 145.219901] 3fa0: 00000000 00000000 00000000 00000000 [ 145.220893] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 145.221861] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 145.222554] [ 145.222921] Allocated by task 139: [ 145.223330] kasan_set_track+0x3c/0x5c [ 145.223860] __kasan_kmalloc+0x8c/0x94 [ 145.224446] kmalloc_oob_16+0xa0/0x24c [ 145.224944] kunit_try_run_case+0x11c/0x2e4 [ 145.226237] kunit_generic_run_threadfn_adapter+0x2c/0x48 [ 145.226968] kthread+0x184/0x1a8 [ 145.227401] ret_from_fork+0x14/0x30 [ 145.227950] [ 145.228247] The buggy address belongs to the object at c4fcf100 [ 145.228247] which belongs to the cache kmalloc-64 of size 64 [ 145.229504] The buggy address is located 0 bytes inside of [ 145.229504] allocated 13-byte region [c4fcf100, c4fcf10d) [ 145.230724] [ 145.231024] The buggy address belongs to the physical page: [ 145.231702] page:8516b471 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44fcf [ 145.232655] flags: 0x800(slab|zone=0) [ 145.233276] page_type: 0xffffffff() [ 145.233750] raw: 00000800 c4801200 00000122 00000000 00000000 80200020 ffffffff 00000001 [ 145.234620] raw: 00000000 [ 145.235003] page dumped because: kasan: bad access detected [ 145.235634] [ 145.235914] Memory state around the buggy address: [ 145.236563] c4fcf000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 145.237338] c4fcf080: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 145.237979] >c4fcf100: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 145.238788] ^ [ 145.239143] c4fcf180: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 145.239979] c4fcf200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 145.240673] ==================================================================
[ 47.944260] ================================================================== [ 47.945500] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xf3/0x250 [ 47.946451] Write of size 16 at addr ffff88810273e020 by task kunit_try_catch/162 [ 47.948028] [ 47.948809] CPU: 1 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 47.949665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 47.950622] Call Trace: [ 47.951170] <TASK> [ 47.951535] dump_stack_lvl+0x4e/0x90 [ 47.952169] print_report+0xd2/0x660 [ 47.952713] ? __virt_addr_valid+0x156/0x1e0 [ 47.953260] ? kasan_complete_mode_report_info+0x2a/0x200 [ 47.953941] kasan_report+0xff/0x140 [ 47.954473] ? kmalloc_oob_16+0xf3/0x250 [ 47.955053] ? kmalloc_oob_16+0xf3/0x250 [ 47.955572] __asan_store16+0x6c/0xa0 [ 47.956134] kmalloc_oob_16+0xf3/0x250 [ 47.956572] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 47.957221] ? __schedule+0x70b/0x1190 [ 47.957783] ? ktime_get_ts64+0x118/0x140 [ 47.958379] kunit_try_run_case+0x126/0x290 [ 47.958977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.959557] ? __kasan_check_write+0x18/0x20 [ 47.960141] ? trace_preempt_on+0x20/0xa0 [ 47.960750] ? __kthread_parkme+0x4f/0xd0 [ 47.961270] ? preempt_count_sub+0x50/0x80 [ 47.961882] ? __pfx_kunit_try_run_case+0x10/0x10 [ 47.962443] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 47.963176] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.963830] kthread+0x19e/0x1e0 [ 47.964352] ? __pfx_kthread+0x10/0x10 [ 47.964927] ret_from_fork+0x41/0x70 [ 47.965423] ? __pfx_kthread+0x10/0x10 [ 47.966001] ret_from_fork_asm+0x1b/0x30 [ 47.966557] </TASK> [ 47.966897] [ 47.967171] Allocated by task 162: [ 47.967615] kasan_save_stack+0x3c/0x60 [ 47.968190] kasan_set_track+0x29/0x40 [ 47.968656] kasan_save_alloc_info+0x22/0x30 [ 47.969229] __kasan_kmalloc+0xb7/0xc0 [ 47.969787] kmalloc_trace+0x4c/0xb0 [ 47.970275] kmalloc_oob_16+0x8f/0x250 [ 47.970728] kunit_try_run_case+0x126/0x290 [ 47.971330] kunit_generic_run_threadfn_adapter+0x33/0x50 [ 47.972058] kthread+0x19e/0x1e0 [ 47.972552] ret_from_fork+0x41/0x70 [ 47.973096] ret_from_fork_asm+0x1b/0x30 [ 47.973649] [ 47.973981] The buggy address belongs to the object at ffff88810273e020 [ 47.973981] which belongs to the cache kmalloc-16 of size 16 [ 47.974957] The buggy address is located 0 bytes inside of [ 47.974957] allocated 13-byte region [ffff88810273e020, ffff88810273e02d) [ 47.976181] [ 47.976460] The buggy address belongs to the physical page: [ 47.977045] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10273e [ 47.978095] flags: 0x200000000000800(slab|node=0|zone=2) [ 47.978670] page_type: 0xffffffff() [ 47.979243] raw: 0200000000000800 ffff8881000413c0 dead000000000122 0000000000000000 [ 47.980105] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 47.980780] page dumped because: kasan: bad access detected [ 47.981363] [ 47.981616] Memory state around the buggy address: [ 47.982233] ffff88810273df00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 47.982944] ffff88810273df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.983643] >ffff88810273e000: 00 04 fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 47.984368] ^ [ 47.984871] ffff88810273e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.985605] ffff88810273e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 47.986324] ==================================================================