Hay
Sign in
Date
May 15, 2025, 10:38 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   17.987033] ==================================================================
[   17.987245] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8
[   17.987298] Write of size 16 at addr fff00000c5ccd280 by task kunit_try_catch/166
[   17.987415] 
[   17.987581] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT 
[   17.987667] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.987708] Hardware name: linux,dummy-virt (DT)
[   17.987766] Call trace:
[   17.987790]  show_stack+0x20/0x38 (C)
[   17.987875]  dump_stack_lvl+0x8c/0xd0
[   17.987942]  print_report+0x118/0x608
[   17.988008]  kasan_report+0xdc/0x128
[   17.988140]  __asan_report_store16_noabort+0x20/0x30
[   17.988214]  kmalloc_oob_16+0x3a0/0x3f8
[   17.988263]  kunit_try_run_case+0x170/0x3f0
[   17.988447]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.988510]  kthread+0x328/0x630
[   17.988555]  ret_from_fork+0x10/0x20
[   17.988602] 
[   17.988619] Allocated by task 166:
[   17.988655]  kasan_save_stack+0x3c/0x68
[   17.988695]  kasan_save_track+0x20/0x40
[   17.988730]  kasan_save_alloc_info+0x40/0x58
[   17.988776]  __kasan_kmalloc+0xd4/0xd8
[   17.988811]  __kmalloc_cache_noprof+0x15c/0x3c0
[   17.988847]  kmalloc_oob_16+0xb4/0x3f8
[   17.988881]  kunit_try_run_case+0x170/0x3f0
[   17.988915]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.988955]  kthread+0x328/0x630
[   17.988989]  ret_from_fork+0x10/0x20
[   17.989196] 
[   17.989379] The buggy address belongs to the object at fff00000c5ccd280
[   17.989379]  which belongs to the cache kmalloc-16 of size 16
[   17.989464] The buggy address is located 0 bytes inside of
[   17.989464]  allocated 13-byte region [fff00000c5ccd280, fff00000c5ccd28d)
[   17.989603] 
[   17.989625] The buggy address belongs to the physical page:
[   17.989758] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105ccd
[   17.989863] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.990122] page_type: f5(slab)
[   17.990277] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   17.990430] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   17.990627] page dumped because: kasan: bad access detected
[   17.990882] 
[   17.990964] Memory state around the buggy address:
[   17.991085]  fff00000c5ccd180: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   17.991130]  fff00000c5ccd200: fa fb fc fc fa fb fc fc 00 04 fc fc fa fb fc fc
[   17.991534] >fff00000c5ccd280: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc
[   17.991622]                       ^
[   17.991735]  fff00000c5ccd300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.991804]  fff00000c5ccd380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.991866] ==================================================================
Metadata Full log Test run details 

[   14.036681] ==================================================================
[   14.037276] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0
[   14.038346] Write of size 16 at addr ffff8881022a3460 by task kunit_try_catch/184
[   14.039025] 
[   14.039200] CPU: 1 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) 
[   14.039313] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.039350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.039388] Call Trace:
[   14.039417]  <TASK>
[   14.039451]  dump_stack_lvl+0x73/0xb0
[   14.039519]  print_report+0xd1/0x650
[   14.039589]  ? __virt_addr_valid+0x1db/0x2d0
[   14.039629]  ? kmalloc_oob_16+0x452/0x4a0
[   14.039664]  ? kasan_complete_mode_report_info+0x2a/0x200
[   14.039693]  ? kmalloc_oob_16+0x452/0x4a0
[   14.039713]  kasan_report+0x141/0x180
[   14.039734]  ? kmalloc_oob_16+0x452/0x4a0
[   14.039759]  __asan_report_store16_noabort+0x1b/0x30
[   14.039778]  kmalloc_oob_16+0x452/0x4a0
[   14.039798]  ? __pfx_kmalloc_oob_16+0x10/0x10
[   14.039819]  ? __schedule+0x10cc/0x2b60
[   14.039840]  ? __pfx_read_tsc+0x10/0x10
[   14.039861]  ? ktime_get_ts64+0x86/0x230
[   14.039884]  kunit_try_run_case+0x1a5/0x480
[   14.039909]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.039929]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.039950]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.039972]  ? __kthread_parkme+0x82/0x180
[   14.039993]  ? preempt_count_sub+0x50/0x80
[   14.040016]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.040037]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.040058]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.040078]  kthread+0x337/0x6f0
[   14.040096]  ? trace_preempt_on+0x20/0xc0
[   14.040119]  ? __pfx_kthread+0x10/0x10
[   14.040139]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.040158]  ? calculate_sigpending+0x7b/0xa0
[   14.040180]  ? __pfx_kthread+0x10/0x10
[   14.040200]  ret_from_fork+0x116/0x1d0
[   14.040217]  ? __pfx_kthread+0x10/0x10
[   14.040260]  ret_from_fork_asm+0x1a/0x30
[   14.040292]  </TASK>
[   14.040304] 
[   14.048761] Allocated by task 184:
[   14.049057]  kasan_save_stack+0x45/0x70
[   14.049385]  kasan_save_track+0x18/0x40
[   14.049686]  kasan_save_alloc_info+0x3b/0x50
[   14.050007]  __kasan_kmalloc+0xb7/0xc0
[   14.050853]  __kmalloc_cache_noprof+0x189/0x420
[   14.051212]  kmalloc_oob_16+0xa8/0x4a0
[   14.051704]  kunit_try_run_case+0x1a5/0x480
[   14.052056]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.052318]  kthread+0x337/0x6f0
[   14.052784]  ret_from_fork+0x116/0x1d0
[   14.053031]  ret_from_fork_asm+0x1a/0x30
[   14.053357] 
[   14.053707] The buggy address belongs to the object at ffff8881022a3460
[   14.053707]  which belongs to the cache kmalloc-16 of size 16
[   14.054346] The buggy address is located 0 bytes inside of
[   14.054346]  allocated 13-byte region [ffff8881022a3460, ffff8881022a346d)
[   14.055363] 
[   14.055808] The buggy address belongs to the physical page:
[   14.056970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a3
[   14.057290] flags: 0x200000000000000(node=0|zone=2)
[   14.057922] page_type: f5(slab)
[   14.058318] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   14.058874] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   14.059100] page dumped because: kasan: bad access detected
[   14.059484] 
[   14.059637] Memory state around the buggy address:
[   14.059881]  ffff8881022a3300: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   14.060158]  ffff8881022a3380: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc
[   14.060994] >ffff8881022a3400: 00 05 fc fc 00 04 fc fc fa fb fc fc 00 05 fc fc
[   14.061534]                                                           ^
[   14.062014]  ffff8881022a3480: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.062882]  ffff8881022a3500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.063169] ==================================================================
Metadata Full log Test run details