Hay
Date
June 5, 2025, 7:08 a.m.

Environment
qemu-arm64

[   25.210269] ==================================================================
[   25.210432] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8
[   25.210557] Write of size 2 at addr fff00000c6419377 by task kunit_try_catch/172
[   25.210744] 
[   25.210826] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   25.211341] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.211432] Hardware name: linux,dummy-virt (DT)
[   25.211739] Call trace:
[   25.211854]  show_stack+0x20/0x38 (C)
[   25.211974]  dump_stack_lvl+0x8c/0xd0
[   25.212099]  print_report+0x118/0x608
[   25.212383]  kasan_report+0xdc/0x128
[   25.212609]  kasan_check_range+0x100/0x1a8
[   25.212770]  __asan_memset+0x34/0x78
[   25.212885]  kmalloc_oob_memset_2+0x150/0x2f8
[   25.213016]  kunit_try_run_case+0x170/0x3f0
[   25.213230]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.213473]  kthread+0x328/0x630
[   25.213598]  ret_from_fork+0x10/0x20
[   25.213788] 
[   25.213860] Allocated by task 172:
[   25.214144]  kasan_save_stack+0x3c/0x68
[   25.214271]  kasan_save_track+0x20/0x40
[   25.214442]  kasan_save_alloc_info+0x40/0x58
[   25.214543]  __kasan_kmalloc+0xd4/0xd8
[   25.214649]  __kmalloc_cache_noprof+0x16c/0x3c0
[   25.214813]  kmalloc_oob_memset_2+0xb0/0x2f8
[   25.214950]  kunit_try_run_case+0x170/0x3f0
[   25.215098]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.215399]  kthread+0x328/0x630
[   25.215518]  ret_from_fork+0x10/0x20
[   25.215781] 
[   25.215906] The buggy address belongs to the object at fff00000c6419300
[   25.215906]  which belongs to the cache kmalloc-128 of size 128
[   25.216106] The buggy address is located 119 bytes inside of
[   25.216106]  allocated 120-byte region [fff00000c6419300, fff00000c6419378)
[   25.216275] 
[   25.216534] The buggy address belongs to the physical page:
[   25.216636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106419
[   25.216761] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   25.216890] page_type: f5(slab)
[   25.217093] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   25.217220] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.217379] page dumped because: kasan: bad access detected
[   25.217481] 
[   25.217599] Memory state around the buggy address:
[   25.217871]  fff00000c6419200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.218121]  fff00000c6419280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.218364] >fff00000c6419300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   25.218490]                                                                 ^
[   25.218617]  fff00000c6419380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.218721]  fff00000c6419400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.218812] ==================================================================