Date
July 9, 2025, 1:08 p.m.
| Environment | |
|---|---|
| qemu-x86_64 |
[ 24.153801] ================================================================== [ 24.154275] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 24.154986] Write of size 128 at addr ffff8881058c1400 by task kunit_try_catch/220 [ 24.155719] [ 24.155966] CPU: 0 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5-next-20250709 #1 PREEMPT(voluntary) [ 24.156020] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.156033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.156055] Call Trace: [ 24.156068] <TASK> [ 24.156088] dump_stack_lvl+0x73/0xb0 [ 24.156120] print_report+0xd1/0x610 [ 24.156142] ? __virt_addr_valid+0x1db/0x2d0 [ 24.156166] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.156187] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.156212] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.156233] kasan_report+0x141/0x180 [ 24.156254] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.156279] kasan_check_range+0x10c/0x1c0 [ 24.156302] __asan_memset+0x27/0x50 [ 24.156324] kmalloc_oob_in_memset+0x15f/0x320 [ 24.156345] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 24.156366] ? __schedule+0x10cc/0x2b60 [ 24.156390] ? __pfx_read_tsc+0x10/0x10 [ 24.156411] ? ktime_get_ts64+0x86/0x230 [ 24.156436] kunit_try_run_case+0x1a5/0x480 [ 24.156458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.156477] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.156500] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.156522] ? __kthread_parkme+0x82/0x180 [ 24.156543] ? preempt_count_sub+0x50/0x80 [ 24.156566] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.156587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.156610] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.156634] kthread+0x337/0x6f0 [ 24.156653] ? trace_preempt_on+0x20/0xc0 [ 24.156677] ? __pfx_kthread+0x10/0x10 [ 24.156709] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.156750] ? calculate_sigpending+0x7b/0xa0 [ 24.156774] ? __pfx_kthread+0x10/0x10 [ 24.156801] ret_from_fork+0x116/0x1d0 [ 24.156819] ? __pfx_kthread+0x10/0x10 [ 24.156839] ret_from_fork_asm+0x1a/0x30 [ 24.156870] </TASK> [ 24.156889] [ 24.170227] Allocated by task 220: [ 24.170364] kasan_save_stack+0x45/0x70 [ 24.170506] kasan_save_track+0x18/0x40 [ 24.170632] kasan_save_alloc_info+0x3b/0x50 [ 24.170827] __kasan_kmalloc+0xb7/0xc0 [ 24.170955] __kmalloc_cache_noprof+0x189/0x420 [ 24.171104] kmalloc_oob_in_memset+0xac/0x320 [ 24.171524] kunit_try_run_case+0x1a5/0x480 [ 24.171953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.172502] kthread+0x337/0x6f0 [ 24.172917] ret_from_fork+0x116/0x1d0 [ 24.173207] ret_from_fork_asm+0x1a/0x30 [ 24.173343] [ 24.173411] The buggy address belongs to the object at ffff8881058c1400 [ 24.173411] which belongs to the cache kmalloc-128 of size 128 [ 24.173784] The buggy address is located 0 bytes inside of [ 24.173784] allocated 120-byte region [ffff8881058c1400, ffff8881058c1478) [ 24.174291] [ 24.174385] The buggy address belongs to the physical page: [ 24.174571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c1 [ 24.175045] flags: 0x200000000000000(node=0|zone=2) [ 24.175443] page_type: f5(slab) [ 24.175633] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.176610] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.177065] page dumped because: kasan: bad access detected [ 24.177312] [ 24.177376] Memory state around the buggy address: [ 24.177520] ffff8881058c1300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.177735] ffff8881058c1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.177938] >ffff8881058c1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.178137] ^ [ 24.178336] ffff8881058c1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.178535] ffff8881058c1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.178848] ==================================================================