Hay
Sign in
Date
June 7, 2025, 10:40 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   22.771951] ==================================================================
[   22.773460] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8
[   22.774426] Write of size 2 at addr fff00000c614ce77 by task kunit_try_catch/161
[   22.775799] 
[   22.776195] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   22.776427] Tainted: [B]=BAD_PAGE, [N]=TEST
[   22.776531] Hardware name: linux,dummy-virt (DT)
[   22.776613] Call trace:
[   22.776646]  show_stack+0x20/0x38 (C)
[   22.776712]  dump_stack_lvl+0x8c/0xd0
[   22.776811]  print_report+0x118/0x608
[   22.776879]  kasan_report+0xdc/0x128
[   22.776971]  kasan_check_range+0x100/0x1a8
[   22.777075]  __asan_memset+0x34/0x78
[   22.777234]  kmalloc_oob_memset_2+0x150/0x2f8
[   22.777359]  kunit_try_run_case+0x170/0x3f0
[   22.777424]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.777488]  kthread+0x318/0x620
[   22.777542]  ret_from_fork+0x10/0x20
[   22.777600] 
[   22.784960] Allocated by task 161:
[   22.786052]  kasan_save_stack+0x3c/0x68
[   22.786988]  kasan_save_track+0x20/0x40
[   22.787462]  kasan_save_alloc_info+0x40/0x58
[   22.787850]  __kasan_kmalloc+0xd4/0xd8
[   22.788451]  __kmalloc_cache_noprof+0x16c/0x3c0
[   22.789166]  kmalloc_oob_memset_2+0xb0/0x2f8
[   22.789688]  kunit_try_run_case+0x170/0x3f0
[   22.790337]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   22.790988]  kthread+0x318/0x620
[   22.791540]  ret_from_fork+0x10/0x20
[   22.792088] 
[   22.792458] The buggy address belongs to the object at fff00000c614ce00
[   22.792458]  which belongs to the cache kmalloc-128 of size 128
[   22.793834] The buggy address is located 119 bytes inside of
[   22.793834]  allocated 120-byte region [fff00000c614ce00, fff00000c614ce78)
[   22.795030] 
[   22.795378] The buggy address belongs to the physical page:
[   22.796094] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10614c
[   22.796953] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   22.797831] page_type: f5(slab)
[   22.798333] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   22.799104] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   22.799969] page dumped because: kasan: bad access detected
[   22.800610] 
[   22.800944] Memory state around the buggy address:
[   22.801642]  fff00000c614cd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   22.802437]  fff00000c614cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.803239] >fff00000c614ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   22.804047]                                                                 ^
[   22.804802]  fff00000c614ce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.805775]  fff00000c614cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   22.806777] ==================================================================
Metadata Full log Test run details 

[   17.661982] ==================================================================
[   17.662555] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x167/0x330
[   17.663601] Write of size 2 at addr ffff8881024bfc77 by task kunit_try_catch/180
[   17.664584] 
[   17.664752] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   17.664813] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.664829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   17.664854] Call Trace:
[   17.664909]  <TASK>
[   17.664949]  dump_stack_lvl+0x73/0xb0
[   17.665036]  print_report+0xd1/0x650
[   17.665093]  ? __virt_addr_valid+0x1db/0x2d0
[   17.665151]  ? kmalloc_oob_memset_2+0x167/0x330
[   17.665199]  ? kasan_complete_mode_report_info+0x2a/0x200
[   17.665249]  ? kmalloc_oob_memset_2+0x167/0x330
[   17.665294]  kasan_report+0x140/0x180
[   17.665385]  ? kmalloc_oob_memset_2+0x167/0x330
[   17.665447]  kasan_check_range+0x10c/0x1c0
[   17.665508]  __asan_memset+0x27/0x50
[   17.665566]  kmalloc_oob_memset_2+0x167/0x330
[   17.665604]  ? __pfx_kmalloc_oob_memset_2+0x10/0x10
[   17.665636]  ? __pfx_kmalloc_oob_memset_2+0x10/0x10
[   17.665668]  kunit_try_run_case+0x1a6/0x480
[   17.665700]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.665727]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   17.665761]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   17.665790]  ? __kthread_parkme+0x82/0x160
[   17.665820]  ? preempt_count_sub+0x50/0x80
[   17.665852]  ? __pfx_kunit_try_run_case+0x10/0x10
[   17.665902]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.665934]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   17.665965]  kthread+0x324/0x6e0
[   17.665992]  ? trace_preempt_on+0x20/0xc0
[   17.666022]  ? __pfx_kthread+0x10/0x10
[   17.666049]  ? _raw_spin_unlock_irq+0x47/0x80
[   17.666076]  ? calculate_sigpending+0x7b/0xa0
[   17.666104]  ? __pfx_kthread+0x10/0x10
[   17.666131]  ret_from_fork+0x41/0x80
[   17.666157]  ? __pfx_kthread+0x10/0x10
[   17.666184]  ret_from_fork_asm+0x1a/0x30
[   17.666223]  </TASK>
[   17.666238] 
[   17.676815] Allocated by task 180:
[   17.677179]  kasan_save_stack+0x45/0x70
[   17.677603]  kasan_save_track+0x18/0x40
[   17.677920]  kasan_save_alloc_info+0x3b/0x50
[   17.678340]  __kasan_kmalloc+0xb7/0xc0
[   17.678582]  __kmalloc_cache_noprof+0x18a/0x420
[   17.678910]  kmalloc_oob_memset_2+0xad/0x330
[   17.679345]  kunit_try_run_case+0x1a6/0x480
[   17.679760]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   17.680263]  kthread+0x324/0x6e0
[   17.680666]  ret_from_fork+0x41/0x80
[   17.680990]  ret_from_fork_asm+0x1a/0x30
[   17.681389] 
[   17.681541] The buggy address belongs to the object at ffff8881024bfc00
[   17.681541]  which belongs to the cache kmalloc-128 of size 128
[   17.682263] The buggy address is located 119 bytes inside of
[   17.682263]  allocated 120-byte region [ffff8881024bfc00, ffff8881024bfc78)
[   17.683279] 
[   17.683487] The buggy address belongs to the physical page:
[   17.683761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024bf
[   17.684396] flags: 0x200000000000000(node=0|zone=2)
[   17.684858] page_type: f5(slab)
[   17.685214] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   17.685896] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.686345] page dumped because: kasan: bad access detected
[   17.686812] 
[   17.687026] Memory state around the buggy address:
[   17.687409]  ffff8881024bfb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.688031]  ffff8881024bfb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.688530] >ffff8881024bfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   17.688996]                                                                 ^
[   17.689616]  ffff8881024bfc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.689993]  ffff8881024bfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.690593] ==================================================================
Metadata Full log Test run details