Hay
Sign in
Date
May 12, 2025, 6:12 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   18.808665] ==================================================================
[   18.809289] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8
[   18.809626] Write of size 16 at addr fff00000c59c2969 by task kunit_try_catch/167
[   18.810128] 
[   18.810325] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   18.810422] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.810452] Hardware name: linux,dummy-virt (DT)
[   18.812163] Call trace:
[   18.812214]  show_stack+0x20/0x38 (C)
[   18.812284]  dump_stack_lvl+0x8c/0xd0
[   18.812335]  print_report+0x118/0x608
[   18.812383]  kasan_report+0xdc/0x128
[   18.812429]  kasan_check_range+0x100/0x1a8
[   18.812478]  __asan_memset+0x34/0x78
[   18.812525]  kmalloc_oob_memset_16+0x150/0x2f8
[   18.812571]  kunit_try_run_case+0x170/0x3f0
[   18.812619]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.812669]  kthread+0x318/0x620
[   18.812715]  ret_from_fork+0x10/0x20
[   18.812793] 
[   18.817250] Allocated by task 167:
[   18.817465]  kasan_save_stack+0x3c/0x68
[   18.817704]  kasan_save_track+0x20/0x40
[   18.818016]  kasan_save_alloc_info+0x40/0x58
[   18.819048]  __kasan_kmalloc+0xd4/0xd8
[   18.819528]  __kmalloc_cache_noprof+0x15c/0x3c0
[   18.819898]  kmalloc_oob_memset_16+0xb0/0x2f8
[   18.820244]  kunit_try_run_case+0x170/0x3f0
[   18.820556]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.820954]  kthread+0x318/0x620
[   18.821224]  ret_from_fork+0x10/0x20
[   18.821656] 
[   18.821955] The buggy address belongs to the object at fff00000c59c2900
[   18.821955]  which belongs to the cache kmalloc-128 of size 128
[   18.823973] The buggy address is located 105 bytes inside of
[   18.823973]  allocated 120-byte region [fff00000c59c2900, fff00000c59c2978)
[   18.825109] 
[   18.825317] The buggy address belongs to the physical page:
[   18.825592] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059c2
[   18.826457] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.827094] page_type: f5(slab)
[   18.827793] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   18.828624] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.829318] page dumped because: kasan: bad access detected
[   18.829719] 
[   18.829937] Memory state around the buggy address:
[   18.830350]  fff00000c59c2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.831213]  fff00000c59c2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.831591] >fff00000c59c2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   18.831984]                                                                 ^
[   18.832845]  fff00000c59c2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.833384]  fff00000c59c2a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.834074] ==================================================================
Metadata Full log Test run details 

[   12.581643] ==================================================================
[   12.582494] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x167/0x330
[   12.582875] Write of size 16 at addr ffff888101b0ec69 by task kunit_try_catch/186
[   12.583759] 
[   12.583876] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G    B            N 6.14.7-rc1 #1
[   12.583926] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.583938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.583961] Call Trace:
[   12.583988]  <TASK>
[   12.584027]  dump_stack_lvl+0x73/0xb0
[   12.584261]  print_report+0xd1/0x650
[   12.584285]  ? __virt_addr_valid+0x1db/0x2d0
[   12.584322]  ? kmalloc_oob_memset_16+0x167/0x330
[   12.584343]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.584368]  ? kmalloc_oob_memset_16+0x167/0x330
[   12.584388]  kasan_report+0x140/0x180
[   12.584409]  ? kmalloc_oob_memset_16+0x167/0x330
[   12.584434]  kasan_check_range+0x10c/0x1c0
[   12.584456]  __asan_memset+0x27/0x50
[   12.584478]  kmalloc_oob_memset_16+0x167/0x330
[   12.584499]  ? __pfx_kmalloc_oob_memset_16+0x10/0x10
[   12.584521]  ? __schedule+0xce8/0x2840
[   12.584547]  ? __pfx_read_tsc+0x10/0x10
[   12.584570]  ? ktime_get_ts64+0x86/0x230
[   12.584596]  kunit_try_run_case+0x1a6/0x480
[   12.584621]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.584642]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   12.584663]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.584687]  ? __kthread_parkme+0x82/0x160
[   12.584709]  ? preempt_count_sub+0x50/0x80
[   12.584736]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.584757]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.584782]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.584807]  kthread+0x324/0x6e0
[   12.584828]  ? trace_preempt_on+0x20/0xc0
[   12.584863]  ? __pfx_kthread+0x10/0x10
[   12.584884]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.584907]  ? calculate_sigpending+0x7b/0xa0
[   12.584930]  ? __pfx_kthread+0x10/0x10
[   12.584953]  ret_from_fork+0x41/0x80
[   12.584973]  ? __pfx_kthread+0x10/0x10
[   12.584996]  ret_from_fork_asm+0x1a/0x30
[   12.585038]  </TASK>
[   12.585060] 
[   12.603459] Allocated by task 186:
[   12.604172]  kasan_save_stack+0x45/0x70
[   12.604731]  kasan_save_track+0x18/0x40
[   12.605304]  kasan_save_alloc_info+0x3b/0x50
[   12.605846]  __kasan_kmalloc+0xb7/0xc0
[   12.606024]  __kmalloc_cache_noprof+0x18a/0x420
[   12.606233]  kmalloc_oob_memset_16+0xad/0x330
[   12.606423]  kunit_try_run_case+0x1a6/0x480
[   12.606611]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.606834]  kthread+0x324/0x6e0
[   12.607000]  ret_from_fork+0x41/0x80
[   12.607162]  ret_from_fork_asm+0x1a/0x30
[   12.607340] 
[   12.607431] The buggy address belongs to the object at ffff888101b0ec00
[   12.607431]  which belongs to the cache kmalloc-128 of size 128
[   12.608102] The buggy address is located 105 bytes inside of
[   12.608102]  allocated 120-byte region [ffff888101b0ec00, ffff888101b0ec78)
[   12.610020] 
[   12.610321] The buggy address belongs to the physical page:
[   12.611051] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b0e
[   12.611977] flags: 0x200000000000000(node=0|zone=2)
[   12.612645] page_type: f5(slab)
[   12.613153] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.614065] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.614934] page dumped because: kasan: bad access detected
[   12.615621] 
[   12.615821] Memory state around the buggy address:
[   12.616482]  ffff888101b0eb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.617346]  ffff888101b0eb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.618196] >ffff888101b0ec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   12.619033]                                                                 ^
[   12.619899]  ffff888101b0ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.620728]  ffff888101b0ed00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.621605] ==================================================================
Metadata Full log Test run details