Date
Feb. 5, 2025, 2:09 p.m.
| Environment | |
|---|---|
| qemu-arm64 |
[ 179.646859] ================================================================== [ 179.649030] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0xd8/0x1e8 [ 179.650832] Write of size 16 at addr ffff0000c6001a69 by task kunit_try_catch/156 [ 179.652669] [ 179.654631] CPU: 1 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.6.76-rc1 #1 [ 179.656315] Hardware name: linux,dummy-virt (DT) [ 179.657846] Call trace: [ 179.658392] dump_backtrace+0x9c/0x128 [ 179.659563] show_stack+0x20/0x38 [ 179.660725] dump_stack_lvl+0x60/0xb0 [ 179.662130] print_report+0xf8/0x5d8 [ 179.663099] kasan_report+0xc8/0x118 [ 179.664649] kasan_check_range+0xe8/0x190 [ 179.666249] __asan_memset+0x34/0x78 [ 179.667589] kmalloc_oob_memset_16+0xd8/0x1e8 [ 179.669063] kunit_try_run_case+0xf8/0x260 [ 179.670512] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 179.672586] kthread+0x18c/0x1a8 [ 179.674013] ret_from_fork+0x10/0x20 [ 179.675160] [ 179.675728] Allocated by task 156: [ 179.676639] kasan_save_stack+0x3c/0x68 [ 179.678128] kasan_set_track+0x2c/0x40 [ 179.679413] kasan_save_alloc_info+0x24/0x38 [ 179.681132] __kasan_kmalloc+0xd4/0xd8 [ 179.682337] kmalloc_trace+0x68/0x130 [ 179.683423] kmalloc_oob_memset_16+0xa0/0x1e8 [ 179.684629] kunit_try_run_case+0xf8/0x260 [ 179.686976] kunit_generic_run_threadfn_adapter+0x38/0x60 [ 179.688559] kthread+0x18c/0x1a8 [ 179.689512] ret_from_fork+0x10/0x20 [ 179.690924] [ 179.691644] The buggy address belongs to the object at ffff0000c6001a00 [ 179.691644] which belongs to the cache kmalloc-128 of size 128 [ 179.694026] The buggy address is located 105 bytes inside of [ 179.694026] allocated 120-byte region [ffff0000c6001a00, ffff0000c6001a78) [ 179.696491] [ 179.697549] The buggy address belongs to the physical page: [ 179.699515] page:00000000bb72779c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106001 [ 179.701503] flags: 0xbfffc0000000800(slab|node=0|zone=2|lastcpupid=0xffff) [ 179.703320] page_type: 0xffffffff() [ 179.704529] raw: 0bfffc0000000800 ffff0000c00018c0 dead000000000122 0000000000000000 [ 179.706610] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 179.708329] page dumped because: kasan: bad access detected [ 179.710259] [ 179.710903] Memory state around the buggy address: [ 179.712396] ffff0000c6001900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 179.714106] ffff0000c6001980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 179.715480] >ffff0000c6001a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 179.717333] ^ [ 179.719304] ffff0000c6001a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 179.721038] ffff0000c6001b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 179.723705] ==================================================================