Hay
Sign in
Date
Feb. 5, 2025, 2:09 p.m.

Environment
qemu-armv7
qemu-x86_64 

[  145.388758] ==================================================================
[  145.389813] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0xdc/0x1e8
[  145.390700] Write of size 4 at addr c4fd0275 by task kunit_try_catch/147
[  145.391330] 
[  145.391624] CPU: 0 PID: 147 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[  145.392596] Hardware name: Generic DT based system
[  145.393262]  unwind_backtrace from show_stack+0x18/0x1c
[  145.393971]  show_stack from dump_stack_lvl+0x58/0x70
[  145.394603]  dump_stack_lvl from print_report+0x164/0x51c
[  145.395364]  print_report from kasan_report+0xc8/0x104
[  145.396033]  kasan_report from kasan_check_range+0x14c/0x198
[  145.396705]  kasan_check_range from __asan_memset+0x20/0x3c
[  145.397533]  __asan_memset from kmalloc_oob_memset_4+0xdc/0x1e8
[  145.398269]  kmalloc_oob_memset_4 from kunit_try_run_case+0x11c/0x2e4
[  145.399352]  kunit_try_run_case from kunit_generic_run_threadfn_adapter+0x2c/0x48
[  145.400108]  kunit_generic_run_threadfn_adapter from kthread+0x184/0x1a8
[  145.401590]  kthread from ret_from_fork+0x14/0x30
[  145.402220] Exception stack(0xf9f93fb0 to 0xf9f93ff8)
[  145.402806] 3fa0:                                     00000000 00000000 00000000 00000000
[  145.403821] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[  145.404716] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000
[  145.405464] 
[  145.405973] Allocated by task 147:
[  145.406416]  kasan_set_track+0x3c/0x5c
[  145.406968]  __kasan_kmalloc+0x8c/0x94
[  145.407495]  kmalloc_oob_memset_4+0xa0/0x1e8
[  145.407972]  kunit_try_run_case+0x11c/0x2e4
[  145.408743]  kunit_generic_run_threadfn_adapter+0x2c/0x48
[  145.409423]  kthread+0x184/0x1a8
[  145.409863]  ret_from_fork+0x14/0x30
[  145.410425] 
[  145.410672] The buggy address belongs to the object at c4fd0200
[  145.410672]  which belongs to the cache kmalloc-128 of size 128
[  145.411914] The buggy address is located 117 bytes inside of
[  145.411914]  allocated 120-byte region [c4fd0200, c4fd0278)
[  145.413195] 
[  145.413517] The buggy address belongs to the physical page:
[  145.414134] page:c1b69563 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x44fd0
[  145.414987] flags: 0x800(slab|zone=0)
[  145.415423] page_type: 0xffffffff()
[  145.416301] raw: 00000800 c4801300 00000122 00000000 00000000 80100010 ffffffff 00000001
[  145.417152] raw: 00000000
[  145.417446] page dumped because: kasan: bad access detected
[  145.418121] 
[  145.418420] Memory state around the buggy address:
[  145.419213]  c4fd0100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  145.420110]  c4fd0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  145.420831] >c4fd0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[  145.421415]                                                         ^
[  145.422281]  c4fd0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  145.422931]  c4fd0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  145.423833] ==================================================================
Metadata Full log Test run details 

[   48.174667] ==================================================================
[   48.175670] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0xdd/0x1e0
[   48.176282] Write of size 4 at addr ffff888102941e75 by task kunit_try_catch/170
[   48.177165] 
[   48.177485] CPU: 1 PID: 170 Comm: kunit_try_catch Tainted: G    B            N 6.6.76-rc1 #1
[   48.178757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   48.180258] Call Trace:
[   48.180550]  <TASK>
[   48.181268]  dump_stack_lvl+0x4e/0x90
[   48.181903]  print_report+0xd2/0x660
[   48.182564]  ? __virt_addr_valid+0x156/0x1e0
[   48.183313]  ? kasan_complete_mode_report_info+0x2a/0x200
[   48.184180]  kasan_report+0xff/0x140
[   48.184768]  ? kmalloc_oob_memset_4+0xdd/0x1e0
[   48.185478]  ? kmalloc_oob_memset_4+0xdd/0x1e0
[   48.186330]  kasan_check_range+0x10c/0x1c0
[   48.186893]  __asan_memset+0x27/0x50
[   48.187597]  kmalloc_oob_memset_4+0xdd/0x1e0
[   48.188436]  ? __pfx_kmalloc_oob_memset_4+0x10/0x10
[   48.189157]  ? __schedule+0x70b/0x1190
[   48.189876]  ? ktime_get_ts64+0x118/0x140
[   48.190556]  kunit_try_run_case+0x126/0x290
[   48.191357]  ? __pfx_kunit_try_run_case+0x10/0x10
[   48.192161]  ? __kasan_check_write+0x18/0x20
[   48.192694]  ? trace_preempt_on+0x20/0xa0
[   48.193297]  ? __kthread_parkme+0x4f/0xd0
[   48.194182]  ? preempt_count_sub+0x50/0x80
[   48.194893]  ? __pfx_kunit_try_run_case+0x10/0x10
[   48.195669]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   48.196478]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   48.197382]  kthread+0x19e/0x1e0
[   48.197953]  ? __pfx_kthread+0x10/0x10
[   48.198433]  ret_from_fork+0x41/0x70
[   48.199305]  ? __pfx_kthread+0x10/0x10
[   48.199932]  ret_from_fork_asm+0x1b/0x30
[   48.200720]  </TASK>
[   48.201067] 
[   48.201624] Allocated by task 170:
[   48.202290]  kasan_save_stack+0x3c/0x60
[   48.202869]  kasan_set_track+0x29/0x40
[   48.203547]  kasan_save_alloc_info+0x22/0x30
[   48.204206]  __kasan_kmalloc+0xb7/0xc0
[   48.204771]  kmalloc_trace+0x4c/0xb0
[   48.205438]  kmalloc_oob_memset_4+0x9f/0x1e0
[   48.206167]  kunit_try_run_case+0x126/0x290
[   48.207049]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   48.207573]  kthread+0x19e/0x1e0
[   48.208347]  ret_from_fork+0x41/0x70
[   48.209078]  ret_from_fork_asm+0x1b/0x30
[   48.209600] 
[   48.210021] The buggy address belongs to the object at ffff888102941e00
[   48.210021]  which belongs to the cache kmalloc-128 of size 128
[   48.211272] The buggy address is located 117 bytes inside of
[   48.211272]  allocated 120-byte region [ffff888102941e00, ffff888102941e78)
[   48.213068] 
[   48.213335] The buggy address belongs to the physical page:
[   48.214292] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102941
[   48.215393] flags: 0x200000000000800(slab|node=0|zone=2)
[   48.216409] page_type: 0xffffffff()
[   48.217159] raw: 0200000000000800 ffff8881000418c0 dead000000000122 0000000000000000
[   48.218184] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   48.219018] page dumped because: kasan: bad access detected
[   48.219688] 
[   48.220274] Memory state around the buggy address:
[   48.220831]  ffff888102941d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   48.221825]  ffff888102941d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   48.222862] >ffff888102941e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   48.223993]                                                                 ^
[   48.224704]  ffff888102941e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   48.225296]  ffff888102941f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   48.226416] ==================================================================
Metadata Full log Test run details