Hay
Sign in
Date
June 17, 2025, 3:39 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   92.548774] ==================================================================
[   92.550052] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xf8/0x268
[   92.551033] Write of size 16 at addr ffff0000c5adb680 by task kunit_try_catch/145
[   92.552205] 
[   92.552969] CPU: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N 6.6.94-rc1 #1
[   92.554014] Hardware name: linux,dummy-virt (DT)
[   92.555329] Call trace:
[   92.555756]  dump_backtrace+0x9c/0x128
[   92.556529]  show_stack+0x20/0x38
[   92.557263]  dump_stack_lvl+0x60/0xb0
[   92.557942]  print_report+0xf8/0x5e8
[   92.558666]  kasan_report+0xdc/0x128
[   92.559545]  __asan_store16+0xa4/0xa8
[   92.560324]  kmalloc_oob_16+0xf8/0x268
[   92.561162]  kunit_try_run_case+0x114/0x298
[   92.561974]  kunit_generic_run_threadfn_adapter+0x38/0x60
[   92.562940]  kthread+0x18c/0x1a8
[   92.563587]  ret_from_fork+0x10/0x20
[   92.564361] 
[   92.564851] Allocated by task 145:
[   92.565516]  kasan_save_stack+0x3c/0x68
[   92.566352]  kasan_set_track+0x2c/0x40
[   92.567210]  kasan_save_alloc_info+0x24/0x38
[   92.567993]  __kasan_kmalloc+0xd4/0xd8
[   92.568854]  kmalloc_trace+0x68/0x130
[   92.569532]  kmalloc_oob_16+0xa4/0x268
[   92.570543]  kunit_try_run_case+0x114/0x298
[   92.571884]  kunit_generic_run_threadfn_adapter+0x38/0x60
[   92.572981]  kthread+0x18c/0x1a8
[   92.573842]  ret_from_fork+0x10/0x20
[   92.574588] 
[   92.575060] The buggy address belongs to the object at ffff0000c5adb680
[   92.575060]  which belongs to the cache kmalloc-16 of size 16
[   92.577303] The buggy address is located 0 bytes inside of
[   92.577303]  allocated 13-byte region [ffff0000c5adb680, ffff0000c5adb68d)
[   92.578880] 
[   92.579240] The buggy address belongs to the physical page:
[   92.580056] page:00000000aabf8573 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105adb
[   92.581752] flags: 0xbfffc0000000800(slab|node=0|zone=2|lastcpupid=0xffff)
[   92.582992] page_type: 0xffffffff()
[   92.584131] raw: 0bfffc0000000800 ffff0000c00013c0 dead000000000122 0000000000000000
[   92.585322] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[   92.586293] page dumped because: kasan: bad access detected
[   92.587224] 
[   92.587819] Memory state around the buggy address:
[   92.588596]  ffff0000c5adb580: 00 01 fc fc 00 01 fc fc fa fb fc fc 00 01 fc fc
[   92.589890]  ffff0000c5adb600: 00 01 fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   92.590836] >ffff0000c5adb680: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc
[   92.592115]                       ^
[   92.593072]  ffff0000c5adb700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   92.594114]  ffff0000c5adb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   92.595602] ==================================================================
Metadata Full log Test run details 

[   33.839367] ==================================================================
[   33.839989] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xf3/0x250
[   33.840487] Write of size 16 at addr ffff88810214e660 by task kunit_try_catch/160
[   33.840949] 
[   33.841091] CPU: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N 6.6.94-rc1 #1
[   33.841550] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   33.842085] Call Trace:
[   33.842287]  <TASK>
[   33.842447]  dump_stack_lvl+0x4e/0x90
[   33.842737]  print_report+0xd2/0x650
[   33.843037]  ? __virt_addr_valid+0x156/0x1e0
[   33.843377]  ? kmalloc_oob_16+0xf3/0x250
[   33.843616]  ? kasan_complete_mode_report_info+0x2a/0x200
[   33.843947]  ? kmalloc_oob_16+0xf3/0x250
[   33.844253]  kasan_report+0x147/0x180
[   33.844505]  ? kmalloc_oob_16+0xf3/0x250
[   33.844812]  __asan_store16+0x6c/0xa0
[   33.845042]  kmalloc_oob_16+0xf3/0x250
[   33.845330]  ? __pfx_kmalloc_oob_16+0x10/0x10
[   33.845581]  ? __schedule+0x715/0x11a0
[   33.845912]  ? ktime_get_ts64+0x118/0x140
[   33.846174]  kunit_try_run_case+0x120/0x290
[   33.846510]  ? __pfx_kunit_try_run_case+0x10/0x10
[   33.846868]  ? __kasan_check_write+0x18/0x20
[   33.847105]  ? trace_preempt_on+0x20/0xa0
[   33.847413]  ? __kthread_parkme+0x4f/0xd0
[   33.847666]  ? preempt_count_sub+0x50/0x80
[   33.847950]  ? __pfx_kunit_try_run_case+0x10/0x10
[   33.848248]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   33.848611]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   33.849090]  kthread+0x19e/0x1e0
[   33.849315]  ? __pfx_kthread+0x10/0x10
[   33.849556]  ret_from_fork+0x41/0x70
[   33.849802]  ? __pfx_kthread+0x10/0x10
[   33.850075]  ret_from_fork_asm+0x1b/0x30
[   33.850363]  </TASK>
[   33.850526] 
[   33.850655] Allocated by task 160:
[   33.850893]  kasan_save_stack+0x44/0x70
[   33.851157]  kasan_set_track+0x29/0x40
[   33.851416]  kasan_save_alloc_info+0x22/0x30
[   33.851680]  __kasan_kmalloc+0xb7/0xc0
[   33.851934]  kmalloc_trace+0x4c/0xb0
[   33.852201]  kmalloc_oob_16+0x8f/0x250
[   33.852430]  kunit_try_run_case+0x120/0x290
[   33.852686]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   33.853014]  kthread+0x19e/0x1e0
[   33.853203]  ret_from_fork+0x41/0x70
[   33.853451]  ret_from_fork_asm+0x1b/0x30
[   33.853728] 
[   33.853934] The buggy address belongs to the object at ffff88810214e660
[   33.853934]  which belongs to the cache kmalloc-16 of size 16
[   33.854490] The buggy address is located 0 bytes inside of
[   33.854490]  allocated 13-byte region [ffff88810214e660, ffff88810214e66d)
[   33.855238] 
[   33.855365] The buggy address belongs to the physical page:
[   33.855619] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10214e
[   33.856220] flags: 0x200000000000800(slab|node=0|zone=2)
[   33.856547] page_type: 0xffffffff()
[   33.856793] raw: 0200000000000800 ffff8881000413c0 dead000000000122 0000000000000000
[   33.857252] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[   33.857621] page dumped because: kasan: bad access detected
[   33.858070] 
[   33.858184] Memory state around the buggy address:
[   33.858459]  ffff88810214e500: 00 02 fc fc 00 03 fc fc 00 02 fc fc 00 05 fc fc
[   33.858869]  ffff88810214e580: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc
[   33.859245] >ffff88810214e600: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc
[   33.859595]                                                           ^
[   33.860006]  ffff88810214e680: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.860377]  ffff88810214e700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.860749] ==================================================================
Metadata Full log Test run details