Hay
Sign in
Date
June 17, 2025, 3:39 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   92.889761] ==================================================================
[   92.890537] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0xd8/0x1e8
[   92.891343] Write of size 16 at addr ffff0000c5f8af69 by task kunit_try_catch/157
[   92.892450] 
[   92.892764] CPU: 1 PID: 157 Comm: kunit_try_catch Tainted: G    B            N 6.6.94-rc1 #1
[   92.893573] Hardware name: linux,dummy-virt (DT)
[   92.894016] Call trace:
[   92.894300]  dump_backtrace+0x9c/0x128
[   92.894830]  show_stack+0x20/0x38
[   92.895361]  dump_stack_lvl+0x60/0xb0
[   92.895781]  print_report+0xf8/0x5e8
[   92.896226]  kasan_report+0xdc/0x128
[   92.896664]  kasan_check_range+0xe8/0x190
[   92.897118]  __asan_memset+0x34/0x78
[   92.898355]  kmalloc_oob_memset_16+0xd8/0x1e8
[   92.899031]  kunit_try_run_case+0x114/0x298
[   92.899475]  kunit_generic_run_threadfn_adapter+0x38/0x60
[   92.899966]  kthread+0x18c/0x1a8
[   92.900284]  ret_from_fork+0x10/0x20
[   92.900768] 
[   92.900985] Allocated by task 157:
[   92.901328]  kasan_save_stack+0x3c/0x68
[   92.901804]  kasan_set_track+0x2c/0x40
[   92.902233]  kasan_save_alloc_info+0x24/0x38
[   92.902705]  __kasan_kmalloc+0xd4/0xd8
[   92.903132]  kmalloc_trace+0x68/0x130
[   92.903587]  kmalloc_oob_memset_16+0xa0/0x1e8
[   92.904252]  kunit_try_run_case+0x114/0x298
[   92.904726]  kunit_generic_run_threadfn_adapter+0x38/0x60
[   92.905228]  kthread+0x18c/0x1a8
[   92.905576]  ret_from_fork+0x10/0x20
[   92.906022] 
[   92.906221] The buggy address belongs to the object at ffff0000c5f8af00
[   92.906221]  which belongs to the cache kmalloc-128 of size 128
[   92.907648] The buggy address is located 105 bytes inside of
[   92.907648]  allocated 120-byte region [ffff0000c5f8af00, ffff0000c5f8af78)
[   92.908969] 
[   92.909234] The buggy address belongs to the physical page:
[   92.909773] page:00000000678618b8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105f8a
[   92.910661] flags: 0xbfffc0000000800(slab|node=0|zone=2|lastcpupid=0xffff)
[   92.911583] page_type: 0xffffffff()
[   92.912066] raw: 0bfffc0000000800 ffff0000c00018c0 dead000000000122 0000000000000000
[   92.912869] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   92.913555] page dumped because: kasan: bad access detected
[   92.914087] 
[   92.914318] Memory state around the buggy address:
[   92.914888]  ffff0000c5f8ae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   92.915776]  ffff0000c5f8ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   92.916506] >ffff0000c5f8af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   92.917187]                                                                 ^
[   92.917871]  ffff0000c5f8af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   92.918552]  ffff0000c5f8b000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   92.919169] ==================================================================
Metadata Full log Test run details 

[   34.049502] ==================================================================
[   34.050258] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0xdd/0x1e0
[   34.051887] Write of size 16 at addr ffff888102862869 by task kunit_try_catch/172
[   34.053053] 
[   34.053423] CPU: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N 6.6.94-rc1 #1
[   34.054545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   34.055569] Call Trace:
[   34.056074]  <TASK>
[   34.056450]  dump_stack_lvl+0x4e/0x90
[   34.057053]  print_report+0xd2/0x650
[   34.057283]  ? __virt_addr_valid+0x156/0x1e0
[   34.058131]  ? kmalloc_oob_memset_16+0xdd/0x1e0
[   34.058828]  ? kasan_complete_mode_report_info+0x2a/0x200
[   34.059678]  ? kmalloc_oob_memset_16+0xdd/0x1e0
[   34.060408]  kasan_report+0x147/0x180
[   34.060845]  ? kmalloc_oob_memset_16+0xdd/0x1e0
[   34.061134]  kasan_check_range+0x10c/0x1c0
[   34.061578]  __asan_memset+0x27/0x50
[   34.062196]  kmalloc_oob_memset_16+0xdd/0x1e0
[   34.062968]  ? __pfx_kmalloc_oob_memset_16+0x10/0x10
[   34.063771]  ? __schedule+0x715/0x11a0
[   34.064482]  ? ktime_get_ts64+0x118/0x140
[   34.065089]  kunit_try_run_case+0x120/0x290
[   34.065789]  ? __pfx_kunit_try_run_case+0x10/0x10
[   34.066533]  ? __kasan_check_write+0x18/0x20
[   34.067142]  ? trace_preempt_on+0x20/0xa0
[   34.067653]  ? __kthread_parkme+0x4f/0xd0
[   34.068333]  ? preempt_count_sub+0x50/0x80
[   34.069018]  ? __pfx_kunit_try_run_case+0x10/0x10
[   34.069713]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   34.070287]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   34.070642]  kthread+0x19e/0x1e0
[   34.071057]  ? __pfx_kthread+0x10/0x10
[   34.071528]  ret_from_fork+0x41/0x70
[   34.071947]  ? __pfx_kthread+0x10/0x10
[   34.072404]  ret_from_fork_asm+0x1b/0x30
[   34.072896]  </TASK>
[   34.073148] 
[   34.073336] Allocated by task 172:
[   34.073743]  kasan_save_stack+0x44/0x70
[   34.074165]  kasan_set_track+0x29/0x40
[   34.074607]  kasan_save_alloc_info+0x22/0x30
[   34.074981]  __kasan_kmalloc+0xb7/0xc0
[   34.075428]  kmalloc_trace+0x4c/0xb0
[   34.075753]  kmalloc_oob_memset_16+0x9f/0x1e0
[   34.075992]  kunit_try_run_case+0x120/0x290
[   34.076217]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   34.076663]  kthread+0x19e/0x1e0
[   34.077144]  ret_from_fork+0x41/0x70
[   34.077597]  ret_from_fork_asm+0x1b/0x30
[   34.078090] 
[   34.078332] The buggy address belongs to the object at ffff888102862800
[   34.078332]  which belongs to the cache kmalloc-128 of size 128
[   34.079397] The buggy address is located 105 bytes inside of
[   34.079397]  allocated 120-byte region [ffff888102862800, ffff888102862878)
[   34.080510] 
[   34.080708] The buggy address belongs to the physical page:
[   34.081132] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102862
[   34.081540] flags: 0x200000000000800(slab|node=0|zone=2)
[   34.081857] page_type: 0xffffffff()
[   34.082264] raw: 0200000000000800 ffff8881000418c0 dead000000000122 0000000000000000
[   34.083143] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
[   34.083661] page dumped because: kasan: bad access detected
[   34.084284] 
[   34.084473] Memory state around the buggy address:
[   34.084839]  ffff888102862700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
[   34.085600]  ffff888102862780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.086071] >ffff888102862800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   34.086539]                                                                 ^
[   34.086878]  ffff888102862880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.087193]  ffff888102862900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   34.087787] ==================================================================
Metadata Full log Test run details