Hay
Sign in
Date
July 3, 2025, 11:10 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   19.733474] ==================================================================
[   19.733726] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8
[   19.733834] Write of size 8 at addr fff00000c6345c71 by task kunit_try_catch/176
[   19.734152] 
[   19.734274] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   19.734514] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.734589] Hardware name: linux,dummy-virt (DT)
[   19.734651] Call trace:
[   19.734693]  show_stack+0x20/0x38 (C)
[   19.734814]  dump_stack_lvl+0x8c/0xd0
[   19.734910]  print_report+0x118/0x608
[   19.735057]  kasan_report+0xdc/0x128
[   19.735187]  kasan_check_range+0x100/0x1a8
[   19.735286]  __asan_memset+0x34/0x78
[   19.735382]  kmalloc_oob_memset_8+0x150/0x2f8
[   19.735511]  kunit_try_run_case+0x170/0x3f0
[   19.735665]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.735827]  kthread+0x328/0x630
[   19.735922]  ret_from_fork+0x10/0x20
[   19.736042] 
[   19.736088] Allocated by task 176:
[   19.736151]  kasan_save_stack+0x3c/0x68
[   19.736239]  kasan_save_track+0x20/0x40
[   19.736317]  kasan_save_alloc_info+0x40/0x58
[   19.736406]  __kasan_kmalloc+0xd4/0xd8
[   19.736495]  __kmalloc_cache_noprof+0x16c/0x3c0
[   19.736598]  kmalloc_oob_memset_8+0xb0/0x2f8
[   19.736728]  kunit_try_run_case+0x170/0x3f0
[   19.736847]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.736946]  kthread+0x328/0x630
[   19.737016]  ret_from_fork+0x10/0x20
[   19.737100] 
[   19.737141] The buggy address belongs to the object at fff00000c6345c00
[   19.737141]  which belongs to the cache kmalloc-128 of size 128
[   19.737500] The buggy address is located 113 bytes inside of
[   19.737500]  allocated 120-byte region [fff00000c6345c00, fff00000c6345c78)
[   19.737630] 
[   19.737837] The buggy address belongs to the physical page:
[   19.737931] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106345
[   19.738068] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.738176] page_type: f5(slab)
[   19.738258] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   19.738367] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.738458] page dumped because: kasan: bad access detected
[   19.738680] 
[   19.738757] Memory state around the buggy address:
[   19.738849]  fff00000c6345b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.738999]  fff00000c6345b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.739162] >fff00000c6345c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   19.739248]                                                                 ^
[   19.739387]  fff00000c6345c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.739493]  fff00000c6345d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.739576] ==================================================================
Metadata Full log Test run details 

[   11.668014] ==================================================================
[   11.668526] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330
[   11.668956] Write of size 8 at addr ffff888103173e71 by task kunit_try_catch/193
[   11.669456] 
[   11.669551] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.669595] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.669606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.669626] Call Trace:
[   11.669743]  <TASK>
[   11.669816]  dump_stack_lvl+0x73/0xb0
[   11.669848]  print_report+0xd1/0x650
[   11.669870]  ? __virt_addr_valid+0x1db/0x2d0
[   11.669893]  ? kmalloc_oob_memset_8+0x166/0x330
[   11.669915]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.669936]  ? kmalloc_oob_memset_8+0x166/0x330
[   11.669957]  kasan_report+0x141/0x180
[   11.669978]  ? kmalloc_oob_memset_8+0x166/0x330
[   11.670004]  kasan_check_range+0x10c/0x1c0
[   11.670026]  __asan_memset+0x27/0x50
[   11.670045]  kmalloc_oob_memset_8+0x166/0x330
[   11.670067]  ? __pfx_kmalloc_oob_memset_8+0x10/0x10
[   11.670088]  ? __schedule+0x10cc/0x2b60
[   11.670110]  ? __pfx_read_tsc+0x10/0x10
[   11.670144]  ? ktime_get_ts64+0x86/0x230
[   11.670170]  kunit_try_run_case+0x1a5/0x480
[   11.670194]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.670215]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.670238]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.670260]  ? __kthread_parkme+0x82/0x180
[   11.670280]  ? preempt_count_sub+0x50/0x80
[   11.670304]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.670326]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.670348]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.670370]  kthread+0x337/0x6f0
[   11.670389]  ? trace_preempt_on+0x20/0xc0
[   11.670412]  ? __pfx_kthread+0x10/0x10
[   11.670432]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.670451]  ? calculate_sigpending+0x7b/0xa0
[   11.670474]  ? __pfx_kthread+0x10/0x10
[   11.670495]  ret_from_fork+0x116/0x1d0
[   11.670517]  ? __pfx_kthread+0x10/0x10
[   11.670537]  ret_from_fork_asm+0x1a/0x30
[   11.670567]  </TASK>
[   11.670578] 
[   11.680524] Allocated by task 193:
[   11.680699]  kasan_save_stack+0x45/0x70
[   11.681082]  kasan_save_track+0x18/0x40
[   11.681367]  kasan_save_alloc_info+0x3b/0x50
[   11.681759]  __kasan_kmalloc+0xb7/0xc0
[   11.681948]  __kmalloc_cache_noprof+0x189/0x420
[   11.682160]  kmalloc_oob_memset_8+0xac/0x330
[   11.682600]  kunit_try_run_case+0x1a5/0x480
[   11.682833]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.683066]  kthread+0x337/0x6f0
[   11.683440]  ret_from_fork+0x116/0x1d0
[   11.683752]  ret_from_fork_asm+0x1a/0x30
[   11.683936] 
[   11.684023] The buggy address belongs to the object at ffff888103173e00
[   11.684023]  which belongs to the cache kmalloc-128 of size 128
[   11.684894] The buggy address is located 113 bytes inside of
[   11.684894]  allocated 120-byte region [ffff888103173e00, ffff888103173e78)
[   11.685666] 
[   11.685756] The buggy address belongs to the physical page:
[   11.686102] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103173
[   11.686744] flags: 0x200000000000000(node=0|zone=2)
[   11.686964] page_type: f5(slab)
[   11.687090] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   11.687752] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.688136] page dumped because: kasan: bad access detected
[   11.688403] 
[   11.688493] Memory state around the buggy address:
[   11.688907]  ffff888103173d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   11.689333]  ffff888103173d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.689691] >ffff888103173e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   11.690009]                                                                 ^
[   11.690606]  ffff888103173e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.691074]  ffff888103173f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.691421] ==================================================================
Metadata Full log Test run details