Hay
Sign in
Date
July 10, 2025, 11:10 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   15.972942] ==================================================================
[   15.973020] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8
[   15.973200] Write of size 8 at addr fff00000c63f3771 by task kunit_try_catch/176
[   15.973414] 
[   15.973492] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   15.973584] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.973610] Hardware name: linux,dummy-virt (DT)
[   15.973641] Call trace:
[   15.973678]  show_stack+0x20/0x38 (C)
[   15.973731]  dump_stack_lvl+0x8c/0xd0
[   15.973959]  print_report+0x118/0x608
[   15.974231]  kasan_report+0xdc/0x128
[   15.974337]  kasan_check_range+0x100/0x1a8
[   15.974405]  __asan_memset+0x34/0x78
[   15.974712]  kmalloc_oob_memset_8+0x150/0x2f8
[   15.974866]  kunit_try_run_case+0x170/0x3f0
[   15.974927]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.974980]  kthread+0x328/0x630
[   15.975022]  ret_from_fork+0x10/0x20
[   15.975072] 
[   15.975101] Allocated by task 176:
[   15.975504]  kasan_save_stack+0x3c/0x68
[   15.975607]  kasan_save_track+0x20/0x40
[   15.975677]  kasan_save_alloc_info+0x40/0x58
[   15.975751]  __kasan_kmalloc+0xd4/0xd8
[   15.975837]  __kmalloc_cache_noprof+0x16c/0x3c0
[   15.975916]  kmalloc_oob_memset_8+0xb0/0x2f8
[   15.975994]  kunit_try_run_case+0x170/0x3f0
[   15.976074]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.976156]  kthread+0x328/0x630
[   15.976189]  ret_from_fork+0x10/0x20
[   15.976251] 
[   15.976570] The buggy address belongs to the object at fff00000c63f3700
[   15.976570]  which belongs to the cache kmalloc-128 of size 128
[   15.976643] The buggy address is located 113 bytes inside of
[   15.976643]  allocated 120-byte region [fff00000c63f3700, fff00000c63f3778)
[   15.976893] 
[   15.977114] The buggy address belongs to the physical page:
[   15.977163] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1063f3
[   15.977256] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   15.977337] page_type: f5(slab)
[   15.977405] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   15.977515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.977606] page dumped because: kasan: bad access detected
[   15.977700] 
[   15.977773] Memory state around the buggy address:
[   15.977871]  fff00000c63f3600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   15.977929]  fff00000c63f3680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.977987] >fff00000c63f3700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   15.978032]                                                                 ^
[   15.978118]  fff00000c63f3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.978167]  fff00000c63f3800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.978203] ==================================================================
Metadata Full log Test run details 

[   12.815262] ==================================================================
[   12.816927] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330
[   12.818409] Write of size 8 at addr ffff8881027a3671 by task kunit_try_catch/193
[   12.818899] 
[   12.818991] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.819034] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.819046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.819068] Call Trace:
[   12.819080]  <TASK>
[   12.819094]  dump_stack_lvl+0x73/0xb0
[   12.819125]  print_report+0xd1/0x650
[   12.819147]  ? __virt_addr_valid+0x1db/0x2d0
[   12.819169]  ? kmalloc_oob_memset_8+0x166/0x330
[   12.819190]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.819213]  ? kmalloc_oob_memset_8+0x166/0x330
[   12.819235]  kasan_report+0x141/0x180
[   12.819256]  ? kmalloc_oob_memset_8+0x166/0x330
[   12.819283]  kasan_check_range+0x10c/0x1c0
[   12.819305]  __asan_memset+0x27/0x50
[   12.819324]  kmalloc_oob_memset_8+0x166/0x330
[   12.819577]  ? __pfx_kmalloc_oob_memset_8+0x10/0x10
[   12.819613]  ? __schedule+0x10cc/0x2b60
[   12.819681]  ? __pfx_read_tsc+0x10/0x10
[   12.819704]  ? ktime_get_ts64+0x86/0x230
[   12.819730]  kunit_try_run_case+0x1a5/0x480
[   12.819754]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.819777]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.819800]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.819823]  ? __kthread_parkme+0x82/0x180
[   12.819842]  ? preempt_count_sub+0x50/0x80
[   12.819865]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.819889]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.819912]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.819937]  kthread+0x337/0x6f0
[   12.819956]  ? trace_preempt_on+0x20/0xc0
[   12.819979]  ? __pfx_kthread+0x10/0x10
[   12.820000]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.820023]  ? calculate_sigpending+0x7b/0xa0
[   12.820047]  ? __pfx_kthread+0x10/0x10
[   12.820068]  ret_from_fork+0x116/0x1d0
[   12.820086]  ? __pfx_kthread+0x10/0x10
[   12.820106]  ret_from_fork_asm+0x1a/0x30
[   12.820136]  </TASK>
[   12.820146] 
[   12.835667] Allocated by task 193:
[   12.836093]  kasan_save_stack+0x45/0x70
[   12.836638]  kasan_save_track+0x18/0x40
[   12.836857]  kasan_save_alloc_info+0x3b/0x50
[   12.837016]  __kasan_kmalloc+0xb7/0xc0
[   12.837149]  __kmalloc_cache_noprof+0x189/0x420
[   12.837304]  kmalloc_oob_memset_8+0xac/0x330
[   12.837821]  kunit_try_run_case+0x1a5/0x480
[   12.838256]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.838859]  kthread+0x337/0x6f0
[   12.839263]  ret_from_fork+0x116/0x1d0
[   12.839764]  ret_from_fork_asm+0x1a/0x30
[   12.840194] 
[   12.840353] The buggy address belongs to the object at ffff8881027a3600
[   12.840353]  which belongs to the cache kmalloc-128 of size 128
[   12.841595] The buggy address is located 113 bytes inside of
[   12.841595]  allocated 120-byte region [ffff8881027a3600, ffff8881027a3678)
[   12.842135] 
[   12.842213] The buggy address belongs to the physical page:
[   12.842461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a3
[   12.843298] flags: 0x200000000000000(node=0|zone=2)
[   12.843930] page_type: f5(slab)
[   12.844301] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.845105] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.845738] page dumped because: kasan: bad access detected
[   12.845919] 
[   12.845987] Memory state around the buggy address:
[   12.846142]  ffff8881027a3500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.846380]  ffff8881027a3580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.847266] >ffff8881027a3600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   12.848068]                                                                 ^
[   12.848861]  ffff8881027a3680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.849549]  ffff8881027a3700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.850327] ==================================================================
Metadata Full log Test run details