Hay
Sign in
Date
July 11, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   16.727778] ==================================================================
[   16.727861] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8
[   16.727914] Write of size 8 at addr fff00000c6f3f771 by task kunit_try_catch/177
[   16.727961] 
[   16.728703] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.728795] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.728820] Hardware name: linux,dummy-virt (DT)
[   16.728861] Call trace:
[   16.728883]  show_stack+0x20/0x38 (C)
[   16.728934]  dump_stack_lvl+0x8c/0xd0
[   16.729357]  print_report+0x118/0x608
[   16.729522]  kasan_report+0xdc/0x128
[   16.729567]  kasan_check_range+0x100/0x1a8
[   16.729827]  __asan_memset+0x34/0x78
[   16.729998]  kmalloc_oob_memset_8+0x150/0x2f8
[   16.730133]  kunit_try_run_case+0x170/0x3f0
[   16.730182]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.730234]  kthread+0x328/0x630
[   16.730276]  ret_from_fork+0x10/0x20
[   16.730324] 
[   16.730342] Allocated by task 177:
[   16.730369]  kasan_save_stack+0x3c/0x68
[   16.730409]  kasan_save_track+0x20/0x40
[   16.730444]  kasan_save_alloc_info+0x40/0x58
[   16.730484]  __kasan_kmalloc+0xd4/0xd8
[   16.730518]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.730556]  kmalloc_oob_memset_8+0xb0/0x2f8
[   16.730728]  kunit_try_run_case+0x170/0x3f0
[   16.730880]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.731071]  kthread+0x328/0x630
[   16.731105]  ret_from_fork+0x10/0x20
[   16.731139] 
[   16.731159] The buggy address belongs to the object at fff00000c6f3f700
[   16.731159]  which belongs to the cache kmalloc-128 of size 128
[   16.731342] The buggy address is located 113 bytes inside of
[   16.731342]  allocated 120-byte region [fff00000c6f3f700, fff00000c6f3f778)
[   16.731554] 
[   16.731577] The buggy address belongs to the physical page:
[   16.731640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106f3f
[   16.731930] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.732054] page_type: f5(slab)
[   16.732166] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   16.732300] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.732390] page dumped because: kasan: bad access detected
[   16.732482] 
[   16.732499] Memory state around the buggy address:
[   16.732535]  fff00000c6f3f600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.732633]  fff00000c6f3f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.732776] >fff00000c6f3f700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.732813]                                                                 ^
[   16.732860]  fff00000c6f3f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.732901]  fff00000c6f3f800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.733526] ==================================================================
Metadata Full log Test run details 

[   12.506765] ==================================================================
[   12.507398] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330
[   12.507718] Write of size 8 at addr ffff8881029f2d71 by task kunit_try_catch/193
[   12.508051] 
[   12.508199] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.508241] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.508252] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.508271] Call Trace:
[   12.508282]  <TASK>
[   12.508297]  dump_stack_lvl+0x73/0xb0
[   12.508326]  print_report+0xd1/0x650
[   12.508346]  ? __virt_addr_valid+0x1db/0x2d0
[   12.508369]  ? kmalloc_oob_memset_8+0x166/0x330
[   12.508390]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.508413]  ? kmalloc_oob_memset_8+0x166/0x330
[   12.508436]  kasan_report+0x141/0x180
[   12.508458]  ? kmalloc_oob_memset_8+0x166/0x330
[   12.508485]  kasan_check_range+0x10c/0x1c0
[   12.508509]  __asan_memset+0x27/0x50
[   12.508530]  kmalloc_oob_memset_8+0x166/0x330
[   12.508553]  ? __pfx_kmalloc_oob_memset_8+0x10/0x10
[   12.508578]  ? __schedule+0x10cc/0x2b60
[   12.508600]  ? __pfx_read_tsc+0x10/0x10
[   12.508621]  ? ktime_get_ts64+0x86/0x230
[   12.508645]  kunit_try_run_case+0x1a5/0x480
[   12.508668]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.508691]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.508714]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.508737]  ? __kthread_parkme+0x82/0x180
[   12.508757]  ? preempt_count_sub+0x50/0x80
[   12.508781]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.509015]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.509090]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.509116]  kthread+0x337/0x6f0
[   12.509135]  ? trace_preempt_on+0x20/0xc0
[   12.509158]  ? __pfx_kthread+0x10/0x10
[   12.509178]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.509199]  ? calculate_sigpending+0x7b/0xa0
[   12.509224]  ? __pfx_kthread+0x10/0x10
[   12.509245]  ret_from_fork+0x116/0x1d0
[   12.509263]  ? __pfx_kthread+0x10/0x10
[   12.509283]  ret_from_fork_asm+0x1a/0x30
[   12.509314]  </TASK>
[   12.509324] 
[   12.519521] Allocated by task 193:
[   12.520139]  kasan_save_stack+0x45/0x70
[   12.520698]  kasan_save_track+0x18/0x40
[   12.521349]  kasan_save_alloc_info+0x3b/0x50
[   12.521949]  __kasan_kmalloc+0xb7/0xc0
[   12.522563]  __kmalloc_cache_noprof+0x189/0x420
[   12.523436]  kmalloc_oob_memset_8+0xac/0x330
[   12.524035]  kunit_try_run_case+0x1a5/0x480
[   12.524453]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.524642]  kthread+0x337/0x6f0
[   12.524772]  ret_from_fork+0x116/0x1d0
[   12.524905]  ret_from_fork_asm+0x1a/0x30
[   12.525118] 
[   12.525214] The buggy address belongs to the object at ffff8881029f2d00
[   12.525214]  which belongs to the cache kmalloc-128 of size 128
[   12.525752] The buggy address is located 113 bytes inside of
[   12.525752]  allocated 120-byte region [ffff8881029f2d00, ffff8881029f2d78)
[   12.526372] 
[   12.526448] The buggy address belongs to the physical page:
[   12.526722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029f2
[   12.527191] flags: 0x200000000000000(node=0|zone=2)
[   12.527360] page_type: f5(slab)
[   12.527554] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.527974] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.528448] page dumped because: kasan: bad access detected
[   12.528731] 
[   12.528847] Memory state around the buggy address:
[   12.529152]  ffff8881029f2c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.529486]  ffff8881029f2c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.529822] >ffff8881029f2d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   12.530208]                                                                 ^
[   12.530544]  ffff8881029f2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.530868]  ffff8881029f2e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.531264] ==================================================================
Metadata Full log Test run details