Hay
Sign in
Date
July 8, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   19.364523] ==================================================================
[   19.364940] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0
[   19.365171] Write of size 128 at addr fff00000c6343900 by task kunit_try_catch/170
[   19.365243] 
[   19.365277] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   19.365358] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.365383] Hardware name: linux,dummy-virt (DT)
[   19.365576] Call trace:
[   19.365610]  show_stack+0x20/0x38 (C)
[   19.365696]  dump_stack_lvl+0x8c/0xd0
[   19.366124]  print_report+0x118/0x608
[   19.366193]  kasan_report+0xdc/0x128
[   19.366276]  kasan_check_range+0x100/0x1a8
[   19.366352]  __asan_memset+0x34/0x78
[   19.366399]  kmalloc_oob_in_memset+0x144/0x2d0
[   19.366451]  kunit_try_run_case+0x170/0x3f0
[   19.366705]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.367032]  kthread+0x328/0x630
[   19.367109]  ret_from_fork+0x10/0x20
[   19.367468] 
[   19.367514] Allocated by task 170:
[   19.367585]  kasan_save_stack+0x3c/0x68
[   19.367915]  kasan_save_track+0x20/0x40
[   19.368119]  kasan_save_alloc_info+0x40/0x58
[   19.368229]  __kasan_kmalloc+0xd4/0xd8
[   19.368270]  __kmalloc_cache_noprof+0x16c/0x3c0
[   19.368333]  kmalloc_oob_in_memset+0xb0/0x2d0
[   19.368377]  kunit_try_run_case+0x170/0x3f0
[   19.368670]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.368886]  kthread+0x328/0x630
[   19.368971]  ret_from_fork+0x10/0x20
[   19.369128] 
[   19.369265] The buggy address belongs to the object at fff00000c6343900
[   19.369265]  which belongs to the cache kmalloc-128 of size 128
[   19.369476] The buggy address is located 0 bytes inside of
[   19.369476]  allocated 120-byte region [fff00000c6343900, fff00000c6343978)
[   19.369685] 
[   19.369859] The buggy address belongs to the physical page:
[   19.369999] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106343
[   19.370149] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   19.370378] page_type: f5(slab)
[   19.370565] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   19.370625] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   19.370667] page dumped because: kasan: bad access detected
[   19.370698] 
[   19.370716] Memory state around the buggy address:
[   19.370780]  fff00000c6343800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   19.370844]  fff00000c6343880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.370885] >fff00000c6343900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   19.370925]                                                                 ^
[   19.370974]  fff00000c6343980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.371020]  fff00000c6343a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.371073] ==================================================================
Metadata Full log Test run details 

[   12.538225] ==================================================================
[   12.538742] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320
[   12.539310] Write of size 128 at addr ffff888102b79c00 by task kunit_try_catch/188
[   12.539764] 
[   12.539858] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.539902] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.539913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.539933] Call Trace:
[   12.539946]  <TASK>
[   12.539972]  dump_stack_lvl+0x73/0xb0
[   12.540003]  print_report+0xd1/0x650
[   12.540025]  ? __virt_addr_valid+0x1db/0x2d0
[   12.540059]  ? kmalloc_oob_in_memset+0x15f/0x320
[   12.540119]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.540143]  ? kmalloc_oob_in_memset+0x15f/0x320
[   12.540166]  kasan_report+0x141/0x180
[   12.540273]  ? kmalloc_oob_in_memset+0x15f/0x320
[   12.540301]  kasan_check_range+0x10c/0x1c0
[   12.540325]  __asan_memset+0x27/0x50
[   12.540344]  kmalloc_oob_in_memset+0x15f/0x320
[   12.540367]  ? __pfx_kmalloc_oob_in_memset+0x10/0x10
[   12.540392]  ? __schedule+0x10cc/0x2b60
[   12.540414]  ? __pfx_read_tsc+0x10/0x10
[   12.540436]  ? ktime_get_ts64+0x86/0x230
[   12.540461]  kunit_try_run_case+0x1a5/0x480
[   12.540486]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.540508]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.540532]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.540556]  ? __kthread_parkme+0x82/0x180
[   12.540576]  ? preempt_count_sub+0x50/0x80
[   12.540611]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.540635]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.540660]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.540685]  kthread+0x337/0x6f0
[   12.540703]  ? trace_preempt_on+0x20/0xc0
[   12.540727]  ? __pfx_kthread+0x10/0x10
[   12.540747]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.540768]  ? calculate_sigpending+0x7b/0xa0
[   12.540792]  ? __pfx_kthread+0x10/0x10
[   12.540813]  ret_from_fork+0x116/0x1d0
[   12.540831]  ? __pfx_kthread+0x10/0x10
[   12.540851]  ret_from_fork_asm+0x1a/0x30
[   12.540882]  </TASK>
[   12.540892] 
[   12.550884] Allocated by task 188:
[   12.551285]  kasan_save_stack+0x45/0x70
[   12.551733]  kasan_save_track+0x18/0x40
[   12.552164]  kasan_save_alloc_info+0x3b/0x50
[   12.552451]  __kasan_kmalloc+0xb7/0xc0
[   12.552824]  __kmalloc_cache_noprof+0x189/0x420
[   12.553312]  kmalloc_oob_in_memset+0xac/0x320
[   12.553683]  kunit_try_run_case+0x1a5/0x480
[   12.554116]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.554366]  kthread+0x337/0x6f0
[   12.554785]  ret_from_fork+0x116/0x1d0
[   12.555262]  ret_from_fork_asm+0x1a/0x30
[   12.555463] 
[   12.555627] The buggy address belongs to the object at ffff888102b79c00
[   12.555627]  which belongs to the cache kmalloc-128 of size 128
[   12.556648] The buggy address is located 0 bytes inside of
[   12.556648]  allocated 120-byte region [ffff888102b79c00, ffff888102b79c78)
[   12.557742] 
[   12.557898] The buggy address belongs to the physical page:
[   12.558388] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b79
[   12.558904] flags: 0x200000000000000(node=0|zone=2)
[   12.559362] page_type: f5(slab)
[   12.559907] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.560377] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.560890] page dumped because: kasan: bad access detected
[   12.561416] 
[   12.561706] Memory state around the buggy address:
[   12.561929]  ffff888102b79b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.562212]  ffff888102b79b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.562490] >ffff888102b79c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   12.562779]                                                                 ^
[   12.563057]  ffff888102b79c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.563341]  ffff888102b79d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.564245] ==================================================================
Metadata Full log Test run details