Hay
Sign in
Date
July 9, 2025, 11:07 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   16.745590] ==================================================================
[   16.745659] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8
[   16.745717] Write of size 2 at addr fff00000c638b977 by task kunit_try_catch/172
[   16.745765] 
[   16.745806] CPU: 1 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.745889] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.745915] Hardware name: linux,dummy-virt (DT)
[   16.745959] Call trace:
[   16.745982]  show_stack+0x20/0x38 (C)
[   16.746057]  dump_stack_lvl+0x8c/0xd0
[   16.746151]  print_report+0x118/0x608
[   16.746197]  kasan_report+0xdc/0x128
[   16.746241]  kasan_check_range+0x100/0x1a8
[   16.746287]  __asan_memset+0x34/0x78
[   16.746327]  kmalloc_oob_memset_2+0x150/0x2f8
[   16.746372]  kunit_try_run_case+0x170/0x3f0
[   16.746420]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.746470]  kthread+0x328/0x630
[   16.746518]  ret_from_fork+0x10/0x20
[   16.746774] 
[   16.746793] Allocated by task 172:
[   16.746820]  kasan_save_stack+0x3c/0x68
[   16.746859]  kasan_save_track+0x20/0x40
[   16.746901]  kasan_save_alloc_info+0x40/0x58
[   16.748037]  __kasan_kmalloc+0xd4/0xd8
[   16.748099]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.748438]  kmalloc_oob_memset_2+0xb0/0x2f8
[   16.748492]  kunit_try_run_case+0x170/0x3f0
[   16.748529]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.748571]  kthread+0x328/0x630
[   16.748602]  ret_from_fork+0x10/0x20
[   16.748638] 
[   16.748658] The buggy address belongs to the object at fff00000c638b900
[   16.748658]  which belongs to the cache kmalloc-128 of size 128
[   16.748715] The buggy address is located 119 bytes inside of
[   16.748715]  allocated 120-byte region [fff00000c638b900, fff00000c638b978)
[   16.748776] 
[   16.748797] The buggy address belongs to the physical page:
[   16.748828] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10638b
[   16.748880] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.748929] page_type: f5(slab)
[   16.748967] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   16.749018] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.749056] page dumped because: kasan: bad access detected
[   16.749089] 
[   16.749106] Memory state around the buggy address:
[   16.749150]  fff00000c638b800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   16.749194]  fff00000c638b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.749235] >fff00000c638b900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.749272]                                                                 ^
[   16.749311]  fff00000c638b980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.749354]  fff00000c638ba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.749392] ==================================================================
Metadata Full log Test run details 

[   12.638755] ==================================================================
[   12.639351] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330
[   12.639661] Write of size 2 at addr ffff8881031db977 by task kunit_try_catch/189
[   12.640005] 
[   12.640189] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   12.640232] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.640243] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.640262] Call Trace:
[   12.640273]  <TASK>
[   12.640288]  dump_stack_lvl+0x73/0xb0
[   12.640325]  print_report+0xd1/0x650
[   12.640346]  ? __virt_addr_valid+0x1db/0x2d0
[   12.640367]  ? kmalloc_oob_memset_2+0x166/0x330
[   12.640388]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.640411]  ? kmalloc_oob_memset_2+0x166/0x330
[   12.640456]  kasan_report+0x141/0x180
[   12.640478]  ? kmalloc_oob_memset_2+0x166/0x330
[   12.640504]  kasan_check_range+0x10c/0x1c0
[   12.640540]  __asan_memset+0x27/0x50
[   12.640558]  kmalloc_oob_memset_2+0x166/0x330
[   12.640581]  ? __pfx_kmalloc_oob_memset_2+0x10/0x10
[   12.640603]  ? __schedule+0x10cc/0x2b60
[   12.640625]  ? __pfx_read_tsc+0x10/0x10
[   12.640647]  ? ktime_get_ts64+0x86/0x230
[   12.640670]  kunit_try_run_case+0x1a5/0x480
[   12.640712]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.640735]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.640759]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.640793]  ? __kthread_parkme+0x82/0x180
[   12.640814]  ? preempt_count_sub+0x50/0x80
[   12.640838]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.640862]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.640885]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.640910]  kthread+0x337/0x6f0
[   12.640929]  ? trace_preempt_on+0x20/0xc0
[   12.640952]  ? __pfx_kthread+0x10/0x10
[   12.640972]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.640993]  ? calculate_sigpending+0x7b/0xa0
[   12.641017]  ? __pfx_kthread+0x10/0x10
[   12.641055]  ret_from_fork+0x116/0x1d0
[   12.641073]  ? __pfx_kthread+0x10/0x10
[   12.641093]  ret_from_fork_asm+0x1a/0x30
[   12.641124]  </TASK>
[   12.641133] 
[   12.648974] Allocated by task 189:
[   12.649117]  kasan_save_stack+0x45/0x70
[   12.649264]  kasan_save_track+0x18/0x40
[   12.649606]  kasan_save_alloc_info+0x3b/0x50
[   12.649838]  __kasan_kmalloc+0xb7/0xc0
[   12.650064]  __kmalloc_cache_noprof+0x189/0x420
[   12.650289]  kmalloc_oob_memset_2+0xac/0x330
[   12.650436]  kunit_try_run_case+0x1a5/0x480
[   12.650620]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.650886]  kthread+0x337/0x6f0
[   12.651083]  ret_from_fork+0x116/0x1d0
[   12.651268]  ret_from_fork_asm+0x1a/0x30
[   12.651440] 
[   12.651548] The buggy address belongs to the object at ffff8881031db900
[   12.651548]  which belongs to the cache kmalloc-128 of size 128
[   12.652121] The buggy address is located 119 bytes inside of
[   12.652121]  allocated 120-byte region [ffff8881031db900, ffff8881031db978)
[   12.652635] 
[   12.652720] The buggy address belongs to the physical page:
[   12.652890] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031db
[   12.653441] flags: 0x200000000000000(node=0|zone=2)
[   12.653786] page_type: f5(slab)
[   12.653918] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.654555] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.654910] page dumped because: kasan: bad access detected
[   12.655133] 
[   12.655327] Memory state around the buggy address:
[   12.655578]  ffff8881031db800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.655815]  ffff8881031db880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.656088] >ffff8881031db900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   12.656439]                                                                 ^
[   12.656794]  ffff8881031db980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.657264]  ffff8881031dba00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.657509] ==================================================================
Metadata Full log Test run details