Hay
Sign in
Date
July 20, 2025, 11:12 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   15.377350] ==================================================================
[   15.377414] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8
[   15.377512] Write of size 8 at addr fff00000c3fc2d71 by task kunit_try_catch/176
[   15.377567] 
[   15.377626] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.377747] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.377774] Hardware name: linux,dummy-virt (DT)
[   15.377803] Call trace:
[   15.377824]  show_stack+0x20/0x38 (C)
[   15.377869]  dump_stack_lvl+0x8c/0xd0
[   15.377913]  print_report+0x118/0x5d0
[   15.377957]  kasan_report+0xdc/0x128
[   15.378000]  kasan_check_range+0x100/0x1a8
[   15.378046]  __asan_memset+0x34/0x78
[   15.378159]  kmalloc_oob_memset_8+0x150/0x2f8
[   15.378236]  kunit_try_run_case+0x170/0x3f0
[   15.378284]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.378333]  kthread+0x328/0x630
[   15.378560]  ret_from_fork+0x10/0x20
[   15.378657] 
[   15.378718] Allocated by task 176:
[   15.378746]  kasan_save_stack+0x3c/0x68
[   15.378802]  kasan_save_track+0x20/0x40
[   15.378865]  kasan_save_alloc_info+0x40/0x58
[   15.378951]  __kasan_kmalloc+0xd4/0xd8
[   15.379021]  __kmalloc_cache_noprof+0x16c/0x3c0
[   15.379066]  kmalloc_oob_memset_8+0xb0/0x2f8
[   15.379166]  kunit_try_run_case+0x170/0x3f0
[   15.379292]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.379418]  kthread+0x328/0x630
[   15.379740]  ret_from_fork+0x10/0x20
[   15.379880] 
[   15.379986] The buggy address belongs to the object at fff00000c3fc2d00
[   15.379986]  which belongs to the cache kmalloc-128 of size 128
[   15.380102] The buggy address is located 113 bytes inside of
[   15.380102]  allocated 120-byte region [fff00000c3fc2d00, fff00000c3fc2d78)
[   15.380252] 
[   15.380315] The buggy address belongs to the physical page:
[   15.380355] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103fc2
[   15.380411] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   15.380457] page_type: f5(slab)
[   15.380494] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   15.380778] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.380832] page dumped because: kasan: bad access detected
[   15.380862] 
[   15.380889] Memory state around the buggy address:
[   15.381003]  fff00000c3fc2c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   15.381129]  fff00000c3fc2c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.381318] >fff00000c3fc2d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   15.381435]                                                                 ^
[   15.381522]  fff00000c3fc2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.381645]  fff00000c3fc2e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.381722] ==================================================================
Metadata Full log Test run details 

[   12.424699] ==================================================================
[   12.425343] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330
[   12.426047] Write of size 8 at addr ffff88810272b871 by task kunit_try_catch/193
[   12.426289] 
[   12.426512] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.426558] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.426569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.426589] Call Trace:
[   12.426602]  <TASK>
[   12.426616]  dump_stack_lvl+0x73/0xb0
[   12.426677]  print_report+0xd1/0x610
[   12.426931]  ? __virt_addr_valid+0x1db/0x2d0
[   12.426955]  ? kmalloc_oob_memset_8+0x166/0x330
[   12.426975]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.427007]  ? kmalloc_oob_memset_8+0x166/0x330
[   12.427028]  kasan_report+0x141/0x180
[   12.427049]  ? kmalloc_oob_memset_8+0x166/0x330
[   12.427196]  kasan_check_range+0x10c/0x1c0
[   12.427224]  __asan_memset+0x27/0x50
[   12.427417]  kmalloc_oob_memset_8+0x166/0x330
[   12.427449]  ? __pfx_kmalloc_oob_memset_8+0x10/0x10
[   12.427472]  ? __pfx_kmalloc_oob_memset_8+0x10/0x10
[   12.427497]  kunit_try_run_case+0x1a5/0x480
[   12.427519]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.427540]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.427563]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.427584]  ? __kthread_parkme+0x82/0x180
[   12.427602]  ? preempt_count_sub+0x50/0x80
[   12.427625]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.427647]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.427668]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.427690]  kthread+0x337/0x6f0
[   12.427708]  ? trace_preempt_on+0x20/0xc0
[   12.427730]  ? __pfx_kthread+0x10/0x10
[   12.427749]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.427768]  ? calculate_sigpending+0x7b/0xa0
[   12.427790]  ? __pfx_kthread+0x10/0x10
[   12.427810]  ret_from_fork+0x116/0x1d0
[   12.427827]  ? __pfx_kthread+0x10/0x10
[   12.427846]  ret_from_fork_asm+0x1a/0x30
[   12.427874]  </TASK>
[   12.427883] 
[   12.443150] Allocated by task 193:
[   12.443639]  kasan_save_stack+0x45/0x70
[   12.443804]  kasan_save_track+0x18/0x40
[   12.444032]  kasan_save_alloc_info+0x3b/0x50
[   12.444697]  __kasan_kmalloc+0xb7/0xc0
[   12.445113]  __kmalloc_cache_noprof+0x189/0x420
[   12.445703]  kmalloc_oob_memset_8+0xac/0x330
[   12.445863]  kunit_try_run_case+0x1a5/0x480
[   12.446266]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.446806]  kthread+0x337/0x6f0
[   12.446994]  ret_from_fork+0x116/0x1d0
[   12.447156]  ret_from_fork_asm+0x1a/0x30
[   12.447302] 
[   12.447393] The buggy address belongs to the object at ffff88810272b800
[   12.447393]  which belongs to the cache kmalloc-128 of size 128
[   12.447751] The buggy address is located 113 bytes inside of
[   12.447751]  allocated 120-byte region [ffff88810272b800, ffff88810272b878)
[   12.448874] 
[   12.449053] The buggy address belongs to the physical page:
[   12.449626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10272b
[   12.450389] flags: 0x200000000000000(node=0|zone=2)
[   12.450927] page_type: f5(slab)
[   12.451237] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   12.451488] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   12.451970] page dumped because: kasan: bad access detected
[   12.452571] 
[   12.452648] Memory state around the buggy address:
[   12.452834]  ffff88810272b700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   12.453053]  ffff88810272b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.453269] >ffff88810272b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   12.453726]                                                                 ^
[   12.454314]  ffff88810272b880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.454572]  ffff88810272b900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.454808] ==================================================================
Metadata Full log Test run details