Hay
Sign in
Date
June 19, 2025, 12:07 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   30.397348] ==================================================================
[   30.397632] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8
[   30.397821] Write of size 16 at addr fff00000c4726c80 by task kunit_try_catch/177
[   30.397956] 
[   30.398074] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT 
[   30.398268] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.398334] Hardware name: linux,dummy-virt (DT)
[   30.398401] Call trace:
[   30.398450]  show_stack+0x20/0x38 (C)
[   30.398571]  dump_stack_lvl+0x8c/0xd0
[   30.398733]  print_report+0x118/0x608
[   30.398856]  kasan_report+0xdc/0x128
[   30.398996]  __asan_report_store16_noabort+0x20/0x30
[   30.399140]  kmalloc_oob_16+0x3a0/0x3f8
[   30.399278]  kunit_try_run_case+0x170/0x3f0
[   30.399396]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.399539]  kthread+0x328/0x630
[   30.399641]  ret_from_fork+0x10/0x20
[   30.399766] 
[   30.399812] Allocated by task 177:
[   30.399897]  kasan_save_stack+0x3c/0x68
[   30.400040]  kasan_save_track+0x20/0x40
[   30.400133]  kasan_save_alloc_info+0x40/0x58
[   30.400242]  __kasan_kmalloc+0xd4/0xd8
[   30.400378]  __kmalloc_cache_noprof+0x16c/0x3c0
[   30.400476]  kmalloc_oob_16+0xb4/0x3f8
[   30.400560]  kunit_try_run_case+0x170/0x3f0
[   30.400653]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.400769]  kthread+0x328/0x630
[   30.400849]  ret_from_fork+0x10/0x20
[   30.400964] 
[   30.401011] The buggy address belongs to the object at fff00000c4726c80
[   30.401011]  which belongs to the cache kmalloc-16 of size 16
[   30.401150] The buggy address is located 0 bytes inside of
[   30.401150]  allocated 13-byte region [fff00000c4726c80, fff00000c4726c8d)
[   30.401478] 
[   30.401539] The buggy address belongs to the physical page:
[   30.401614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104726
[   30.401746] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   30.401856] page_type: f5(slab)
[   30.401959] raw: 0bfffe0000000000 fff00000c0001640 dead000000000100 dead000000000122
[   30.402300] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   30.402472] page dumped because: kasan: bad access detected
[   30.402582] 
[   30.402628] Memory state around the buggy address:
[   30.402760]  fff00000c4726b80: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   30.402869]  fff00000c4726c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   30.402989] >fff00000c4726c80: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc
[   30.403087]                       ^
[   30.403159]  fff00000c4726d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.403264]  fff00000c4726d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.403370] ==================================================================
Metadata Full log Test run details 

[   26.838819] ==================================================================
[   26.839403] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0
[   26.839961] Write of size 16 at addr ffff8881022a2620 by task kunit_try_catch/195
[   26.840348] 
[   26.840860] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250619 #1 PREEMPT(voluntary) 
[   26.840968] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.840996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.841039] Call Trace:
[   26.841069]  <TASK>
[   26.841120]  dump_stack_lvl+0x73/0xb0
[   26.841222]  print_report+0xd1/0x650
[   26.841273]  ? __virt_addr_valid+0x1db/0x2d0
[   26.841331]  ? kmalloc_oob_16+0x452/0x4a0
[   26.841594]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.841650]  ? kmalloc_oob_16+0x452/0x4a0
[   26.841702]  kasan_report+0x141/0x180
[   26.841747]  ? kmalloc_oob_16+0x452/0x4a0
[   26.842204]  __asan_report_store16_noabort+0x1b/0x30
[   26.842239]  kmalloc_oob_16+0x452/0x4a0
[   26.842262]  ? __pfx_kmalloc_oob_16+0x10/0x10
[   26.842286]  ? __schedule+0x10cc/0x2b60
[   26.842311]  ? __pfx_read_tsc+0x10/0x10
[   26.842335]  ? ktime_get_ts64+0x86/0x230
[   26.842364]  kunit_try_run_case+0x1a5/0x480
[   26.842392]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.842415]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.842439]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.842462]  ? __kthread_parkme+0x82/0x180
[   26.842486]  ? preempt_count_sub+0x50/0x80
[   26.842511]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.842535]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.842560]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.842584]  kthread+0x337/0x6f0
[   26.842605]  ? trace_preempt_on+0x20/0xc0
[   26.842630]  ? __pfx_kthread+0x10/0x10
[   26.842652]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.842674]  ? calculate_sigpending+0x7b/0xa0
[   26.842699]  ? __pfx_kthread+0x10/0x10
[   26.842722]  ret_from_fork+0x116/0x1d0
[   26.842742]  ? __pfx_kthread+0x10/0x10
[   26.842764]  ret_from_fork_asm+0x1a/0x30
[   26.842796]  </TASK>
[   26.842809] 
[   26.852824] Allocated by task 195:
[   26.853780]  kasan_save_stack+0x45/0x70
[   26.854446]  kasan_save_track+0x18/0x40
[   26.854763]  kasan_save_alloc_info+0x3b/0x50
[   26.855048]  __kasan_kmalloc+0xb7/0xc0
[   26.855992]  __kmalloc_cache_noprof+0x189/0x420
[   26.856479]  kmalloc_oob_16+0xa8/0x4a0
[   26.856718]  kunit_try_run_case+0x1a5/0x480
[   26.857315]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.858000]  kthread+0x337/0x6f0
[   26.858582]  ret_from_fork+0x116/0x1d0
[   26.858856]  ret_from_fork_asm+0x1a/0x30
[   26.859539] 
[   26.859794] The buggy address belongs to the object at ffff8881022a2620
[   26.859794]  which belongs to the cache kmalloc-16 of size 16
[   26.860610] The buggy address is located 0 bytes inside of
[   26.860610]  allocated 13-byte region [ffff8881022a2620, ffff8881022a262d)
[   26.861048] 
[   26.861150] The buggy address belongs to the physical page:
[   26.861338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022a2
[   26.861593] flags: 0x200000000000000(node=0|zone=2)
[   26.861776] page_type: f5(slab)
[   26.861919] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122
[   26.863077] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   26.863321] page dumped because: kasan: bad access detected
[   26.864445] 
[   26.864556] Memory state around the buggy address:
[   26.864794]  ffff8881022a2500: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc
[   26.865602]  ffff8881022a2580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   26.866410] >ffff8881022a2600: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc
[   26.866788]                                   ^
[   26.867597]  ffff8881022a2680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.868542]  ffff8881022a2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.868879] ==================================================================
Metadata Full log Test run details