Hay
Sign in
Date
June 20, 2025, 12:38 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   32.070623] ==================================================================
[   32.071382] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8
[   32.071575] Write of size 16 at addr fff00000c44df969 by task kunit_try_catch/189
[   32.071719] 
[   32.071814] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT 
[   32.072037] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.072107] Hardware name: linux,dummy-virt (DT)
[   32.072189] Call trace:
[   32.072249]  show_stack+0x20/0x38 (C)
[   32.073260]  dump_stack_lvl+0x8c/0xd0
[   32.074082]  print_report+0x118/0x608
[   32.074472]  kasan_report+0xdc/0x128
[   32.075008]  kasan_check_range+0x100/0x1a8
[   32.075336]  __asan_memset+0x34/0x78
[   32.075459]  kmalloc_oob_memset_16+0x150/0x2f8
[   32.076029]  kunit_try_run_case+0x170/0x3f0
[   32.076470]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.076732]  kthread+0x328/0x630
[   32.076817]  ret_from_fork+0x10/0x20
[   32.076907] 
[   32.076945] Allocated by task 189:
[   32.077011]  kasan_save_stack+0x3c/0x68
[   32.077112]  kasan_save_track+0x20/0x40
[   32.078108]  kasan_save_alloc_info+0x40/0x58
[   32.078236]  __kasan_kmalloc+0xd4/0xd8
[   32.078647]  __kmalloc_cache_noprof+0x16c/0x3c0
[   32.079009]  kmalloc_oob_memset_16+0xb0/0x2f8
[   32.079375]  kunit_try_run_case+0x170/0x3f0
[   32.079490]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.079773]  kthread+0x328/0x630
[   32.080086]  ret_from_fork+0x10/0x20
[   32.080419] 
[   32.080729] The buggy address belongs to the object at fff00000c44df900
[   32.080729]  which belongs to the cache kmalloc-128 of size 128
[   32.081176] The buggy address is located 105 bytes inside of
[   32.081176]  allocated 120-byte region [fff00000c44df900, fff00000c44df978)
[   32.081588] 
[   32.081682] The buggy address belongs to the physical page:
[   32.081787] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1044df
[   32.082128] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.082232] page_type: f5(slab)
[   32.082664] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.082890] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.083039] page dumped because: kasan: bad access detected
[   32.083150] 
[   32.083350] Memory state around the buggy address:
[   32.083547]  fff00000c44df800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.083675]  fff00000c44df880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.084050] >fff00000c44df900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   32.084354]                                                                 ^
[   32.084477]  fff00000c44df980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.084814]  fff00000c44dfa00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.084897] ==================================================================
Metadata Full log Test run details 

[   25.759239] ==================================================================
[   25.759713] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330
[   25.760384] Write of size 16 at addr ffff88810232a069 by task kunit_try_catch/207
[   25.760741] 
[   25.760881] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc2-next-20250620 #1 PREEMPT(voluntary) 
[   25.760971] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.760993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.761031] Call Trace:
[   25.761056]  <TASK>
[   25.761087]  dump_stack_lvl+0x73/0xb0
[   25.761149]  print_report+0xd1/0x650
[   25.761187]  ? __virt_addr_valid+0x1db/0x2d0
[   25.761225]  ? kmalloc_oob_memset_16+0x166/0x330
[   25.761261]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.761305]  ? kmalloc_oob_memset_16+0x166/0x330
[   25.761349]  kasan_report+0x141/0x180
[   25.761393]  ? kmalloc_oob_memset_16+0x166/0x330
[   25.762202]  kasan_check_range+0x10c/0x1c0
[   25.762310]  __asan_memset+0x27/0x50
[   25.762357]  kmalloc_oob_memset_16+0x166/0x330
[   25.762408]  ? __pfx_kmalloc_oob_memset_16+0x10/0x10
[   25.762468]  ? __schedule+0x10cc/0x2b60
[   25.762503]  ? __pfx_read_tsc+0x10/0x10
[   25.762541]  ? ktime_get_ts64+0x86/0x230
[   25.762571]  kunit_try_run_case+0x1a5/0x480
[   25.762599]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.762623]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   25.762647]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   25.762671]  ? __kthread_parkme+0x82/0x180
[   25.762694]  ? preempt_count_sub+0x50/0x80
[   25.762720]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.762745]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.762770]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.762794]  kthread+0x337/0x6f0
[   25.762815]  ? trace_preempt_on+0x20/0xc0
[   25.762840]  ? __pfx_kthread+0x10/0x10
[   25.762862]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.762885]  ? calculate_sigpending+0x7b/0xa0
[   25.762911]  ? __pfx_kthread+0x10/0x10
[   25.762934]  ret_from_fork+0x116/0x1d0
[   25.762954]  ? __pfx_kthread+0x10/0x10
[   25.762976]  ret_from_fork_asm+0x1a/0x30
[   25.763008]  </TASK>
[   25.763022] 
[   25.774002] Allocated by task 207:
[   25.774262]  kasan_save_stack+0x45/0x70
[   25.774649]  kasan_save_track+0x18/0x40
[   25.774975]  kasan_save_alloc_info+0x3b/0x50
[   25.775309]  __kasan_kmalloc+0xb7/0xc0
[   25.775688]  __kmalloc_cache_noprof+0x189/0x420
[   25.776092]  kmalloc_oob_memset_16+0xac/0x330
[   25.776510]  kunit_try_run_case+0x1a5/0x480
[   25.776817]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.777209]  kthread+0x337/0x6f0
[   25.777379]  ret_from_fork+0x116/0x1d0
[   25.777728]  ret_from_fork_asm+0x1a/0x30
[   25.778078] 
[   25.778293] The buggy address belongs to the object at ffff88810232a000
[   25.778293]  which belongs to the cache kmalloc-128 of size 128
[   25.778793] The buggy address is located 105 bytes inside of
[   25.778793]  allocated 120-byte region [ffff88810232a000, ffff88810232a078)
[   25.779390] 
[   25.779599] The buggy address belongs to the physical page:
[   25.779938] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10232a
[   25.780381] flags: 0x200000000000000(node=0|zone=2)
[   25.780856] page_type: f5(slab)
[   25.781242] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   25.781911] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.782503] page dumped because: kasan: bad access detected
[   25.782693] 
[   25.782788] Memory state around the buggy address:
[   25.783226]  ffff888102329f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.783668]  ffff888102329f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.784074] >ffff88810232a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   25.784576]                                                                 ^
[   25.785012]  ffff88810232a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.785497]  ffff88810232a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.785814] ==================================================================
Metadata Full log Test run details