Hay
Sign in
Date
July 8, 2025, 11:10 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   31.174544] ==================================================================
[   31.174615] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8
[   31.174668] Write of size 8 at addr fff00000c9a9c571 by task kunit_try_catch/207
[   31.174715] 
[   31.174747] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT 
[   31.174830] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.174855] Hardware name: linux,dummy-virt (DT)
[   31.174900] Call trace:
[   31.174924]  show_stack+0x20/0x38 (C)
[   31.174971]  dump_stack_lvl+0x8c/0xd0
[   31.175043]  print_report+0x118/0x5d0
[   31.175090]  kasan_report+0xdc/0x128
[   31.175136]  kasan_check_range+0x100/0x1a8
[   31.175485]  __asan_memset+0x34/0x78
[   31.175858]  kmalloc_oob_memset_8+0x150/0x2f8
[   31.176015]  kunit_try_run_case+0x170/0x3f0
[   31.176157]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.176350]  kthread+0x328/0x630
[   31.176454]  ret_from_fork+0x10/0x20
[   31.176502] 
[   31.176526] Allocated by task 207:
[   31.176630]  kasan_save_stack+0x3c/0x68
[   31.176675]  kasan_save_track+0x20/0x40
[   31.176734]  kasan_save_alloc_info+0x40/0x58
[   31.176773]  __kasan_kmalloc+0xd4/0xd8
[   31.176810]  __kmalloc_cache_noprof+0x16c/0x3c0
[   31.176849]  kmalloc_oob_memset_8+0xb0/0x2f8
[   31.176886]  kunit_try_run_case+0x170/0x3f0
[   31.177330]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.177447]  kthread+0x328/0x630
[   31.177489]  ret_from_fork+0x10/0x20
[   31.177621] 
[   31.177671] The buggy address belongs to the object at fff00000c9a9c500
[   31.177671]  which belongs to the cache kmalloc-128 of size 128
[   31.177728] The buggy address is located 113 bytes inside of
[   31.177728]  allocated 120-byte region [fff00000c9a9c500, fff00000c9a9c578)
[   31.177788] 
[   31.177862] The buggy address belongs to the physical page:
[   31.177963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a9c
[   31.178014] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   31.178061] page_type: f5(slab)
[   31.178105] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   31.178590] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.178634] page dumped because: kasan: bad access detected
[   31.178907] 
[   31.179144] Memory state around the buggy address:
[   31.179179]  fff00000c9a9c400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.179233]  fff00000c9a9c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.179272] >fff00000c9a9c500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   31.179481]                                                                 ^
[   31.179540]  fff00000c9a9c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.179581]  fff00000c9a9c600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.179616] ==================================================================
Metadata Full log Test run details 

[   23.475554] ==================================================================
[   23.476002] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330
[   23.476414] Write of size 8 at addr ffff88810595de71 by task kunit_try_catch/224
[   23.476665] 
[   23.476778] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[   23.476833] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.476845] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.476869] Call Trace:
[   23.476883]  <TASK>
[   23.476904]  dump_stack_lvl+0x73/0xb0
[   23.476935]  print_report+0xd1/0x610
[   23.476959]  ? __virt_addr_valid+0x1db/0x2d0
[   23.476985]  ? kmalloc_oob_memset_8+0x166/0x330
[   23.477007]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.477035]  ? kmalloc_oob_memset_8+0x166/0x330
[   23.477058]  kasan_report+0x141/0x180
[   23.477081]  ? kmalloc_oob_memset_8+0x166/0x330
[   23.477107]  kasan_check_range+0x10c/0x1c0
[   23.477132]  __asan_memset+0x27/0x50
[   23.477159]  kmalloc_oob_memset_8+0x166/0x330
[   23.477181]  ? __pfx_kmalloc_oob_memset_8+0x10/0x10
[   23.477210]  ? __schedule+0x10cc/0x2b60
[   23.477251]  ? __pfx_read_tsc+0x10/0x10
[   23.477277]  ? ktime_get_ts64+0x86/0x230
[   23.477304]  kunit_try_run_case+0x1a5/0x480
[   23.477329]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.477349]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.477371]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.477400]  ? __kthread_parkme+0x82/0x180
[   23.477422]  ? preempt_count_sub+0x50/0x80
[   23.477447]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.477470]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.477498]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.477525]  kthread+0x337/0x6f0
[   23.477547]  ? trace_preempt_on+0x20/0xc0
[   23.477573]  ? __pfx_kthread+0x10/0x10
[   23.477596]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.477623]  ? calculate_sigpending+0x7b/0xa0
[   23.477651]  ? __pfx_kthread+0x10/0x10
[   23.477674]  ret_from_fork+0x116/0x1d0
[   23.477694]  ? __pfx_kthread+0x10/0x10
[   23.477716]  ret_from_fork_asm+0x1a/0x30
[   23.477751]  </TASK>
[   23.477763] 
[   23.486634] Allocated by task 224:
[   23.487219]  kasan_save_stack+0x45/0x70
[   23.487622]  kasan_save_track+0x18/0x40
[   23.487879]  kasan_save_alloc_info+0x3b/0x50
[   23.488085]  __kasan_kmalloc+0xb7/0xc0
[   23.488263]  __kmalloc_cache_noprof+0x189/0x420
[   23.488464]  kmalloc_oob_memset_8+0xac/0x330
[   23.488650]  kunit_try_run_case+0x1a5/0x480
[   23.489216]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.489583]  kthread+0x337/0x6f0
[   23.489738]  ret_from_fork+0x116/0x1d0
[   23.490082]  ret_from_fork_asm+0x1a/0x30
[   23.490274] 
[   23.490358] The buggy address belongs to the object at ffff88810595de00
[   23.490358]  which belongs to the cache kmalloc-128 of size 128
[   23.491356] The buggy address is located 113 bytes inside of
[   23.491356]  allocated 120-byte region [ffff88810595de00, ffff88810595de78)
[   23.492059] 
[   23.492158] The buggy address belongs to the physical page:
[   23.492402] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10595d
[   23.492732] flags: 0x200000000000000(node=0|zone=2)
[   23.493369] page_type: f5(slab)
[   23.493670] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   23.494368] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   23.494679] page dumped because: kasan: bad access detected
[   23.495132] 
[   23.495221] Memory state around the buggy address:
[   23.495434]  ffff88810595dd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   23.495718]  ffff88810595dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.496457] >ffff88810595de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   23.496745]                                                                 ^
[   23.497122]  ffff88810595de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.497428]  ffff88810595df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.497703] ==================================================================
Metadata Full log Test run details