Hay
Sign in
Date
July 18, 2025, 1:09 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   31.586430] ==================================================================
[   31.586679] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8
[   31.586814] Write of size 16 at addr fff00000c3efdc69 by task kunit_try_catch/209
[   31.586879] 
[   31.586938] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT 
[   31.587200] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.587437] Hardware name: linux,dummy-virt (DT)
[   31.587483] Call trace:
[   31.587532]  show_stack+0x20/0x38 (C)
[   31.587644]  dump_stack_lvl+0x8c/0xd0
[   31.587692]  print_report+0x118/0x5e8
[   31.587780]  kasan_report+0xdc/0x128
[   31.587924]  kasan_check_range+0x100/0x1a8
[   31.587969]  __asan_memset+0x34/0x78
[   31.588301]  kmalloc_oob_memset_16+0x150/0x2f8
[   31.588405]  kunit_try_run_case+0x170/0x3f0
[   31.588513]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.588699]  kthread+0x328/0x630
[   31.588809]  ret_from_fork+0x10/0x20
[   31.588966] 
[   31.589016] Allocated by task 209:
[   31.589045]  kasan_save_stack+0x3c/0x68
[   31.589416]  kasan_save_track+0x20/0x40
[   31.589487]  kasan_save_alloc_info+0x40/0x58
[   31.589966]  __kasan_kmalloc+0xd4/0xd8
[   31.590347]  __kmalloc_cache_noprof+0x16c/0x3c0
[   31.590476]  kmalloc_oob_memset_16+0xb0/0x2f8
[   31.590557]  kunit_try_run_case+0x170/0x3f0
[   31.590625]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.590717]  kthread+0x328/0x630
[   31.590784]  ret_from_fork+0x10/0x20
[   31.590865] 
[   31.591150] The buggy address belongs to the object at fff00000c3efdc00
[   31.591150]  which belongs to the cache kmalloc-128 of size 128
[   31.591665] The buggy address is located 105 bytes inside of
[   31.591665]  allocated 120-byte region [fff00000c3efdc00, fff00000c3efdc78)
[   31.591760] 
[   31.591828] The buggy address belongs to the physical page:
[   31.591932] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103efd
[   31.592049] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   31.592132] page_type: f5(slab)
[   31.592173] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000100 dead000000000122
[   31.592337] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   31.592521] page dumped because: kasan: bad access detected
[   31.592584] 
[   31.592604] Memory state around the buggy address:
[   31.592935]  fff00000c3efdb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   31.593116]  fff00000c3efdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.593181] >fff00000c3efdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   31.593296]                                                                 ^
[   31.593365]  fff00000c3efdc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.593485]  fff00000c3efdd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.593573] ==================================================================
Metadata Full log Test run details 

[   24.994121] ==================================================================
[   24.994604] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330
[   24.995075] Write of size 16 at addr ffff8881053b7269 by task kunit_try_catch/226
[   24.995357] 
[   24.995466] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250718 #1 PREEMPT(voluntary) 
[   24.995515] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.995526] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.995547] Call Trace:
[   24.995560]  <TASK>
[   24.995575]  dump_stack_lvl+0x73/0xb0
[   24.995607]  print_report+0xd1/0x640
[   24.995628]  ? __virt_addr_valid+0x1db/0x2d0
[   24.995651]  ? kmalloc_oob_memset_16+0x166/0x330
[   24.995671]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.995696]  ? kmalloc_oob_memset_16+0x166/0x330
[   24.995716]  kasan_report+0x141/0x180
[   24.995737]  ? kmalloc_oob_memset_16+0x166/0x330
[   24.995762]  kasan_check_range+0x10c/0x1c0
[   24.995784]  __asan_memset+0x27/0x50
[   24.995987]  kmalloc_oob_memset_16+0x166/0x330
[   24.996010]  ? __pfx_kmalloc_oob_memset_16+0x10/0x10
[   24.996031]  ? __schedule+0x2070/0x2b60
[   24.996054]  ? __pfx_read_tsc+0x10/0x10
[   24.996077]  ? ktime_get_ts64+0x86/0x230
[   24.996101]  kunit_try_run_case+0x1a5/0x480
[   24.996126]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.996147]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.996180]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.996228]  ? __kthread_parkme+0x82/0x180
[   24.996248]  ? preempt_count_sub+0x50/0x80
[   24.996270]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.996292]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.996315]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.996337]  kthread+0x337/0x6f0
[   24.996356]  ? trace_preempt_on+0x20/0xc0
[   24.996378]  ? __pfx_kthread+0x10/0x10
[   24.996397]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.996426]  ? calculate_sigpending+0x7b/0xa0
[   24.996449]  ? __pfx_kthread+0x10/0x10
[   24.996470]  ret_from_fork+0x116/0x1d0
[   24.996489]  ? __pfx_kthread+0x10/0x10
[   24.996508]  ret_from_fork_asm+0x1a/0x30
[   24.996537]  </TASK>
[   24.996547] 
[   25.003776] Allocated by task 226:
[   25.003950]  kasan_save_stack+0x45/0x70
[   25.004090]  kasan_save_track+0x18/0x40
[   25.004231]  kasan_save_alloc_info+0x3b/0x50
[   25.004375]  __kasan_kmalloc+0xb7/0xc0
[   25.004742]  __kmalloc_cache_noprof+0x189/0x420
[   25.004955]  kmalloc_oob_memset_16+0xac/0x330
[   25.005163]  kunit_try_run_case+0x1a5/0x480
[   25.005418]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.005629]  kthread+0x337/0x6f0
[   25.005744]  ret_from_fork+0x116/0x1d0
[   25.005931]  ret_from_fork_asm+0x1a/0x30
[   25.006304] 
[   25.006395] The buggy address belongs to the object at ffff8881053b7200
[   25.006395]  which belongs to the cache kmalloc-128 of size 128
[   25.007021] The buggy address is located 105 bytes inside of
[   25.007021]  allocated 120-byte region [ffff8881053b7200, ffff8881053b7278)
[   25.007521] 
[   25.007596] The buggy address belongs to the physical page:
[   25.007831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1053b7
[   25.008137] flags: 0x200000000000000(node=0|zone=2)
[   25.008351] page_type: f5(slab)
[   25.008491] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   25.008779] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.009062] page dumped because: kasan: bad access detected
[   25.009369] 
[   25.009436] Memory state around the buggy address:
[   25.009583]  ffff8881053b7100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.009793]  ffff8881053b7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.010000] >ffff8881053b7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   25.010218]                                                                 ^
[   25.010861]  ffff8881053b7280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.011171]  ffff8881053b7300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.011490] ==================================================================
Metadata Full log Test run details