Hay
Sign in
Date
July 24, 2025, 4:41 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   32.572307] ==================================================================
[   32.572385] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8
[   32.572448] Write of size 16 at addr fff00000c9a8b469 by task kunit_try_catch/209
[   32.572501] 
[   32.572682] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250724 #1 PREEMPT 
[   32.572909] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.572948] Hardware name: linux,dummy-virt (DT)
[   32.572982] Call trace:
[   32.573007]  show_stack+0x20/0x38 (C)
[   32.573058]  dump_stack_lvl+0x8c/0xd0
[   32.573104]  print_report+0x118/0x5e8
[   32.573406]  kasan_report+0xdc/0x128
[   32.573554]  kasan_check_range+0x100/0x1a8
[   32.573630]  __asan_memset+0x34/0x78
[   32.573674]  kmalloc_oob_memset_16+0x150/0x2f8
[   32.573728]  kunit_try_run_case+0x170/0x3f0
[   32.574071]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.574231]  kthread+0x328/0x630
[   32.574307]  ret_from_fork+0x10/0x20
[   32.574359] 
[   32.574471] Allocated by task 209:
[   32.574508]  kasan_save_stack+0x3c/0x68
[   32.574551]  kasan_save_track+0x20/0x40
[   32.574602]  kasan_save_alloc_info+0x40/0x58
[   32.574643]  __kasan_kmalloc+0xd4/0xd8
[   32.574679]  __kmalloc_cache_noprof+0x16c/0x3c0
[   32.574720]  kmalloc_oob_memset_16+0xb0/0x2f8
[   32.575095]  kunit_try_run_case+0x170/0x3f0
[   32.576036]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.576116]  kthread+0x328/0x630
[   32.576182]  ret_from_fork+0x10/0x20
[   32.576323] 
[   32.576347] The buggy address belongs to the object at fff00000c9a8b400
[   32.576347]  which belongs to the cache kmalloc-128 of size 128
[   32.576452] The buggy address is located 105 bytes inside of
[   32.576452]  allocated 120-byte region [fff00000c9a8b400, fff00000c9a8b478)
[   32.576565] 
[   32.576819] The buggy address belongs to the physical page:
[   32.577030] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a8b
[   32.577112] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.577670] page_type: f5(slab)
[   32.577901] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.577999] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.578097] page dumped because: kasan: bad access detected
[   32.578240] 
[   32.578289] Memory state around the buggy address:
[   32.578343]  fff00000c9a8b300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.578581]  fff00000c9a8b380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.578962] >fff00000c9a8b400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   32.579150]                                                                 ^
[   32.579312]  fff00000c9a8b480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.579395]  fff00000c9a8b500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.579478] ==================================================================
Metadata Full log Test run details 

[   27.015105] ==================================================================
[   27.015567] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330
[   27.016177] Write of size 16 at addr ffff888104c4a869 by task kunit_try_catch/226
[   27.016482] 
[   27.016599] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) 
[   27.016657] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   27.016670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   27.016692] Call Trace:
[   27.016705]  <TASK>
[   27.016726]  dump_stack_lvl+0x73/0xb0
[   27.016760]  print_report+0xd1/0x640
[   27.016783]  ? __virt_addr_valid+0x1db/0x2d0
[   27.016821]  ? kmalloc_oob_memset_16+0x166/0x330
[   27.016842]  ? kasan_complete_mode_report_info+0x2a/0x200
[   27.016867]  ? kmalloc_oob_memset_16+0x166/0x330
[   27.016888]  kasan_report+0x141/0x180
[   27.016909]  ? kmalloc_oob_memset_16+0x166/0x330
[   27.016945]  kasan_check_range+0x10c/0x1c0
[   27.016968]  __asan_memset+0x27/0x50
[   27.016991]  kmalloc_oob_memset_16+0x166/0x330
[   27.017013]  ? __pfx_kmalloc_oob_memset_16+0x10/0x10
[   27.017035]  ? __schedule+0x10da/0x2b60
[   27.017060]  ? __pfx_read_tsc+0x10/0x10
[   27.017081]  ? ktime_get_ts64+0x86/0x230
[   27.017107]  kunit_try_run_case+0x1a5/0x480
[   27.017133]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.017154]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   27.017178]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   27.017202]  ? __kthread_parkme+0x82/0x180
[   27.017223]  ? preempt_count_sub+0x50/0x80
[   27.017246]  ? __pfx_kunit_try_run_case+0x10/0x10
[   27.017269]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.017292]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   27.017314]  kthread+0x337/0x6f0
[   27.017334]  ? trace_preempt_on+0x20/0xc0
[   27.017358]  ? __pfx_kthread+0x10/0x10
[   27.017377]  ? _raw_spin_unlock_irq+0x47/0x80
[   27.017400]  ? calculate_sigpending+0x7b/0xa0
[   27.017423]  ? __pfx_kthread+0x10/0x10
[   27.017443]  ret_from_fork+0x116/0x1d0
[   27.017463]  ? __pfx_kthread+0x10/0x10
[   27.017482]  ret_from_fork_asm+0x1a/0x30
[   27.017514]  </TASK>
[   27.017525] 
[   27.026862] Allocated by task 226:
[   27.027410]  kasan_save_stack+0x45/0x70
[   27.027639]  kasan_save_track+0x18/0x40
[   27.027837]  kasan_save_alloc_info+0x3b/0x50
[   27.028088]  __kasan_kmalloc+0xb7/0xc0
[   27.028253]  __kmalloc_cache_noprof+0x189/0x420
[   27.028458]  kmalloc_oob_memset_16+0xac/0x330
[   27.028675]  kunit_try_run_case+0x1a5/0x480
[   27.028876]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   27.029557]  kthread+0x337/0x6f0
[   27.029698]  ret_from_fork+0x116/0x1d0
[   27.030027]  ret_from_fork_asm+0x1a/0x30
[   27.030369] 
[   27.030451] The buggy address belongs to the object at ffff888104c4a800
[   27.030451]  which belongs to the cache kmalloc-128 of size 128
[   27.031040] The buggy address is located 105 bytes inside of
[   27.031040]  allocated 120-byte region [ffff888104c4a800, ffff888104c4a878)
[   27.031584] 
[   27.031658] The buggy address belongs to the physical page:
[   27.032024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c4a
[   27.032339] flags: 0x200000000000000(node=0|zone=2)
[   27.032555] page_type: f5(slab)
[   27.032714] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   27.033571] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   27.033936] page dumped because: kasan: bad access detected
[   27.034220] 
[   27.034292] Memory state around the buggy address:
[   27.034507]  ffff888104c4a700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   27.034839]  ffff888104c4a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.035174] >ffff888104c4a800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   27.035469]                                                                 ^
[   27.035766]  ffff888104c4a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.036139]  ffff888104c4a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   27.036424] ==================================================================
Metadata Full log Test run details