Hay
Sign in
Date
July 22, 2025, 2:40 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   17.285502] ==================================================================
[   17.286130] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8
[   17.286340] Write of size 16 at addr fff00000c6fb0769 by task kunit_try_catch/180
[   17.286467] 
[   17.286558] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   17.286671] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.286697] Hardware name: linux,dummy-virt (DT)
[   17.286734] Call trace:
[   17.286845]  show_stack+0x20/0x38 (C)
[   17.286909]  dump_stack_lvl+0x8c/0xd0
[   17.286969]  print_report+0x118/0x5d0
[   17.287174]  kasan_report+0xdc/0x128
[   17.287353]  kasan_check_range+0x100/0x1a8
[   17.287555]  __asan_memset+0x34/0x78
[   17.287683]  kmalloc_oob_memset_16+0x150/0x2f8
[   17.287759]  kunit_try_run_case+0x170/0x3f0
[   17.287877]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.288075]  kthread+0x328/0x630
[   17.288277]  ret_from_fork+0x10/0x20
[   17.288358] 
[   17.288378] Allocated by task 180:
[   17.288405]  kasan_save_stack+0x3c/0x68
[   17.288442]  kasan_save_track+0x20/0x40
[   17.288483]  kasan_save_alloc_info+0x40/0x58
[   17.288520]  __kasan_kmalloc+0xd4/0xd8
[   17.288564]  __kmalloc_cache_noprof+0x16c/0x3c0
[   17.288602]  kmalloc_oob_memset_16+0xb0/0x2f8
[   17.288640]  kunit_try_run_case+0x170/0x3f0
[   17.288678]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.288717]  kthread+0x328/0x630
[   17.288758]  ret_from_fork+0x10/0x20
[   17.288794] 
[   17.288814] The buggy address belongs to the object at fff00000c6fb0700
[   17.288814]  which belongs to the cache kmalloc-128 of size 128
[   17.288875] The buggy address is located 105 bytes inside of
[   17.288875]  allocated 120-byte region [fff00000c6fb0700, fff00000c6fb0778)
[   17.288943] 
[   17.288963] The buggy address belongs to the physical page:
[   17.288998] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fb0
[   17.289064] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.289112] page_type: f5(slab)
[   17.289162] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   17.289221] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   17.289259] page dumped because: kasan: bad access detected
[   17.289308] 
[   17.289623] Memory state around the buggy address:
[   17.289892]  fff00000c6fb0600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   17.289962]  fff00000c6fb0680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.290012] >fff00000c6fb0700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   17.290064]                                                                 ^
[   17.290156]  fff00000c6fb0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.290247]  fff00000c6fb0800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.290305] ==================================================================
Metadata Full log Test run details 

[   11.253541] ==================================================================
[   11.254205] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330
[   11.254626] Write of size 16 at addr ffff8881028ba069 by task kunit_try_catch/198
[   11.255402] 
[   11.255619] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   11.255670] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.255682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.255706] Call Trace:
[   11.255719]  <TASK>
[   11.255737]  dump_stack_lvl+0x73/0xb0
[   11.255769]  print_report+0xd1/0x610
[   11.255792]  ? __virt_addr_valid+0x1db/0x2d0
[   11.255910]  ? kmalloc_oob_memset_16+0x166/0x330
[   11.255937]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.255960]  ? kmalloc_oob_memset_16+0x166/0x330
[   11.255982]  kasan_report+0x141/0x180
[   11.256004]  ? kmalloc_oob_memset_16+0x166/0x330
[   11.256031]  kasan_check_range+0x10c/0x1c0
[   11.256051]  __asan_memset+0x27/0x50
[   11.256072]  kmalloc_oob_memset_16+0x166/0x330
[   11.256093]  ? __kasan_check_write+0x18/0x20
[   11.256112]  ? __pfx_kmalloc_oob_memset_16+0x10/0x10
[   11.256134]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.256156]  ? trace_hardirqs_on+0x37/0xe0
[   11.256181]  ? __pfx_read_tsc+0x10/0x10
[   11.256201]  ? ktime_get_ts64+0x86/0x230
[   11.256239]  kunit_try_run_case+0x1a5/0x480
[   11.256261]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.256281]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.256302]  ? __kthread_parkme+0x82/0x180
[   11.256325]  ? preempt_count_sub+0x50/0x80
[   11.256351]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.256381]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.256403]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.256426]  kthread+0x337/0x6f0
[   11.256442]  ? trace_preempt_on+0x20/0xc0
[   11.256464]  ? __pfx_kthread+0x10/0x10
[   11.256481]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.256503]  ? calculate_sigpending+0x7b/0xa0
[   11.256525]  ? __pfx_kthread+0x10/0x10
[   11.256543]  ret_from_fork+0x41/0x80
[   11.256562]  ? __pfx_kthread+0x10/0x10
[   11.256579]  ret_from_fork_asm+0x1a/0x30
[   11.256611]  </TASK>
[   11.256621] 
[   11.266806] Allocated by task 198:
[   11.267088]  kasan_save_stack+0x45/0x70
[   11.267358]  kasan_save_track+0x18/0x40
[   11.267620]  kasan_save_alloc_info+0x3b/0x50
[   11.267983]  __kasan_kmalloc+0xb7/0xc0
[   11.268136]  __kmalloc_cache_noprof+0x189/0x420
[   11.268549]  kmalloc_oob_memset_16+0xac/0x330
[   11.268931]  kunit_try_run_case+0x1a5/0x480
[   11.269259]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.269640]  kthread+0x337/0x6f0
[   11.269777]  ret_from_fork+0x41/0x80
[   11.270099]  ret_from_fork_asm+0x1a/0x30
[   11.270443] 
[   11.270520] The buggy address belongs to the object at ffff8881028ba000
[   11.270520]  which belongs to the cache kmalloc-128 of size 128
[   11.271020] The buggy address is located 105 bytes inside of
[   11.271020]  allocated 120-byte region [ffff8881028ba000, ffff8881028ba078)
[   11.272095] 
[   11.272195] The buggy address belongs to the physical page:
[   11.272611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028ba
[   11.273025] flags: 0x200000000000000(node=0|zone=2)
[   11.273379] page_type: f5(slab)
[   11.273554] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   11.274186] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.274672] page dumped because: kasan: bad access detected
[   11.274918] 
[   11.274996] Memory state around the buggy address:
[   11.275215]  ffff8881028b9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.275876]  ffff8881028b9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.276257] >ffff8881028ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   11.276574]                                                                 ^
[   11.277045]  ffff8881028ba080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.277354]  ffff8881028ba100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.278116] ==================================================================
Metadata Full log Test run details