Hay
Sign in
Date
July 24, 2025, 4:41 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   32.538694] ==================================================================
[   32.538843] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300
[   32.538908] Write of size 4 at addr fff00000c9a8b275 by task kunit_try_catch/205
[   32.538968] 
[   32.539055] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250724 #1 PREEMPT 
[   32.539160] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.539195] Hardware name: linux,dummy-virt (DT)
[   32.539227] Call trace:
[   32.539422]  show_stack+0x20/0x38 (C)
[   32.539482]  dump_stack_lvl+0x8c/0xd0
[   32.539614]  print_report+0x118/0x5e8
[   32.539736]  kasan_report+0xdc/0x128
[   32.540050]  kasan_check_range+0x100/0x1a8
[   32.540166]  __asan_memset+0x34/0x78
[   32.540257]  kmalloc_oob_memset_4+0x150/0x300
[   32.540353]  kunit_try_run_case+0x170/0x3f0
[   32.540454]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.540711]  kthread+0x328/0x630
[   32.540805]  ret_from_fork+0x10/0x20
[   32.540943] 
[   32.540963] Allocated by task 205:
[   32.541178]  kasan_save_stack+0x3c/0x68
[   32.541245]  kasan_save_track+0x20/0x40
[   32.541369]  kasan_save_alloc_info+0x40/0x58
[   32.541458]  __kasan_kmalloc+0xd4/0xd8
[   32.541512]  __kmalloc_cache_noprof+0x16c/0x3c0
[   32.541701]  kmalloc_oob_memset_4+0xb0/0x300
[   32.541802]  kunit_try_run_case+0x170/0x3f0
[   32.541891]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.542003]  kthread+0x328/0x630
[   32.542056]  ret_from_fork+0x10/0x20
[   32.542092] 
[   32.542151] The buggy address belongs to the object at fff00000c9a8b200
[   32.542151]  which belongs to the cache kmalloc-128 of size 128
[   32.542431] The buggy address is located 117 bytes inside of
[   32.542431]  allocated 120-byte region [fff00000c9a8b200, fff00000c9a8b278)
[   32.542555] 
[   32.542618] The buggy address belongs to the physical page:
[   32.542697] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109a8b
[   32.542858] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.543158] page_type: f5(slab)
[   32.543366] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   32.543443] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   32.543528] page dumped because: kasan: bad access detected
[   32.543568] 
[   32.543587] Memory state around the buggy address:
[   32.543630]  fff00000c9a8b100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   32.543683]  fff00000c9a8b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.543860] >fff00000c9a8b200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   32.544001]                                                                 ^
[   32.544186]  fff00000c9a8b280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.544294]  fff00000c9a8b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.544333] ==================================================================
Metadata Full log Test run details 

[   26.963552] ==================================================================
[   26.964379] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330
[   26.964710] Write of size 4 at addr ffff888104c4a775 by task kunit_try_catch/222
[   26.965003] 
[   26.965219] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250724 #1 PREEMPT(voluntary) 
[   26.965270] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   26.965284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   26.965315] Call Trace:
[   26.965326]  <TASK>
[   26.965343]  dump_stack_lvl+0x73/0xb0
[   26.965371]  print_report+0xd1/0x640
[   26.965452]  ? __virt_addr_valid+0x1db/0x2d0
[   26.965477]  ? kmalloc_oob_memset_4+0x166/0x330
[   26.965498]  ? kasan_complete_mode_report_info+0x2a/0x200
[   26.965531]  ? kmalloc_oob_memset_4+0x166/0x330
[   26.965553]  kasan_report+0x141/0x180
[   26.965589]  ? kmalloc_oob_memset_4+0x166/0x330
[   26.965615]  kasan_check_range+0x10c/0x1c0
[   26.965638]  __asan_memset+0x27/0x50
[   26.965661]  kmalloc_oob_memset_4+0x166/0x330
[   26.965682]  ? __pfx_kmalloc_oob_memset_4+0x10/0x10
[   26.965704]  ? __schedule+0x10da/0x2b60
[   26.965729]  ? __pfx_read_tsc+0x10/0x10
[   26.965750]  ? ktime_get_ts64+0x86/0x230
[   26.965774]  kunit_try_run_case+0x1a5/0x480
[   26.965843]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.965865]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   26.965889]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   26.965914]  ? __kthread_parkme+0x82/0x180
[   26.965933]  ? preempt_count_sub+0x50/0x80
[   26.965967]  ? __pfx_kunit_try_run_case+0x10/0x10
[   26.965990]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.966013]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   26.966046]  kthread+0x337/0x6f0
[   26.966081]  ? trace_preempt_on+0x20/0xc0
[   26.966104]  ? __pfx_kthread+0x10/0x10
[   26.966124]  ? _raw_spin_unlock_irq+0x47/0x80
[   26.966147]  ? calculate_sigpending+0x7b/0xa0
[   26.966179]  ? __pfx_kthread+0x10/0x10
[   26.966199]  ret_from_fork+0x116/0x1d0
[   26.966218]  ? __pfx_kthread+0x10/0x10
[   26.966238]  ret_from_fork_asm+0x1a/0x30
[   26.966279]  </TASK>
[   26.966289] 
[   26.975788] Allocated by task 222:
[   26.975918]  kasan_save_stack+0x45/0x70
[   26.976213]  kasan_save_track+0x18/0x40
[   26.976411]  kasan_save_alloc_info+0x3b/0x50
[   26.976626]  __kasan_kmalloc+0xb7/0xc0
[   26.976856]  __kmalloc_cache_noprof+0x189/0x420
[   26.977087]  kmalloc_oob_memset_4+0xac/0x330
[   26.977399]  kunit_try_run_case+0x1a5/0x480
[   26.977623]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   26.977804]  kthread+0x337/0x6f0
[   26.977919]  ret_from_fork+0x116/0x1d0
[   26.978172]  ret_from_fork_asm+0x1a/0x30
[   26.978378] 
[   26.978542] The buggy address belongs to the object at ffff888104c4a700
[   26.978542]  which belongs to the cache kmalloc-128 of size 128
[   26.979181] The buggy address is located 117 bytes inside of
[   26.979181]  allocated 120-byte region [ffff888104c4a700, ffff888104c4a778)
[   26.979694] 
[   26.979765] The buggy address belongs to the physical page:
[   26.980246] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104c4a
[   26.980534] flags: 0x200000000000000(node=0|zone=2)
[   26.980704] page_type: f5(slab)
[   26.980911] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   26.981491] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   26.981750] page dumped because: kasan: bad access detected
[   26.981914] 
[   26.982050] Memory state around the buggy address:
[   26.982272]  ffff888104c4a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   26.982640]  ffff888104c4a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.983103] >ffff888104c4a700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   26.983374]                                                                 ^
[   26.983683]  ffff888104c4a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.984075]  ffff888104c4a800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.984365] ==================================================================
Metadata Full log Test run details