Hay
Sign in
Date
July 3, 2025, 6:13 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   16.839642] ==================================================================
[   16.839699] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300
[   16.839805] Write of size 4 at addr fff00000c78c1075 by task kunit_try_catch/174
[   16.839857] 
[   16.839888] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   16.839967] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.839992] Hardware name: linux,dummy-virt (DT)
[   16.840022] Call trace:
[   16.840764]  show_stack+0x20/0x38 (C)
[   16.840819]  dump_stack_lvl+0x8c/0xd0
[   16.840864]  print_report+0x118/0x608
[   16.841221]  kasan_report+0xdc/0x128
[   16.841423]  kasan_check_range+0x100/0x1a8
[   16.841542]  __asan_memset+0x34/0x78
[   16.841716]  kmalloc_oob_memset_4+0x150/0x300
[   16.841801]  kunit_try_run_case+0x170/0x3f0
[   16.841863]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.842116]  kthread+0x328/0x630
[   16.842412]  ret_from_fork+0x10/0x20
[   16.842651] 
[   16.842731] Allocated by task 174:
[   16.842945]  kasan_save_stack+0x3c/0x68
[   16.843016]  kasan_save_track+0x20/0x40
[   16.843340]  kasan_save_alloc_info+0x40/0x58
[   16.843532]  __kasan_kmalloc+0xd4/0xd8
[   16.843681]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.843760]  kmalloc_oob_memset_4+0xb0/0x300
[   16.843835]  kunit_try_run_case+0x170/0x3f0
[   16.843890]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.844126]  kthread+0x328/0x630
[   16.844252]  ret_from_fork+0x10/0x20
[   16.844550] 
[   16.844594] The buggy address belongs to the object at fff00000c78c1000
[   16.844594]  which belongs to the cache kmalloc-128 of size 128
[   16.844795] The buggy address is located 117 bytes inside of
[   16.844795]  allocated 120-byte region [fff00000c78c1000, fff00000c78c1078)
[   16.844868] 
[   16.844894] The buggy address belongs to the physical page:
[   16.844923] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078c1
[   16.845325] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.845689] page_type: f5(slab)
[   16.845772] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   16.845905] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   16.845984] page dumped because: kasan: bad access detected
[   16.846021] 
[   16.846225] Memory state around the buggy address:
[   16.846466]  fff00000c78c0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.846584]  fff00000c78c0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.846641] >fff00000c78c1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   16.846733]                                                                 ^
[   16.846773]  fff00000c78c1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.847006]  fff00000c78c1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.847347] ==================================================================
Metadata Full log Test run details 

[   11.570250] ==================================================================
[   11.570729] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330
[   11.571034] Write of size 4 at addr ffff8881029db575 by task kunit_try_catch/192
[   11.572585] 
[   11.572689] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   11.572733] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.572745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.572764] Call Trace:
[   11.572776]  <TASK>
[   11.572790]  dump_stack_lvl+0x73/0xb0
[   11.572820]  print_report+0xd1/0x650
[   11.572843]  ? __virt_addr_valid+0x1db/0x2d0
[   11.572866]  ? kmalloc_oob_memset_4+0x166/0x330
[   11.572886]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.572908]  ? kmalloc_oob_memset_4+0x166/0x330
[   11.572929]  kasan_report+0x141/0x180
[   11.572950]  ? kmalloc_oob_memset_4+0x166/0x330
[   11.572975]  kasan_check_range+0x10c/0x1c0
[   11.572998]  __asan_memset+0x27/0x50
[   11.573016]  kmalloc_oob_memset_4+0x166/0x330
[   11.573036]  ? __kasan_check_write+0x18/0x20
[   11.573056]  ? __pfx_kmalloc_oob_memset_4+0x10/0x10
[   11.573077]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   11.573101]  ? trace_hardirqs_on+0x37/0xe0
[   11.573139]  ? __pfx_read_tsc+0x10/0x10
[   11.573160]  ? ktime_get_ts64+0x86/0x230
[   11.573183]  kunit_try_run_case+0x1a5/0x480
[   11.573207]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.573230]  ? queued_spin_lock_slowpath+0x116/0xb40
[   11.573254]  ? __kthread_parkme+0x82/0x180
[   11.573275]  ? preempt_count_sub+0x50/0x80
[   11.573298]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.573320]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.573341]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.573364]  kthread+0x337/0x6f0
[   11.573382]  ? trace_preempt_on+0x20/0xc0
[   11.573404]  ? __pfx_kthread+0x10/0x10
[   11.573424]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.573443]  ? calculate_sigpending+0x7b/0xa0
[   11.573466]  ? __pfx_kthread+0x10/0x10
[   11.573486]  ret_from_fork+0x116/0x1d0
[   11.573504]  ? __pfx_kthread+0x10/0x10
[   11.573523]  ret_from_fork_asm+0x1a/0x30
[   11.573552]  </TASK>
[   11.573564] 
[   11.584314] Allocated by task 192:
[   11.584639]  kasan_save_stack+0x45/0x70
[   11.585061]  kasan_save_track+0x18/0x40
[   11.585258]  kasan_save_alloc_info+0x3b/0x50
[   11.585585]  __kasan_kmalloc+0xb7/0xc0
[   11.585818]  __kmalloc_cache_noprof+0x189/0x420
[   11.586383]  kmalloc_oob_memset_4+0xac/0x330
[   11.586786]  kunit_try_run_case+0x1a5/0x480
[   11.587187]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.587764]  kthread+0x337/0x6f0
[   11.588080]  ret_from_fork+0x116/0x1d0
[   11.588463]  ret_from_fork_asm+0x1a/0x30
[   11.588923] 
[   11.589084] The buggy address belongs to the object at ffff8881029db500
[   11.589084]  which belongs to the cache kmalloc-128 of size 128
[   11.590361] The buggy address is located 117 bytes inside of
[   11.590361]  allocated 120-byte region [ffff8881029db500, ffff8881029db578)
[   11.590838] 
[   11.590916] The buggy address belongs to the physical page:
[   11.591091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db
[   11.591471] flags: 0x200000000000000(node=0|zone=2)
[   11.591974] page_type: f5(slab)
[   11.592166] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   11.592815] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   11.593137] page dumped because: kasan: bad access detected
[   11.593537] 
[   11.593647] Memory state around the buggy address:
[   11.594022]  ffff8881029db400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   11.594504]  ffff8881029db480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.594940] >ffff8881029db500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   11.595390]                                                                 ^
[   11.595798]  ffff8881029db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.596227]  ffff8881029db600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.596636] ==================================================================
Metadata Full log Test run details