Hay
Sign in
Date
July 13, 2025, 11:09 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   15.595885] ==================================================================
[   15.595947] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0
[   15.595997] Write of size 1 at addr fff00000c78e1f00 by task kunit_try_catch/145
[   15.596045] 
[   15.596075] CPU: 0 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.598096] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.598824] Hardware name: linux,dummy-virt (DT)
[   15.598862] Call trace:
[   15.599217]  show_stack+0x20/0x38 (C)
[   15.600760]  dump_stack_lvl+0x8c/0xd0
[   15.600856]  print_report+0x118/0x5d0
[   15.600900]  kasan_report+0xdc/0x128
[   15.601229]  __asan_report_store1_noabort+0x20/0x30
[   15.601281]  kmalloc_big_oob_right+0x2a4/0x2f0
[   15.601326]  kunit_try_run_case+0x170/0x3f0
[   15.603508]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.603567]  kthread+0x328/0x630
[   15.603608]  ret_from_fork+0x10/0x20
[   15.603654] 
[   15.603672] Allocated by task 145:
[   15.603699]  kasan_save_stack+0x3c/0x68
[   15.603739]  kasan_save_track+0x20/0x40
[   15.603775]  kasan_save_alloc_info+0x40/0x58
[   15.603814]  __kasan_kmalloc+0xd4/0xd8
[   15.603849]  __kmalloc_cache_noprof+0x16c/0x3c0
[   15.603887]  kmalloc_big_oob_right+0xb8/0x2f0
[   15.603923]  kunit_try_run_case+0x170/0x3f0
[   15.603959]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.604000]  kthread+0x328/0x630
[   15.604031]  ret_from_fork+0x10/0x20
[   15.604772] 
[   15.604864] The buggy address belongs to the object at fff00000c78e0000
[   15.604864]  which belongs to the cache kmalloc-8k of size 8192
[   15.604976] The buggy address is located 0 bytes to the right of
[   15.604976]  allocated 7936-byte region [fff00000c78e0000, fff00000c78e1f00)
[   15.605058] 
[   15.605133] The buggy address belongs to the physical page:
[   15.605166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e0
[   15.607253] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.607304] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.607358] page_type: f5(slab)
[   15.607397] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   15.607594] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   15.609288] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   15.609528] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   15.611607] head: 0bfffe0000000003 ffffc1ffc31e3801 00000000ffffffff 00000000ffffffff
[   15.612317] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   15.612626] page dumped because: kasan: bad access detected
[   15.612657] 
[   15.612675] Memory state around the buggy address:
[   15.612706]  fff00000c78e1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.612748]  fff00000c78e1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.614685] >fff00000c78e1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.614724]                    ^
[   15.614862]  fff00000c78e1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.616532]  fff00000c78e2000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.616576] ==================================================================
Metadata Full log Test run details 

[   16.474309] ==================================================================
[   16.474372] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0
[   16.474423] Write of size 1 at addr fff00000c457df00 by task kunit_try_catch/145
[   16.475742] 
[   16.475898] CPU: 1 UID: 0 PID: 145 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   16.476109] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.476138] Hardware name: linux,dummy-virt (DT)
[   16.476370] Call trace:
[   16.476710]  show_stack+0x20/0x38 (C)
[   16.476824]  dump_stack_lvl+0x8c/0xd0
[   16.477060]  print_report+0x118/0x5d0
[   16.477113]  kasan_report+0xdc/0x128
[   16.477158]  __asan_report_store1_noabort+0x20/0x30
[   16.477220]  kmalloc_big_oob_right+0x2a4/0x2f0
[   16.477266]  kunit_try_run_case+0x170/0x3f0
[   16.477311]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.478170]  kthread+0x328/0x630
[   16.478522]  ret_from_fork+0x10/0x20
[   16.478827] 
[   16.478967] Allocated by task 145:
[   16.479002]  kasan_save_stack+0x3c/0x68
[   16.479052]  kasan_save_track+0x20/0x40
[   16.479090]  kasan_save_alloc_info+0x40/0x58
[   16.479466]  __kasan_kmalloc+0xd4/0xd8
[   16.479850]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.480150]  kmalloc_big_oob_right+0xb8/0x2f0
[   16.480202]  kunit_try_run_case+0x170/0x3f0
[   16.480599]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.480653]  kthread+0x328/0x630
[   16.480685]  ret_from_fork+0x10/0x20
[   16.480720] 
[   16.480740] The buggy address belongs to the object at fff00000c457c000
[   16.480740]  which belongs to the cache kmalloc-8k of size 8192
[   16.481417] The buggy address is located 0 bytes to the right of
[   16.481417]  allocated 7936-byte region [fff00000c457c000, fff00000c457df00)
[   16.481501] 
[   16.481532] The buggy address belongs to the physical page:
[   16.481957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104578
[   16.482775] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.483150] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.483346] page_type: f5(slab)
[   16.483428] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   16.483621] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   16.483758] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   16.483920] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   16.484139] head: 0bfffe0000000003 ffffc1ffc3115e01 00000000ffffffff 00000000ffffffff
[   16.484252] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   16.484668] page dumped because: kasan: bad access detected
[   16.484907] 
[   16.484930] Memory state around the buggy address:
[   16.485142]  fff00000c457de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.485414]  fff00000c457de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.485476] >fff00000c457df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.485521]                    ^
[   16.485549]  fff00000c457df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.486394]  fff00000c457e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.486453] ==================================================================
Metadata Full log Test run details 

[   11.990335] ==================================================================
[   11.991152] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370
[   11.992026] Write of size 1 at addr ffff888102965f00 by task kunit_try_catch/161
[   11.992419] 
[   11.992651] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.992701] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.992712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.992733] Call Trace:
[   11.992745]  <TASK>
[   11.992761]  dump_stack_lvl+0x73/0xb0
[   11.992792]  print_report+0xd1/0x610
[   11.992813]  ? __virt_addr_valid+0x1db/0x2d0
[   11.992836]  ? kmalloc_big_oob_right+0x316/0x370
[   11.992859]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.992882]  ? kmalloc_big_oob_right+0x316/0x370
[   11.992905]  kasan_report+0x141/0x180
[   11.992927]  ? kmalloc_big_oob_right+0x316/0x370
[   11.992954]  __asan_report_store1_noabort+0x1b/0x30
[   11.992980]  kmalloc_big_oob_right+0x316/0x370
[   11.993003]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   11.993027]  ? __schedule+0x10cc/0x2b60
[   11.993049]  ? __pfx_read_tsc+0x10/0x10
[   11.993070]  ? ktime_get_ts64+0x86/0x230
[   11.993093]  kunit_try_run_case+0x1a5/0x480
[   11.993117]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.993140]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.993163]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.993187]  ? __kthread_parkme+0x82/0x180
[   11.993207]  ? preempt_count_sub+0x50/0x80
[   11.993231]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.993255]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.993279]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.993304]  kthread+0x337/0x6f0
[   11.993323]  ? trace_preempt_on+0x20/0xc0
[   11.993347]  ? __pfx_kthread+0x10/0x10
[   11.993367]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.993388]  ? calculate_sigpending+0x7b/0xa0
[   11.993530]  ? __pfx_kthread+0x10/0x10
[   11.993556]  ret_from_fork+0x116/0x1d0
[   11.993584]  ? __pfx_kthread+0x10/0x10
[   11.993605]  ret_from_fork_asm+0x1a/0x30
[   11.993635]  </TASK>
[   11.993678] 
[   12.004352] Allocated by task 161:
[   12.004756]  kasan_save_stack+0x45/0x70
[   12.005082]  kasan_save_track+0x18/0x40
[   12.005271]  kasan_save_alloc_info+0x3b/0x50
[   12.005671]  __kasan_kmalloc+0xb7/0xc0
[   12.005964]  __kmalloc_cache_noprof+0x189/0x420
[   12.006307]  kmalloc_big_oob_right+0xa9/0x370
[   12.006756]  kunit_try_run_case+0x1a5/0x480
[   12.007012]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.007458]  kthread+0x337/0x6f0
[   12.007691]  ret_from_fork+0x116/0x1d0
[   12.007871]  ret_from_fork_asm+0x1a/0x30
[   12.008045] 
[   12.008135] The buggy address belongs to the object at ffff888102964000
[   12.008135]  which belongs to the cache kmalloc-8k of size 8192
[   12.009216] The buggy address is located 0 bytes to the right of
[   12.009216]  allocated 7936-byte region [ffff888102964000, ffff888102965f00)
[   12.010199] 
[   12.010442] The buggy address belongs to the physical page:
[   12.011148] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102960
[   12.011837] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.012357] flags: 0x200000000000040(head|node=0|zone=2)
[   12.012742] page_type: f5(slab)
[   12.012901] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   12.013204] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   12.013863] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   12.014311] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   12.014870] head: 0200000000000003 ffffea00040a5801 00000000ffffffff 00000000ffffffff
[   12.015493] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   12.015956] page dumped because: kasan: bad access detected
[   12.016197] 
[   12.016291] Memory state around the buggy address:
[   12.016963]  ffff888102965e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.017418]  ffff888102965e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.018132] >ffff888102965f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.018709]                    ^
[   12.018953]  ffff888102965f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.019254]  ffff888102966000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.019945] ==================================================================
Metadata Full log Test run details 

[   12.229772] ==================================================================
[   12.230913] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370
[   12.231577] Write of size 1 at addr ffff888102d51f00 by task kunit_try_catch/162
[   12.232554] 
[   12.233125] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   12.233176] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.233189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.233210] Call Trace:
[   12.233223]  <TASK>
[   12.233240]  dump_stack_lvl+0x73/0xb0
[   12.233274]  print_report+0xd1/0x610
[   12.233297]  ? __virt_addr_valid+0x1db/0x2d0
[   12.233321]  ? kmalloc_big_oob_right+0x316/0x370
[   12.233344]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.233368]  ? kmalloc_big_oob_right+0x316/0x370
[   12.233390]  kasan_report+0x141/0x180
[   12.233412]  ? kmalloc_big_oob_right+0x316/0x370
[   12.233439]  __asan_report_store1_noabort+0x1b/0x30
[   12.233465]  kmalloc_big_oob_right+0x316/0x370
[   12.233488]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   12.233511]  ? __schedule+0x10cc/0x2b60
[   12.233534]  ? __pfx_read_tsc+0x10/0x10
[   12.233556]  ? ktime_get_ts64+0x86/0x230
[   12.233582]  kunit_try_run_case+0x1a5/0x480
[   12.233608]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.233631]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.233656]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.233681]  ? __kthread_parkme+0x82/0x180
[   12.233703]  ? preempt_count_sub+0x50/0x80
[   12.233729]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.233754]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.233780]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.233805]  kthread+0x337/0x6f0
[   12.233824]  ? trace_preempt_on+0x20/0xc0
[   12.233849]  ? __pfx_kthread+0x10/0x10
[   12.233869]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.233891]  ? calculate_sigpending+0x7b/0xa0
[   12.233916]  ? __pfx_kthread+0x10/0x10
[   12.233938]  ret_from_fork+0x116/0x1d0
[   12.233958]  ? __pfx_kthread+0x10/0x10
[   12.233978]  ret_from_fork_asm+0x1a/0x30
[   12.234009]  </TASK>
[   12.234019] 
[   12.246471] Allocated by task 162:
[   12.246856]  kasan_save_stack+0x45/0x70
[   12.247252]  kasan_save_track+0x18/0x40
[   12.247606]  kasan_save_alloc_info+0x3b/0x50
[   12.248061]  __kasan_kmalloc+0xb7/0xc0
[   12.248418]  __kmalloc_cache_noprof+0x189/0x420
[   12.248888]  kmalloc_big_oob_right+0xa9/0x370
[   12.249327]  kunit_try_run_case+0x1a5/0x480
[   12.249889]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.250093]  kthread+0x337/0x6f0
[   12.250409]  ret_from_fork+0x116/0x1d0
[   12.250815]  ret_from_fork_asm+0x1a/0x30
[   12.251211] 
[   12.251369] The buggy address belongs to the object at ffff888102d50000
[   12.251369]  which belongs to the cache kmalloc-8k of size 8192
[   12.252166] The buggy address is located 0 bytes to the right of
[   12.252166]  allocated 7936-byte region [ffff888102d50000, ffff888102d51f00)
[   12.253073] 
[   12.253188] The buggy address belongs to the physical page:
[   12.253732] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102d50
[   12.254044] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.254589] flags: 0x200000000000040(head|node=0|zone=2)
[   12.255267] page_type: f5(slab)
[   12.255571] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   12.255923] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   12.256217] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   12.256927] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   12.257609] head: 0200000000000003 ffffea00040b5401 00000000ffffffff 00000000ffffffff
[   12.258244] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   12.258594] page dumped because: kasan: bad access detected
[   12.259159] 
[   12.259323] Memory state around the buggy address:
[   12.259603]  ffff888102d51e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.260333]  ffff888102d51e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.260557] >ffff888102d51f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.261167]                    ^
[   12.261485]  ffff888102d51f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.262189]  ffff888102d52000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.262471] ==================================================================
Metadata Full log Test run details