Hay
Sign in
Date
July 20, 2025, 11:12 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   16.255283] ==================================================================
[   16.255510] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0
[   16.255667] Write of size 1 at addr fff00000c78a1f00 by task kunit_try_catch/144
[   16.255760] 
[   16.255792] CPU: 1 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   16.255873] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.255911] Hardware name: linux,dummy-virt (DT)
[   16.255942] Call trace:
[   16.255964]  show_stack+0x20/0x38 (C)
[   16.256011]  dump_stack_lvl+0x8c/0xd0
[   16.256057]  print_report+0x118/0x5d0
[   16.256102]  kasan_report+0xdc/0x128
[   16.256145]  __asan_report_store1_noabort+0x20/0x30
[   16.256515]  kmalloc_big_oob_right+0x2a4/0x2f0
[   16.256775]  kunit_try_run_case+0x170/0x3f0
[   16.256917]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.256968]  kthread+0x328/0x630
[   16.257009]  ret_from_fork+0x10/0x20
[   16.257055] 
[   16.257074] Allocated by task 144:
[   16.257102]  kasan_save_stack+0x3c/0x68
[   16.257146]  kasan_save_track+0x20/0x40
[   16.257492]  kasan_save_alloc_info+0x40/0x58
[   16.257557]  __kasan_kmalloc+0xd4/0xd8
[   16.257594]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.257871]  kmalloc_big_oob_right+0xb8/0x2f0
[   16.258109]  kunit_try_run_case+0x170/0x3f0
[   16.258292]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.258336]  kthread+0x328/0x630
[   16.258368]  ret_from_fork+0x10/0x20
[   16.258427] 
[   16.258447] The buggy address belongs to the object at fff00000c78a0000
[   16.258447]  which belongs to the cache kmalloc-8k of size 8192
[   16.258503] The buggy address is located 0 bytes to the right of
[   16.258503]  allocated 7936-byte region [fff00000c78a0000, fff00000c78a1f00)
[   16.258564] 
[   16.258584] The buggy address belongs to the physical page:
[   16.258616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078a0
[   16.258755] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.258908] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.258962] page_type: f5(slab)
[   16.259011] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   16.259207] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   16.259259] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   16.259356] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   16.259405] head: 0bfffe0000000003 ffffc1ffc31e2801 00000000ffffffff 00000000ffffffff
[   16.259453] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   16.259491] page dumped because: kasan: bad access detected
[   16.259690] 
[   16.259753] Memory state around the buggy address:
[   16.259785]  fff00000c78a1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.259857]  fff00000c78a1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.259933] >fff00000c78a1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.259989]                    ^
[   16.260016]  fff00000c78a1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.260056]  fff00000c78a2000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.260095] ==================================================================
Metadata Full log Test run details 

[   16.364337] ==================================================================
[   16.364656] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0
[   16.364729] Write of size 1 at addr fff00000c78e9f00 by task kunit_try_catch/144
[   16.365173] 
[   16.365220] CPU: 1 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   16.365305] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.365331] Hardware name: linux,dummy-virt (DT)
[   16.365363] Call trace:
[   16.365407]  show_stack+0x20/0x38 (C)
[   16.365557]  dump_stack_lvl+0x8c/0xd0
[   16.365644]  print_report+0x118/0x5d0
[   16.365768]  kasan_report+0xdc/0x128
[   16.365834]  __asan_report_store1_noabort+0x20/0x30
[   16.366087]  kmalloc_big_oob_right+0x2a4/0x2f0
[   16.366233]  kunit_try_run_case+0x170/0x3f0
[   16.366452]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.366519]  kthread+0x328/0x630
[   16.366825]  ret_from_fork+0x10/0x20
[   16.367019] 
[   16.367087] Allocated by task 144:
[   16.367118]  kasan_save_stack+0x3c/0x68
[   16.367206]  kasan_save_track+0x20/0x40
[   16.367447]  kasan_save_alloc_info+0x40/0x58
[   16.367602]  __kasan_kmalloc+0xd4/0xd8
[   16.367701]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.367760]  kmalloc_big_oob_right+0xb8/0x2f0
[   16.367798]  kunit_try_run_case+0x170/0x3f0
[   16.367835]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.367877]  kthread+0x328/0x630
[   16.367928]  ret_from_fork+0x10/0x20
[   16.367964] 
[   16.368010] The buggy address belongs to the object at fff00000c78e8000
[   16.368010]  which belongs to the cache kmalloc-8k of size 8192
[   16.368069] The buggy address is located 0 bytes to the right of
[   16.368069]  allocated 7936-byte region [fff00000c78e8000, fff00000c78e9f00)
[   16.368147] 
[   16.368167] The buggy address belongs to the physical page:
[   16.368205] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078e8
[   16.368264] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.368309] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.368367] page_type: f5(slab)
[   16.368404] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   16.368463] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   16.368535] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   16.368590] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   16.368658] head: 0bfffe0000000003 ffffc1ffc31e3a01 00000000ffffffff 00000000ffffffff
[   16.368706] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   16.368753] page dumped because: kasan: bad access detected
[   16.368792] 
[   16.368810] Memory state around the buggy address:
[   16.368849]  fff00000c78e9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.368891]  fff00000c78e9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.368932] >fff00000c78e9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.369309]                    ^
[   16.369661]  fff00000c78e9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.369807]  fff00000c78ea000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.369958] ==================================================================
Metadata Full log Test run details 

[   12.145994] ==================================================================
[   12.146683] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370
[   12.146990] Write of size 1 at addr ffff8881029cdf00 by task kunit_try_catch/162
[   12.147415] 
[   12.147531] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.147579] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.147591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.147614] Call Trace:
[   12.147625]  <TASK>
[   12.147641]  dump_stack_lvl+0x73/0xb0
[   12.147671]  print_report+0xd1/0x610
[   12.147693]  ? __virt_addr_valid+0x1db/0x2d0
[   12.147715]  ? kmalloc_big_oob_right+0x316/0x370
[   12.147737]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.147758]  ? kmalloc_big_oob_right+0x316/0x370
[   12.147780]  kasan_report+0x141/0x180
[   12.147803]  ? kmalloc_big_oob_right+0x316/0x370
[   12.147831]  __asan_report_store1_noabort+0x1b/0x30
[   12.147855]  kmalloc_big_oob_right+0x316/0x370
[   12.147877]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   12.147899]  ? __schedule+0x10c6/0x2b60
[   12.147922]  ? __pfx_read_tsc+0x10/0x10
[   12.147943]  ? ktime_get_ts64+0x86/0x230
[   12.147968]  kunit_try_run_case+0x1a5/0x480
[   12.147992]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.148015]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.148093]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.148120]  ? __kthread_parkme+0x82/0x180
[   12.148142]  ? preempt_count_sub+0x50/0x80
[   12.148166]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.148190]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.148213]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.148237]  kthread+0x337/0x6f0
[   12.148256]  ? trace_preempt_on+0x20/0xc0
[   12.148280]  ? __pfx_kthread+0x10/0x10
[   12.148300]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.148321]  ? calculate_sigpending+0x7b/0xa0
[   12.148345]  ? __pfx_kthread+0x10/0x10
[   12.148366]  ret_from_fork+0x116/0x1d0
[   12.148384]  ? __pfx_kthread+0x10/0x10
[   12.148418]  ret_from_fork_asm+0x1a/0x30
[   12.148451]  </TASK>
[   12.148461] 
[   12.156245] Allocated by task 162:
[   12.156381]  kasan_save_stack+0x45/0x70
[   12.156536]  kasan_save_track+0x18/0x40
[   12.156899]  kasan_save_alloc_info+0x3b/0x50
[   12.157153]  __kasan_kmalloc+0xb7/0xc0
[   12.157422]  __kmalloc_cache_noprof+0x189/0x420
[   12.157677]  kmalloc_big_oob_right+0xa9/0x370
[   12.157859]  kunit_try_run_case+0x1a5/0x480
[   12.158087]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.158278]  kthread+0x337/0x6f0
[   12.158465]  ret_from_fork+0x116/0x1d0
[   12.158707]  ret_from_fork_asm+0x1a/0x30
[   12.158879] 
[   12.158963] The buggy address belongs to the object at ffff8881029cc000
[   12.158963]  which belongs to the cache kmalloc-8k of size 8192
[   12.159481] The buggy address is located 0 bytes to the right of
[   12.159481]  allocated 7936-byte region [ffff8881029cc000, ffff8881029cdf00)
[   12.160064] 
[   12.160169] The buggy address belongs to the physical page:
[   12.160388] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c8
[   12.160756] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.160979] flags: 0x200000000000040(head|node=0|zone=2)
[   12.161152] page_type: f5(slab)
[   12.161270] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   12.161556] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   12.162310] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   12.162736] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   12.163139] head: 0200000000000003 ffffea00040a7201 00000000ffffffff 00000000ffffffff
[   12.163460] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   12.163685] page dumped because: kasan: bad access detected
[   12.164182] 
[   12.164287] Memory state around the buggy address:
[   12.164491]  ffff8881029cde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.164819]  ffff8881029cde80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.165184] >ffff8881029cdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.165543]                    ^
[   12.165706]  ffff8881029cdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.165977]  ffff8881029ce000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.166391] ==================================================================
Metadata Full log Test run details 

[   12.234527] ==================================================================
[   12.235194] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370
[   12.235530] Write of size 1 at addr ffff888102a65f00 by task kunit_try_catch/161
[   12.235921] 
[   12.236115] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.236174] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.236187] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.236209] Call Trace:
[   12.236223]  <TASK>
[   12.236240]  dump_stack_lvl+0x73/0xb0
[   12.236269]  print_report+0xd1/0x610
[   12.236290]  ? __virt_addr_valid+0x1db/0x2d0
[   12.236313]  ? kmalloc_big_oob_right+0x316/0x370
[   12.236339]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.236361]  ? kmalloc_big_oob_right+0x316/0x370
[   12.236393]  kasan_report+0x141/0x180
[   12.236416]  ? kmalloc_big_oob_right+0x316/0x370
[   12.236442]  __asan_report_store1_noabort+0x1b/0x30
[   12.236871]  kmalloc_big_oob_right+0x316/0x370
[   12.236893]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   12.236915]  ? __schedule+0x10c6/0x2b60
[   12.236937]  ? __pfx_read_tsc+0x10/0x10
[   12.236957]  ? ktime_get_ts64+0x86/0x230
[   12.236981]  kunit_try_run_case+0x1a5/0x480
[   12.237006]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.237028]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.237051]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.237073]  ? __kthread_parkme+0x82/0x180
[   12.237093]  ? preempt_count_sub+0x50/0x80
[   12.237117]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.237140]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.237171]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.237194]  kthread+0x337/0x6f0
[   12.237212]  ? trace_preempt_on+0x20/0xc0
[   12.237235]  ? __pfx_kthread+0x10/0x10
[   12.237255]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.237276]  ? calculate_sigpending+0x7b/0xa0
[   12.237299]  ? __pfx_kthread+0x10/0x10
[   12.237331]  ret_from_fork+0x116/0x1d0
[   12.237349]  ? __pfx_kthread+0x10/0x10
[   12.237369]  ret_from_fork_asm+0x1a/0x30
[   12.237399]  </TASK>
[   12.237410] 
[   12.245384] Allocated by task 161:
[   12.245588]  kasan_save_stack+0x45/0x70
[   12.245767]  kasan_save_track+0x18/0x40
[   12.246043]  kasan_save_alloc_info+0x3b/0x50
[   12.246214]  __kasan_kmalloc+0xb7/0xc0
[   12.246351]  __kmalloc_cache_noprof+0x189/0x420
[   12.246542]  kmalloc_big_oob_right+0xa9/0x370
[   12.246781]  kunit_try_run_case+0x1a5/0x480
[   12.247192]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.247454]  kthread+0x337/0x6f0
[   12.247618]  ret_from_fork+0x116/0x1d0
[   12.247813]  ret_from_fork_asm+0x1a/0x30
[   12.248008] 
[   12.248091] The buggy address belongs to the object at ffff888102a64000
[   12.248091]  which belongs to the cache kmalloc-8k of size 8192
[   12.248838] The buggy address is located 0 bytes to the right of
[   12.248838]  allocated 7936-byte region [ffff888102a64000, ffff888102a65f00)
[   12.249220] 
[   12.249295] The buggy address belongs to the physical page:
[   12.250094] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a60
[   12.251078] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.252060] flags: 0x200000000000040(head|node=0|zone=2)
[   12.252271] page_type: f5(slab)
[   12.252945] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   12.253918] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   12.254570] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   12.254813] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   12.255915] head: 0200000000000003 ffffea00040a9801 00000000ffffffff 00000000ffffffff
[   12.256213] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   12.256865] page dumped because: kasan: bad access detected
[   12.257242] 
[   12.257735] Memory state around the buggy address:
[   12.258007]  ffff888102a65e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.258446]  ffff888102a65e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.258849] >ffff888102a65f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.259443]                    ^
[   12.259737]  ffff888102a65f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.260274]  ffff888102a66000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.260770] ==================================================================
Metadata Full log Test run details