Hay
Sign in
Date
June 23, 2025, 7:07 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   32.289464] ==================================================================
[   32.289583] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0
[   32.289715] Write of size 1 at addr fff00000c64f5f00 by task kunit_try_catch/156
[   32.289824] 
[   32.289898] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.291005] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.291094] Hardware name: linux,dummy-virt (DT)
[   32.291173] Call trace:
[   32.291248]  show_stack+0x20/0x38 (C)
[   32.291838]  dump_stack_lvl+0x8c/0xd0
[   32.292072]  print_report+0x118/0x608
[   32.292207]  kasan_report+0xdc/0x128
[   32.292539]  __asan_report_store1_noabort+0x20/0x30
[   32.292689]  kmalloc_big_oob_right+0x2a4/0x2f0
[   32.292802]  kunit_try_run_case+0x170/0x3f0
[   32.293151]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.293496]  kthread+0x328/0x630
[   32.293734]  ret_from_fork+0x10/0x20
[   32.293940] 
[   32.293989] Allocated by task 156:
[   32.294077]  kasan_save_stack+0x3c/0x68
[   32.294193]  kasan_save_track+0x20/0x40
[   32.294287]  kasan_save_alloc_info+0x40/0x58
[   32.294391]  __kasan_kmalloc+0xd4/0xd8
[   32.294497]  __kmalloc_cache_noprof+0x16c/0x3c0
[   32.294603]  kmalloc_big_oob_right+0xb8/0x2f0
[   32.294768]  kunit_try_run_case+0x170/0x3f0
[   32.295041]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.295158]  kthread+0x328/0x630
[   32.295264]  ret_from_fork+0x10/0x20
[   32.295480] 
[   32.295533] The buggy address belongs to the object at fff00000c64f4000
[   32.295533]  which belongs to the cache kmalloc-8k of size 8192
[   32.295935] The buggy address is located 0 bytes to the right of
[   32.295935]  allocated 7936-byte region [fff00000c64f4000, fff00000c64f5f00)
[   32.296344] 
[   32.296471] The buggy address belongs to the physical page:
[   32.296546] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f0
[   32.296666] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.297150] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.297508] page_type: f5(slab)
[   32.297695] raw: 0bfffe0000000040 fff00000c0002280 dead000000000100 dead000000000122
[   32.297808] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   32.297921] head: 0bfffe0000000040 fff00000c0002280 dead000000000100 dead000000000122
[   32.298051] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   32.298859] head: 0bfffe0000000003 ffffc1ffc3193c01 00000000ffffffff 00000000ffffffff
[   32.299043] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   32.299272] page dumped because: kasan: bad access detected
[   32.299579] 
[   32.299641] Memory state around the buggy address:
[   32.299955]  fff00000c64f5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.300474]  fff00000c64f5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.300586] >fff00000c64f5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.300817]                    ^
[   32.300924]  fff00000c64f5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.301363]  fff00000c64f6000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.301471] ==================================================================
Metadata Full log Test run details 

[   21.144102] ==================================================================
[   21.144543] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370
[   21.145149] Write of size 1 at addr ffff8881039c9f00 by task kunit_try_catch/173
[   21.145570] 
[   21.145768] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.145847] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.146239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.146272] Call Trace:
[   21.146288]  <TASK>
[   21.146306]  dump_stack_lvl+0x73/0xb0
[   21.146343]  print_report+0xd1/0x650
[   21.146364]  ? __virt_addr_valid+0x1db/0x2d0
[   21.146405]  ? kmalloc_big_oob_right+0x316/0x370
[   21.146427]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.146451]  ? kmalloc_big_oob_right+0x316/0x370
[   21.146472]  kasan_report+0x141/0x180
[   21.146492]  ? kmalloc_big_oob_right+0x316/0x370
[   21.146516]  __asan_report_store1_noabort+0x1b/0x30
[   21.146539]  kmalloc_big_oob_right+0x316/0x370
[   21.146560]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   21.146581]  ? __schedule+0x10cc/0x2b60
[   21.146601]  ? __pfx_read_tsc+0x10/0x10
[   21.146622]  ? ktime_get_ts64+0x86/0x230
[   21.146646]  kunit_try_run_case+0x1a5/0x480
[   21.146670]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.146691]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.146711]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.146732]  ? __kthread_parkme+0x82/0x180
[   21.146751]  ? preempt_count_sub+0x50/0x80
[   21.146773]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.146795]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.146816]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.146864]  kthread+0x337/0x6f0
[   21.146884]  ? trace_preempt_on+0x20/0xc0
[   21.146907]  ? __pfx_kthread+0x10/0x10
[   21.146925]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.146944]  ? calculate_sigpending+0x7b/0xa0
[   21.146966]  ? __pfx_kthread+0x10/0x10
[   21.146986]  ret_from_fork+0x116/0x1d0
[   21.147003]  ? __pfx_kthread+0x10/0x10
[   21.147021]  ret_from_fork_asm+0x1a/0x30
[   21.147051]  </TASK>
[   21.147063] 
[   21.155301] Allocated by task 173:
[   21.155573]  kasan_save_stack+0x45/0x70
[   21.155734]  kasan_save_track+0x18/0x40
[   21.156074]  kasan_save_alloc_info+0x3b/0x50
[   21.156409]  __kasan_kmalloc+0xb7/0xc0
[   21.156691]  __kmalloc_cache_noprof+0x189/0x420
[   21.157072]  kmalloc_big_oob_right+0xa9/0x370
[   21.157310]  kunit_try_run_case+0x1a5/0x480
[   21.157558]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.157974]  kthread+0x337/0x6f0
[   21.158283]  ret_from_fork+0x116/0x1d0
[   21.158618]  ret_from_fork_asm+0x1a/0x30
[   21.158956] 
[   21.159134] The buggy address belongs to the object at ffff8881039c8000
[   21.159134]  which belongs to the cache kmalloc-8k of size 8192
[   21.159730] The buggy address is located 0 bytes to the right of
[   21.159730]  allocated 7936-byte region [ffff8881039c8000, ffff8881039c9f00)
[   21.160444] 
[   21.160637] The buggy address belongs to the physical page:
[   21.160958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c8
[   21.161335] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.161747] flags: 0x200000000000040(head|node=0|zone=2)
[   21.162110] page_type: f5(slab)
[   21.162398] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   21.162874] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   21.163288] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   21.163634] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   21.163957] head: 0200000000000003 ffffea00040e7201 00000000ffffffff 00000000ffffffff
[   21.164358] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   21.164729] page dumped because: kasan: bad access detected
[   21.165112] 
[   21.165260] Memory state around the buggy address:
[   21.165539]  ffff8881039c9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.165804]  ffff8881039c9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.166330] >ffff8881039c9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.166789]                    ^
[   21.166973]  ffff8881039c9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.167413]  ffff8881039ca000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.167646] ==================================================================
Metadata Full log Test run details