Hay
Sign in
Date
July 25, 2025, 3:13 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   32.093346] ==================================================================
[   32.093409] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0
[   32.093466] Write of size 1 at addr fff00000c6465f00 by task kunit_try_catch/176
[   32.093515] 
[   32.093546] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G    B   W        N  6.16.0-rc7-next-20250725 #1 PREEMPT 
[   32.093631] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST
[   32.094153] Hardware name: linux,dummy-virt (DT)
[   32.094196] Call trace:
[   32.094219]  show_stack+0x20/0x38 (C)
[   32.094290]  dump_stack_lvl+0x8c/0xd0
[   32.094787]  print_report+0x118/0x5e8
[   32.094831]  kasan_report+0xdc/0x128
[   32.094873]  __asan_report_store1_noabort+0x20/0x30
[   32.094920]  kmalloc_big_oob_right+0x2a4/0x2f0
[   32.095168]  kunit_try_run_case+0x170/0x3f0
[   32.095216]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.095275]  kthread+0x328/0x630
[   32.095387]  ret_from_fork+0x10/0x20
[   32.095495] 
[   32.095668] Allocated by task 176:
[   32.095830]  kasan_save_stack+0x3c/0x68
[   32.096072]  kasan_save_track+0x20/0x40
[   32.096213]  kasan_save_alloc_info+0x40/0x58
[   32.096250]  __kasan_kmalloc+0xd4/0xd8
[   32.096283]  __kmalloc_cache_noprof+0x16c/0x3c0
[   32.096692]  kmalloc_big_oob_right+0xb8/0x2f0
[   32.096734]  kunit_try_run_case+0x170/0x3f0
[   32.097098]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.097713]  kthread+0x328/0x630
[   32.097996]  ret_from_fork+0x10/0x20
[   32.098039] 
[   32.098271] The buggy address belongs to the object at fff00000c6464000
[   32.098271]  which belongs to the cache kmalloc-8k of size 8192
[   32.098584] The buggy address is located 0 bytes to the right of
[   32.098584]  allocated 7936-byte region [fff00000c6464000, fff00000c6465f00)
[   32.098911] 
[   32.099027] The buggy address belongs to the physical page:
[   32.099165] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106460
[   32.099239] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   32.099449] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   32.099606] page_type: f5(slab)
[   32.099699] raw: 0bfffe0000000040 fff00000c0002280 dead000000000100 dead000000000122
[   32.099774] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   32.099830] head: 0bfffe0000000040 fff00000c0002280 dead000000000100 dead000000000122
[   32.099877] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   32.099923] head: 0bfffe0000000003 ffffc1ffc3191801 00000000ffffffff 00000000ffffffff
[   32.100301] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   32.100357] page dumped because: kasan: bad access detected
[   32.100389] 
[   32.100407] Memory state around the buggy address:
[   32.100440]  fff00000c6465e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.100483]  fff00000c6465e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   32.100523] >fff00000c6465f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.100559]                    ^
[   32.100586]  fff00000c6465f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.100626]  fff00000c6466000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.100678] ==================================================================
Metadata Full log Test run details 

[   25.156206] ==================================================================
[   25.156816] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370
[   25.157364] Write of size 1 at addr ffff888106289f00 by task kunit_try_catch/193
[   25.157687] 
[   25.157773] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7-next-20250725 #1 PREEMPT(voluntary) 
[   25.157832] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.157844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   25.157865] Call Trace:
[   25.157898]  <TASK>
[   25.157913]  dump_stack_lvl+0x73/0xb0
[   25.157941]  print_report+0xd1/0x640
[   25.157976]  ? __virt_addr_valid+0x1db/0x2d0
[   25.158060]  ? kmalloc_big_oob_right+0x316/0x370
[   25.158100]  ? kasan_complete_mode_report_info+0x2a/0x200
[   25.158127]  ? kmalloc_big_oob_right+0x316/0x370
[   25.158150]  kasan_report+0x141/0x180
[   25.158173]  ? kmalloc_big_oob_right+0x316/0x370
[   25.158200]  __asan_report_store1_noabort+0x1b/0x30
[   25.158225]  kmalloc_big_oob_right+0x316/0x370
[   25.158249]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   25.158293]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   25.158318]  ? trace_hardirqs_on+0x37/0xe0
[   25.158342]  ? __pfx_read_tsc+0x10/0x10
[   25.158365]  ? ktime_get_ts64+0x86/0x230
[   25.158389]  kunit_try_run_case+0x1a5/0x480
[   25.158414]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.158439]  ? queued_spin_lock_slowpath+0x116/0xb40
[   25.158462]  ? __kthread_parkme+0x82/0x180
[   25.158483]  ? preempt_count_sub+0x50/0x80
[   25.158506]  ? __pfx_kunit_try_run_case+0x10/0x10
[   25.158531]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.158555]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   25.158580]  kthread+0x337/0x6f0
[   25.158600]  ? trace_preempt_on+0x20/0xc0
[   25.158623]  ? __pfx_kthread+0x10/0x10
[   25.158644]  ? _raw_spin_unlock_irq+0x47/0x80
[   25.158668]  ? calculate_sigpending+0x7b/0xa0
[   25.158692]  ? __pfx_kthread+0x10/0x10
[   25.158715]  ret_from_fork+0x116/0x1d0
[   25.158734]  ? __pfx_kthread+0x10/0x10
[   25.158756]  ret_from_fork_asm+0x1a/0x30
[   25.158822]  </TASK>
[   25.158835] 
[   25.166622] Allocated by task 193:
[   25.166752]  kasan_save_stack+0x45/0x70
[   25.166892]  kasan_save_track+0x18/0x40
[   25.167032]  kasan_save_alloc_info+0x3b/0x50
[   25.167432]  __kasan_kmalloc+0xb7/0xc0
[   25.167662]  __kmalloc_cache_noprof+0x189/0x420
[   25.168038]  kmalloc_big_oob_right+0xa9/0x370
[   25.168267]  kunit_try_run_case+0x1a5/0x480
[   25.168491]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   25.168743]  kthread+0x337/0x6f0
[   25.168980]  ret_from_fork+0x116/0x1d0
[   25.169180]  ret_from_fork_asm+0x1a/0x30
[   25.169430] 
[   25.169499] The buggy address belongs to the object at ffff888106288000
[   25.169499]  which belongs to the cache kmalloc-8k of size 8192
[   25.170214] The buggy address is located 0 bytes to the right of
[   25.170214]  allocated 7936-byte region [ffff888106288000, ffff888106289f00)
[   25.170895] 
[   25.171037] The buggy address belongs to the physical page:
[   25.171295] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106288
[   25.171572] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.171798] flags: 0x200000000000040(head|node=0|zone=2)
[   25.172050] page_type: f5(slab)
[   25.172215] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   25.172475] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   25.173022] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   25.173272] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   25.173638] head: 0200000000000003 ffffea000418a201 00000000ffffffff 00000000ffffffff
[   25.174243] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   25.174645] page dumped because: kasan: bad access detected
[   25.174970] 
[   25.175052] Memory state around the buggy address:
[   25.175211]  ffff888106289e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.175581]  ffff888106289e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.175959] >ffff888106289f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.176282]                    ^
[   25.176432]  ffff888106289f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.176756]  ffff88810628a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.177307] ==================================================================
Metadata Full log Test run details