Hay
Sign in
Date
June 2, 2025, 2:10 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   19.125825] ==================================================================
[   19.126479] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2b8/0x308
[   19.127849] Write of size 1 at addr fff00000c6c21f00 by task kunit_try_catch/131
[   19.128831] 
[   19.129205] CPU: 1 UID: 0 PID: 131 Comm: kunit_try_catch Tainted: G    B            N 6.12.32-rc1 #1
[   19.129452] Tainted: [B]=BAD_PAGE, [N]=TEST
[   19.129537] Hardware name: linux,dummy-virt (DT)
[   19.129609] Call trace:
[   19.129639]  dump_backtrace+0x9c/0x128
[   19.129708]  show_stack+0x20/0x38
[   19.129749]  dump_stack_lvl+0x8c/0xd0
[   19.129794]  print_report+0x118/0x5f0
[   19.129836]  kasan_report+0xdc/0x128
[   19.129875]  __asan_report_store1_noabort+0x20/0x30
[   19.129921]  kmalloc_big_oob_right+0x2b8/0x308
[   19.129967]  kunit_try_run_case+0x170/0x3f0
[   19.130011]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.130058]  kthread+0x24c/0x2d0
[   19.130099]  ret_from_fork+0x10/0x20
[   19.130145] 
[   19.135746] Allocated by task 131:
[   19.136152]  kasan_save_stack+0x3c/0x68
[   19.136782]  kasan_save_track+0x20/0x40
[   19.137368]  kasan_save_alloc_info+0x40/0x58
[   19.137878]  __kasan_kmalloc+0xd4/0xd8
[   19.138291]  __kmalloc_cache_noprof+0x154/0x320
[   19.138672]  kmalloc_big_oob_right+0xb8/0x308
[   19.139051]  kunit_try_run_case+0x170/0x3f0
[   19.139891]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   19.140523]  kthread+0x24c/0x2d0
[   19.140936]  ret_from_fork+0x10/0x20
[   19.141396] 
[   19.141701] The buggy address belongs to the object at fff00000c6c20000
[   19.141701]  which belongs to the cache kmalloc-8k of size 8192
[   19.142660] The buggy address is located 0 bytes to the right of
[   19.142660]  allocated 7936-byte region [fff00000c6c20000, fff00000c6c21f00)
[   19.143698] 
[   19.143871] The buggy address belongs to the physical page:
[   19.144137] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c20
[   19.144515] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   19.144864] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   19.145205] page_type: f5(slab)
[   19.146524] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   19.147424] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   19.147812] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   19.148165] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   19.148635] head: 0bfffe0000000003 ffffc1ffc31b0801 ffffffffffffffff 0000000000000000
[   19.149833] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   19.150475] page dumped because: kasan: bad access detected
[   19.150968] 
[   19.151545] Memory state around the buggy address:
[   19.152061]  fff00000c6c21e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.152656]  fff00000c6c21e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   19.153400] >fff00000c6c21f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.154069]                    ^
[   19.154414]  fff00000c6c21f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.154964]  fff00000c6c22000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   19.155460] ==================================================================
Metadata Full log Test run details 

[   11.440227] ==================================================================
[   11.440696] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x318/0x370
[   11.441203] Write of size 1 at addr ffff888101f2df00 by task kunit_try_catch/149
[   11.442018] 
[   11.442582] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G    B            N 6.12.32-rc1 #1
[   11.442700] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.442726] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.442766] Call Trace:
[   11.442792]  <TASK>
[   11.442825]  dump_stack_lvl+0x73/0xb0
[   11.442886]  print_report+0xd1/0x640
[   11.442919]  ? __virt_addr_valid+0x1db/0x2d0
[   11.442944]  ? kmalloc_big_oob_right+0x318/0x370
[   11.442966]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.442989]  ? kmalloc_big_oob_right+0x318/0x370
[   11.443011]  kasan_report+0x140/0x180
[   11.443033]  ? kmalloc_big_oob_right+0x318/0x370
[   11.443070]  __asan_report_store1_noabort+0x1b/0x30
[   11.443250]  kmalloc_big_oob_right+0x318/0x370
[   11.443296]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   11.443340]  ? __schedule+0xc49/0x27a0
[   11.443378]  ? __pfx_read_tsc+0x10/0x10
[   11.443444]  ? ktime_get_ts64+0x84/0x230
[   11.443511]  kunit_try_run_case+0x1a6/0x480
[   11.443559]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.443598]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   11.443637]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.443688]  ? __kthread_parkme+0x82/0x160
[   11.443709]  ? preempt_count_sub+0x50/0x80
[   11.443732]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.443750]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.443775]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.443800]  kthread+0x257/0x310
[   11.443817]  ? __pfx_kthread+0x10/0x10
[   11.443835]  ret_from_fork+0x41/0x80
[   11.443854]  ? __pfx_kthread+0x10/0x10
[   11.443871]  ret_from_fork_asm+0x1a/0x30
[   11.443901]  </TASK>
[   11.443913] 
[   11.452914] Allocated by task 149:
[   11.453393]  kasan_save_stack+0x45/0x70
[   11.454035]  kasan_save_track+0x18/0x40
[   11.454623]  kasan_save_alloc_info+0x3b/0x50
[   11.454961]  __kasan_kmalloc+0xb7/0xc0
[   11.455598]  __kmalloc_cache_noprof+0x168/0x350
[   11.455876]  kmalloc_big_oob_right+0xaa/0x370
[   11.456150]  kunit_try_run_case+0x1a6/0x480
[   11.456458]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.456983]  kthread+0x257/0x310
[   11.457181]  ret_from_fork+0x41/0x80
[   11.457488]  ret_from_fork_asm+0x1a/0x30
[   11.457700] 
[   11.457861] The buggy address belongs to the object at ffff888101f2c000
[   11.457861]  which belongs to the cache kmalloc-8k of size 8192
[   11.458906] The buggy address is located 0 bytes to the right of
[   11.458906]  allocated 7936-byte region [ffff888101f2c000, ffff888101f2df00)
[   11.460260] 
[   11.460375] The buggy address belongs to the physical page:
[   11.460626] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101f28
[   11.460995] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.461745] flags: 0x200000000000040(head|node=0|zone=2)
[   11.462396] page_type: f5(slab)
[   11.462578] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   11.463182] raw: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   11.463401] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   11.463917] head: 0000000000000000 0000000080020002 00000001f5000000 0000000000000000
[   11.464717] head: 0200000000000003 ffffea000407ca01 ffffffffffffffff 0000000000000000
[   11.465039] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   11.465766] page dumped because: kasan: bad access detected
[   11.466121] 
[   11.466700] Memory state around the buggy address:
[   11.466968]  ffff888101f2de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.467766]  ffff888101f2de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.468086] >ffff888101f2df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.468507]                    ^
[   11.468783]  ffff888101f2df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.469390]  ffff888101f2e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.469881] ==================================================================
Metadata Full log Test run details