Hay
Sign in
Date
June 7, 2025, 10:40 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   21.769988] ==================================================================
[   21.771361] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0
[   21.772092] Write of size 1 at addr fff00000c45c5f00 by task kunit_try_catch/133
[   21.772732] 
[   21.773223] CPU: 0 UID: 0 PID: 133 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   21.773774] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.773849] Hardware name: linux,dummy-virt (DT)
[   21.773946] Call trace:
[   21.773980]  show_stack+0x20/0x38 (C)
[   21.774042]  dump_stack_lvl+0x8c/0xd0
[   21.774100]  print_report+0x118/0x608
[   21.774155]  kasan_report+0xdc/0x128
[   21.774226]  __asan_report_store1_noabort+0x20/0x30
[   21.774284]  kmalloc_big_oob_right+0x2a4/0x2f0
[   21.774339]  kunit_try_run_case+0x170/0x3f0
[   21.774395]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.774459]  kthread+0x318/0x620
[   21.774513]  ret_from_fork+0x10/0x20
[   21.774569] 
[   21.781023] Allocated by task 133:
[   21.782011]  kasan_save_stack+0x3c/0x68
[   21.782551]  kasan_save_track+0x20/0x40
[   21.783056]  kasan_save_alloc_info+0x40/0x58
[   21.783605]  __kasan_kmalloc+0xd4/0xd8
[   21.784128]  __kmalloc_cache_noprof+0x16c/0x3c0
[   21.784716]  kmalloc_big_oob_right+0xb8/0x2f0
[   21.786220]  kunit_try_run_case+0x170/0x3f0
[   21.786941]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.787504]  kthread+0x318/0x620
[   21.788328]  ret_from_fork+0x10/0x20
[   21.789035] 
[   21.789328] The buggy address belongs to the object at fff00000c45c4000
[   21.789328]  which belongs to the cache kmalloc-8k of size 8192
[   21.790691] The buggy address is located 0 bytes to the right of
[   21.790691]  allocated 7936-byte region [fff00000c45c4000, fff00000c45c5f00)
[   21.791906] 
[   21.792156] The buggy address belongs to the physical page:
[   21.792759] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1045c0
[   21.793635] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.794421] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.796142] page_type: f5(slab)
[   21.796602] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   21.797347] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   21.798322] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   21.799330] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   21.800122] head: 0bfffe0000000003 ffffc1ffc3117001 ffffffffffffffff 0000000000000000
[   21.800839] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   21.801839] page dumped because: kasan: bad access detected
[   21.802671] 
[   21.803122] Memory state around the buggy address:
[   21.804225]  fff00000c45c5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.804934]  fff00000c45c5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.805628] >fff00000c45c5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.806682]                    ^
[   21.807316]  fff00000c45c5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.808007]  fff00000c45c6000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.808725] ==================================================================
Metadata Full log Test run details 

[   16.650168] ==================================================================
[   16.651429] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x318/0x370
[   16.652004] Write of size 1 at addr ffff888102c59f00 by task kunit_try_catch/152
[   16.652565] 
[   16.652823] CPU: 1 UID: 0 PID: 152 Comm: kunit_try_catch Tainted: G    B            N 6.14.11-rc1 #1
[   16.652941] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.652973] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   16.653017] Call Trace:
[   16.653050]  <TASK>
[   16.653092]  dump_stack_lvl+0x73/0xb0
[   16.653172]  print_report+0xd1/0x650
[   16.653228]  ? __virt_addr_valid+0x1db/0x2d0
[   16.653282]  ? kmalloc_big_oob_right+0x318/0x370
[   16.653327]  ? kasan_complete_mode_report_info+0x2a/0x200
[   16.653381]  ? kmalloc_big_oob_right+0x318/0x370
[   16.653432]  kasan_report+0x140/0x180
[   16.653483]  ? kmalloc_big_oob_right+0x318/0x370
[   16.653548]  __asan_report_store1_noabort+0x1b/0x30
[   16.653609]  kmalloc_big_oob_right+0x318/0x370
[   16.653665]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   16.653724]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   16.653788]  kunit_try_run_case+0x1a6/0x480
[   16.653852]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.653924]  ? _raw_spin_lock_irqsave+0xa2/0x110
[   16.653989]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   16.654035]  ? __kthread_parkme+0x82/0x160
[   16.654068]  ? preempt_count_sub+0x50/0x80
[   16.654102]  ? __pfx_kunit_try_run_case+0x10/0x10
[   16.654130]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.654163]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   16.654194]  kthread+0x324/0x6e0
[   16.654221]  ? trace_preempt_on+0x20/0xc0
[   16.654252]  ? __pfx_kthread+0x10/0x10
[   16.654280]  ? _raw_spin_unlock_irq+0x47/0x80
[   16.654311]  ? calculate_sigpending+0x7b/0xa0
[   16.654350]  ? __pfx_kthread+0x10/0x10
[   16.654379]  ret_from_fork+0x41/0x80
[   16.654405]  ? __pfx_kthread+0x10/0x10
[   16.654432]  ret_from_fork_asm+0x1a/0x30
[   16.654473]  </TASK>
[   16.654488] 
[   16.667094] Allocated by task 152:
[   16.667434]  kasan_save_stack+0x45/0x70
[   16.667799]  kasan_save_track+0x18/0x40
[   16.668196]  kasan_save_alloc_info+0x3b/0x50
[   16.668475]  __kasan_kmalloc+0xb7/0xc0
[   16.668712]  __kmalloc_cache_noprof+0x18a/0x420
[   16.669247]  kmalloc_big_oob_right+0xaa/0x370
[   16.669681]  kunit_try_run_case+0x1a6/0x480
[   16.670115]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   16.671233]  kthread+0x324/0x6e0
[   16.671563]  ret_from_fork+0x41/0x80
[   16.671969]  ret_from_fork_asm+0x1a/0x30
[   16.672320] 
[   16.672466] The buggy address belongs to the object at ffff888102c58000
[   16.672466]  which belongs to the cache kmalloc-8k of size 8192
[   16.673072] The buggy address is located 0 bytes to the right of
[   16.673072]  allocated 7936-byte region [ffff888102c58000, ffff888102c59f00)
[   16.674002] 
[   16.674207] The buggy address belongs to the physical page:
[   16.674751] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c58
[   16.675293] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.676268] flags: 0x200000000000040(head|node=0|zone=2)
[   16.676883] page_type: f5(slab)
[   16.677266] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   16.677951] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   16.678573] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   16.679151] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   16.679720] head: 0200000000000003 ffffea00040b1601 ffffffffffffffff 0000000000000000
[   16.680267] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[   16.680737] page dumped because: kasan: bad access detected
[   16.681026] 
[   16.681227] Memory state around the buggy address:
[   16.681704]  ffff888102c59e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.682126]  ffff888102c59e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.682728] >ffff888102c59f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.683147]                    ^
[   16.683494]  ffff888102c59f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.684105]  ffff888102c5a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.684530] ==================================================================
Metadata Full log Test run details