Hay
Sign in
Date
July 22, 2025, 2:40 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   16.888181] ==================================================================
[   16.888657] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0
[   16.888933] Write of size 1 at addr fff00000c6625f00 by task kunit_try_catch/146
[   16.889087] 
[   16.889168] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT 
[   16.889447] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.889614] Hardware name: linux,dummy-virt (DT)
[   16.889659] Call trace:
[   16.889684]  show_stack+0x20/0x38 (C)
[   16.889734]  dump_stack_lvl+0x8c/0xd0
[   16.889976]  print_report+0x118/0x5d0
[   16.890039]  kasan_report+0xdc/0x128
[   16.890304]  __asan_report_store1_noabort+0x20/0x30
[   16.890378]  kmalloc_big_oob_right+0x2a4/0x2f0
[   16.890427]  kunit_try_run_case+0x170/0x3f0
[   16.890746]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.891076]  kthread+0x328/0x630
[   16.891169]  ret_from_fork+0x10/0x20
[   16.891597] 
[   16.891636] Allocated by task 146:
[   16.891718]  kasan_save_stack+0x3c/0x68
[   16.891791]  kasan_save_track+0x20/0x40
[   16.891879]  kasan_save_alloc_info+0x40/0x58
[   16.891919]  __kasan_kmalloc+0xd4/0xd8
[   16.891953]  __kmalloc_cache_noprof+0x16c/0x3c0
[   16.891992]  kmalloc_big_oob_right+0xb8/0x2f0
[   16.892304]  kunit_try_run_case+0x170/0x3f0
[   16.892581]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.892711]  kthread+0x328/0x630
[   16.892992]  ret_from_fork+0x10/0x20
[   16.893214] 
[   16.893256] The buggy address belongs to the object at fff00000c6624000
[   16.893256]  which belongs to the cache kmalloc-8k of size 8192
[   16.893389] The buggy address is located 0 bytes to the right of
[   16.893389]  allocated 7936-byte region [fff00000c6624000, fff00000c6625f00)
[   16.893472] 
[   16.893508] The buggy address belongs to the physical page:
[   16.893573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106620
[   16.893634] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   16.893694] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   16.893746] page_type: f5(slab)
[   16.893784] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   16.893842] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   16.893889] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   16.893936] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   16.893982] head: 0bfffe0000000003 ffffc1ffc3198801 00000000ffffffff 00000000ffffffff
[   16.894029] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   16.894069] page dumped because: kasan: bad access detected
[   16.894108] 
[   16.894126] Memory state around the buggy address:
[   16.894157]  fff00000c6625e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.894197]  fff00000c6625e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   16.894246] >fff00000c6625f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.894299]                    ^
[   16.894326]  fff00000c6625f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.894378]  fff00000c6626000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.894415] ==================================================================
Metadata Full log Test run details 

[   10.515222] ==================================================================
[   10.515942] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370
[   10.516257] Write of size 1 at addr ffff888103c41f00 by task kunit_try_catch/164
[   10.516520] 
[   10.516634] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G    B            N  6.15.8-rc1 #1 PREEMPT(voluntary) 
[   10.516678] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.516689] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.516709] Call Trace:
[   10.516720]  <TASK>
[   10.516734]  dump_stack_lvl+0x73/0xb0
[   10.516758]  print_report+0xd1/0x610
[   10.516780]  ? __virt_addr_valid+0x1db/0x2d0
[   10.516800]  ? kmalloc_big_oob_right+0x316/0x370
[   10.516821]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.516843]  ? kmalloc_big_oob_right+0x316/0x370
[   10.516865]  kasan_report+0x141/0x180
[   10.516886]  ? kmalloc_big_oob_right+0x316/0x370
[   10.516913]  __asan_report_store1_noabort+0x1b/0x30
[   10.516938]  kmalloc_big_oob_right+0x316/0x370
[   10.516960]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   10.516982]  ? __schedule+0x10c6/0x2b60
[   10.517005]  ? __pfx_read_tsc+0x10/0x10
[   10.517023]  ? ktime_get_ts64+0x86/0x230
[   10.517048]  kunit_try_run_case+0x1a5/0x480
[   10.517068]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.517085]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.517104]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.517128]  ? __kthread_parkme+0x82/0x180
[   10.517193]  ? preempt_count_sub+0x50/0x80
[   10.517220]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.517250]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.517272]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.517295]  kthread+0x337/0x6f0
[   10.517312]  ? trace_preempt_on+0x20/0xc0
[   10.517335]  ? __pfx_kthread+0x10/0x10
[   10.517352]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.517373]  ? calculate_sigpending+0x7b/0xa0
[   10.517393]  ? __pfx_kthread+0x10/0x10
[   10.517411]  ret_from_fork+0x41/0x80
[   10.517431]  ? __pfx_kthread+0x10/0x10
[   10.517447]  ret_from_fork_asm+0x1a/0x30
[   10.517477]  </TASK>
[   10.517487] 
[   10.526472] Allocated by task 164:
[   10.526653]  kasan_save_stack+0x45/0x70
[   10.527130]  kasan_save_track+0x18/0x40
[   10.527353]  kasan_save_alloc_info+0x3b/0x50
[   10.527561]  __kasan_kmalloc+0xb7/0xc0
[   10.527847]  __kmalloc_cache_noprof+0x189/0x420
[   10.528075]  kmalloc_big_oob_right+0xa9/0x370
[   10.528242]  kunit_try_run_case+0x1a5/0x480
[   10.528495]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.528930]  kthread+0x337/0x6f0
[   10.529059]  ret_from_fork+0x41/0x80
[   10.529433]  ret_from_fork_asm+0x1a/0x30
[   10.529723] 
[   10.529989] The buggy address belongs to the object at ffff888103c40000
[   10.529989]  which belongs to the cache kmalloc-8k of size 8192
[   10.530691] The buggy address is located 0 bytes to the right of
[   10.530691]  allocated 7936-byte region [ffff888103c40000, ffff888103c41f00)
[   10.531377] 
[   10.531495] The buggy address belongs to the physical page:
[   10.531848] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103c40
[   10.532212] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.532626] flags: 0x200000000000040(head|node=0|zone=2)
[   10.532971] page_type: f5(slab)
[   10.533193] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   10.533582] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   10.534146] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   10.534590] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   10.534827] head: 0200000000000003 ffffea00040f1001 00000000ffffffff 00000000ffffffff
[   10.535570] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   10.536126] page dumped because: kasan: bad access detected
[   10.536344] 
[   10.536435] Memory state around the buggy address:
[   10.536661]  ffff888103c41e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.537123]  ffff888103c41e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.537454] >ffff888103c41f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.537940]                    ^
[   10.538127]  ffff888103c41f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.538544]  ffff888103c42000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.538968] ==================================================================
Metadata Full log Test run details