Hay
Sign in
Date
July 5, 2025, 11:09 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   18.484548] ==================================================================
[   18.484718] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320
[   18.485186] Read of size 1 at addr fff00000c567281f by task kunit_try_catch/139
[   18.485321] 
[   18.485441] CPU: 0 UID: 0 PID: 139 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT 
[   18.485642] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.485806] Hardware name: linux,dummy-virt (DT)
[   18.485903] Call trace:
[   18.485946]  show_stack+0x20/0x38 (C)
[   18.486113]  dump_stack_lvl+0x8c/0xd0
[   18.486493]  print_report+0x118/0x608
[   18.486702]  kasan_report+0xdc/0x128
[   18.486822]  __asan_report_load1_noabort+0x20/0x30
[   18.486947]  kmalloc_oob_left+0x2ec/0x320
[   18.487032]  kunit_try_run_case+0x170/0x3f0
[   18.487350]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.487574]  kthread+0x328/0x630
[   18.487760]  ret_from_fork+0x10/0x20
[   18.487878] 
[   18.488052] Allocated by task 26:
[   18.488271]  kasan_save_stack+0x3c/0x68
[   18.488488]  kasan_save_track+0x20/0x40
[   18.488616]  kasan_save_alloc_info+0x40/0x58
[   18.488873]  __kasan_kmalloc+0xd4/0xd8
[   18.489101]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   18.489322]  kstrdup+0x54/0xc8
[   18.489506]  devtmpfs_work_loop+0x6f8/0xa58
[   18.489817]  devtmpfsd+0x50/0x58
[   18.489957]  kthread+0x328/0x630
[   18.490079]  ret_from_fork+0x10/0x20
[   18.490156] 
[   18.490226] Freed by task 26:
[   18.490313]  kasan_save_stack+0x3c/0x68
[   18.490423]  kasan_save_track+0x20/0x40
[   18.490680]  kasan_save_free_info+0x4c/0x78
[   18.490904]  __kasan_slab_free+0x6c/0x98
[   18.491078]  kfree+0x214/0x3c8
[   18.491148]  devtmpfs_work_loop+0x804/0xa58
[   18.491622]  devtmpfsd+0x50/0x58
[   18.491764]  kthread+0x328/0x630
[   18.491846]  ret_from_fork+0x10/0x20
[   18.491949] 
[   18.491996] The buggy address belongs to the object at fff00000c5672800
[   18.491996]  which belongs to the cache kmalloc-16 of size 16
[   18.492126] The buggy address is located 15 bytes to the right of
[   18.492126]  allocated 16-byte region [fff00000c5672800, fff00000c5672810)
[   18.492316] 
[   18.492395] The buggy address belongs to the physical page:
[   18.492477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105672
[   18.492583] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.492721] page_type: f5(slab)
[   18.492832] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   18.492977] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   18.493066] page dumped because: kasan: bad access detected
[   18.493134] 
[   18.493180] Memory state around the buggy address:
[   18.493270]  fff00000c5672700: 00 05 fc fc fa fb fc fc 00 05 fc fc fa fb fc fc
[   18.493396]  fff00000c5672780: 00 03 fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   18.493472] >fff00000c5672800: fa fb fc fc 00 07 fc fc fc fc fc fc fc fc fc fc
[   18.493549]                             ^
[   18.493857]  fff00000c5672880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.494256]  fff00000c5672900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.494365] ==================================================================
Metadata Full log Test run details 

[   12.773350] ==================================================================
[   12.774630] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0
[   12.775373] Read of size 1 at addr ffff8881018867ff by task kunit_try_catch/155
[   12.776219] 
[   12.776526] CPU: 1 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc4 #1 PREEMPT(voluntary) 
[   12.776585] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.776600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.776625] Call Trace:
[   12.776642]  <TASK>
[   12.776678]  dump_stack_lvl+0x73/0xb0
[   12.776715]  print_report+0xd1/0x650
[   12.776741]  ? __virt_addr_valid+0x1db/0x2d0
[   12.776778]  ? kmalloc_oob_left+0x361/0x3c0
[   12.776803]  ? kasan_complete_mode_report_info+0x64/0x200
[   12.776830]  ? kmalloc_oob_left+0x361/0x3c0
[   12.776855]  kasan_report+0x141/0x180
[   12.776923]  ? kmalloc_oob_left+0x361/0x3c0
[   12.776956]  __asan_report_load1_noabort+0x18/0x20
[   12.776998]  kmalloc_oob_left+0x361/0x3c0
[   12.777023]  ? __pfx_kmalloc_oob_left+0x10/0x10
[   12.777049]  ? __schedule+0x10cc/0x2b60
[   12.777075]  ? __pfx_read_tsc+0x10/0x10
[   12.777101]  ? ktime_get_ts64+0x86/0x230
[   12.777131]  kunit_try_run_case+0x1a5/0x480
[   12.777160]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.777189]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.777219]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.777247]  ? __kthread_parkme+0x82/0x180
[   12.777272]  ? preempt_count_sub+0x50/0x80
[   12.777300]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.777328]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.777355]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.777382]  kthread+0x337/0x6f0
[   12.777405]  ? trace_preempt_on+0x20/0xc0
[   12.777434]  ? __pfx_kthread+0x10/0x10
[   12.777458]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.777483]  ? calculate_sigpending+0x7b/0xa0
[   12.777511]  ? __pfx_kthread+0x10/0x10
[   12.777536]  ret_from_fork+0x116/0x1d0
[   12.777558]  ? __pfx_kthread+0x10/0x10
[   12.777581]  ret_from_fork_asm+0x1a/0x30
[   12.777619]  </TASK>
[   12.777633] 
[   12.788830] Allocated by task 35:
[   12.789058]  kasan_save_stack+0x45/0x70
[   12.789302]  kasan_save_track+0x18/0x40
[   12.789500]  kasan_save_alloc_info+0x3b/0x50
[   12.790183]  __kasan_kmalloc+0xb7/0xc0
[   12.790599]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   12.791088]  kvasprintf+0xc5/0x150
[   12.791315]  kasprintf+0xb6/0xf0
[   12.791592]  bsg_devnode+0x46/0x80
[   12.791888]  device_get_devnode+0x145/0x2a0
[   12.792243]  dev_uevent+0x41c/0x730
[   12.792404]  kobject_uevent_env+0x50d/0xff0
[   12.792634]  kobject_uevent+0xf/0x20
[   12.793102]  device_add+0xe4c/0x1820
[   12.793748]  cdev_device_add+0xab/0x1c0
[   12.794278]  bsg_register_queue+0x25e/0x3d0
[   12.794543]  scsi_bsg_register_queue+0x71/0xd0
[   12.794891]  scsi_sysfs_add_sdev+0x228/0x460
[   12.795095]  scsi_add_lun+0x125a/0x2080
[   12.795328]  scsi_probe_and_add_lun+0x2c8/0x700
[   12.795597]  __scsi_add_device+0x1d9/0x210
[   12.795976]  ata_scsi_scan_host+0x13d/0x3d0
[   12.796164]  async_port_probe+0xb0/0xe0
[   12.796360]  async_run_entry_fn+0x9c/0x430
[   12.796603]  process_one_work+0x5ee/0xf60
[   12.797215]  worker_thread+0x758/0x1220
[   12.797453]  kthread+0x337/0x6f0
[   12.797603]  ret_from_fork+0x116/0x1d0
[   12.798000]  ret_from_fork_asm+0x1a/0x30
[   12.798375] 
[   12.798530] Freed by task 35:
[   12.798736]  kasan_save_stack+0x45/0x70
[   12.799045]  kasan_save_track+0x18/0x40
[   12.799682]  kasan_save_free_info+0x3f/0x60
[   12.800153]  __kasan_slab_free+0x56/0x70
[   12.800476]  kfree+0x222/0x3f0
[   12.800696]  dev_uevent+0x466/0x730
[   12.801126]  kobject_uevent_env+0x50d/0xff0
[   12.801400]  kobject_uevent+0xf/0x20
[   12.801567]  device_add+0xe4c/0x1820
[   12.801798]  cdev_device_add+0xab/0x1c0
[   12.802263]  bsg_register_queue+0x25e/0x3d0
[   12.802501]  scsi_bsg_register_queue+0x71/0xd0
[   12.802785]  scsi_sysfs_add_sdev+0x228/0x460
[   12.803475]  scsi_add_lun+0x125a/0x2080
[   12.803682]  scsi_probe_and_add_lun+0x2c8/0x700
[   12.804297]  __scsi_add_device+0x1d9/0x210
[   12.804527]  ata_scsi_scan_host+0x13d/0x3d0
[   12.804863]  async_port_probe+0xb0/0xe0
[   12.805155]  async_run_entry_fn+0x9c/0x430
[   12.805497]  process_one_work+0x5ee/0xf60
[   12.805737]  worker_thread+0x758/0x1220
[   12.806063]  kthread+0x337/0x6f0
[   12.806394]  ret_from_fork+0x116/0x1d0
[   12.806761]  ret_from_fork_asm+0x1a/0x30
[   12.807105] 
[   12.807277] The buggy address belongs to the object at ffff8881018867e0
[   12.807277]  which belongs to the cache kmalloc-16 of size 16
[   12.808346] The buggy address is located 15 bytes to the right of
[   12.808346]  allocated 16-byte region [ffff8881018867e0, ffff8881018867f0)
[   12.809322] 
[   12.809516] The buggy address belongs to the physical page:
[   12.809908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101886
[   12.810877] flags: 0x200000000000000(node=0|zone=2)
[   12.811168] page_type: f5(slab)
[   12.811357] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   12.811996] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   12.812380] page dumped because: kasan: bad access detected
[   12.812681] 
[   12.813143] Memory state around the buggy address:
[   12.813428]  ffff888101886680: 00 00 fc fc 00 04 fc fc 00 04 fc fc 00 00 fc fc
[   12.813906]  ffff888101886700: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   12.814269] >ffff888101886780: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   12.814615]                                                                 ^
[   12.815316]  ffff888101886800: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.815978]  ffff888101886880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.816565] ==================================================================
Metadata Full log Test run details