Hay
Sign in
Date
July 18, 2025, 11:11 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   15.063906] ==================================================================
[   15.063965] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330
[   15.064015] Read of size 1 at addr fff00000c634d000 by task kunit_try_catch/140
[   15.064064] 
[   15.064141] CPU: 1 UID: 0 PID: 140 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT 
[   15.064224] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.064250] Hardware name: linux,dummy-virt (DT)
[   15.064289] Call trace:
[   15.064311]  show_stack+0x20/0x38 (C)
[   15.064785]  dump_stack_lvl+0x8c/0xd0
[   15.065043]  print_report+0x118/0x5d0
[   15.065108]  kasan_report+0xdc/0x128
[   15.065438]  __asan_report_load1_noabort+0x20/0x30
[   15.065764]  kmalloc_node_oob_right+0x2f4/0x330
[   15.065833]  kunit_try_run_case+0x170/0x3f0
[   15.065885]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.066247]  kthread+0x328/0x630
[   15.066408]  ret_from_fork+0x10/0x20
[   15.066481] 
[   15.066726] Allocated by task 140:
[   15.066828]  kasan_save_stack+0x3c/0x68
[   15.067104]  kasan_save_track+0x20/0x40
[   15.067530]  kasan_save_alloc_info+0x40/0x58
[   15.067641]  __kasan_kmalloc+0xd4/0xd8
[   15.067793]  __kmalloc_cache_node_noprof+0x178/0x3d0
[   15.068079]  kmalloc_node_oob_right+0xbc/0x330
[   15.068315]  kunit_try_run_case+0x170/0x3f0
[   15.068477]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.068656]  kthread+0x328/0x630
[   15.068694]  ret_from_fork+0x10/0x20
[   15.068729] 
[   15.068786] The buggy address belongs to the object at fff00000c634c000
[   15.068786]  which belongs to the cache kmalloc-4k of size 4096
[   15.069154] The buggy address is located 0 bytes to the right of
[   15.069154]  allocated 4096-byte region [fff00000c634c000, fff00000c634d000)
[   15.069252] 
[   15.069295] The buggy address belongs to the physical page:
[   15.069716] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106348
[   15.070401] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.070533] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.070773] page_type: f5(slab)
[   15.070816] raw: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000
[   15.070892] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   15.071255] head: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000
[   15.072868] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   15.072938] head: 0bfffe0000000003 ffffc1ffc318d201 00000000ffffffff 00000000ffffffff
[   15.073312] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   15.074062] page dumped because: kasan: bad access detected
[   15.074462] 
[   15.074828] Memory state around the buggy address:
[   15.074896]  fff00000c634cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.074942]  fff00000c634cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.075874] >fff00000c634d000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.075943]                    ^
[   15.075983]  fff00000c634d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.076032]  fff00000c634d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.076101] ==================================================================
Metadata Full log Test run details 

[   11.452236] ==================================================================
[   11.452841] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0
[   11.453211] Read of size 1 at addr ffff888102b11000 by task kunit_try_catch/159
[   11.453575] 
[   11.453680] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6 #1 PREEMPT(voluntary) 
[   11.453724] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.453734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.453754] Call Trace:
[   11.453764]  <TASK>
[   11.453778]  dump_stack_lvl+0x73/0xb0
[   11.453803]  print_report+0xd1/0x610
[   11.453824]  ? __virt_addr_valid+0x1db/0x2d0
[   11.453844]  ? kmalloc_node_oob_right+0x369/0x3c0
[   11.453867]  ? kasan_complete_mode_report_info+0x2a/0x200
[   11.453936]  ? kmalloc_node_oob_right+0x369/0x3c0
[   11.453959]  kasan_report+0x141/0x180
[   11.453987]  ? kmalloc_node_oob_right+0x369/0x3c0
[   11.454014]  __asan_report_load1_noabort+0x18/0x20
[   11.454037]  kmalloc_node_oob_right+0x369/0x3c0
[   11.454061]  ? __pfx_kmalloc_node_oob_right+0x10/0x10
[   11.454115]  ? __pfx_kmalloc_node_oob_right+0x10/0x10
[   11.454143]  kunit_try_run_case+0x1a5/0x480
[   11.454165]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.454187]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.454209]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.454231]  ? __kthread_parkme+0x82/0x180
[   11.454250]  ? preempt_count_sub+0x50/0x80
[   11.454281]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.454321]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.454344]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.454367]  kthread+0x337/0x6f0
[   11.454385]  ? trace_preempt_on+0x20/0xc0
[   11.454407]  ? __pfx_kthread+0x10/0x10
[   11.454426]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.454446]  ? calculate_sigpending+0x7b/0xa0
[   11.454468]  ? __pfx_kthread+0x10/0x10
[   11.454498]  ret_from_fork+0x116/0x1d0
[   11.454516]  ? __pfx_kthread+0x10/0x10
[   11.454535]  ret_from_fork_asm+0x1a/0x30
[   11.454577]  </TASK>
[   11.454586] 
[   11.462156] Allocated by task 159:
[   11.462292]  kasan_save_stack+0x45/0x70
[   11.462432]  kasan_save_track+0x18/0x40
[   11.462565]  kasan_save_alloc_info+0x3b/0x50
[   11.462904]  __kasan_kmalloc+0xb7/0xc0
[   11.463319]  __kmalloc_cache_node_noprof+0x188/0x420
[   11.463644]  kmalloc_node_oob_right+0xab/0x3c0
[   11.463873]  kunit_try_run_case+0x1a5/0x480
[   11.464076]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.464401]  kthread+0x337/0x6f0
[   11.464676]  ret_from_fork+0x116/0x1d0
[   11.464809]  ret_from_fork_asm+0x1a/0x30
[   11.465012] 
[   11.465104] The buggy address belongs to the object at ffff888102b10000
[   11.465104]  which belongs to the cache kmalloc-4k of size 4096
[   11.465662] The buggy address is located 0 bytes to the right of
[   11.465662]  allocated 4096-byte region [ffff888102b10000, ffff888102b11000)
[   11.466365] 
[   11.466483] The buggy address belongs to the physical page:
[   11.466797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b10
[   11.467324] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   11.467726] flags: 0x200000000000040(head|node=0|zone=2)
[   11.468032] page_type: f5(slab)
[   11.468337] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000
[   11.468754] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   11.469158] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000
[   11.469404] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   11.469637] head: 0200000000000003 ffffea00040ac401 00000000ffffffff 00000000ffffffff
[   11.469869] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   11.470204] page dumped because: kasan: bad access detected
[   11.470622] 
[   11.470714] Memory state around the buggy address:
[   11.470932]  ffff888102b10f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.471244]  ffff888102b10f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   11.471561] >ffff888102b11000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.471773]                    ^
[   11.471887]  ffff888102b11080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.472102]  ffff888102b11100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.472567] ==================================================================
Metadata Full log Test run details