Hay
Sign in
Date
June 5, 2025, 7:08 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   24.543686] ==================================================================
[   24.543810] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320
[   24.543950] Read of size 1 at addr fff00000c5881b7f by task kunit_try_catch/138
[   24.544878] 
[   24.544974] CPU: 1 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT 
[   24.546089] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.546177] Hardware name: linux,dummy-virt (DT)
[   24.546264] Call trace:
[   24.546343]  show_stack+0x20/0x38 (C)
[   24.546978]  dump_stack_lvl+0x8c/0xd0
[   24.547143]  print_report+0x118/0x608
[   24.547648]  kasan_report+0xdc/0x128
[   24.547797]  __asan_report_load1_noabort+0x20/0x30
[   24.547969]  kmalloc_oob_left+0x2ec/0x320
[   24.548097]  kunit_try_run_case+0x170/0x3f0
[   24.548222]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   24.548588]  kthread+0x328/0x630
[   24.548714]  ret_from_fork+0x10/0x20
[   24.548834] 
[   24.548876] Allocated by task 24:
[   24.548989]  kasan_save_stack+0x3c/0x68
[   24.549120]  kasan_save_track+0x20/0x40
[   24.549382]  kasan_save_alloc_info+0x40/0x58
[   24.549520]  __kasan_kmalloc+0xd4/0xd8
[   24.549648]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   24.549963]  kvasprintf+0xe0/0x180
[   24.550054]  __kthread_create_on_node+0x16c/0x350
[   24.550145]  kthread_create_on_node+0xe4/0x130
[   24.550234]  create_worker+0x380/0x6b8
[   24.550320]  worker_thread+0x808/0xf38
[   24.550442]  kthread+0x328/0x630
[   24.550540]  ret_from_fork+0x10/0x20
[   24.550648] 
[   24.550703] The buggy address belongs to the object at fff00000c5881b60
[   24.550703]  which belongs to the cache kmalloc-16 of size 16
[   24.550847] The buggy address is located 19 bytes to the right of
[   24.550847]  allocated 12-byte region [fff00000c5881b60, fff00000c5881b6c)
[   24.551001] 
[   24.551051] The buggy address belongs to the physical page:
[   24.551149] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105881
[   24.551287] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   24.551444] page_type: f5(slab)
[   24.551551] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   24.551692] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   24.551800] page dumped because: kasan: bad access detected
[   24.551930] 
[   24.551983] Memory state around the buggy address:
[   24.552069]  fff00000c5881a00: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 05 fc fc
[   24.552238]  fff00000c5881a80: fa fb fc fc 00 02 fc fc fa fb fc fc fa fb fc fc
[   24.552376] >fff00000c5881b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 04 fc fc
[   24.552475]                                                                 ^
[   24.552576]  fff00000c5881b80: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.552678]  fff00000c5881c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.554347] ==================================================================
Metadata Full log Test run details 

[   10.702359] ==================================================================
[   10.703165] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0
[   10.703539] Read of size 1 at addr ffff888102ae90bf by task kunit_try_catch/155
[   10.704112] 
[   10.704577] CPU: 0 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250605 #1 PREEMPT(voluntary) 
[   10.704627] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.704638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.704660] Call Trace:
[   10.704670]  <TASK>
[   10.704687]  dump_stack_lvl+0x73/0xb0
[   10.704715]  print_report+0xd1/0x650
[   10.704736]  ? __virt_addr_valid+0x1db/0x2d0
[   10.704759]  ? kmalloc_oob_left+0x361/0x3c0
[   10.704780]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.704801]  ? kmalloc_oob_left+0x361/0x3c0
[   10.704822]  kasan_report+0x141/0x180
[   10.704843]  ? kmalloc_oob_left+0x361/0x3c0
[   10.704868]  __asan_report_load1_noabort+0x18/0x20
[   10.704905]  kmalloc_oob_left+0x361/0x3c0
[   10.704927]  ? __pfx_kmalloc_oob_left+0x10/0x10
[   10.704948]  ? __schedule+0x10cc/0x2b60
[   10.704972]  ? __pfx_read_tsc+0x10/0x10
[   10.704993]  ? ktime_get_ts64+0x86/0x230
[   10.705049]  kunit_try_run_case+0x1a5/0x480
[   10.705071]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.705090]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.705114]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.705146]  ? __kthread_parkme+0x82/0x180
[   10.705166]  ? preempt_count_sub+0x50/0x80
[   10.705189]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.705209]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.705233]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.705256]  kthread+0x337/0x6f0
[   10.705274]  ? trace_preempt_on+0x20/0xc0
[   10.705297]  ? __pfx_kthread+0x10/0x10
[   10.705317]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.705338]  ? calculate_sigpending+0x7b/0xa0
[   10.705362]  ? __pfx_kthread+0x10/0x10
[   10.705382]  ret_from_fork+0x116/0x1d0
[   10.705399]  ? __pfx_kthread+0x10/0x10
[   10.705419]  ret_from_fork_asm+0x1a/0x30
[   10.705449]  </TASK>
[   10.705459] 
[   10.717675] Allocated by task 1:
[   10.718009]  kasan_save_stack+0x45/0x70
[   10.718452]  kasan_save_track+0x18/0x40
[   10.718808]  kasan_save_alloc_info+0x3b/0x50
[   10.718994]  __kasan_kmalloc+0xb7/0xc0
[   10.719694]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   10.720346]  kvasprintf+0xc5/0x150
[   10.720518]  __kthread_create_on_node+0x18b/0x3a0
[   10.721074]  kthread_create_on_node+0xab/0xe0
[   10.721265]  create_worker+0x3e5/0x7b0
[   10.721639]  alloc_unbound_pwq+0x8ea/0xdb0
[   10.721924]  apply_wqattrs_prepare+0x332/0xd20
[   10.722479]  apply_workqueue_attrs_locked+0x4d/0xa0
[   10.722709]  alloc_workqueue+0xcc7/0x1ad0
[   10.722847]  latency_fsnotify_init+0x1b/0x50
[   10.723274]  do_one_initcall+0xd8/0x370
[   10.723626]  kernel_init_freeable+0x420/0x6f0
[   10.724141]  kernel_init+0x23/0x1e0
[   10.724482]  ret_from_fork+0x116/0x1d0
[   10.724851]  ret_from_fork_asm+0x1a/0x30
[   10.725322] 
[   10.725410] The buggy address belongs to the object at ffff888102ae90a0
[   10.725410]  which belongs to the cache kmalloc-16 of size 16
[   10.725782] The buggy address is located 18 bytes to the right of
[   10.725782]  allocated 13-byte region [ffff888102ae90a0, ffff888102ae90ad)
[   10.726592] 
[   10.726761] The buggy address belongs to the physical page:
[   10.727483] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ae9
[   10.728250] flags: 0x200000000000000(node=0|zone=2)
[   10.728420] page_type: f5(slab)
[   10.728540] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   10.729089] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   10.729903] page dumped because: kasan: bad access detected
[   10.730464] 
[   10.730628] Memory state around the buggy address:
[   10.731260]  ffff888102ae8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.731805]  ffff888102ae9000: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc
[   10.732263] >ffff888102ae9080: fa fb fc fc 00 05 fc fc 00 07 fc fc fc fc fc fc
[   10.732938]                                         ^
[   10.733413]  ffff888102ae9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.733641]  ffff888102ae9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.733854] ==================================================================
Metadata Full log Test run details