Hay
Sign in
Date
June 23, 2025, 7:07 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   32.174446] ==================================================================
[   32.174674] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320
[   32.174865] Read of size 1 at addr fff00000c56f127f by task kunit_try_catch/150
[   32.175015] 
[   32.175127] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT 
[   32.175544] Tainted: [B]=BAD_PAGE, [N]=TEST
[   32.175965] Hardware name: linux,dummy-virt (DT)
[   32.176064] Call trace:
[   32.176594]  show_stack+0x20/0x38 (C)
[   32.176950]  dump_stack_lvl+0x8c/0xd0
[   32.177535]  print_report+0x118/0x608
[   32.177659]  kasan_report+0xdc/0x128
[   32.178409]  __asan_report_load1_noabort+0x20/0x30
[   32.178916]  kmalloc_oob_left+0x2ec/0x320
[   32.179314]  kunit_try_run_case+0x170/0x3f0
[   32.179468]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   32.179999]  kthread+0x328/0x630
[   32.180240]  ret_from_fork+0x10/0x20
[   32.180383] 
[   32.181004] Allocated by task 21:
[   32.181472]  kasan_save_stack+0x3c/0x68
[   32.181691]  kasan_save_track+0x20/0x40
[   32.182273]  kasan_save_alloc_info+0x40/0x58
[   32.182503]  __kasan_kmalloc+0xd4/0xd8
[   32.182778]  __kmalloc_cache_node_noprof+0x178/0x3d0
[   32.183415]  build_sched_domains+0x32c/0x3768
[   32.183529]  partition_sched_domains+0x79c/0x1098
[   32.183640]  rebuild_sched_domains_locked+0x494/0xde0
[   32.183754]  cpuset_handle_hotplug+0xab0/0x1480
[   32.184980]  cpuset_update_active_cpus+0x18/0x30
[   32.185098]  sched_cpu_activate+0x2d0/0x388
[   32.185642]  cpuhp_invoke_callback+0x5b8/0x1620
[   32.186330]  cpuhp_thread_fun+0x230/0x5d8
[   32.186485]  smpboot_thread_fn+0x2e8/0x760
[   32.186625]  kthread+0x328/0x630
[   32.186726]  ret_from_fork+0x10/0x20
[   32.187095] 
[   32.187419] Freed by task 21:
[   32.187529]  kasan_save_stack+0x3c/0x68
[   32.187630]  kasan_save_track+0x20/0x40
[   32.187719]  kasan_save_free_info+0x4c/0x78
[   32.187805]  __kasan_slab_free+0x6c/0x98
[   32.187996]  kfree+0x214/0x3c8
[   32.188099]  build_sched_domains+0x1c64/0x3768
[   32.188194]  partition_sched_domains+0x79c/0x1098
[   32.188322]  rebuild_sched_domains_locked+0x494/0xde0
[   32.188458]  cpuset_handle_hotplug+0xab0/0x1480
[   32.188554]  cpuset_update_active_cpus+0x18/0x30
[   32.188643]  sched_cpu_activate+0x2d0/0x388
[   32.188732]  cpuhp_invoke_callback+0x5b8/0x1620
[   32.188835]  cpuhp_thread_fun+0x230/0x5d8
[   32.188922]  smpboot_thread_fn+0x2e8/0x760
[   32.189016]  kthread+0x328/0x630
[   32.189743]  ret_from_fork+0x10/0x20
[   32.190729] 
[   32.190776] The buggy address belongs to the object at fff00000c56f1260
[   32.190776]  which belongs to the cache kmalloc-16 of size 16
[   32.190870] The buggy address is located 15 bytes to the right of
[   32.190870]  allocated 16-byte region [fff00000c56f1260, fff00000c56f1270)
[   32.191252] 
[   32.191422] The buggy address belongs to the physical page:
[   32.191496] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1056f1
[   32.191623] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   32.191740] page_type: f5(slab)
[   32.191830] raw: 0bfffe0000000000 fff00000c0001640 dead000000000100 dead000000000122
[   32.191945] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   32.192057] page dumped because: kasan: bad access detected
[   32.192127] 
[   32.192170] Memory state around the buggy address:
[   32.192243]  fff00000c56f1100: 00 06 fc fc 00 06 fc fc 00 00 fc fc fa fb fc fc
[   32.192343]  fff00000c56f1180: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[   32.192489] >fff00000c56f1200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   32.192716]                                                                 ^
[   32.192815]  fff00000c56f1280: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.192910]  fff00000c56f1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   32.193005] ==================================================================
Metadata Full log Test run details 

[   21.020039] ==================================================================
[   21.020571] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0
[   21.021090] Read of size 1 at addr ffff888101bb7f5f by task kunit_try_catch/167
[   21.021541] 
[   21.021645] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250623 #1 PREEMPT(voluntary) 
[   21.021691] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.021703] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.021720] Call Trace:
[   21.021734]  <TASK>
[   21.021750]  dump_stack_lvl+0x73/0xb0
[   21.021778]  print_report+0xd1/0x650
[   21.021797]  ? __virt_addr_valid+0x1db/0x2d0
[   21.021815]  ? kmalloc_oob_left+0x361/0x3c0
[   21.021861]  ? kasan_complete_mode_report_info+0x64/0x200
[   21.021905]  ? kmalloc_oob_left+0x361/0x3c0
[   21.021939]  kasan_report+0x141/0x180
[   21.021973]  ? kmalloc_oob_left+0x361/0x3c0
[   21.022177]  __asan_report_load1_noabort+0x18/0x20
[   21.022240]  kmalloc_oob_left+0x361/0x3c0
[   21.022415]  ? __pfx_kmalloc_oob_left+0x10/0x10
[   21.022470]  ? __schedule+0x10cc/0x2b60
[   21.022514]  ? __pfx_read_tsc+0x10/0x10
[   21.022565]  ? ktime_get_ts64+0x86/0x230
[   21.022616]  kunit_try_run_case+0x1a5/0x480
[   21.022664]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.022707]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.022744]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.022773]  ? __kthread_parkme+0x82/0x180
[   21.022793]  ? preempt_count_sub+0x50/0x80
[   21.022813]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.022839]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.022881]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.022901]  kthread+0x337/0x6f0
[   21.022919]  ? trace_preempt_on+0x20/0xc0
[   21.022939]  ? __pfx_kthread+0x10/0x10
[   21.022958]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.022976]  ? calculate_sigpending+0x7b/0xa0
[   21.022997]  ? __pfx_kthread+0x10/0x10
[   21.023016]  ret_from_fork+0x116/0x1d0
[   21.023033]  ? __pfx_kthread+0x10/0x10
[   21.023051]  ret_from_fork_asm+0x1a/0x30
[   21.023077]  </TASK>
[   21.023088] 
[   21.030085] Allocated by task 21:
[   21.030329]  kasan_save_stack+0x45/0x70
[   21.030653]  kasan_save_track+0x18/0x40
[   21.030969]  kasan_save_alloc_info+0x3b/0x50
[   21.031267]  __kasan_kmalloc+0xb7/0xc0
[   21.031551]  __kmalloc_cache_node_noprof+0x188/0x420
[   21.031898]  build_sched_domains+0x38c/0x5dd0
[   21.032147]  partition_sched_domains+0x471/0x9c0
[   21.032398]  rebuild_sched_domains_locked+0x97d/0xd50
[   21.032664]  cpuset_update_active_cpus+0x80f/0x1a90
[   21.033038]  sched_cpu_activate+0x2bf/0x330
[   21.033200]  cpuhp_invoke_callback+0x2a1/0xf00
[   21.033536]  cpuhp_thread_fun+0x2ce/0x5c0
[   21.033686]  smpboot_thread_fn+0x2bc/0x730
[   21.033837]  kthread+0x337/0x6f0
[   21.034085]  ret_from_fork+0x116/0x1d0
[   21.034394]  ret_from_fork_asm+0x1a/0x30
[   21.034664] 
[   21.034778] Freed by task 21:
[   21.034931]  kasan_save_stack+0x45/0x70
[   21.035082]  kasan_save_track+0x18/0x40
[   21.035224]  kasan_save_free_info+0x3f/0x60
[   21.035377]  __kasan_slab_free+0x56/0x70
[   21.035537]  kfree+0x222/0x3f0
[   21.035665]  build_sched_domains+0x1fff/0x5dd0
[   21.035824]  partition_sched_domains+0x471/0x9c0
[   21.036136]  rebuild_sched_domains_locked+0x97d/0xd50
[   21.036498]  cpuset_update_active_cpus+0x80f/0x1a90
[   21.036837]  sched_cpu_activate+0x2bf/0x330
[   21.037132]  cpuhp_invoke_callback+0x2a1/0xf00
[   21.037458]  cpuhp_thread_fun+0x2ce/0x5c0
[   21.037843]  smpboot_thread_fn+0x2bc/0x730
[   21.038148]  kthread+0x337/0x6f0
[   21.038420]  ret_from_fork+0x116/0x1d0
[   21.038716]  ret_from_fork_asm+0x1a/0x30
[   21.039110] 
[   21.039265] The buggy address belongs to the object at ffff888101bb7f40
[   21.039265]  which belongs to the cache kmalloc-16 of size 16
[   21.039728] The buggy address is located 15 bytes to the right of
[   21.039728]  allocated 16-byte region [ffff888101bb7f40, ffff888101bb7f50)
[   21.040591] 
[   21.040744] The buggy address belongs to the physical page:
[   21.041106] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bb7
[   21.041484] flags: 0x200000000000000(node=0|zone=2)
[   21.041664] page_type: f5(slab)
[   21.041798] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122
[   21.042314] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   21.042668] page dumped because: kasan: bad access detected
[   21.042877] 
[   21.043011] Memory state around the buggy address:
[   21.043338]  ffff888101bb7e00: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc
[   21.043731]  ffff888101bb7e80: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc
[   21.044087] >ffff888101bb7f00: fa fb fc fc fa fb fc fc fa fb fc fc 00 07 fc fc
[   21.044562]                                                     ^
[   21.044851]  ffff888101bb7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.045150]  ffff888101bb8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.045360] ==================================================================
Metadata Full log Test run details