Hay
Sign in
Date
June 26, 2025, 9:10 a.m.

Environment
dragonboard-845c
qemu-arm64
qemu-x86_64 

[   31.102112] ==================================================================
[   31.113158] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330
[   31.120661] Read of size 1 at addr ffff0000954d9000 by task kunit_try_catch/226
[   31.128074] 
[   31.129605] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   31.129636] Tainted: [B]=BAD_PAGE, [N]=TEST
[   31.129644] Hardware name: Thundercomm Dragonboard 845c (DT)
[   31.129657] Call trace:
[   31.129664]  show_stack+0x20/0x38 (C)
[   31.129682]  dump_stack_lvl+0x8c/0xd0
[   31.129701]  print_report+0x118/0x608
[   31.129719]  kasan_report+0xdc/0x128
[   31.129737]  __asan_report_load1_noabort+0x20/0x30
[   31.129754]  kmalloc_node_oob_right+0x2f4/0x330
[   31.129773]  kunit_try_run_case+0x170/0x3f0
[   31.129793]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.129815]  kthread+0x328/0x630
[   31.129829]  ret_from_fork+0x10/0x20
[   31.129847] 
[   31.195900] Allocated by task 226:
[   31.199361]  kasan_save_stack+0x3c/0x68
[   31.203271]  kasan_save_track+0x20/0x40
[   31.207180]  kasan_save_alloc_info+0x40/0x58
[   31.211515]  __kasan_kmalloc+0xd4/0xd8
[   31.215335]  __kmalloc_cache_node_noprof+0x178/0x3d0
[   31.220375]  kmalloc_node_oob_right+0xbc/0x330
[   31.224899]  kunit_try_run_case+0x170/0x3f0
[   31.229152]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   31.234724]  kthread+0x328/0x630
[   31.238014]  ret_from_fork+0x10/0x20
[   31.241651] 
[   31.243180] The buggy address belongs to the object at ffff0000954d8000
[   31.243180]  which belongs to the cache kmalloc-4k of size 4096
[   31.255840] The buggy address is located 0 bytes to the right of
[   31.255840]  allocated 4096-byte region [ffff0000954d8000, ffff0000954d9000)
[   31.269029] 
[   31.270560] The buggy address belongs to the physical page:
[   31.276211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1154d8
[   31.284322] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   31.292079] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   31.299138] page_type: f5(slab)
[   31.302343] raw: 0bfffe0000000040 ffff000080003040 dead000000000122 0000000000000000
[   31.310186] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   31.318031] head: 0bfffe0000000040 ffff000080003040 dead000000000122 0000000000000000
[   31.325960] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   31.333888] head: 0bfffe0000000003 fffffdffc2553601 00000000ffffffff 00000000ffffffff
[   31.341820] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   31.349747] page dumped because: kasan: bad access detected
[   31.355393] 
[   31.356928] Memory state around the buggy address:
[   31.361791]  ffff0000954d8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.369112]  ffff0000954d8f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   31.376426] >ffff0000954d9000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.383738]                    ^
[   31.387027]  ffff0000954d9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.394350]  ffff0000954d9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   31.401670] ==================================================================
Metadata Full log Test run details 

[   26.559365] ==================================================================
[   26.559424] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330
[   26.559477] Read of size 1 at addr fff00000c65c5000 by task kunit_try_catch/152
[   26.559526] 
[   26.559842] CPU: 0 UID: 0 PID: 152 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT 
[   26.559962] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.560156] Hardware name: linux,dummy-virt (DT)
[   26.560189] Call trace:
[   26.560211]  show_stack+0x20/0x38 (C)
[   26.560278]  dump_stack_lvl+0x8c/0xd0
[   26.560326]  print_report+0x118/0x608
[   26.560373]  kasan_report+0xdc/0x128
[   26.560419]  __asan_report_load1_noabort+0x20/0x30
[   26.560467]  kmalloc_node_oob_right+0x2f4/0x330
[   26.560515]  kunit_try_run_case+0x170/0x3f0
[   26.560563]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.560614]  kthread+0x328/0x630
[   26.560657]  ret_from_fork+0x10/0x20
[   26.560705] 
[   26.560722] Allocated by task 152:
[   26.560748]  kasan_save_stack+0x3c/0x68
[   26.560799]  kasan_save_track+0x20/0x40
[   26.560835]  kasan_save_alloc_info+0x40/0x58
[   26.560871]  __kasan_kmalloc+0xd4/0xd8
[   26.560906]  __kmalloc_cache_node_noprof+0x178/0x3d0
[   26.560946]  kmalloc_node_oob_right+0xbc/0x330
[   26.560983]  kunit_try_run_case+0x170/0x3f0
[   26.561020]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.561233]  kthread+0x328/0x630
[   26.561395]  ret_from_fork+0x10/0x20
[   26.561437] 
[   26.561455] The buggy address belongs to the object at fff00000c65c4000
[   26.561455]  which belongs to the cache kmalloc-4k of size 4096
[   26.561659] The buggy address is located 0 bytes to the right of
[   26.561659]  allocated 4096-byte region [fff00000c65c4000, fff00000c65c5000)
[   26.561811] 
[   26.561831] The buggy address belongs to the physical page:
[   26.561904] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065c0
[   26.562690] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   26.562910] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   26.563027] page_type: f5(slab)
[   26.563133] raw: 0bfffe0000000040 fff00000c0002140 dead000000000100 dead000000000122
[   26.563216] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   26.563325] head: 0bfffe0000000040 fff00000c0002140 dead000000000100 dead000000000122
[   26.563372] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   26.563419] head: 0bfffe0000000003 ffffc1ffc3197001 00000000ffffffff 00000000ffffffff
[   26.563466] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   26.563507] page dumped because: kasan: bad access detected
[   26.563551] 
[   26.563568] Memory state around the buggy address:
[   26.563597]  fff00000c65c4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.563637]  fff00000c65c4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   26.563677] >fff00000c65c5000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.563722]                    ^
[   26.563839]  fff00000c65c5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.563892]  fff00000c65c5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.563927] ==================================================================
Metadata Full log Test run details 

[   21.546177] ==================================================================
[   21.546980] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0
[   21.547388] Read of size 1 at addr ffff888103ab3000 by task kunit_try_catch/169
[   21.547608] 
[   21.547703] CPU: 1 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc3-next-20250626 #1 PREEMPT(voluntary) 
[   21.547754] Tainted: [B]=BAD_PAGE, [N]=TEST
[   21.547766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   21.547789] Call Trace:
[   21.547814]  <TASK>
[   21.547835]  dump_stack_lvl+0x73/0xb0
[   21.547864]  print_report+0xd1/0x650
[   21.547885]  ? __virt_addr_valid+0x1db/0x2d0
[   21.547909]  ? kmalloc_node_oob_right+0x369/0x3c0
[   21.547931]  ? kasan_complete_mode_report_info+0x2a/0x200
[   21.547956]  ? kmalloc_node_oob_right+0x369/0x3c0
[   21.547978]  kasan_report+0x141/0x180
[   21.547998]  ? kmalloc_node_oob_right+0x369/0x3c0
[   21.548024]  __asan_report_load1_noabort+0x18/0x20
[   21.548047]  kmalloc_node_oob_right+0x369/0x3c0
[   21.548069]  ? __pfx_kmalloc_node_oob_right+0x10/0x10
[   21.548092]  ? __schedule+0x10cc/0x2b60
[   21.548116]  ? __pfx_read_tsc+0x10/0x10
[   21.548137]  ? ktime_get_ts64+0x86/0x230
[   21.548161]  kunit_try_run_case+0x1a5/0x480
[   21.548186]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.548233]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   21.548257]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   21.548282]  ? __kthread_parkme+0x82/0x180
[   21.548302]  ? preempt_count_sub+0x50/0x80
[   21.548325]  ? __pfx_kunit_try_run_case+0x10/0x10
[   21.548348]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.548371]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   21.548393]  kthread+0x337/0x6f0
[   21.548412]  ? trace_preempt_on+0x20/0xc0
[   21.548435]  ? __pfx_kthread+0x10/0x10
[   21.548454]  ? _raw_spin_unlock_irq+0x47/0x80
[   21.548476]  ? calculate_sigpending+0x7b/0xa0
[   21.548500]  ? __pfx_kthread+0x10/0x10
[   21.548520]  ret_from_fork+0x116/0x1d0
[   21.548538]  ? __pfx_kthread+0x10/0x10
[   21.548558]  ret_from_fork_asm+0x1a/0x30
[   21.548588]  </TASK>
[   21.548600] 
[   21.561605] Allocated by task 169:
[   21.561749]  kasan_save_stack+0x45/0x70
[   21.561910]  kasan_save_track+0x18/0x40
[   21.562103]  kasan_save_alloc_info+0x3b/0x50
[   21.562508]  __kasan_kmalloc+0xb7/0xc0
[   21.562740]  __kmalloc_cache_node_noprof+0x188/0x420
[   21.563148]  kmalloc_node_oob_right+0xab/0x3c0
[   21.563345]  kunit_try_run_case+0x1a5/0x480
[   21.563484]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   21.563650]  kthread+0x337/0x6f0
[   21.563899]  ret_from_fork+0x116/0x1d0
[   21.564088]  ret_from_fork_asm+0x1a/0x30
[   21.564333] 
[   21.564454] The buggy address belongs to the object at ffff888103ab2000
[   21.564454]  which belongs to the cache kmalloc-4k of size 4096
[   21.565398] The buggy address is located 0 bytes to the right of
[   21.565398]  allocated 4096-byte region [ffff888103ab2000, ffff888103ab3000)
[   21.566373] 
[   21.566476] The buggy address belongs to the physical page:
[   21.567446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ab0
[   21.567943] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.568356] flags: 0x200000000000040(head|node=0|zone=2)
[   21.568684] page_type: f5(slab)
[   21.568920] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000
[   21.569409] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   21.569826] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000
[   21.570207] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   21.570779] head: 0200000000000003 ffffea00040eac01 00000000ffffffff 00000000ffffffff
[   21.571177] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   21.571722] page dumped because: kasan: bad access detected
[   21.572152] 
[   21.572605] Memory state around the buggy address:
[   21.572912]  ffff888103ab2f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.573375]  ffff888103ab2f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.573990] >ffff888103ab3000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.574388]                    ^
[   21.574504]  ffff888103ab3080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.574713]  ffff888103ab3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.575312] ==================================================================
Metadata Full log Test run details