Hay
Sign in
Date
July 10, 2025, 9:07 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   29.280144] ==================================================================
[   29.280207] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330
[   29.280259] Read of size 1 at addr fff00000c9957000 by task kunit_try_catch/171
[   29.280311] 
[   29.280341] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.280425] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.280451] Hardware name: linux,dummy-virt (DT)
[   29.280481] Call trace:
[   29.280501]  show_stack+0x20/0x38 (C)
[   29.280549]  dump_stack_lvl+0x8c/0xd0
[   29.280593]  print_report+0x118/0x5d0
[   29.280635]  kasan_report+0xdc/0x128
[   29.280722]  __asan_report_load1_noabort+0x20/0x30
[   29.280789]  kmalloc_node_oob_right+0x2f4/0x330
[   29.280846]  kunit_try_run_case+0x170/0x3f0
[   29.280895]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.281082]  kthread+0x328/0x630
[   29.281243]  ret_from_fork+0x10/0x20
[   29.281293] 
[   29.281327] Allocated by task 171:
[   29.281386]  kasan_save_stack+0x3c/0x68
[   29.281445]  kasan_save_track+0x20/0x40
[   29.281503]  kasan_save_alloc_info+0x40/0x58
[   29.281557]  __kasan_kmalloc+0xd4/0xd8
[   29.281642]  __kmalloc_cache_node_noprof+0x178/0x3d0
[   29.281700]  kmalloc_node_oob_right+0xbc/0x330
[   29.281757]  kunit_try_run_case+0x170/0x3f0
[   29.281801]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.281883]  kthread+0x328/0x630
[   29.281922]  ret_from_fork+0x10/0x20
[   29.281956] 
[   29.281974] The buggy address belongs to the object at fff00000c9956000
[   29.281974]  which belongs to the cache kmalloc-4k of size 4096
[   29.282031] The buggy address is located 0 bytes to the right of
[   29.282031]  allocated 4096-byte region [fff00000c9956000, fff00000c9957000)
[   29.282213] 
[   29.282239] The buggy address belongs to the physical page:
[   29.282435] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109950
[   29.282634] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   29.282695] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   29.282784] page_type: f5(slab)
[   29.282877] raw: 0bfffe0000000040 fff00000c0002140 dead000000000100 dead000000000122
[   29.282975] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   29.283114] head: 0bfffe0000000040 fff00000c0002140 dead000000000100 dead000000000122
[   29.283216] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   29.283357] head: 0bfffe0000000003 ffffc1ffc3265401 00000000ffffffff 00000000ffffffff
[   29.283454] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   29.283551] page dumped because: kasan: bad access detected
[   29.283582] 
[   29.283600] Memory state around the buggy address:
[   29.283630]  fff00000c9956f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.283674]  fff00000c9956f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   29.283716] >fff00000c9957000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.284203]                    ^
[   29.285152]  fff00000c9957080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.286470]  fff00000c9957100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.289546] ==================================================================
Metadata Full log Test run details 

[   24.419246] ==================================================================
[   24.419655] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0
[   24.419927] Read of size 1 at addr ffff888106039000 by task kunit_try_catch/188
[   24.420146] 
[   24.420244] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.420295] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.420306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.420330] Call Trace:
[   24.420344]  <TASK>
[   24.420364]  dump_stack_lvl+0x73/0xb0
[   24.420394]  print_report+0xd1/0x610
[   24.420417]  ? __virt_addr_valid+0x1db/0x2d0
[   24.420441]  ? kmalloc_node_oob_right+0x369/0x3c0
[   24.420462]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.420487]  ? kmalloc_node_oob_right+0x369/0x3c0
[   24.420510]  kasan_report+0x141/0x180
[   24.420531]  ? kmalloc_node_oob_right+0x369/0x3c0
[   24.420557]  __asan_report_load1_noabort+0x18/0x20
[   24.420580]  kmalloc_node_oob_right+0x369/0x3c0
[   24.420602]  ? __pfx_kmalloc_node_oob_right+0x10/0x10
[   24.420626]  ? __schedule+0x10cc/0x2b60
[   24.420648]  ? __pfx_read_tsc+0x10/0x10
[   24.420670]  ? ktime_get_ts64+0x86/0x230
[   24.420695]  kunit_try_run_case+0x1a5/0x480
[   24.421096]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.421119]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.421400]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.421425]  ? __kthread_parkme+0x82/0x180
[   24.421446]  ? preempt_count_sub+0x50/0x80
[   24.421470]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.421512]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.421538]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.421564]  kthread+0x337/0x6f0
[   24.421583]  ? trace_preempt_on+0x20/0xc0
[   24.421608]  ? __pfx_kthread+0x10/0x10
[   24.421629]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.421650]  ? calculate_sigpending+0x7b/0xa0
[   24.421674]  ? __pfx_kthread+0x10/0x10
[   24.421695]  ret_from_fork+0x116/0x1d0
[   24.421723]  ? __pfx_kthread+0x10/0x10
[   24.421743]  ret_from_fork_asm+0x1a/0x30
[   24.421792]  </TASK>
[   24.421805] 
[   24.438660] Allocated by task 188:
[   24.439308]  kasan_save_stack+0x45/0x70
[   24.439877]  kasan_save_track+0x18/0x40
[   24.440524]  kasan_save_alloc_info+0x3b/0x50
[   24.441250]  __kasan_kmalloc+0xb7/0xc0
[   24.441742]  __kmalloc_cache_node_noprof+0x188/0x420
[   24.442242]  kmalloc_node_oob_right+0xab/0x3c0
[   24.442411]  kunit_try_run_case+0x1a5/0x480
[   24.442925]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.443742]  kthread+0x337/0x6f0
[   24.444290]  ret_from_fork+0x116/0x1d0
[   24.444846]  ret_from_fork_asm+0x1a/0x30
[   24.445297] 
[   24.445668] The buggy address belongs to the object at ffff888106038000
[   24.445668]  which belongs to the cache kmalloc-4k of size 4096
[   24.446416] The buggy address is located 0 bytes to the right of
[   24.446416]  allocated 4096-byte region [ffff888106038000, ffff888106039000)
[   24.447314] 
[   24.447511] The buggy address belongs to the physical page:
[   24.448161] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106038
[   24.449030] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   24.449415] flags: 0x200000000000040(head|node=0|zone=2)
[   24.450198] page_type: f5(slab)
[   24.450519] raw: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122
[   24.451059] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   24.451320] head: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122
[   24.451582] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   24.452024] head: 0200000000000003 ffffea0004180e01 00000000ffffffff 00000000ffffffff
[   24.452337] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   24.452689] page dumped because: kasan: bad access detected
[   24.452915] 
[   24.453086] Memory state around the buggy address:
[   24.453302]  ffff888106038f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.453583]  ffff888106038f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   24.453971] >ffff888106039000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.454276]                    ^
[   24.454422]  ffff888106039080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.454739]  ffff888106039100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.455040] ==================================================================
Metadata Full log Test run details