Hay
Sign in
Date
July 10, 2025, 9:07 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   29.272478] ==================================================================
[   29.272591] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320
[   29.272642] Read of size 1 at addr fff00000c8686a5f by task kunit_try_catch/169
[   29.272691] 
[   29.272721] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT 
[   29.272810] Tainted: [B]=BAD_PAGE, [N]=TEST
[   29.272837] Hardware name: linux,dummy-virt (DT)
[   29.272868] Call trace:
[   29.272890]  show_stack+0x20/0x38 (C)
[   29.272936]  dump_stack_lvl+0x8c/0xd0
[   29.272990]  print_report+0x118/0x5d0
[   29.273034]  kasan_report+0xdc/0x128
[   29.273075]  __asan_report_load1_noabort+0x20/0x30
[   29.273122]  kmalloc_oob_left+0x2ec/0x320
[   29.273180]  kunit_try_run_case+0x170/0x3f0
[   29.273227]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.273280]  kthread+0x328/0x630
[   29.273321]  ret_from_fork+0x10/0x20
[   29.273367] 
[   29.273384] Allocated by task 110:
[   29.273412]  kasan_save_stack+0x3c/0x68
[   29.273452]  kasan_save_track+0x20/0x40
[   29.273490]  kasan_save_alloc_info+0x40/0x58
[   29.273539]  __kasan_kmalloc+0xd4/0xd8
[   29.273582]  __kmalloc_noprof+0x198/0x4c8
[   29.273620]  kunit_kmalloc_array+0x34/0x88
[   29.273657]  test_readerwriter+0x3b0/0x948
[   29.273696]  kunit_try_run_case+0x170/0x3f0
[   29.273733]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   29.273777]  kthread+0x328/0x630
[   29.273807]  ret_from_fork+0x10/0x20
[   29.273841] 
[   29.273859] The buggy address belongs to the object at fff00000c8686a40
[   29.273859]  which belongs to the cache kmalloc-16 of size 16
[   29.273916] The buggy address is located 15 bytes to the right of
[   29.273916]  allocated 16-byte region [fff00000c8686a40, fff00000c8686a50)
[   29.273981] 
[   29.274007] The buggy address belongs to the physical page:
[   29.274304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xfff00000c8686a40 pfn:0x108686
[   29.274363] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   29.274427] page_type: f5(slab)
[   29.274464] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   29.274514] raw: fff00000c8686a40 000000008080007f 00000000f5000000 0000000000000000
[   29.274557] page dumped because: kasan: bad access detected
[   29.274588] 
[   29.274605] Memory state around the buggy address:
[   29.274635]  fff00000c8686900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   29.274677]  fff00000c8686980: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   29.274718] >fff00000c8686a00: fa fb fc fc fa fb fc fc fa fb fc fc 00 07 fc fc
[   29.274756]                                                     ^
[   29.274802]  fff00000c8686a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.274900]  fff00000c8686b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.274991] ==================================================================
Metadata Full log Test run details 

[   24.385869] ==================================================================
[   24.386356] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0
[   24.386618] Read of size 1 at addr ffff888103cd651f by task kunit_try_catch/186
[   24.389360] 
[   24.389482] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250710 #1 PREEMPT(voluntary) 
[   24.389536] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.389691] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.389734] Call Trace:
[   24.389750]  <TASK>
[   24.389769]  dump_stack_lvl+0x73/0xb0
[   24.389805]  print_report+0xd1/0x610
[   24.389830]  ? __virt_addr_valid+0x1db/0x2d0
[   24.389855]  ? kmalloc_oob_left+0x361/0x3c0
[   24.389875]  ? kasan_complete_mode_report_info+0x64/0x200
[   24.389901]  ? kmalloc_oob_left+0x361/0x3c0
[   24.389922]  kasan_report+0x141/0x180
[   24.389943]  ? kmalloc_oob_left+0x361/0x3c0
[   24.389968]  __asan_report_load1_noabort+0x18/0x20
[   24.389991]  kmalloc_oob_left+0x361/0x3c0
[   24.390012]  ? __pfx_kmalloc_oob_left+0x10/0x10
[   24.390033]  ? __schedule+0x10cc/0x2b60
[   24.390056]  ? __pfx_read_tsc+0x10/0x10
[   24.390077]  ? ktime_get_ts64+0x86/0x230
[   24.390101]  kunit_try_run_case+0x1a5/0x480
[   24.390123]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.390143]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.390165]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.390187]  ? __kthread_parkme+0x82/0x180
[   24.390208]  ? preempt_count_sub+0x50/0x80
[   24.390231]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.390252]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.390276]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.390300]  kthread+0x337/0x6f0
[   24.390319]  ? trace_preempt_on+0x20/0xc0
[   24.390343]  ? __pfx_kthread+0x10/0x10
[   24.390364]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.390384]  ? calculate_sigpending+0x7b/0xa0
[   24.390408]  ? __pfx_kthread+0x10/0x10
[   24.390429]  ret_from_fork+0x116/0x1d0
[   24.390447]  ? __pfx_kthread+0x10/0x10
[   24.390467]  ret_from_fork_asm+0x1a/0x30
[   24.390498]  </TASK>
[   24.390510] 
[   24.400215] Allocated by task 116:
[   24.400370]  kasan_save_stack+0x45/0x70
[   24.400709]  kasan_save_track+0x18/0x40
[   24.400915]  kasan_save_alloc_info+0x3b/0x50
[   24.401388]  __kasan_kmalloc+0xb7/0xc0
[   24.401570]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   24.402039]  kvasprintf+0xc5/0x150
[   24.402307]  kasprintf+0xb6/0xf0
[   24.402439]  miscdev_test_can_open+0x9a/0x2e0
[   24.402876]  miscdev_test_collision+0x374/0x700
[   24.403085]  kunit_try_run_case+0x1a5/0x480
[   24.403394]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.403791]  kthread+0x337/0x6f0
[   24.404162]  ret_from_fork+0x116/0x1d0
[   24.404309]  ret_from_fork_asm+0x1a/0x30
[   24.404507] 
[   24.404878] Freed by task 116:
[   24.405059]  kasan_save_stack+0x45/0x70
[   24.405356]  kasan_save_track+0x18/0x40
[   24.405615]  kasan_save_free_info+0x3f/0x60
[   24.405900]  __kasan_slab_free+0x56/0x70
[   24.406144]  kfree+0x222/0x3f0
[   24.406300]  miscdev_test_can_open+0x12c/0x2e0
[   24.406748]  miscdev_test_collision+0x374/0x700
[   24.407084]  kunit_try_run_case+0x1a5/0x480
[   24.407254]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.407729]  kthread+0x337/0x6f0
[   24.408001]  ret_from_fork+0x116/0x1d0
[   24.408150]  ret_from_fork_asm+0x1a/0x30
[   24.408433] 
[   24.408515] The buggy address belongs to the object at ffff888103cd6500
[   24.408515]  which belongs to the cache kmalloc-16 of size 16
[   24.409386] The buggy address is located 15 bytes to the right of
[   24.409386]  allocated 16-byte region [ffff888103cd6500, ffff888103cd6510)
[   24.410274] 
[   24.410361] The buggy address belongs to the physical page:
[   24.410728] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103cd6
[   24.411337] flags: 0x200000000000000(node=0|zone=2)
[   24.411617] page_type: f5(slab)
[   24.411935] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122
[   24.412352] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   24.412657] page dumped because: kasan: bad access detected
[   24.412905] 
[   24.413213] Memory state around the buggy address:
[   24.413502]  ffff888103cd6400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   24.413951]  ffff888103cd6480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   24.414416] >ffff888103cd6500: fa fb fc fc 00 07 fc fc fa fb fc fc fa fb fc fc
[   24.414874]                             ^
[   24.415026]  ffff888103cd6580: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc
[   24.415662]  ffff888103cd6600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   24.415960] ==================================================================
Metadata Full log Test run details