Hay
Sign in
Date
July 15, 2025, 2:10 p.m.

Environment
qemu-arm64
qemu-x86_64 

[  104.856922] ==================================================================
[  104.858586] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0xd0/0x1f0
[  104.860049] Read of size 1 at addr ffff0000c67a3000 by task kunit_try_catch/206
[  104.861624] 
[  104.862264] CPU: 0 PID: 206 Comm: kunit_try_catch Tainted: G    B            N 6.1.146-rc1 #1
[  104.863466] Hardware name: linux,dummy-virt (DT)
[  104.864299] Call trace:
[  104.864943]  dump_backtrace+0xe0/0x134
[  104.865855]  show_stack+0x20/0x2c
[  104.866575]  dump_stack_lvl+0x88/0xb4
[  104.867298]  print_report+0x158/0x44c
[  104.868138]  kasan_report+0xc8/0x180
[  104.868923]  __asan_load1+0x68/0x74
[  104.869640]  kmalloc_node_oob_right+0xd0/0x1f0
[  104.870366]  kunit_try_run_case+0x8c/0x124
[  104.871243]  kunit_generic_run_threadfn_adapter+0x38/0x54
[  104.872224]  kthread+0x15c/0x170
[  104.872887]  ret_from_fork+0x10/0x20
[  104.873271] 
[  104.873454] Allocated by task 206:
[  104.873732]  kasan_save_stack+0x3c/0x70
[  104.874246]  kasan_set_track+0x2c/0x40
[  104.874808]  kasan_save_alloc_info+0x24/0x34
[  104.875354]  __kasan_kmalloc+0xd4/0xe0
[  104.875878]  kmalloc_node_trace+0x90/0x150
[  104.876385]  kmalloc_node_oob_right+0xa4/0x1f0
[  104.876854]  kunit_try_run_case+0x8c/0x124
[  104.877322]  kunit_generic_run_threadfn_adapter+0x38/0x54
[  104.877885]  kthread+0x15c/0x170
[  104.878311]  ret_from_fork+0x10/0x20
[  104.879619] 
[  104.879868] The buggy address belongs to the object at ffff0000c67a2000
[  104.879868]  which belongs to the cache kmalloc-4k of size 4096
[  104.881118] The buggy address is located 0 bytes to the right of
[  104.881118]  4096-byte region [ffff0000c67a2000, ffff0000c67a3000)
[  104.882166] 
[  104.882407] The buggy address belongs to the physical page:
[  104.883003] page:00000000a5b8441f refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1067a0
[  104.883833] head:00000000a5b8441f order:3 compound_mapcount:0 compound_pincount:0
[  104.884472] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff)
[  104.885203] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002a80
[  104.886082] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[  104.886740] page dumped because: kasan: bad access detected
[  104.887261] 
[  104.887477] Memory state around the buggy address:
[  104.887955]  ffff0000c67a2f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  104.888805]  ffff0000c67a2f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  104.889425] >ffff0000c67a3000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  104.890046]                    ^
[  104.890421]  ffff0000c67a3080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  104.891057]  ffff0000c67a3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  104.891657] ==================================================================
Metadata Full log Test run details 

[   74.658047] ==================================================================
[   74.658874] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0xa4/0x15c
[   74.659648] Read of size 1 at addr ffff0000c58cf000 by task kunit_try_catch/122
[   74.660289] 
[   74.660547] CPU: 1 PID: 122 Comm: kunit_try_catch Tainted: G    B            N 6.1.146-rc1 #1
[   74.661258] Hardware name: linux,dummy-virt (DT)
[   74.661676] Call trace:
[   74.661986]  dump_backtrace+0xf8/0x118
[   74.662459]  show_stack+0x18/0x24
[   74.662884]  __dump_stack+0x28/0x38
[   74.663338]  dump_stack_lvl+0x54/0x6c
[   74.663945]  print_address_description+0x7c/0x1ec
[   74.664498]  print_report+0x50/0x68
[   74.665134]  kasan_report+0xac/0x100
[   74.665571]  __asan_load1+0x6c/0x70
[   74.666021]  kmalloc_node_oob_right+0xa4/0x15c
[   74.666496]  kunit_try_run_case+0x80/0x184
[   74.666961]  kunit_generic_run_threadfn_adapter+0x30/0x4c
[   74.667520]  kthread+0x16c/0x21c
[   74.667947]  ret_from_fork+0x10/0x20
[   74.668365] 
[   74.668564] Allocated by task 122:
[   74.669089]  kasan_set_track+0x4c/0x80
[   74.669596]  kasan_save_alloc_info+0x28/0x34
[   74.670090]  __kasan_kmalloc+0x88/0xa0
[   74.670536]  kmalloc_node_trace+0x4c/0x60
[   74.671028]  kmalloc_node_oob_right+0x4c/0x15c
[   74.671500]  kunit_try_run_case+0x80/0x184
[   74.672002]  kunit_generic_run_threadfn_adapter+0x30/0x4c
[   74.672560]  kthread+0x16c/0x21c
[   74.673171]  ret_from_fork+0x10/0x20
[   74.673626] 
[   74.673843] The buggy address belongs to the object at ffff0000c58ce000
[   74.673843]  which belongs to the cache kmalloc-4k of size 4096
[   74.674789] The buggy address is located 0 bytes to the right of
[   74.674789]  4096-byte region [ffff0000c58ce000, ffff0000c58cf000)
[   74.675722] 
[   74.675937] The buggy address belongs to the physical page:
[   74.676443] page:00000000de932318 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058c8
[   74.677839] head:00000000de932318 order:3 compound_mapcount:0 compound_pincount:0
[   74.678442] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff)
[   74.679205] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002a80
[   74.679901] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   74.680528] page dumped because: kasan: bad access detected
[   74.681154] 
[   74.681354] Memory state around the buggy address:
[   74.681792]  ffff0000c58cef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   74.682432]  ffff0000c58cef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   74.683046] >ffff0000c58cf000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   74.683632]                    ^
[   74.684035]  ffff0000c58cf080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   74.684866]  ffff0000c58cf100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   74.685453] ==================================================================
Metadata Full log Test run details 

[   73.638861] ==================================================================
[   73.641959] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0xa4/0x15c
[   73.642854] Read of size 1 at addr ffff0000c593f000 by task kunit_try_catch/122
[   73.643526] 
[   73.643776] CPU: 1 PID: 122 Comm: kunit_try_catch Tainted: G    B            N 6.1.146-rc1 #1
[   73.644598] Hardware name: linux,dummy-virt (DT)
[   73.645269] Call trace:
[   73.645588]  dump_backtrace+0xf4/0x114
[   73.646148]  show_stack+0x18/0x24
[   73.646945]  __dump_stack+0x28/0x38
[   73.647400]  dump_stack_lvl+0x50/0x68
[   73.647885]  print_address_description+0x7c/0x1ec
[   73.648727]  print_report+0x50/0x68
[   73.649214]  kasan_report+0xac/0xfc
[   73.649722]  __asan_load1+0x6c/0x70
[   73.650199]  kmalloc_node_oob_right+0xa4/0x15c
[   73.650720]  kunit_try_run_case+0x80/0x184
[   73.651220]  kunit_generic_run_threadfn_adapter+0x30/0x4c
[   73.651876]  kthread+0x16c/0x21c
[   73.652833]  ret_from_fork+0x10/0x20
[   73.653284] 
[   73.653504] Allocated by task 122:
[   73.653897]  kasan_set_track+0x4c/0x80
[   73.654379]  kasan_save_alloc_info+0x28/0x34
[   73.654873]  __kasan_kmalloc+0x88/0xa0
[   73.655353]  kmalloc_node_trace+0x4c/0x60
[   73.655884]  kmalloc_node_oob_right+0x4c/0x15c
[   73.656673]  kunit_try_run_case+0x80/0x184
[   73.657205]  kunit_generic_run_threadfn_adapter+0x30/0x4c
[   73.657801]  kthread+0x16c/0x21c
[   73.658234]  ret_from_fork+0x10/0x20
[   73.658706] 
[   73.658930] The buggy address belongs to the object at ffff0000c593e000
[   73.658930]  which belongs to the cache kmalloc-4k of size 4096
[   73.660389] The buggy address is located 0 bytes to the right of
[   73.660389]  4096-byte region [ffff0000c593e000, ffff0000c593f000)
[   73.661397] 
[   73.661658] The buggy address belongs to the physical page:
[   73.662259] page:00000000949663e6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105938
[   73.663108] head:00000000949663e6 order:3 compound_mapcount:0 compound_pincount:0
[   73.664073] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff)
[   73.664875] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002a80
[   73.665608] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   73.666257] page dumped because: kasan: bad access detected
[   73.666757] 
[   73.666979] Memory state around the buggy address:
[   73.667460]  ffff0000c593ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   73.668583]  ffff0000c593ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   73.669307] >ffff0000c593f000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   73.669941]                    ^
[   73.670283]  ffff0000c593f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   73.670922]  ffff0000c593f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   73.671545] ==================================================================
Metadata Full log Test run details 

[   72.273728] ==================================================================
[   72.274613] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0xc8/0x1e4
[   72.275343] Read of size 1 at addr ffff0000c599b000 by task kunit_try_catch/122
[   72.276433] 
[   72.276670] CPU: 1 PID: 122 Comm: kunit_try_catch Tainted: G    B            N 6.1.146-rc1 #1
[   72.277369] Hardware name: linux,dummy-virt (DT)
[   72.277794] Call trace:
[   72.278448]  dump_backtrace.part.0+0xdc/0xf0
[   72.278966]  show_stack+0x18/0x30
[   72.279358]  dump_stack_lvl+0x64/0x80
[   72.279775]  print_report+0x158/0x438
[   72.280218]  kasan_report+0xb4/0xf4
[   72.280621]  __asan_load1+0x68/0x74
[   72.281012]  kmalloc_node_oob_right+0xc8/0x1e4
[   72.281487]  kunit_try_run_case+0x84/0x120
[   72.282122]  kunit_generic_run_threadfn_adapter+0x30/0x50
[   72.282675]  kthread+0x180/0x190
[   72.283050]  ret_from_fork+0x10/0x20
[   72.283471] 
[   72.283651] Allocated by task 122:
[   72.283980]  kasan_save_stack+0x3c/0x70
[   72.284784]  kasan_set_track+0x2c/0x40
[   72.285184]  kasan_save_alloc_info+0x24/0x34
[   72.285661]  __kasan_kmalloc+0xb8/0xc0
[   72.286326]  kmalloc_node_trace+0x54/0x70
[   72.286816]  kmalloc_node_oob_right+0x9c/0x1e4
[   72.287267]  kunit_try_run_case+0x84/0x120
[   72.287723]  kunit_generic_run_threadfn_adapter+0x30/0x50
[   72.288289]  kthread+0x180/0x190
[   72.288665]  ret_from_fork+0x10/0x20
[   72.289072] 
[   72.289269] The buggy address belongs to the object at ffff0000c599a000
[   72.289269]  which belongs to the cache kmalloc-4k of size 4096
[   72.290708] The buggy address is located 0 bytes to the right of
[   72.290708]  4096-byte region [ffff0000c599a000, ffff0000c599b000)
[   72.291622] 
[   72.291800] The buggy address belongs to the physical page:
[   72.292322] page:000000006c8790c3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105998
[   72.293095] head:000000006c8790c3 order:3 compound_mapcount:0 compound_pincount:0
[   72.293703] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff)
[   72.294409] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002a80
[   72.295047] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   72.295655] page dumped because: kasan: bad access detected
[   72.296100] 
[   72.296282] Memory state around the buggy address:
[   72.297081]  ffff0000c599af00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   72.297717]  ffff0000c599af80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   72.298813] >ffff0000c599b000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   72.299402]                    ^
[   72.299710]  ffff0000c599b080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   72.300317]  ffff0000c599b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   72.300902] ==================================================================
Metadata Full log Test run details 

[   63.971548] ==================================================================
[   63.972204] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0xdc/0x1f0
[   63.973026] Read of size 1 at addr ffff0000c5907000 by task kunit_try_catch/120
[   63.974344] 
[   63.974781] CPU: 1 PID: 120 Comm: kunit_try_catch Tainted: G    B            N 6.1.146-rc1 #1
[   63.975649] Hardware name: linux,dummy-virt (DT)
[   63.975956] Call trace:
[   63.976156]  dump_backtrace+0x110/0x120
[   63.976529]  show_stack+0x18/0x28
[   63.976855]  dump_stack_lvl+0x68/0x84
[   63.977187]  print_report+0x158/0x484
[   63.978281]  kasan_report+0x98/0xe0
[   63.978861]  __asan_load1+0x68/0x78
[   63.979435]  kmalloc_node_oob_right+0xdc/0x1f0
[   63.980127]  kunit_try_run_case+0x7c/0x120
[   63.980773]  kunit_generic_run_threadfn_adapter+0x30/0x50
[   63.981591]  kthread+0x1a4/0x1b8
[   63.982193]  ret_from_fork+0x10/0x20
[   63.982787] 
[   63.983089] Allocated by task 120:
[   63.983591]  kasan_save_stack+0x2c/0x58
[   63.984187]  kasan_set_track+0x2c/0x40
[   63.984761]  kasan_save_alloc_info+0x24/0x38
[   63.985435]  __kasan_kmalloc+0xa0/0xb8
[   63.986075]  kmalloc_node_trace+0x48/0x60
[   63.986694]  kmalloc_node_oob_right+0xac/0x1f0
[   63.987363]  kunit_try_run_case+0x7c/0x120
[   63.987994]  kunit_generic_run_threadfn_adapter+0x30/0x50
[   63.988736]  kthread+0x1a4/0x1b8
[   63.989225]  ret_from_fork+0x10/0x20
[   63.989775] 
[   63.990082] The buggy address belongs to the object at ffff0000c5906000
[   63.990082]  which belongs to the cache kmalloc-4k of size 4096
[   63.991475] The buggy address is located 0 bytes to the right of
[   63.991475]  4096-byte region [ffff0000c5906000, ffff0000c5907000)
[   63.992817] 
[   63.993090] The buggy address belongs to the physical page:
[   63.993808] page:000000002773b70c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105900
[   63.994875] head:000000002773b70c order:3 compound_mapcount:0 compound_pincount:0
[   63.995473] flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff)
[   63.996418] raw: 0bfffc0000010200 0000000000000000 dead000000000122 ffff0000c0002a80
[   63.997306] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   63.998430] page dumped because: kasan: bad access detected
[   63.999040] 
[   63.999329] Memory state around the buggy address:
[   63.999875]  ffff0000c5906f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.000312]  ffff0000c5906f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   64.000736] >ffff0000c5907000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.001134]                    ^
[   64.001655]  ffff0000c5907080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.002654]  ffff0000c5907100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   64.003495] ==================================================================
Metadata Full log Test run details 

[   30.307067] ==================================================================
[   30.308395] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0xd0/0x1f0
[   30.308709] Read of size 1 at addr ffff888103619000 by task kunit_try_catch/226
[   30.308981] 
[   30.309099] CPU: 1 PID: 226 Comm: kunit_try_catch Tainted: G    B            N 6.1.146-rc1 #1
[   30.310350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   30.311405] Call Trace:
[   30.311824]  <TASK>
[   30.312074]  dump_stack_lvl+0x49/0x62
[   30.312549]  print_report+0x189/0x492
[   30.312746]  ? kasan_complete_mode_report_info+0x3c/0x200
[   30.313560]  ? kmalloc_node_oob_right+0xd0/0x1f0
[   30.314022]  kasan_report+0x10c/0x190
[   30.314456]  ? kmalloc_node_oob_right+0xd0/0x1f0
[   30.314945]  __asan_load1+0x62/0x70
[   30.315367]  kmalloc_node_oob_right+0xd0/0x1f0
[   30.315815]  ? pagealloc_uaf+0x1e0/0x1e0
[   30.316153]  ? __kunit_add_resource+0xd1/0x100
[   30.316710]  kunit_try_run_case+0x8f/0xd0
[   30.317207]  ? kunit_catch_run_case+0x80/0x80
[   30.317563]  ? kunit_try_catch_throw+0x40/0x40
[   30.317869]  kunit_generic_run_threadfn_adapter+0x2f/0x50
[   30.318470]  kthread+0x17b/0x1b0
[   30.318822]  ? kthread_complete_and_exit+0x30/0x30
[   30.319319]  ret_from_fork+0x22/0x30
[   30.319811]  </TASK>
[   30.320040] 
[   30.320170] Allocated by task 226:
[   30.320533]  kasan_save_stack+0x41/0x70
[   30.320949]  kasan_set_track+0x25/0x40
[   30.321240]  kasan_save_alloc_info+0x1e/0x30
[   30.321761]  __kasan_kmalloc+0xb6/0xc0
[   30.322077]  kmalloc_node_trace+0x45/0xb0
[   30.322390]  kmalloc_node_oob_right+0x9d/0x1f0
[   30.322900]  kunit_try_run_case+0x8f/0xd0
[   30.323434]  kunit_generic_run_threadfn_adapter+0x2f/0x50
[   30.324031]  kthread+0x17b/0x1b0
[   30.324403]  ret_from_fork+0x22/0x30
[   30.324575] 
[   30.324662] The buggy address belongs to the object at ffff888103618000
[   30.324662]  which belongs to the cache kmalloc-4k of size 4096
[   30.325104] The buggy address is located 0 bytes to the right of
[   30.325104]  4096-byte region [ffff888103618000, ffff888103619000)
[   30.326323] 
[   30.326528] The buggy address belongs to the physical page:
[   30.327184] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103618
[   30.328210] head:(____ptrval____) order:3 compound_mapcount:0 compound_pincount:0
[   30.329094] flags: 0x200000000010200(slab|head|node=0|zone=2)
[   30.329914] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100042140
[   30.330764] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   30.331662] page dumped because: kasan: bad access detected
[   30.331928] 
[   30.332015] Memory state around the buggy address:
[   30.332213]  ffff888103618f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.332920]  ffff888103618f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.333706] >ffff888103619000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.334397]                    ^
[   30.334754]  ffff888103619080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.335460]  ffff888103619100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.335903] ==================================================================
Metadata Full log Test run details