Hay
Sign in
Date
July 3, 2025, 3:13 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   15.206739] ==================================================================
[   15.206829] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330
[   15.206882] Read of size 1 at addr fff00000c4767000 by task kunit_try_catch/143
[   15.206930] 
[   15.207137] CPU: 1 UID: 0 PID: 143 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT 
[   15.207387] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.207514] Hardware name: linux,dummy-virt (DT)
[   15.207612] Call trace:
[   15.207728]  show_stack+0x20/0x38 (C)
[   15.207902]  dump_stack_lvl+0x8c/0xd0
[   15.208298]  print_report+0x118/0x608
[   15.208381]  kasan_report+0xdc/0x128
[   15.208527]  __asan_report_load1_noabort+0x20/0x30
[   15.208753]  kmalloc_node_oob_right+0x2f4/0x330
[   15.208883]  kunit_try_run_case+0x170/0x3f0
[   15.209485]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.209797]  kthread+0x328/0x630
[   15.209857]  ret_from_fork+0x10/0x20
[   15.210166] 
[   15.210315] Allocated by task 143:
[   15.210510]  kasan_save_stack+0x3c/0x68
[   15.210723]  kasan_save_track+0x20/0x40
[   15.210973]  kasan_save_alloc_info+0x40/0x58
[   15.211210]  __kasan_kmalloc+0xd4/0xd8
[   15.211332]  __kmalloc_cache_node_noprof+0x178/0x3d0
[   15.211565]  kmalloc_node_oob_right+0xbc/0x330
[   15.211690]  kunit_try_run_case+0x170/0x3f0
[   15.211804]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.211876]  kthread+0x328/0x630
[   15.212271]  ret_from_fork+0x10/0x20
[   15.212445] 
[   15.212533] The buggy address belongs to the object at fff00000c4766000
[   15.212533]  which belongs to the cache kmalloc-4k of size 4096
[   15.212749] The buggy address is located 0 bytes to the right of
[   15.212749]  allocated 4096-byte region [fff00000c4766000, fff00000c4767000)
[   15.212822] 
[   15.213035] The buggy address belongs to the physical page:
[   15.213734] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104760
[   15.215324] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.215425] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.215724] page_type: f5(slab)
[   15.215803] raw: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000
[   15.215853] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   15.216149] head: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000
[   15.216618] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   15.216729] head: 0bfffe0000000003 ffffc1ffc311d801 00000000ffffffff 00000000ffffffff
[   15.216853] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   15.216934] page dumped because: kasan: bad access detected
[   15.216999] 
[   15.217016] Memory state around the buggy address:
[   15.217054]  fff00000c4766f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.217097]  fff00000c4766f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.217153] >fff00000c4767000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.217189]                    ^
[   15.217216]  fff00000c4767080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.217271]  fff00000c4767100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.217308] ==================================================================
Metadata Full log Test run details 

[   10.582624] ==================================================================
[   10.583113] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0
[   10.583530] Read of size 1 at addr ffff8881038d1000 by task kunit_try_catch/159
[   10.584016] 
[   10.584126] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G    B            N  6.15.5-rc1 #1 PREEMPT(voluntary) 
[   10.584174] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.584186] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.584208] Call Trace:
[   10.584222]  <TASK>
[   10.584252]  dump_stack_lvl+0x73/0xb0
[   10.584280]  print_report+0xd1/0x650
[   10.584304]  ? __virt_addr_valid+0x1db/0x2d0
[   10.584326]  ? kmalloc_node_oob_right+0x369/0x3c0
[   10.584434]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.584464]  ? kmalloc_node_oob_right+0x369/0x3c0
[   10.584485]  kasan_report+0x141/0x180
[   10.584550]  ? kmalloc_node_oob_right+0x369/0x3c0
[   10.584576]  __asan_report_load1_noabort+0x18/0x20
[   10.584596]  kmalloc_node_oob_right+0x369/0x3c0
[   10.584628]  ? __pfx_kmalloc_node_oob_right+0x10/0x10
[   10.584649]  ? __schedule+0x10cc/0x2b60
[   10.584673]  ? __pfx_read_tsc+0x10/0x10
[   10.584694]  ? ktime_get_ts64+0x86/0x230
[   10.584720]  kunit_try_run_case+0x1a5/0x480
[   10.584745]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.584767]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.584791]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.584814]  ? __kthread_parkme+0x82/0x180
[   10.584836]  ? preempt_count_sub+0x50/0x80
[   10.584862]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.584885]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.584908]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.584931]  kthread+0x337/0x6f0
[   10.584947]  ? trace_preempt_on+0x20/0xc0
[   10.584970]  ? __pfx_kthread+0x10/0x10
[   10.584988]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.585010]  ? calculate_sigpending+0x7b/0xa0
[   10.585031]  ? __pfx_kthread+0x10/0x10
[   10.585049]  ret_from_fork+0x41/0x80
[   10.585070]  ? __pfx_kthread+0x10/0x10
[   10.585087]  ret_from_fork_asm+0x1a/0x30
[   10.585118]  </TASK>
[   10.585129] 
[   10.593728] Allocated by task 159:
[   10.594093]  kasan_save_stack+0x45/0x70
[   10.594575]  kasan_save_track+0x18/0x40
[   10.594970]  kasan_save_alloc_info+0x3b/0x50
[   10.595133]  __kasan_kmalloc+0xb7/0xc0
[   10.595280]  __kmalloc_cache_node_noprof+0x188/0x420
[   10.595452]  kmalloc_node_oob_right+0xab/0x3c0
[   10.595707]  kunit_try_run_case+0x1a5/0x480
[   10.595923]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.596442]  kthread+0x337/0x6f0
[   10.596610]  ret_from_fork+0x41/0x80
[   10.596805]  ret_from_fork_asm+0x1a/0x30
[   10.596949] 
[   10.597023] The buggy address belongs to the object at ffff8881038d0000
[   10.597023]  which belongs to the cache kmalloc-4k of size 4096
[   10.597797] The buggy address is located 0 bytes to the right of
[   10.597797]  allocated 4096-byte region [ffff8881038d0000, ffff8881038d1000)
[   10.598480] 
[   10.598609] The buggy address belongs to the physical page:
[   10.599147] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d0
[   10.600059] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.600509] flags: 0x200000000000040(head|node=0|zone=2)
[   10.600911] page_type: f5(slab)
[   10.601084] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000
[   10.601536] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   10.601953] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000
[   10.602586] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   10.603384] head: 0200000000000003 ffffea00040e3401 00000000ffffffff 00000000ffffffff
[   10.604065] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   10.604479] page dumped because: kasan: bad access detected
[   10.605067] 
[   10.605228] Memory state around the buggy address:
[   10.605796]  ffff8881038d0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.606604]  ffff8881038d0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.607098] >ffff8881038d1000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.607539]                    ^
[   10.607665]  ffff8881038d1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.607892]  ffff8881038d1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.608112] ==================================================================
Metadata Full log Test run details