Hay
Sign in
Date
July 8, 2025, 4:38 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   17.567421] ==================================================================
[   17.568049] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330
[   17.568272] Read of size 1 at addr fff00000c5e3f000 by task kunit_try_catch/142
[   17.568373] 
[   17.568472] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT 
[   17.568576] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.568673] Hardware name: linux,dummy-virt (DT)
[   17.568740] Call trace:
[   17.568857]  show_stack+0x20/0x38 (C)
[   17.568915]  dump_stack_lvl+0x8c/0xd0
[   17.568981]  print_report+0x118/0x608
[   17.569272]  kasan_report+0xdc/0x128
[   17.569513]  __asan_report_load1_noabort+0x20/0x30
[   17.569605]  kmalloc_node_oob_right+0x2f4/0x330
[   17.569996]  kunit_try_run_case+0x170/0x3f0
[   17.570091]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.570353]  kthread+0x328/0x630
[   17.570491]  ret_from_fork+0x10/0x20
[   17.570881] 
[   17.570908] Allocated by task 142:
[   17.570938]  kasan_save_stack+0x3c/0x68
[   17.571015]  kasan_save_track+0x20/0x40
[   17.571060]  kasan_save_alloc_info+0x40/0x58
[   17.571112]  __kasan_kmalloc+0xd4/0xd8
[   17.571147]  __kmalloc_cache_node_noprof+0x178/0x3d0
[   17.571189]  kmalloc_node_oob_right+0xbc/0x330
[   17.571226]  kunit_try_run_case+0x170/0x3f0
[   17.571273]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.571316]  kthread+0x328/0x630
[   17.571363]  ret_from_fork+0x10/0x20
[   17.571407] 
[   17.571426] The buggy address belongs to the object at fff00000c5e3e000
[   17.571426]  which belongs to the cache kmalloc-4k of size 4096
[   17.571481] The buggy address is located 0 bytes to the right of
[   17.571481]  allocated 4096-byte region [fff00000c5e3e000, fff00000c5e3f000)
[   17.571542] 
[   17.571570] The buggy address belongs to the physical page:
[   17.571670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105e38
[   17.571890] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.571939] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.572046] page_type: f5(slab)
[   17.572085] raw: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000
[   17.572143] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   17.572199] head: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000
[   17.572833] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   17.573277] head: 0bfffe0000000003 ffffc1ffc3178e01 00000000ffffffff 00000000ffffffff
[   17.573375] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   17.573925] page dumped because: kasan: bad access detected
[   17.573962] 
[   17.573980] Memory state around the buggy address:
[   17.574044]  fff00000c5e3ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.574089]  fff00000c5e3ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.574451] >fff00000c5e3f000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.574530]                    ^
[   17.574793]  fff00000c5e3f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.575129]  fff00000c5e3f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.575175] ==================================================================
Metadata Full log Test run details 

[   10.559916] ==================================================================
[   10.560749] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0
[   10.561270] Read of size 1 at addr ffff8881028f5000 by task kunit_try_catch/160
[   10.561506] 
[   10.561676] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G    B            N  6.15.6-rc1 #1 PREEMPT(voluntary) 
[   10.561722] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.561734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.561783] Call Trace:
[   10.561795]  <TASK>
[   10.561809]  dump_stack_lvl+0x73/0xb0
[   10.561835]  print_report+0xd1/0x650
[   10.561859]  ? __virt_addr_valid+0x1db/0x2d0
[   10.561895]  ? kmalloc_node_oob_right+0x369/0x3c0
[   10.561916]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.561939]  ? kmalloc_node_oob_right+0x369/0x3c0
[   10.561960]  kasan_report+0x141/0x180
[   10.561983]  ? kmalloc_node_oob_right+0x369/0x3c0
[   10.562008]  __asan_report_load1_noabort+0x18/0x20
[   10.562030]  kmalloc_node_oob_right+0x369/0x3c0
[   10.562053]  ? __pfx_kmalloc_node_oob_right+0x10/0x10
[   10.562127]  ? __schedule+0x10cc/0x2b60
[   10.562151]  ? __pfx_read_tsc+0x10/0x10
[   10.562172]  ? ktime_get_ts64+0x86/0x230
[   10.562199]  kunit_try_run_case+0x1a5/0x480
[   10.562221]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.562240]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.562264]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.562288]  ? __kthread_parkme+0x82/0x180
[   10.562309]  ? preempt_count_sub+0x50/0x80
[   10.562334]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.562354]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.562378]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.562401]  kthread+0x337/0x6f0
[   10.562418]  ? trace_preempt_on+0x20/0xc0
[   10.562442]  ? __pfx_kthread+0x10/0x10
[   10.562460]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.562482]  ? calculate_sigpending+0x7b/0xa0
[   10.562503]  ? __pfx_kthread+0x10/0x10
[   10.562522]  ret_from_fork+0x41/0x80
[   10.562542]  ? __pfx_kthread+0x10/0x10
[   10.562560]  ret_from_fork_asm+0x1a/0x30
[   10.562589]  </TASK>
[   10.562600] 
[   10.571909] Allocated by task 160:
[   10.572147]  kasan_save_stack+0x45/0x70
[   10.572388]  kasan_save_track+0x18/0x40
[   10.572593]  kasan_save_alloc_info+0x3b/0x50
[   10.572827]  __kasan_kmalloc+0xb7/0xc0
[   10.573133]  __kmalloc_cache_node_noprof+0x188/0x420
[   10.573313]  kmalloc_node_oob_right+0xab/0x3c0
[   10.573463]  kunit_try_run_case+0x1a5/0x480
[   10.573639]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.574235]  kthread+0x337/0x6f0
[   10.574434]  ret_from_fork+0x41/0x80
[   10.574635]  ret_from_fork_asm+0x1a/0x30
[   10.574924] 
[   10.575077] The buggy address belongs to the object at ffff8881028f4000
[   10.575077]  which belongs to the cache kmalloc-4k of size 4096
[   10.575564] The buggy address is located 0 bytes to the right of
[   10.575564]  allocated 4096-byte region [ffff8881028f4000, ffff8881028f5000)
[   10.576180] 
[   10.576284] The buggy address belongs to the physical page:
[   10.576597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028f0
[   10.577318] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.577741] flags: 0x200000000000040(head|node=0|zone=2)
[   10.578168] page_type: f5(slab)
[   10.578354] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000
[   10.578760] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   10.579373] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000
[   10.579731] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   10.580138] head: 0200000000000003 ffffea00040a3c01 00000000ffffffff 00000000ffffffff
[   10.580483] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   10.580956] page dumped because: kasan: bad access detected
[   10.581199] 
[   10.581296] Memory state around the buggy address:
[   10.581608]  ffff8881028f4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.581961]  ffff8881028f4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.582242] >ffff8881028f5000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.582587]                    ^
[   10.582744]  ffff8881028f5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.583051]  ffff8881028f5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.583436] ==================================================================
Metadata Full log Test run details