Hay
Sign in
Date
June 17, 2025, 3:39 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   91.469451] ==================================================================
[   91.471228] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0xd0/0x1f0
[   91.472342] Read of size 1 at addr ffff0000c5bff000 by task kunit_try_catch/121
[   91.474082] 
[   91.474895] CPU: 0 PID: 121 Comm: kunit_try_catch Tainted: G    B            N 6.6.94-rc1 #1
[   91.476666] Hardware name: linux,dummy-virt (DT)
[   91.477686] Call trace:
[   91.478289]  dump_backtrace+0x9c/0x128
[   91.479054]  show_stack+0x20/0x38
[   91.480037]  dump_stack_lvl+0x60/0xb0
[   91.480887]  print_report+0xf8/0x5e8
[   91.481658]  kasan_report+0xdc/0x128
[   91.482400]  __asan_load1+0x60/0x70
[   91.484151]  kmalloc_node_oob_right+0xd0/0x1f0
[   91.484967]  kunit_try_run_case+0x114/0x298
[   91.485437]  kunit_generic_run_threadfn_adapter+0x38/0x60
[   91.486646]  kthread+0x18c/0x1a8
[   91.487421]  ret_from_fork+0x10/0x20
[   91.488243] 
[   91.489189] Allocated by task 121:
[   91.489797]  kasan_save_stack+0x3c/0x68
[   91.490651]  kasan_set_track+0x2c/0x40
[   91.492538]  kasan_save_alloc_info+0x24/0x38
[   91.493466]  __kasan_kmalloc+0xd4/0xd8
[   91.494330]  kmalloc_node_trace+0x64/0x130
[   91.495454]  kmalloc_node_oob_right+0xa4/0x1f0
[   91.496402]  kunit_try_run_case+0x114/0x298
[   91.497520]  kunit_generic_run_threadfn_adapter+0x38/0x60
[   91.498517]  kthread+0x18c/0x1a8
[   91.499885]  ret_from_fork+0x10/0x20
[   91.500843] 
[   91.501296] The buggy address belongs to the object at ffff0000c5bfe000
[   91.501296]  which belongs to the cache kmalloc-4k of size 4096
[   91.503460] The buggy address is located 0 bytes to the right of
[   91.503460]  allocated 4096-byte region [ffff0000c5bfe000, ffff0000c5bff000)
[   91.505366] 
[   91.506034] The buggy address belongs to the physical page:
[   91.507902] page:000000000b68bfab refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105bf8
[   91.509491] head:000000000b68bfab order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   91.510629] flags: 0xbfffc0000000840(slab|head|node=0|zone=2|lastcpupid=0xffff)
[   91.511853] page_type: 0xffffffff()
[   91.512695] raw: 0bfffc0000000840 ffff0000c0002140 dead000000000122 0000000000000000
[   91.513995] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   91.515255] page dumped because: kasan: bad access detected
[   91.516821] 
[   91.517321] Memory state around the buggy address:
[   91.518143]  ffff0000c5bfef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   91.519437]  ffff0000c5bfef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   91.519973] >ffff0000c5bff000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   91.520445]                    ^
[   91.521109]  ffff0000c5bff080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   91.522531]  ffff0000c5bff100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   91.523541] ==================================================================
Metadata Full log Test run details 

[   33.155269] ==================================================================
[   33.156549] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0xd4/0x1f0
[   33.157487] Read of size 1 at addr ffff888102297000 by task kunit_try_catch/136
[   33.158378] 
[   33.158958] CPU: 0 PID: 136 Comm: kunit_try_catch Tainted: G    B            N 6.6.94-rc1 #1
[   33.160102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   33.160960] Call Trace:
[   33.161136]  <TASK>
[   33.161292]  dump_stack_lvl+0x4e/0x90
[   33.162158]  print_report+0xd2/0x650
[   33.162715]  ? __virt_addr_valid+0x156/0x1e0
[   33.163442]  ? kmalloc_node_oob_right+0xd4/0x1f0
[   33.164204]  ? kasan_complete_mode_report_info+0x2a/0x200
[   33.165099]  ? kmalloc_node_oob_right+0xd4/0x1f0
[   33.165897]  kasan_report+0x147/0x180
[   33.166526]  ? kmalloc_node_oob_right+0xd4/0x1f0
[   33.167148]  __asan_load1+0x66/0x70
[   33.167793]  kmalloc_node_oob_right+0xd4/0x1f0
[   33.168219]  ? __pfx_kmalloc_node_oob_right+0x10/0x10
[   33.168659]  ? __schedule+0x715/0x11a0
[   33.169317]  ? ktime_get_ts64+0x118/0x140
[   33.170024]  kunit_try_run_case+0x120/0x290
[   33.170711]  ? __pfx_kunit_try_run_case+0x10/0x10
[   33.171503]  ? __kasan_check_write+0x18/0x20
[   33.172165]  ? trace_preempt_on+0x20/0xa0
[   33.172570]  ? __kthread_parkme+0x4f/0xd0
[   33.173416]  ? preempt_count_sub+0x50/0x80
[   33.173992]  ? __pfx_kunit_try_run_case+0x10/0x10
[   33.174676]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   33.175564]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   33.176033]  kthread+0x19e/0x1e0
[   33.176253]  ? __pfx_kthread+0x10/0x10
[   33.176515]  ret_from_fork+0x41/0x70
[   33.176812]  ? __pfx_kthread+0x10/0x10
[   33.177279]  ret_from_fork_asm+0x1b/0x30
[   33.177693]  </TASK>
[   33.177983] 
[   33.178175] Allocated by task 136:
[   33.178622]  kasan_save_stack+0x44/0x70
[   33.179038]  kasan_set_track+0x29/0x40
[   33.179265]  kasan_save_alloc_info+0x22/0x30
[   33.179798]  __kasan_kmalloc+0xb7/0xc0
[   33.180246]  kmalloc_node_trace+0x49/0xb0
[   33.180891]  kmalloc_node_oob_right+0xa1/0x1f0
[   33.181431]  kunit_try_run_case+0x120/0x290
[   33.182004]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   33.182549]  kthread+0x19e/0x1e0
[   33.182759]  ret_from_fork+0x41/0x70
[   33.182972]  ret_from_fork_asm+0x1b/0x30
[   33.183178] 
[   33.183292] The buggy address belongs to the object at ffff888102296000
[   33.183292]  which belongs to the cache kmalloc-4k of size 4096
[   33.184709] The buggy address is located 0 bytes to the right of
[   33.184709]  allocated 4096-byte region [ffff888102296000, ffff888102297000)
[   33.186173] 
[   33.186434] The buggy address belongs to the physical page:
[   33.187050] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102290
[   33.188206] head:(____ptrval____) order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   33.189258] flags: 0x200000000000840(slab|head|node=0|zone=2)
[   33.189779] page_type: 0xffffffff()
[   33.190206] raw: 0200000000000840 ffff888100042140 dead000000000122 0000000000000000
[   33.190980] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
[   33.191312] page dumped because: kasan: bad access detected
[   33.192009] 
[   33.192220] Memory state around the buggy address:
[   33.192753]  ffff888102296f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.193668]  ffff888102296f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   33.194471] >ffff888102297000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.195221]                    ^
[   33.195617]  ffff888102297080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.196533]  ffff888102297100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.197191] ==================================================================
Metadata Full log Test run details