Hay
Sign in
Date
June 17, 2025, 3:39 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   91.400649] ==================================================================
[   91.401974] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0xc8/0x1f0
[   91.403178] Read of size 1 at addr ffff0000c5c526bf by task kunit_try_catch/119
[   91.404314] 
[   91.404860] CPU: 1 PID: 119 Comm: kunit_try_catch Tainted: G    B            N 6.6.94-rc1 #1
[   91.406223] Hardware name: linux,dummy-virt (DT)
[   91.407078] Call trace:
[   91.407517]  dump_backtrace+0x9c/0x128
[   91.407922]  show_stack+0x20/0x38
[   91.408261]  dump_stack_lvl+0x60/0xb0
[   91.408656]  print_report+0xf8/0x5e8
[   91.409040]  kasan_report+0xdc/0x128
[   91.409457]  __asan_load1+0x60/0x70
[   91.410403]  kmalloc_oob_left+0xc8/0x1f0
[   91.411940]  kunit_try_run_case+0x114/0x298
[   91.413568]  kunit_generic_run_threadfn_adapter+0x38/0x60
[   91.414576]  kthread+0x18c/0x1a8
[   91.415567]  ret_from_fork+0x10/0x20
[   91.416438] 
[   91.417074] Allocated by task 1:
[   91.417843]  kasan_save_stack+0x3c/0x68
[   91.418655]  kasan_set_track+0x2c/0x40
[   91.419608]  kasan_save_alloc_info+0x24/0x38
[   91.420532]  __kasan_kmalloc+0xd4/0xd8
[   91.421476]  __kmalloc_node_track_caller+0x74/0x1d0
[   91.423295]  kvasprintf+0xe0/0x180
[   91.424043]  __kthread_create_on_node+0x11c/0x250
[   91.425346]  kthread_create_on_node+0xe4/0x130
[   91.426377]  create_worker+0x160/0x3b8
[   91.427272]  alloc_unbound_pwq+0x418/0x428
[   91.428237]  apply_wqattrs_prepare+0x1b8/0x3c8
[   91.429025]  apply_workqueue_attrs_locked+0x6c/0xc0
[   91.429996]  alloc_workqueue+0x6dc/0x880
[   91.430838]  latency_fsnotify_init+0x28/0x60
[   91.432049]  do_one_initcall+0xb0/0x3e8
[   91.432885]  kernel_init_freeable+0x2b4/0x550
[   91.433774]  kernel_init+0x2c/0x1f8
[   91.434571]  ret_from_fork+0x10/0x20
[   91.435453] 
[   91.435936] The buggy address belongs to the object at ffff0000c5c526a0
[   91.435936]  which belongs to the cache kmalloc-16 of size 16
[   91.437741] The buggy address is located 18 bytes to the right of
[   91.437741]  allocated 13-byte region [ffff0000c5c526a0, ffff0000c5c526ad)
[   91.440011] 
[   91.440496] The buggy address belongs to the physical page:
[   91.441509] page:00000000fbf36b17 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c52
[   91.443139] flags: 0xbfffc0000000800(slab|node=0|zone=2|lastcpupid=0xffff)
[   91.444780] page_type: 0xffffffff()
[   91.445258] raw: 0bfffc0000000800 ffff0000c00013c0 dead000000000122 0000000000000000
[   91.445795] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[   91.446259] page dumped because: kasan: bad access detected
[   91.447574] 
[   91.447906] Memory state around the buggy address:
[   91.448462]  ffff0000c5c52580: 00 05 fc fc fa fb fc fc 00 02 fc fc fa fb fc fc
[   91.449221]  ffff0000c5c52600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   91.450062] >ffff0000c5c52680: 00 04 fc fc 00 05 fc fc 00 07 fc fc fc fc fc fc
[   91.451499]                                         ^
[   91.452349]  ffff0000c5c52700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   91.453167]  ffff0000c5c52780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   91.453982] ==================================================================
Metadata Full log Test run details 

[   33.118247] ==================================================================
[   33.119018] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0xcf/0x1f0
[   33.119441] Read of size 1 at addr ffff8881024a3a9f by task kunit_try_catch/134
[   33.120054] 
[   33.120242] CPU: 1 PID: 134 Comm: kunit_try_catch Tainted: G    B            N 6.6.94-rc1 #1
[   33.120905] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   33.121601] Call Trace:
[   33.121913]  <TASK>
[   33.122090]  dump_stack_lvl+0x4e/0x90
[   33.122629]  print_report+0xd2/0x650
[   33.122951]  ? __virt_addr_valid+0x156/0x1e0
[   33.123260]  ? kmalloc_oob_left+0xcf/0x1f0
[   33.123693]  ? kasan_complete_mode_report_info+0x2a/0x200
[   33.124130]  ? kmalloc_oob_left+0xcf/0x1f0
[   33.124639]  kasan_report+0x147/0x180
[   33.125089]  ? kmalloc_oob_left+0xcf/0x1f0
[   33.125559]  __asan_load1+0x66/0x70
[   33.125905]  kmalloc_oob_left+0xcf/0x1f0
[   33.126159]  ? __pfx_kmalloc_oob_left+0x10/0x10
[   33.126558]  ? __schedule+0x715/0x11a0
[   33.126937]  ? ktime_get_ts64+0x118/0x140
[   33.127282]  kunit_try_run_case+0x120/0x290
[   33.127694]  ? __pfx_kunit_try_run_case+0x10/0x10
[   33.128102]  ? __kasan_check_write+0x18/0x20
[   33.128616]  ? trace_preempt_on+0x20/0xa0
[   33.128944]  ? __kthread_parkme+0x4f/0xd0
[   33.129250]  ? preempt_count_sub+0x50/0x80
[   33.129630]  ? __pfx_kunit_try_run_case+0x10/0x10
[   33.130112]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   33.130601]  kunit_generic_run_threadfn_adapter+0x33/0x50
[   33.131024]  kthread+0x19e/0x1e0
[   33.131293]  ? __pfx_kthread+0x10/0x10
[   33.131696]  ret_from_fork+0x41/0x70
[   33.132094]  ? __pfx_kthread+0x10/0x10
[   33.132345]  ret_from_fork_asm+0x1b/0x30
[   33.132791]  </TASK>
[   33.132979] 
[   33.133087] Allocated by task 1:
[   33.133324]  kasan_save_stack+0x44/0x70
[   33.133816]  kasan_set_track+0x29/0x40
[   33.134063]  kasan_save_alloc_info+0x22/0x30
[   33.134337]  __kasan_kmalloc+0xb7/0xc0
[   33.134707]  __kmalloc_node_track_caller+0x69/0x170
[   33.135102]  kvasprintf+0xc6/0x150
[   33.135407]  __kthread_create_on_node+0x128/0x260
[   33.135881]  kthread_create_on_node+0xac/0xe0
[   33.136213]  create_worker+0x196/0x3d0
[   33.136705]  alloc_unbound_pwq+0x4bf/0x4d0
[   33.137029]  apply_wqattrs_prepare+0x1b7/0x3c0
[   33.137417]  apply_workqueue_attrs_locked+0x66/0xa0
[   33.137791]  alloc_workqueue+0x788/0x940
[   33.138141]  latency_fsnotify_init+0x1b/0x50
[   33.138490]  do_one_initcall+0xd7/0x340
[   33.138899]  kernel_init_freeable+0x2ae/0x470
[   33.139241]  kernel_init+0x23/0x1e0
[   33.139672]  ret_from_fork+0x41/0x70
[   33.140013]  ret_from_fork_asm+0x1b/0x30
[   33.140279] 
[   33.140549] The buggy address belongs to the object at ffff8881024a3a80
[   33.140549]  which belongs to the cache kmalloc-16 of size 16
[   33.141425] The buggy address is located 18 bytes to the right of
[   33.141425]  allocated 13-byte region [ffff8881024a3a80, ffff8881024a3a8d)
[   33.142436] 
[   33.142608] The buggy address belongs to the physical page:
[   33.142966] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024a3
[   33.143741] flags: 0x200000000000800(slab|node=0|zone=2)
[   33.144118] page_type: 0xffffffff()
[   33.144399] raw: 0200000000000800 ffff8881000413c0 dead000000000122 0000000000000000
[   33.145121] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000
[   33.145686] page dumped because: kasan: bad access detected
[   33.146074] 
[   33.146193] Memory state around the buggy address:
[   33.146544]  ffff8881024a3980: 00 06 fc fc 00 06 fc fc 00 04 fc fc 00 04 fc fc
[   33.147109]  ffff8881024a3a00: 00 01 fc fc 00 01 fc fc 00 04 fc fc 00 04 fc fc
[   33.147652] >ffff8881024a3a80: 00 05 fc fc 00 07 fc fc fc fc fc fc fc fc fc fc
[   33.148099]                             ^
[   33.148475]  ffff8881024a3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.148968]  ffff8881024a3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   33.149487] ==================================================================
Metadata Full log Test run details