Hay
Sign in
Date
July 10, 2025, 6:10 p.m.

Environment
qemu-arm64
qemu-x86_64 

[   16.457304] ==================================================================
[   16.457493] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320
[   16.457545] Read of size 1 at addr fff00000c4498dbf by task kunit_try_catch/138
[   16.457592] 
[   16.457623] CPU: 1 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT 
[   16.457700] Tainted: [B]=BAD_PAGE, [N]=TEST
[   16.457726] Hardware name: linux,dummy-virt (DT)
[   16.457755] Call trace:
[   16.457776]  show_stack+0x20/0x38 (C)
[   16.457940]  dump_stack_lvl+0x8c/0xd0
[   16.457991]  print_report+0x118/0x608
[   16.458036]  kasan_report+0xdc/0x128
[   16.458082]  __asan_report_load1_noabort+0x20/0x30
[   16.458133]  kmalloc_oob_left+0x2ec/0x320
[   16.458178]  kunit_try_run_case+0x170/0x3f0
[   16.458226]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   16.458282]  kthread+0x328/0x630
[   16.458324]  ret_from_fork+0x10/0x20
[   16.458395] 
[   16.458413] Allocated by task 26:
[   16.458441]  kasan_save_stack+0x3c/0x68
[   16.458480]  kasan_save_track+0x20/0x40
[   16.458516]  kasan_save_alloc_info+0x40/0x58
[   16.458555]  __kasan_kmalloc+0xd4/0xd8
[   16.458593]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   16.458637]  kstrdup+0x54/0xc8
[   16.458731]  devtmpfs_work_loop+0x6f8/0xa58
[   16.458871]  devtmpfsd+0x50/0x58
[   16.458945]  kthread+0x328/0x630
[   16.459051]  ret_from_fork+0x10/0x20
[   16.459087] 
[   16.459117] Freed by task 26:
[   16.459443]  kasan_save_stack+0x3c/0x68
[   16.459519]  kasan_save_track+0x20/0x40
[   16.459557]  kasan_save_free_info+0x4c/0x78
[   16.459596]  __kasan_slab_free+0x6c/0x98
[   16.459634]  kfree+0x214/0x3c8
[   16.459677]  devtmpfs_work_loop+0x804/0xa58
[   16.459737]  devtmpfsd+0x50/0x58
[   16.459769]  kthread+0x328/0x630
[   16.460098]  ret_from_fork+0x10/0x20
[   16.460195] 
[   16.460302] The buggy address belongs to the object at fff00000c4498da0
[   16.460302]  which belongs to the cache kmalloc-16 of size 16
[   16.460411] The buggy address is located 15 bytes to the right of
[   16.460411]  allocated 16-byte region [fff00000c4498da0, fff00000c4498db0)
[   16.460495] 
[   16.460559] The buggy address belongs to the physical page:
[   16.460618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104498
[   16.460668] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   16.460749] page_type: f5(slab)
[   16.460785] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   16.461005] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   16.461185] page dumped because: kasan: bad access detected
[   16.461215] 
[   16.461258] Memory state around the buggy address:
[   16.461293]  fff00000c4498c80: 00 06 fc fc fa fb fc fc 00 00 fc fc fa fb fc fc
[   16.461484]  fff00000c4498d00: fa fb fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc
[   16.461526] >fff00000c4498d80: fa fb fc fc fa fb fc fc 00 07 fc fc fc fc fc fc
[   16.461561]                                         ^
[   16.461598]  fff00000c4498e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.461789]  fff00000c4498e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   16.462244] ==================================================================
Metadata Full log Test run details 

[   11.884054] ==================================================================
[   11.884497] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0
[   11.884734] Read of size 1 at addr ffff88810270913f by task kunit_try_catch/155
[   11.885772] 
[   11.886146] CPU: 1 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5 #1 PREEMPT(voluntary) 
[   11.886196] Tainted: [B]=BAD_PAGE, [N]=TEST
[   11.886306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   11.886332] Call Trace:
[   11.886346]  <TASK>
[   11.886364]  dump_stack_lvl+0x73/0xb0
[   11.886397]  print_report+0xd1/0x650
[   11.886419]  ? __virt_addr_valid+0x1db/0x2d0
[   11.886442]  ? kmalloc_oob_left+0x361/0x3c0
[   11.886497]  ? kasan_complete_mode_report_info+0x64/0x200
[   11.886520]  ? kmalloc_oob_left+0x361/0x3c0
[   11.886541]  kasan_report+0x141/0x180
[   11.886562]  ? kmalloc_oob_left+0x361/0x3c0
[   11.886588]  __asan_report_load1_noabort+0x18/0x20
[   11.886613]  kmalloc_oob_left+0x361/0x3c0
[   11.886634]  ? __pfx_kmalloc_oob_left+0x10/0x10
[   11.886656]  ? __schedule+0x10cc/0x2b60
[   11.886678]  ? __pfx_read_tsc+0x10/0x10
[   11.886699]  ? ktime_get_ts64+0x86/0x230
[   11.886722]  kunit_try_run_case+0x1a5/0x480
[   11.886746]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.886769]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   11.886792]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   11.886827]  ? __kthread_parkme+0x82/0x180
[   11.886847]  ? preempt_count_sub+0x50/0x80
[   11.886871]  ? __pfx_kunit_try_run_case+0x10/0x10
[   11.886895]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   11.886919]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   11.886944]  kthread+0x337/0x6f0
[   11.886962]  ? trace_preempt_on+0x20/0xc0
[   11.886984]  ? __pfx_kthread+0x10/0x10
[   11.887004]  ? _raw_spin_unlock_irq+0x47/0x80
[   11.887025]  ? calculate_sigpending+0x7b/0xa0
[   11.887060]  ? __pfx_kthread+0x10/0x10
[   11.887081]  ret_from_fork+0x116/0x1d0
[   11.887098]  ? __pfx_kthread+0x10/0x10
[   11.887118]  ret_from_fork_asm+0x1a/0x30
[   11.887148]  </TASK>
[   11.887159] 
[   11.900314] Allocated by task 44:
[   11.900579]  kasan_save_stack+0x45/0x70
[   11.900828]  kasan_save_track+0x18/0x40
[   11.900997]  kasan_save_alloc_info+0x3b/0x50
[   11.901216]  __kasan_kmalloc+0xb7/0xc0
[   11.901364]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   11.901620]  kvasprintf+0xc5/0x150
[   11.901744]  kasprintf+0xb6/0xf0
[   11.901863]  input_devnode+0x46/0x80
[   11.902238]  device_get_devnode+0x145/0x2a0
[   11.902981]  dev_uevent+0x41c/0x730
[   11.903174]  kobject_uevent_env+0x50d/0xff0
[   11.903346]  kobject_uevent+0xf/0x20
[   11.903475]  device_add+0xe4c/0x1820
[   11.903607]  cdev_device_add+0xab/0x1c0
[   11.904502]  evdev_connect+0x356/0x480
[   11.904948]  input_attach_handler.isra.0+0x117/0x1f0
[   11.905254]  input_register_device+0x722/0xe10
[   11.905446]  psmouse_connect+0x6ed/0xe30
[   11.905614]  serio_driver_probe+0x7a/0xb0
[   11.905799]  really_probe+0x1d4/0x920
[   11.906207]  __driver_probe_device+0x18f/0x3e0
[   11.906426]  driver_probe_device+0x4f/0x130
[   11.906740]  __driver_attach+0x1eb/0x4b0
[   11.907068]  bus_for_each_dev+0x10f/0x1a0
[   11.907453]  driver_attach+0x41/0x60
[   11.907758]  serio_handle_event+0x254/0x940
[   11.907930]  process_one_work+0x5ee/0xf60
[   11.908233]  worker_thread+0x758/0x1220
[   11.908476]  kthread+0x337/0x6f0
[   11.908652]  ret_from_fork+0x116/0x1d0
[   11.908809]  ret_from_fork_asm+0x1a/0x30
[   11.909272] 
[   11.909469] Freed by task 44:
[   11.909679]  kasan_save_stack+0x45/0x70
[   11.909984]  kasan_save_track+0x18/0x40
[   11.910425]  kasan_save_free_info+0x3f/0x60
[   11.910902]  __kasan_slab_free+0x56/0x70
[   11.911314]  kfree+0x222/0x3f0
[   11.911513]  dev_uevent+0x466/0x730
[   11.911739]  kobject_uevent_env+0x50d/0xff0
[   11.912211]  kobject_uevent+0xf/0x20
[   11.912577]  device_add+0xe4c/0x1820
[   11.912946]  cdev_device_add+0xab/0x1c0
[   11.913262]  evdev_connect+0x356/0x480
[   11.913625]  input_attach_handler.isra.0+0x117/0x1f0
[   11.913901]  input_register_device+0x722/0xe10
[   11.914420]  psmouse_connect+0x6ed/0xe30
[   11.914740]  serio_driver_probe+0x7a/0xb0
[   11.914919]  really_probe+0x1d4/0x920
[   11.915354]  __driver_probe_device+0x18f/0x3e0
[   11.915764]  driver_probe_device+0x4f/0x130
[   11.916320]  __driver_attach+0x1eb/0x4b0
[   11.916488]  bus_for_each_dev+0x10f/0x1a0
[   11.916628]  driver_attach+0x41/0x60
[   11.916757]  serio_handle_event+0x254/0x940
[   11.917164]  process_one_work+0x5ee/0xf60
[   11.917534]  worker_thread+0x758/0x1220
[   11.917916]  kthread+0x337/0x6f0
[   11.918290]  ret_from_fork+0x116/0x1d0
[   11.918632]  ret_from_fork_asm+0x1a/0x30
[   11.919058] 
[   11.919264] The buggy address belongs to the object at ffff888102709120
[   11.919264]  which belongs to the cache kmalloc-16 of size 16
[   11.919826] The buggy address is located 15 bytes to the right of
[   11.919826]  allocated 16-byte region [ffff888102709120, ffff888102709130)
[   11.921025] 
[   11.921377] The buggy address belongs to the physical page:
[   11.921599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102709
[   11.922102] flags: 0x200000000000000(node=0|zone=2)
[   11.922532] page_type: f5(slab)
[   11.922828] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   11.923572] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   11.924170] page dumped because: kasan: bad access detected
[   11.924766] 
[   11.924898] Memory state around the buggy address:
[   11.925131]  ffff888102709000: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc
[   11.925773]  ffff888102709080: 00 02 fc fc 00 02 fc fc 00 06 fc fc 00 06 fc fc
[   11.926630] >ffff888102709100: fa fb fc fc fa fb fc fc 00 07 fc fc fc fc fc fc
[   11.927069]                                         ^
[   11.927517]  ffff888102709180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.927928]  ffff888102709200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   11.928463] ==================================================================
Metadata Full log Test run details