Hay
Sign in
Date
July 23, 2025, 2:10 a.m.

Environment
qemu-arm64
qemu-x86_64 

[   15.081519] ==================================================================
[   15.081578] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330
[   15.081647] Read of size 1 at addr fff00000c5c8d000 by task kunit_try_catch/140
[   15.081699] 
[   15.081727] CPU: 1 UID: 0 PID: 140 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT 
[   15.081811] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.081847] Hardware name: linux,dummy-virt (DT)
[   15.081890] Call trace:
[   15.081911]  show_stack+0x20/0x38 (C)
[   15.081960]  dump_stack_lvl+0x8c/0xd0
[   15.082006]  print_report+0x118/0x5d0
[   15.082052]  kasan_report+0xdc/0x128
[   15.082096]  __asan_report_load1_noabort+0x20/0x30
[   15.082146]  kmalloc_node_oob_right+0x2f4/0x330
[   15.082193]  kunit_try_run_case+0x170/0x3f0
[   15.082668]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.082805]  kthread+0x328/0x630
[   15.082891]  ret_from_fork+0x10/0x20
[   15.083041] 
[   15.083069] Allocated by task 140:
[   15.083098]  kasan_save_stack+0x3c/0x68
[   15.083139]  kasan_save_track+0x20/0x40
[   15.083176]  kasan_save_alloc_info+0x40/0x58
[   15.083214]  __kasan_kmalloc+0xd4/0xd8
[   15.083267]  __kmalloc_cache_node_noprof+0x178/0x3d0
[   15.083308]  kmalloc_node_oob_right+0xbc/0x330
[   15.083346]  kunit_try_run_case+0x170/0x3f0
[   15.083486]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   15.083698]  kthread+0x328/0x630
[   15.083770]  ret_from_fork+0x10/0x20
[   15.083818] 
[   15.083926] The buggy address belongs to the object at fff00000c5c8c000
[   15.083926]  which belongs to the cache kmalloc-4k of size 4096
[   15.084062] The buggy address is located 0 bytes to the right of
[   15.084062]  allocated 4096-byte region [fff00000c5c8c000, fff00000c5c8d000)
[   15.084207] 
[   15.084255] The buggy address belongs to the physical page:
[   15.084494] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c88
[   15.085497] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.085601] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   15.085713] page_type: f5(slab)
[   15.085951] raw: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000
[   15.086237] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   15.086375] head: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000
[   15.086593] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   15.086756] head: 0bfffe0000000003 ffffc1ffc3172201 00000000ffffffff 00000000ffffffff
[   15.086911] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   15.086977] page dumped because: kasan: bad access detected
[   15.087009] 
[   15.087180] Memory state around the buggy address:
[   15.087216]  fff00000c5c8cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.087259]  fff00000c5c8cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.087557] >fff00000c5c8d000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.087626]                    ^
[   15.087836]  fff00000c5c8d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.087920]  fff00000c5c8d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.088032] ==================================================================
Metadata Full log Test run details 

[   12.070254] ==================================================================
[   12.070849] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0
[   12.071291] Read of size 1 at addr ffff888102903000 by task kunit_try_catch/157
[   12.071531] 
[   12.071651] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc7 #1 PREEMPT(voluntary) 
[   12.071693] Tainted: [B]=BAD_PAGE, [N]=TEST
[   12.071704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   12.071725] Call Trace:
[   12.071736]  <TASK>
[   12.071749]  dump_stack_lvl+0x73/0xb0
[   12.071778]  print_report+0xd1/0x610
[   12.071799]  ? __virt_addr_valid+0x1db/0x2d0
[   12.071835]  ? kmalloc_node_oob_right+0x369/0x3c0
[   12.071858]  ? kasan_complete_mode_report_info+0x2a/0x200
[   12.071879]  ? kmalloc_node_oob_right+0x369/0x3c0
[   12.071902]  kasan_report+0x141/0x180
[   12.071924]  ? kmalloc_node_oob_right+0x369/0x3c0
[   12.071951]  __asan_report_load1_noabort+0x18/0x20
[   12.071974]  kmalloc_node_oob_right+0x369/0x3c0
[   12.071998]  ? __pfx_kmalloc_node_oob_right+0x10/0x10
[   12.072021]  ? __schedule+0x10c6/0x2b60
[   12.072043]  ? __pfx_read_tsc+0x10/0x10
[   12.072063]  ? ktime_get_ts64+0x86/0x230
[   12.072087]  kunit_try_run_case+0x1a5/0x480
[   12.072111]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.072133]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   12.072156]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   12.072178]  ? __kthread_parkme+0x82/0x180
[   12.072198]  ? preempt_count_sub+0x50/0x80
[   12.072236]  ? __pfx_kunit_try_run_case+0x10/0x10
[   12.072260]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.072282]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   12.072305]  kthread+0x337/0x6f0
[   12.072324]  ? trace_preempt_on+0x20/0xc0
[   12.072346]  ? __pfx_kthread+0x10/0x10
[   12.072366]  ? _raw_spin_unlock_irq+0x47/0x80
[   12.072387]  ? calculate_sigpending+0x7b/0xa0
[   12.072410]  ? __pfx_kthread+0x10/0x10
[   12.072430]  ret_from_fork+0x116/0x1d0
[   12.072448]  ? __pfx_kthread+0x10/0x10
[   12.072468]  ret_from_fork_asm+0x1a/0x30
[   12.072497]  </TASK>
[   12.072507] 
[   12.083462] Allocated by task 157:
[   12.083611]  kasan_save_stack+0x45/0x70
[   12.084014]  kasan_save_track+0x18/0x40
[   12.084364]  kasan_save_alloc_info+0x3b/0x50
[   12.084725]  __kasan_kmalloc+0xb7/0xc0
[   12.085021]  __kmalloc_cache_node_noprof+0x188/0x420
[   12.085240]  kmalloc_node_oob_right+0xab/0x3c0
[   12.085717]  kunit_try_run_case+0x1a5/0x480
[   12.085919]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   12.086483]  kthread+0x337/0x6f0
[   12.086755]  ret_from_fork+0x116/0x1d0
[   12.086942]  ret_from_fork_asm+0x1a/0x30
[   12.087379] 
[   12.087578] The buggy address belongs to the object at ffff888102902000
[   12.087578]  which belongs to the cache kmalloc-4k of size 4096
[   12.088114] The buggy address is located 0 bytes to the right of
[   12.088114]  allocated 4096-byte region [ffff888102902000, ffff888102903000)
[   12.088503] 
[   12.088580] The buggy address belongs to the physical page:
[   12.088832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102900
[   12.089367] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   12.089989] flags: 0x200000000000040(head|node=0|zone=2)
[   12.090653] page_type: f5(slab)
[   12.091071] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000
[   12.091752] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   12.092232] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000
[   12.092875] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   12.093236] head: 0200000000000003 ffffea00040a4001 00000000ffffffff 00000000ffffffff
[   12.094027] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   12.094949] page dumped because: kasan: bad access detected
[   12.095329] 
[   12.095580] Memory state around the buggy address:
[   12.096071]  ffff888102902f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.096547]  ffff888102902f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   12.097275] >ffff888102903000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.097761]                    ^
[   12.097894]  ffff888102903080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.098120]  ffff888102903100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   12.098335] ==================================================================
Metadata Full log Test run details