Hay
Sign in
Date
July 11, 2025, 10:11 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64 

[   37.222461] ==================================================================
[   37.231700] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330
[   37.239072] Read of size 1 at addr ffff000807c37000 by task kunit_try_catch/224
[   37.246362] 
[   37.247848] CPU: 4 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   37.247908] Tainted: [B]=BAD_PAGE, [N]=TEST
[   37.247922] Hardware name: WinLink E850-96 board (DT)
[   37.247944] Call trace:
[   37.247959]  show_stack+0x20/0x38 (C)
[   37.247995]  dump_stack_lvl+0x8c/0xd0
[   37.248029]  print_report+0x118/0x5d0
[   37.248058]  kasan_report+0xdc/0x128
[   37.248084]  __asan_report_load1_noabort+0x20/0x30
[   37.248116]  kmalloc_node_oob_right+0x2f4/0x330
[   37.248148]  kunit_try_run_case+0x170/0x3f0
[   37.248191]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.248225]  kthread+0x328/0x630
[   37.248254]  ret_from_fork+0x10/0x20
[   37.248289] 
[   37.312248] Allocated by task 224:
[   37.315636]  kasan_save_stack+0x3c/0x68
[   37.319451]  kasan_save_track+0x20/0x40
[   37.323270]  kasan_save_alloc_info+0x40/0x58
[   37.327524]  __kasan_kmalloc+0xd4/0xd8
[   37.331256]  __kmalloc_cache_node_noprof+0x178/0x3d0
[   37.336204]  kmalloc_node_oob_right+0xbc/0x330
[   37.340631]  kunit_try_run_case+0x170/0x3f0
[   37.344798]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   37.350266]  kthread+0x328/0x630
[   37.353478]  ret_from_fork+0x10/0x20
[   37.357037] 
[   37.358514] The buggy address belongs to the object at ffff000807c36000
[   37.358514]  which belongs to the cache kmalloc-4k of size 4096
[   37.371015] The buggy address is located 0 bytes to the right of
[   37.371015]  allocated 4096-byte region [ffff000807c36000, ffff000807c37000)
[   37.384033] 
[   37.385511] The buggy address belongs to the physical page:
[   37.391069] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x887c30
[   37.399052] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   37.406692] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   37.413635] page_type: f5(slab)
[   37.416771] raw: 0bfffe0000000040 ffff000800003040 dead000000000122 0000000000000000
[   37.424490] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   37.432218] head: 0bfffe0000000040 ffff000800003040 dead000000000122 0000000000000000
[   37.440028] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   37.447842] head: 0bfffe0000000003 fffffdffe01f0c01 00000000ffffffff 00000000ffffffff
[   37.455654] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   37.463459] page dumped because: kasan: bad access detected
[   37.469015] 
[   37.470490] Memory state around the buggy address:
[   37.475270]  ffff000807c36f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.482473]  ffff000807c36f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   37.489679] >ffff000807c37000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.496879]                    ^
[   37.500095]  ffff000807c37080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.507299]  ffff000807c37100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.514501] ==================================================================
Metadata Full log Test run details 

[   30.082538] ==================================================================
[   30.082613] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330
[   30.082677] Read of size 1 at addr fff00000c984f000 by task kunit_try_catch/171
[   30.082727] 
[   30.082764] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT 
[   30.082930] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.083003] Hardware name: linux,dummy-virt (DT)
[   30.083059] Call trace:
[   30.083100]  show_stack+0x20/0x38 (C)
[   30.083167]  dump_stack_lvl+0x8c/0xd0
[   30.083222]  print_report+0x118/0x5d0
[   30.083290]  kasan_report+0xdc/0x128
[   30.083344]  __asan_report_load1_noabort+0x20/0x30
[   30.083392]  kmalloc_node_oob_right+0x2f4/0x330
[   30.083446]  kunit_try_run_case+0x170/0x3f0
[   30.083513]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.083582]  kthread+0x328/0x630
[   30.083641]  ret_from_fork+0x10/0x20
[   30.083734] 
[   30.083753] Allocated by task 171:
[   30.083781]  kasan_save_stack+0x3c/0x68
[   30.083829]  kasan_save_track+0x20/0x40
[   30.083875]  kasan_save_alloc_info+0x40/0x58
[   30.084156]  __kasan_kmalloc+0xd4/0xd8
[   30.084231]  __kmalloc_cache_node_noprof+0x178/0x3d0
[   30.084292]  kmalloc_node_oob_right+0xbc/0x330
[   30.084359]  kunit_try_run_case+0x170/0x3f0
[   30.084403]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.084475]  kthread+0x328/0x630
[   30.084523]  ret_from_fork+0x10/0x20
[   30.084558] 
[   30.084577] The buggy address belongs to the object at fff00000c984e000
[   30.084577]  which belongs to the cache kmalloc-4k of size 4096
[   30.084651] The buggy address is located 0 bytes to the right of
[   30.084651]  allocated 4096-byte region [fff00000c984e000, fff00000c984f000)
[   30.084730] 
[   30.084769] The buggy address belongs to the physical page:
[   30.084844] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x109848
[   30.085001] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   30.085050] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   30.085221] page_type: f5(slab)
[   30.085335] raw: 0bfffe0000000040 fff00000c0002140 dead000000000100 dead000000000122
[   30.085424] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   30.085484] head: 0bfffe0000000040 fff00000c0002140 dead000000000100 dead000000000122
[   30.085610] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   30.085692] head: 0bfffe0000000003 ffffc1ffc3261201 00000000ffffffff 00000000ffffffff
[   30.085842] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   30.085933] page dumped because: kasan: bad access detected
[   30.086042] 
[   30.086114] Memory state around the buggy address:
[   30.086199]  fff00000c984ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.087019]  fff00000c984ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   30.087073] >fff00000c984f000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.087109]                    ^
[   30.087137]  fff00000c984f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.087177]  fff00000c984f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.087213] ==================================================================
Metadata Full log Test run details 

[   23.114047] ==================================================================
[   23.114486] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0
[   23.114753] Read of size 1 at addr ffff888106017000 by task kunit_try_catch/190
[   23.114977] 
[   23.115436] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) 
[   23.115859] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.115876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.115900] Call Trace:
[   23.115915]  <TASK>
[   23.115937]  dump_stack_lvl+0x73/0xb0
[   23.115973]  print_report+0xd1/0x610
[   23.115995]  ? __virt_addr_valid+0x1db/0x2d0
[   23.116021]  ? kmalloc_node_oob_right+0x369/0x3c0
[   23.116044]  ? kasan_complete_mode_report_info+0x2a/0x200
[   23.116070]  ? kmalloc_node_oob_right+0x369/0x3c0
[   23.116093]  kasan_report+0x141/0x180
[   23.116114]  ? kmalloc_node_oob_right+0x369/0x3c0
[   23.116141]  __asan_report_load1_noabort+0x18/0x20
[   23.116164]  kmalloc_node_oob_right+0x369/0x3c0
[   23.116187]  ? __pfx_kmalloc_node_oob_right+0x10/0x10
[   23.116210]  ? __schedule+0x10cc/0x2b60
[   23.116234]  ? __pfx_read_tsc+0x10/0x10
[   23.116256]  ? ktime_get_ts64+0x86/0x230
[   23.116302]  kunit_try_run_case+0x1a5/0x480
[   23.116333]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.116353]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.116376]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.116399]  ? __kthread_parkme+0x82/0x180
[   23.116420]  ? preempt_count_sub+0x50/0x80
[   23.116443]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.116464]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.116488]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.116513]  kthread+0x337/0x6f0
[   23.116533]  ? trace_preempt_on+0x20/0xc0
[   23.116556]  ? __pfx_kthread+0x10/0x10
[   23.116577]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.116599]  ? calculate_sigpending+0x7b/0xa0
[   23.116624]  ? __pfx_kthread+0x10/0x10
[   23.116645]  ret_from_fork+0x116/0x1d0
[   23.116665]  ? __pfx_kthread+0x10/0x10
[   23.116685]  ret_from_fork_asm+0x1a/0x30
[   23.116716]  </TASK>
[   23.116728] 
[   23.130508] Allocated by task 190:
[   23.131008]  kasan_save_stack+0x45/0x70
[   23.131201]  kasan_save_track+0x18/0x40
[   23.131909]  kasan_save_alloc_info+0x3b/0x50
[   23.132343]  __kasan_kmalloc+0xb7/0xc0
[   23.132840]  __kmalloc_cache_node_noprof+0x188/0x420
[   23.133016]  kmalloc_node_oob_right+0xab/0x3c0
[   23.133165]  kunit_try_run_case+0x1a5/0x480
[   23.133324]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.134175]  kthread+0x337/0x6f0
[   23.134646]  ret_from_fork+0x116/0x1d0
[   23.135163]  ret_from_fork_asm+0x1a/0x30
[   23.135761] 
[   23.136066] The buggy address belongs to the object at ffff888106016000
[   23.136066]  which belongs to the cache kmalloc-4k of size 4096
[   23.137485] The buggy address is located 0 bytes to the right of
[   23.137485]  allocated 4096-byte region [ffff888106016000, ffff888106017000)
[   23.138068] 
[   23.138150] The buggy address belongs to the physical page:
[   23.138865] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106010
[   23.139921] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   23.140657] flags: 0x200000000000040(head|node=0|zone=2)
[   23.141403] page_type: f5(slab)
[   23.141878] raw: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122
[   23.142623] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   23.142980] head: 0200000000000040 ffff888100042140 dead000000000100 dead000000000122
[   23.143202] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000
[   23.144073] head: 0200000000000003 ffffea0004180401 00000000ffffffff 00000000ffffffff
[   23.144936] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   23.145815] page dumped because: kasan: bad access detected
[   23.146496] 
[   23.146765] Memory state around the buggy address:
[   23.147331]  ffff888106016f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.147714]  ffff888106016f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   23.148500] >ffff888106017000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.148860]                    ^
[   23.148975]  ffff888106017080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.149177]  ffff888106017100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.149498] ==================================================================
Metadata Full log Test run details