Hay
Sign in
Date
July 15, 2025, 11:35 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64 

[   36.849810] ==================================================================
[   36.858927] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320
[   36.865785] Read of size 1 at addr ffff0008027546ff by task kunit_try_catch/219
[   36.873073] 
[   36.874559] CPU: 3 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   36.874612] Tainted: [B]=BAD_PAGE, [N]=TEST
[   36.874630] Hardware name: WinLink E850-96 board (DT)
[   36.874649] Call trace:
[   36.874666]  show_stack+0x20/0x38 (C)
[   36.874701]  dump_stack_lvl+0x8c/0xd0
[   36.874737]  print_report+0x118/0x5d0
[   36.874766]  kasan_report+0xdc/0x128
[   36.874792]  __asan_report_load1_noabort+0x20/0x30
[   36.874826]  kmalloc_oob_left+0x2ec/0x320
[   36.874855]  kunit_try_run_case+0x170/0x3f0
[   36.874886]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   36.874919]  kthread+0x328/0x630
[   36.874949]  ret_from_fork+0x10/0x20
[   36.874985] 
[   36.938436] Allocated by task 35:
[   36.941738]  kasan_save_stack+0x3c/0x68
[   36.945554]  kasan_save_track+0x20/0x40
[   36.949373]  kasan_save_alloc_info+0x40/0x58
[   36.953626]  __kasan_kmalloc+0xd4/0xd8
[   36.957359]  __kmalloc_node_track_caller_noprof+0x194/0x4b8
[   36.962914]  kvasprintf+0xe0/0x180
[   36.966300]  __kthread_create_on_node+0x16c/0x350
[   36.970987]  kthread_create_on_node+0xe4/0x130
[   36.975414]  create_worker+0x380/0x6b8
[   36.979147]  worker_thread+0x808/0xf38
[   36.982879]  kthread+0x328/0x630
[   36.986091]  ret_from_fork+0x10/0x20
[   36.989650] 
[   36.991128] The buggy address belongs to the object at ffff0008027546e0
[   36.991128]  which belongs to the cache kmalloc-16 of size 16
[   37.003454] The buggy address is located 18 bytes to the right of
[   37.003454]  allocated 13-byte region [ffff0008027546e0, ffff0008027546ed)
[   37.016386] 
[   37.017865] The buggy address belongs to the physical page:
[   37.023423] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x882754
[   37.031405] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   37.037915] page_type: f5(slab)
[   37.041052] raw: 0bfffe0000000000 ffff000800002640 dead000000000122 0000000000000000
[   37.048770] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   37.056491] page dumped because: kasan: bad access detected
[   37.062045] 
[   37.063520] Memory state around the buggy address:
[   37.068301]  ffff000802754580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   37.075506]  ffff000802754600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   37.082708] >ffff000802754680: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc
[   37.089909]                                                                 ^
[   37.097031]  ffff000802754700: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.104235]  ffff000802754780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   37.111437] ==================================================================
Metadata Full log Test run details 

[   30.275131] ==================================================================
[   30.275228] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320
[   30.275310] Read of size 1 at addr fff00000c648e33f by task kunit_try_catch/170
[   30.275359] 
[   30.275955] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.276320] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.276500] Hardware name: linux,dummy-virt (DT)
[   30.276535] Call trace:
[   30.276564]  show_stack+0x20/0x38 (C)
[   30.276627]  dump_stack_lvl+0x8c/0xd0
[   30.276972]  print_report+0x118/0x5d0
[   30.277077]  kasan_report+0xdc/0x128
[   30.277155]  __asan_report_load1_noabort+0x20/0x30
[   30.277210]  kmalloc_oob_left+0x2ec/0x320
[   30.277415]  kunit_try_run_case+0x170/0x3f0
[   30.277516]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.277568]  kthread+0x328/0x630
[   30.277663]  ret_from_fork+0x10/0x20
[   30.277718] 
[   30.278074] Allocated by task 111:
[   30.278170]  kasan_save_stack+0x3c/0x68
[   30.278309]  kasan_save_track+0x20/0x40
[   30.278357]  kasan_save_alloc_info+0x40/0x58
[   30.278503]  __kasan_kmalloc+0xd4/0xd8
[   30.278553]  __kmalloc_noprof+0x198/0x4c8
[   30.278601]  kunit_kmalloc_array+0x34/0x88
[   30.278754]  test_readerwriter+0x3b0/0x948
[   30.278829]  kunit_try_run_case+0x170/0x3f0
[   30.278881]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.278923]  kthread+0x328/0x630
[   30.279204]  ret_from_fork+0x10/0x20
[   30.279246] 
[   30.279282] Freed by task 113:
[   30.279546]  kasan_save_stack+0x3c/0x68
[   30.279598]  kasan_save_track+0x20/0x40
[   30.279636]  kasan_save_free_info+0x4c/0x78
[   30.280019]  __kasan_slab_free+0x6c/0x98
[   30.280076]  kfree+0x214/0x3c8
[   30.280397]  kfree_action_wrapper+0x18/0x30
[   30.280473]  __kunit_action_free+0x58/0x80
[   30.280509]  kunit_remove_resource+0x14c/0x1f8
[   30.280552]  kunit_cleanup+0x6c/0x108
[   30.280755]  kunit_try_run_case_cleanup+0xa4/0xe0
[   30.280919]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.281156]  kthread+0x328/0x630
[   30.281189]  ret_from_fork+0x10/0x20
[   30.281279] 
[   30.281304] The buggy address belongs to the object at fff00000c648e320
[   30.281304]  which belongs to the cache kmalloc-16 of size 16
[   30.281517] The buggy address is located 15 bytes to the right of
[   30.281517]  allocated 16-byte region [fff00000c648e320, fff00000c648e330)
[   30.281587] 
[   30.281607] The buggy address belongs to the physical page:
[   30.281709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10648e
[   30.281764] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   30.281828] page_type: f5(slab)
[   30.281870] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   30.281919] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   30.282124] page dumped because: kasan: bad access detected
[   30.282154] 
[   30.282194] Memory state around the buggy address:
[   30.282312]  fff00000c648e200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   30.282353]  fff00000c648e280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   30.282393] >fff00000c648e300: fa fb fc fc fa fb fc fc 00 07 fc fc fc fc fc fc
[   30.282486]                                         ^
[   30.282552]  fff00000c648e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.282594]  fff00000c648e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.282631] ==================================================================
Metadata Full log Test run details 

[   23.440956] ==================================================================
[   23.442443] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0
[   23.443077] Read of size 1 at addr ffff8881058f70ff by task kunit_try_catch/186
[   23.443315] 
[   23.443402] CPU: 0 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   23.443455] Tainted: [B]=BAD_PAGE, [N]=TEST
[   23.443469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   23.443490] Call Trace:
[   23.443504]  <TASK>
[   23.443534]  dump_stack_lvl+0x73/0xb0
[   23.443568]  print_report+0xd1/0x610
[   23.443601]  ? __virt_addr_valid+0x1db/0x2d0
[   23.443630]  ? kmalloc_oob_left+0x361/0x3c0
[   23.443655]  ? kasan_complete_mode_report_info+0x64/0x200
[   23.443686]  ? kmalloc_oob_left+0x361/0x3c0
[   23.443712]  kasan_report+0x141/0x180
[   23.443739]  ? kmalloc_oob_left+0x361/0x3c0
[   23.443772]  __asan_report_load1_noabort+0x18/0x20
[   23.444216]  kmalloc_oob_left+0x361/0x3c0
[   23.444246]  ? __pfx_kmalloc_oob_left+0x10/0x10
[   23.444276]  ? __schedule+0x10cc/0x2b60
[   23.444303]  ? __pfx_read_tsc+0x10/0x10
[   23.444328]  ? ktime_get_ts64+0x86/0x230
[   23.444359]  kunit_try_run_case+0x1a5/0x480
[   23.444387]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.444413]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   23.444440]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   23.444466]  ? __kthread_parkme+0x82/0x180
[   23.444491]  ? preempt_count_sub+0x50/0x80
[   23.444533]  ? __pfx_kunit_try_run_case+0x10/0x10
[   23.444562]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   23.444624]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   23.444657]  kthread+0x337/0x6f0
[   23.444682]  ? trace_preempt_on+0x20/0xc0
[   23.444710]  ? __pfx_kthread+0x10/0x10
[   23.444743]  ? _raw_spin_unlock_irq+0x47/0x80
[   23.444772]  ? calculate_sigpending+0x7b/0xa0
[   23.444800]  ? __pfx_kthread+0x10/0x10
[   23.444827]  ret_from_fork+0x116/0x1d0
[   23.444850]  ? __pfx_kthread+0x10/0x10
[   23.444876]  ret_from_fork_asm+0x1a/0x30
[   23.444915]  </TASK>
[   23.444927] 
[   23.457367] Allocated by task 26:
[   23.457554]  kasan_save_stack+0x45/0x70
[   23.457909]  kasan_save_track+0x18/0x40
[   23.458092]  kasan_save_alloc_info+0x3b/0x50
[   23.458305]  __kasan_kmalloc+0xb7/0xc0
[   23.458581]  __kmalloc_node_track_caller_noprof+0x1cb/0x500
[   23.458937]  kstrdup+0x3e/0xa0
[   23.459106]  devtmpfs_work_loop+0x96d/0xf30
[   23.459449]  devtmpfsd+0x3b/0x40
[   23.459708]  kthread+0x337/0x6f0
[   23.459882]  ret_from_fork+0x116/0x1d0
[   23.460175]  ret_from_fork_asm+0x1a/0x30
[   23.460388] 
[   23.460483] Freed by task 26:
[   23.460693]  kasan_save_stack+0x45/0x70
[   23.461111]  kasan_save_track+0x18/0x40
[   23.461268]  kasan_save_free_info+0x3f/0x60
[   23.461477]  __kasan_slab_free+0x56/0x70
[   23.461874]  kfree+0x222/0x3f0
[   23.462049]  devtmpfs_work_loop+0xacb/0xf30
[   23.462261]  devtmpfsd+0x3b/0x40
[   23.462434]  kthread+0x337/0x6f0
[   23.462755]  ret_from_fork+0x116/0x1d0
[   23.462935]  ret_from_fork_asm+0x1a/0x30
[   23.463143] 
[   23.463245] The buggy address belongs to the object at ffff8881058f70e0
[   23.463245]  which belongs to the cache kmalloc-16 of size 16
[   23.464247] The buggy address is located 15 bytes to the right of
[   23.464247]  allocated 16-byte region [ffff8881058f70e0, ffff8881058f70f0)
[   23.465308] 
[   23.465390] The buggy address belongs to the physical page:
[   23.465576] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058f7
[   23.466414] flags: 0x200000000000000(node=0|zone=2)
[   23.466994] page_type: f5(slab)
[   23.467431] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   23.467905] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   23.468605] page dumped because: kasan: bad access detected
[   23.468991] 
[   23.469069] Memory state around the buggy address:
[   23.469231]  ffff8881058f6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.469450]  ffff8881058f7000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   23.469928] >ffff8881058f7080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   23.470834]                                                                 ^
[   23.471443]  ffff8881058f7100: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.472151]  ffff8881058f7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   23.472917] ==================================================================
Metadata Full log Test run details