Hay
Sign in
Date
June 26, 2025, 11:12 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64 

[   20.910416] ==================================================================
[   20.921201] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0
[   20.928484] Write of size 1 at addr ffff0008031d9f00 by task kunit_try_catch/193
[   20.935862] 
[   20.937350] CPU: 0 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   20.937405] Tainted: [B]=BAD_PAGE, [N]=TEST
[   20.937421] Hardware name: WinLink E850-96 board (DT)
[   20.937441] Call trace:
[   20.937454]  show_stack+0x20/0x38 (C)
[   20.937489]  dump_stack_lvl+0x8c/0xd0
[   20.937531]  print_report+0x118/0x608
[   20.937567]  kasan_report+0xdc/0x128
[   20.937596]  __asan_report_store1_noabort+0x20/0x30
[   20.937633]  kmalloc_big_oob_right+0x2a4/0x2f0
[   20.937670]  kunit_try_run_case+0x170/0x3f0
[   20.937709]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   20.937747]  kthread+0x328/0x630
[   20.937783]  ret_from_fork+0x10/0x20
[   20.937819] 
[   21.000531] Allocated by task 193:
[   21.003920]  kasan_save_stack+0x3c/0x68
[   21.007736]  kasan_save_track+0x20/0x40
[   21.011555]  kasan_save_alloc_info+0x40/0x58
[   21.015809]  __kasan_kmalloc+0xd4/0xd8
[   21.019541]  __kmalloc_cache_noprof+0x16c/0x3c0
[   21.024055]  kmalloc_big_oob_right+0xb8/0x2f0
[   21.028395]  kunit_try_run_case+0x170/0x3f0
[   21.032561]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   21.038030]  kthread+0x328/0x630
[   21.041242]  ret_from_fork+0x10/0x20
[   21.044801] 
[   21.046280] The buggy address belongs to the object at ffff0008031d8000
[   21.046280]  which belongs to the cache kmalloc-8k of size 8192
[   21.058779] The buggy address is located 0 bytes to the right of
[   21.058779]  allocated 7936-byte region [ffff0008031d8000, ffff0008031d9f00)
[   21.071797] 
[   21.073278] The buggy address belongs to the physical page:
[   21.078833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8831d8
[   21.086818] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   21.094455] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   21.101399] page_type: f5(slab)
[   21.104538] raw: 0bfffe0000000040 ffff000800003180 dead000000000122 0000000000000000
[   21.112255] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   21.119983] head: 0bfffe0000000040 ffff000800003180 dead000000000122 0000000000000000
[   21.127793] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   21.135605] head: 0bfffe0000000003 fffffdffe00c7601 00000000ffffffff 00000000ffffffff
[   21.143417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   21.151223] page dumped because: kasan: bad access detected
[   21.156778] 
[   21.158254] Memory state around the buggy address:
[   21.163036]  ffff0008031d9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.170238]  ffff0008031d9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   21.177443] >ffff0008031d9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.184643]                    ^
[   21.187858]  ffff0008031d9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.195063]  ffff0008031da000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   21.202264] ==================================================================
Metadata Full log Test run details 

[   17.674242] ==================================================================
[   17.674304] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0
[   17.674516] Write of size 1 at addr fff00000c46ddf00 by task kunit_try_catch/146
[   17.674599] 
[   17.674634] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   17.674726] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.674753] Hardware name: linux,dummy-virt (DT)
[   17.674884] Call trace:
[   17.674912]  show_stack+0x20/0x38 (C)
[   17.674982]  dump_stack_lvl+0x8c/0xd0
[   17.675182]  print_report+0x118/0x608
[   17.675242]  kasan_report+0xdc/0x128
[   17.675330]  __asan_report_store1_noabort+0x20/0x30
[   17.675502]  kmalloc_big_oob_right+0x2a4/0x2f0
[   17.675613]  kunit_try_run_case+0x170/0x3f0
[   17.675902]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.676091]  kthread+0x328/0x630
[   17.676207]  ret_from_fork+0x10/0x20
[   17.676305] 
[   17.676325] Allocated by task 146:
[   17.676353]  kasan_save_stack+0x3c/0x68
[   17.676406]  kasan_save_track+0x20/0x40
[   17.676587]  kasan_save_alloc_info+0x40/0x58
[   17.676662]  __kasan_kmalloc+0xd4/0xd8
[   17.676702]  __kmalloc_cache_noprof+0x16c/0x3c0
[   17.676748]  kmalloc_big_oob_right+0xb8/0x2f0
[   17.676912]  kunit_try_run_case+0x170/0x3f0
[   17.677045]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.677123]  kthread+0x328/0x630
[   17.677159]  ret_from_fork+0x10/0x20
[   17.677352] 
[   17.677381] The buggy address belongs to the object at fff00000c46dc000
[   17.677381]  which belongs to the cache kmalloc-8k of size 8192
[   17.677478] The buggy address is located 0 bytes to the right of
[   17.677478]  allocated 7936-byte region [fff00000c46dc000, fff00000c46ddf00)
[   17.677578] 
[   17.677640] The buggy address belongs to the physical page:
[   17.677927] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1046d8
[   17.678005] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   17.678188] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   17.678251] page_type: f5(slab)
[   17.678407] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   17.678482] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   17.678664] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000
[   17.678833] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   17.678930] head: 0bfffe0000000003 ffffc1ffc311b601 00000000ffffffff 00000000ffffffff
[   17.679089] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   17.679142] page dumped because: kasan: bad access detected
[   17.679347] 
[   17.679367] Memory state around the buggy address:
[   17.679400]  fff00000c46dde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.679457]  fff00000c46dde80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   17.679502] >fff00000c46ddf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.679718]                    ^
[   17.679759]  fff00000c46ddf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.679912]  fff00000c46de000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.679994] ==================================================================
Metadata Full log Test run details 

[   10.345975] ==================================================================
[   10.346391] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370
[   10.346866] Write of size 1 at addr ffff888102ab5f00 by task kunit_try_catch/163
[   10.347850] 
[   10.348146] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT(voluntary) 
[   10.348196] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.348210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.348231] Call Trace:
[   10.348243]  <TASK>
[   10.348267]  dump_stack_lvl+0x73/0xb0
[   10.348295]  print_report+0xd1/0x650
[   10.348318]  ? __virt_addr_valid+0x1db/0x2d0
[   10.348339]  ? kmalloc_big_oob_right+0x316/0x370
[   10.348361]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.348384]  ? kmalloc_big_oob_right+0x316/0x370
[   10.348406]  kasan_report+0x141/0x180
[   10.348427]  ? kmalloc_big_oob_right+0x316/0x370
[   10.348454]  __asan_report_store1_noabort+0x1b/0x30
[   10.348474]  kmalloc_big_oob_right+0x316/0x370
[   10.348497]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   10.348521]  ? __pfx_kmalloc_big_oob_right+0x10/0x10
[   10.348556]  kunit_try_run_case+0x1a5/0x480
[   10.348581]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.348602]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.348625]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.348647]  ? __kthread_parkme+0x82/0x180
[   10.348669]  ? preempt_count_sub+0x50/0x80
[   10.348694]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.348717]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.348739]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.348762]  kthread+0x337/0x6f0
[   10.348778]  ? trace_preempt_on+0x20/0xc0
[   10.348801]  ? __pfx_kthread+0x10/0x10
[   10.348819]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.348839]  ? calculate_sigpending+0x7b/0xa0
[   10.348860]  ? __pfx_kthread+0x10/0x10
[   10.348878]  ret_from_fork+0x41/0x80
[   10.348899]  ? __pfx_kthread+0x10/0x10
[   10.348926]  ret_from_fork_asm+0x1a/0x30
[   10.348957]  </TASK>
[   10.348968] 
[   10.360575] Allocated by task 163:
[   10.360725]  kasan_save_stack+0x45/0x70
[   10.360950]  kasan_save_track+0x18/0x40
[   10.361352]  kasan_save_alloc_info+0x3b/0x50
[   10.361774]  __kasan_kmalloc+0xb7/0xc0
[   10.362183]  __kmalloc_cache_noprof+0x189/0x420
[   10.362344]  kmalloc_big_oob_right+0xa9/0x370
[   10.362495]  kunit_try_run_case+0x1a5/0x480
[   10.362874]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.363454]  kthread+0x337/0x6f0
[   10.363875]  ret_from_fork+0x41/0x80
[   10.364269]  ret_from_fork_asm+0x1a/0x30
[   10.364669] 
[   10.364835] The buggy address belongs to the object at ffff888102ab4000
[   10.364835]  which belongs to the cache kmalloc-8k of size 8192
[   10.365830] The buggy address is located 0 bytes to the right of
[   10.365830]  allocated 7936-byte region [ffff888102ab4000, ffff888102ab5f00)
[   10.366498] 
[   10.366574] The buggy address belongs to the physical page:
[   10.366822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab0
[   10.367536] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   10.368546] flags: 0x200000000000040(head|node=0|zone=2)
[   10.369136] page_type: f5(slab)
[   10.369590] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   10.369881] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   10.370128] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000
[   10.370361] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[   10.370706] head: 0200000000000003 ffffea00040aac01 00000000ffffffff 00000000ffffffff
[   10.371584] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   10.372505] page dumped because: kasan: bad access detected
[   10.373260] 
[   10.373508] Memory state around the buggy address:
[   10.374087]  ffff888102ab5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.374461]  ffff888102ab5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.375251] >ffff888102ab5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.376262]                    ^
[   10.376671]  ffff888102ab5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.377401]  ffff888102ab6000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.378001] ==================================================================
Metadata Full log Test run details