Date
July 4, 2025, 3:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 18.832855] ================================================================== [ 18.843538] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 18.850820] Write of size 1 at addr ffff000805f79f00 by task kunit_try_catch/193 [ 18.858197] [ 18.859682] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 18.859738] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.859753] Hardware name: WinLink E850-96 board (DT) [ 18.859774] Call trace: [ 18.859788] show_stack+0x20/0x38 (C) [ 18.859822] dump_stack_lvl+0x8c/0xd0 [ 18.859859] print_report+0x118/0x608 [ 18.859888] kasan_report+0xdc/0x128 [ 18.859918] __asan_report_store1_noabort+0x20/0x30 [ 18.859955] kmalloc_big_oob_right+0x2a4/0x2f0 [ 18.859991] kunit_try_run_case+0x170/0x3f0 [ 18.860025] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.860063] kthread+0x328/0x630 [ 18.860098] ret_from_fork+0x10/0x20 [ 18.860132] [ 18.922867] Allocated by task 193: [ 18.926254] kasan_save_stack+0x3c/0x68 [ 18.930071] kasan_save_track+0x20/0x40 [ 18.933891] kasan_save_alloc_info+0x40/0x58 [ 18.938143] __kasan_kmalloc+0xd4/0xd8 [ 18.941875] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.946389] kmalloc_big_oob_right+0xb8/0x2f0 [ 18.950729] kunit_try_run_case+0x170/0x3f0 [ 18.954896] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.960364] kthread+0x328/0x630 [ 18.963576] ret_from_fork+0x10/0x20 [ 18.967135] [ 18.968613] The buggy address belongs to the object at ffff000805f78000 [ 18.968613] which belongs to the cache kmalloc-8k of size 8192 [ 18.981115] The buggy address is located 0 bytes to the right of [ 18.981115] allocated 7936-byte region [ffff000805f78000, ffff000805f79f00) [ 18.994133] [ 18.995611] The buggy address belongs to the physical page: [ 19.001166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x885f78 [ 19.009150] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.016790] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.023733] page_type: f5(slab) [ 19.026870] raw: 0bfffe0000000040 ffff000800003180 dead000000000122 0000000000000000 [ 19.034589] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 19.042315] head: 0bfffe0000000040 ffff000800003180 dead000000000122 0000000000000000 [ 19.050127] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 19.057940] head: 0bfffe0000000003 fffffdffe017de01 00000000ffffffff 00000000ffffffff [ 19.065752] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 19.073559] page dumped because: kasan: bad access detected [ 19.079113] [ 19.080588] Memory state around the buggy address: [ 19.085370] ffff000805f79e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.092573] ffff000805f79e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.099780] >ffff000805f79f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.106977] ^ [ 19.110193] ffff000805f79f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.117399] ffff000805f7a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.124600] ==================================================================
[ 15.282288] ================================================================== [ 15.282356] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 15.282408] Write of size 1 at addr fff00000c7881f00 by task kunit_try_catch/149 [ 15.282474] [ 15.282506] CPU: 0 UID: 0 PID: 149 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.282584] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.282609] Hardware name: linux,dummy-virt (DT) [ 15.283139] Call trace: [ 15.283177] show_stack+0x20/0x38 (C) [ 15.283229] dump_stack_lvl+0x8c/0xd0 [ 15.283275] print_report+0x118/0x608 [ 15.283317] kasan_report+0xdc/0x128 [ 15.283849] __asan_report_store1_noabort+0x20/0x30 [ 15.283944] kmalloc_big_oob_right+0x2a4/0x2f0 [ 15.284005] kunit_try_run_case+0x170/0x3f0 [ 15.284059] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.284166] kthread+0x328/0x630 [ 15.284215] ret_from_fork+0x10/0x20 [ 15.284260] [ 15.284278] Allocated by task 149: [ 15.284305] kasan_save_stack+0x3c/0x68 [ 15.284342] kasan_save_track+0x20/0x40 [ 15.284376] kasan_save_alloc_info+0x40/0x58 [ 15.284413] __kasan_kmalloc+0xd4/0xd8 [ 15.284446] __kmalloc_cache_noprof+0x16c/0x3c0 [ 15.284481] kmalloc_big_oob_right+0xb8/0x2f0 [ 15.284518] kunit_try_run_case+0x170/0x3f0 [ 15.285361] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.285578] kthread+0x328/0x630 [ 15.285618] ret_from_fork+0x10/0x20 [ 15.286035] [ 15.286072] The buggy address belongs to the object at fff00000c7880000 [ 15.286072] which belongs to the cache kmalloc-8k of size 8192 [ 15.286269] The buggy address is located 0 bytes to the right of [ 15.286269] allocated 7936-byte region [fff00000c7880000, fff00000c7881f00) [ 15.286578] [ 15.286651] The buggy address belongs to the physical page: [ 15.286802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107880 [ 15.287251] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 15.287482] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 15.287746] page_type: f5(slab) [ 15.287790] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 15.288226] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 15.288294] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 15.288341] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 15.288942] head: 0bfffe0000000003 ffffc1ffc31e2001 00000000ffffffff 00000000ffffffff [ 15.289153] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 15.289314] page dumped because: kasan: bad access detected [ 15.289345] [ 15.289536] Memory state around the buggy address: [ 15.289696] fff00000c7881e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.289984] fff00000c7881e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 15.290193] >fff00000c7881f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.290351] ^ [ 15.290528] fff00000c7881f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.290733] fff00000c7882000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.290950] ==================================================================
[ 13.415938] ================================================================== [ 13.416466] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 13.416810] Write of size 1 at addr ffff8881039f9f00 by task kunit_try_catch/165 [ 13.417134] [ 13.417392] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 13.417514] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.417542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.417589] Call Trace: [ 13.417620] <TASK> [ 13.417672] dump_stack_lvl+0x73/0xb0 [ 13.417754] print_report+0xd1/0x650 [ 13.417805] ? __virt_addr_valid+0x1db/0x2d0 [ 13.417858] ? kmalloc_big_oob_right+0x316/0x370 [ 13.417908] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.417959] ? kmalloc_big_oob_right+0x316/0x370 [ 13.418008] kasan_report+0x141/0x180 [ 13.418050] ? kmalloc_big_oob_right+0x316/0x370 [ 13.418102] __asan_report_store1_noabort+0x1b/0x30 [ 13.418146] kmalloc_big_oob_right+0x316/0x370 [ 13.418270] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 13.418328] ? __schedule+0x10cc/0x2b60 [ 13.418397] ? __pfx_read_tsc+0x10/0x10 [ 13.418440] ? ktime_get_ts64+0x86/0x230 [ 13.418506] kunit_try_run_case+0x1a5/0x480 [ 13.418578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.418618] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.418663] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.418688] ? __kthread_parkme+0x82/0x180 [ 13.418713] ? preempt_count_sub+0x50/0x80 [ 13.418741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.418766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.418790] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.418813] kthread+0x337/0x6f0 [ 13.418831] ? trace_preempt_on+0x20/0xc0 [ 13.418857] ? __pfx_kthread+0x10/0x10 [ 13.418876] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.418898] ? calculate_sigpending+0x7b/0xa0 [ 13.418922] ? __pfx_kthread+0x10/0x10 [ 13.418941] ret_from_fork+0x41/0x80 [ 13.418962] ? __pfx_kthread+0x10/0x10 [ 13.418981] ret_from_fork_asm+0x1a/0x30 [ 13.419015] </TASK> [ 13.419028] [ 13.432214] Allocated by task 165: [ 13.433410] kasan_save_stack+0x45/0x70 [ 13.434661] kasan_save_track+0x18/0x40 [ 13.436058] kasan_save_alloc_info+0x3b/0x50 [ 13.436691] __kasan_kmalloc+0xb7/0xc0 [ 13.436872] __kmalloc_cache_noprof+0x189/0x420 [ 13.437563] kmalloc_big_oob_right+0xa9/0x370 [ 13.437818] kunit_try_run_case+0x1a5/0x480 [ 13.438390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.438682] kthread+0x337/0x6f0 [ 13.438863] ret_from_fork+0x41/0x80 [ 13.439185] ret_from_fork_asm+0x1a/0x30 [ 13.439618] [ 13.439772] The buggy address belongs to the object at ffff8881039f8000 [ 13.439772] which belongs to the cache kmalloc-8k of size 8192 [ 13.440480] The buggy address is located 0 bytes to the right of [ 13.440480] allocated 7936-byte region [ffff8881039f8000, ffff8881039f9f00) [ 13.441556] [ 13.441716] The buggy address belongs to the physical page: [ 13.442015] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039f8 [ 13.442561] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.443563] flags: 0x200000000000040(head|node=0|zone=2) [ 13.444000] page_type: f5(slab) [ 13.444491] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 13.444839] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 13.445351] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 13.445809] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 13.446166] head: 0200000000000003 ffffea00040e7e01 00000000ffffffff 00000000ffffffff [ 13.446745] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 13.447192] page dumped because: kasan: bad access detected [ 13.447521] [ 13.447630] Memory state around the buggy address: [ 13.447849] ffff8881039f9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.448427] ffff8881039f9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.448705] >ffff8881039f9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.449239] ^ [ 13.449522] ffff8881039f9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.449918] ffff8881039fa000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.450369] ==================================================================
[ 20.227402] ================================================================== [ 20.239849] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 20.247162] Write of size 1 at addr ffff888107201f00 by task kunit_try_catch/187 [ 20.254555] [ 20.256058] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 20.256065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.256067] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 20.256071] Call Trace: [ 20.256072] <TASK> [ 20.256074] dump_stack_lvl+0x73/0xb0 [ 20.256078] print_report+0xd1/0x650 [ 20.256082] ? __virt_addr_valid+0x1db/0x2d0 [ 20.256086] ? kmalloc_big_oob_right+0x316/0x370 [ 20.256090] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.256095] ? kmalloc_big_oob_right+0x316/0x370 [ 20.256099] kasan_report+0x141/0x180 [ 20.256104] ? kmalloc_big_oob_right+0x316/0x370 [ 20.256109] __asan_report_store1_noabort+0x1b/0x30 [ 20.256113] kmalloc_big_oob_right+0x316/0x370 [ 20.256117] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 20.256122] ? __schedule+0x10cc/0x2b60 [ 20.256126] ? ktime_get_ts64+0x83/0x230 [ 20.256131] kunit_try_run_case+0x1a2/0x480 [ 20.256136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.256140] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.256145] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.256149] ? __kthread_parkme+0x82/0x180 [ 20.256153] ? preempt_count_sub+0x50/0x80 [ 20.256158] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.256163] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 20.256167] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.256172] kthread+0x334/0x6f0 [ 20.256174] ? trace_preempt_on+0x20/0xc0 [ 20.256179] ? __pfx_kthread+0x10/0x10 [ 20.256182] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.256186] ? calculate_sigpending+0x7b/0xa0 [ 20.256190] ? __pfx_kthread+0x10/0x10 [ 20.256193] ret_from_fork+0x3e/0x80 [ 20.256197] ? __pfx_kthread+0x10/0x10 [ 20.256200] ret_from_fork_asm+0x1a/0x30 [ 20.256206] </TASK> [ 20.256207] [ 20.420885] Allocated by task 187: [ 20.424291] kasan_save_stack+0x45/0x70 [ 20.428131] kasan_save_track+0x18/0x40 [ 20.431973] kasan_save_alloc_info+0x3b/0x50 [ 20.436251] __kasan_kmalloc+0xb7/0xc0 [ 20.440003] __kmalloc_cache_noprof+0x189/0x420 [ 20.444537] kmalloc_big_oob_right+0xa9/0x370 [ 20.448897] kunit_try_run_case+0x1a2/0x480 [ 20.453108] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 20.458508] kthread+0x334/0x6f0 [ 20.461739] ret_from_fork+0x3e/0x80 [ 20.465321] ret_from_fork_asm+0x1a/0x30 [ 20.469247] [ 20.470745] The buggy address belongs to the object at ffff888107200000 [ 20.470745] which belongs to the cache kmalloc-8k of size 8192 [ 20.483260] The buggy address is located 0 bytes to the right of [ 20.483260] allocated 7936-byte region [ffff888107200000, ffff888107201f00) [ 20.496293] [ 20.497792] The buggy address belongs to the physical page: [ 20.503367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107200 [ 20.511375] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.519036] flags: 0x200000000000040(head|node=0|zone=2) [ 20.524348] page_type: f5(slab) [ 20.527494] raw: 0200000000000040 ffff888100043180 dead000000000122 0000000000000000 [ 20.535235] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 20.542984] head: 0200000000000040 ffff888100043180 dead000000000122 0000000000000000 [ 20.550834] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 20.558669] head: 0200000000000003 ffffea00041c8001 00000000ffffffff 00000000ffffffff [ 20.566494] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 20.574319] page dumped because: kasan: bad access detected [ 20.579892] [ 20.581417] Memory state around the buggy address: [ 20.586212] ffff888107201e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.593431] ffff888107201e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.600651] >ffff888107201f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.607878] ^ [ 20.611109] ffff888107201f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.618330] ffff888107202000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.625547] ==================================================================