Hay
Sign in
Date
July 15, 2025, 11:35 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64 

[   43.511740] ==================================================================
[   43.520806] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8
[   43.527488] Write of size 16 at addr ffff000802d25960 by task kunit_try_catch/247
[   43.534951] 
[   43.536437] CPU: 2 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   43.536493] Tainted: [B]=BAD_PAGE, [N]=TEST
[   43.536508] Hardware name: WinLink E850-96 board (DT)
[   43.536529] Call trace:
[   43.536541]  show_stack+0x20/0x38 (C)
[   43.536575]  dump_stack_lvl+0x8c/0xd0
[   43.536610]  print_report+0x118/0x5d0
[   43.536638]  kasan_report+0xdc/0x128
[   43.536662]  __asan_report_store16_noabort+0x20/0x30
[   43.536695]  kmalloc_oob_16+0x3a0/0x3f8
[   43.536725]  kunit_try_run_case+0x170/0x3f0
[   43.536755]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   43.536788]  kthread+0x328/0x630
[   43.536815]  ret_from_fork+0x10/0x20
[   43.536849] 
[   43.600316] Allocated by task 247:
[   43.603704]  kasan_save_stack+0x3c/0x68
[   43.607520]  kasan_save_track+0x20/0x40
[   43.611339]  kasan_save_alloc_info+0x40/0x58
[   43.615593]  __kasan_kmalloc+0xd4/0xd8
[   43.619325]  __kmalloc_cache_noprof+0x16c/0x3c0
[   43.623839]  kmalloc_oob_16+0xb4/0x3f8
[   43.627571]  kunit_try_run_case+0x170/0x3f0
[   43.631738]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   43.637207]  kthread+0x328/0x630
[   43.640418]  ret_from_fork+0x10/0x20
[   43.643977] 
[   43.645455] The buggy address belongs to the object at ffff000802d25960
[   43.645455]  which belongs to the cache kmalloc-16 of size 16
[   43.657782] The buggy address is located 0 bytes inside of
[   43.657782]  allocated 13-byte region [ffff000802d25960, ffff000802d2596d)
[   43.670105] 
[   43.671583] The buggy address belongs to the physical page:
[   43.677142] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x882d25
[   43.685125] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   43.691634] page_type: f5(slab)
[   43.694771] raw: 0bfffe0000000000 ffff000800002640 dead000000000122 0000000000000000
[   43.702490] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   43.710210] page dumped because: kasan: bad access detected
[   43.715764] 
[   43.717240] Memory state around the buggy address:
[   43.722023]  ffff000802d25800: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   43.729224]  ffff000802d25880: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   43.736428] >ffff000802d25900: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc
[   43.743629]                                                           ^
[   43.750229]  ffff000802d25980: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.757436]  ffff000802d25a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   43.764635] ==================================================================
Metadata Full log Test run details 

[   30.557312] ==================================================================
[   30.557383] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8
[   30.557457] Write of size 16 at addr fff00000c648e360 by task kunit_try_catch/198
[   30.557506] 
[   30.557719] CPU: 0 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT 
[   30.557972] Tainted: [B]=BAD_PAGE, [N]=TEST
[   30.558051] Hardware name: linux,dummy-virt (DT)
[   30.558127] Call trace:
[   30.558160]  show_stack+0x20/0x38 (C)
[   30.558251]  dump_stack_lvl+0x8c/0xd0
[   30.558367]  print_report+0x118/0x5d0
[   30.558502]  kasan_report+0xdc/0x128
[   30.558582]  __asan_report_store16_noabort+0x20/0x30
[   30.558741]  kmalloc_oob_16+0x3a0/0x3f8
[   30.558837]  kunit_try_run_case+0x170/0x3f0
[   30.558898]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.558950]  kthread+0x328/0x630
[   30.559048]  ret_from_fork+0x10/0x20
[   30.559204] 
[   30.559224] Allocated by task 198:
[   30.559252]  kasan_save_stack+0x3c/0x68
[   30.559297]  kasan_save_track+0x20/0x40
[   30.559335]  kasan_save_alloc_info+0x40/0x58
[   30.559464]  __kasan_kmalloc+0xd4/0xd8
[   30.559521]  __kmalloc_cache_noprof+0x16c/0x3c0
[   30.559598]  kmalloc_oob_16+0xb4/0x3f8
[   30.559746]  kunit_try_run_case+0x170/0x3f0
[   30.559856]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   30.559996]  kthread+0x328/0x630
[   30.560079]  ret_from_fork+0x10/0x20
[   30.560166] 
[   30.560204] The buggy address belongs to the object at fff00000c648e360
[   30.560204]  which belongs to the cache kmalloc-16 of size 16
[   30.560278] The buggy address is located 0 bytes inside of
[   30.560278]  allocated 13-byte region [fff00000c648e360, fff00000c648e36d)
[   30.560384] 
[   30.560424] The buggy address belongs to the physical page:
[   30.560465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10648e
[   30.560895] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   30.561035] page_type: f5(slab)
[   30.561078] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   30.561152] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   30.561528] page dumped because: kasan: bad access detected
[   30.561765] 
[   30.561880] Memory state around the buggy address:
[   30.561959]  fff00000c648e200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   30.562029]  fff00000c648e280: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   30.562135] >fff00000c648e300: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc
[   30.562193]                                                           ^
[   30.562266]  fff00000c648e380: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.562350]  fff00000c648e400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   30.562387] ==================================================================
Metadata Full log Test run details 

[   24.039294] ==================================================================
[   24.039798] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0
[   24.040205] Write of size 16 at addr ffff8881058f7120 by task kunit_try_catch/214
[   24.040507] 
[   24.040848] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G    B            N  6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) 
[   24.040911] Tainted: [B]=BAD_PAGE, [N]=TEST
[   24.040925] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   24.040949] Call Trace:
[   24.040964]  <TASK>
[   24.040985]  dump_stack_lvl+0x73/0xb0
[   24.041024]  print_report+0xd1/0x610
[   24.041052]  ? __virt_addr_valid+0x1db/0x2d0
[   24.041084]  ? kmalloc_oob_16+0x452/0x4a0
[   24.041109]  ? kasan_complete_mode_report_info+0x2a/0x200
[   24.041139]  ? kmalloc_oob_16+0x452/0x4a0
[   24.041165]  kasan_report+0x141/0x180
[   24.041192]  ? kmalloc_oob_16+0x452/0x4a0
[   24.041225]  __asan_report_store16_noabort+0x1b/0x30
[   24.041254]  kmalloc_oob_16+0x452/0x4a0
[   24.041280]  ? __pfx_kmalloc_oob_16+0x10/0x10
[   24.041307]  ? __schedule+0x10cc/0x2b60
[   24.041334]  ? __pfx_read_tsc+0x10/0x10
[   24.041362]  ? ktime_get_ts64+0x86/0x230
[   24.041395]  kunit_try_run_case+0x1a5/0x480
[   24.041424]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.041450]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   24.041477]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   24.041504]  ? __kthread_parkme+0x82/0x180
[   24.041545]  ? preempt_count_sub+0x50/0x80
[   24.041575]  ? __pfx_kunit_try_run_case+0x10/0x10
[   24.041937]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.041973]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   24.042004]  kthread+0x337/0x6f0
[   24.042029]  ? trace_preempt_on+0x20/0xc0
[   24.042059]  ? __pfx_kthread+0x10/0x10
[   24.042085]  ? _raw_spin_unlock_irq+0x47/0x80
[   24.042115]  ? calculate_sigpending+0x7b/0xa0
[   24.042144]  ? __pfx_kthread+0x10/0x10
[   24.042171]  ret_from_fork+0x116/0x1d0
[   24.042195]  ? __pfx_kthread+0x10/0x10
[   24.042220]  ret_from_fork_asm+0x1a/0x30
[   24.042261]  </TASK>
[   24.042274] 
[   24.048916] Allocated by task 214:
[   24.049094]  kasan_save_stack+0x45/0x70
[   24.049440]  kasan_save_track+0x18/0x40
[   24.049602]  kasan_save_alloc_info+0x3b/0x50
[   24.049755]  __kasan_kmalloc+0xb7/0xc0
[   24.049891]  __kmalloc_cache_noprof+0x189/0x420
[   24.050050]  kmalloc_oob_16+0xa8/0x4a0
[   24.050188]  kunit_try_run_case+0x1a5/0x480
[   24.050400]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   24.050670]  kthread+0x337/0x6f0
[   24.050849]  ret_from_fork+0x116/0x1d0
[   24.051042]  ret_from_fork_asm+0x1a/0x30
[   24.051290] 
[   24.051388] The buggy address belongs to the object at ffff8881058f7120
[   24.051388]  which belongs to the cache kmalloc-16 of size 16
[   24.052680] The buggy address is located 0 bytes inside of
[   24.052680]  allocated 13-byte region [ffff8881058f7120, ffff8881058f712d)
[   24.053187] 
[   24.053276] The buggy address belongs to the physical page:
[   24.053470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058f7
[   24.054043] flags: 0x200000000000000(node=0|zone=2)
[   24.054270] page_type: f5(slab)
[   24.054426] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   24.054815] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   24.055048] page dumped because: kasan: bad access detected
[   24.055218] 
[   24.055312] Memory state around the buggy address:
[   24.055541]  ffff8881058f7000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   24.056204]  ffff8881058f7080: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   24.056592] >ffff8881058f7100: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc
[   24.057033]                                   ^
[   24.057241]  ffff8881058f7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.057553]  ffff8881058f7200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   24.057885] ==================================================================
Metadata Full log Test run details