Hay
Sign in
Date
June 26, 2025, 11:12 a.m.

Environment
e850-96
qemu-arm64
qemu-x86_64 

[   26.506773] ==================================================================
[   26.515817] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8
[   26.522499] Write of size 16 at addr ffff000800d62060 by task kunit_try_catch/215
[   26.529962] 
[   26.531450] CPU: 7 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   26.531505] Tainted: [B]=BAD_PAGE, [N]=TEST
[   26.531520] Hardware name: WinLink E850-96 board (DT)
[   26.531540] Call trace:
[   26.531551]  show_stack+0x20/0x38 (C)
[   26.531584]  dump_stack_lvl+0x8c/0xd0
[   26.531619]  print_report+0x118/0x608
[   26.531649]  kasan_report+0xdc/0x128
[   26.531679]  __asan_report_store16_noabort+0x20/0x30
[   26.531713]  kmalloc_oob_16+0x3a0/0x3f8
[   26.531743]  kunit_try_run_case+0x170/0x3f0
[   26.531780]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.531818]  kthread+0x328/0x630
[   26.531855]  ret_from_fork+0x10/0x20
[   26.531892] 
[   26.594110] Allocated by task 215:
[   26.597498]  kasan_save_stack+0x3c/0x68
[   26.601315]  kasan_save_track+0x20/0x40
[   26.605134]  kasan_save_alloc_info+0x40/0x58
[   26.609388]  __kasan_kmalloc+0xd4/0xd8
[   26.613121]  __kmalloc_cache_noprof+0x16c/0x3c0
[   26.617634]  kmalloc_oob_16+0xb4/0x3f8
[   26.621367]  kunit_try_run_case+0x170/0x3f0
[   26.625534]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   26.631002]  kthread+0x328/0x630
[   26.634214]  ret_from_fork+0x10/0x20
[   26.637773] 
[   26.639250] The buggy address belongs to the object at ffff000800d62060
[   26.639250]  which belongs to the cache kmalloc-16 of size 16
[   26.651577] The buggy address is located 0 bytes inside of
[   26.651577]  allocated 13-byte region [ffff000800d62060, ffff000800d6206d)
[   26.663901] 
[   26.665381] The buggy address belongs to the physical page:
[   26.670937] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x880d62
[   26.678922] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   26.685429] page_type: f5(slab)
[   26.688567] raw: 0bfffe0000000000 ffff000800002640 dead000000000122 0000000000000000
[   26.696286] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   26.704004] page dumped because: kasan: bad access detected
[   26.709560] 
[   26.711035] Memory state around the buggy address:
[   26.715817]  ffff000800d61f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.723019]  ffff000800d61f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.730225] >ffff000800d62000: 00 04 fc fc 00 05 fc fc fa fb fc fc 00 05 fc fc
[   26.737424]                                                           ^
[   26.744026]  ffff000800d62080: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.751230]  ffff000800d62100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   26.758431] ==================================================================
Metadata Full log Test run details 

[   17.903185] ==================================================================
[   17.903247] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8
[   17.903302] Write of size 16 at addr fff00000c59e5560 by task kunit_try_catch/168
[   17.903353] 
[   17.903384] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT 
[   17.903467] Tainted: [B]=BAD_PAGE, [N]=TEST
[   17.903494] Hardware name: linux,dummy-virt (DT)
[   17.903524] Call trace:
[   17.903754]  show_stack+0x20/0x38 (C)
[   17.904050]  dump_stack_lvl+0x8c/0xd0
[   17.904539]  print_report+0x118/0x608
[   17.904981]  kasan_report+0xdc/0x128
[   17.905037]  __asan_report_store16_noabort+0x20/0x30
[   17.905131]  kmalloc_oob_16+0x3a0/0x3f8
[   17.905179]  kunit_try_run_case+0x170/0x3f0
[   17.905230]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.905750]  kthread+0x328/0x630
[   17.905806]  ret_from_fork+0x10/0x20
[   17.905867] 
[   17.906010] Allocated by task 168:
[   17.906256]  kasan_save_stack+0x3c/0x68
[   17.906520]  kasan_save_track+0x20/0x40
[   17.906562]  kasan_save_alloc_info+0x40/0x58
[   17.906640]  __kasan_kmalloc+0xd4/0xd8
[   17.906682]  __kmalloc_cache_noprof+0x16c/0x3c0
[   17.906970]  kmalloc_oob_16+0xb4/0x3f8
[   17.907015]  kunit_try_run_case+0x170/0x3f0
[   17.907053]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   17.907321]  kthread+0x328/0x630
[   17.907379]  ret_from_fork+0x10/0x20
[   17.907415] 
[   17.907463] The buggy address belongs to the object at fff00000c59e5560
[   17.907463]  which belongs to the cache kmalloc-16 of size 16
[   17.907629] The buggy address is located 0 bytes inside of
[   17.907629]  allocated 13-byte region [fff00000c59e5560, fff00000c59e556d)
[   17.908065] 
[   17.908088] The buggy address belongs to the physical page:
[   17.908126] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059e5
[   17.908178] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   17.908226] page_type: f5(slab)
[   17.908595] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000
[   17.908742] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   17.909054] page dumped because: kasan: bad access detected
[   17.909087] 
[   17.909292] Memory state around the buggy address:
[   17.909593]  fff00000c59e5400: 00 02 fc fc 00 05 fc fc fa fb fc fc 00 02 fc fc
[   17.909823]  fff00000c59e5480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc
[   17.910080] >fff00000c59e5500: fa fb fc fc 00 04 fc fc fa fb fc fc 00 05 fc fc
[   17.910414]                                                           ^
[   17.910461]  fff00000c59e5580: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.910506]  fff00000c59e5600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   17.910546] ==================================================================
Metadata Full log Test run details 

[   10.877584] ==================================================================
[   10.878364] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0
[   10.879201] Write of size 16 at addr ffff88810213bf00 by task kunit_try_catch/185
[   10.879451] 
[   10.879551] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G    B            N  6.15.4-rc3 #1 PREEMPT(voluntary) 
[   10.880069] Tainted: [B]=BAD_PAGE, [N]=TEST
[   10.880084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   10.880107] Call Trace:
[   10.880122]  <TASK>
[   10.880141]  dump_stack_lvl+0x73/0xb0
[   10.880182]  print_report+0xd1/0x650
[   10.880205]  ? __virt_addr_valid+0x1db/0x2d0
[   10.880229]  ? kmalloc_oob_16+0x452/0x4a0
[   10.880255]  ? kasan_complete_mode_report_info+0x2a/0x200
[   10.880277]  ? kmalloc_oob_16+0x452/0x4a0
[   10.880298]  kasan_report+0x141/0x180
[   10.880320]  ? kmalloc_oob_16+0x452/0x4a0
[   10.880345]  __asan_report_store16_noabort+0x1b/0x30
[   10.880366]  kmalloc_oob_16+0x452/0x4a0
[   10.880387]  ? __pfx_kmalloc_oob_16+0x10/0x10
[   10.880408]  ? __schedule+0x10cc/0x2b60
[   10.880431]  ? __pfx_read_tsc+0x10/0x10
[   10.880452]  ? ktime_get_ts64+0x86/0x230
[   10.880479]  kunit_try_run_case+0x1a5/0x480
[   10.880505]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.880526]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   10.880550]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   10.880572]  ? __kthread_parkme+0x82/0x180
[   10.880595]  ? preempt_count_sub+0x50/0x80
[   10.880622]  ? __pfx_kunit_try_run_case+0x10/0x10
[   10.880646]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.880669]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   10.880692]  kthread+0x337/0x6f0
[   10.880708]  ? trace_preempt_on+0x20/0xc0
[   10.880791]  ? __pfx_kthread+0x10/0x10
[   10.880809]  ? _raw_spin_unlock_irq+0x47/0x80
[   10.880830]  ? calculate_sigpending+0x7b/0xa0
[   10.880852]  ? __pfx_kthread+0x10/0x10
[   10.880870]  ret_from_fork+0x41/0x80
[   10.880891]  ? __pfx_kthread+0x10/0x10
[   10.880908]  ret_from_fork_asm+0x1a/0x30
[   10.880950]  </TASK>
[   10.880962] 
[   10.888998] Allocated by task 185:
[   10.889200]  kasan_save_stack+0x45/0x70
[   10.889405]  kasan_save_track+0x18/0x40
[   10.889623]  kasan_save_alloc_info+0x3b/0x50
[   10.889807]  __kasan_kmalloc+0xb7/0xc0
[   10.889950]  __kmalloc_cache_noprof+0x189/0x420
[   10.890105]  kmalloc_oob_16+0xa8/0x4a0
[   10.890239]  kunit_try_run_case+0x1a5/0x480
[   10.890420]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   10.890877]  kthread+0x337/0x6f0
[   10.891064]  ret_from_fork+0x41/0x80
[   10.891253]  ret_from_fork_asm+0x1a/0x30
[   10.891446] 
[   10.891540] The buggy address belongs to the object at ffff88810213bf00
[   10.891540]  which belongs to the cache kmalloc-16 of size 16
[   10.892329] The buggy address is located 0 bytes inside of
[   10.892329]  allocated 13-byte region [ffff88810213bf00, ffff88810213bf0d)
[   10.892907] 
[   10.893003] The buggy address belongs to the physical page:
[   10.893225] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10213b
[   10.893536] flags: 0x200000000000000(node=0|zone=2)
[   10.893844] page_type: f5(slab)
[   10.894011] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000
[   10.894311] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000
[   10.894640] page dumped because: kasan: bad access detected
[   10.894811] 
[   10.894879] Memory state around the buggy address:
[   10.895044]  ffff88810213be00: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc
[   10.895260]  ffff88810213be80: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc
[   10.895570] >ffff88810213bf00: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc
[   10.896034]                       ^
[   10.896204]  ffff88810213bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   10.896782]  ffff88810213c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   10.897174] ==================================================================
Metadata Full log Test run details