Date
July 11, 2025, 10:11 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 44.176135] ================================================================== [ 44.185329] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 44.192613] Write of size 128 at addr ffff00080193ac00 by task kunit_try_catch/254 [ 44.200163] [ 44.201652] CPU: 2 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 44.201710] Tainted: [B]=BAD_PAGE, [N]=TEST [ 44.201727] Hardware name: WinLink E850-96 board (DT) [ 44.201747] Call trace: [ 44.201761] show_stack+0x20/0x38 (C) [ 44.201798] dump_stack_lvl+0x8c/0xd0 [ 44.201830] print_report+0x118/0x5d0 [ 44.201859] kasan_report+0xdc/0x128 [ 44.201887] kasan_check_range+0x100/0x1a8 [ 44.201916] __asan_memset+0x34/0x78 [ 44.201943] kmalloc_oob_in_memset+0x144/0x2d0 [ 44.201974] kunit_try_run_case+0x170/0x3f0 [ 44.202013] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 44.202048] kthread+0x328/0x630 [ 44.202079] ret_from_fork+0x10/0x20 [ 44.202113] [ 44.268827] Allocated by task 254: [ 44.272215] kasan_save_stack+0x3c/0x68 [ 44.276030] kasan_save_track+0x20/0x40 [ 44.279850] kasan_save_alloc_info+0x40/0x58 [ 44.284103] __kasan_kmalloc+0xd4/0xd8 [ 44.287836] __kmalloc_cache_noprof+0x16c/0x3c0 [ 44.292350] kmalloc_oob_in_memset+0xb0/0x2d0 [ 44.296691] kunit_try_run_case+0x170/0x3f0 [ 44.300856] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 44.306325] kthread+0x328/0x630 [ 44.309537] ret_from_fork+0x10/0x20 [ 44.313096] [ 44.314573] The buggy address belongs to the object at ffff00080193ac00 [ 44.314573] which belongs to the cache kmalloc-128 of size 128 [ 44.327073] The buggy address is located 0 bytes inside of [ 44.327073] allocated 120-byte region [ffff00080193ac00, ffff00080193ac78) [ 44.339484] [ 44.340963] The buggy address belongs to the physical page: [ 44.346521] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88193a [ 44.354505] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 44.362143] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 44.369085] page_type: f5(slab) [ 44.372222] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 44.379942] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 44.387668] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 44.395480] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 44.403293] head: 0bfffe0000000001 fffffdffe0064e81 00000000ffffffff 00000000ffffffff [ 44.411104] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 44.418912] page dumped because: kasan: bad access detected [ 44.424465] [ 44.425941] Memory state around the buggy address: [ 44.430721] ffff00080193ab00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.437924] ffff00080193ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.445130] >ffff00080193ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 44.452330] ^ [ 44.459452] ffff00080193ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.466656] ffff00080193ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.473858] ==================================================================
[ 30.367754] ================================================================== [ 30.367820] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 30.367887] Write of size 128 at addr fff00000c91b3700 by task kunit_try_catch/201 [ 30.367938] [ 30.367988] CPU: 1 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 30.368414] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.368447] Hardware name: linux,dummy-virt (DT) [ 30.368478] Call trace: [ 30.368591] show_stack+0x20/0x38 (C) [ 30.368641] dump_stack_lvl+0x8c/0xd0 [ 30.368687] print_report+0x118/0x5d0 [ 30.368728] kasan_report+0xdc/0x128 [ 30.368769] kasan_check_range+0x100/0x1a8 [ 30.368812] __asan_memset+0x34/0x78 [ 30.368853] kmalloc_oob_in_memset+0x144/0x2d0 [ 30.368905] kunit_try_run_case+0x170/0x3f0 [ 30.369035] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.369203] kthread+0x328/0x630 [ 30.369679] ret_from_fork+0x10/0x20 [ 30.370371] [ 30.370400] Allocated by task 201: [ 30.370431] kasan_save_stack+0x3c/0x68 [ 30.370538] kasan_save_track+0x20/0x40 [ 30.370917] kasan_save_alloc_info+0x40/0x58 [ 30.371050] __kasan_kmalloc+0xd4/0xd8 [ 30.371130] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.371202] kmalloc_oob_in_memset+0xb0/0x2d0 [ 30.371302] kunit_try_run_case+0x170/0x3f0 [ 30.371416] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.371462] kthread+0x328/0x630 [ 30.371494] ret_from_fork+0x10/0x20 [ 30.371529] [ 30.371551] The buggy address belongs to the object at fff00000c91b3700 [ 30.371551] which belongs to the cache kmalloc-128 of size 128 [ 30.371608] The buggy address is located 0 bytes inside of [ 30.371608] allocated 120-byte region [fff00000c91b3700, fff00000c91b3778) [ 30.371667] [ 30.371688] The buggy address belongs to the physical page: [ 30.372149] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091b3 [ 30.372273] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.372750] page_type: f5(slab) [ 30.372803] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.372852] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.372890] page dumped because: kasan: bad access detected [ 30.373277] [ 30.373300] Memory state around the buggy address: [ 30.373483] fff00000c91b3600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.373536] fff00000c91b3680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.373606] >fff00000c91b3700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.373693] ^ [ 30.373739] fff00000c91b3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.373778] fff00000c91b3800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.373815] ==================================================================
[ 23.798959] ================================================================== [ 23.799880] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 23.800813] Write of size 128 at addr ffff888105745000 by task kunit_try_catch/220 [ 23.801581] [ 23.801953] CPU: 1 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.802099] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.802116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.802139] Call Trace: [ 23.802153] <TASK> [ 23.802172] dump_stack_lvl+0x73/0xb0 [ 23.802207] print_report+0xd1/0x610 [ 23.802230] ? __virt_addr_valid+0x1db/0x2d0 [ 23.802255] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.802298] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.802323] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.802346] kasan_report+0x141/0x180 [ 23.802367] ? kmalloc_oob_in_memset+0x15f/0x320 [ 23.802392] kasan_check_range+0x10c/0x1c0 [ 23.802415] __asan_memset+0x27/0x50 [ 23.802437] kmalloc_oob_in_memset+0x15f/0x320 [ 23.802458] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 23.802480] ? __schedule+0x10cc/0x2b60 [ 23.802504] ? __pfx_read_tsc+0x10/0x10 [ 23.802526] ? ktime_get_ts64+0x86/0x230 [ 23.802553] kunit_try_run_case+0x1a5/0x480 [ 23.802576] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.802595] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.802619] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.802643] ? __kthread_parkme+0x82/0x180 [ 23.802665] ? preempt_count_sub+0x50/0x80 [ 23.802689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.802710] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.802748] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.802772] kthread+0x337/0x6f0 [ 23.802793] ? trace_preempt_on+0x20/0xc0 [ 23.802817] ? __pfx_kthread+0x10/0x10 [ 23.802838] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.802860] ? calculate_sigpending+0x7b/0xa0 [ 23.802885] ? __pfx_kthread+0x10/0x10 [ 23.802906] ret_from_fork+0x116/0x1d0 [ 23.802925] ? __pfx_kthread+0x10/0x10 [ 23.802946] ret_from_fork_asm+0x1a/0x30 [ 23.802977] </TASK> [ 23.802989] [ 23.817098] Allocated by task 220: [ 23.817230] kasan_save_stack+0x45/0x70 [ 23.817369] kasan_save_track+0x18/0x40 [ 23.817521] kasan_save_alloc_info+0x3b/0x50 [ 23.817692] __kasan_kmalloc+0xb7/0xc0 [ 23.818143] __kmalloc_cache_noprof+0x189/0x420 [ 23.818392] kmalloc_oob_in_memset+0xac/0x320 [ 23.818849] kunit_try_run_case+0x1a5/0x480 [ 23.819139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.819355] kthread+0x337/0x6f0 [ 23.819746] ret_from_fork+0x116/0x1d0 [ 23.819897] ret_from_fork_asm+0x1a/0x30 [ 23.820212] [ 23.820310] The buggy address belongs to the object at ffff888105745000 [ 23.820310] which belongs to the cache kmalloc-128 of size 128 [ 23.820996] The buggy address is located 0 bytes inside of [ 23.820996] allocated 120-byte region [ffff888105745000, ffff888105745078) [ 23.821506] [ 23.821936] The buggy address belongs to the physical page: [ 23.822142] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105745 [ 23.822782] flags: 0x200000000000000(node=0|zone=2) [ 23.823115] page_type: f5(slab) [ 23.823303] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.823828] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.824223] page dumped because: kasan: bad access detected [ 23.824630] [ 23.824716] Memory state around the buggy address: [ 23.824934] ffff888105744f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.825235] ffff888105744f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.825911] >ffff888105745000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.826198] ^ [ 23.826750] ffff888105745080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.827144] ffff888105745100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.827687] ==================================================================