Date
July 11, 2025, 10:11 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 45.403157] ================================================================== [ 45.412737] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 45.420028] Write of size 16 at addr ffff00080193ae69 by task kunit_try_catch/262 [ 45.427490] [ 45.428974] CPU: 2 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 45.429027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 45.429045] Hardware name: WinLink E850-96 board (DT) [ 45.429071] Call trace: [ 45.429083] show_stack+0x20/0x38 (C) [ 45.429119] dump_stack_lvl+0x8c/0xd0 [ 45.429151] print_report+0x118/0x5d0 [ 45.429180] kasan_report+0xdc/0x128 [ 45.429210] kasan_check_range+0x100/0x1a8 [ 45.429239] __asan_memset+0x34/0x78 [ 45.429269] kmalloc_oob_memset_16+0x150/0x2f8 [ 45.429302] kunit_try_run_case+0x170/0x3f0 [ 45.429339] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 45.429372] kthread+0x328/0x630 [ 45.429402] ret_from_fork+0x10/0x20 [ 45.429436] [ 45.496151] Allocated by task 262: [ 45.499540] kasan_save_stack+0x3c/0x68 [ 45.503356] kasan_save_track+0x20/0x40 [ 45.507175] kasan_save_alloc_info+0x40/0x58 [ 45.511428] __kasan_kmalloc+0xd4/0xd8 [ 45.515161] __kmalloc_cache_noprof+0x16c/0x3c0 [ 45.519675] kmalloc_oob_memset_16+0xb0/0x2f8 [ 45.524016] kunit_try_run_case+0x170/0x3f0 [ 45.528181] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 45.533651] kthread+0x328/0x630 [ 45.536862] ret_from_fork+0x10/0x20 [ 45.540421] [ 45.541898] The buggy address belongs to the object at ffff00080193ae00 [ 45.541898] which belongs to the cache kmalloc-128 of size 128 [ 45.554399] The buggy address is located 105 bytes inside of [ 45.554399] allocated 120-byte region [ffff00080193ae00, ffff00080193ae78) [ 45.566983] [ 45.568463] The buggy address belongs to the physical page: [ 45.574018] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88193a [ 45.582003] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 45.589643] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 45.596585] page_type: f5(slab) [ 45.599721] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 45.607441] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 45.615167] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 45.622978] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 45.630791] head: 0bfffe0000000001 fffffdffe0064e81 00000000ffffffff 00000000ffffffff [ 45.638603] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 45.646409] page dumped because: kasan: bad access detected [ 45.651964] [ 45.653440] Memory state around the buggy address: [ 45.658220] ffff00080193ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.665423] ffff00080193ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.672632] >ffff00080193ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 45.679829] ^ [ 45.686950] ffff00080193ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.694155] ffff00080193af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.701356] ==================================================================
[ 30.438751] ================================================================== [ 30.438860] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 30.438935] Write of size 16 at addr fff00000c91b3b69 by task kunit_try_catch/209 [ 30.438986] [ 30.439033] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 30.439300] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.439398] Hardware name: linux,dummy-virt (DT) [ 30.439511] Call trace: [ 30.439537] show_stack+0x20/0x38 (C) [ 30.439589] dump_stack_lvl+0x8c/0xd0 [ 30.439942] print_report+0x118/0x5d0 [ 30.440024] kasan_report+0xdc/0x128 [ 30.440067] kasan_check_range+0x100/0x1a8 [ 30.440111] __asan_memset+0x34/0x78 [ 30.440153] kmalloc_oob_memset_16+0x150/0x2f8 [ 30.440199] kunit_try_run_case+0x170/0x3f0 [ 30.440289] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.440494] kthread+0x328/0x630 [ 30.440544] ret_from_fork+0x10/0x20 [ 30.440763] [ 30.440851] Allocated by task 209: [ 30.440903] kasan_save_stack+0x3c/0x68 [ 30.441030] kasan_save_track+0x20/0x40 [ 30.441074] kasan_save_alloc_info+0x40/0x58 [ 30.441111] __kasan_kmalloc+0xd4/0xd8 [ 30.441154] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.441226] kmalloc_oob_memset_16+0xb0/0x2f8 [ 30.441338] kunit_try_run_case+0x170/0x3f0 [ 30.441401] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.441447] kthread+0x328/0x630 [ 30.441481] ret_from_fork+0x10/0x20 [ 30.441518] [ 30.441541] The buggy address belongs to the object at fff00000c91b3b00 [ 30.441541] which belongs to the cache kmalloc-128 of size 128 [ 30.441599] The buggy address is located 105 bytes inside of [ 30.441599] allocated 120-byte region [fff00000c91b3b00, fff00000c91b3b78) [ 30.442009] [ 30.442033] The buggy address belongs to the physical page: [ 30.442101] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091b3 [ 30.442389] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.442672] page_type: f5(slab) [ 30.442731] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.442983] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.443155] page dumped because: kasan: bad access detected [ 30.443373] [ 30.443398] Memory state around the buggy address: [ 30.443436] fff00000c91b3a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.443481] fff00000c91b3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.443775] >fff00000c91b3b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.443884] ^ [ 30.443986] fff00000c91b3b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.444028] fff00000c91b3c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.444068] ==================================================================
[ 23.914520] ================================================================== [ 23.915017] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 23.915244] Write of size 16 at addr ffff888105745169 by task kunit_try_catch/228 [ 23.916435] [ 23.916657] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.916855] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.916872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.916894] Call Trace: [ 23.916907] <TASK> [ 23.916925] dump_stack_lvl+0x73/0xb0 [ 23.916958] print_report+0xd1/0x610 [ 23.916982] ? __virt_addr_valid+0x1db/0x2d0 [ 23.917008] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.917029] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.917055] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.917076] kasan_report+0x141/0x180 [ 23.917098] ? kmalloc_oob_memset_16+0x166/0x330 [ 23.917125] kasan_check_range+0x10c/0x1c0 [ 23.917149] __asan_memset+0x27/0x50 [ 23.917172] kmalloc_oob_memset_16+0x166/0x330 [ 23.917193] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 23.917217] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 23.917242] kunit_try_run_case+0x1a5/0x480 [ 23.917263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.917283] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.917307] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.917329] ? __kthread_parkme+0x82/0x180 [ 23.917351] ? preempt_count_sub+0x50/0x80 [ 23.917394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.917425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.917450] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.917474] kthread+0x337/0x6f0 [ 23.917495] ? trace_preempt_on+0x20/0xc0 [ 23.917518] ? __pfx_kthread+0x10/0x10 [ 23.917539] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.917566] ? calculate_sigpending+0x7b/0xa0 [ 23.917591] ? __pfx_kthread+0x10/0x10 [ 23.917612] ret_from_fork+0x116/0x1d0 [ 23.917632] ? __pfx_kthread+0x10/0x10 [ 23.917653] ret_from_fork_asm+0x1a/0x30 [ 23.917683] </TASK> [ 23.917695] [ 23.931062] Allocated by task 228: [ 23.931230] kasan_save_stack+0x45/0x70 [ 23.931771] kasan_save_track+0x18/0x40 [ 23.932054] kasan_save_alloc_info+0x3b/0x50 [ 23.932451] __kasan_kmalloc+0xb7/0xc0 [ 23.932647] __kmalloc_cache_noprof+0x189/0x420 [ 23.932856] kmalloc_oob_memset_16+0xac/0x330 [ 23.933055] kunit_try_run_case+0x1a5/0x480 [ 23.933239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.933940] kthread+0x337/0x6f0 [ 23.934118] ret_from_fork+0x116/0x1d0 [ 23.934581] ret_from_fork_asm+0x1a/0x30 [ 23.934871] [ 23.934946] The buggy address belongs to the object at ffff888105745100 [ 23.934946] which belongs to the cache kmalloc-128 of size 128 [ 23.935674] The buggy address is located 105 bytes inside of [ 23.935674] allocated 120-byte region [ffff888105745100, ffff888105745178) [ 23.936568] [ 23.936695] The buggy address belongs to the physical page: [ 23.937080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105745 [ 23.937825] flags: 0x200000000000000(node=0|zone=2) [ 23.938058] page_type: f5(slab) [ 23.938194] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.938859] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.939263] page dumped because: kasan: bad access detected [ 23.939726] [ 23.939836] Memory state around the buggy address: [ 23.940224] ffff888105745000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.940802] ffff888105745080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.941200] >ffff888105745100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.941753] ^ [ 23.942171] ffff888105745180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.942716] ffff888105745200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.943100] ==================================================================