Date
July 11, 2025, 10:11 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 44.482651] ================================================================== [ 44.492439] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 44.499641] Write of size 2 at addr ffff0008019aca77 by task kunit_try_catch/256 [ 44.507017] [ 44.508505] CPU: 3 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 44.508560] Tainted: [B]=BAD_PAGE, [N]=TEST [ 44.508574] Hardware name: WinLink E850-96 board (DT) [ 44.508595] Call trace: [ 44.508607] show_stack+0x20/0x38 (C) [ 44.508642] dump_stack_lvl+0x8c/0xd0 [ 44.508676] print_report+0x118/0x5d0 [ 44.508704] kasan_report+0xdc/0x128 [ 44.508731] kasan_check_range+0x100/0x1a8 [ 44.508761] __asan_memset+0x34/0x78 [ 44.508790] kmalloc_oob_memset_2+0x150/0x2f8 [ 44.508821] kunit_try_run_case+0x170/0x3f0 [ 44.508857] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 44.508889] kthread+0x328/0x630 [ 44.508916] ret_from_fork+0x10/0x20 [ 44.508946] [ 44.575593] Allocated by task 256: [ 44.578981] kasan_save_stack+0x3c/0x68 [ 44.582797] kasan_save_track+0x20/0x40 [ 44.586617] kasan_save_alloc_info+0x40/0x58 [ 44.590869] __kasan_kmalloc+0xd4/0xd8 [ 44.594602] __kmalloc_cache_noprof+0x16c/0x3c0 [ 44.599116] kmalloc_oob_memset_2+0xb0/0x2f8 [ 44.603369] kunit_try_run_case+0x170/0x3f0 [ 44.607537] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 44.613005] kthread+0x328/0x630 [ 44.616216] ret_from_fork+0x10/0x20 [ 44.619775] [ 44.621252] The buggy address belongs to the object at ffff0008019aca00 [ 44.621252] which belongs to the cache kmalloc-128 of size 128 [ 44.633754] The buggy address is located 119 bytes inside of [ 44.633754] allocated 120-byte region [ffff0008019aca00, ffff0008019aca78) [ 44.646337] [ 44.647817] The buggy address belongs to the physical page: [ 44.653373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8819ac [ 44.661356] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 44.668995] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 44.675939] page_type: f5(slab) [ 44.679076] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 44.686795] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 44.694523] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 44.702333] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 44.710145] head: 0bfffe0000000001 fffffdffe0066b01 00000000ffffffff 00000000ffffffff [ 44.717957] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 44.725763] page dumped because: kasan: bad access detected [ 44.731319] [ 44.732794] Memory state around the buggy address: [ 44.737574] ffff0008019ac900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.744777] ffff0008019ac980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.751983] >ffff0008019aca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 44.759183] ^ [ 44.766304] ffff0008019aca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.773509] ffff0008019acb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.780712] ==================================================================
[ 30.386771] ================================================================== [ 30.386854] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 30.386924] Write of size 2 at addr fff00000c91b3877 by task kunit_try_catch/203 [ 30.386974] [ 30.387013] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 30.387345] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.387378] Hardware name: linux,dummy-virt (DT) [ 30.387409] Call trace: [ 30.387433] show_stack+0x20/0x38 (C) [ 30.387484] dump_stack_lvl+0x8c/0xd0 [ 30.388278] print_report+0x118/0x5d0 [ 30.388372] kasan_report+0xdc/0x128 [ 30.388414] kasan_check_range+0x100/0x1a8 [ 30.388457] __asan_memset+0x34/0x78 [ 30.388809] kmalloc_oob_memset_2+0x150/0x2f8 [ 30.389034] kunit_try_run_case+0x170/0x3f0 [ 30.389274] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.389701] kthread+0x328/0x630 [ 30.389764] ret_from_fork+0x10/0x20 [ 30.389813] [ 30.389955] Allocated by task 203: [ 30.389984] kasan_save_stack+0x3c/0x68 [ 30.390183] kasan_save_track+0x20/0x40 [ 30.390392] kasan_save_alloc_info+0x40/0x58 [ 30.390491] __kasan_kmalloc+0xd4/0xd8 [ 30.390536] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.390600] kmalloc_oob_memset_2+0xb0/0x2f8 [ 30.391042] kunit_try_run_case+0x170/0x3f0 [ 30.391095] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.391176] kthread+0x328/0x630 [ 30.391334] ret_from_fork+0x10/0x20 [ 30.391371] [ 30.391392] The buggy address belongs to the object at fff00000c91b3800 [ 30.391392] which belongs to the cache kmalloc-128 of size 128 [ 30.391503] The buggy address is located 119 bytes inside of [ 30.391503] allocated 120-byte region [fff00000c91b3800, fff00000c91b3878) [ 30.391758] [ 30.391806] The buggy address belongs to the physical page: [ 30.392055] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091b3 [ 30.392144] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.392293] page_type: f5(slab) [ 30.392498] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.392555] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.392595] page dumped because: kasan: bad access detected [ 30.392638] [ 30.392656] Memory state around the buggy address: [ 30.392688] fff00000c91b3700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.392812] fff00000c91b3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.393039] >fff00000c91b3800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.393223] ^ [ 30.393510] fff00000c91b3880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.393559] fff00000c91b3900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.393595] ==================================================================
[ 23.831200] ================================================================== [ 23.831910] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 23.832413] Write of size 2 at addr ffff888104cac177 by task kunit_try_catch/222 [ 23.832656] [ 23.832781] CPU: 0 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.832835] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.832847] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.832869] Call Trace: [ 23.832883] <TASK> [ 23.832901] dump_stack_lvl+0x73/0xb0 [ 23.832935] print_report+0xd1/0x610 [ 23.832958] ? __virt_addr_valid+0x1db/0x2d0 [ 23.832982] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.833003] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.833029] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.833050] kasan_report+0x141/0x180 [ 23.833072] ? kmalloc_oob_memset_2+0x166/0x330 [ 23.833097] kasan_check_range+0x10c/0x1c0 [ 23.833120] __asan_memset+0x27/0x50 [ 23.833142] kmalloc_oob_memset_2+0x166/0x330 [ 23.833164] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 23.833187] ? __schedule+0x10cc/0x2b60 [ 23.833211] ? __pfx_read_tsc+0x10/0x10 [ 23.833234] ? ktime_get_ts64+0x86/0x230 [ 23.833259] kunit_try_run_case+0x1a5/0x480 [ 23.833568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.833589] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.833613] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.833636] ? __kthread_parkme+0x82/0x180 [ 23.833659] ? preempt_count_sub+0x50/0x80 [ 23.833683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.833704] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.833729] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.833766] kthread+0x337/0x6f0 [ 23.833786] ? trace_preempt_on+0x20/0xc0 [ 23.833810] ? __pfx_kthread+0x10/0x10 [ 23.833830] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.833852] ? calculate_sigpending+0x7b/0xa0 [ 23.833877] ? __pfx_kthread+0x10/0x10 [ 23.833898] ret_from_fork+0x116/0x1d0 [ 23.833917] ? __pfx_kthread+0x10/0x10 [ 23.833938] ret_from_fork_asm+0x1a/0x30 [ 23.833968] </TASK> [ 23.833980] [ 23.843188] Allocated by task 222: [ 23.843432] kasan_save_stack+0x45/0x70 [ 23.843590] kasan_save_track+0x18/0x40 [ 23.844407] kasan_save_alloc_info+0x3b/0x50 [ 23.844634] __kasan_kmalloc+0xb7/0xc0 [ 23.844813] __kmalloc_cache_noprof+0x189/0x420 [ 23.845016] kmalloc_oob_memset_2+0xac/0x330 [ 23.845195] kunit_try_run_case+0x1a5/0x480 [ 23.845999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.847866] kthread+0x337/0x6f0 [ 23.848283] ret_from_fork+0x116/0x1d0 [ 23.848435] ret_from_fork_asm+0x1a/0x30 [ 23.848572] [ 23.848642] The buggy address belongs to the object at ffff888104cac100 [ 23.848642] which belongs to the cache kmalloc-128 of size 128 [ 23.849011] The buggy address is located 119 bytes inside of [ 23.849011] allocated 120-byte region [ffff888104cac100, ffff888104cac178) [ 23.849364] [ 23.849433] The buggy address belongs to the physical page: [ 23.849602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cac [ 23.851543] flags: 0x200000000000000(node=0|zone=2) [ 23.852626] page_type: f5(slab) [ 23.853270] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.854322] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.855994] page dumped because: kasan: bad access detected [ 23.856748] [ 23.857701] Memory state around the buggy address: [ 23.858489] ffff888104cac000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.858855] ffff888104cac080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.859125] >ffff888104cac100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.859401] ^ [ 23.859697] ffff888104cac180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.860083] ffff888104cac200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.860712] ==================================================================