Date
July 11, 2025, 10:11 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 45.096505] ================================================================== [ 45.105973] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 45.113176] Write of size 8 at addr ffff0008019acb71 by task kunit_try_catch/260 [ 45.120550] [ 45.122036] CPU: 3 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 45.122091] Tainted: [B]=BAD_PAGE, [N]=TEST [ 45.122107] Hardware name: WinLink E850-96 board (DT) [ 45.122130] Call trace: [ 45.122144] show_stack+0x20/0x38 (C) [ 45.122176] dump_stack_lvl+0x8c/0xd0 [ 45.122209] print_report+0x118/0x5d0 [ 45.122238] kasan_report+0xdc/0x128 [ 45.122264] kasan_check_range+0x100/0x1a8 [ 45.122293] __asan_memset+0x34/0x78 [ 45.122322] kmalloc_oob_memset_8+0x150/0x2f8 [ 45.122354] kunit_try_run_case+0x170/0x3f0 [ 45.122391] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 45.122423] kthread+0x328/0x630 [ 45.122453] ret_from_fork+0x10/0x20 [ 45.122489] [ 45.189126] Allocated by task 260: [ 45.192513] kasan_save_stack+0x3c/0x68 [ 45.196330] kasan_save_track+0x20/0x40 [ 45.200150] kasan_save_alloc_info+0x40/0x58 [ 45.204402] __kasan_kmalloc+0xd4/0xd8 [ 45.208134] __kmalloc_cache_noprof+0x16c/0x3c0 [ 45.212648] kmalloc_oob_memset_8+0xb0/0x2f8 [ 45.216901] kunit_try_run_case+0x170/0x3f0 [ 45.221068] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 45.226537] kthread+0x328/0x630 [ 45.229749] ret_from_fork+0x10/0x20 [ 45.233308] [ 45.234785] The buggy address belongs to the object at ffff0008019acb00 [ 45.234785] which belongs to the cache kmalloc-128 of size 128 [ 45.247287] The buggy address is located 113 bytes inside of [ 45.247287] allocated 120-byte region [ffff0008019acb00, ffff0008019acb78) [ 45.259870] [ 45.261350] The buggy address belongs to the physical page: [ 45.266906] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8819ac [ 45.274889] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 45.282530] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 45.289471] page_type: f5(slab) [ 45.292609] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 45.300327] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 45.308054] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 45.315865] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 45.323678] head: 0bfffe0000000001 fffffdffe0066b01 00000000ffffffff 00000000ffffffff [ 45.331490] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 45.339296] page dumped because: kasan: bad access detected [ 45.344851] [ 45.346326] Memory state around the buggy address: [ 45.351108] ffff0008019aca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.358310] ffff0008019aca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.365516] >ffff0008019acb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 45.372715] ^ [ 45.379837] ffff0008019acb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.387043] ffff0008019acc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.394244] ==================================================================
[ 30.419916] ================================================================== [ 30.420165] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 30.420332] Write of size 8 at addr fff00000c91b3a71 by task kunit_try_catch/207 [ 30.420382] [ 30.420418] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT [ 30.420502] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.420527] Hardware name: linux,dummy-virt (DT) [ 30.420557] Call trace: [ 30.420579] show_stack+0x20/0x38 (C) [ 30.420626] dump_stack_lvl+0x8c/0xd0 [ 30.420670] print_report+0x118/0x5d0 [ 30.421138] kasan_report+0xdc/0x128 [ 30.421541] kasan_check_range+0x100/0x1a8 [ 30.421695] __asan_memset+0x34/0x78 [ 30.421738] kmalloc_oob_memset_8+0x150/0x2f8 [ 30.421784] kunit_try_run_case+0x170/0x3f0 [ 30.421832] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.421880] kthread+0x328/0x630 [ 30.421922] ret_from_fork+0x10/0x20 [ 30.421969] [ 30.421986] Allocated by task 207: [ 30.422536] kasan_save_stack+0x3c/0x68 [ 30.422589] kasan_save_track+0x20/0x40 [ 30.422954] kasan_save_alloc_info+0x40/0x58 [ 30.422992] __kasan_kmalloc+0xd4/0xd8 [ 30.423033] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.423077] kmalloc_oob_memset_8+0xb0/0x2f8 [ 30.423115] kunit_try_run_case+0x170/0x3f0 [ 30.423154] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.423205] kthread+0x328/0x630 [ 30.423238] ret_from_fork+0x10/0x20 [ 30.423272] [ 30.423610] The buggy address belongs to the object at fff00000c91b3a00 [ 30.423610] which belongs to the cache kmalloc-128 of size 128 [ 30.423669] The buggy address is located 113 bytes inside of [ 30.423669] allocated 120-byte region [fff00000c91b3a00, fff00000c91b3a78) [ 30.423731] [ 30.423754] The buggy address belongs to the physical page: [ 30.424116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1091b3 [ 30.424205] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.424257] page_type: f5(slab) [ 30.424299] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.424632] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.424829] page dumped because: kasan: bad access detected [ 30.424863] [ 30.424911] Memory state around the buggy address: [ 30.424945] fff00000c91b3900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.425031] fff00000c91b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.425193] >fff00000c91b3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.425229] ^ [ 30.425267] fff00000c91b3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.425345] fff00000c91b3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.425407] ==================================================================
[ 23.888017] ================================================================== [ 23.888643] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 23.888983] Write of size 8 at addr ffff888104cac371 by task kunit_try_catch/226 [ 23.889265] [ 23.889489] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5-next-20250711 #1 PREEMPT(voluntary) [ 23.889543] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.889554] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.889577] Call Trace: [ 23.889590] <TASK> [ 23.889607] dump_stack_lvl+0x73/0xb0 [ 23.889640] print_report+0xd1/0x610 [ 23.889662] ? __virt_addr_valid+0x1db/0x2d0 [ 23.889688] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.889709] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.889749] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.889770] kasan_report+0x141/0x180 [ 23.889792] ? kmalloc_oob_memset_8+0x166/0x330 [ 23.889817] kasan_check_range+0x10c/0x1c0 [ 23.889839] __asan_memset+0x27/0x50 [ 23.889862] kmalloc_oob_memset_8+0x166/0x330 [ 23.889884] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 23.889906] ? __schedule+0x10cc/0x2b60 [ 23.889930] ? __pfx_read_tsc+0x10/0x10 [ 23.889952] ? ktime_get_ts64+0x86/0x230 [ 23.889978] kunit_try_run_case+0x1a5/0x480 [ 23.890001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.890021] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.890044] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.890067] ? __kthread_parkme+0x82/0x180 [ 23.890088] ? preempt_count_sub+0x50/0x80 [ 23.890112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.890133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.890158] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.890182] kthread+0x337/0x6f0 [ 23.890202] ? trace_preempt_on+0x20/0xc0 [ 23.890226] ? __pfx_kthread+0x10/0x10 [ 23.890246] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.890310] ? calculate_sigpending+0x7b/0xa0 [ 23.890340] ? __pfx_kthread+0x10/0x10 [ 23.890361] ret_from_fork+0x116/0x1d0 [ 23.890381] ? __pfx_kthread+0x10/0x10 [ 23.890402] ret_from_fork_asm+0x1a/0x30 [ 23.890445] </TASK> [ 23.890456] [ 23.899965] Allocated by task 226: [ 23.900161] kasan_save_stack+0x45/0x70 [ 23.900703] kasan_save_track+0x18/0x40 [ 23.900920] kasan_save_alloc_info+0x3b/0x50 [ 23.901117] __kasan_kmalloc+0xb7/0xc0 [ 23.901566] __kmalloc_cache_noprof+0x189/0x420 [ 23.901935] kmalloc_oob_memset_8+0xac/0x330 [ 23.902337] kunit_try_run_case+0x1a5/0x480 [ 23.902883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.903203] kthread+0x337/0x6f0 [ 23.903553] ret_from_fork+0x116/0x1d0 [ 23.903761] ret_from_fork_asm+0x1a/0x30 [ 23.903938] [ 23.904023] The buggy address belongs to the object at ffff888104cac300 [ 23.904023] which belongs to the cache kmalloc-128 of size 128 [ 23.905252] The buggy address is located 113 bytes inside of [ 23.905252] allocated 120-byte region [ffff888104cac300, ffff888104cac378) [ 23.905923] [ 23.906006] The buggy address belongs to the physical page: [ 23.906173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104cac [ 23.906410] flags: 0x200000000000000(node=0|zone=2) [ 23.906566] page_type: f5(slab) [ 23.906679] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 23.906911] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 23.907122] page dumped because: kasan: bad access detected [ 23.907282] [ 23.907345] Memory state around the buggy address: [ 23.907489] ffff888104cac200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 23.908112] ffff888104cac280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.908743] >ffff888104cac300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 23.908953] ^ [ 23.909181] ffff888104cac380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.909982] ffff888104cac400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.910793] ==================================================================