Date
July 14, 2025, 10:38 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 43.442916] ================================================================== [ 43.452558] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 43.459760] Write of size 4 at addr ffff0008074f8f75 by task kunit_try_catch/258 [ 43.467136] [ 43.468623] CPU: 2 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 43.468678] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.468694] Hardware name: WinLink E850-96 board (DT) [ 43.468715] Call trace: [ 43.468730] show_stack+0x20/0x38 (C) [ 43.468767] dump_stack_lvl+0x8c/0xd0 [ 43.468800] print_report+0x118/0x5d0 [ 43.468828] kasan_report+0xdc/0x128 [ 43.468853] kasan_check_range+0x100/0x1a8 [ 43.468882] __asan_memset+0x34/0x78 [ 43.468910] kmalloc_oob_memset_4+0x150/0x300 [ 43.468941] kunit_try_run_case+0x170/0x3f0 [ 43.468981] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.469013] kthread+0x328/0x630 [ 43.469041] ret_from_fork+0x10/0x20 [ 43.469074] [ 43.535713] Allocated by task 258: [ 43.539099] kasan_save_stack+0x3c/0x68 [ 43.542918] kasan_save_track+0x20/0x40 [ 43.546735] kasan_save_alloc_info+0x40/0x58 [ 43.550989] __kasan_kmalloc+0xd4/0xd8 [ 43.554722] __kmalloc_cache_noprof+0x16c/0x3c0 [ 43.559235] kmalloc_oob_memset_4+0xb0/0x300 [ 43.563490] kunit_try_run_case+0x170/0x3f0 [ 43.567656] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.573124] kthread+0x328/0x630 [ 43.576336] ret_from_fork+0x10/0x20 [ 43.579895] [ 43.581372] The buggy address belongs to the object at ffff0008074f8f00 [ 43.581372] which belongs to the cache kmalloc-128 of size 128 [ 43.593874] The buggy address is located 117 bytes inside of [ 43.593874] allocated 120-byte region [ffff0008074f8f00, ffff0008074f8f78) [ 43.606457] [ 43.607935] The buggy address belongs to the physical page: [ 43.613493] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8874f8 [ 43.621476] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 43.629116] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 43.636059] page_type: f5(slab) [ 43.639196] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 43.646915] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 43.654641] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 43.662453] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 43.670265] head: 0bfffe0000000001 fffffdffe01d3e01 00000000ffffffff 00000000ffffffff [ 43.678077] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 43.685884] page dumped because: kasan: bad access detected [ 43.691438] [ 43.692913] Memory state around the buggy address: [ 43.697695] ffff0008074f8e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 43.704896] ffff0008074f8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.712102] >ffff0008074f8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 43.719302] ^ [ 43.726424] ffff0008074f8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.733630] ffff0008074f9000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 43.740831] ==================================================================
[ 29.650814] ================================================================== [ 29.652346] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 29.652686] Write of size 4 at addr fff00000c636ab75 by task kunit_try_catch/205 [ 29.652740] [ 29.652780] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 29.653829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.654080] Hardware name: linux,dummy-virt (DT) [ 29.654295] Call trace: [ 29.654703] show_stack+0x20/0x38 (C) [ 29.655204] dump_stack_lvl+0x8c/0xd0 [ 29.655255] print_report+0x118/0x5d0 [ 29.655298] kasan_report+0xdc/0x128 [ 29.655340] kasan_check_range+0x100/0x1a8 [ 29.655384] __asan_memset+0x34/0x78 [ 29.655426] kmalloc_oob_memset_4+0x150/0x300 [ 29.655473] kunit_try_run_case+0x170/0x3f0 [ 29.655522] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.656311] kthread+0x328/0x630 [ 29.657308] ret_from_fork+0x10/0x20 [ 29.657371] [ 29.657390] Allocated by task 205: [ 29.657419] kasan_save_stack+0x3c/0x68 [ 29.657601] kasan_save_track+0x20/0x40 [ 29.657641] kasan_save_alloc_info+0x40/0x58 [ 29.657730] __kasan_kmalloc+0xd4/0xd8 [ 29.657894] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.657933] kmalloc_oob_memset_4+0xb0/0x300 [ 29.658112] kunit_try_run_case+0x170/0x3f0 [ 29.658269] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.658555] kthread+0x328/0x630 [ 29.658653] ret_from_fork+0x10/0x20 [ 29.658981] [ 29.659004] The buggy address belongs to the object at fff00000c636ab00 [ 29.659004] which belongs to the cache kmalloc-128 of size 128 [ 29.659087] The buggy address is located 117 bytes inside of [ 29.659087] allocated 120-byte region [fff00000c636ab00, fff00000c636ab78) [ 29.659148] [ 29.659170] The buggy address belongs to the physical page: [ 29.659203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10636a [ 29.659258] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.659309] page_type: f5(slab) [ 29.659856] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.660165] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.660314] page dumped because: kasan: bad access detected [ 29.660371] [ 29.660389] Memory state around the buggy address: [ 29.660422] fff00000c636aa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.660462] fff00000c636aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.660614] >fff00000c636ab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.660656] ^ [ 29.660740] fff00000c636ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.660782] fff00000c636ac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.660866] ==================================================================
[ 24.369147] ================================================================== [ 24.369536] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 24.369790] Write of size 4 at addr ffff888105919075 by task kunit_try_catch/223 [ 24.370007] [ 24.370098] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.370150] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.370162] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.370185] Call Trace: [ 24.370196] <TASK> [ 24.370214] dump_stack_lvl+0x73/0xb0 [ 24.370245] print_report+0xd1/0x610 [ 24.370267] ? __virt_addr_valid+0x1db/0x2d0 [ 24.370290] ? kmalloc_oob_memset_4+0x166/0x330 [ 24.370309] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.370333] ? kmalloc_oob_memset_4+0x166/0x330 [ 24.370353] kasan_report+0x141/0x180 [ 24.370373] ? kmalloc_oob_memset_4+0x166/0x330 [ 24.370398] kasan_check_range+0x10c/0x1c0 [ 24.370419] __asan_memset+0x27/0x50 [ 24.370441] kmalloc_oob_memset_4+0x166/0x330 [ 24.370462] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 24.370482] ? __schedule+0x10cc/0x2b60 [ 24.370505] ? __pfx_read_tsc+0x10/0x10 [ 24.370525] ? ktime_get_ts64+0x86/0x230 [ 24.370548] kunit_try_run_case+0x1a5/0x480 [ 24.370570] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.370589] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.370611] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.370633] ? __kthread_parkme+0x82/0x180 [ 24.370653] ? preempt_count_sub+0x50/0x80 [ 24.370746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.370767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.370792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.370816] kthread+0x337/0x6f0 [ 24.370835] ? trace_preempt_on+0x20/0xc0 [ 24.370858] ? __pfx_kthread+0x10/0x10 [ 24.370877] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.370898] ? calculate_sigpending+0x7b/0xa0 [ 24.371012] ? __pfx_kthread+0x10/0x10 [ 24.371053] ret_from_fork+0x116/0x1d0 [ 24.371072] ? __pfx_kthread+0x10/0x10 [ 24.371091] ret_from_fork_asm+0x1a/0x30 [ 24.371146] </TASK> [ 24.371157] [ 24.383989] Allocated by task 223: [ 24.384393] kasan_save_stack+0x45/0x70 [ 24.384831] kasan_save_track+0x18/0x40 [ 24.385233] kasan_save_alloc_info+0x3b/0x50 [ 24.385626] __kasan_kmalloc+0xb7/0xc0 [ 24.386049] __kmalloc_cache_noprof+0x189/0x420 [ 24.386463] kmalloc_oob_memset_4+0xac/0x330 [ 24.386987] kunit_try_run_case+0x1a5/0x480 [ 24.387362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.387890] kthread+0x337/0x6f0 [ 24.388234] ret_from_fork+0x116/0x1d0 [ 24.388626] ret_from_fork_asm+0x1a/0x30 [ 24.389094] [ 24.389257] The buggy address belongs to the object at ffff888105919000 [ 24.389257] which belongs to the cache kmalloc-128 of size 128 [ 24.390759] The buggy address is located 117 bytes inside of [ 24.390759] allocated 120-byte region [ffff888105919000, ffff888105919078) [ 24.392132] [ 24.392329] The buggy address belongs to the physical page: [ 24.392974] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105919 [ 24.393817] flags: 0x200000000000000(node=0|zone=2) [ 24.394309] page_type: f5(slab) [ 24.394646] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.395468] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.396115] page dumped because: kasan: bad access detected [ 24.396435] [ 24.396498] Memory state around the buggy address: [ 24.396648] ffff888105918f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.396908] ffff888105918f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.397517] >ffff888105919000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.398333] ^ [ 24.398845] ffff888105919080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.399359] ffff888105919100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.399837] ==================================================================