Date
July 14, 2025, 10:38 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 43.749495] ================================================================== [ 43.759327] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 43.766527] Write of size 8 at addr ffff0008019adc71 by task kunit_try_catch/260 [ 43.773903] [ 43.775389] CPU: 3 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 43.775444] Tainted: [B]=BAD_PAGE, [N]=TEST [ 43.775461] Hardware name: WinLink E850-96 board (DT) [ 43.775482] Call trace: [ 43.775495] show_stack+0x20/0x38 (C) [ 43.775531] dump_stack_lvl+0x8c/0xd0 [ 43.775564] print_report+0x118/0x5d0 [ 43.775591] kasan_report+0xdc/0x128 [ 43.775620] kasan_check_range+0x100/0x1a8 [ 43.775650] __asan_memset+0x34/0x78 [ 43.775680] kmalloc_oob_memset_8+0x150/0x2f8 [ 43.775712] kunit_try_run_case+0x170/0x3f0 [ 43.775752] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.775783] kthread+0x328/0x630 [ 43.775813] ret_from_fork+0x10/0x20 [ 43.775847] [ 43.842479] Allocated by task 260: [ 43.845865] kasan_save_stack+0x3c/0x68 [ 43.849682] kasan_save_track+0x20/0x40 [ 43.853502] kasan_save_alloc_info+0x40/0x58 [ 43.857755] __kasan_kmalloc+0xd4/0xd8 [ 43.861488] __kmalloc_cache_noprof+0x16c/0x3c0 [ 43.866002] kmalloc_oob_memset_8+0xb0/0x2f8 [ 43.870255] kunit_try_run_case+0x170/0x3f0 [ 43.874421] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 43.879890] kthread+0x328/0x630 [ 43.883102] ret_from_fork+0x10/0x20 [ 43.886661] [ 43.888138] The buggy address belongs to the object at ffff0008019adc00 [ 43.888138] which belongs to the cache kmalloc-128 of size 128 [ 43.900640] The buggy address is located 113 bytes inside of [ 43.900640] allocated 120-byte region [ffff0008019adc00, ffff0008019adc78) [ 43.913223] [ 43.914701] The buggy address belongs to the physical page: [ 43.920259] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8819ac [ 43.928242] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 43.935882] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 43.942825] page_type: f5(slab) [ 43.945962] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 43.953681] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 43.961407] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 43.969218] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 43.977031] head: 0bfffe0000000001 fffffdffe0066b01 00000000ffffffff 00000000ffffffff [ 43.984843] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 43.992651] page dumped because: kasan: bad access detected [ 43.998205] [ 43.999680] Memory state around the buggy address: [ 44.004460] ffff0008019adb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.011663] ffff0008019adb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.018871] >ffff0008019adc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 44.026069] ^ [ 44.033190] ffff0008019adc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.040395] ffff0008019add00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.047598] ==================================================================
[ 29.673186] ================================================================== [ 29.673583] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 29.673903] Write of size 8 at addr fff00000c636ac71 by task kunit_try_catch/207 [ 29.673953] [ 29.673991] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250714 #1 PREEMPT [ 29.674088] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.674273] Hardware name: linux,dummy-virt (DT) [ 29.674383] Call trace: [ 29.674520] show_stack+0x20/0x38 (C) [ 29.674586] dump_stack_lvl+0x8c/0xd0 [ 29.674653] print_report+0x118/0x5d0 [ 29.674744] kasan_report+0xdc/0x128 [ 29.674974] kasan_check_range+0x100/0x1a8 [ 29.675020] __asan_memset+0x34/0x78 [ 29.675072] kmalloc_oob_memset_8+0x150/0x2f8 [ 29.675128] kunit_try_run_case+0x170/0x3f0 [ 29.675180] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.675797] kthread+0x328/0x630 [ 29.675931] ret_from_fork+0x10/0x20 [ 29.675981] [ 29.676000] Allocated by task 207: [ 29.676028] kasan_save_stack+0x3c/0x68 [ 29.676390] kasan_save_track+0x20/0x40 [ 29.676432] kasan_save_alloc_info+0x40/0x58 [ 29.676470] __kasan_kmalloc+0xd4/0xd8 [ 29.676508] __kmalloc_cache_noprof+0x16c/0x3c0 [ 29.676550] kmalloc_oob_memset_8+0xb0/0x2f8 [ 29.676588] kunit_try_run_case+0x170/0x3f0 [ 29.676633] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 29.676673] kthread+0x328/0x630 [ 29.676704] ret_from_fork+0x10/0x20 [ 29.676945] [ 29.676994] The buggy address belongs to the object at fff00000c636ac00 [ 29.676994] which belongs to the cache kmalloc-128 of size 128 [ 29.677261] The buggy address is located 113 bytes inside of [ 29.677261] allocated 120-byte region [fff00000c636ac00, fff00000c636ac78) [ 29.677711] [ 29.677805] The buggy address belongs to the physical page: [ 29.677837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10636a [ 29.677895] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 29.677945] page_type: f5(slab) [ 29.677986] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 29.678449] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.678501] page dumped because: kasan: bad access detected [ 29.678531] [ 29.678550] Memory state around the buggy address: [ 29.678583] fff00000c636ab00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.678624] fff00000c636ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.679200] >fff00000c636ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.679467] ^ [ 29.679593] fff00000c636ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.679637] fff00000c636ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.679673] ==================================================================
[ 24.403837] ================================================================== [ 24.404610] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 24.405505] Write of size 8 at addr ffff888103e99271 by task kunit_try_catch/225 [ 24.406520] [ 24.406974] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc6-next-20250714 #1 PREEMPT(voluntary) [ 24.407290] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 24.407310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.407336] Call Trace: [ 24.407351] <TASK> [ 24.407377] dump_stack_lvl+0x73/0xb0 [ 24.407425] print_report+0xd1/0x610 [ 24.407449] ? __virt_addr_valid+0x1db/0x2d0 [ 24.407476] ? kmalloc_oob_memset_8+0x166/0x330 [ 24.407499] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.407524] ? kmalloc_oob_memset_8+0x166/0x330 [ 24.407546] kasan_report+0x141/0x180 [ 24.407567] ? kmalloc_oob_memset_8+0x166/0x330 [ 24.407592] kasan_check_range+0x10c/0x1c0 [ 24.407615] __asan_memset+0x27/0x50 [ 24.407638] kmalloc_oob_memset_8+0x166/0x330 [ 24.407673] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 24.407695] ? __schedule+0x10cc/0x2b60 [ 24.407720] ? __pfx_read_tsc+0x10/0x10 [ 24.407766] ? ktime_get_ts64+0x86/0x230 [ 24.407792] kunit_try_run_case+0x1a5/0x480 [ 24.407819] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.407842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.407870] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.407895] ? __kthread_parkme+0x82/0x180 [ 24.407918] ? preempt_count_sub+0x50/0x80 [ 24.407971] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.407993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.408019] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.408044] kthread+0x337/0x6f0 [ 24.408064] ? trace_preempt_on+0x20/0xc0 [ 24.408090] ? __pfx_kthread+0x10/0x10 [ 24.408111] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.408132] ? calculate_sigpending+0x7b/0xa0 [ 24.408156] ? __pfx_kthread+0x10/0x10 [ 24.408177] ret_from_fork+0x116/0x1d0 [ 24.408196] ? __pfx_kthread+0x10/0x10 [ 24.408216] ret_from_fork_asm+0x1a/0x30 [ 24.408247] </TASK> [ 24.408259] [ 24.419924] Allocated by task 225: [ 24.420146] kasan_save_stack+0x45/0x70 [ 24.420456] kasan_save_track+0x18/0x40 [ 24.420797] kasan_save_alloc_info+0x3b/0x50 [ 24.421042] __kasan_kmalloc+0xb7/0xc0 [ 24.421219] __kmalloc_cache_noprof+0x189/0x420 [ 24.421440] kmalloc_oob_memset_8+0xac/0x330 [ 24.421646] kunit_try_run_case+0x1a5/0x480 [ 24.422154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.422420] kthread+0x337/0x6f0 [ 24.422607] ret_from_fork+0x116/0x1d0 [ 24.423067] ret_from_fork_asm+0x1a/0x30 [ 24.423283] [ 24.423386] The buggy address belongs to the object at ffff888103e99200 [ 24.423386] which belongs to the cache kmalloc-128 of size 128 [ 24.424095] The buggy address is located 113 bytes inside of [ 24.424095] allocated 120-byte region [ffff888103e99200, ffff888103e99278) [ 24.424702] [ 24.424805] The buggy address belongs to the physical page: [ 24.425368] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103e99 [ 24.425935] flags: 0x200000000000000(node=0|zone=2) [ 24.426179] page_type: f5(slab) [ 24.426352] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.426609] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.426994] page dumped because: kasan: bad access detected [ 24.427321] [ 24.427384] Memory state around the buggy address: [ 24.427592] ffff888103e99100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.427984] ffff888103e99180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.428242] >ffff888103e99200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.428630] ^ [ 24.428866] ffff888103e99280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.429163] ffff888103e99300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.429484] ==================================================================