Date
July 15, 2025, 11:35 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 44.077211] ================================================================== [ 44.086249] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 44.093537] Write of size 128 at addr ffff00080244da00 by task kunit_try_catch/251 [ 44.101088] [ 44.102575] CPU: 0 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 44.102630] Tainted: [B]=BAD_PAGE, [N]=TEST [ 44.102645] Hardware name: WinLink E850-96 board (DT) [ 44.102668] Call trace: [ 44.102683] show_stack+0x20/0x38 (C) [ 44.102715] dump_stack_lvl+0x8c/0xd0 [ 44.102750] print_report+0x118/0x5d0 [ 44.102779] kasan_report+0xdc/0x128 [ 44.102804] kasan_check_range+0x100/0x1a8 [ 44.102832] __asan_memset+0x34/0x78 [ 44.102860] kmalloc_oob_in_memset+0x144/0x2d0 [ 44.102891] kunit_try_run_case+0x170/0x3f0 [ 44.102922] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 44.102955] kthread+0x328/0x630 [ 44.102981] ret_from_fork+0x10/0x20 [ 44.103012] [ 44.169750] Allocated by task 251: [ 44.173139] kasan_save_stack+0x3c/0x68 [ 44.176955] kasan_save_track+0x20/0x40 [ 44.180775] kasan_save_alloc_info+0x40/0x58 [ 44.185028] __kasan_kmalloc+0xd4/0xd8 [ 44.188761] __kmalloc_cache_noprof+0x16c/0x3c0 [ 44.193275] kmalloc_oob_in_memset+0xb0/0x2d0 [ 44.197616] kunit_try_run_case+0x170/0x3f0 [ 44.201781] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 44.207250] kthread+0x328/0x630 [ 44.210462] ret_from_fork+0x10/0x20 [ 44.214021] [ 44.215498] The buggy address belongs to the object at ffff00080244da00 [ 44.215498] which belongs to the cache kmalloc-128 of size 128 [ 44.227998] The buggy address is located 0 bytes inside of [ 44.227998] allocated 120-byte region [ffff00080244da00, ffff00080244da78) [ 44.240409] [ 44.241890] The buggy address belongs to the physical page: [ 44.247446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x88244c [ 44.255429] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 44.263068] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 44.270011] page_type: f5(slab) [ 44.273148] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 44.280867] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 44.288595] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 44.296405] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 44.304218] head: 0bfffe0000000001 fffffdffe0091301 00000000ffffffff 00000000ffffffff [ 44.312030] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 44.319835] page dumped because: kasan: bad access detected [ 44.325391] [ 44.326866] Memory state around the buggy address: [ 44.331648] ffff00080244d900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 44.338849] ffff00080244d980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.346054] >ffff00080244da00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 44.353255] ^ [ 44.360376] ffff00080244da80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.367581] ffff00080244db00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 44.374784] ==================================================================
[ 30.600403] ================================================================== [ 30.600484] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 30.600607] Write of size 128 at addr fff00000c64f4700 by task kunit_try_catch/202 [ 30.600793] [ 30.600933] CPU: 0 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 30.601295] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.601354] Hardware name: linux,dummy-virt (DT) [ 30.601385] Call trace: [ 30.601406] show_stack+0x20/0x38 (C) [ 30.601709] dump_stack_lvl+0x8c/0xd0 [ 30.602341] print_report+0x118/0x5d0 [ 30.602536] kasan_report+0xdc/0x128 [ 30.602586] kasan_check_range+0x100/0x1a8 [ 30.602644] __asan_memset+0x34/0x78 [ 30.602798] kmalloc_oob_in_memset+0x144/0x2d0 [ 30.602846] kunit_try_run_case+0x170/0x3f0 [ 30.602912] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.603234] kthread+0x328/0x630 [ 30.603301] ret_from_fork+0x10/0x20 [ 30.603350] [ 30.603368] Allocated by task 202: [ 30.603395] kasan_save_stack+0x3c/0x68 [ 30.603446] kasan_save_track+0x20/0x40 [ 30.603495] kasan_save_alloc_info+0x40/0x58 [ 30.603533] __kasan_kmalloc+0xd4/0xd8 [ 30.603766] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.604037] kmalloc_oob_in_memset+0xb0/0x2d0 [ 30.604077] kunit_try_run_case+0x170/0x3f0 [ 30.604113] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.604154] kthread+0x328/0x630 [ 30.604499] ret_from_fork+0x10/0x20 [ 30.604564] [ 30.604859] The buggy address belongs to the object at fff00000c64f4700 [ 30.604859] which belongs to the cache kmalloc-128 of size 128 [ 30.605018] The buggy address is located 0 bytes inside of [ 30.605018] allocated 120-byte region [fff00000c64f4700, fff00000c64f4778) [ 30.605092] [ 30.605111] The buggy address belongs to the physical page: [ 30.605268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f4 [ 30.605644] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.605902] page_type: f5(slab) [ 30.606001] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.606049] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.606087] page dumped because: kasan: bad access detected [ 30.606142] [ 30.606160] Memory state around the buggy address: [ 30.606220] fff00000c64f4600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.606336] fff00000c64f4680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.606502] >fff00000c64f4700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.606719] ^ [ 30.606824] fff00000c64f4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.606865] fff00000c64f4800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.606901] ==================================================================
[ 24.090268] ================================================================== [ 24.091240] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 24.091489] Write of size 128 at addr ffff8881041b9700 by task kunit_try_catch/218 [ 24.092082] [ 24.092369] CPU: 0 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.092424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.092459] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.092482] Call Trace: [ 24.092507] <TASK> [ 24.092543] dump_stack_lvl+0x73/0xb0 [ 24.092579] print_report+0xd1/0x610 [ 24.092616] ? __virt_addr_valid+0x1db/0x2d0 [ 24.092647] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.092673] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.092737] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.092764] kasan_report+0x141/0x180 [ 24.092804] ? kmalloc_oob_in_memset+0x15f/0x320 [ 24.092839] kasan_check_range+0x10c/0x1c0 [ 24.092867] __asan_memset+0x27/0x50 [ 24.092896] kmalloc_oob_in_memset+0x15f/0x320 [ 24.092923] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 24.092954] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 24.092987] kunit_try_run_case+0x1a5/0x480 [ 24.093015] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.093041] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.093068] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.093095] ? __kthread_parkme+0x82/0x180 [ 24.093120] ? preempt_count_sub+0x50/0x80 [ 24.093150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.093177] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.093208] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.093239] kthread+0x337/0x6f0 [ 24.093263] ? trace_preempt_on+0x20/0xc0 [ 24.093292] ? __pfx_kthread+0x10/0x10 [ 24.093318] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.093347] ? calculate_sigpending+0x7b/0xa0 [ 24.093375] ? __pfx_kthread+0x10/0x10 [ 24.093402] ret_from_fork+0x116/0x1d0 [ 24.093425] ? __pfx_kthread+0x10/0x10 [ 24.093450] ret_from_fork_asm+0x1a/0x30 [ 24.093490] </TASK> [ 24.093502] [ 24.106412] Allocated by task 218: [ 24.106554] kasan_save_stack+0x45/0x70 [ 24.107082] kasan_save_track+0x18/0x40 [ 24.107483] kasan_save_alloc_info+0x3b/0x50 [ 24.108148] __kasan_kmalloc+0xb7/0xc0 [ 24.108539] __kmalloc_cache_noprof+0x189/0x420 [ 24.109089] kmalloc_oob_in_memset+0xac/0x320 [ 24.109427] kunit_try_run_case+0x1a5/0x480 [ 24.109597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.110237] kthread+0x337/0x6f0 [ 24.110592] ret_from_fork+0x116/0x1d0 [ 24.111048] ret_from_fork_asm+0x1a/0x30 [ 24.111367] [ 24.111556] The buggy address belongs to the object at ffff8881041b9700 [ 24.111556] which belongs to the cache kmalloc-128 of size 128 [ 24.112260] The buggy address is located 0 bytes inside of [ 24.112260] allocated 120-byte region [ffff8881041b9700, ffff8881041b9778) [ 24.112873] [ 24.113196] The buggy address belongs to the physical page: [ 24.113747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1041b9 [ 24.114464] flags: 0x200000000000000(node=0|zone=2) [ 24.114951] page_type: f5(slab) [ 24.115333] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.115720] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.116409] page dumped because: kasan: bad access detected [ 24.116954] [ 24.117026] Memory state around the buggy address: [ 24.117182] ffff8881041b9600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.117398] ffff8881041b9680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.117629] >ffff8881041b9700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.118031] ^ [ 24.118565] ffff8881041b9780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.118872] ffff8881041b9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.119239] ==================================================================