Date
July 15, 2025, 11:35 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 45.303861] ================================================================== [ 45.313664] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 45.320951] Write of size 16 at addr ffff000801af8169 by task kunit_try_catch/259 [ 45.328415] [ 45.329901] CPU: 3 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 45.329958] Tainted: [B]=BAD_PAGE, [N]=TEST [ 45.329976] Hardware name: WinLink E850-96 board (DT) [ 45.329997] Call trace: [ 45.330009] show_stack+0x20/0x38 (C) [ 45.330043] dump_stack_lvl+0x8c/0xd0 [ 45.330078] print_report+0x118/0x5d0 [ 45.330107] kasan_report+0xdc/0x128 [ 45.330134] kasan_check_range+0x100/0x1a8 [ 45.330164] __asan_memset+0x34/0x78 [ 45.330193] kmalloc_oob_memset_16+0x150/0x2f8 [ 45.330225] kunit_try_run_case+0x170/0x3f0 [ 45.330255] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 45.330289] kthread+0x328/0x630 [ 45.330317] ret_from_fork+0x10/0x20 [ 45.330354] [ 45.397078] Allocated by task 259: [ 45.400465] kasan_save_stack+0x3c/0x68 [ 45.404281] kasan_save_track+0x20/0x40 [ 45.408100] kasan_save_alloc_info+0x40/0x58 [ 45.412354] __kasan_kmalloc+0xd4/0xd8 [ 45.416086] __kmalloc_cache_noprof+0x16c/0x3c0 [ 45.420600] kmalloc_oob_memset_16+0xb0/0x2f8 [ 45.424940] kunit_try_run_case+0x170/0x3f0 [ 45.429107] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 45.434576] kthread+0x328/0x630 [ 45.437788] ret_from_fork+0x10/0x20 [ 45.441346] [ 45.442825] The buggy address belongs to the object at ffff000801af8100 [ 45.442825] which belongs to the cache kmalloc-128 of size 128 [ 45.455324] The buggy address is located 105 bytes inside of [ 45.455324] allocated 120-byte region [ffff000801af8100, ffff000801af8178) [ 45.467910] [ 45.469387] The buggy address belongs to the physical page: [ 45.474944] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881af8 [ 45.482928] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 45.490568] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 45.497510] page_type: f5(slab) [ 45.500648] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 45.508366] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 45.516094] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 45.523904] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 45.531717] head: 0bfffe0000000001 fffffdffe006be01 00000000ffffffff 00000000ffffffff [ 45.539528] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 45.547337] page dumped because: kasan: bad access detected [ 45.552889] [ 45.554365] Memory state around the buggy address: [ 45.559148] ffff000801af8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 45.566348] ffff000801af8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.573553] >ffff000801af8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 45.580754] ^ [ 45.587875] ffff000801af8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.595082] ffff000801af8200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 45.602283] ==================================================================
[ 30.647561] ================================================================== [ 30.647864] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 30.647943] Write of size 16 at addr fff00000c64f4b69 by task kunit_try_catch/210 [ 30.648036] [ 30.648089] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT [ 30.648191] Tainted: [B]=BAD_PAGE, [N]=TEST [ 30.648233] Hardware name: linux,dummy-virt (DT) [ 30.648265] Call trace: [ 30.648314] show_stack+0x20/0x38 (C) [ 30.648397] dump_stack_lvl+0x8c/0xd0 [ 30.648460] print_report+0x118/0x5d0 [ 30.648581] kasan_report+0xdc/0x128 [ 30.648721] kasan_check_range+0x100/0x1a8 [ 30.648784] __asan_memset+0x34/0x78 [ 30.648827] kmalloc_oob_memset_16+0x150/0x2f8 [ 30.649114] kunit_try_run_case+0x170/0x3f0 [ 30.649234] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.649318] kthread+0x328/0x630 [ 30.649382] ret_from_fork+0x10/0x20 [ 30.649459] [ 30.649521] Allocated by task 210: [ 30.649576] kasan_save_stack+0x3c/0x68 [ 30.649674] kasan_save_track+0x20/0x40 [ 30.650013] kasan_save_alloc_info+0x40/0x58 [ 30.650147] __kasan_kmalloc+0xd4/0xd8 [ 30.650250] __kmalloc_cache_noprof+0x16c/0x3c0 [ 30.650385] kmalloc_oob_memset_16+0xb0/0x2f8 [ 30.650472] kunit_try_run_case+0x170/0x3f0 [ 30.650565] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 30.650707] kthread+0x328/0x630 [ 30.650761] ret_from_fork+0x10/0x20 [ 30.650799] [ 30.650820] The buggy address belongs to the object at fff00000c64f4b00 [ 30.650820] which belongs to the cache kmalloc-128 of size 128 [ 30.650901] The buggy address is located 105 bytes inside of [ 30.650901] allocated 120-byte region [fff00000c64f4b00, fff00000c64f4b78) [ 30.650962] [ 30.650985] The buggy address belongs to the physical page: [ 30.651258] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1064f4 [ 30.651343] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 30.651417] page_type: f5(slab) [ 30.651520] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 30.651606] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 30.651713] page dumped because: kasan: bad access detected [ 30.651781] [ 30.651840] Memory state around the buggy address: [ 30.651951] fff00000c64f4a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.652019] fff00000c64f4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.652081] >fff00000c64f4b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.652119] ^ [ 30.652158] fff00000c64f4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.652201] fff00000c64f4c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.652238] ==================================================================
[ 24.205920] ================================================================== [ 24.207216] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 24.207595] Write of size 16 at addr ffff888105654d69 by task kunit_try_catch/226 [ 24.208482] [ 24.208823] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc6-next-20250715 #1 PREEMPT(voluntary) [ 24.208886] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.208900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.208920] Call Trace: [ 24.209026] <TASK> [ 24.209049] dump_stack_lvl+0x73/0xb0 [ 24.209081] print_report+0xd1/0x610 [ 24.209104] ? __virt_addr_valid+0x1db/0x2d0 [ 24.209126] ? kmalloc_oob_memset_16+0x166/0x330 [ 24.209148] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.209210] ? kmalloc_oob_memset_16+0x166/0x330 [ 24.209234] kasan_report+0x141/0x180 [ 24.209257] ? kmalloc_oob_memset_16+0x166/0x330 [ 24.209283] kasan_check_range+0x10c/0x1c0 [ 24.209306] __asan_memset+0x27/0x50 [ 24.209328] kmalloc_oob_memset_16+0x166/0x330 [ 24.209350] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 24.209373] ? __schedule+0x10cc/0x2b60 [ 24.209394] ? __pfx_read_tsc+0x10/0x10 [ 24.209414] ? ktime_get_ts64+0x86/0x230 [ 24.209439] kunit_try_run_case+0x1a5/0x480 [ 24.209462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.209482] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.209504] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.209537] ? __kthread_parkme+0x82/0x180 [ 24.209556] ? preempt_count_sub+0x50/0x80 [ 24.209579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.209604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.209631] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.209673] kthread+0x337/0x6f0 [ 24.209692] ? trace_preempt_on+0x20/0xc0 [ 24.209714] ? __pfx_kthread+0x10/0x10 [ 24.209735] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.209760] ? calculate_sigpending+0x7b/0xa0 [ 24.209785] ? __pfx_kthread+0x10/0x10 [ 24.209806] ret_from_fork+0x116/0x1d0 [ 24.209825] ? __pfx_kthread+0x10/0x10 [ 24.209845] ret_from_fork_asm+0x1a/0x30 [ 24.209876] </TASK> [ 24.209887] [ 24.218559] Allocated by task 226: [ 24.218731] kasan_save_stack+0x45/0x70 [ 24.218944] kasan_save_track+0x18/0x40 [ 24.219269] kasan_save_alloc_info+0x3b/0x50 [ 24.219425] __kasan_kmalloc+0xb7/0xc0 [ 24.219607] __kmalloc_cache_noprof+0x189/0x420 [ 24.220047] kmalloc_oob_memset_16+0xac/0x330 [ 24.220275] kunit_try_run_case+0x1a5/0x480 [ 24.220452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.220859] kthread+0x337/0x6f0 [ 24.221008] ret_from_fork+0x116/0x1d0 [ 24.221137] ret_from_fork_asm+0x1a/0x30 [ 24.221272] [ 24.221349] The buggy address belongs to the object at ffff888105654d00 [ 24.221349] which belongs to the cache kmalloc-128 of size 128 [ 24.221897] The buggy address is located 105 bytes inside of [ 24.221897] allocated 120-byte region [ffff888105654d00, ffff888105654d78) [ 24.222404] [ 24.222500] The buggy address belongs to the physical page: [ 24.222941] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105654 [ 24.223279] flags: 0x200000000000000(node=0|zone=2) [ 24.223462] page_type: f5(slab) [ 24.223717] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.224032] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.224341] page dumped because: kasan: bad access detected [ 24.224594] [ 24.224823] Memory state around the buggy address: [ 24.225058] ffff888105654c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.225379] ffff888105654c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.225708] >ffff888105654d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.225966] ^ [ 24.226307] ffff888105654d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.226732] ffff888105654e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.226955] ==================================================================