============================================================================= BUG kmalloc-64 (Tainted: G B ): Left Redzone overwritten ----------------------------------------------------------------------------- 0xffff8880112b1e00-0xffff8880112b1e3f @offset=3584. First byte 0x10 instead of 0xbb Slab 0xffffea000044ac40 objects=16 used=16 fp=0x0000000000000000 flags=0x100000000000200(slab|node=0|zone=1) Object 0xffff8880112b1e40 @offset=3648 fp=0xffff8880112b1f40 Redzone ffff8880112b1e00: 10 04 04 00 10 00 04 00 10 00 04 00 10 00 04 00 ................ Redzone ffff8880112b1e10: 10 00 04 00 10 00 04 00 10 00 04 00 10 00 04 00 ................ Redzone ffff8880112b1e20: 10 00 04 00 10 00 04 00 10 00 04 00 10 00 04 00 ................ Redzone ffff8880112b1e30: 10 00 04 00 f0 00 04 00 10 00 04 00 10 00 04 00 ................ Object ffff8880112b1e40: 80 00 04 00 04 00 dd 00 ff 00 60 00 ff 00 61 00 ..........`...a. Object ffff8880112b1e50: 85 00 e4 00 ff 0a 05 ff ff 05 c3 00 52 00 ff 00 ............R... Object ffff8880112b1e60: 61 04 85 00 ff 00 04 00 dd 00 e3 00 52 00 ff 00 a...........R... Object ffff8880112b1e70: 61 00 85 00 e4 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 a....kkkkkkkkkk. Redzone ffff8880112b1e80: bb bb bb bb bb bb bb bb ........ Padding ffff8880112b1ee0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Padding ffff8880112b1ef0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZZZZZ Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4)) check_bytes_and_report.cold (mm/slub.c:985) check_object (mm/slub.c:1090) ? cfg80211_parse_mbssid_data (net/wireless/scan.c:284 net/wireless/scan.c:2198) alloc_debug_processing (mm/slub.c:1325 mm/slub.c:1336) ___slab_alloc (mm/slub.c:3056) ? cfg80211_parse_mbssid_data (net/wireless/scan.c:284 net/wireless/scan.c:2198) ? cfg80211_find_elem_match (net/wireless/scan.c:1237 (discriminator 1)) ? cfg80211_parse_mbssid_data (net/wireless/scan.c:284 net/wireless/scan.c:2198) __slab_alloc.constprop.0 (mm/slub.c:3123) ? cfg80211_parse_mbssid_data (net/wireless/scan.c:284 net/wireless/scan.c:2198) __kmalloc_track_caller (mm/slub.c:3214 mm/slub.c:3256 mm/slub.c:4931) kmemdup (mm/util.c:129) cfg80211_parse_mbssid_data (net/wireless/scan.c:284 net/wireless/scan.c:2198) ? cfg80211_inform_single_bss_data (net/wireless/scan.c:2117) cfg80211_inform_bss_frame_data (net/wireless/core.h:119 net/wireless/scan.c:2522) ? rcu_read_lock_sched_held (kernel/rcu/update.c:104 kernel/rcu/update.c:123) ? lock_acquire (./include/trace/events/lock.h:24 kernel/locking/lockdep.c:5637) ? rcu_read_lock_sched_held (kernel/rcu/update.c:104 kernel/rcu/update.c:123) ? lock_release (./include/trace/events/lock.h:69 kernel/locking/lockdep.c:5677) ? ieee80211_bss_info_update (./include/linux/rcupdate.h:738 net/mac80211/scan.c:188) ? cfg80211_inform_single_bss_frame_data (net/wireless/scan.c:2500) ? kasan_quarantine_put (./arch/x86/include/asm/irqflags.h:45 (discriminator 1) ./arch/x86/include/asm/irqflags.h:80 (discriminator 1) ./arch/x86/include/asm/irqflags.h:138 (discriminator 1) mm/kasan/quarantine.c:242 (discriminator 1)) ? trace_hardirqs_on (kernel/trace/trace_preemptirq.c:50 (discriminator 22)) ieee80211_bss_info_update (net/mac80211/scan.c:190) ? ieee80211_rx_bss_put (net/mac80211/scan.c:148) ? reacquire_held_locks (kernel/locking/lockdep.c:5674) ieee80211_scan_rx (net/mac80211/scan.c:328) ieee80211_rx_list (net/mac80211/rx.c:4940 net/mac80211/rx.c:5131) ? find_held_lock (kernel/locking/lockdep.c:5739) ? ieee80211_rx_for_interface (net/mac80211/rx.c:5022) ? rcu_read_lock_sched_held (kernel/rcu/update.c:104 kernel/rcu/update.c:123) ? lock_acquire (./include/trace/events/lock.h:24 kernel/locking/lockdep.c:5637) ? lock_downgrade (kernel/locking/lockdep.c:5634) ? lock_release (./include/trace/events/lock.h:69 kernel/locking/lockdep.c:5677) ? skb_dequeue (net/core/skbuff.c:3299) ? reacquire_held_locks (kernel/locking/lockdep.c:5674) ieee80211_rx_napi (./include/linux/rcupdate.h:735 net/mac80211/rx.c:5155) ? ieee80211_rx_list (net/mac80211/rx.c:5143) ? _raw_spin_unlock_irqrestore (./arch/x86/include/asm/preempt.h:103 ./include/linux/spinlock_api_smp.h:152 kernel/locking/spinlock.c:194) ieee80211_tasklet_handler (./include/net/mac80211.h:4779 net/mac80211/main.c:315) tasklet_action_common.constprop.0 (./include/linux/instrumented.h:86 ./include/asm-generic/bitops/instrumented-atomic.h:41 kernel/softirq.c:893 kernel/softirq.c:801) __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:572) ? smpboot_thread_fn (kernel/smpboot.c:112) ? __entry_text_end (kernel/softirq.c:529) ? smpboot_thread_fn (kernel/smpboot.c:112) run_ksoftirqd (kernel/softirq.c:425 kernel/softirq.c:935 kernel/softirq.c:926) smpboot_thread_fn (kernel/smpboot.c:164 (discriminator 3)) ? sort_range (kernel/smpboot.c:109) kthread (kernel/kthread.c:376) ? kthread_complete_and_exit (kernel/kthread.c:335) ret_from_fork (arch/x86/entry/entry_64.S:312) FIX kmalloc-64: Restoring Left Redzone 0xffff8880112b1e00-0xffff8880112b1e3f=0xbb FIX kmalloc-64: Marking all objects used