Date
May 30, 2025, 4:14 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x15 |
[ 27.167895] ================================================================== [ 27.176897] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 27.184186] Write of size 128 at addr ffff000801939200 by task kunit_try_catch/214 [ 27.191735] [ 27.193220] CPU: 3 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 27.193276] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.193293] Hardware name: WinLink E850-96 board (DT) [ 27.193312] Call trace: [ 27.193325] show_stack+0x20/0x38 (C) [ 27.193359] dump_stack_lvl+0x8c/0xd0 [ 27.193395] print_report+0x118/0x608 [ 27.193434] kasan_report+0xdc/0x128 [ 27.193464] kasan_check_range+0x100/0x1a8 [ 27.193499] __asan_memset+0x34/0x78 [ 27.193528] kmalloc_oob_in_memset+0x144/0x2d0 [ 27.193558] kunit_try_run_case+0x170/0x3f0 [ 27.193592] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.193631] kthread+0x328/0x630 [ 27.193659] ret_from_fork+0x10/0x20 [ 27.193695] [ 27.260051] Allocated by task 214: [ 27.263439] kasan_save_stack+0x3c/0x68 [ 27.267255] kasan_save_track+0x20/0x40 [ 27.271074] kasan_save_alloc_info+0x40/0x58 [ 27.275328] __kasan_kmalloc+0xd4/0xd8 [ 27.279060] __kmalloc_cache_noprof+0x15c/0x3c0 [ 27.283574] kmalloc_oob_in_memset+0xb0/0x2d0 [ 27.287914] kunit_try_run_case+0x170/0x3f0 [ 27.292082] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.297549] kthread+0x328/0x630 [ 27.300761] ret_from_fork+0x10/0x20 [ 27.304320] [ 27.305798] The buggy address belongs to the object at ffff000801939200 [ 27.305798] which belongs to the cache kmalloc-128 of size 128 [ 27.318299] The buggy address is located 0 bytes inside of [ 27.318299] allocated 120-byte region [ffff000801939200, ffff000801939278) [ 27.330709] [ 27.332187] The buggy address belongs to the physical page: [ 27.337745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881938 [ 27.345729] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.353368] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 27.360309] page_type: f5(slab) [ 27.363447] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 27.371166] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.378894] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 27.386704] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.394517] head: 0bfffe0000000001 fffffdffe0064e01 00000000ffffffff 00000000ffffffff [ 27.402329] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 27.410135] page dumped because: kasan: bad access detected [ 27.415691] [ 27.417166] Memory state around the buggy address: [ 27.421948] ffff000801939100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.429149] ffff000801939180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.436355] >ffff000801939200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.443554] ^ [ 27.450676] ffff000801939280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.457880] ffff000801939300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.465082] ==================================================================
[ 24.750704] ================================================================== [ 24.750831] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 24.750977] Write of size 128 at addr fff00000c5eeed00 by task kunit_try_catch/171 [ 24.751277] [ 24.751363] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 24.751804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.751886] Hardware name: linux,dummy-virt (DT) [ 24.751972] Call trace: [ 24.752116] show_stack+0x20/0x38 (C) [ 24.752240] dump_stack_lvl+0x8c/0xd0 [ 24.752357] print_report+0x118/0x608 [ 24.752471] kasan_report+0xdc/0x128 [ 24.752633] kasan_check_range+0x100/0x1a8 [ 24.752793] __asan_memset+0x34/0x78 [ 24.753011] kmalloc_oob_in_memset+0x144/0x2d0 [ 24.753135] kunit_try_run_case+0x170/0x3f0 [ 24.753319] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.753523] kthread+0x328/0x630 [ 24.753659] ret_from_fork+0x10/0x20 [ 24.753869] [ 24.753974] Allocated by task 171: [ 24.754313] kasan_save_stack+0x3c/0x68 [ 24.754637] kasan_save_track+0x20/0x40 [ 24.755139] kasan_save_alloc_info+0x40/0x58 [ 24.755429] __kasan_kmalloc+0xd4/0xd8 [ 24.755525] __kmalloc_cache_noprof+0x15c/0x3c0 [ 24.756394] kmalloc_oob_in_memset+0xb0/0x2d0 [ 24.756502] kunit_try_run_case+0x170/0x3f0 [ 24.757413] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.757549] kthread+0x328/0x630 [ 24.757852] ret_from_fork+0x10/0x20 [ 24.758497] [ 24.758551] The buggy address belongs to the object at fff00000c5eeed00 [ 24.758551] which belongs to the cache kmalloc-128 of size 128 [ 24.759127] The buggy address is located 0 bytes inside of [ 24.759127] allocated 120-byte region [fff00000c5eeed00, fff00000c5eeed78) [ 24.759989] [ 24.760045] The buggy address belongs to the physical page: [ 24.760120] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105eee [ 24.761102] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.761274] page_type: f5(slab) [ 24.761371] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.761485] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.761575] page dumped because: kasan: bad access detected [ 24.762280] [ 24.762897] Memory state around the buggy address: [ 24.763340] fff00000c5eeec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.763444] fff00000c5eeec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.763870] >fff00000c5eeed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.763970] ^ [ 24.764084] fff00000c5eeed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.765471] fff00000c5eeee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.765790] ==================================================================
[ 18.150729] ================================================================== [ 18.152064] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 18.152763] Write of size 128 at addr ffff888102b56200 by task kunit_try_catch/187 [ 18.153576] [ 18.153929] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 18.154073] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.154115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.154599] Call Trace: [ 18.154651] <TASK> [ 18.154703] dump_stack_lvl+0x73/0xb0 [ 18.154789] print_report+0xd1/0x650 [ 18.154859] ? __virt_addr_valid+0x1db/0x2d0 [ 18.154897] ? kmalloc_oob_in_memset+0x15f/0x320 [ 18.154930] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.154962] ? kmalloc_oob_in_memset+0x15f/0x320 [ 18.154995] kasan_report+0x141/0x180 [ 18.155053] ? kmalloc_oob_in_memset+0x15f/0x320 [ 18.155106] kasan_check_range+0x10c/0x1c0 [ 18.155142] __asan_memset+0x27/0x50 [ 18.155169] kmalloc_oob_in_memset+0x15f/0x320 [ 18.155200] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 18.155233] ? __schedule+0x10cc/0x2b60 [ 18.155267] ? __pfx_read_tsc+0x10/0x10 [ 18.155297] ? ktime_get_ts64+0x86/0x230 [ 18.155331] kunit_try_run_case+0x1a5/0x480 [ 18.155362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.155388] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.155423] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.155457] ? __kthread_parkme+0x82/0x180 [ 18.155486] ? preempt_count_sub+0x50/0x80 [ 18.155517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.155545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.155677] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.155721] kthread+0x337/0x6f0 [ 18.155764] ? trace_preempt_on+0x20/0xc0 [ 18.155815] ? __pfx_kthread+0x10/0x10 [ 18.155846] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.155878] ? calculate_sigpending+0x7b/0xa0 [ 18.155913] ? __pfx_kthread+0x10/0x10 [ 18.155943] ret_from_fork+0x116/0x1d0 [ 18.155968] ? __pfx_kthread+0x10/0x10 [ 18.155996] ret_from_fork_asm+0x1a/0x30 [ 18.156060] </TASK> [ 18.156076] [ 18.178661] Allocated by task 187: [ 18.179276] kasan_save_stack+0x45/0x70 [ 18.179808] kasan_save_track+0x18/0x40 [ 18.180283] kasan_save_alloc_info+0x3b/0x50 [ 18.180848] __kasan_kmalloc+0xb7/0xc0 [ 18.181386] __kmalloc_cache_noprof+0x189/0x420 [ 18.181873] kmalloc_oob_in_memset+0xac/0x320 [ 18.182393] kunit_try_run_case+0x1a5/0x480 [ 18.182982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.183718] kthread+0x337/0x6f0 [ 18.184142] ret_from_fork+0x116/0x1d0 [ 18.184693] ret_from_fork_asm+0x1a/0x30 [ 18.185101] [ 18.185444] The buggy address belongs to the object at ffff888102b56200 [ 18.185444] which belongs to the cache kmalloc-128 of size 128 [ 18.186766] The buggy address is located 0 bytes inside of [ 18.186766] allocated 120-byte region [ffff888102b56200, ffff888102b56278) [ 18.188240] [ 18.188624] The buggy address belongs to the physical page: [ 18.189461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b56 [ 18.190349] flags: 0x200000000000000(node=0|zone=2) [ 18.191113] page_type: f5(slab) [ 18.191457] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.192751] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.193653] page dumped because: kasan: bad access detected [ 18.194162] [ 18.194550] Memory state around the buggy address: [ 18.195079] ffff888102b56100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.195812] ffff888102b56180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.196981] >ffff888102b56200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.197738] ^ [ 18.198635] ffff888102b56280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.199324] ffff888102b56300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.200210] ==================================================================
[ 53.789947] ================================================================== [ 53.800811] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x1a4/0x350 [ 53.808197] Write of size 128 at addr cc78e900 by task kunit_try_catch/222 [ 53.815093] [ 53.816619] CPU: 0 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 53.816650] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 53.816650] Hardware name: Generic DRA74X (Flattened Device Tree) [ 53.816650] Call trace: [ 53.816650] unwind_backtrace from show_stack+0x18/0x1c [ 53.816680] show_stack from dump_stack_lvl+0x70/0x90 [ 53.816711] dump_stack_lvl from print_report+0x158/0x528 [ 53.816741] print_report from kasan_report+0xdc/0x118 [ 53.816772] kasan_report from kasan_check_range+0x14c/0x198 [ 53.816772] kasan_check_range from __asan_memset+0x20/0x3c [ 53.816802] __asan_memset from kmalloc_oob_in_memset+0x1a4/0x350 [ 53.816833] kmalloc_oob_in_memset from kunit_try_run_case+0x22c/0x5a8 [ 53.816833] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 53.816864] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 53.816894] kthread from ret_from_fork+0x14/0x20 [ 53.816925] Exception stack(0xf2273fb0 to 0xf2273ff8) [ 53.816925] 3fa0: 00000000 00000000 00000000 00000000 [ 53.816955] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 53.816955] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 53.816986] [ 53.934783] Allocated by task 222: [ 53.938201] kasan_save_track+0x30/0x5c [ 53.942077] __kasan_kmalloc+0x8c/0x94 [ 53.945831] kmalloc_oob_in_memset+0xd0/0x350 [ 53.950225] kunit_try_run_case+0x22c/0x5a8 [ 53.954467] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 53.959991] kthread+0x464/0x810 [ 53.963226] ret_from_fork+0x14/0x20 [ 53.966827] [ 53.968353] The buggy address belongs to the object at cc78e900 [ 53.968353] which belongs to the cache kmalloc-128 of size 128 [ 53.980224] The buggy address is located 0 bytes inside of [ 53.980224] allocated 120-byte region [cc78e900, cc78e978) [ 53.991363] [ 53.992858] The buggy address belongs to the physical page: [ 53.998474] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c78e [ 54.005737] flags: 0x0(zone=0) [ 54.008819] page_type: f5(slab) [ 54.011962] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 54.020111] raw: 00000000 [ 54.022766] page dumped because: kasan: bad access detected [ 54.028350] [ 54.029876] Memory state around the buggy address: [ 54.034698] cc78e800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.041259] cc78e880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.047821] >cc78e900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 54.054412] ^ [ 54.060882] cc78e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.067443] cc78ea00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 54.074005] ==================================================================