Date
May 30, 2025, 4:14 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x15 |
[ 28.393395] ================================================================== [ 28.402921] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 28.410206] Write of size 16 at addr ffff000803eb5769 by task kunit_try_catch/222 [ 28.417672] [ 28.419156] CPU: 4 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 28.419210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.419228] Hardware name: WinLink E850-96 board (DT) [ 28.419248] Call trace: [ 28.419260] show_stack+0x20/0x38 (C) [ 28.419293] dump_stack_lvl+0x8c/0xd0 [ 28.419329] print_report+0x118/0x608 [ 28.419365] kasan_report+0xdc/0x128 [ 28.419395] kasan_check_range+0x100/0x1a8 [ 28.419428] __asan_memset+0x34/0x78 [ 28.419455] kmalloc_oob_memset_16+0x150/0x2f8 [ 28.419486] kunit_try_run_case+0x170/0x3f0 [ 28.419519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.419556] kthread+0x328/0x630 [ 28.419584] ret_from_fork+0x10/0x20 [ 28.419617] [ 28.485988] Allocated by task 222: [ 28.489375] kasan_save_stack+0x3c/0x68 [ 28.493191] kasan_save_track+0x20/0x40 [ 28.497011] kasan_save_alloc_info+0x40/0x58 [ 28.501264] __kasan_kmalloc+0xd4/0xd8 [ 28.504997] __kmalloc_cache_noprof+0x15c/0x3c0 [ 28.509511] kmalloc_oob_memset_16+0xb0/0x2f8 [ 28.513852] kunit_try_run_case+0x170/0x3f0 [ 28.518017] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.523486] kthread+0x328/0x630 [ 28.526698] ret_from_fork+0x10/0x20 [ 28.530257] [ 28.531732] The buggy address belongs to the object at ffff000803eb5700 [ 28.531732] which belongs to the cache kmalloc-128 of size 128 [ 28.544236] The buggy address is located 105 bytes inside of [ 28.544236] allocated 120-byte region [ffff000803eb5700, ffff000803eb5778) [ 28.556819] [ 28.558297] The buggy address belongs to the physical page: [ 28.563855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x883eb4 [ 28.571838] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.579477] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.586420] page_type: f5(slab) [ 28.589555] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 28.597276] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.605004] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 28.612814] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.620627] head: 0bfffe0000000001 fffffdffe00fad01 00000000ffffffff 00000000ffffffff [ 28.628439] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.636245] page dumped because: kasan: bad access detected [ 28.641801] [ 28.643275] Memory state around the buggy address: [ 28.648057] ffff000803eb5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.655259] ffff000803eb5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.662463] >ffff000803eb5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.669664] ^ [ 28.676786] ffff000803eb5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.683992] ffff000803eb5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.691192] ==================================================================
[ 24.911070] ================================================================== [ 24.911345] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 24.911485] Write of size 16 at addr fff00000c77e8169 by task kunit_try_catch/179 [ 24.911601] [ 24.911824] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT [ 24.912578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.912644] Hardware name: linux,dummy-virt (DT) [ 24.912735] Call trace: [ 24.913439] show_stack+0x20/0x38 (C) [ 24.914085] dump_stack_lvl+0x8c/0xd0 [ 24.914269] print_report+0x118/0x608 [ 24.914385] kasan_report+0xdc/0x128 [ 24.914773] kasan_check_range+0x100/0x1a8 [ 24.914931] __asan_memset+0x34/0x78 [ 24.915058] kmalloc_oob_memset_16+0x150/0x2f8 [ 24.915534] kunit_try_run_case+0x170/0x3f0 [ 24.915972] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.916671] kthread+0x328/0x630 [ 24.917103] ret_from_fork+0x10/0x20 [ 24.917277] [ 24.917425] Allocated by task 179: [ 24.917807] kasan_save_stack+0x3c/0x68 [ 24.917912] kasan_save_track+0x20/0x40 [ 24.918005] kasan_save_alloc_info+0x40/0x58 [ 24.918497] __kasan_kmalloc+0xd4/0xd8 [ 24.918786] __kmalloc_cache_noprof+0x15c/0x3c0 [ 24.919490] kmalloc_oob_memset_16+0xb0/0x2f8 [ 24.919643] kunit_try_run_case+0x170/0x3f0 [ 24.919758] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.919863] kthread+0x328/0x630 [ 24.919953] ret_from_fork+0x10/0x20 [ 24.920049] [ 24.920493] The buggy address belongs to the object at fff00000c77e8100 [ 24.920493] which belongs to the cache kmalloc-128 of size 128 [ 24.921583] The buggy address is located 105 bytes inside of [ 24.921583] allocated 120-byte region [fff00000c77e8100, fff00000c77e8178) [ 24.921765] [ 24.921825] The buggy address belongs to the physical page: [ 24.921917] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e8 [ 24.922266] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.922430] page_type: f5(slab) [ 24.923029] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.923163] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.923745] page dumped because: kasan: bad access detected [ 24.923818] [ 24.923861] Memory state around the buggy address: [ 24.923937] fff00000c77e8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.924232] fff00000c77e8080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.924695] >fff00000c77e8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.924803] ^ [ 24.924913] fff00000c77e8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.925013] fff00000c77e8200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.925135] ==================================================================
[ 18.380106] ================================================================== [ 18.382395] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 18.383726] Write of size 16 at addr ffff8881022c3a69 by task kunit_try_catch/195 [ 18.384440] [ 18.384631] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250530 #1 PREEMPT(voluntary) [ 18.384697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.384714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.384754] Call Trace: [ 18.384787] <TASK> [ 18.384811] dump_stack_lvl+0x73/0xb0 [ 18.384849] print_report+0xd1/0x650 [ 18.384880] ? __virt_addr_valid+0x1db/0x2d0 [ 18.384913] ? kmalloc_oob_memset_16+0x166/0x330 [ 18.384943] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.384974] ? kmalloc_oob_memset_16+0x166/0x330 [ 18.385004] kasan_report+0x141/0x180 [ 18.385073] ? kmalloc_oob_memset_16+0x166/0x330 [ 18.385114] kasan_check_range+0x10c/0x1c0 [ 18.385149] __asan_memset+0x27/0x50 [ 18.385176] kmalloc_oob_memset_16+0x166/0x330 [ 18.385208] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 18.385240] ? __schedule+0x10cc/0x2b60 [ 18.385275] ? __pfx_read_tsc+0x10/0x10 [ 18.385305] ? ktime_get_ts64+0x86/0x230 [ 18.385339] kunit_try_run_case+0x1a5/0x480 [ 18.385370] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.385398] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.385432] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.385467] ? __kthread_parkme+0x82/0x180 [ 18.385495] ? preempt_count_sub+0x50/0x80 [ 18.385526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.385554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.385588] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.385622] kthread+0x337/0x6f0 [ 18.385649] ? trace_preempt_on+0x20/0xc0 [ 18.385680] ? __pfx_kthread+0x10/0x10 [ 18.385708] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.385750] ? calculate_sigpending+0x7b/0xa0 [ 18.385805] ? __pfx_kthread+0x10/0x10 [ 18.385837] ret_from_fork+0x116/0x1d0 [ 18.385862] ? __pfx_kthread+0x10/0x10 [ 18.385890] ret_from_fork_asm+0x1a/0x30 [ 18.385932] </TASK> [ 18.385946] [ 18.404624] Allocated by task 195: [ 18.405374] kasan_save_stack+0x45/0x70 [ 18.406231] kasan_save_track+0x18/0x40 [ 18.406559] kasan_save_alloc_info+0x3b/0x50 [ 18.407453] __kasan_kmalloc+0xb7/0xc0 [ 18.407902] __kmalloc_cache_noprof+0x189/0x420 [ 18.408402] kmalloc_oob_memset_16+0xac/0x330 [ 18.408785] kunit_try_run_case+0x1a5/0x480 [ 18.409140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.409530] kthread+0x337/0x6f0 [ 18.410099] ret_from_fork+0x116/0x1d0 [ 18.410842] ret_from_fork_asm+0x1a/0x30 [ 18.411617] [ 18.412141] The buggy address belongs to the object at ffff8881022c3a00 [ 18.412141] which belongs to the cache kmalloc-128 of size 128 [ 18.413564] The buggy address is located 105 bytes inside of [ 18.413564] allocated 120-byte region [ffff8881022c3a00, ffff8881022c3a78) [ 18.414604] [ 18.414845] The buggy address belongs to the physical page: [ 18.415326] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1022c3 [ 18.415941] flags: 0x200000000000000(node=0|zone=2) [ 18.416350] page_type: f5(slab) [ 18.416731] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.417716] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.418836] page dumped because: kasan: bad access detected [ 18.419327] [ 18.419559] Memory state around the buggy address: [ 18.420399] ffff8881022c3900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.420929] ffff8881022c3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.421499] >ffff8881022c3a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.421986] ^ [ 18.422636] ffff8881022c3a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.423257] ffff8881022c3b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.423829] ==================================================================
[ 54.960357] ================================================================== [ 54.971740] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x1b0/0x35c [ 54.979095] Write of size 16 at addr cc78ed69 by task kunit_try_catch/230 [ 54.985931] [ 54.987457] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B W N 6.15.0-next-20250530 #1 NONE [ 54.987487] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 54.987487] Hardware name: Generic DRA74X (Flattened Device Tree) [ 54.987487] Call trace: [ 54.987487] unwind_backtrace from show_stack+0x18/0x1c [ 54.987518] show_stack from dump_stack_lvl+0x70/0x90 [ 54.987548] dump_stack_lvl from print_report+0x158/0x528 [ 54.987579] print_report from kasan_report+0xdc/0x118 [ 54.987609] kasan_report from kasan_check_range+0x14c/0x198 [ 54.987609] kasan_check_range from __asan_memset+0x20/0x3c [ 54.987640] __asan_memset from kmalloc_oob_memset_16+0x1b0/0x35c [ 54.987670] kmalloc_oob_memset_16 from kunit_try_run_case+0x22c/0x5a8 [ 54.987670] kunit_try_run_case from kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 54.987701] kunit_generic_run_threadfn_adapter from kthread+0x464/0x810 [ 54.987731] kthread from ret_from_fork+0x14/0x20 [ 54.987762] Exception stack(0xf22b3fb0 to 0xf22b3ff8) [ 54.987762] 3fa0: 00000000 00000000 00000000 00000000 [ 54.987792] 3fc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 [ 54.987792] 3fe0: 00000000 00000000 00000000 00000000 00000013 00000000 [ 54.987823] [ 55.105621] Allocated by task 230: [ 55.109039] kasan_save_track+0x30/0x5c [ 55.112915] __kasan_kmalloc+0x8c/0x94 [ 55.116668] kmalloc_oob_memset_16+0xcc/0x35c [ 55.121063] kunit_try_run_case+0x22c/0x5a8 [ 55.125305] kunit_generic_run_threadfn_adapter+0xc4/0x128 [ 55.130828] kthread+0x464/0x810 [ 55.134063] ret_from_fork+0x14/0x20 [ 55.137664] [ 55.139190] The buggy address belongs to the object at cc78ed00 [ 55.139190] which belongs to the cache kmalloc-128 of size 128 [ 55.151062] The buggy address is located 105 bytes inside of [ 55.151062] allocated 120-byte region [cc78ed00, cc78ed78) [ 55.162353] [ 55.163879] The buggy address belongs to the physical page: [ 55.169464] page: refcount:0 mapcount:0 mapping:00000000 index:0x0 pfn:0x8c78e [ 55.176757] flags: 0x0(zone=0) [ 55.179809] page_type: f5(slab) [ 55.182983] raw: 00000000 c7001400 00000122 00000000 00000000 80100010 f5000000 00000000 [ 55.191131] raw: 00000000 [ 55.193756] page dumped because: kasan: bad access detected [ 55.199371] [ 55.200866] Memory state around the buggy address: [ 55.205688] cc78ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 55.212280] cc78ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.218841] >cc78ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 55.225402] ^ [ 55.231903] cc78ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.238464] cc78ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 55.245025] ==================================================================