Date
June 2, 2025, 2:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 26.169575] ================================================================== [ 26.179164] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 26.186451] Write of size 16 at addr ffff000802408469 by task kunit_try_catch/225 [ 26.193916] [ 26.195402] CPU: 5 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 26.195456] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.195471] Hardware name: WinLink E850-96 board (DT) [ 26.195491] Call trace: [ 26.195506] show_stack+0x20/0x38 (C) [ 26.195543] dump_stack_lvl+0x8c/0xd0 [ 26.195579] print_report+0x118/0x608 [ 26.195607] kasan_report+0xdc/0x128 [ 26.195634] kasan_check_range+0x100/0x1a8 [ 26.195669] __asan_memset+0x34/0x78 [ 26.195698] kmalloc_oob_memset_16+0x150/0x2f8 [ 26.195730] kunit_try_run_case+0x170/0x3f0 [ 26.195764] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.195801] kthread+0x328/0x630 [ 26.195834] ret_from_fork+0x10/0x20 [ 26.195869] [ 26.261364] Allocated by task 225: [ 26.264750] kasan_save_stack+0x3c/0x68 [ 26.268567] kasan_save_track+0x20/0x40 [ 26.272388] kasan_save_alloc_info+0x40/0x58 [ 26.276640] __kasan_kmalloc+0xd4/0xd8 [ 26.280373] __kmalloc_cache_noprof+0x16c/0x3c0 [ 26.284887] kmalloc_oob_memset_16+0xb0/0x2f8 [ 26.289227] kunit_try_run_case+0x170/0x3f0 [ 26.293394] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.298862] kthread+0x328/0x630 [ 26.302074] ret_from_fork+0x10/0x20 [ 26.305633] [ 26.307110] The buggy address belongs to the object at ffff000802408400 [ 26.307110] which belongs to the cache kmalloc-128 of size 128 [ 26.319610] The buggy address is located 105 bytes inside of [ 26.319610] allocated 120-byte region [ffff000802408400, ffff000802408478) [ 26.332195] [ 26.333674] The buggy address belongs to the physical page: [ 26.339231] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x882408 [ 26.347215] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.354854] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 26.361796] page_type: f5(slab) [ 26.364934] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 26.372652] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.380378] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 26.388190] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.396003] head: 0bfffe0000000001 fffffdffe0090201 00000000ffffffff 00000000ffffffff [ 26.403815] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.411620] page dumped because: kasan: bad access detected [ 26.417176] [ 26.418652] Memory state around the buggy address: [ 26.423433] ffff000802408300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.430634] ffff000802408380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.437840] >ffff000802408400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.445041] ^ [ 26.452162] ffff000802408480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.459366] ffff000802408500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.466569] ==================================================================
[ 18.133148] ================================================================== [ 18.133227] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 18.133296] Write of size 16 at addr fff00000c3f75769 by task kunit_try_catch/181 [ 18.133345] [ 18.133842] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 18.139646] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.140604] Hardware name: linux,dummy-virt (DT) [ 18.141566] Call trace: [ 18.146453] show_stack+0x20/0x38 (C) [ 18.146554] dump_stack_lvl+0x8c/0xd0 [ 18.149413] print_report+0x118/0x608 [ 18.149700] kasan_report+0xdc/0x128 [ 18.149898] kasan_check_range+0x100/0x1a8 [ 18.149972] __asan_memset+0x34/0x78 [ 18.150025] kmalloc_oob_memset_16+0x150/0x2f8 [ 18.150078] kunit_try_run_case+0x170/0x3f0 [ 18.150132] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.150187] kthread+0x328/0x630 [ 18.150235] ret_from_fork+0x10/0x20 [ 18.150287] [ 18.150305] Allocated by task 181: [ 18.150334] kasan_save_stack+0x3c/0x68 [ 18.150384] kasan_save_track+0x20/0x40 [ 18.150420] kasan_save_alloc_info+0x40/0x58 [ 18.150459] __kasan_kmalloc+0xd4/0xd8 [ 18.150495] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.150538] kmalloc_oob_memset_16+0xb0/0x2f8 [ 18.150578] kunit_try_run_case+0x170/0x3f0 [ 18.150616] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.150661] kthread+0x328/0x630 [ 18.150696] ret_from_fork+0x10/0x20 [ 18.150732] [ 18.150753] The buggy address belongs to the object at fff00000c3f75700 [ 18.150753] which belongs to the cache kmalloc-128 of size 128 [ 18.150809] The buggy address is located 105 bytes inside of [ 18.150809] allocated 120-byte region [fff00000c3f75700, fff00000c3f75778) [ 18.150868] [ 18.150889] The buggy address belongs to the physical page: [ 18.150921] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f75 [ 18.150976] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.151033] page_type: f5(slab) [ 18.151075] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.151123] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.151162] page dumped because: kasan: bad access detected [ 18.151193] [ 18.151210] Memory state around the buggy address: [ 18.151245] fff00000c3f75600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.151288] fff00000c3f75680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.151330] >fff00000c3f75700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.151374] ^ [ 18.151413] fff00000c3f75780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.151453] fff00000c3f75800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.151489] ==================================================================
[ 16.723189] ================================================================== [ 16.723884] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 16.724590] Write of size 16 at addr ffff888102b31069 by task kunit_try_catch/199 [ 16.724934] [ 16.725168] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT(voluntary) [ 16.725275] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.725305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.725352] Call Trace: [ 16.725383] <TASK> [ 16.725423] dump_stack_lvl+0x73/0xb0 [ 16.725472] print_report+0xd1/0x650 [ 16.725501] ? __virt_addr_valid+0x1db/0x2d0 [ 16.725528] ? kmalloc_oob_memset_16+0x166/0x330 [ 16.725554] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.725589] ? kmalloc_oob_memset_16+0x166/0x330 [ 16.725628] kasan_report+0x141/0x180 [ 16.725656] ? kmalloc_oob_memset_16+0x166/0x330 [ 16.725687] kasan_check_range+0x10c/0x1c0 [ 16.725710] __asan_memset+0x27/0x50 [ 16.725733] kmalloc_oob_memset_16+0x166/0x330 [ 16.725785] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 16.725829] ? __schedule+0x10cc/0x2b30 [ 16.725869] ? __pfx_read_tsc+0x10/0x10 [ 16.725905] ? ktime_get_ts64+0x86/0x230 [ 16.725954] kunit_try_run_case+0x1a5/0x480 [ 16.726004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.726052] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.726104] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.726149] ? __kthread_parkme+0x82/0x180 [ 16.726186] ? preempt_count_sub+0x50/0x80 [ 16.726235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.726284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.726334] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.726384] kthread+0x337/0x6f0 [ 16.726426] ? trace_preempt_on+0x20/0xc0 [ 16.726481] ? __pfx_kthread+0x10/0x10 [ 16.726524] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.726567] ? calculate_sigpending+0x7b/0xa0 [ 16.726615] ? __pfx_kthread+0x10/0x10 [ 16.726659] ret_from_fork+0x41/0x80 [ 16.726708] ? __pfx_kthread+0x10/0x10 [ 16.726757] ret_from_fork_asm+0x1a/0x30 [ 16.726800] </TASK> [ 16.726816] [ 16.737680] Allocated by task 199: [ 16.738122] kasan_save_stack+0x45/0x70 [ 16.738537] kasan_save_track+0x18/0x40 [ 16.738995] kasan_save_alloc_info+0x3b/0x50 [ 16.739458] __kasan_kmalloc+0xb7/0xc0 [ 16.739832] __kmalloc_cache_noprof+0x189/0x420 [ 16.740201] kmalloc_oob_memset_16+0xac/0x330 [ 16.740615] kunit_try_run_case+0x1a5/0x480 [ 16.740941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.741437] kthread+0x337/0x6f0 [ 16.741723] ret_from_fork+0x41/0x80 [ 16.742089] ret_from_fork_asm+0x1a/0x30 [ 16.742507] [ 16.742745] The buggy address belongs to the object at ffff888102b31000 [ 16.742745] which belongs to the cache kmalloc-128 of size 128 [ 16.743614] The buggy address is located 105 bytes inside of [ 16.743614] allocated 120-byte region [ffff888102b31000, ffff888102b31078) [ 16.744455] [ 16.744602] The buggy address belongs to the physical page: [ 16.744838] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b31 [ 16.745290] flags: 0x200000000000000(node=0|zone=2) [ 16.745836] page_type: f5(slab) [ 16.746299] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.746921] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.747591] page dumped because: kasan: bad access detected [ 16.747984] [ 16.748207] Memory state around the buggy address: [ 16.748622] ffff888102b30f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.748993] ffff888102b30f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.749557] >ffff888102b31000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.749856] ^ [ 16.750340] ffff888102b31080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.750955] ffff888102b31100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.751526] ==================================================================