Date
June 2, 2025, 2:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 25.864148] ================================================================== [ 25.873613] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 25.880815] Write of size 8 at addr ffff000801dd0171 by task kunit_try_catch/223 [ 25.888191] [ 25.889679] CPU: 6 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 25.889734] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.889747] Hardware name: WinLink E850-96 board (DT) [ 25.889767] Call trace: [ 25.889780] show_stack+0x20/0x38 (C) [ 25.889816] dump_stack_lvl+0x8c/0xd0 [ 25.889853] print_report+0x118/0x608 [ 25.889886] kasan_report+0xdc/0x128 [ 25.889914] kasan_check_range+0x100/0x1a8 [ 25.889946] __asan_memset+0x34/0x78 [ 25.889976] kmalloc_oob_memset_8+0x150/0x2f8 [ 25.890008] kunit_try_run_case+0x170/0x3f0 [ 25.890045] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.890084] kthread+0x328/0x630 [ 25.890116] ret_from_fork+0x10/0x20 [ 25.890152] [ 25.955553] Allocated by task 223: [ 25.958938] kasan_save_stack+0x3c/0x68 [ 25.962756] kasan_save_track+0x20/0x40 [ 25.966575] kasan_save_alloc_info+0x40/0x58 [ 25.970829] __kasan_kmalloc+0xd4/0xd8 [ 25.974561] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.979075] kmalloc_oob_memset_8+0xb0/0x2f8 [ 25.983330] kunit_try_run_case+0x170/0x3f0 [ 25.987495] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.992964] kthread+0x328/0x630 [ 25.996176] ret_from_fork+0x10/0x20 [ 25.999734] [ 26.001213] The buggy address belongs to the object at ffff000801dd0100 [ 26.001213] which belongs to the cache kmalloc-128 of size 128 [ 26.013712] The buggy address is located 113 bytes inside of [ 26.013712] allocated 120-byte region [ffff000801dd0100, ffff000801dd0178) [ 26.026296] [ 26.027775] The buggy address belongs to the physical page: [ 26.033333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881dd0 [ 26.041318] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 26.048955] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 26.055899] page_type: f5(slab) [ 26.059036] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 26.066754] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.074480] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 26.082292] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 26.090105] head: 0bfffe0000000001 fffffdffe0077401 00000000ffffffff 00000000ffffffff [ 26.097917] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 26.105722] page dumped because: kasan: bad access detected [ 26.111278] [ 26.112755] Memory state around the buggy address: [ 26.117533] ffff000801dd0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.124736] ffff000801dd0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.131942] >ffff000801dd0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.139142] ^ [ 26.146263] ffff000801dd0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.153470] ffff000801dd0200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.160671] ==================================================================
[ 18.069430] ================================================================== [ 18.069557] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 18.069630] Write of size 8 at addr fff00000c3f75671 by task kunit_try_catch/179 [ 18.069679] [ 18.069719] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT [ 18.069804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.069830] Hardware name: linux,dummy-virt (DT) [ 18.069862] Call trace: [ 18.069887] show_stack+0x20/0x38 (C) [ 18.069938] dump_stack_lvl+0x8c/0xd0 [ 18.069987] print_report+0x118/0x608 [ 18.070033] kasan_report+0xdc/0x128 [ 18.070076] kasan_check_range+0x100/0x1a8 [ 18.070123] __asan_memset+0x34/0x78 [ 18.070167] kmalloc_oob_memset_8+0x150/0x2f8 [ 18.070216] kunit_try_run_case+0x170/0x3f0 [ 18.070266] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.070320] kthread+0x328/0x630 [ 18.070378] ret_from_fork+0x10/0x20 [ 18.070429] [ 18.070448] Allocated by task 179: [ 18.070476] kasan_save_stack+0x3c/0x68 [ 18.070516] kasan_save_track+0x20/0x40 [ 18.070554] kasan_save_alloc_info+0x40/0x58 [ 18.070594] __kasan_kmalloc+0xd4/0xd8 [ 18.070633] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.070678] kmalloc_oob_memset_8+0xb0/0x2f8 [ 18.076505] kunit_try_run_case+0x170/0x3f0 [ 18.076577] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.076632] kthread+0x328/0x630 [ 18.076670] ret_from_fork+0x10/0x20 [ 18.076709] [ 18.076731] The buggy address belongs to the object at fff00000c3f75600 [ 18.076731] which belongs to the cache kmalloc-128 of size 128 [ 18.076789] The buggy address is located 113 bytes inside of [ 18.076789] allocated 120-byte region [fff00000c3f75600, fff00000c3f75678) [ 18.076850] [ 18.076871] The buggy address belongs to the physical page: [ 18.076904] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f75 [ 18.077099] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.077171] page_type: f5(slab) [ 18.077408] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.077647] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.077897] page dumped because: kasan: bad access detected [ 18.078027] [ 18.078046] Memory state around the buggy address: [ 18.078082] fff00000c3f75500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.078429] fff00000c3f75580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.078828] >fff00000c3f75600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.078872] ^ [ 18.078913] fff00000c3f75680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.078955] fff00000c3f75700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.078991] ==================================================================
[ 16.680981] ================================================================== [ 16.682194] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 16.682652] Write of size 8 at addr ffff888102b25f71 by task kunit_try_catch/197 [ 16.683049] [ 16.683388] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.15.1-rc1 #1 PREEMPT(voluntary) [ 16.683505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.683536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.683586] Call Trace: [ 16.683619] <TASK> [ 16.683671] dump_stack_lvl+0x73/0xb0 [ 16.683744] print_report+0xd1/0x650 [ 16.683819] ? __virt_addr_valid+0x1db/0x2d0 [ 16.683885] ? kmalloc_oob_memset_8+0x166/0x330 [ 16.683937] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.683980] ? kmalloc_oob_memset_8+0x166/0x330 [ 16.684014] kasan_report+0x141/0x180 [ 16.684041] ? kmalloc_oob_memset_8+0x166/0x330 [ 16.684071] kasan_check_range+0x10c/0x1c0 [ 16.684094] __asan_memset+0x27/0x50 [ 16.684128] kmalloc_oob_memset_8+0x166/0x330 [ 16.684215] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 16.684267] ? __schedule+0x10cc/0x2b30 [ 16.684316] ? __pfx_read_tsc+0x10/0x10 [ 16.684360] ? ktime_get_ts64+0x86/0x230 [ 16.684421] kunit_try_run_case+0x1a5/0x480 [ 16.684473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.684513] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.684589] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.684656] ? __kthread_parkme+0x82/0x180 [ 16.684711] ? preempt_count_sub+0x50/0x80 [ 16.684786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.684836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.684877] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.684915] kthread+0x337/0x6f0 [ 16.684948] ? trace_preempt_on+0x20/0xc0 [ 16.684978] ? __pfx_kthread+0x10/0x10 [ 16.684998] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.685022] ? calculate_sigpending+0x7b/0xa0 [ 16.685048] ? __pfx_kthread+0x10/0x10 [ 16.685068] ret_from_fork+0x41/0x80 [ 16.685092] ? __pfx_kthread+0x10/0x10 [ 16.685160] ret_from_fork_asm+0x1a/0x30 [ 16.685279] </TASK> [ 16.685300] [ 16.699369] Allocated by task 197: [ 16.700675] kasan_save_stack+0x45/0x70 [ 16.701466] kasan_save_track+0x18/0x40 [ 16.701720] kasan_save_alloc_info+0x3b/0x50 [ 16.701917] __kasan_kmalloc+0xb7/0xc0 [ 16.702621] __kmalloc_cache_noprof+0x189/0x420 [ 16.703026] kmalloc_oob_memset_8+0xac/0x330 [ 16.703560] kunit_try_run_case+0x1a5/0x480 [ 16.703784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.704006] kthread+0x337/0x6f0 [ 16.704545] ret_from_fork+0x41/0x80 [ 16.704961] ret_from_fork_asm+0x1a/0x30 [ 16.705533] [ 16.705737] The buggy address belongs to the object at ffff888102b25f00 [ 16.705737] which belongs to the cache kmalloc-128 of size 128 [ 16.706579] The buggy address is located 113 bytes inside of [ 16.706579] allocated 120-byte region [ffff888102b25f00, ffff888102b25f78) [ 16.707512] [ 16.707777] The buggy address belongs to the physical page: [ 16.708408] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b25 [ 16.709261] flags: 0x200000000000000(node=0|zone=2) [ 16.709717] page_type: f5(slab) [ 16.710062] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.710830] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.711064] page dumped because: kasan: bad access detected [ 16.711309] [ 16.711477] Memory state around the buggy address: [ 16.712418] ffff888102b25e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.713731] ffff888102b25e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.714124] >ffff888102b25f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.715015] ^ [ 16.715248] ffff888102b25f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.715458] ffff888102b26000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.716581] ==================================================================