Date
June 26, 2025, 11:12 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 28.290736] ================================================================== [ 28.300339] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 28.307627] Write of size 16 at addr ffff000801ed6669 by task kunit_try_catch/227 [ 28.315091] [ 28.316580] CPU: 7 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 28.316640] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.316657] Hardware name: WinLink E850-96 board (DT) [ 28.316679] Call trace: [ 28.316693] show_stack+0x20/0x38 (C) [ 28.316730] dump_stack_lvl+0x8c/0xd0 [ 28.316769] print_report+0x118/0x608 [ 28.316799] kasan_report+0xdc/0x128 [ 28.316828] kasan_check_range+0x100/0x1a8 [ 28.316859] __asan_memset+0x34/0x78 [ 28.316891] kmalloc_oob_memset_16+0x150/0x2f8 [ 28.316925] kunit_try_run_case+0x170/0x3f0 [ 28.316960] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.316997] kthread+0x328/0x630 [ 28.317030] ret_from_fork+0x10/0x20 [ 28.317065] [ 28.382539] Allocated by task 227: [ 28.385927] kasan_save_stack+0x3c/0x68 [ 28.389743] kasan_save_track+0x20/0x40 [ 28.393562] kasan_save_alloc_info+0x40/0x58 [ 28.397816] __kasan_kmalloc+0xd4/0xd8 [ 28.401548] __kmalloc_cache_noprof+0x16c/0x3c0 [ 28.406062] kmalloc_oob_memset_16+0xb0/0x2f8 [ 28.410402] kunit_try_run_case+0x170/0x3f0 [ 28.414569] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 28.420037] kthread+0x328/0x630 [ 28.423250] ret_from_fork+0x10/0x20 [ 28.426808] [ 28.428287] The buggy address belongs to the object at ffff000801ed6600 [ 28.428287] which belongs to the cache kmalloc-128 of size 128 [ 28.440787] The buggy address is located 105 bytes inside of [ 28.440787] allocated 120-byte region [ffff000801ed6600, ffff000801ed6678) [ 28.453370] [ 28.454849] The buggy address belongs to the physical page: [ 28.460407] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ed6 [ 28.468390] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 28.476028] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 28.482972] page_type: f5(slab) [ 28.486110] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 28.493828] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.501555] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 28.509366] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 28.517179] head: 0bfffe0000000001 fffffdffe007b581 00000000ffffffff 00000000ffffffff [ 28.524991] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 28.532796] page dumped because: kasan: bad access detected [ 28.538353] [ 28.539829] Memory state around the buggy address: [ 28.544607] ffff000801ed6500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.551810] ffff000801ed6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.559016] >ffff000801ed6600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.566216] ^ [ 28.573338] ffff000801ed6680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.580543] ffff000801ed6700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.587745] ==================================================================
[ 18.057228] ================================================================== [ 18.057621] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 18.057771] Write of size 16 at addr fff00000c5bdcb69 by task kunit_try_catch/180 [ 18.057825] [ 18.057866] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 18.058166] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.058281] Hardware name: linux,dummy-virt (DT) [ 18.058380] Call trace: [ 18.058480] show_stack+0x20/0x38 (C) [ 18.058534] dump_stack_lvl+0x8c/0xd0 [ 18.058608] print_report+0x118/0x608 [ 18.058659] kasan_report+0xdc/0x128 [ 18.058950] kasan_check_range+0x100/0x1a8 [ 18.059019] __asan_memset+0x34/0x78 [ 18.059064] kmalloc_oob_memset_16+0x150/0x2f8 [ 18.059358] kunit_try_run_case+0x170/0x3f0 [ 18.059430] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.059484] kthread+0x328/0x630 [ 18.059528] ret_from_fork+0x10/0x20 [ 18.059658] [ 18.059725] Allocated by task 180: [ 18.059754] kasan_save_stack+0x3c/0x68 [ 18.059949] kasan_save_track+0x20/0x40 [ 18.060001] kasan_save_alloc_info+0x40/0x58 [ 18.060040] __kasan_kmalloc+0xd4/0xd8 [ 18.060155] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.060274] kmalloc_oob_memset_16+0xb0/0x2f8 [ 18.060354] kunit_try_run_case+0x170/0x3f0 [ 18.060533] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.060693] kthread+0x328/0x630 [ 18.060789] ret_from_fork+0x10/0x20 [ 18.060860] [ 18.060880] The buggy address belongs to the object at fff00000c5bdcb00 [ 18.060880] which belongs to the cache kmalloc-128 of size 128 [ 18.060937] The buggy address is located 105 bytes inside of [ 18.060937] allocated 120-byte region [fff00000c5bdcb00, fff00000c5bdcb78) [ 18.060999] [ 18.061019] The buggy address belongs to the physical page: [ 18.061049] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105bdc [ 18.061483] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.061644] page_type: f5(slab) [ 18.061750] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.061981] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.062107] page dumped because: kasan: bad access detected [ 18.062141] [ 18.062159] Memory state around the buggy address: [ 18.062396] fff00000c5bdca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.062561] fff00000c5bdca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.062737] >fff00000c5bdcb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.062843] ^ [ 18.062995] fff00000c5bdcb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.063050] fff00000c5bdcc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.063089] ==================================================================
[ 11.051529] ================================================================== [ 11.052004] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 11.052262] Write of size 16 at addr ffff888102f60869 by task kunit_try_catch/197 [ 11.052489] [ 11.052582] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 11.052634] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.052645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.052666] Call Trace: [ 11.052679] <TASK> [ 11.052697] dump_stack_lvl+0x73/0xb0 [ 11.052725] print_report+0xd1/0x650 [ 11.052747] ? __virt_addr_valid+0x1db/0x2d0 [ 11.052769] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.052790] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.052813] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.052835] kasan_report+0x141/0x180 [ 11.052857] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.052883] kasan_check_range+0x10c/0x1c0 [ 11.052903] __asan_memset+0x27/0x50 [ 11.052966] kmalloc_oob_memset_16+0x166/0x330 [ 11.052992] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 11.053015] ? __schedule+0x10cc/0x2b60 [ 11.053038] ? __pfx_read_tsc+0x10/0x10 [ 11.053058] ? ktime_get_ts64+0x86/0x230 [ 11.053084] kunit_try_run_case+0x1a5/0x480 [ 11.053110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.053132] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.053156] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.053178] ? __kthread_parkme+0x82/0x180 [ 11.053200] ? preempt_count_sub+0x50/0x80 [ 11.053225] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.053309] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.053333] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.053355] kthread+0x337/0x6f0 [ 11.053384] ? trace_preempt_on+0x20/0xc0 [ 11.053407] ? __pfx_kthread+0x10/0x10 [ 11.053425] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.053446] ? calculate_sigpending+0x7b/0xa0 [ 11.053467] ? __pfx_kthread+0x10/0x10 [ 11.053485] ret_from_fork+0x41/0x80 [ 11.053506] ? __pfx_kthread+0x10/0x10 [ 11.053523] ret_from_fork_asm+0x1a/0x30 [ 11.053571] </TASK> [ 11.053583] [ 11.069270] Allocated by task 197: [ 11.069419] kasan_save_stack+0x45/0x70 [ 11.069579] kasan_save_track+0x18/0x40 [ 11.069710] kasan_save_alloc_info+0x3b/0x50 [ 11.069849] __kasan_kmalloc+0xb7/0xc0 [ 11.070199] __kmalloc_cache_noprof+0x189/0x420 [ 11.070611] kmalloc_oob_memset_16+0xac/0x330 [ 11.070857] kunit_try_run_case+0x1a5/0x480 [ 11.071293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.071812] kthread+0x337/0x6f0 [ 11.072043] ret_from_fork+0x41/0x80 [ 11.072442] ret_from_fork_asm+0x1a/0x30 [ 11.072721] [ 11.072965] The buggy address belongs to the object at ffff888102f60800 [ 11.072965] which belongs to the cache kmalloc-128 of size 128 [ 11.073586] The buggy address is located 105 bytes inside of [ 11.073586] allocated 120-byte region [ffff888102f60800, ffff888102f60878) [ 11.074929] [ 11.075082] The buggy address belongs to the physical page: [ 11.075637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f60 [ 11.076223] flags: 0x200000000000000(node=0|zone=2) [ 11.076835] page_type: f5(slab) [ 11.076972] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.077196] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.077412] page dumped because: kasan: bad access detected [ 11.077584] [ 11.077650] Memory state around the buggy address: [ 11.077801] ffff888102f60700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.078021] ffff888102f60780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.078229] >ffff888102f60800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.078433] ^ [ 11.078636] ffff888102f60880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.078840] ffff888102f60900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.079335] ==================================================================