Date
June 26, 2025, 11:12 a.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 |
[ 27.679827] ================================================================== [ 27.689237] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 27.696440] Write of size 4 at addr ffff000801ed6575 by task kunit_try_catch/223 [ 27.703816] [ 27.705306] CPU: 7 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 27.705362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.705378] Hardware name: WinLink E850-96 board (DT) [ 27.705398] Call trace: [ 27.705410] show_stack+0x20/0x38 (C) [ 27.705447] dump_stack_lvl+0x8c/0xd0 [ 27.705487] print_report+0x118/0x608 [ 27.705517] kasan_report+0xdc/0x128 [ 27.705547] kasan_check_range+0x100/0x1a8 [ 27.705581] __asan_memset+0x34/0x78 [ 27.705611] kmalloc_oob_memset_4+0x150/0x300 [ 27.705643] kunit_try_run_case+0x170/0x3f0 [ 27.705683] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.705722] kthread+0x328/0x630 [ 27.705757] ret_from_fork+0x10/0x20 [ 27.705794] [ 27.771176] Allocated by task 223: [ 27.774565] kasan_save_stack+0x3c/0x68 [ 27.778380] kasan_save_track+0x20/0x40 [ 27.782200] kasan_save_alloc_info+0x40/0x58 [ 27.786453] __kasan_kmalloc+0xd4/0xd8 [ 27.790187] __kmalloc_cache_noprof+0x16c/0x3c0 [ 27.794700] kmalloc_oob_memset_4+0xb0/0x300 [ 27.798953] kunit_try_run_case+0x170/0x3f0 [ 27.803121] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.808588] kthread+0x328/0x630 [ 27.811800] ret_from_fork+0x10/0x20 [ 27.815359] [ 27.816837] The buggy address belongs to the object at ffff000801ed6500 [ 27.816837] which belongs to the cache kmalloc-128 of size 128 [ 27.829337] The buggy address is located 117 bytes inside of [ 27.829337] allocated 120-byte region [ffff000801ed6500, ffff000801ed6578) [ 27.841921] [ 27.843402] The buggy address belongs to the physical page: [ 27.848955] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881ed6 [ 27.856940] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 27.864579] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 27.871524] page_type: f5(slab) [ 27.874662] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 27.882379] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.890107] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 27.897917] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 27.905729] head: 0bfffe0000000001 fffffdffe007b581 00000000ffffffff 00000000ffffffff [ 27.913542] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 27.921347] page dumped because: kasan: bad access detected [ 27.926902] [ 27.928378] Memory state around the buggy address: [ 27.933161] ffff000801ed6400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 27.940361] ffff000801ed6480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.947567] >ffff000801ed6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 27.954767] ^ [ 27.961889] ffff000801ed6580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.969094] ffff000801ed6600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.976296] ==================================================================
[ 18.033963] ================================================================== [ 18.034057] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 18.034155] Write of size 4 at addr fff00000c5bdc975 by task kunit_try_catch/176 [ 18.034210] [ 18.034257] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT [ 18.034447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.034487] Hardware name: linux,dummy-virt (DT) [ 18.034517] Call trace: [ 18.034551] show_stack+0x20/0x38 (C) [ 18.034600] dump_stack_lvl+0x8c/0xd0 [ 18.034698] print_report+0x118/0x608 [ 18.034753] kasan_report+0xdc/0x128 [ 18.034797] kasan_check_range+0x100/0x1a8 [ 18.034842] __asan_memset+0x34/0x78 [ 18.034954] kmalloc_oob_memset_4+0x150/0x300 [ 18.035030] kunit_try_run_case+0x170/0x3f0 [ 18.035100] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.035186] kthread+0x328/0x630 [ 18.035231] ret_from_fork+0x10/0x20 [ 18.035296] [ 18.035342] Allocated by task 176: [ 18.035456] kasan_save_stack+0x3c/0x68 [ 18.035566] kasan_save_track+0x20/0x40 [ 18.035603] kasan_save_alloc_info+0x40/0x58 [ 18.035646] __kasan_kmalloc+0xd4/0xd8 [ 18.035687] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.035776] kmalloc_oob_memset_4+0xb0/0x300 [ 18.035842] kunit_try_run_case+0x170/0x3f0 [ 18.035922] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.036000] kthread+0x328/0x630 [ 18.036048] ret_from_fork+0x10/0x20 [ 18.036125] [ 18.036144] The buggy address belongs to the object at fff00000c5bdc900 [ 18.036144] which belongs to the cache kmalloc-128 of size 128 [ 18.036211] The buggy address is located 117 bytes inside of [ 18.036211] allocated 120-byte region [fff00000c5bdc900, fff00000c5bdc978) [ 18.036274] [ 18.036293] The buggy address belongs to the physical page: [ 18.036322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105bdc [ 18.036639] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.036687] page_type: f5(slab) [ 18.036778] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.036956] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.037047] page dumped because: kasan: bad access detected [ 18.037105] [ 18.037195] Memory state around the buggy address: [ 18.037303] fff00000c5bdc800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.037347] fff00000c5bdc880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.037585] >fff00000c5bdc900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.037769] ^ [ 18.037896] fff00000c5bdc980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.037999] fff00000c5bdca00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.038106] ==================================================================
[ 10.984783] ================================================================== [ 10.986175] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 10.987678] Write of size 4 at addr ffff888102f60775 by task kunit_try_catch/193 [ 10.988269] [ 10.989048] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.15.4-rc3 #1 PREEMPT(voluntary) [ 10.989107] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.989120] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.989142] Call Trace: [ 10.989156] <TASK> [ 10.989176] dump_stack_lvl+0x73/0xb0 [ 10.989205] print_report+0xd1/0x650 [ 10.989228] ? __virt_addr_valid+0x1db/0x2d0 [ 10.989252] ? kmalloc_oob_memset_4+0x166/0x330 [ 10.989274] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.989297] ? kmalloc_oob_memset_4+0x166/0x330 [ 10.989319] kasan_report+0x141/0x180 [ 10.989341] ? kmalloc_oob_memset_4+0x166/0x330 [ 10.989368] kasan_check_range+0x10c/0x1c0 [ 10.989387] __asan_memset+0x27/0x50 [ 10.989407] kmalloc_oob_memset_4+0x166/0x330 [ 10.989430] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 10.989452] ? __schedule+0x10cc/0x2b60 [ 10.989475] ? __pfx_read_tsc+0x10/0x10 [ 10.989496] ? ktime_get_ts64+0x86/0x230 [ 10.989521] kunit_try_run_case+0x1a5/0x480 [ 10.989546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.989633] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.989657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.989680] ? __kthread_parkme+0x82/0x180 [ 10.989701] ? preempt_count_sub+0x50/0x80 [ 10.989745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.989769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.989792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.989815] kthread+0x337/0x6f0 [ 10.989831] ? trace_preempt_on+0x20/0xc0 [ 10.989855] ? __pfx_kthread+0x10/0x10 [ 10.989872] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.989893] ? calculate_sigpending+0x7b/0xa0 [ 10.989914] ? __pfx_kthread+0x10/0x10 [ 10.989941] ret_from_fork+0x41/0x80 [ 10.989962] ? __pfx_kthread+0x10/0x10 [ 10.989979] ret_from_fork_asm+0x1a/0x30 [ 10.990011] </TASK> [ 10.990023] [ 11.006449] Allocated by task 193: [ 11.006644] kasan_save_stack+0x45/0x70 [ 11.007438] kasan_save_track+0x18/0x40 [ 11.008015] kasan_save_alloc_info+0x3b/0x50 [ 11.008466] __kasan_kmalloc+0xb7/0xc0 [ 11.008618] __kmalloc_cache_noprof+0x189/0x420 [ 11.009317] kmalloc_oob_memset_4+0xac/0x330 [ 11.009851] kunit_try_run_case+0x1a5/0x480 [ 11.010307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.010488] kthread+0x337/0x6f0 [ 11.010740] ret_from_fork+0x41/0x80 [ 11.011152] ret_from_fork_asm+0x1a/0x30 [ 11.011582] [ 11.011812] The buggy address belongs to the object at ffff888102f60700 [ 11.011812] which belongs to the cache kmalloc-128 of size 128 [ 11.012554] The buggy address is located 117 bytes inside of [ 11.012554] allocated 120-byte region [ffff888102f60700, ffff888102f60778) [ 11.013481] [ 11.013677] The buggy address belongs to the physical page: [ 11.014322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f60 [ 11.015099] flags: 0x200000000000000(node=0|zone=2) [ 11.015265] page_type: f5(slab) [ 11.015387] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.015629] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.016463] page dumped because: kasan: bad access detected [ 11.017111] [ 11.017301] Memory state around the buggy address: [ 11.017826] ffff888102f60600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.018530] ffff888102f60680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.019380] >ffff888102f60700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.019912] ^ [ 11.020345] ffff888102f60780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.020556] ffff888102f60800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.020959] ==================================================================