Date
July 4, 2025, 3:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 25.297536] ================================================================== [ 25.307065] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 25.314264] Write of size 2 at addr ffff000801a3d577 by task kunit_try_catch/221 [ 25.321642] [ 25.323129] CPU: 3 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 25.323182] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.323199] Hardware name: WinLink E850-96 board (DT) [ 25.323220] Call trace: [ 25.323233] show_stack+0x20/0x38 (C) [ 25.323265] dump_stack_lvl+0x8c/0xd0 [ 25.323304] print_report+0x118/0x608 [ 25.323335] kasan_report+0xdc/0x128 [ 25.323364] kasan_check_range+0x100/0x1a8 [ 25.323395] __asan_memset+0x34/0x78 [ 25.323422] kmalloc_oob_memset_2+0x150/0x2f8 [ 25.323457] kunit_try_run_case+0x170/0x3f0 [ 25.323493] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.323530] kthread+0x328/0x630 [ 25.323564] ret_from_fork+0x10/0x20 [ 25.323599] [ 25.389002] Allocated by task 221: [ 25.392390] kasan_save_stack+0x3c/0x68 [ 25.396205] kasan_save_track+0x20/0x40 [ 25.400025] kasan_save_alloc_info+0x40/0x58 [ 25.404278] __kasan_kmalloc+0xd4/0xd8 [ 25.408011] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.412524] kmalloc_oob_memset_2+0xb0/0x2f8 [ 25.416779] kunit_try_run_case+0x170/0x3f0 [ 25.420945] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.426413] kthread+0x328/0x630 [ 25.429625] ret_from_fork+0x10/0x20 [ 25.433184] [ 25.434661] The buggy address belongs to the object at ffff000801a3d500 [ 25.434661] which belongs to the cache kmalloc-128 of size 128 [ 25.447163] The buggy address is located 119 bytes inside of [ 25.447163] allocated 120-byte region [ffff000801a3d500, ffff000801a3d578) [ 25.459746] [ 25.461224] The buggy address belongs to the physical page: [ 25.466782] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x881a3c [ 25.474765] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.482404] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.489348] page_type: f5(slab) [ 25.492485] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 25.500204] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.507930] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 25.515741] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.523554] head: 0bfffe0000000001 fffffdffe0068f01 00000000ffffffff 00000000ffffffff [ 25.531366] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.539175] page dumped because: kasan: bad access detected [ 25.544727] [ 25.546203] Memory state around the buggy address: [ 25.550986] ffff000801a3d400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.558186] ffff000801a3d480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.565392] >ffff000801a3d500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.572592] ^ [ 25.579713] ffff000801a3d580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.586920] ffff000801a3d600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.594121] ==================================================================
[ 15.585161] ================================================================== [ 15.585281] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 15.585332] Write of size 2 at addr fff00000c637a677 by task kunit_try_catch/177 [ 15.585426] [ 15.585485] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.585564] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.585590] Hardware name: linux,dummy-virt (DT) [ 15.585674] Call trace: [ 15.585702] show_stack+0x20/0x38 (C) [ 15.585785] dump_stack_lvl+0x8c/0xd0 [ 15.585863] print_report+0x118/0x608 [ 15.585907] kasan_report+0xdc/0x128 [ 15.586008] kasan_check_range+0x100/0x1a8 [ 15.586055] __asan_memset+0x34/0x78 [ 15.586114] kmalloc_oob_memset_2+0x150/0x2f8 [ 15.586161] kunit_try_run_case+0x170/0x3f0 [ 15.586212] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.586355] kthread+0x328/0x630 [ 15.586424] ret_from_fork+0x10/0x20 [ 15.586493] [ 15.586512] Allocated by task 177: [ 15.586539] kasan_save_stack+0x3c/0x68 [ 15.586592] kasan_save_track+0x20/0x40 [ 15.586638] kasan_save_alloc_info+0x40/0x58 [ 15.586713] __kasan_kmalloc+0xd4/0xd8 [ 15.586748] __kmalloc_cache_noprof+0x16c/0x3c0 [ 15.586797] kmalloc_oob_memset_2+0xb0/0x2f8 [ 15.586881] kunit_try_run_case+0x170/0x3f0 [ 15.586953] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.586997] kthread+0x328/0x630 [ 15.587031] ret_from_fork+0x10/0x20 [ 15.587273] [ 15.587317] The buggy address belongs to the object at fff00000c637a600 [ 15.587317] which belongs to the cache kmalloc-128 of size 128 [ 15.587371] The buggy address is located 119 bytes inside of [ 15.587371] allocated 120-byte region [fff00000c637a600, fff00000c637a678) [ 15.587431] [ 15.587451] The buggy address belongs to the physical page: [ 15.587514] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10637a [ 15.587684] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.587768] page_type: f5(slab) [ 15.587841] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.587898] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.587936] page dumped because: kasan: bad access detected [ 15.588022] [ 15.588261] Memory state around the buggy address: [ 15.588417] fff00000c637a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.588570] fff00000c637a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.588612] >fff00000c637a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.588657] ^ [ 15.588713] fff00000c637a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.589016] fff00000c637a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.589201] ==================================================================
[ 14.340772] ================================================================== [ 14.341691] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 14.342328] Write of size 2 at addr ffff8881029e5677 by task kunit_try_catch/193 [ 14.343084] [ 14.343389] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 14.343544] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.343572] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.343619] Call Trace: [ 14.343651] <TASK> [ 14.343688] dump_stack_lvl+0x73/0xb0 [ 14.343739] print_report+0xd1/0x650 [ 14.343773] ? __virt_addr_valid+0x1db/0x2d0 [ 14.343804] ? kmalloc_oob_memset_2+0x166/0x330 [ 14.343834] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.343857] ? kmalloc_oob_memset_2+0x166/0x330 [ 14.343881] kasan_report+0x141/0x180 [ 14.343904] ? kmalloc_oob_memset_2+0x166/0x330 [ 14.343931] kasan_check_range+0x10c/0x1c0 [ 14.343953] __asan_memset+0x27/0x50 [ 14.343973] kmalloc_oob_memset_2+0x166/0x330 [ 14.343997] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 14.344020] ? __schedule+0x10cc/0x2b60 [ 14.344044] ? __pfx_read_tsc+0x10/0x10 [ 14.344068] ? ktime_get_ts64+0x86/0x230 [ 14.344103] kunit_try_run_case+0x1a5/0x480 [ 14.344129] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.344151] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.344176] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.344199] ? __kthread_parkme+0x82/0x180 [ 14.344223] ? preempt_count_sub+0x50/0x80 [ 14.344249] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.344273] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.344296] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.344319] kthread+0x337/0x6f0 [ 14.344355] ? trace_preempt_on+0x20/0xc0 [ 14.344383] ? __pfx_kthread+0x10/0x10 [ 14.344402] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.344424] ? calculate_sigpending+0x7b/0xa0 [ 14.344449] ? __pfx_kthread+0x10/0x10 [ 14.344468] ret_from_fork+0x41/0x80 [ 14.344489] ? __pfx_kthread+0x10/0x10 [ 14.344508] ret_from_fork_asm+0x1a/0x30 [ 14.344542] </TASK> [ 14.344554] [ 14.356553] Allocated by task 193: [ 14.356911] kasan_save_stack+0x45/0x70 [ 14.357382] kasan_save_track+0x18/0x40 [ 14.357574] kasan_save_alloc_info+0x3b/0x50 [ 14.357681] __kasan_kmalloc+0xb7/0xc0 [ 14.357773] __kmalloc_cache_noprof+0x189/0x420 [ 14.357874] kmalloc_oob_memset_2+0xac/0x330 [ 14.357972] kunit_try_run_case+0x1a5/0x480 [ 14.358093] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.358597] kthread+0x337/0x6f0 [ 14.358959] ret_from_fork+0x41/0x80 [ 14.359302] ret_from_fork_asm+0x1a/0x30 [ 14.359691] [ 14.359892] The buggy address belongs to the object at ffff8881029e5600 [ 14.359892] which belongs to the cache kmalloc-128 of size 128 [ 14.361067] The buggy address is located 119 bytes inside of [ 14.361067] allocated 120-byte region [ffff8881029e5600, ffff8881029e5678) [ 14.362219] [ 14.362469] The buggy address belongs to the physical page: [ 14.362907] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.363485] flags: 0x200000000000000(node=0|zone=2) [ 14.363842] page_type: f5(slab) [ 14.364168] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.364499] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.365068] page dumped because: kasan: bad access detected [ 14.365357] [ 14.365544] Memory state around the buggy address: [ 14.365923] ffff8881029e5500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.366567] ffff8881029e5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.366947] >ffff8881029e5600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.367539] ^ [ 14.367992] ffff8881029e5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.368352] ffff8881029e5700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.368849] ==================================================================
[ 29.300910] ================================================================== [ 29.312352] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 29.319571] Write of size 2 at addr ffff8881049b7177 by task kunit_try_catch/215 [ 29.326966] [ 29.328464] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 29.328472] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.328474] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 29.328477] Call Trace: [ 29.328478] <TASK> [ 29.328480] dump_stack_lvl+0x73/0xb0 [ 29.328484] print_report+0xd1/0x650 [ 29.328488] ? __virt_addr_valid+0x1db/0x2d0 [ 29.328492] ? kmalloc_oob_memset_2+0x166/0x330 [ 29.328496] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.328500] ? kmalloc_oob_memset_2+0x166/0x330 [ 29.328505] kasan_report+0x141/0x180 [ 29.328509] ? kmalloc_oob_memset_2+0x166/0x330 [ 29.328514] kasan_check_range+0x10c/0x1c0 [ 29.328518] __asan_memset+0x27/0x50 [ 29.328521] kmalloc_oob_memset_2+0x166/0x330 [ 29.328526] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 29.328530] ? __schedule+0x10cc/0x2b60 [ 29.328535] ? ktime_get_ts64+0x83/0x230 [ 29.328539] kunit_try_run_case+0x1a2/0x480 [ 29.328544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.328548] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.328553] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.328557] ? __kthread_parkme+0x82/0x180 [ 29.328561] ? preempt_count_sub+0x50/0x80 [ 29.328566] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.328571] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 29.328575] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.328579] kthread+0x334/0x6f0 [ 29.328582] ? trace_preempt_on+0x20/0xc0 [ 29.328586] ? __pfx_kthread+0x10/0x10 [ 29.328589] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.328594] ? calculate_sigpending+0x7b/0xa0 [ 29.328598] ? __pfx_kthread+0x10/0x10 [ 29.328601] ret_from_fork+0x3e/0x80 [ 29.328605] ? __pfx_kthread+0x10/0x10 [ 29.328608] ret_from_fork_asm+0x1a/0x30 [ 29.328613] </TASK> [ 29.328615] [ 29.495582] Allocated by task 215: [ 29.498988] kasan_save_stack+0x45/0x70 [ 29.502826] kasan_save_track+0x18/0x40 [ 29.506667] kasan_save_alloc_info+0x3b/0x50 [ 29.510952] __kasan_kmalloc+0xb7/0xc0 [ 29.514709] __kmalloc_cache_noprof+0x189/0x420 [ 29.519241] kmalloc_oob_memset_2+0xac/0x330 [ 29.523516] kunit_try_run_case+0x1a2/0x480 [ 29.527710] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 29.533108] kthread+0x334/0x6f0 [ 29.536340] ret_from_fork+0x3e/0x80 [ 29.539922] ret_from_fork_asm+0x1a/0x30 [ 29.543872] [ 29.545363] The buggy address belongs to the object at ffff8881049b7100 [ 29.545363] which belongs to the cache kmalloc-128 of size 128 [ 29.557879] The buggy address is located 119 bytes inside of [ 29.557879] allocated 120-byte region [ffff8881049b7100, ffff8881049b7178) [ 29.570496] [ 29.571997] The buggy address belongs to the physical page: [ 29.577570] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049b7 [ 29.585578] flags: 0x200000000000000(node=0|zone=2) [ 29.590457] page_type: f5(slab) [ 29.593605] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 29.601350] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.609089] page dumped because: kasan: bad access detected [ 29.614663] [ 29.616162] Memory state around the buggy address: [ 29.620955] ffff8881049b7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.628182] ffff8881049b7080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.635402] >ffff8881049b7100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.642620] ^ [ 29.649752] ffff8881049b7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.656996] ffff8881049b7200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.664219] ==================================================================