Date
July 4, 2025, 3:11 p.m.
| Environment | |
|---|---|
| e850-96 | |
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 25.602835] ================================================================== [ 25.612612] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 25.619815] Write of size 4 at addr ffff0008018e6e75 by task kunit_try_catch/223 [ 25.627192] [ 25.628677] CPU: 2 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 25.628726] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.628743] Hardware name: WinLink E850-96 board (DT) [ 25.628764] Call trace: [ 25.628779] show_stack+0x20/0x38 (C) [ 25.628812] dump_stack_lvl+0x8c/0xd0 [ 25.628847] print_report+0x118/0x608 [ 25.628878] kasan_report+0xdc/0x128 [ 25.628906] kasan_check_range+0x100/0x1a8 [ 25.628937] __asan_memset+0x34/0x78 [ 25.628966] kmalloc_oob_memset_4+0x150/0x300 [ 25.628997] kunit_try_run_case+0x170/0x3f0 [ 25.629034] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.629070] kthread+0x328/0x630 [ 25.629105] ret_from_fork+0x10/0x20 [ 25.629138] [ 25.694552] Allocated by task 223: [ 25.697941] kasan_save_stack+0x3c/0x68 [ 25.701756] kasan_save_track+0x20/0x40 [ 25.705576] kasan_save_alloc_info+0x40/0x58 [ 25.709829] __kasan_kmalloc+0xd4/0xd8 [ 25.713562] __kmalloc_cache_noprof+0x16c/0x3c0 [ 25.718076] kmalloc_oob_memset_4+0xb0/0x300 [ 25.722329] kunit_try_run_case+0x170/0x3f0 [ 25.726496] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 25.731964] kthread+0x328/0x630 [ 25.735176] ret_from_fork+0x10/0x20 [ 25.738735] [ 25.740213] The buggy address belongs to the object at ffff0008018e6e00 [ 25.740213] which belongs to the cache kmalloc-128 of size 128 [ 25.752714] The buggy address is located 117 bytes inside of [ 25.752714] allocated 120-byte region [ffff0008018e6e00, ffff0008018e6e78) [ 25.765297] [ 25.766776] The buggy address belongs to the physical page: [ 25.772333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8818e6 [ 25.780317] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 25.787955] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 25.794899] page_type: f5(slab) [ 25.798034] raw: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 25.805755] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.813481] head: 0bfffe0000000040 ffff000800002a00 dead000000000122 0000000000000000 [ 25.821293] head: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 25.829106] head: 0bfffe0000000001 fffffdffe0063981 00000000ffffffff 00000000ffffffff [ 25.836921] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 25.844723] page dumped because: kasan: bad access detected [ 25.850278] [ 25.851754] Memory state around the buggy address: [ 25.856533] ffff0008018e6d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.863737] ffff0008018e6d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.870943] >ffff0008018e6e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.878143] ^ [ 25.885264] ffff0008018e6e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.892469] ffff0008018e6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.899672] ==================================================================
[ 15.593737] ================================================================== [ 15.593793] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 15.593842] Write of size 4 at addr fff00000c637a775 by task kunit_try_catch/179 [ 15.593889] [ 15.593919] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT [ 15.594002] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.594027] Hardware name: linux,dummy-virt (DT) [ 15.594056] Call trace: [ 15.594077] show_stack+0x20/0x38 (C) [ 15.594122] dump_stack_lvl+0x8c/0xd0 [ 15.594168] print_report+0x118/0x608 [ 15.594211] kasan_report+0xdc/0x128 [ 15.594271] kasan_check_range+0x100/0x1a8 [ 15.594317] __asan_memset+0x34/0x78 [ 15.594359] kmalloc_oob_memset_4+0x150/0x300 [ 15.594432] kunit_try_run_case+0x170/0x3f0 [ 15.594479] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.594530] kthread+0x328/0x630 [ 15.594572] ret_from_fork+0x10/0x20 [ 15.594617] [ 15.594646] Allocated by task 179: [ 15.594672] kasan_save_stack+0x3c/0x68 [ 15.594708] kasan_save_track+0x20/0x40 [ 15.594742] kasan_save_alloc_info+0x40/0x58 [ 15.594779] __kasan_kmalloc+0xd4/0xd8 [ 15.594823] __kmalloc_cache_noprof+0x16c/0x3c0 [ 15.594859] kmalloc_oob_memset_4+0xb0/0x300 [ 15.594897] kunit_try_run_case+0x170/0x3f0 [ 15.595004] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 15.595048] kthread+0x328/0x630 [ 15.595108] ret_from_fork+0x10/0x20 [ 15.595143] [ 15.595182] The buggy address belongs to the object at fff00000c637a700 [ 15.595182] which belongs to the cache kmalloc-128 of size 128 [ 15.595244] The buggy address is located 117 bytes inside of [ 15.595244] allocated 120-byte region [fff00000c637a700, fff00000c637a778) [ 15.595303] [ 15.595322] The buggy address belongs to the physical page: [ 15.595609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10637a [ 15.595712] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 15.595789] page_type: f5(slab) [ 15.595825] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 15.595929] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.595975] page dumped because: kasan: bad access detected [ 15.596026] [ 15.596090] Memory state around the buggy address: [ 15.596120] fff00000c637a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.596160] fff00000c637a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.596200] >fff00000c637a700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.596235] ^ [ 15.596273] fff00000c637a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.596312] fff00000c637a800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.596348] ==================================================================
[ 14.375586] ================================================================== [ 14.376122] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 14.376862] Write of size 4 at addr ffff8881029e5775 by task kunit_try_catch/195 [ 14.377541] [ 14.377996] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 14.378175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.378209] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.378274] Call Trace: [ 14.378306] <TASK> [ 14.378360] dump_stack_lvl+0x73/0xb0 [ 14.378403] print_report+0xd1/0x650 [ 14.378431] ? __virt_addr_valid+0x1db/0x2d0 [ 14.378457] ? kmalloc_oob_memset_4+0x166/0x330 [ 14.378481] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.378506] ? kmalloc_oob_memset_4+0x166/0x330 [ 14.378530] kasan_report+0x141/0x180 [ 14.378553] ? kmalloc_oob_memset_4+0x166/0x330 [ 14.378581] kasan_check_range+0x10c/0x1c0 [ 14.378602] __asan_memset+0x27/0x50 [ 14.378623] kmalloc_oob_memset_4+0x166/0x330 [ 14.378647] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 14.378673] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 14.378700] kunit_try_run_case+0x1a5/0x480 [ 14.378727] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.378749] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.378774] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.378798] ? __kthread_parkme+0x82/0x180 [ 14.378822] ? preempt_count_sub+0x50/0x80 [ 14.378849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.378873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.378897] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.378920] kthread+0x337/0x6f0 [ 14.378938] ? trace_preempt_on+0x20/0xc0 [ 14.378963] ? __pfx_kthread+0x10/0x10 [ 14.378982] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.379004] ? calculate_sigpending+0x7b/0xa0 [ 14.379028] ? __pfx_kthread+0x10/0x10 [ 14.379048] ret_from_fork+0x41/0x80 [ 14.379104] ? __pfx_kthread+0x10/0x10 [ 14.379126] ret_from_fork_asm+0x1a/0x30 [ 14.379159] </TASK> [ 14.379172] [ 14.389268] Allocated by task 195: [ 14.389491] kasan_save_stack+0x45/0x70 [ 14.389876] kasan_save_track+0x18/0x40 [ 14.390296] kasan_save_alloc_info+0x3b/0x50 [ 14.390724] __kasan_kmalloc+0xb7/0xc0 [ 14.391083] __kmalloc_cache_noprof+0x189/0x420 [ 14.391501] kmalloc_oob_memset_4+0xac/0x330 [ 14.391909] kunit_try_run_case+0x1a5/0x480 [ 14.392364] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.392602] kthread+0x337/0x6f0 [ 14.392820] ret_from_fork+0x41/0x80 [ 14.392995] ret_from_fork_asm+0x1a/0x30 [ 14.393493] [ 14.393731] The buggy address belongs to the object at ffff8881029e5700 [ 14.393731] which belongs to the cache kmalloc-128 of size 128 [ 14.394251] The buggy address is located 117 bytes inside of [ 14.394251] allocated 120-byte region [ffff8881029e5700, ffff8881029e5778) [ 14.394762] [ 14.394894] The buggy address belongs to the physical page: [ 14.395134] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.395461] flags: 0x200000000000000(node=0|zone=2) [ 14.395706] page_type: f5(slab) [ 14.395926] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.396251] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.396630] page dumped because: kasan: bad access detected [ 14.396883] [ 14.397022] Memory state around the buggy address: [ 14.397545] ffff8881029e5600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.397810] ffff8881029e5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.398086] >ffff8881029e5700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.398428] ^ [ 14.398820] ffff8881029e5780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.399103] ffff8881029e5800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.399581] ==================================================================
[ 29.671730] ================================================================== [ 29.683061] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 29.690288] Write of size 4 at addr ffff8881049b7275 by task kunit_try_catch/217 [ 29.697689] [ 29.699189] CPU: 1 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.15.5-rc2 #1 PREEMPT(voluntary) [ 29.699197] Tainted: [B]=BAD_PAGE, [N]=TEST [ 29.699199] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 29.699202] Call Trace: [ 29.699204] <TASK> [ 29.699205] dump_stack_lvl+0x73/0xb0 [ 29.699209] print_report+0xd1/0x650 [ 29.699213] ? __virt_addr_valid+0x1db/0x2d0 [ 29.699217] ? kmalloc_oob_memset_4+0x166/0x330 [ 29.699222] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.699226] ? kmalloc_oob_memset_4+0x166/0x330 [ 29.699230] kasan_report+0x141/0x180 [ 29.699235] ? kmalloc_oob_memset_4+0x166/0x330 [ 29.699240] kasan_check_range+0x10c/0x1c0 [ 29.699243] __asan_memset+0x27/0x50 [ 29.699247] kmalloc_oob_memset_4+0x166/0x330 [ 29.699252] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 29.699256] ? __schedule+0x10cc/0x2b60 [ 29.699261] ? ktime_get_ts64+0x83/0x230 [ 29.699265] kunit_try_run_case+0x1a2/0x480 [ 29.699270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.699274] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.699279] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.699283] ? __kthread_parkme+0x82/0x180 [ 29.699287] ? preempt_count_sub+0x50/0x80 [ 29.699292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.699297] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 29.699301] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.699305] kthread+0x334/0x6f0 [ 29.699308] ? trace_preempt_on+0x20/0xc0 [ 29.699312] ? __pfx_kthread+0x10/0x10 [ 29.699315] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.699320] ? calculate_sigpending+0x7b/0xa0 [ 29.699323] ? __pfx_kthread+0x10/0x10 [ 29.699327] ret_from_fork+0x3e/0x80 [ 29.699331] ? __pfx_kthread+0x10/0x10 [ 29.699334] ret_from_fork_asm+0x1a/0x30 [ 29.699339] </TASK> [ 29.699341] [ 29.866316] Allocated by task 217: [ 29.869721] kasan_save_stack+0x45/0x70 [ 29.873559] kasan_save_track+0x18/0x40 [ 29.877400] kasan_save_alloc_info+0x3b/0x50 [ 29.881672] __kasan_kmalloc+0xb7/0xc0 [ 29.885425] __kmalloc_cache_noprof+0x189/0x420 [ 29.889956] kmalloc_oob_memset_4+0xac/0x330 [ 29.894229] kunit_try_run_case+0x1a2/0x480 [ 29.898415] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 29.903815] kthread+0x334/0x6f0 [ 29.907047] ret_from_fork+0x3e/0x80 [ 29.910628] ret_from_fork_asm+0x1a/0x30 [ 29.914553] [ 29.916052] The buggy address belongs to the object at ffff8881049b7200 [ 29.916052] which belongs to the cache kmalloc-128 of size 128 [ 29.928569] The buggy address is located 117 bytes inside of [ 29.928569] allocated 120-byte region [ffff8881049b7200, ffff8881049b7278) [ 29.941169] [ 29.942669] The buggy address belongs to the physical page: [ 29.948240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1049b7 [ 29.956241] flags: 0x200000000000000(node=0|zone=2) [ 29.961119] page_type: f5(slab) [ 29.964266] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 29.972007] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.979751] page dumped because: kasan: bad access detected [ 29.985327] [ 29.986824] Memory state around the buggy address: [ 29.991617] ffff8881049b7100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.998837] ffff8881049b7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.006058] >ffff8881049b7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.013275] ^ [ 30.020407] ffff8881049b7280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.027626] ffff8881049b7300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.034845] ==================================================================