Date
June 3, 2025, 7:38 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 18.108532] ================================================================== [ 18.108596] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 18.108648] Write of size 1 at addr fff00000c78d9f00 by task kunit_try_catch/144 [ 18.108824] [ 18.108863] CPU: 1 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.108949] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.108991] Hardware name: linux,dummy-virt (DT) [ 18.109040] Call trace: [ 18.109079] show_stack+0x20/0x38 (C) [ 18.109150] dump_stack_lvl+0x8c/0xd0 [ 18.109227] print_report+0x118/0x608 [ 18.109323] kasan_report+0xdc/0x128 [ 18.109368] __asan_report_store1_noabort+0x20/0x30 [ 18.109414] kmalloc_big_oob_right+0x2a4/0x2f0 [ 18.109473] kunit_try_run_case+0x170/0x3f0 [ 18.109519] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.109644] kthread+0x328/0x630 [ 18.109717] ret_from_fork+0x10/0x20 [ 18.109785] [ 18.109804] Allocated by task 144: [ 18.109832] kasan_save_stack+0x3c/0x68 [ 18.109871] kasan_save_track+0x20/0x40 [ 18.109925] kasan_save_alloc_info+0x40/0x58 [ 18.109961] __kasan_kmalloc+0xd4/0xd8 [ 18.109996] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.110034] kmalloc_big_oob_right+0xb8/0x2f0 [ 18.110077] kunit_try_run_case+0x170/0x3f0 [ 18.110134] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.110180] kthread+0x328/0x630 [ 18.110487] ret_from_fork+0x10/0x20 [ 18.110532] [ 18.110551] The buggy address belongs to the object at fff00000c78d8000 [ 18.110551] which belongs to the cache kmalloc-8k of size 8192 [ 18.110606] The buggy address is located 0 bytes to the right of [ 18.110606] allocated 7936-byte region [fff00000c78d8000, fff00000c78d9f00) [ 18.110683] [ 18.110722] The buggy address belongs to the physical page: [ 18.110771] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078d8 [ 18.110852] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 18.110897] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 18.110950] page_type: f5(slab) [ 18.110987] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 18.111034] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 18.111082] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 18.111128] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 18.111210] head: 0bfffe0000000003 ffffc1ffc31e3601 00000000ffffffff 00000000ffffffff [ 18.111334] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 18.111625] page dumped because: kasan: bad access detected [ 18.111661] [ 18.111679] Memory state around the buggy address: [ 18.111730] fff00000c78d9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.111772] fff00000c78d9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.111840] >fff00000c78d9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.111943] ^ [ 18.112036] fff00000c78d9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.112094] fff00000c78da000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.112152] ==================================================================
[ 13.639033] ================================================================== [ 13.639822] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 13.640991] Write of size 1 at addr ffff888102a45f00 by task kunit_try_catch/161 [ 13.641820] [ 13.642069] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 13.642203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.642228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.642268] Call Trace: [ 13.642296] <TASK> [ 13.642339] dump_stack_lvl+0x73/0xb0 [ 13.642450] print_report+0xd1/0x650 [ 13.642533] ? __virt_addr_valid+0x1db/0x2d0 [ 13.642589] ? kmalloc_big_oob_right+0x316/0x370 [ 13.642636] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.642683] ? kmalloc_big_oob_right+0x316/0x370 [ 13.642918] kasan_report+0x141/0x180 [ 13.642986] ? kmalloc_big_oob_right+0x316/0x370 [ 13.643035] __asan_report_store1_noabort+0x1b/0x30 [ 13.643074] kmalloc_big_oob_right+0x316/0x370 [ 13.643102] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 13.643128] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 13.643156] kunit_try_run_case+0x1a5/0x480 [ 13.643184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.643244] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.643278] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.643304] ? __kthread_parkme+0x82/0x180 [ 13.643330] ? preempt_count_sub+0x50/0x80 [ 13.643396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.643421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.643447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.643493] kthread+0x337/0x6f0 [ 13.643516] ? trace_preempt_on+0x20/0xc0 [ 13.643544] ? __pfx_kthread+0x10/0x10 [ 13.643566] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.643590] ? calculate_sigpending+0x7b/0xa0 [ 13.643616] ? __pfx_kthread+0x10/0x10 [ 13.643639] ret_from_fork+0x116/0x1d0 [ 13.643661] ? __pfx_kthread+0x10/0x10 [ 13.643687] ret_from_fork_asm+0x1a/0x30 [ 13.643770] </TASK> [ 13.643793] [ 13.656029] Allocated by task 161: [ 13.656404] kasan_save_stack+0x45/0x70 [ 13.656802] kasan_save_track+0x18/0x40 [ 13.657596] kasan_save_alloc_info+0x3b/0x50 [ 13.659155] __kasan_kmalloc+0xb7/0xc0 [ 13.659371] __kmalloc_cache_noprof+0x189/0x420 [ 13.660727] kmalloc_big_oob_right+0xa9/0x370 [ 13.662722] kunit_try_run_case+0x1a5/0x480 [ 13.663067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.663324] kthread+0x337/0x6f0 [ 13.664215] ret_from_fork+0x116/0x1d0 [ 13.664419] ret_from_fork_asm+0x1a/0x30 [ 13.665063] [ 13.665545] The buggy address belongs to the object at ffff888102a44000 [ 13.665545] which belongs to the cache kmalloc-8k of size 8192 [ 13.665950] The buggy address is located 0 bytes to the right of [ 13.665950] allocated 7936-byte region [ffff888102a44000, ffff888102a45f00) [ 13.668080] [ 13.668317] The buggy address belongs to the physical page: [ 13.669769] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a40 [ 13.670180] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.670476] flags: 0x200000000000040(head|node=0|zone=2) [ 13.670729] page_type: f5(slab) [ 13.670913] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 13.671154] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 13.671418] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 13.672308] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 13.672724] head: 0200000000000003 ffffea00040a9001 00000000ffffffff 00000000ffffffff [ 13.673400] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 13.674002] page dumped because: kasan: bad access detected [ 13.674287] [ 13.674410] Memory state around the buggy address: [ 13.674646] ffff888102a45e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.675181] ffff888102a45e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.675878] >ffff888102a45f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.677312] ^ [ 13.678359] ffff888102a45f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.679015] ffff888102a46000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.679701] ==================================================================
[ 19.097910] ================================================================== [ 19.110384] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 19.117721] Write of size 1 at addr ffff888106afdf00 by task kunit_try_catch/184 [ 19.125115] [ 19.126613] CPU: 2 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 19.126622] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 19.126625] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 19.126629] Call Trace: [ 19.126630] <TASK> [ 19.126632] dump_stack_lvl+0x73/0xb0 [ 19.126636] print_report+0xd1/0x650 [ 19.126640] ? __virt_addr_valid+0x1db/0x2d0 [ 19.126644] ? kmalloc_big_oob_right+0x316/0x370 [ 19.126648] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.126652] ? kmalloc_big_oob_right+0x316/0x370 [ 19.126657] kasan_report+0x141/0x180 [ 19.126661] ? kmalloc_big_oob_right+0x316/0x370 [ 19.126666] __asan_report_store1_noabort+0x1b/0x30 [ 19.126669] kmalloc_big_oob_right+0x316/0x370 [ 19.126673] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 19.126678] ? __schedule+0x10cc/0x2b60 [ 19.126683] ? ktime_get_ts64+0x83/0x230 [ 19.126687] kunit_try_run_case+0x1a2/0x480 [ 19.126691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.126694] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.126698] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.126703] ? __kthread_parkme+0x82/0x180 [ 19.126707] ? preempt_count_sub+0x50/0x80 [ 19.126711] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.126714] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 19.126719] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.126723] kthread+0x334/0x6f0 [ 19.126727] ? trace_preempt_on+0x20/0xc0 [ 19.126731] ? __pfx_kthread+0x10/0x10 [ 19.126735] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.126739] ? calculate_sigpending+0x7b/0xa0 [ 19.126743] ? __pfx_kthread+0x10/0x10 [ 19.126747] ret_from_fork+0x113/0x1d0 [ 19.126750] ? __pfx_kthread+0x10/0x10 [ 19.126754] ret_from_fork_asm+0x1a/0x30 [ 19.126760] </TASK> [ 19.126761] [ 19.294172] Allocated by task 184: [ 19.297579] kasan_save_stack+0x45/0x70 [ 19.301431] kasan_save_track+0x18/0x40 [ 19.305272] kasan_save_alloc_info+0x3b/0x50 [ 19.309545] __kasan_kmalloc+0xb7/0xc0 [ 19.313299] __kmalloc_cache_noprof+0x189/0x420 [ 19.317830] kmalloc_big_oob_right+0xa9/0x370 [ 19.322190] kunit_try_run_case+0x1a2/0x480 [ 19.326386] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 19.331809] kthread+0x334/0x6f0 [ 19.335043] ret_from_fork+0x113/0x1d0 [ 19.338794] ret_from_fork_asm+0x1a/0x30 [ 19.342720] [ 19.344221] The buggy address belongs to the object at ffff888106afc000 [ 19.344221] which belongs to the cache kmalloc-8k of size 8192 [ 19.356737] The buggy address is located 0 bytes to the right of [ 19.356737] allocated 7936-byte region [ffff888106afc000, ffff888106afdf00) [ 19.369780] [ 19.371278] The buggy address belongs to the physical page: [ 19.376850] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106af8 [ 19.384859] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.392519] flags: 0x200000000000040(head|node=0|zone=2) [ 19.397830] page_type: f5(slab) [ 19.400978] raw: 0200000000000040 ffff888100043180 dead000000000122 0000000000000000 [ 19.408718] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 19.416457] head: 0200000000000040 ffff888100043180 dead000000000122 0000000000000000 [ 19.424283] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 19.432109] head: 0200000000000003 ffffea00041abe01 00000000ffffffff 00000000ffffffff [ 19.439944] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 19.447769] page dumped because: kasan: bad access detected [ 19.453342] [ 19.454839] Memory state around the buggy address: [ 19.459632] ffff888106afde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.466851] ffff888106afde80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.474070] >ffff888106afdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.481290] ^ [ 19.484523] ffff888106afdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.491744] ffff888106afe000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.498969] ==================================================================