Date
June 3, 2025, 7:38 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 18.319382] ================================================================== [ 18.319551] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 18.319642] Write of size 16 at addr fff00000c4473b40 by task kunit_try_catch/166 [ 18.319702] [ 18.319735] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.319831] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.319894] Hardware name: linux,dummy-virt (DT) [ 18.319934] Call trace: [ 18.319957] show_stack+0x20/0x38 (C) [ 18.320006] dump_stack_lvl+0x8c/0xd0 [ 18.320073] print_report+0x118/0x608 [ 18.320121] kasan_report+0xdc/0x128 [ 18.320167] __asan_report_store16_noabort+0x20/0x30 [ 18.320224] kmalloc_oob_16+0x3a0/0x3f8 [ 18.320283] kunit_try_run_case+0x170/0x3f0 [ 18.320330] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.320401] kthread+0x328/0x630 [ 18.320468] ret_from_fork+0x10/0x20 [ 18.320526] [ 18.320549] Allocated by task 166: [ 18.320577] kasan_save_stack+0x3c/0x68 [ 18.320630] kasan_save_track+0x20/0x40 [ 18.320667] kasan_save_alloc_info+0x40/0x58 [ 18.320701] __kasan_kmalloc+0xd4/0xd8 [ 18.320751] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.320789] kmalloc_oob_16+0xb4/0x3f8 [ 18.320828] kunit_try_run_case+0x170/0x3f0 [ 18.320866] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.320907] kthread+0x328/0x630 [ 18.320947] ret_from_fork+0x10/0x20 [ 18.320980] [ 18.320999] The buggy address belongs to the object at fff00000c4473b40 [ 18.320999] which belongs to the cache kmalloc-16 of size 16 [ 18.321063] The buggy address is located 0 bytes inside of [ 18.321063] allocated 13-byte region [fff00000c4473b40, fff00000c4473b4d) [ 18.321122] [ 18.321141] The buggy address belongs to the physical page: [ 18.321188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104473 [ 18.321247] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.321310] page_type: f5(slab) [ 18.321357] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 18.321413] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 18.322008] page dumped because: kasan: bad access detected [ 18.322114] [ 18.322155] Memory state around the buggy address: [ 18.322266] fff00000c4473a00: fa fb fc fc fa fb fc fc 00 02 fc fc fa fb fc fc [ 18.322339] fff00000c4473a80: fa fb fc fc 00 01 fc fc fa fb fc fc fa fb fc fc [ 18.322400] >fff00000c4473b00: fa fb fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc [ 18.322488] ^ [ 18.322543] fff00000c4473b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.322634] fff00000c4473c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.322704] ==================================================================
[ 14.442491] ================================================================== [ 14.443118] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 14.444174] Write of size 16 at addr ffff888101c20600 by task kunit_try_catch/183 [ 14.444937] [ 14.445364] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 14.445487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.445518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.445563] Call Trace: [ 14.445592] <TASK> [ 14.445633] dump_stack_lvl+0x73/0xb0 [ 14.445716] print_report+0xd1/0x650 [ 14.445767] ? __virt_addr_valid+0x1db/0x2d0 [ 14.445816] ? kmalloc_oob_16+0x452/0x4a0 [ 14.445853] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.445882] ? kmalloc_oob_16+0x452/0x4a0 [ 14.445904] kasan_report+0x141/0x180 [ 14.445926] ? kmalloc_oob_16+0x452/0x4a0 [ 14.445953] __asan_report_store16_noabort+0x1b/0x30 [ 14.445974] kmalloc_oob_16+0x452/0x4a0 [ 14.445996] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 14.446020] ? __schedule+0x10cc/0x2b60 [ 14.446046] ? __pfx_read_tsc+0x10/0x10 [ 14.446070] ? ktime_get_ts64+0x86/0x230 [ 14.446098] kunit_try_run_case+0x1a5/0x480 [ 14.446124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.446144] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.446170] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.446195] ? __kthread_parkme+0x82/0x180 [ 14.446218] ? preempt_count_sub+0x50/0x80 [ 14.446243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.446265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.446290] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.446315] kthread+0x337/0x6f0 [ 14.446335] ? trace_preempt_on+0x20/0xc0 [ 14.446361] ? __pfx_kthread+0x10/0x10 [ 14.446383] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.446406] ? calculate_sigpending+0x7b/0xa0 [ 14.446431] ? __pfx_kthread+0x10/0x10 [ 14.446473] ret_from_fork+0x116/0x1d0 [ 14.446531] ? __pfx_kthread+0x10/0x10 [ 14.446555] ret_from_fork_asm+0x1a/0x30 [ 14.446589] </TASK> [ 14.446603] [ 14.459870] Allocated by task 183: [ 14.460299] kasan_save_stack+0x45/0x70 [ 14.462753] kasan_save_track+0x18/0x40 [ 14.463013] kasan_save_alloc_info+0x3b/0x50 [ 14.463207] __kasan_kmalloc+0xb7/0xc0 [ 14.463397] __kmalloc_cache_noprof+0x189/0x420 [ 14.463677] kmalloc_oob_16+0xa8/0x4a0 [ 14.463998] kunit_try_run_case+0x1a5/0x480 [ 14.464299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.466058] kthread+0x337/0x6f0 [ 14.466433] ret_from_fork+0x116/0x1d0 [ 14.466874] ret_from_fork_asm+0x1a/0x30 [ 14.467055] [ 14.467156] The buggy address belongs to the object at ffff888101c20600 [ 14.467156] which belongs to the cache kmalloc-16 of size 16 [ 14.467594] The buggy address is located 0 bytes inside of [ 14.467594] allocated 13-byte region [ffff888101c20600, ffff888101c2060d) [ 14.468085] [ 14.468632] The buggy address belongs to the physical page: [ 14.470055] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c20 [ 14.470841] flags: 0x200000000000000(node=0|zone=2) [ 14.471170] page_type: f5(slab) [ 14.471490] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.472200] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.472551] page dumped because: kasan: bad access detected [ 14.472915] [ 14.473045] Memory state around the buggy address: [ 14.473463] ffff888101c20500: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 14.474838] ffff888101c20580: 00 01 fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 14.475531] >ffff888101c20600: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.477169] ^ [ 14.481786] ffff888101c20680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.482353] ffff888101c20700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.482781] ==================================================================
[ 27.026253] ================================================================== [ 27.036891] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 27.043598] Write of size 16 at addr ffff888100aa5480 by task kunit_try_catch/206 [ 27.051085] [ 27.052588] CPU: 1 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 27.052597] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 27.052600] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 27.052603] Call Trace: [ 27.052605] <TASK> [ 27.052606] dump_stack_lvl+0x73/0xb0 [ 27.052610] print_report+0xd1/0x650 [ 27.052614] ? __virt_addr_valid+0x1db/0x2d0 [ 27.052618] ? kmalloc_oob_16+0x452/0x4a0 [ 27.052622] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.052626] ? kmalloc_oob_16+0x452/0x4a0 [ 27.052630] kasan_report+0x141/0x180 [ 27.052634] ? kmalloc_oob_16+0x452/0x4a0 [ 27.052639] __asan_report_store16_noabort+0x1b/0x30 [ 27.052643] kmalloc_oob_16+0x452/0x4a0 [ 27.052647] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 27.052651] ? __schedule+0x10cc/0x2b60 [ 27.052655] ? ktime_get_ts64+0x83/0x230 [ 27.052659] kunit_try_run_case+0x1a2/0x480 [ 27.052663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.052666] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.052671] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.052675] ? __kthread_parkme+0x82/0x180 [ 27.052679] ? preempt_count_sub+0x50/0x80 [ 27.052683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.052686] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 27.052691] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.052696] kthread+0x334/0x6f0 [ 27.052699] ? trace_preempt_on+0x20/0xc0 [ 27.052703] ? __pfx_kthread+0x10/0x10 [ 27.052707] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.052711] ? calculate_sigpending+0x7b/0xa0 [ 27.052715] ? __pfx_kthread+0x10/0x10 [ 27.052719] ret_from_fork+0x113/0x1d0 [ 27.052722] ? __pfx_kthread+0x10/0x10 [ 27.052726] ret_from_fork_asm+0x1a/0x30 [ 27.052731] </TASK> [ 27.052733] [ 27.217310] Allocated by task 206: [ 27.220715] kasan_save_stack+0x45/0x70 [ 27.224556] kasan_save_track+0x18/0x40 [ 27.228395] kasan_save_alloc_info+0x3b/0x50 [ 27.232692] __kasan_kmalloc+0xb7/0xc0 [ 27.236447] __kmalloc_cache_noprof+0x189/0x420 [ 27.240979] kmalloc_oob_16+0xa8/0x4a0 [ 27.244738] kunit_try_run_case+0x1a2/0x480 [ 27.248926] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 27.254326] kthread+0x334/0x6f0 [ 27.257556] ret_from_fork+0x113/0x1d0 [ 27.261309] ret_from_fork_asm+0x1a/0x30 [ 27.265235] [ 27.266736] The buggy address belongs to the object at ffff888100aa5480 [ 27.266736] which belongs to the cache kmalloc-16 of size 16 [ 27.279078] The buggy address is located 0 bytes inside of [ 27.279078] allocated 13-byte region [ffff888100aa5480, ffff888100aa548d) [ 27.291430] [ 27.292925] The buggy address belongs to the physical page: [ 27.298498] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa5 [ 27.306506] flags: 0x200000000000000(node=0|zone=2) [ 27.311386] page_type: f5(slab) [ 27.314533] raw: 0200000000000000 ffff888100042640 dead000000000122 0000000000000000 [ 27.322281] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 27.330026] page dumped because: kasan: bad access detected [ 27.335598] [ 27.337098] Memory state around the buggy address: [ 27.341893] ffff888100aa5380: fa fb fc fc fa fb fc fc 00 06 fc fc 00 06 fc fc [ 27.349118] ffff888100aa5400: 00 06 fc fc 00 00 fc fc 00 05 fc fc fa fb fc fc [ 27.356338] >ffff888100aa5480: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 27.363584] ^ [ 27.367076] ffff888100aa5500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.374296] ffff888100aa5580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.381515] ==================================================================