Date
June 3, 2025, 7:38 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 18.339095] ================================================================== [ 18.339152] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 18.339205] Write of size 128 at addr fff00000c65b1000 by task kunit_try_catch/170 [ 18.339254] [ 18.339287] CPU: 1 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.339542] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.339622] Hardware name: linux,dummy-virt (DT) [ 18.339726] Call trace: [ 18.339777] show_stack+0x20/0x38 (C) [ 18.339904] dump_stack_lvl+0x8c/0xd0 [ 18.339968] print_report+0x118/0x608 [ 18.340016] kasan_report+0xdc/0x128 [ 18.340061] kasan_check_range+0x100/0x1a8 [ 18.340109] __asan_memset+0x34/0x78 [ 18.340150] kmalloc_oob_in_memset+0x144/0x2d0 [ 18.340221] kunit_try_run_case+0x170/0x3f0 [ 18.340270] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.340323] kthread+0x328/0x630 [ 18.340368] ret_from_fork+0x10/0x20 [ 18.340534] [ 18.340597] Allocated by task 170: [ 18.340707] kasan_save_stack+0x3c/0x68 [ 18.340778] kasan_save_track+0x20/0x40 [ 18.340823] kasan_save_alloc_info+0x40/0x58 [ 18.340859] __kasan_kmalloc+0xd4/0xd8 [ 18.340895] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.340934] kmalloc_oob_in_memset+0xb0/0x2d0 [ 18.340970] kunit_try_run_case+0x170/0x3f0 [ 18.341008] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.341050] kthread+0x328/0x630 [ 18.341083] ret_from_fork+0x10/0x20 [ 18.341133] [ 18.341154] The buggy address belongs to the object at fff00000c65b1000 [ 18.341154] which belongs to the cache kmalloc-128 of size 128 [ 18.341216] The buggy address is located 0 bytes inside of [ 18.341216] allocated 120-byte region [fff00000c65b1000, fff00000c65b1078) [ 18.341284] [ 18.341303] The buggy address belongs to the physical page: [ 18.341334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b1 [ 18.341382] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.341450] page_type: f5(slab) [ 18.341487] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.341545] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.341583] page dumped because: kasan: bad access detected [ 18.341615] [ 18.341645] Memory state around the buggy address: [ 18.341685] fff00000c65b0f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.341725] fff00000c65b0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.341767] >fff00000c65b1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.341803] ^ [ 18.341843] fff00000c65b1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.341891] fff00000c65b1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.341929] ==================================================================
[ 14.543322] ================================================================== [ 14.544043] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 14.544484] Write of size 128 at addr ffff888103324c00 by task kunit_try_catch/187 [ 14.544949] [ 14.545150] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 14.545247] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.545271] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.545384] Call Trace: [ 14.545416] <TASK> [ 14.545507] dump_stack_lvl+0x73/0xb0 [ 14.545582] print_report+0xd1/0x650 [ 14.545628] ? __virt_addr_valid+0x1db/0x2d0 [ 14.545677] ? kmalloc_oob_in_memset+0x15f/0x320 [ 14.545716] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.545762] ? kmalloc_oob_in_memset+0x15f/0x320 [ 14.545807] kasan_report+0x141/0x180 [ 14.545852] ? kmalloc_oob_in_memset+0x15f/0x320 [ 14.545911] kasan_check_range+0x10c/0x1c0 [ 14.545963] __asan_memset+0x27/0x50 [ 14.546008] kmalloc_oob_in_memset+0x15f/0x320 [ 14.546059] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 14.546111] ? __schedule+0x10cc/0x2b60 [ 14.546164] ? __pfx_read_tsc+0x10/0x10 [ 14.546213] ? ktime_get_ts64+0x86/0x230 [ 14.546264] kunit_try_run_case+0x1a5/0x480 [ 14.546305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.546344] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.546392] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.546479] ? __kthread_parkme+0x82/0x180 [ 14.546522] ? preempt_count_sub+0x50/0x80 [ 14.546563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.546597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.546639] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.546678] kthread+0x337/0x6f0 [ 14.546714] ? trace_preempt_on+0x20/0xc0 [ 14.546759] ? __pfx_kthread+0x10/0x10 [ 14.546797] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.546841] ? calculate_sigpending+0x7b/0xa0 [ 14.546892] ? __pfx_kthread+0x10/0x10 [ 14.546925] ret_from_fork+0x116/0x1d0 [ 14.546947] ? __pfx_kthread+0x10/0x10 [ 14.546969] ret_from_fork_asm+0x1a/0x30 [ 14.547004] </TASK> [ 14.547018] [ 14.560832] Allocated by task 187: [ 14.561415] kasan_save_stack+0x45/0x70 [ 14.561768] kasan_save_track+0x18/0x40 [ 14.562128] kasan_save_alloc_info+0x3b/0x50 [ 14.562536] __kasan_kmalloc+0xb7/0xc0 [ 14.562734] __kmalloc_cache_noprof+0x189/0x420 [ 14.563260] kmalloc_oob_in_memset+0xac/0x320 [ 14.563792] kunit_try_run_case+0x1a5/0x480 [ 14.564174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.565229] kthread+0x337/0x6f0 [ 14.565496] ret_from_fork+0x116/0x1d0 [ 14.566021] ret_from_fork_asm+0x1a/0x30 [ 14.566570] [ 14.566905] The buggy address belongs to the object at ffff888103324c00 [ 14.566905] which belongs to the cache kmalloc-128 of size 128 [ 14.567937] The buggy address is located 0 bytes inside of [ 14.567937] allocated 120-byte region [ffff888103324c00, ffff888103324c78) [ 14.569090] [ 14.569228] The buggy address belongs to the physical page: [ 14.569699] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103324 [ 14.570453] flags: 0x200000000000000(node=0|zone=2) [ 14.570776] page_type: f5(slab) [ 14.570976] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.571467] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.572258] page dumped because: kasan: bad access detected [ 14.572866] [ 14.573097] Memory state around the buggy address: [ 14.573481] ffff888103324b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.574145] ffff888103324b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.574666] >ffff888103324c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.575404] ^ [ 14.576516] ffff888103324c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.576991] ffff888103324d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.577654] ==================================================================
[ 27.802140] ================================================================== [ 27.812950] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 27.820258] Write of size 128 at addr ffff888100add700 by task kunit_try_catch/210 [ 27.827832] [ 27.829331] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 27.829353] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 27.829356] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 27.829360] Call Trace: [ 27.829361] <TASK> [ 27.829363] dump_stack_lvl+0x73/0xb0 [ 27.829367] print_report+0xd1/0x650 [ 27.829371] ? __virt_addr_valid+0x1db/0x2d0 [ 27.829375] ? kmalloc_oob_in_memset+0x15f/0x320 [ 27.829379] ? kasan_complete_mode_report_info+0x2a/0x200 [ 27.829396] ? kmalloc_oob_in_memset+0x15f/0x320 [ 27.829400] kasan_report+0x141/0x180 [ 27.829404] ? kmalloc_oob_in_memset+0x15f/0x320 [ 27.829409] kasan_check_range+0x10c/0x1c0 [ 27.829413] __asan_memset+0x27/0x50 [ 27.829417] kmalloc_oob_in_memset+0x15f/0x320 [ 27.829421] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 27.829425] ? __schedule+0x10cc/0x2b60 [ 27.829430] ? ktime_get_ts64+0x83/0x230 [ 27.829434] kunit_try_run_case+0x1a2/0x480 [ 27.829438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.829441] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 27.829445] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 27.829450] ? __kthread_parkme+0x82/0x180 [ 27.829453] ? preempt_count_sub+0x50/0x80 [ 27.829458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 27.829461] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 27.829466] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 27.829470] kthread+0x334/0x6f0 [ 27.829473] ? trace_preempt_on+0x20/0xc0 [ 27.829478] ? __pfx_kthread+0x10/0x10 [ 27.829481] ? _raw_spin_unlock_irq+0x47/0x80 [ 27.829485] ? calculate_sigpending+0x7b/0xa0 [ 27.829490] ? __pfx_kthread+0x10/0x10 [ 27.829494] ret_from_fork+0x113/0x1d0 [ 27.829497] ? __pfx_kthread+0x10/0x10 [ 27.829500] ret_from_fork_asm+0x1a/0x30 [ 27.829506] </TASK> [ 27.829508] [ 27.999759] Allocated by task 210: [ 28.003162] kasan_save_stack+0x45/0x70 [ 28.007004] kasan_save_track+0x18/0x40 [ 28.010843] kasan_save_alloc_info+0x3b/0x50 [ 28.015115] __kasan_kmalloc+0xb7/0xc0 [ 28.018868] __kmalloc_cache_noprof+0x189/0x420 [ 28.023413] kmalloc_oob_in_memset+0xac/0x320 [ 28.027787] kunit_try_run_case+0x1a2/0x480 [ 28.031969] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 28.037372] kthread+0x334/0x6f0 [ 28.040629] ret_from_fork+0x113/0x1d0 [ 28.044404] ret_from_fork_asm+0x1a/0x30 [ 28.048332] [ 28.049850] The buggy address belongs to the object at ffff888100add700 [ 28.049850] which belongs to the cache kmalloc-128 of size 128 [ 28.062372] The buggy address is located 0 bytes inside of [ 28.062372] allocated 120-byte region [ffff888100add700, ffff888100add778) [ 28.074802] [ 28.076299] The buggy address belongs to the physical page: [ 28.081874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100add [ 28.089882] flags: 0x200000000000000(node=0|zone=2) [ 28.094769] page_type: f5(slab) [ 28.097916] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 28.105665] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.113411] page dumped because: kasan: bad access detected [ 28.118982] [ 28.120482] Memory state around the buggy address: [ 28.125274] ffff888100add600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.132495] ffff888100add680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.139713] >ffff888100add700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.146932] ^ [ 28.154065] ffff888100add780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.161283] ffff888100add800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.168502] ==================================================================