Date
June 3, 2025, 7:38 a.m.
Environment | |
---|---|
qemu-arm64 | |
qemu-x86_64 | |
x86 |
[ 18.374121] ================================================================== [ 18.374196] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 18.374250] Write of size 16 at addr fff00000c65b1469 by task kunit_try_catch/178 [ 18.374349] [ 18.374388] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.374495] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.374536] Hardware name: linux,dummy-virt (DT) [ 18.374566] Call trace: [ 18.374588] show_stack+0x20/0x38 (C) [ 18.374666] dump_stack_lvl+0x8c/0xd0 [ 18.374817] print_report+0x118/0x608 [ 18.374952] kasan_report+0xdc/0x128 [ 18.375022] kasan_check_range+0x100/0x1a8 [ 18.375088] __asan_memset+0x34/0x78 [ 18.375130] kmalloc_oob_memset_16+0x150/0x2f8 [ 18.375176] kunit_try_run_case+0x170/0x3f0 [ 18.375244] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.375316] kthread+0x328/0x630 [ 18.375392] ret_from_fork+0x10/0x20 [ 18.375457] [ 18.375475] Allocated by task 178: [ 18.375503] kasan_save_stack+0x3c/0x68 [ 18.375542] kasan_save_track+0x20/0x40 [ 18.375580] kasan_save_alloc_info+0x40/0x58 [ 18.375615] __kasan_kmalloc+0xd4/0xd8 [ 18.375894] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.376031] kmalloc_oob_memset_16+0xb0/0x2f8 [ 18.376102] kunit_try_run_case+0x170/0x3f0 [ 18.376216] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.376259] kthread+0x328/0x630 [ 18.376325] ret_from_fork+0x10/0x20 [ 18.376570] [ 18.376662] The buggy address belongs to the object at fff00000c65b1400 [ 18.376662] which belongs to the cache kmalloc-128 of size 128 [ 18.376769] The buggy address is located 105 bytes inside of [ 18.376769] allocated 120-byte region [fff00000c65b1400, fff00000c65b1478) [ 18.376900] [ 18.376956] The buggy address belongs to the physical page: [ 18.376988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b1 [ 18.377219] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.377334] page_type: f5(slab) [ 18.377471] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.377558] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.377825] page dumped because: kasan: bad access detected [ 18.377862] [ 18.377880] Memory state around the buggy address: [ 18.377965] fff00000c65b1300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.378048] fff00000c65b1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.378119] >fff00000c65b1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.378198] ^ [ 18.378291] fff00000c65b1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.378349] fff00000c65b1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.378400] ==================================================================
[ 14.709568] ================================================================== [ 14.710346] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 14.711381] Write of size 16 at addr ffff888103324d69 by task kunit_try_catch/195 [ 14.711766] [ 14.712228] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 14.712349] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.712375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.712420] Call Trace: [ 14.712452] <TASK> [ 14.712504] dump_stack_lvl+0x73/0xb0 [ 14.712578] print_report+0xd1/0x650 [ 14.712623] ? __virt_addr_valid+0x1db/0x2d0 [ 14.712668] ? kmalloc_oob_memset_16+0x166/0x330 [ 14.712716] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.712765] ? kmalloc_oob_memset_16+0x166/0x330 [ 14.712815] kasan_report+0x141/0x180 [ 14.712856] ? kmalloc_oob_memset_16+0x166/0x330 [ 14.712901] kasan_check_range+0x10c/0x1c0 [ 14.712940] __asan_memset+0x27/0x50 [ 14.712975] kmalloc_oob_memset_16+0x166/0x330 [ 14.713033] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 14.713081] ? __schedule+0x10cc/0x2b60 [ 14.713155] ? __pfx_read_tsc+0x10/0x10 [ 14.713235] ? ktime_get_ts64+0x86/0x230 [ 14.713298] kunit_try_run_case+0x1a5/0x480 [ 14.713351] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.713396] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.713443] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.713498] ? __kthread_parkme+0x82/0x180 [ 14.713523] ? preempt_count_sub+0x50/0x80 [ 14.713550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.713572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.713599] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.713625] kthread+0x337/0x6f0 [ 14.713646] ? trace_preempt_on+0x20/0xc0 [ 14.713672] ? __pfx_kthread+0x10/0x10 [ 14.713807] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.713837] ? calculate_sigpending+0x7b/0xa0 [ 14.713863] ? __pfx_kthread+0x10/0x10 [ 14.713885] ret_from_fork+0x116/0x1d0 [ 14.713906] ? __pfx_kthread+0x10/0x10 [ 14.713927] ret_from_fork_asm+0x1a/0x30 [ 14.713960] </TASK> [ 14.713973] [ 14.728618] Allocated by task 195: [ 14.729203] kasan_save_stack+0x45/0x70 [ 14.729603] kasan_save_track+0x18/0x40 [ 14.730132] kasan_save_alloc_info+0x3b/0x50 [ 14.730618] __kasan_kmalloc+0xb7/0xc0 [ 14.731516] __kmalloc_cache_noprof+0x189/0x420 [ 14.732001] kmalloc_oob_memset_16+0xac/0x330 [ 14.732882] kunit_try_run_case+0x1a5/0x480 [ 14.733144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.733364] kthread+0x337/0x6f0 [ 14.734124] ret_from_fork+0x116/0x1d0 [ 14.734710] ret_from_fork_asm+0x1a/0x30 [ 14.735047] [ 14.735182] The buggy address belongs to the object at ffff888103324d00 [ 14.735182] which belongs to the cache kmalloc-128 of size 128 [ 14.735887] The buggy address is located 105 bytes inside of [ 14.735887] allocated 120-byte region [ffff888103324d00, ffff888103324d78) [ 14.736971] [ 14.737267] The buggy address belongs to the physical page: [ 14.737642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103324 [ 14.738160] flags: 0x200000000000000(node=0|zone=2) [ 14.738548] page_type: f5(slab) [ 14.738911] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.739372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.739627] page dumped because: kasan: bad access detected [ 14.740111] [ 14.740345] Memory state around the buggy address: [ 14.740799] ffff888103324c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.741317] ffff888103324c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.741657] >ffff888103324d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.741916] ^ [ 14.742169] ffff888103324d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.742410] ffff888103324e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.742671] ==================================================================
[ 29.297342] ================================================================== [ 29.308697] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 29.316011] Write of size 16 at addr ffff888106106d69 by task kunit_try_catch/218 [ 29.323498] [ 29.324999] CPU: 0 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 29.325007] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 29.325010] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 29.325013] Call Trace: [ 29.325015] <TASK> [ 29.325017] dump_stack_lvl+0x73/0xb0 [ 29.325020] print_report+0xd1/0x650 [ 29.325024] ? __virt_addr_valid+0x1db/0x2d0 [ 29.325028] ? kmalloc_oob_memset_16+0x166/0x330 [ 29.325032] ? kasan_complete_mode_report_info+0x2a/0x200 [ 29.325036] ? kmalloc_oob_memset_16+0x166/0x330 [ 29.325040] kasan_report+0x141/0x180 [ 29.325044] ? kmalloc_oob_memset_16+0x166/0x330 [ 29.325049] kasan_check_range+0x10c/0x1c0 [ 29.325054] __asan_memset+0x27/0x50 [ 29.325057] kmalloc_oob_memset_16+0x166/0x330 [ 29.325061] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 29.325066] ? __schedule+0x10cc/0x2b60 [ 29.325070] ? ktime_get_ts64+0x83/0x230 [ 29.325074] kunit_try_run_case+0x1a2/0x480 [ 29.325078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.325081] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 29.325086] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 29.325090] ? __kthread_parkme+0x82/0x180 [ 29.325094] ? preempt_count_sub+0x50/0x80 [ 29.325098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 29.325101] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 29.325106] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 29.325110] kthread+0x334/0x6f0 [ 29.325114] ? trace_preempt_on+0x20/0xc0 [ 29.325118] ? __pfx_kthread+0x10/0x10 [ 29.325121] ? _raw_spin_unlock_irq+0x47/0x80 [ 29.325126] ? calculate_sigpending+0x7b/0xa0 [ 29.325130] ? __pfx_kthread+0x10/0x10 [ 29.325134] ret_from_fork+0x113/0x1d0 [ 29.325137] ? __pfx_kthread+0x10/0x10 [ 29.325141] ret_from_fork_asm+0x1a/0x30 [ 29.325146] </TASK> [ 29.325148] [ 29.495415] Allocated by task 218: [ 29.498823] kasan_save_stack+0x45/0x70 [ 29.502661] kasan_save_track+0x18/0x40 [ 29.506502] kasan_save_alloc_info+0x3b/0x50 [ 29.510774] __kasan_kmalloc+0xb7/0xc0 [ 29.514525] __kmalloc_cache_noprof+0x189/0x420 [ 29.519058] kmalloc_oob_memset_16+0xac/0x330 [ 29.523418] kunit_try_run_case+0x1a2/0x480 [ 29.527604] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 29.533003] kthread+0x334/0x6f0 [ 29.536236] ret_from_fork+0x113/0x1d0 [ 29.539988] ret_from_fork_asm+0x1a/0x30 [ 29.543914] [ 29.545414] The buggy address belongs to the object at ffff888106106d00 [ 29.545414] which belongs to the cache kmalloc-128 of size 128 [ 29.557928] The buggy address is located 105 bytes inside of [ 29.557928] allocated 120-byte region [ffff888106106d00, ffff888106106d78) [ 29.570530] [ 29.572027] The buggy address belongs to the physical page: [ 29.577602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106106 [ 29.585608] flags: 0x200000000000000(node=0|zone=2) [ 29.590489] page_type: f5(slab) [ 29.593637] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 29.601399] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 29.609147] page dumped because: kasan: bad access detected [ 29.614719] [ 29.616219] Memory state around the buggy address: [ 29.621011] ffff888106106c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 29.628231] ffff888106106c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.635452] >ffff888106106d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 29.642669] ^ [ 29.649803] ffff888106106d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.657029] ffff888106106e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 29.664248] ==================================================================