Hay
Date
June 3, 2025, 7:38 a.m.

Environment
qemu-arm64
qemu-x86_64
x86

[   18.374121] ==================================================================
[   18.374196] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8
[   18.374250] Write of size 16 at addr fff00000c65b1469 by task kunit_try_catch/178
[   18.374349] 
[   18.374388] CPU: 1 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250603 #1 PREEMPT 
[   18.374495] Tainted: [B]=BAD_PAGE, [N]=TEST
[   18.374536] Hardware name: linux,dummy-virt (DT)
[   18.374566] Call trace:
[   18.374588]  show_stack+0x20/0x38 (C)
[   18.374666]  dump_stack_lvl+0x8c/0xd0
[   18.374817]  print_report+0x118/0x608
[   18.374952]  kasan_report+0xdc/0x128
[   18.375022]  kasan_check_range+0x100/0x1a8
[   18.375088]  __asan_memset+0x34/0x78
[   18.375130]  kmalloc_oob_memset_16+0x150/0x2f8
[   18.375176]  kunit_try_run_case+0x170/0x3f0
[   18.375244]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.375316]  kthread+0x328/0x630
[   18.375392]  ret_from_fork+0x10/0x20
[   18.375457] 
[   18.375475] Allocated by task 178:
[   18.375503]  kasan_save_stack+0x3c/0x68
[   18.375542]  kasan_save_track+0x20/0x40
[   18.375580]  kasan_save_alloc_info+0x40/0x58
[   18.375615]  __kasan_kmalloc+0xd4/0xd8
[   18.375894]  __kmalloc_cache_noprof+0x16c/0x3c0
[   18.376031]  kmalloc_oob_memset_16+0xb0/0x2f8
[   18.376102]  kunit_try_run_case+0x170/0x3f0
[   18.376216]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   18.376259]  kthread+0x328/0x630
[   18.376325]  ret_from_fork+0x10/0x20
[   18.376570] 
[   18.376662] The buggy address belongs to the object at fff00000c65b1400
[   18.376662]  which belongs to the cache kmalloc-128 of size 128
[   18.376769] The buggy address is located 105 bytes inside of
[   18.376769]  allocated 120-byte region [fff00000c65b1400, fff00000c65b1478)
[   18.376900] 
[   18.376956] The buggy address belongs to the physical page:
[   18.376988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b1
[   18.377219] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   18.377334] page_type: f5(slab)
[   18.377471] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   18.377558] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   18.377825] page dumped because: kasan: bad access detected
[   18.377862] 
[   18.377880] Memory state around the buggy address:
[   18.377965]  fff00000c65b1300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   18.378048]  fff00000c65b1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.378119] >fff00000c65b1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   18.378198]                                                                 ^
[   18.378291]  fff00000c65b1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.378349]  fff00000c65b1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   18.378400] ==================================================================


[   14.709568] ==================================================================
[   14.710346] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330
[   14.711381] Write of size 16 at addr ffff888103324d69 by task kunit_try_catch/195
[   14.711766] 
[   14.712228] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G    B            N  6.15.0-next-20250603 #1 PREEMPT(voluntary) 
[   14.712349] Tainted: [B]=BAD_PAGE, [N]=TEST
[   14.712375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   14.712420] Call Trace:
[   14.712452]  <TASK>
[   14.712504]  dump_stack_lvl+0x73/0xb0
[   14.712578]  print_report+0xd1/0x650
[   14.712623]  ? __virt_addr_valid+0x1db/0x2d0
[   14.712668]  ? kmalloc_oob_memset_16+0x166/0x330
[   14.712716]  ? kasan_complete_mode_report_info+0x2a/0x200
[   14.712765]  ? kmalloc_oob_memset_16+0x166/0x330
[   14.712815]  kasan_report+0x141/0x180
[   14.712856]  ? kmalloc_oob_memset_16+0x166/0x330
[   14.712901]  kasan_check_range+0x10c/0x1c0
[   14.712940]  __asan_memset+0x27/0x50
[   14.712975]  kmalloc_oob_memset_16+0x166/0x330
[   14.713033]  ? __pfx_kmalloc_oob_memset_16+0x10/0x10
[   14.713081]  ? __schedule+0x10cc/0x2b60
[   14.713155]  ? __pfx_read_tsc+0x10/0x10
[   14.713235]  ? ktime_get_ts64+0x86/0x230
[   14.713298]  kunit_try_run_case+0x1a5/0x480
[   14.713351]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.713396]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   14.713443]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   14.713498]  ? __kthread_parkme+0x82/0x180
[   14.713523]  ? preempt_count_sub+0x50/0x80
[   14.713550]  ? __pfx_kunit_try_run_case+0x10/0x10
[   14.713572]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.713599]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   14.713625]  kthread+0x337/0x6f0
[   14.713646]  ? trace_preempt_on+0x20/0xc0
[   14.713672]  ? __pfx_kthread+0x10/0x10
[   14.713807]  ? _raw_spin_unlock_irq+0x47/0x80
[   14.713837]  ? calculate_sigpending+0x7b/0xa0
[   14.713863]  ? __pfx_kthread+0x10/0x10
[   14.713885]  ret_from_fork+0x116/0x1d0
[   14.713906]  ? __pfx_kthread+0x10/0x10
[   14.713927]  ret_from_fork_asm+0x1a/0x30
[   14.713960]  </TASK>
[   14.713973] 
[   14.728618] Allocated by task 195:
[   14.729203]  kasan_save_stack+0x45/0x70
[   14.729603]  kasan_save_track+0x18/0x40
[   14.730132]  kasan_save_alloc_info+0x3b/0x50
[   14.730618]  __kasan_kmalloc+0xb7/0xc0
[   14.731516]  __kmalloc_cache_noprof+0x189/0x420
[   14.732001]  kmalloc_oob_memset_16+0xac/0x330
[   14.732882]  kunit_try_run_case+0x1a5/0x480
[   14.733144]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   14.733364]  kthread+0x337/0x6f0
[   14.734124]  ret_from_fork+0x116/0x1d0
[   14.734710]  ret_from_fork_asm+0x1a/0x30
[   14.735047] 
[   14.735182] The buggy address belongs to the object at ffff888103324d00
[   14.735182]  which belongs to the cache kmalloc-128 of size 128
[   14.735887] The buggy address is located 105 bytes inside of
[   14.735887]  allocated 120-byte region [ffff888103324d00, ffff888103324d78)
[   14.736971] 
[   14.737267] The buggy address belongs to the physical page:
[   14.737642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103324
[   14.738160] flags: 0x200000000000000(node=0|zone=2)
[   14.738548] page_type: f5(slab)
[   14.738911] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   14.739372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   14.739627] page dumped because: kasan: bad access detected
[   14.740111] 
[   14.740345] Memory state around the buggy address:
[   14.740799]  ffff888103324c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   14.741317]  ffff888103324c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.741657] >ffff888103324d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   14.741916]                                                                 ^
[   14.742169]  ffff888103324d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.742410]  ffff888103324e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   14.742671] ==================================================================


[   29.297342] ==================================================================
[   29.308697] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330
[   29.316011] Write of size 16 at addr ffff888106106d69 by task kunit_try_catch/218
[   29.323498] 
[   29.324999] CPU: 0 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G S  B            N  6.15.0-next-20250603 #1 PREEMPT(voluntary) 
[   29.325007] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST
[   29.325010] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021
[   29.325013] Call Trace:
[   29.325015]  <TASK>
[   29.325017]  dump_stack_lvl+0x73/0xb0
[   29.325020]  print_report+0xd1/0x650
[   29.325024]  ? __virt_addr_valid+0x1db/0x2d0
[   29.325028]  ? kmalloc_oob_memset_16+0x166/0x330
[   29.325032]  ? kasan_complete_mode_report_info+0x2a/0x200
[   29.325036]  ? kmalloc_oob_memset_16+0x166/0x330
[   29.325040]  kasan_report+0x141/0x180
[   29.325044]  ? kmalloc_oob_memset_16+0x166/0x330
[   29.325049]  kasan_check_range+0x10c/0x1c0
[   29.325054]  __asan_memset+0x27/0x50
[   29.325057]  kmalloc_oob_memset_16+0x166/0x330
[   29.325061]  ? __pfx_kmalloc_oob_memset_16+0x10/0x10
[   29.325066]  ? __schedule+0x10cc/0x2b60
[   29.325070]  ? ktime_get_ts64+0x83/0x230
[   29.325074]  kunit_try_run_case+0x1a2/0x480
[   29.325078]  ? __pfx_kunit_try_run_case+0x10/0x10
[   29.325081]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   29.325086]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   29.325090]  ? __kthread_parkme+0x82/0x180
[   29.325094]  ? preempt_count_sub+0x50/0x80
[   29.325098]  ? __pfx_kunit_try_run_case+0x10/0x10
[   29.325101]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   29.325106]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   29.325110]  kthread+0x334/0x6f0
[   29.325114]  ? trace_preempt_on+0x20/0xc0
[   29.325118]  ? __pfx_kthread+0x10/0x10
[   29.325121]  ? _raw_spin_unlock_irq+0x47/0x80
[   29.325126]  ? calculate_sigpending+0x7b/0xa0
[   29.325130]  ? __pfx_kthread+0x10/0x10
[   29.325134]  ret_from_fork+0x113/0x1d0
[   29.325137]  ? __pfx_kthread+0x10/0x10
[   29.325141]  ret_from_fork_asm+0x1a/0x30
[   29.325146]  </TASK>
[   29.325148] 
[   29.495415] Allocated by task 218:
[   29.498823]  kasan_save_stack+0x45/0x70
[   29.502661]  kasan_save_track+0x18/0x40
[   29.506502]  kasan_save_alloc_info+0x3b/0x50
[   29.510774]  __kasan_kmalloc+0xb7/0xc0
[   29.514525]  __kmalloc_cache_noprof+0x189/0x420
[   29.519058]  kmalloc_oob_memset_16+0xac/0x330
[   29.523418]  kunit_try_run_case+0x1a2/0x480
[   29.527604]  kunit_generic_run_threadfn_adapter+0x82/0xf0
[   29.533003]  kthread+0x334/0x6f0
[   29.536236]  ret_from_fork+0x113/0x1d0
[   29.539988]  ret_from_fork_asm+0x1a/0x30
[   29.543914] 
[   29.545414] The buggy address belongs to the object at ffff888106106d00
[   29.545414]  which belongs to the cache kmalloc-128 of size 128
[   29.557928] The buggy address is located 105 bytes inside of
[   29.557928]  allocated 120-byte region [ffff888106106d00, ffff888106106d78)
[   29.570530] 
[   29.572027] The buggy address belongs to the physical page:
[   29.577602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106106
[   29.585608] flags: 0x200000000000000(node=0|zone=2)
[   29.590489] page_type: f5(slab)
[   29.593637] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000
[   29.601399] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   29.609147] page dumped because: kasan: bad access detected
[   29.614719] 
[   29.616219] Memory state around the buggy address:
[   29.621011]  ffff888106106c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   29.628231]  ffff888106106c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.635452] >ffff888106106d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
[   29.642669]                                                                 ^
[   29.649803]  ffff888106106d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.657029]  ffff888106106e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   29.664248] ==================================================================