Date
June 3, 2025, 7:38 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 18.346930] ================================================================== [ 18.347017] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 18.347071] Write of size 2 at addr fff00000c65b1177 by task kunit_try_catch/172 [ 18.347339] [ 18.347472] CPU: 1 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.347601] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.347651] Hardware name: linux,dummy-virt (DT) [ 18.347743] Call trace: [ 18.347812] show_stack+0x20/0x38 (C) [ 18.347932] dump_stack_lvl+0x8c/0xd0 [ 18.348045] print_report+0x118/0x608 [ 18.348159] kasan_report+0xdc/0x128 [ 18.348260] kasan_check_range+0x100/0x1a8 [ 18.348309] __asan_memset+0x34/0x78 [ 18.348377] kmalloc_oob_memset_2+0x150/0x2f8 [ 18.348434] kunit_try_run_case+0x170/0x3f0 [ 18.348685] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.348780] kthread+0x328/0x630 [ 18.348900] ret_from_fork+0x10/0x20 [ 18.348968] [ 18.348998] Allocated by task 172: [ 18.349263] kasan_save_stack+0x3c/0x68 [ 18.349360] kasan_save_track+0x20/0x40 [ 18.349462] kasan_save_alloc_info+0x40/0x58 [ 18.349585] __kasan_kmalloc+0xd4/0xd8 [ 18.349656] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.349758] kmalloc_oob_memset_2+0xb0/0x2f8 [ 18.349868] kunit_try_run_case+0x170/0x3f0 [ 18.349985] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.350084] kthread+0x328/0x630 [ 18.350221] ret_from_fork+0x10/0x20 [ 18.350312] [ 18.350415] The buggy address belongs to the object at fff00000c65b1100 [ 18.350415] which belongs to the cache kmalloc-128 of size 128 [ 18.350522] The buggy address is located 119 bytes inside of [ 18.350522] allocated 120-byte region [fff00000c65b1100, fff00000c65b1178) [ 18.350867] [ 18.350930] The buggy address belongs to the physical page: [ 18.350992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b1 [ 18.351043] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.351125] page_type: f5(slab) [ 18.351250] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.351341] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.351500] page dumped because: kasan: bad access detected [ 18.351634] [ 18.351728] Memory state around the buggy address: [ 18.351771] fff00000c65b1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.351839] fff00000c65b1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.351880] >fff00000c65b1100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.351935] ^ [ 18.351974] fff00000c65b1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.352014] fff00000c65b1200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.352050] ==================================================================
[ 14.585116] ================================================================== [ 14.585706] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 14.586903] Write of size 2 at addr ffff88810335de77 by task kunit_try_catch/189 [ 14.587486] [ 14.588193] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 14.588540] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.588564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.588591] Call Trace: [ 14.588609] <TASK> [ 14.588637] dump_stack_lvl+0x73/0xb0 [ 14.588705] print_report+0xd1/0x650 [ 14.588780] ? __virt_addr_valid+0x1db/0x2d0 [ 14.588824] ? kmalloc_oob_memset_2+0x166/0x330 [ 14.588861] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.588900] ? kmalloc_oob_memset_2+0x166/0x330 [ 14.588935] kasan_report+0x141/0x180 [ 14.588961] ? kmalloc_oob_memset_2+0x166/0x330 [ 14.588990] kasan_check_range+0x10c/0x1c0 [ 14.589017] __asan_memset+0x27/0x50 [ 14.589039] kmalloc_oob_memset_2+0x166/0x330 [ 14.589065] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 14.589092] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 14.589121] kunit_try_run_case+0x1a5/0x480 [ 14.589146] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.589167] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.589208] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.589255] ? __kthread_parkme+0x82/0x180 [ 14.589281] ? preempt_count_sub+0x50/0x80 [ 14.589307] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.589330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.589357] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.589383] kthread+0x337/0x6f0 [ 14.589405] ? trace_preempt_on+0x20/0xc0 [ 14.589432] ? __pfx_kthread+0x10/0x10 [ 14.589470] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.589500] ? calculate_sigpending+0x7b/0xa0 [ 14.589528] ? __pfx_kthread+0x10/0x10 [ 14.589551] ret_from_fork+0x116/0x1d0 [ 14.589575] ? __pfx_kthread+0x10/0x10 [ 14.589598] ret_from_fork_asm+0x1a/0x30 [ 14.589633] </TASK> [ 14.589647] [ 14.604565] Allocated by task 189: [ 14.605103] kasan_save_stack+0x45/0x70 [ 14.605571] kasan_save_track+0x18/0x40 [ 14.605820] kasan_save_alloc_info+0x3b/0x50 [ 14.606376] __kasan_kmalloc+0xb7/0xc0 [ 14.606888] __kmalloc_cache_noprof+0x189/0x420 [ 14.607111] kmalloc_oob_memset_2+0xac/0x330 [ 14.607339] kunit_try_run_case+0x1a5/0x480 [ 14.608285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.609042] kthread+0x337/0x6f0 [ 14.609364] ret_from_fork+0x116/0x1d0 [ 14.609825] ret_from_fork_asm+0x1a/0x30 [ 14.610051] [ 14.610444] The buggy address belongs to the object at ffff88810335de00 [ 14.610444] which belongs to the cache kmalloc-128 of size 128 [ 14.611278] The buggy address is located 119 bytes inside of [ 14.611278] allocated 120-byte region [ffff88810335de00, ffff88810335de78) [ 14.612356] [ 14.612951] The buggy address belongs to the physical page: [ 14.613441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10335d [ 14.614272] flags: 0x200000000000000(node=0|zone=2) [ 14.614635] page_type: f5(slab) [ 14.615126] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.615582] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.616411] page dumped because: kasan: bad access detected [ 14.617038] [ 14.617160] Memory state around the buggy address: [ 14.617624] ffff88810335dd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.619296] ffff88810335dd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.619810] >ffff88810335de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.620309] ^ [ 14.620748] ffff88810335de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.621082] ffff88810335df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.622065] ==================================================================
[ 28.176032] ================================================================== [ 28.187439] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 28.194658] Write of size 2 at addr ffff888100add877 by task kunit_try_catch/212 [ 28.202050] [ 28.203553] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 28.203562] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 28.203564] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 28.203568] Call Trace: [ 28.203569] <TASK> [ 28.203571] dump_stack_lvl+0x73/0xb0 [ 28.203574] print_report+0xd1/0x650 [ 28.203578] ? __virt_addr_valid+0x1db/0x2d0 [ 28.203582] ? kmalloc_oob_memset_2+0x166/0x330 [ 28.203586] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.203590] ? kmalloc_oob_memset_2+0x166/0x330 [ 28.203594] kasan_report+0x141/0x180 [ 28.203598] ? kmalloc_oob_memset_2+0x166/0x330 [ 28.203603] kasan_check_range+0x10c/0x1c0 [ 28.203608] __asan_memset+0x27/0x50 [ 28.203611] kmalloc_oob_memset_2+0x166/0x330 [ 28.203615] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 28.203619] ? __schedule+0x10cc/0x2b60 [ 28.203624] ? ktime_get_ts64+0x83/0x230 [ 28.203628] kunit_try_run_case+0x1a2/0x480 [ 28.203631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.203635] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.203639] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.203644] ? __kthread_parkme+0x82/0x180 [ 28.203647] ? preempt_count_sub+0x50/0x80 [ 28.203651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.203655] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 28.203659] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.203664] kthread+0x334/0x6f0 [ 28.203667] ? trace_preempt_on+0x20/0xc0 [ 28.203671] ? __pfx_kthread+0x10/0x10 [ 28.203675] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.203679] ? calculate_sigpending+0x7b/0xa0 [ 28.203683] ? __pfx_kthread+0x10/0x10 [ 28.203687] ret_from_fork+0x113/0x1d0 [ 28.203690] ? __pfx_kthread+0x10/0x10 [ 28.203694] ret_from_fork_asm+0x1a/0x30 [ 28.203700] </TASK> [ 28.203701] [ 28.373528] Allocated by task 212: [ 28.376933] kasan_save_stack+0x45/0x70 [ 28.380773] kasan_save_track+0x18/0x40 [ 28.384612] kasan_save_alloc_info+0x3b/0x50 [ 28.388885] __kasan_kmalloc+0xb7/0xc0 [ 28.392638] __kmalloc_cache_noprof+0x189/0x420 [ 28.397171] kmalloc_oob_memset_2+0xac/0x330 [ 28.401451] kunit_try_run_case+0x1a2/0x480 [ 28.405636] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 28.411037] kthread+0x334/0x6f0 [ 28.414269] ret_from_fork+0x113/0x1d0 [ 28.418021] ret_from_fork_asm+0x1a/0x30 [ 28.421945] [ 28.423438] The buggy address belongs to the object at ffff888100add800 [ 28.423438] which belongs to the cache kmalloc-128 of size 128 [ 28.435952] The buggy address is located 119 bytes inside of [ 28.435952] allocated 120-byte region [ffff888100add800, ffff888100add878) [ 28.448554] [ 28.450054] The buggy address belongs to the physical page: [ 28.455624] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100add [ 28.463626] flags: 0x200000000000000(node=0|zone=2) [ 28.468504] page_type: f5(slab) [ 28.471649] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 28.479411] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.487154] page dumped because: kasan: bad access detected [ 28.492728] [ 28.494224] Memory state around the buggy address: [ 28.499017] ffff888100add700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.506238] ffff888100add780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.513457] >ffff888100add800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.520675] ^ [ 28.527810] ffff888100add880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.535028] ffff888100add900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.542246] ==================================================================