Date
June 3, 2025, 7:38 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 18.357356] ================================================================== [ 18.357446] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 18.357519] Write of size 4 at addr fff00000c65b1275 by task kunit_try_catch/174 [ 18.357585] [ 18.357618] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.357720] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.357746] Hardware name: linux,dummy-virt (DT) [ 18.357796] Call trace: [ 18.357846] show_stack+0x20/0x38 (C) [ 18.357894] dump_stack_lvl+0x8c/0xd0 [ 18.357941] print_report+0x118/0x608 [ 18.357987] kasan_report+0xdc/0x128 [ 18.358032] kasan_check_range+0x100/0x1a8 [ 18.358079] __asan_memset+0x34/0x78 [ 18.358121] kmalloc_oob_memset_4+0x150/0x300 [ 18.358248] kunit_try_run_case+0x170/0x3f0 [ 18.358301] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.358364] kthread+0x328/0x630 [ 18.358407] ret_from_fork+0x10/0x20 [ 18.358468] [ 18.358485] Allocated by task 174: [ 18.358512] kasan_save_stack+0x3c/0x68 [ 18.358551] kasan_save_track+0x20/0x40 [ 18.358667] kasan_save_alloc_info+0x40/0x58 [ 18.358702] __kasan_kmalloc+0xd4/0xd8 [ 18.358738] __kmalloc_cache_noprof+0x16c/0x3c0 [ 18.358816] kmalloc_oob_memset_4+0xb0/0x300 [ 18.358876] kunit_try_run_case+0x170/0x3f0 [ 18.358914] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.358993] kthread+0x328/0x630 [ 18.359025] ret_from_fork+0x10/0x20 [ 18.359060] [ 18.359080] The buggy address belongs to the object at fff00000c65b1200 [ 18.359080] which belongs to the cache kmalloc-128 of size 128 [ 18.359134] The buggy address is located 117 bytes inside of [ 18.359134] allocated 120-byte region [fff00000c65b1200, fff00000c65b1278) [ 18.359194] [ 18.359213] The buggy address belongs to the physical page: [ 18.359242] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1065b1 [ 18.359290] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.359338] page_type: f5(slab) [ 18.359523] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.359618] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.359717] page dumped because: kasan: bad access detected [ 18.359787] [ 18.359870] Memory state around the buggy address: [ 18.359963] fff00000c65b1100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.360020] fff00000c65b1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.360113] >fff00000c65b1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.360232] ^ [ 18.360300] fff00000c65b1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.360357] fff00000c65b1300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.360393] ==================================================================
[ 14.628221] ================================================================== [ 14.628804] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 14.629720] Write of size 4 at addr ffff88810335df75 by task kunit_try_catch/191 [ 14.630483] [ 14.630865] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 14.631074] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.631102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.631141] Call Trace: [ 14.631161] <TASK> [ 14.631188] dump_stack_lvl+0x73/0xb0 [ 14.631260] print_report+0xd1/0x650 [ 14.631288] ? __virt_addr_valid+0x1db/0x2d0 [ 14.631315] ? kmalloc_oob_memset_4+0x166/0x330 [ 14.631339] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.631380] ? kmalloc_oob_memset_4+0x166/0x330 [ 14.631405] kasan_report+0x141/0x180 [ 14.631430] ? kmalloc_oob_memset_4+0x166/0x330 [ 14.631478] kasan_check_range+0x10c/0x1c0 [ 14.631509] __asan_memset+0x27/0x50 [ 14.631531] kmalloc_oob_memset_4+0x166/0x330 [ 14.631556] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 14.631582] ? __schedule+0x10cc/0x2b60 [ 14.631609] ? __pfx_read_tsc+0x10/0x10 [ 14.631635] ? ktime_get_ts64+0x86/0x230 [ 14.631663] kunit_try_run_case+0x1a5/0x480 [ 14.631688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.631709] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.631737] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.631764] ? __kthread_parkme+0x82/0x180 [ 14.631787] ? preempt_count_sub+0x50/0x80 [ 14.631813] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.631836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.631862] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.631889] kthread+0x337/0x6f0 [ 14.631910] ? trace_preempt_on+0x20/0xc0 [ 14.631936] ? __pfx_kthread+0x10/0x10 [ 14.631959] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.631983] ? calculate_sigpending+0x7b/0xa0 [ 14.632011] ? __pfx_kthread+0x10/0x10 [ 14.632034] ret_from_fork+0x116/0x1d0 [ 14.632055] ? __pfx_kthread+0x10/0x10 [ 14.632077] ret_from_fork_asm+0x1a/0x30 [ 14.632113] </TASK> [ 14.632126] [ 14.643591] Allocated by task 191: [ 14.643864] kasan_save_stack+0x45/0x70 [ 14.644281] kasan_save_track+0x18/0x40 [ 14.644637] kasan_save_alloc_info+0x3b/0x50 [ 14.645011] __kasan_kmalloc+0xb7/0xc0 [ 14.645353] __kmalloc_cache_noprof+0x189/0x420 [ 14.645709] kmalloc_oob_memset_4+0xac/0x330 [ 14.646007] kunit_try_run_case+0x1a5/0x480 [ 14.646298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.646597] kthread+0x337/0x6f0 [ 14.646841] ret_from_fork+0x116/0x1d0 [ 14.647117] ret_from_fork_asm+0x1a/0x30 [ 14.647585] [ 14.647820] The buggy address belongs to the object at ffff88810335df00 [ 14.647820] which belongs to the cache kmalloc-128 of size 128 [ 14.648825] The buggy address is located 117 bytes inside of [ 14.648825] allocated 120-byte region [ffff88810335df00, ffff88810335df78) [ 14.649804] [ 14.650076] The buggy address belongs to the physical page: [ 14.650602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10335d [ 14.651055] flags: 0x200000000000000(node=0|zone=2) [ 14.651521] page_type: f5(slab) [ 14.651721] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.652026] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.652556] page dumped because: kasan: bad access detected [ 14.653721] [ 14.653918] Memory state around the buggy address: [ 14.654319] ffff88810335de00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.654890] ffff88810335de80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.655445] >ffff88810335df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.657031] ^ [ 14.657372] ffff88810335df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.657953] ffff88810335e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.658629] ==================================================================
[ 28.549815] ================================================================== [ 28.561130] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 28.568368] Write of size 4 at addr ffff888100add975 by task kunit_try_catch/214 [ 28.575785] [ 28.577287] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 28.577295] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 28.577298] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 28.577301] Call Trace: [ 28.577303] <TASK> [ 28.577304] dump_stack_lvl+0x73/0xb0 [ 28.577308] print_report+0xd1/0x650 [ 28.577312] ? __virt_addr_valid+0x1db/0x2d0 [ 28.577316] ? kmalloc_oob_memset_4+0x166/0x330 [ 28.577320] ? kasan_complete_mode_report_info+0x2a/0x200 [ 28.577324] ? kmalloc_oob_memset_4+0x166/0x330 [ 28.577328] kasan_report+0x141/0x180 [ 28.577332] ? kmalloc_oob_memset_4+0x166/0x330 [ 28.577337] kasan_check_range+0x10c/0x1c0 [ 28.577356] __asan_memset+0x27/0x50 [ 28.577360] kmalloc_oob_memset_4+0x166/0x330 [ 28.577364] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 28.577368] ? __schedule+0x10cc/0x2b60 [ 28.577373] ? ktime_get_ts64+0x83/0x230 [ 28.577389] kunit_try_run_case+0x1a2/0x480 [ 28.577393] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.577396] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 28.577401] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 28.577405] ? __kthread_parkme+0x82/0x180 [ 28.577409] ? preempt_count_sub+0x50/0x80 [ 28.577413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 28.577416] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 28.577421] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 28.577425] kthread+0x334/0x6f0 [ 28.577429] ? trace_preempt_on+0x20/0xc0 [ 28.577433] ? __pfx_kthread+0x10/0x10 [ 28.577436] ? _raw_spin_unlock_irq+0x47/0x80 [ 28.577440] ? calculate_sigpending+0x7b/0xa0 [ 28.577445] ? __pfx_kthread+0x10/0x10 [ 28.577449] ret_from_fork+0x113/0x1d0 [ 28.577452] ? __pfx_kthread+0x10/0x10 [ 28.577455] ret_from_fork_asm+0x1a/0x30 [ 28.577461] </TASK> [ 28.577463] [ 28.747280] Allocated by task 214: [ 28.750684] kasan_save_stack+0x45/0x70 [ 28.754523] kasan_save_track+0x18/0x40 [ 28.758370] kasan_save_alloc_info+0x3b/0x50 [ 28.762646] __kasan_kmalloc+0xb7/0xc0 [ 28.766399] __kmalloc_cache_noprof+0x189/0x420 [ 28.770940] kmalloc_oob_memset_4+0xac/0x330 [ 28.775220] kunit_try_run_case+0x1a2/0x480 [ 28.779411] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 28.784816] kthread+0x334/0x6f0 [ 28.788047] ret_from_fork+0x113/0x1d0 [ 28.791798] ret_from_fork_asm+0x1a/0x30 [ 28.795726] [ 28.797226] The buggy address belongs to the object at ffff888100add900 [ 28.797226] which belongs to the cache kmalloc-128 of size 128 [ 28.809738] The buggy address is located 117 bytes inside of [ 28.809738] allocated 120-byte region [ffff888100add900, ffff888100add978) [ 28.822332] [ 28.823856] The buggy address belongs to the physical page: [ 28.829429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100add [ 28.837429] flags: 0x200000000000000(node=0|zone=2) [ 28.842307] page_type: f5(slab) [ 28.845453] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 28.853194] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 28.860942] page dumped because: kasan: bad access detected [ 28.866514] [ 28.868013] Memory state around the buggy address: [ 28.872807] ffff888100add800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 28.880024] ffff888100add880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.887244] >ffff888100add900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 28.894464] ^ [ 28.901595] ffff888100add980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.908814] ffff888100adda00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 28.916035] ==================================================================