Date
May 23, 2025, 11:07 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 26.838075] ================================================================== [ 26.838209] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 26.838358] Write of size 1 at addr fff00000c5a34978 by task kunit_try_catch/144 [ 26.838518] [ 26.838611] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 26.838846] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.838924] Hardware name: linux,dummy-virt (DT) [ 26.839015] Call trace: [ 26.839082] show_stack+0x20/0x38 (C) [ 26.839222] dump_stack_lvl+0x8c/0xd0 [ 26.839358] print_report+0x118/0x608 [ 26.839513] kasan_report+0xdc/0x128 [ 26.839634] __asan_report_store1_noabort+0x20/0x30 [ 26.839779] kmalloc_track_caller_oob_right+0x418/0x488 [ 26.839926] kunit_try_run_case+0x170/0x3f0 [ 26.840057] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.840207] kthread+0x328/0x630 [ 26.840344] ret_from_fork+0x10/0x20 [ 26.840609] [ 26.840818] Allocated by task 144: [ 26.840906] kasan_save_stack+0x3c/0x68 [ 26.841929] kasan_save_track+0x20/0x40 [ 26.843386] kasan_save_alloc_info+0x40/0x58 [ 26.844136] __kasan_kmalloc+0xd4/0xd8 [ 26.844251] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 26.844440] kmalloc_track_caller_oob_right+0x184/0x488 [ 26.844620] kunit_try_run_case+0x170/0x3f0 [ 26.844719] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.844844] kthread+0x328/0x630 [ 26.844939] ret_from_fork+0x10/0x20 [ 26.845264] [ 26.845361] The buggy address belongs to the object at fff00000c5a34900 [ 26.845361] which belongs to the cache kmalloc-128 of size 128 [ 26.845563] The buggy address is located 0 bytes to the right of [ 26.845563] allocated 120-byte region [fff00000c5a34900, fff00000c5a34978) [ 26.845752] [ 26.845826] The buggy address belongs to the physical page: [ 26.845946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a34 [ 26.846157] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.846404] page_type: f5(slab) [ 26.846531] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.846679] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.846800] page dumped because: kasan: bad access detected [ 26.846889] [ 26.846940] Memory state around the buggy address: [ 26.847078] fff00000c5a34800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.847208] fff00000c5a34880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.847325] >fff00000c5a34900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.847464] ^ [ 26.847575] fff00000c5a34980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.848290] fff00000c5a34a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.848637] ================================================================== [ 26.823435] ================================================================== [ 26.824011] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 26.824290] Write of size 1 at addr fff00000c5a34878 by task kunit_try_catch/144 [ 26.824562] [ 26.824892] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT [ 26.825145] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.825220] Hardware name: linux,dummy-virt (DT) [ 26.825299] Call trace: [ 26.825352] show_stack+0x20/0x38 (C) [ 26.825505] dump_stack_lvl+0x8c/0xd0 [ 26.825771] print_report+0x118/0x608 [ 26.825921] kasan_report+0xdc/0x128 [ 26.826057] __asan_report_store1_noabort+0x20/0x30 [ 26.826270] kmalloc_track_caller_oob_right+0x40c/0x488 [ 26.826433] kunit_try_run_case+0x170/0x3f0 [ 26.826600] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.826747] kthread+0x328/0x630 [ 26.827230] ret_from_fork+0x10/0x20 [ 26.827478] [ 26.827536] Allocated by task 144: [ 26.827700] kasan_save_stack+0x3c/0x68 [ 26.828046] kasan_save_track+0x20/0x40 [ 26.828530] kasan_save_alloc_info+0x40/0x58 [ 26.828673] __kasan_kmalloc+0xd4/0xd8 [ 26.828776] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 26.828884] kmalloc_track_caller_oob_right+0xa8/0x488 [ 26.829035] kunit_try_run_case+0x170/0x3f0 [ 26.829152] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 26.829283] kthread+0x328/0x630 [ 26.829387] ret_from_fork+0x10/0x20 [ 26.830047] [ 26.830676] The buggy address belongs to the object at fff00000c5a34800 [ 26.830676] which belongs to the cache kmalloc-128 of size 128 [ 26.832234] The buggy address is located 0 bytes to the right of [ 26.832234] allocated 120-byte region [fff00000c5a34800, fff00000c5a34878) [ 26.833653] [ 26.833972] The buggy address belongs to the physical page: [ 26.834285] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a34 [ 26.834467] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 26.834616] page_type: f5(slab) [ 26.834728] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 26.834873] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 26.834994] page dumped because: kasan: bad access detected [ 26.835085] [ 26.835137] Memory state around the buggy address: [ 26.835246] fff00000c5a34700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 26.835370] fff00000c5a34780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.835519] >fff00000c5a34800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 26.835631] ^ [ 26.835745] fff00000c5a34880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.835860] fff00000c5a34900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 26.835984] ==================================================================
[ 12.079760] ================================================================== [ 12.080351] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.081010] Write of size 1 at addr ffff888102a2d278 by task kunit_try_catch/161 [ 12.081805] [ 12.081985] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc7 #1 PREEMPT(voluntary) [ 12.082033] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.082045] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.082066] Call Trace: [ 12.082078] <TASK> [ 12.082096] dump_stack_lvl+0x73/0xb0 [ 12.082126] print_report+0xd1/0x650 [ 12.082148] ? __virt_addr_valid+0x1db/0x2d0 [ 12.082171] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.082191] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.082213] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.082235] kasan_report+0x141/0x180 [ 12.082256] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.082282] __asan_report_store1_noabort+0x1b/0x30 [ 12.082314] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.082335] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.082356] ? __schedule+0x10cc/0x2b30 [ 12.082378] ? __pfx_read_tsc+0x10/0x10 [ 12.082398] ? ktime_get_ts64+0x86/0x230 [ 12.082424] kunit_try_run_case+0x1a5/0x480 [ 12.082449] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.082471] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.082493] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.082515] ? __kthread_parkme+0x82/0x180 [ 12.082537] ? preempt_count_sub+0x50/0x80 [ 12.082563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.082585] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.082606] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.082628] kthread+0x337/0x6f0 [ 12.082644] ? trace_preempt_on+0x20/0xc0 [ 12.082675] ? __pfx_kthread+0x10/0x10 [ 12.082693] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.082713] ? calculate_sigpending+0x7b/0xa0 [ 12.082735] ? __pfx_kthread+0x10/0x10 [ 12.082753] ret_from_fork+0x41/0x80 [ 12.082773] ? __pfx_kthread+0x10/0x10 [ 12.082791] ret_from_fork_asm+0x1a/0x30 [ 12.082821] </TASK> [ 12.082833] [ 12.096668] Allocated by task 161: [ 12.096817] kasan_save_stack+0x45/0x70 [ 12.097203] kasan_save_track+0x18/0x40 [ 12.097616] kasan_save_alloc_info+0x3b/0x50 [ 12.098033] __kasan_kmalloc+0xb7/0xc0 [ 12.098428] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.098788] kmalloc_track_caller_oob_right+0x99/0x520 [ 12.099073] kunit_try_run_case+0x1a5/0x480 [ 12.099486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.100056] kthread+0x337/0x6f0 [ 12.100359] ret_from_fork+0x41/0x80 [ 12.100518] ret_from_fork_asm+0x1a/0x30 [ 12.100657] [ 12.100731] The buggy address belongs to the object at ffff888102a2d200 [ 12.100731] which belongs to the cache kmalloc-128 of size 128 [ 12.101710] The buggy address is located 0 bytes to the right of [ 12.101710] allocated 120-byte region [ffff888102a2d200, ffff888102a2d278) [ 12.102954] [ 12.103121] The buggy address belongs to the physical page: [ 12.103390] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a2d [ 12.104139] flags: 0x200000000000000(node=0|zone=2) [ 12.104533] page_type: f5(slab) [ 12.104743] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.105159] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.106194] page dumped because: kasan: bad access detected [ 12.106420] [ 12.106494] Memory state around the buggy address: [ 12.106652] ffff888102a2d100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.106872] ffff888102a2d180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.107565] >ffff888102a2d200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.108357] ^ [ 12.109051] ffff888102a2d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.109795] ffff888102a2d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.110519] ==================================================================