Date
March 19, 2025, 10:35 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 33.438189] ================================================================== [ 33.438343] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x414/0x490 [ 33.438503] Write of size 1 at addr fff00000c6818578 by task kunit_try_catch/144 [ 33.438824] [ 33.438967] CPU: 1 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT [ 33.439259] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.439346] Hardware name: linux,dummy-virt (DT) [ 33.439446] Call trace: [ 33.439539] show_stack+0x20/0x38 (C) [ 33.439710] dump_stack_lvl+0x8c/0xd0 [ 33.439876] print_report+0x118/0x5f0 [ 33.440081] kasan_report+0xc8/0x118 [ 33.440217] __asan_report_store1_noabort+0x20/0x30 [ 33.440467] kmalloc_track_caller_oob_right+0x414/0x490 [ 33.440653] kunit_try_run_case+0x14c/0x3d0 [ 33.440854] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.441197] kthread+0x318/0x618 [ 33.441426] ret_from_fork+0x10/0x20 [ 33.441656] [ 33.441719] Allocated by task 144: [ 33.441812] kasan_save_stack+0x3c/0x68 [ 33.441932] kasan_save_track+0x20/0x40 [ 33.442046] kasan_save_alloc_info+0x40/0x58 [ 33.442182] __kasan_kmalloc+0xd4/0xd8 [ 33.442282] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 33.442412] kmalloc_track_caller_oob_right+0xa8/0x490 [ 33.442548] kunit_try_run_case+0x14c/0x3d0 [ 33.442689] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.442822] kthread+0x318/0x618 [ 33.443097] ret_from_fork+0x10/0x20 [ 33.443221] [ 33.443279] The buggy address belongs to the object at fff00000c6818500 [ 33.443279] which belongs to the cache kmalloc-128 of size 128 [ 33.443559] The buggy address is located 0 bytes to the right of [ 33.443559] allocated 120-byte region [fff00000c6818500, fff00000c6818578) [ 33.443803] [ 33.443920] The buggy address belongs to the physical page: [ 33.444022] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106818 [ 33.444212] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.444391] page_type: f5(slab) [ 33.444501] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.444652] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.444783] page dumped because: kasan: bad access detected [ 33.444893] [ 33.444948] Memory state around the buggy address: [ 33.445043] fff00000c6818400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.445197] fff00000c6818480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.445410] >fff00000c6818500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.445563] ^ [ 33.445695] fff00000c6818580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.445863] fff00000c6818600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.446072] ================================================================== [ 33.447881] ================================================================== [ 33.448007] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x420/0x490 [ 33.448297] Write of size 1 at addr fff00000c6818678 by task kunit_try_catch/144 [ 33.448524] [ 33.448678] CPU: 1 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT [ 33.449158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.449262] Hardware name: linux,dummy-virt (DT) [ 33.449366] Call trace: [ 33.449425] show_stack+0x20/0x38 (C) [ 33.449639] dump_stack_lvl+0x8c/0xd0 [ 33.449825] print_report+0x118/0x5f0 [ 33.449965] kasan_report+0xc8/0x118 [ 33.450178] __asan_report_store1_noabort+0x20/0x30 [ 33.450352] kmalloc_track_caller_oob_right+0x420/0x490 [ 33.450612] kunit_try_run_case+0x14c/0x3d0 [ 33.450851] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.451375] kthread+0x318/0x618 [ 33.451540] ret_from_fork+0x10/0x20 [ 33.451681] [ 33.451772] Allocated by task 144: [ 33.452098] kasan_save_stack+0x3c/0x68 [ 33.452431] kasan_save_track+0x20/0x40 [ 33.452602] kasan_save_alloc_info+0x40/0x58 [ 33.452735] __kasan_kmalloc+0xd4/0xd8 [ 33.452899] __kmalloc_node_track_caller_noprof+0x184/0x4b8 [ 33.453080] kmalloc_track_caller_oob_right+0x184/0x490 [ 33.453308] kunit_try_run_case+0x14c/0x3d0 [ 33.453467] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 33.453632] kthread+0x318/0x618 [ 33.453746] ret_from_fork+0x10/0x20 [ 33.453859] [ 33.453922] The buggy address belongs to the object at fff00000c6818600 [ 33.453922] which belongs to the cache kmalloc-128 of size 128 [ 33.454135] The buggy address is located 0 bytes to the right of [ 33.454135] allocated 120-byte region [fff00000c6818600, fff00000c6818678) [ 33.454503] [ 33.454568] The buggy address belongs to the physical page: [ 33.454661] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106818 [ 33.455129] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 33.455323] page_type: f5(slab) [ 33.455485] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 33.455690] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 33.455897] page dumped because: kasan: bad access detected [ 33.456074] [ 33.456166] Memory state around the buggy address: [ 33.456316] fff00000c6818500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 33.456584] fff00000c6818580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.456741] >fff00000c6818600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 33.456858] ^ [ 33.457307] fff00000c6818680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.457525] fff00000c6818700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 33.457673] ==================================================================
[ 20.514962] ================================================================== [ 20.516386] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 20.517256] Write of size 1 at addr ffff88810305a178 by task kunit_try_catch/163 [ 20.517895] [ 20.518470] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) [ 20.518868] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.518898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.518931] Call Trace: [ 20.518949] <TASK> [ 20.518969] dump_stack_lvl+0x73/0xb0 [ 20.519012] print_report+0xd1/0x660 [ 20.519047] ? __virt_addr_valid+0x1db/0x2d0 [ 20.519135] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.519174] kasan_report+0x104/0x140 [ 20.519203] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 20.519241] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 20.519285] __asan_report_store1_noabort+0x1b/0x30 [ 20.519315] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 20.519351] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 20.519388] ? __schedule+0xd46/0x29c0 [ 20.519419] ? __pfx_read_tsc+0x10/0x10 [ 20.519448] ? ktime_get_ts64+0x86/0x240 [ 20.519484] kunit_try_run_case+0x1b2/0x490 [ 20.519518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.519549] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.519579] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.519638] ? __kthread_parkme+0x82/0x160 [ 20.519669] ? preempt_count_sub+0x50/0x80 [ 20.519710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.519784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.519819] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.519852] kthread+0x323/0x710 [ 20.519882] ? trace_preempt_on+0x20/0xc0 [ 20.519917] ? __pfx_kthread+0x10/0x10 [ 20.519959] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.519989] ? calculate_sigpending+0x7b/0xa0 [ 20.520019] ? __pfx_kthread+0x10/0x10 [ 20.520050] ret_from_fork+0x41/0x80 [ 20.520080] ? __pfx_kthread+0x10/0x10 [ 20.520131] ret_from_fork_asm+0x1a/0x30 [ 20.520179] </TASK> [ 20.520195] [ 20.537885] Allocated by task 163: [ 20.538992] kasan_save_stack+0x3d/0x60 [ 20.539347] kasan_save_track+0x18/0x40 [ 20.539967] kasan_save_alloc_info+0x3b/0x50 [ 20.540615] __kasan_kmalloc+0xb7/0xc0 [ 20.541227] __kmalloc_node_track_caller_noprof+0x1c5/0x500 [ 20.541716] kmalloc_track_caller_oob_right+0x99/0x520 [ 20.542267] kunit_try_run_case+0x1b2/0x490 [ 20.542699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.543720] kthread+0x323/0x710 [ 20.544056] ret_from_fork+0x41/0x80 [ 20.544442] ret_from_fork_asm+0x1a/0x30 [ 20.545057] [ 20.545208] The buggy address belongs to the object at ffff88810305a100 [ 20.545208] which belongs to the cache kmalloc-128 of size 128 [ 20.545735] The buggy address is located 0 bytes to the right of [ 20.545735] allocated 120-byte region [ffff88810305a100, ffff88810305a178) [ 20.547179] [ 20.547844] The buggy address belongs to the physical page: [ 20.548395] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10305a [ 20.549199] flags: 0x200000000000000(node=0|zone=2) [ 20.549508] page_type: f5(slab) [ 20.549755] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.551550] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.551986] page dumped because: kasan: bad access detected [ 20.552581] [ 20.552750] Memory state around the buggy address: [ 20.553674] ffff88810305a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.554076] ffff88810305a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.555134] >ffff88810305a100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.555839] ^ [ 20.556637] ffff88810305a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.557327] ffff88810305a200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.558227] ================================================================== [ 20.560025] ================================================================== [ 20.560543] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 20.561785] Write of size 1 at addr ffff88810305a278 by task kunit_try_catch/163 [ 20.562390] [ 20.562622] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.14.0-rc7-next-20250319 #1 PREEMPT(voluntary) [ 20.562744] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.562774] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.562827] Call Trace: [ 20.562856] <TASK> [ 20.562886] dump_stack_lvl+0x73/0xb0 [ 20.562951] print_report+0xd1/0x660 [ 20.563009] ? __virt_addr_valid+0x1db/0x2d0 [ 20.563140] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.563209] kasan_report+0x104/0x140 [ 20.563262] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 20.563332] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 20.563415] __asan_report_store1_noabort+0x1b/0x30 [ 20.563471] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 20.563537] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 20.563631] ? __schedule+0xd46/0x29c0 [ 20.563690] ? __pfx_read_tsc+0x10/0x10 [ 20.563745] ? ktime_get_ts64+0x86/0x240 [ 20.564256] kunit_try_run_case+0x1b2/0x490 [ 20.564340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.564781] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.564873] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.565187] ? __kthread_parkme+0x82/0x160 [ 20.565266] ? preempt_count_sub+0x50/0x80 [ 20.565335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.565399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.565464] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.565526] kthread+0x323/0x710 [ 20.565579] ? trace_preempt_on+0x20/0xc0 [ 20.565639] ? __pfx_kthread+0x10/0x10 [ 20.565696] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.565750] ? calculate_sigpending+0x7b/0xa0 [ 20.565802] ? __pfx_kthread+0x10/0x10 [ 20.565857] ret_from_fork+0x41/0x80 [ 20.565912] ? __pfx_kthread+0x10/0x10 [ 20.565993] ret_from_fork_asm+0x1a/0x30 [ 20.566276] </TASK> [ 20.566304] [ 20.583087] Allocated by task 163: [ 20.583516] kasan_save_stack+0x3d/0x60 [ 20.583820] kasan_save_track+0x18/0x40 [ 20.584075] kasan_save_alloc_info+0x3b/0x50 [ 20.584390] __kasan_kmalloc+0xb7/0xc0 [ 20.584622] __kmalloc_node_track_caller_noprof+0x1c5/0x500 [ 20.584820] kmalloc_track_caller_oob_right+0x19a/0x520 [ 20.584999] kunit_try_run_case+0x1b2/0x490 [ 20.586923] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.587247] kthread+0x323/0x710 [ 20.587680] ret_from_fork+0x41/0x80 [ 20.588707] ret_from_fork_asm+0x1a/0x30 [ 20.589367] [ 20.589598] The buggy address belongs to the object at ffff88810305a200 [ 20.589598] which belongs to the cache kmalloc-128 of size 128 [ 20.591200] The buggy address is located 0 bytes to the right of [ 20.591200] allocated 120-byte region [ffff88810305a200, ffff88810305a278) [ 20.592531] [ 20.592776] The buggy address belongs to the physical page: [ 20.593097] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10305a [ 20.594134] flags: 0x200000000000000(node=0|zone=2) [ 20.594429] page_type: f5(slab) [ 20.594638] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.595008] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.595386] page dumped because: kasan: bad access detected [ 20.595691] [ 20.596316] Memory state around the buggy address: [ 20.597649] ffff88810305a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.598401] ffff88810305a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.599364] >ffff88810305a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.599857] ^ [ 20.600819] ffff88810305a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.601609] ffff88810305a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.602632] ==================================================================