Date
May 12, 2025, 11:48 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 16.259582] ================================================================== [ 16.259681] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 16.259785] Write of size 1 at addr fff00000c1094e78 by task kunit_try_catch/142 [ 16.259890] [ 16.259950] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT [ 16.261752] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.261934] Hardware name: linux,dummy-virt (DT) [ 16.262003] Call trace: [ 16.262056] show_stack+0x20/0x38 (C) [ 16.262167] dump_stack_lvl+0x8c/0xd0 [ 16.262275] print_report+0x118/0x608 [ 16.262377] kasan_report+0xdc/0x128 [ 16.262480] __asan_report_store1_noabort+0x20/0x30 [ 16.262604] kmalloc_track_caller_oob_right+0x418/0x488 [ 16.262722] kunit_try_run_case+0x170/0x3f0 [ 16.262880] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.263016] kthread+0x328/0x630 [ 16.263108] ret_from_fork+0x10/0x20 [ 16.263422] [ 16.263486] Allocated by task 142: [ 16.263579] kasan_save_stack+0x3c/0x68 [ 16.263660] kasan_save_track+0x20/0x40 [ 16.263956] kasan_save_alloc_info+0x40/0x58 [ 16.264035] __kasan_kmalloc+0xd4/0xd8 [ 16.264117] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 16.264207] kmalloc_track_caller_oob_right+0x184/0x488 [ 16.264359] kunit_try_run_case+0x170/0x3f0 [ 16.264499] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.264669] kthread+0x328/0x630 [ 16.264772] ret_from_fork+0x10/0x20 [ 16.264936] [ 16.265032] The buggy address belongs to the object at fff00000c1094e00 [ 16.265032] which belongs to the cache kmalloc-128 of size 128 [ 16.265233] The buggy address is located 0 bytes to the right of [ 16.265233] allocated 120-byte region [fff00000c1094e00, fff00000c1094e78) [ 16.265357] [ 16.265399] The buggy address belongs to the physical page: [ 16.265466] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101094 [ 16.265775] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.265869] page_type: f5(slab) [ 16.266036] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.266114] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.266158] page dumped because: kasan: bad access detected [ 16.266235] [ 16.266284] Memory state around the buggy address: [ 16.266340] fff00000c1094d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.266417] fff00000c1094d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.266700] >fff00000c1094e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.267123] ^ [ 16.267224] fff00000c1094e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.267320] fff00000c1094f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.267829] ================================================================== [ 16.248395] ================================================================== [ 16.248510] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.248609] Write of size 1 at addr fff00000c1094d78 by task kunit_try_catch/142 [ 16.248713] [ 16.248773] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT [ 16.248947] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.249002] Hardware name: linux,dummy-virt (DT) [ 16.249078] Call trace: [ 16.249115] show_stack+0x20/0x38 (C) [ 16.249206] dump_stack_lvl+0x8c/0xd0 [ 16.249556] print_report+0x118/0x608 [ 16.249842] kasan_report+0xdc/0x128 [ 16.250086] __asan_report_store1_noabort+0x20/0x30 [ 16.250306] kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.250400] kunit_try_run_case+0x170/0x3f0 [ 16.250492] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.250724] kthread+0x328/0x630 [ 16.251092] ret_from_fork+0x10/0x20 [ 16.251499] [ 16.251544] Allocated by task 142: [ 16.251603] kasan_save_stack+0x3c/0x68 [ 16.251807] kasan_save_track+0x20/0x40 [ 16.251923] kasan_save_alloc_info+0x40/0x58 [ 16.252155] __kasan_kmalloc+0xd4/0xd8 [ 16.252312] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 16.252793] kmalloc_track_caller_oob_right+0xa8/0x488 [ 16.252901] kunit_try_run_case+0x170/0x3f0 [ 16.252994] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.253159] kthread+0x328/0x630 [ 16.253251] ret_from_fork+0x10/0x20 [ 16.253416] [ 16.253480] The buggy address belongs to the object at fff00000c1094d00 [ 16.253480] which belongs to the cache kmalloc-128 of size 128 [ 16.253610] The buggy address is located 0 bytes to the right of [ 16.253610] allocated 120-byte region [fff00000c1094d00, fff00000c1094d78) [ 16.253746] [ 16.254031] The buggy address belongs to the physical page: [ 16.254117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101094 [ 16.254352] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.254609] page_type: f5(slab) [ 16.254725] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.254817] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.255126] page dumped because: kasan: bad access detected [ 16.255268] [ 16.255319] Memory state around the buggy address: [ 16.255538] fff00000c1094c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.255717] fff00000c1094c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.255824] >fff00000c1094d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.256047] ^ [ 16.256131] fff00000c1094d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.256491] fff00000c1094e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.256718] ==================================================================
[ 15.643879] ================================================================== [ 15.645204] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.646280] Write of size 1 at addr ffff888102306378 by task kunit_try_catch/159 [ 15.646551] [ 15.647122] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) [ 15.647244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.647276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.647314] Call Trace: [ 15.647338] <TASK> [ 15.647375] dump_stack_lvl+0x73/0xb0 [ 15.647442] print_report+0xd1/0x650 [ 15.647489] ? __virt_addr_valid+0x1db/0x2d0 [ 15.647539] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.647584] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.647618] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.647930] kasan_report+0x141/0x180 [ 15.648059] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.648114] __asan_report_store1_noabort+0x1b/0x30 [ 15.648151] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 15.648191] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 15.648230] ? __schedule+0x10cc/0x2b60 [ 15.648281] ? __pfx_read_tsc+0x10/0x10 [ 15.648319] ? ktime_get_ts64+0x86/0x230 [ 15.648360] kunit_try_run_case+0x1a5/0x480 [ 15.648402] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.648441] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.648478] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.648513] ? __kthread_parkme+0x82/0x180 [ 15.648548] ? preempt_count_sub+0x50/0x80 [ 15.648587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.648623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.648691] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.648730] kthread+0x337/0x6f0 [ 15.648764] ? trace_preempt_on+0x20/0xc0 [ 15.648802] ? __pfx_kthread+0x10/0x10 [ 15.648835] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.648868] ? calculate_sigpending+0x7b/0xa0 [ 15.648906] ? __pfx_kthread+0x10/0x10 [ 15.648941] ret_from_fork+0x116/0x1d0 [ 15.648972] ? __pfx_kthread+0x10/0x10 [ 15.649006] ret_from_fork_asm+0x1a/0x30 [ 15.649055] </TASK> [ 15.649077] [ 15.666293] Allocated by task 159: [ 15.666507] kasan_save_stack+0x45/0x70 [ 15.668826] kasan_save_track+0x18/0x40 [ 15.669569] kasan_save_alloc_info+0x3b/0x50 [ 15.672418] __kasan_kmalloc+0xb7/0xc0 [ 15.672619] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 15.672877] kmalloc_track_caller_oob_right+0x99/0x520 [ 15.673059] kunit_try_run_case+0x1a5/0x480 [ 15.673216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.673408] kthread+0x337/0x6f0 [ 15.673544] ret_from_fork+0x116/0x1d0 [ 15.675606] ret_from_fork_asm+0x1a/0x30 [ 15.676771] [ 15.677913] The buggy address belongs to the object at ffff888102306300 [ 15.677913] which belongs to the cache kmalloc-128 of size 128 [ 15.681152] The buggy address is located 0 bytes to the right of [ 15.681152] allocated 120-byte region [ffff888102306300, ffff888102306378) [ 15.682622] [ 15.683117] The buggy address belongs to the physical page: [ 15.683849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102306 [ 15.684903] flags: 0x200000000000000(node=0|zone=2) [ 15.686002] page_type: f5(slab) [ 15.686418] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.687859] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.689064] page dumped because: kasan: bad access detected [ 15.689629] [ 15.690162] Memory state around the buggy address: [ 15.691313] ffff888102306200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.692139] ffff888102306280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.693465] >ffff888102306300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.694233] ^ [ 15.695293] ffff888102306380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.696042] ffff888102306400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.696717] ================================================================== [ 15.700851] ================================================================== [ 15.701518] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 15.702676] Write of size 1 at addr ffff888102306478 by task kunit_try_catch/159 [ 15.703631] [ 15.704090] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250512 #1 PREEMPT(voluntary) [ 15.704196] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.704216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.704254] Call Trace: [ 15.704290] <TASK> [ 15.704324] dump_stack_lvl+0x73/0xb0 [ 15.704389] print_report+0xd1/0x650 [ 15.704438] ? __virt_addr_valid+0x1db/0x2d0 [ 15.704488] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 15.704539] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.704583] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 15.704635] kasan_report+0x141/0x180 [ 15.705018] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 15.705127] __asan_report_store1_noabort+0x1b/0x30 [ 15.705165] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 15.705204] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 15.705243] ? __schedule+0x10cc/0x2b60 [ 15.705291] ? __pfx_read_tsc+0x10/0x10 [ 15.705325] ? ktime_get_ts64+0x86/0x230 [ 15.705365] kunit_try_run_case+0x1a5/0x480 [ 15.705404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.705438] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.705475] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.705508] ? __kthread_parkme+0x82/0x180 [ 15.705540] ? preempt_count_sub+0x50/0x80 [ 15.705577] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.705612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.705648] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.705720] kthread+0x337/0x6f0 [ 15.705751] ? trace_preempt_on+0x20/0xc0 [ 15.705788] ? __pfx_kthread+0x10/0x10 [ 15.705820] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.705852] ? calculate_sigpending+0x7b/0xa0 [ 15.705888] ? __pfx_kthread+0x10/0x10 [ 15.705921] ret_from_fork+0x116/0x1d0 [ 15.705951] ? __pfx_kthread+0x10/0x10 [ 15.705983] ret_from_fork_asm+0x1a/0x30 [ 15.706030] </TASK> [ 15.706050] [ 15.728524] Allocated by task 159: [ 15.729244] kasan_save_stack+0x45/0x70 [ 15.730133] kasan_save_track+0x18/0x40 [ 15.730470] kasan_save_alloc_info+0x3b/0x50 [ 15.730643] __kasan_kmalloc+0xb7/0xc0 [ 15.731805] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 15.732553] kmalloc_track_caller_oob_right+0x19a/0x520 [ 15.733112] kunit_try_run_case+0x1a5/0x480 [ 15.733336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.733528] kthread+0x337/0x6f0 [ 15.734491] ret_from_fork+0x116/0x1d0 [ 15.735160] ret_from_fork_asm+0x1a/0x30 [ 15.735938] [ 15.736439] The buggy address belongs to the object at ffff888102306400 [ 15.736439] which belongs to the cache kmalloc-128 of size 128 [ 15.737977] The buggy address is located 0 bytes to the right of [ 15.737977] allocated 120-byte region [ffff888102306400, ffff888102306478) [ 15.739715] [ 15.739944] The buggy address belongs to the physical page: [ 15.740775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102306 [ 15.741525] flags: 0x200000000000000(node=0|zone=2) [ 15.742428] page_type: f5(slab) [ 15.743105] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.744367] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.745051] page dumped because: kasan: bad access detected [ 15.745273] [ 15.745377] Memory state around the buggy address: [ 15.745568] ffff888102306300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.745820] ffff888102306380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.746056] >ffff888102306400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.747199] ^ [ 15.748005] ffff888102306480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.749006] ffff888102306500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.750089] ==================================================================