Date
May 15, 2025, 10:38 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.766684] ================================================================== [ 17.766737] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 17.766785] Write of size 1 at addr fff00000c68f1178 by task kunit_try_catch/142 [ 17.766831] [ 17.766860] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 17.766940] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.766966] Hardware name: linux,dummy-virt (DT) [ 17.766995] Call trace: [ 17.767244] show_stack+0x20/0x38 (C) [ 17.767937] dump_stack_lvl+0x8c/0xd0 [ 17.768180] print_report+0x118/0x608 [ 17.768228] kasan_report+0xdc/0x128 [ 17.768626] __asan_report_store1_noabort+0x20/0x30 [ 17.768879] kmalloc_track_caller_oob_right+0x418/0x488 [ 17.768930] kunit_try_run_case+0x170/0x3f0 [ 17.768976] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.769822] kthread+0x328/0x630 [ 17.770046] ret_from_fork+0x10/0x20 [ 17.770189] [ 17.770208] Allocated by task 142: [ 17.770245] kasan_save_stack+0x3c/0x68 [ 17.770371] kasan_save_track+0x20/0x40 [ 17.770408] kasan_save_alloc_info+0x40/0x58 [ 17.770446] __kasan_kmalloc+0xd4/0xd8 [ 17.770480] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 17.770756] kmalloc_track_caller_oob_right+0x184/0x488 [ 17.770872] kunit_try_run_case+0x170/0x3f0 [ 17.770950] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.770991] kthread+0x328/0x630 [ 17.771025] ret_from_fork+0x10/0x20 [ 17.771060] [ 17.771079] The buggy address belongs to the object at fff00000c68f1100 [ 17.771079] which belongs to the cache kmalloc-128 of size 128 [ 17.771134] The buggy address is located 0 bytes to the right of [ 17.771134] allocated 120-byte region [fff00000c68f1100, fff00000c68f1178) [ 17.771215] [ 17.771234] The buggy address belongs to the physical page: [ 17.771262] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1068f1 [ 17.771580] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.771629] page_type: f5(slab) [ 17.771875] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.772225] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.772272] page dumped because: kasan: bad access detected [ 17.772426] [ 17.772469] Memory state around the buggy address: [ 17.772564] fff00000c68f1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.772615] fff00000c68f1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.772714] >fff00000c68f1100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.772802] ^ [ 17.772876] fff00000c68f1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.772950] fff00000c68f1200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.773041] ================================================================== [ 17.763476] ================================================================== [ 17.763544] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 17.763602] Write of size 1 at addr fff00000c68f1078 by task kunit_try_catch/142 [ 17.763650] [ 17.763686] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT [ 17.763769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.763795] Hardware name: linux,dummy-virt (DT) [ 17.763825] Call trace: [ 17.763848] show_stack+0x20/0x38 (C) [ 17.763896] dump_stack_lvl+0x8c/0xd0 [ 17.763942] print_report+0x118/0x608 [ 17.763987] kasan_report+0xdc/0x128 [ 17.764032] __asan_report_store1_noabort+0x20/0x30 [ 17.764082] kmalloc_track_caller_oob_right+0x40c/0x488 [ 17.764130] kunit_try_run_case+0x170/0x3f0 [ 17.764204] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.764255] kthread+0x328/0x630 [ 17.764334] ret_from_fork+0x10/0x20 [ 17.764383] [ 17.764414] Allocated by task 142: [ 17.764441] kasan_save_stack+0x3c/0x68 [ 17.764480] kasan_save_track+0x20/0x40 [ 17.764515] kasan_save_alloc_info+0x40/0x58 [ 17.764553] __kasan_kmalloc+0xd4/0xd8 [ 17.764605] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 17.764662] kmalloc_track_caller_oob_right+0xa8/0x488 [ 17.764715] kunit_try_run_case+0x170/0x3f0 [ 17.764749] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.764790] kthread+0x328/0x630 [ 17.764824] ret_from_fork+0x10/0x20 [ 17.764858] [ 17.764876] The buggy address belongs to the object at fff00000c68f1000 [ 17.764876] which belongs to the cache kmalloc-128 of size 128 [ 17.764930] The buggy address is located 0 bytes to the right of [ 17.764930] allocated 120-byte region [fff00000c68f1000, fff00000c68f1078) [ 17.764990] [ 17.765009] The buggy address belongs to the physical page: [ 17.765039] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1068f1 [ 17.765090] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.765139] page_type: f5(slab) [ 17.765186] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.765235] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.765274] page dumped because: kasan: bad access detected [ 17.765303] [ 17.765321] Memory state around the buggy address: [ 17.765351] fff00000c68f0f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.765393] fff00000c68f0f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.765433] >fff00000c68f1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.765469] ^ [ 17.765507] fff00000c68f1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.765548] fff00000c68f1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.765585] ==================================================================
[ 13.345213] ================================================================== [ 13.345879] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 13.346697] Write of size 1 at addr ffff888102b48c78 by task kunit_try_catch/160 [ 13.347068] [ 13.347296] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) [ 13.347395] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.347417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.347502] Call Trace: [ 13.347542] <TASK> [ 13.347576] dump_stack_lvl+0x73/0xb0 [ 13.347632] print_report+0xd1/0x650 [ 13.347671] ? __virt_addr_valid+0x1db/0x2d0 [ 13.347869] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 13.347922] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.348009] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 13.348077] kasan_report+0x141/0x180 [ 13.348134] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 13.348198] __asan_report_store1_noabort+0x1b/0x30 [ 13.348253] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 13.348298] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 13.348339] ? __schedule+0x10cc/0x2b60 [ 13.348363] ? __pfx_read_tsc+0x10/0x10 [ 13.348385] ? ktime_get_ts64+0x86/0x230 [ 13.348410] kunit_try_run_case+0x1a5/0x480 [ 13.348437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.348463] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.348527] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.348562] ? __kthread_parkme+0x82/0x180 [ 13.348614] ? preempt_count_sub+0x50/0x80 [ 13.348641] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.348664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.348687] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.348708] kthread+0x337/0x6f0 [ 13.348727] ? trace_preempt_on+0x20/0xc0 [ 13.348752] ? __pfx_kthread+0x10/0x10 [ 13.348772] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.348793] ? calculate_sigpending+0x7b/0xa0 [ 13.348818] ? __pfx_kthread+0x10/0x10 [ 13.348839] ret_from_fork+0x116/0x1d0 [ 13.348858] ? __pfx_kthread+0x10/0x10 [ 13.348879] ret_from_fork_asm+0x1a/0x30 [ 13.348913] </TASK> [ 13.348924] [ 13.359712] Allocated by task 160: [ 13.360264] kasan_save_stack+0x45/0x70 [ 13.360530] kasan_save_track+0x18/0x40 [ 13.360860] kasan_save_alloc_info+0x3b/0x50 [ 13.361105] __kasan_kmalloc+0xb7/0xc0 [ 13.361494] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 13.362068] kmalloc_track_caller_oob_right+0x99/0x520 [ 13.362816] kunit_try_run_case+0x1a5/0x480 [ 13.363081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.363681] kthread+0x337/0x6f0 [ 13.363929] ret_from_fork+0x116/0x1d0 [ 13.364147] ret_from_fork_asm+0x1a/0x30 [ 13.364488] [ 13.364663] The buggy address belongs to the object at ffff888102b48c00 [ 13.364663] which belongs to the cache kmalloc-128 of size 128 [ 13.365284] The buggy address is located 0 bytes to the right of [ 13.365284] allocated 120-byte region [ffff888102b48c00, ffff888102b48c78) [ 13.365743] [ 13.365915] The buggy address belongs to the physical page: [ 13.366686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b48 [ 13.367015] flags: 0x200000000000000(node=0|zone=2) [ 13.367623] page_type: f5(slab) [ 13.367939] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.368313] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.368860] page dumped because: kasan: bad access detected [ 13.369173] [ 13.369346] Memory state around the buggy address: [ 13.369627] ffff888102b48b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.370019] ffff888102b48b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.370691] >ffff888102b48c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 13.371165] ^ [ 13.371744] ffff888102b48c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.372540] ffff888102b48d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.373107] ================================================================== [ 13.375183] ================================================================== [ 13.375545] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 13.376289] Write of size 1 at addr ffff888102b48d78 by task kunit_try_catch/160 [ 13.376570] [ 13.376900] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250515 #1 PREEMPT(voluntary) [ 13.376998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.377021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.377058] Call Trace: [ 13.377146] <TASK> [ 13.377200] dump_stack_lvl+0x73/0xb0 [ 13.377264] print_report+0xd1/0x650 [ 13.377292] ? __virt_addr_valid+0x1db/0x2d0 [ 13.377316] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 13.377340] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.377362] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 13.377390] kasan_report+0x141/0x180 [ 13.377424] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 13.377571] __asan_report_store1_noabort+0x1b/0x30 [ 13.377629] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 13.377690] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 13.377736] ? __schedule+0x10cc/0x2b60 [ 13.377791] ? __pfx_read_tsc+0x10/0x10 [ 13.377840] ? ktime_get_ts64+0x86/0x230 [ 13.377890] kunit_try_run_case+0x1a5/0x480 [ 13.377940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.377983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.378019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.378041] ? __kthread_parkme+0x82/0x180 [ 13.378063] ? preempt_count_sub+0x50/0x80 [ 13.378087] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.378109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.378131] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.378153] kthread+0x337/0x6f0 [ 13.378172] ? trace_preempt_on+0x20/0xc0 [ 13.378195] ? __pfx_kthread+0x10/0x10 [ 13.378215] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.378259] ? calculate_sigpending+0x7b/0xa0 [ 13.378283] ? __pfx_kthread+0x10/0x10 [ 13.378305] ret_from_fork+0x116/0x1d0 [ 13.378323] ? __pfx_kthread+0x10/0x10 [ 13.378359] ret_from_fork_asm+0x1a/0x30 [ 13.378393] </TASK> [ 13.378405] [ 13.389956] Allocated by task 160: [ 13.390188] kasan_save_stack+0x45/0x70 [ 13.390366] kasan_save_track+0x18/0x40 [ 13.390590] kasan_save_alloc_info+0x3b/0x50 [ 13.390907] __kasan_kmalloc+0xb7/0xc0 [ 13.391405] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 13.391760] kmalloc_track_caller_oob_right+0x19a/0x520 [ 13.391977] kunit_try_run_case+0x1a5/0x480 [ 13.392180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.392555] kthread+0x337/0x6f0 [ 13.392850] ret_from_fork+0x116/0x1d0 [ 13.393100] ret_from_fork_asm+0x1a/0x30 [ 13.393361] [ 13.393512] The buggy address belongs to the object at ffff888102b48d00 [ 13.393512] which belongs to the cache kmalloc-128 of size 128 [ 13.393895] The buggy address is located 0 bytes to the right of [ 13.393895] allocated 120-byte region [ffff888102b48d00, ffff888102b48d78) [ 13.394701] [ 13.394870] The buggy address belongs to the physical page: [ 13.395212] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b48 [ 13.396027] flags: 0x200000000000000(node=0|zone=2) [ 13.396281] page_type: f5(slab) [ 13.396610] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.396919] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.397300] page dumped because: kasan: bad access detected [ 13.397615] [ 13.397890] Memory state around the buggy address: [ 13.398093] ffff888102b48c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.398688] ffff888102b48c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.399012] >ffff888102b48d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 13.399260] ^ [ 13.399714] ffff888102b48d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.400347] ffff888102b48e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.400719] ==================================================================