Date
May 29, 2025, 7:10 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 20.999129] ================================================================== [ 20.999263] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 20.999383] Write of size 1 at addr fff00000c6394c78 by task kunit_try_catch/142 [ 20.999504] [ 20.999586] CPU: 0 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 20.999793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.999857] Hardware name: linux,dummy-virt (DT) [ 20.999931] Call trace: [ 20.999985] show_stack+0x20/0x38 (C) [ 21.000107] dump_stack_lvl+0x8c/0xd0 [ 21.000222] print_report+0x118/0x608 [ 21.000335] kasan_report+0xdc/0x128 [ 21.000494] __asan_report_store1_noabort+0x20/0x30 [ 21.000626] kmalloc_track_caller_oob_right+0x418/0x488 [ 21.000797] kunit_try_run_case+0x170/0x3f0 [ 21.000916] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.001046] kthread+0x328/0x630 [ 21.001147] ret_from_fork+0x10/0x20 [ 21.001265] [ 21.001315] Allocated by task 142: [ 21.001445] kasan_save_stack+0x3c/0x68 [ 21.001538] kasan_save_track+0x20/0x40 [ 21.001623] kasan_save_alloc_info+0x40/0x58 [ 21.001713] __kasan_kmalloc+0xd4/0xd8 [ 21.001806] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 21.002502] kmalloc_track_caller_oob_right+0x184/0x488 [ 21.002681] kunit_try_run_case+0x170/0x3f0 [ 21.002914] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.003075] kthread+0x328/0x630 [ 21.003183] ret_from_fork+0x10/0x20 [ 21.003304] [ 21.003349] The buggy address belongs to the object at fff00000c6394c00 [ 21.003349] which belongs to the cache kmalloc-128 of size 128 [ 21.003669] The buggy address is located 0 bytes to the right of [ 21.003669] allocated 120-byte region [fff00000c6394c00, fff00000c6394c78) [ 21.003998] [ 21.004043] The buggy address belongs to the physical page: [ 21.004103] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106394 [ 21.004214] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.005702] page_type: f5(slab) [ 21.005886] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.006073] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.006320] page dumped because: kasan: bad access detected [ 21.006529] [ 21.006643] Memory state around the buggy address: [ 21.006770] fff00000c6394b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.006888] fff00000c6394b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.006997] >fff00000c6394c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.007090] ^ [ 21.007182] fff00000c6394c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.007263] fff00000c6394d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.007725] ================================================================== [ 20.991538] ================================================================== [ 20.991707] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 20.991849] Write of size 1 at addr fff00000c6394b78 by task kunit_try_catch/142 [ 20.991972] [ 20.992055] CPU: 0 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT [ 20.992250] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.992310] Hardware name: linux,dummy-virt (DT) [ 20.992383] Call trace: [ 20.992452] show_stack+0x20/0x38 (C) [ 20.992579] dump_stack_lvl+0x8c/0xd0 [ 20.992696] print_report+0x118/0x608 [ 20.992808] kasan_report+0xdc/0x128 [ 20.992918] __asan_report_store1_noabort+0x20/0x30 [ 20.993036] kmalloc_track_caller_oob_right+0x40c/0x488 [ 20.993168] kunit_try_run_case+0x170/0x3f0 [ 20.993290] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.993442] kthread+0x328/0x630 [ 20.993542] ret_from_fork+0x10/0x20 [ 20.993659] [ 20.993704] Allocated by task 142: [ 20.993774] kasan_save_stack+0x3c/0x68 [ 20.993911] kasan_save_track+0x20/0x40 [ 20.994047] kasan_save_alloc_info+0x40/0x58 [ 20.994175] __kasan_kmalloc+0xd4/0xd8 [ 20.994319] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 20.994500] kmalloc_track_caller_oob_right+0xa8/0x488 [ 20.994606] kunit_try_run_case+0x170/0x3f0 [ 20.994713] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.994829] kthread+0x328/0x630 [ 20.994918] ret_from_fork+0x10/0x20 [ 20.995014] [ 20.995064] The buggy address belongs to the object at fff00000c6394b00 [ 20.995064] which belongs to the cache kmalloc-128 of size 128 [ 20.995185] The buggy address is located 0 bytes to the right of [ 20.995185] allocated 120-byte region [fff00000c6394b00, fff00000c6394b78) [ 20.995336] [ 20.995368] The buggy address belongs to the physical page: [ 20.995427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106394 [ 20.995493] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.995554] page_type: f5(slab) [ 20.995603] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.995659] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.995703] page dumped because: kasan: bad access detected [ 20.995737] [ 20.995757] Memory state around the buggy address: [ 20.995793] fff00000c6394a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.995840] fff00000c6394a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.995886] >fff00000c6394b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.995927] ^ [ 20.995970] fff00000c6394b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.996015] fff00000c6394c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.996055] ==================================================================
[ 10.317376] ================================================================== [ 10.318502] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.318794] Write of size 1 at addr ffff888102896878 by task kunit_try_catch/159 [ 10.319027] [ 10.319119] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250529 #1 PREEMPT(voluntary) [ 10.319164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.319177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.319197] Call Trace: [ 10.319209] <TASK> [ 10.319224] dump_stack_lvl+0x73/0xb0 [ 10.319249] print_report+0xd1/0x650 [ 10.319271] ? __virt_addr_valid+0x1db/0x2d0 [ 10.319293] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.319317] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.319339] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.319364] kasan_report+0x141/0x180 [ 10.319386] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.319416] __asan_report_store1_noabort+0x1b/0x30 [ 10.319436] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.319462] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.319489] ? __schedule+0x10cc/0x2b60 [ 10.319511] ? __pfx_read_tsc+0x10/0x10 [ 10.319532] ? ktime_get_ts64+0x86/0x230 [ 10.319555] kunit_try_run_case+0x1a5/0x480 [ 10.319576] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.319595] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.319629] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.319653] ? __kthread_parkme+0x82/0x180 [ 10.319673] ? preempt_count_sub+0x50/0x80 [ 10.319696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.319717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.319740] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.319764] kthread+0x337/0x6f0 [ 10.319783] ? trace_preempt_on+0x20/0xc0 [ 10.319805] ? __pfx_kthread+0x10/0x10 [ 10.319826] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.319848] ? calculate_sigpending+0x7b/0xa0 [ 10.319911] ? __pfx_kthread+0x10/0x10 [ 10.319944] ret_from_fork+0x116/0x1d0 [ 10.319962] ? __pfx_kthread+0x10/0x10 [ 10.319983] ret_from_fork_asm+0x1a/0x30 [ 10.320013] </TASK> [ 10.320023] [ 10.331532] Allocated by task 159: [ 10.331723] kasan_save_stack+0x45/0x70 [ 10.331920] kasan_save_track+0x18/0x40 [ 10.332118] kasan_save_alloc_info+0x3b/0x50 [ 10.332362] __kasan_kmalloc+0xb7/0xc0 [ 10.332559] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.332886] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.333204] kunit_try_run_case+0x1a5/0x480 [ 10.333398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.333655] kthread+0x337/0x6f0 [ 10.333940] ret_from_fork+0x116/0x1d0 [ 10.334154] ret_from_fork_asm+0x1a/0x30 [ 10.334325] [ 10.334444] The buggy address belongs to the object at ffff888102896800 [ 10.334444] which belongs to the cache kmalloc-128 of size 128 [ 10.335026] The buggy address is located 0 bytes to the right of [ 10.335026] allocated 120-byte region [ffff888102896800, ffff888102896878) [ 10.335507] [ 10.335581] The buggy address belongs to the physical page: [ 10.336361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102896 [ 10.336722] flags: 0x200000000000000(node=0|zone=2) [ 10.336991] page_type: f5(slab) [ 10.337119] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.337457] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.337875] page dumped because: kasan: bad access detected [ 10.338142] [ 10.338241] Memory state around the buggy address: [ 10.338424] ffff888102896700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.338745] ffff888102896780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.339091] >ffff888102896800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.339406] ^ [ 10.339706] ffff888102896880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.339996] ffff888102896900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.340310] ==================================================================