Date
June 3, 2025, 7:38 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 17.972932] ================================================================== [ 17.973297] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 17.974187] Write of size 1 at addr fff00000c446ed73 by task kunit_try_catch/136 [ 17.974443] [ 17.975330] CPU: 1 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G N 6.15.0-next-20250603 #1 PREEMPT [ 17.975779] Tainted: [N]=TEST [ 17.976216] Hardware name: linux,dummy-virt (DT) [ 17.978817] Call trace: [ 17.980101] show_stack+0x20/0x38 (C) [ 17.980263] dump_stack_lvl+0x8c/0xd0 [ 17.980609] print_report+0x118/0x608 [ 17.980741] kasan_report+0xdc/0x128 [ 17.980789] __asan_report_store1_noabort+0x20/0x30 [ 17.980844] kmalloc_oob_right+0x5a4/0x660 [ 17.981080] kunit_try_run_case+0x170/0x3f0 [ 17.981205] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.981331] kthread+0x328/0x630 [ 17.981408] ret_from_fork+0x10/0x20 [ 17.982020] [ 17.982103] Allocated by task 136: [ 17.982264] kasan_save_stack+0x3c/0x68 [ 17.982604] kasan_save_track+0x20/0x40 [ 17.982679] kasan_save_alloc_info+0x40/0x58 [ 17.982770] __kasan_kmalloc+0xd4/0xd8 [ 17.982843] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.982885] kmalloc_oob_right+0xb0/0x660 [ 17.983196] kunit_try_run_case+0x170/0x3f0 [ 17.983302] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.983368] kthread+0x328/0x630 [ 17.983399] ret_from_fork+0x10/0x20 [ 17.983486] [ 17.983577] The buggy address belongs to the object at fff00000c446ed00 [ 17.983577] which belongs to the cache kmalloc-128 of size 128 [ 17.983869] The buggy address is located 0 bytes to the right of [ 17.983869] allocated 115-byte region [fff00000c446ed00, fff00000c446ed73) [ 17.983999] [ 17.984301] The buggy address belongs to the physical page: [ 17.984991] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10446e [ 17.985757] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.986577] page_type: f5(slab) [ 17.986989] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.987059] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.987194] page dumped because: kasan: bad access detected [ 17.987238] [ 17.987263] Memory state around the buggy address: [ 17.988172] fff00000c446ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.988421] fff00000c446ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.988519] >fff00000c446ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.988573] ^ [ 17.988903] fff00000c446ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.988968] fff00000c446ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.989102] ================================================================== [ 17.995177] ================================================================== [ 17.995223] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 17.995270] Read of size 1 at addr fff00000c446ed80 by task kunit_try_catch/136 [ 17.995317] [ 17.995345] CPU: 1 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 17.995450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.995476] Hardware name: linux,dummy-virt (DT) [ 17.995531] Call trace: [ 17.995552] show_stack+0x20/0x38 (C) [ 17.995600] dump_stack_lvl+0x8c/0xd0 [ 17.995833] print_report+0x118/0x608 [ 17.996014] kasan_report+0xdc/0x128 [ 17.996113] __asan_report_load1_noabort+0x20/0x30 [ 17.996172] kmalloc_oob_right+0x5d0/0x660 [ 17.996229] kunit_try_run_case+0x170/0x3f0 [ 17.996325] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.996688] kthread+0x328/0x630 [ 17.996845] ret_from_fork+0x10/0x20 [ 17.996994] [ 17.997068] Allocated by task 136: [ 17.997142] kasan_save_stack+0x3c/0x68 [ 17.997210] kasan_save_track+0x20/0x40 [ 17.997283] kasan_save_alloc_info+0x40/0x58 [ 17.997318] __kasan_kmalloc+0xd4/0xd8 [ 17.997352] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.997389] kmalloc_oob_right+0xb0/0x660 [ 17.997434] kunit_try_run_case+0x170/0x3f0 [ 17.997471] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.997706] kthread+0x328/0x630 [ 17.997785] ret_from_fork+0x10/0x20 [ 17.997831] [ 17.997903] The buggy address belongs to the object at fff00000c446ed00 [ 17.997903] which belongs to the cache kmalloc-128 of size 128 [ 17.997979] The buggy address is located 13 bytes to the right of [ 17.997979] allocated 115-byte region [fff00000c446ed00, fff00000c446ed73) [ 17.998092] [ 17.998151] The buggy address belongs to the physical page: [ 17.998188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10446e [ 17.998274] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.998451] page_type: f5(slab) [ 17.998509] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.998566] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.998604] page dumped because: kasan: bad access detected [ 17.998635] [ 17.998707] Memory state around the buggy address: [ 17.998826] fff00000c446ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.998962] fff00000c446ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.999070] >fff00000c446ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.999153] ^ [ 17.999220] fff00000c446ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.999300] fff00000c446ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.999408] ================================================================== [ 17.990239] ================================================================== [ 17.990286] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 17.990439] Write of size 1 at addr fff00000c446ed78 by task kunit_try_catch/136 [ 17.990552] [ 17.990587] CPU: 1 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 17.990698] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.990753] Hardware name: linux,dummy-virt (DT) [ 17.990785] Call trace: [ 17.990807] show_stack+0x20/0x38 (C) [ 17.990874] dump_stack_lvl+0x8c/0xd0 [ 17.991052] print_report+0x118/0x608 [ 17.991231] kasan_report+0xdc/0x128 [ 17.991295] __asan_report_store1_noabort+0x20/0x30 [ 17.991344] kmalloc_oob_right+0x538/0x660 [ 17.991441] kunit_try_run_case+0x170/0x3f0 [ 17.991488] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.991662] kthread+0x328/0x630 [ 17.991706] ret_from_fork+0x10/0x20 [ 17.991954] [ 17.992024] Allocated by task 136: [ 17.992096] kasan_save_stack+0x3c/0x68 [ 17.992151] kasan_save_track+0x20/0x40 [ 17.992269] kasan_save_alloc_info+0x40/0x58 [ 17.992328] __kasan_kmalloc+0xd4/0xd8 [ 17.992460] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.992530] kmalloc_oob_right+0xb0/0x660 [ 17.992565] kunit_try_run_case+0x170/0x3f0 [ 17.992886] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.992985] kthread+0x328/0x630 [ 17.993119] ret_from_fork+0x10/0x20 [ 17.993215] [ 17.993235] The buggy address belongs to the object at fff00000c446ed00 [ 17.993235] which belongs to the cache kmalloc-128 of size 128 [ 17.993682] The buggy address is located 5 bytes to the right of [ 17.993682] allocated 115-byte region [fff00000c446ed00, fff00000c446ed73) [ 17.993836] [ 17.993889] The buggy address belongs to the physical page: [ 17.993945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10446e [ 17.994010] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.994057] page_type: f5(slab) [ 17.994325] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.994394] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.994446] page dumped because: kasan: bad access detected [ 17.994476] [ 17.994516] Memory state around the buggy address: [ 17.994546] fff00000c446ec00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.994587] fff00000c446ec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.994650] >fff00000c446ed00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.994695] ^ [ 17.994739] fff00000c446ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.994787] fff00000c446ee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.994822] ==================================================================
[ 13.436590] ================================================================== [ 13.437447] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 13.437883] Write of size 1 at addr ffff888103324978 by task kunit_try_catch/153 [ 13.438379] [ 13.438507] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 13.438567] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.438582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.438607] Call Trace: [ 13.438632] <TASK> [ 13.438657] dump_stack_lvl+0x73/0xb0 [ 13.438692] print_report+0xd1/0x650 [ 13.438717] ? __virt_addr_valid+0x1db/0x2d0 [ 13.438744] ? kmalloc_oob_right+0x6bd/0x7f0 [ 13.438768] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.438792] ? kmalloc_oob_right+0x6bd/0x7f0 [ 13.438817] kasan_report+0x141/0x180 [ 13.438842] ? kmalloc_oob_right+0x6bd/0x7f0 [ 13.438870] __asan_report_store1_noabort+0x1b/0x30 [ 13.438895] kmalloc_oob_right+0x6bd/0x7f0 [ 13.438920] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 13.438945] ? __schedule+0x10cc/0x2b60 [ 13.438973] ? __pfx_read_tsc+0x10/0x10 [ 13.438997] ? ktime_get_ts64+0x86/0x230 [ 13.439026] kunit_try_run_case+0x1a5/0x480 [ 13.439051] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.439073] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.439099] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.439125] ? __kthread_parkme+0x82/0x180 [ 13.439148] ? preempt_count_sub+0x50/0x80 [ 13.439174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.439197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.439230] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.439268] kthread+0x337/0x6f0 [ 13.439291] ? trace_preempt_on+0x20/0xc0 [ 13.439368] ? __pfx_kthread+0x10/0x10 [ 13.439398] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.439425] ? calculate_sigpending+0x7b/0xa0 [ 13.439452] ? __pfx_kthread+0x10/0x10 [ 13.439489] ret_from_fork+0x116/0x1d0 [ 13.439511] ? __pfx_kthread+0x10/0x10 [ 13.439534] ret_from_fork_asm+0x1a/0x30 [ 13.439570] </TASK> [ 13.439584] [ 13.449697] Allocated by task 153: [ 13.450066] kasan_save_stack+0x45/0x70 [ 13.450340] kasan_save_track+0x18/0x40 [ 13.450562] kasan_save_alloc_info+0x3b/0x50 [ 13.450755] __kasan_kmalloc+0xb7/0xc0 [ 13.450969] __kmalloc_cache_noprof+0x189/0x420 [ 13.451116] kmalloc_oob_right+0xa9/0x7f0 [ 13.451269] kunit_try_run_case+0x1a5/0x480 [ 13.451536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.452189] kthread+0x337/0x6f0 [ 13.452386] ret_from_fork+0x116/0x1d0 [ 13.452570] ret_from_fork_asm+0x1a/0x30 [ 13.452882] [ 13.453004] The buggy address belongs to the object at ffff888103324900 [ 13.453004] which belongs to the cache kmalloc-128 of size 128 [ 13.453667] The buggy address is located 5 bytes to the right of [ 13.453667] allocated 115-byte region [ffff888103324900, ffff888103324973) [ 13.454357] [ 13.454428] The buggy address belongs to the physical page: [ 13.454656] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103324 [ 13.455100] flags: 0x200000000000000(node=0|zone=2) [ 13.455359] page_type: f5(slab) [ 13.455490] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.456272] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.456652] page dumped because: kasan: bad access detected [ 13.456853] [ 13.457000] Memory state around the buggy address: [ 13.457237] ffff888103324800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.457594] ffff888103324880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.457878] >ffff888103324900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.458063] ^ [ 13.458368] ffff888103324980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.458948] ffff888103324a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.459396] ================================================================== [ 13.402228] ================================================================== [ 13.402923] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 13.403961] Write of size 1 at addr ffff888103324973 by task kunit_try_catch/153 [ 13.404257] [ 13.405598] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 13.406470] Tainted: [N]=TEST [ 13.406536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.406927] Call Trace: [ 13.407065] <TASK> [ 13.407291] dump_stack_lvl+0x73/0xb0 [ 13.407432] print_report+0xd1/0x650 [ 13.407484] ? __virt_addr_valid+0x1db/0x2d0 [ 13.407519] ? kmalloc_oob_right+0x6f0/0x7f0 [ 13.407543] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.407567] ? kmalloc_oob_right+0x6f0/0x7f0 [ 13.407590] kasan_report+0x141/0x180 [ 13.407614] ? kmalloc_oob_right+0x6f0/0x7f0 [ 13.407641] __asan_report_store1_noabort+0x1b/0x30 [ 13.407664] kmalloc_oob_right+0x6f0/0x7f0 [ 13.407688] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 13.407712] ? __schedule+0x10cc/0x2b60 [ 13.407737] ? __pfx_read_tsc+0x10/0x10 [ 13.407762] ? ktime_get_ts64+0x86/0x230 [ 13.407796] kunit_try_run_case+0x1a5/0x480 [ 13.407831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.407852] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.407880] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.407905] ? __kthread_parkme+0x82/0x180 [ 13.407930] ? preempt_count_sub+0x50/0x80 [ 13.407956] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.407979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.408004] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.408030] kthread+0x337/0x6f0 [ 13.408051] ? trace_preempt_on+0x20/0xc0 [ 13.408077] ? __pfx_kthread+0x10/0x10 [ 13.408099] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.408122] ? calculate_sigpending+0x7b/0xa0 [ 13.408148] ? __pfx_kthread+0x10/0x10 [ 13.408171] ret_from_fork+0x116/0x1d0 [ 13.408192] ? __pfx_kthread+0x10/0x10 [ 13.408214] ret_from_fork_asm+0x1a/0x30 [ 13.408279] </TASK> [ 13.408365] [ 13.420946] Allocated by task 153: [ 13.421296] kasan_save_stack+0x45/0x70 [ 13.421658] kasan_save_track+0x18/0x40 [ 13.421926] kasan_save_alloc_info+0x3b/0x50 [ 13.422247] __kasan_kmalloc+0xb7/0xc0 [ 13.422551] __kmalloc_cache_noprof+0x189/0x420 [ 13.423048] kmalloc_oob_right+0xa9/0x7f0 [ 13.424021] kunit_try_run_case+0x1a5/0x480 [ 13.424390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.424777] kthread+0x337/0x6f0 [ 13.425062] ret_from_fork+0x116/0x1d0 [ 13.425303] ret_from_fork_asm+0x1a/0x30 [ 13.425637] [ 13.426685] The buggy address belongs to the object at ffff888103324900 [ 13.426685] which belongs to the cache kmalloc-128 of size 128 [ 13.427255] The buggy address is located 0 bytes to the right of [ 13.427255] allocated 115-byte region [ffff888103324900, ffff888103324973) [ 13.427807] [ 13.428033] The buggy address belongs to the physical page: [ 13.428595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103324 [ 13.429323] flags: 0x200000000000000(node=0|zone=2) [ 13.430095] page_type: f5(slab) [ 13.430719] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.431166] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.431612] page dumped because: kasan: bad access detected [ 13.431805] [ 13.431975] Memory state around the buggy address: [ 13.432499] ffff888103324800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.432909] ffff888103324880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.433671] >ffff888103324900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.434000] ^ [ 13.434211] ffff888103324980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.434359] ffff888103324a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.435199] ================================================================== [ 13.460302] ================================================================== [ 13.460647] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 13.461068] Read of size 1 at addr ffff888103324980 by task kunit_try_catch/153 [ 13.461420] [ 13.461572] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 13.461630] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.461644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.461671] Call Trace: [ 13.461858] <TASK> [ 13.461889] dump_stack_lvl+0x73/0xb0 [ 13.461926] print_report+0xd1/0x650 [ 13.461953] ? __virt_addr_valid+0x1db/0x2d0 [ 13.461982] ? kmalloc_oob_right+0x68a/0x7f0 [ 13.462005] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.462028] ? kmalloc_oob_right+0x68a/0x7f0 [ 13.462052] kasan_report+0x141/0x180 [ 13.462076] ? kmalloc_oob_right+0x68a/0x7f0 [ 13.462105] __asan_report_load1_noabort+0x18/0x20 [ 13.462128] kmalloc_oob_right+0x68a/0x7f0 [ 13.462152] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 13.462178] ? __schedule+0x10cc/0x2b60 [ 13.462207] ? __pfx_read_tsc+0x10/0x10 [ 13.462234] ? ktime_get_ts64+0x86/0x230 [ 13.462262] kunit_try_run_case+0x1a5/0x480 [ 13.462286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.462307] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.462354] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.462382] ? __kthread_parkme+0x82/0x180 [ 13.462405] ? preempt_count_sub+0x50/0x80 [ 13.462433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.462464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.462495] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.462522] kthread+0x337/0x6f0 [ 13.462543] ? trace_preempt_on+0x20/0xc0 [ 13.462570] ? __pfx_kthread+0x10/0x10 [ 13.462592] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.462616] ? calculate_sigpending+0x7b/0xa0 [ 13.462644] ? __pfx_kthread+0x10/0x10 [ 13.462667] ret_from_fork+0x116/0x1d0 [ 13.462703] ? __pfx_kthread+0x10/0x10 [ 13.462727] ret_from_fork_asm+0x1a/0x30 [ 13.462766] </TASK> [ 13.462780] [ 13.474662] Allocated by task 153: [ 13.475038] kasan_save_stack+0x45/0x70 [ 13.475435] kasan_save_track+0x18/0x40 [ 13.475783] kasan_save_alloc_info+0x3b/0x50 [ 13.475970] __kasan_kmalloc+0xb7/0xc0 [ 13.476275] __kmalloc_cache_noprof+0x189/0x420 [ 13.476450] kmalloc_oob_right+0xa9/0x7f0 [ 13.476877] kunit_try_run_case+0x1a5/0x480 [ 13.477185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.477492] kthread+0x337/0x6f0 [ 13.477627] ret_from_fork+0x116/0x1d0 [ 13.478196] ret_from_fork_asm+0x1a/0x30 [ 13.478598] [ 13.478975] The buggy address belongs to the object at ffff888103324900 [ 13.478975] which belongs to the cache kmalloc-128 of size 128 [ 13.479493] The buggy address is located 13 bytes to the right of [ 13.479493] allocated 115-byte region [ffff888103324900, ffff888103324973) [ 13.480252] [ 13.480325] The buggy address belongs to the physical page: [ 13.480449] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103324 [ 13.481138] flags: 0x200000000000000(node=0|zone=2) [ 13.481381] page_type: f5(slab) [ 13.481614] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.482535] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.483023] page dumped because: kasan: bad access detected [ 13.483301] [ 13.483543] Memory state around the buggy address: [ 13.483791] ffff888103324880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.484260] ffff888103324900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.484469] >ffff888103324980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.485073] ^ [ 13.485325] ffff888103324a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.485688] ffff888103324a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.485972] ==================================================================
[ 16.662204] ================================================================== [ 16.669438] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 16.676414] Write of size 1 at addr ffff88810478c473 by task kunit_try_catch/176 [ 16.683806] [ 16.685309] CPU: 2 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G S N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 16.685318] Tainted: [S]=CPU_OUT_OF_SPEC, [N]=TEST [ 16.685320] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 16.685324] Call Trace: [ 16.685326] <TASK> [ 16.685328] dump_stack_lvl+0x73/0xb0 [ 16.685333] print_report+0xd1/0x650 [ 16.685338] ? __virt_addr_valid+0x1db/0x2d0 [ 16.685357] ? kmalloc_oob_right+0x6f0/0x7f0 [ 16.685361] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.685366] ? kmalloc_oob_right+0x6f0/0x7f0 [ 16.685370] kasan_report+0x141/0x180 [ 16.685374] ? kmalloc_oob_right+0x6f0/0x7f0 [ 16.685391] __asan_report_store1_noabort+0x1b/0x30 [ 16.685395] kmalloc_oob_right+0x6f0/0x7f0 [ 16.685399] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 16.685403] ? __schedule+0x10cc/0x2b60 [ 16.685408] ? ktime_get_ts64+0x83/0x230 [ 16.685413] kunit_try_run_case+0x1a2/0x480 [ 16.685417] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.685421] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.685426] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.685430] ? __kthread_parkme+0x82/0x180 [ 16.685434] ? preempt_count_sub+0x50/0x80 [ 16.685439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.685442] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 16.685447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.685452] kthread+0x334/0x6f0 [ 16.685455] ? trace_preempt_on+0x20/0xc0 [ 16.685460] ? __pfx_kthread+0x10/0x10 [ 16.685463] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.685468] ? calculate_sigpending+0x7b/0xa0 [ 16.685472] ? __pfx_kthread+0x10/0x10 [ 16.685476] ret_from_fork+0x113/0x1d0 [ 16.685480] ? __pfx_kthread+0x10/0x10 [ 16.685484] ret_from_fork_asm+0x1a/0x30 [ 16.685490] </TASK> [ 16.685492] [ 16.850092] Allocated by task 176: [ 16.853500] kasan_save_stack+0x45/0x70 [ 16.857337] kasan_save_track+0x18/0x40 [ 16.861204] kasan_save_alloc_info+0x3b/0x50 [ 16.865476] __kasan_kmalloc+0xb7/0xc0 [ 16.869227] __kmalloc_cache_noprof+0x189/0x420 [ 16.873762] kmalloc_oob_right+0xa9/0x7f0 [ 16.877783] kunit_try_run_case+0x1a2/0x480 [ 16.881975] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 16.887375] kthread+0x334/0x6f0 [ 16.890635] ret_from_fork+0x113/0x1d0 [ 16.894410] ret_from_fork_asm+0x1a/0x30 [ 16.898339] [ 16.899865] The buggy address belongs to the object at ffff88810478c400 [ 16.899865] which belongs to the cache kmalloc-128 of size 128 [ 16.912393] The buggy address is located 0 bytes to the right of [ 16.912393] allocated 115-byte region [ffff88810478c400, ffff88810478c473) [ 16.925357] [ 16.926861] The buggy address belongs to the physical page: [ 16.932433] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10478c [ 16.940431] flags: 0x200000000000000(node=0|zone=2) [ 16.945311] page_type: f5(slab) [ 16.948460] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 16.956206] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.963943] page dumped because: kasan: bad access detected [ 16.969518] [ 16.971015] Memory state around the buggy address: [ 16.975810] ffff88810478c300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.983028] ffff88810478c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.990247] >ffff88810478c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.997466] ^ [ 17.004354] ffff88810478c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.011585] ffff88810478c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.018803] ================================================================== [ 17.396482] ================================================================== [ 17.403711] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 17.410676] Read of size 1 at addr ffff88810478c480 by task kunit_try_catch/176 [ 17.417985] [ 17.419484] CPU: 2 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 17.419492] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 17.419495] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 17.419498] Call Trace: [ 17.419500] <TASK> [ 17.419501] dump_stack_lvl+0x73/0xb0 [ 17.419505] print_report+0xd1/0x650 [ 17.419509] ? __virt_addr_valid+0x1db/0x2d0 [ 17.419513] ? kmalloc_oob_right+0x68a/0x7f0 [ 17.419517] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.419521] ? kmalloc_oob_right+0x68a/0x7f0 [ 17.419525] kasan_report+0x141/0x180 [ 17.419529] ? kmalloc_oob_right+0x68a/0x7f0 [ 17.419533] __asan_report_load1_noabort+0x18/0x20 [ 17.419537] kmalloc_oob_right+0x68a/0x7f0 [ 17.419541] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 17.419545] ? __schedule+0x10cc/0x2b60 [ 17.419550] ? ktime_get_ts64+0x83/0x230 [ 17.419554] kunit_try_run_case+0x1a2/0x480 [ 17.419557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.419561] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.419565] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.419570] ? __kthread_parkme+0x82/0x180 [ 17.419573] ? preempt_count_sub+0x50/0x80 [ 17.419577] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.419581] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 17.419585] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.419590] kthread+0x334/0x6f0 [ 17.419593] ? trace_preempt_on+0x20/0xc0 [ 17.419597] ? __pfx_kthread+0x10/0x10 [ 17.419601] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.419605] ? calculate_sigpending+0x7b/0xa0 [ 17.419609] ? __pfx_kthread+0x10/0x10 [ 17.419613] ret_from_fork+0x113/0x1d0 [ 17.419616] ? __pfx_kthread+0x10/0x10 [ 17.419620] ret_from_fork_asm+0x1a/0x30 [ 17.419625] </TASK> [ 17.419627] [ 17.585291] Allocated by task 176: [ 17.588696] kasan_save_stack+0x45/0x70 [ 17.592537] kasan_save_track+0x18/0x40 [ 17.596374] kasan_save_alloc_info+0x3b/0x50 [ 17.600672] __kasan_kmalloc+0xb7/0xc0 [ 17.604426] __kmalloc_cache_noprof+0x189/0x420 [ 17.608960] kmalloc_oob_right+0xa9/0x7f0 [ 17.612973] kunit_try_run_case+0x1a2/0x480 [ 17.617156] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 17.622556] kthread+0x334/0x6f0 [ 17.625789] ret_from_fork+0x113/0x1d0 [ 17.629541] ret_from_fork_asm+0x1a/0x30 [ 17.633467] [ 17.634965] The buggy address belongs to the object at ffff88810478c400 [ 17.634965] which belongs to the cache kmalloc-128 of size 128 [ 17.647472] The buggy address is located 13 bytes to the right of [ 17.647472] allocated 115-byte region [ffff88810478c400, ffff88810478c473) [ 17.660508] [ 17.662008] The buggy address belongs to the physical page: [ 17.667579] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10478c [ 17.675579] flags: 0x200000000000000(node=0|zone=2) [ 17.680457] page_type: f5(slab) [ 17.683604] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 17.691357] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.699125] page dumped because: kasan: bad access detected [ 17.704698] [ 17.706195] Memory state around the buggy address: [ 17.710991] ffff88810478c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.718208] ffff88810478c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.725429] >ffff88810478c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.732647] ^ [ 17.735881] ffff88810478c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.743101] ffff88810478c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.750319] ================================================================== [ 17.031443] ================================================================== [ 17.038668] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 17.045628] Write of size 1 at addr ffff88810478c478 by task kunit_try_catch/176 [ 17.053026] [ 17.054528] CPU: 2 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 17.054536] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 17.054539] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 17.054542] Call Trace: [ 17.054544] <TASK> [ 17.054545] dump_stack_lvl+0x73/0xb0 [ 17.054549] print_report+0xd1/0x650 [ 17.054553] ? __virt_addr_valid+0x1db/0x2d0 [ 17.054557] ? kmalloc_oob_right+0x6bd/0x7f0 [ 17.054561] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.054565] ? kmalloc_oob_right+0x6bd/0x7f0 [ 17.054569] kasan_report+0x141/0x180 [ 17.054573] ? kmalloc_oob_right+0x6bd/0x7f0 [ 17.054578] __asan_report_store1_noabort+0x1b/0x30 [ 17.054582] kmalloc_oob_right+0x6bd/0x7f0 [ 17.054586] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 17.054590] ? __schedule+0x10cc/0x2b60 [ 17.054594] ? ktime_get_ts64+0x83/0x230 [ 17.054598] kunit_try_run_case+0x1a2/0x480 [ 17.054602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.054605] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.054610] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.054614] ? __kthread_parkme+0x82/0x180 [ 17.054618] ? preempt_count_sub+0x50/0x80 [ 17.054622] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.054626] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 17.054630] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.054635] kthread+0x334/0x6f0 [ 17.054638] ? trace_preempt_on+0x20/0xc0 [ 17.054642] ? __pfx_kthread+0x10/0x10 [ 17.054646] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.054650] ? calculate_sigpending+0x7b/0xa0 [ 17.054654] ? __pfx_kthread+0x10/0x10 [ 17.054658] ret_from_fork+0x113/0x1d0 [ 17.054661] ? __pfx_kthread+0x10/0x10 [ 17.054665] ret_from_fork_asm+0x1a/0x30 [ 17.054671] </TASK> [ 17.054672] [ 17.220411] Allocated by task 176: [ 17.223817] kasan_save_stack+0x45/0x70 [ 17.227657] kasan_save_track+0x18/0x40 [ 17.231496] kasan_save_alloc_info+0x3b/0x50 [ 17.235769] __kasan_kmalloc+0xb7/0xc0 [ 17.239521] __kmalloc_cache_noprof+0x189/0x420 [ 17.244055] kmalloc_oob_right+0xa9/0x7f0 [ 17.248066] kunit_try_run_case+0x1a2/0x480 [ 17.252253] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 17.257651] kthread+0x334/0x6f0 [ 17.260887] ret_from_fork+0x113/0x1d0 [ 17.264639] ret_from_fork_asm+0x1a/0x30 [ 17.268563] [ 17.270063] The buggy address belongs to the object at ffff88810478c400 [ 17.270063] which belongs to the cache kmalloc-128 of size 128 [ 17.282579] The buggy address is located 5 bytes to the right of [ 17.282579] allocated 115-byte region [ffff88810478c400, ffff88810478c473) [ 17.295525] [ 17.297025] The buggy address belongs to the physical page: [ 17.302599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10478c [ 17.310606] flags: 0x200000000000000(node=0|zone=2) [ 17.315484] page_type: f5(slab) [ 17.318633] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 17.326378] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.334143] page dumped because: kasan: bad access detected [ 17.339717] [ 17.341214] Memory state around the buggy address: [ 17.346008] ffff88810478c300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.353227] ffff88810478c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.360447] >ffff88810478c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.367666] ^ [ 17.374797] ffff88810478c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.382018] ffff88810478c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.389236] ==================================================================