Date
June 3, 2025, 7:38 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 | |
| x86 |
[ 18.094655] ================================================================== [ 18.094715] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 18.094877] Write of size 1 at addr fff00000c446ee78 by task kunit_try_catch/142 [ 18.094927] [ 18.095037] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.095145] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.095172] Hardware name: linux,dummy-virt (DT) [ 18.095225] Call trace: [ 18.095265] show_stack+0x20/0x38 (C) [ 18.095342] dump_stack_lvl+0x8c/0xd0 [ 18.095503] print_report+0x118/0x608 [ 18.095562] kasan_report+0xdc/0x128 [ 18.095607] __asan_report_store1_noabort+0x20/0x30 [ 18.095673] kmalloc_track_caller_oob_right+0x40c/0x488 [ 18.095723] kunit_try_run_case+0x170/0x3f0 [ 18.095771] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.095823] kthread+0x328/0x630 [ 18.095868] ret_from_fork+0x10/0x20 [ 18.096111] [ 18.096177] Allocated by task 142: [ 18.096238] kasan_save_stack+0x3c/0x68 [ 18.096298] kasan_save_track+0x20/0x40 [ 18.096377] kasan_save_alloc_info+0x40/0x58 [ 18.096442] __kasan_kmalloc+0xd4/0xd8 [ 18.096506] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 18.096564] kmalloc_track_caller_oob_right+0xa8/0x488 [ 18.096615] kunit_try_run_case+0x170/0x3f0 [ 18.096653] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.096694] kthread+0x328/0x630 [ 18.096764] ret_from_fork+0x10/0x20 [ 18.096982] [ 18.097082] The buggy address belongs to the object at fff00000c446ee00 [ 18.097082] which belongs to the cache kmalloc-128 of size 128 [ 18.097241] The buggy address is located 0 bytes to the right of [ 18.097241] allocated 120-byte region [fff00000c446ee00, fff00000c446ee78) [ 18.097340] [ 18.097388] The buggy address belongs to the physical page: [ 18.097491] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10446e [ 18.097595] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.097674] page_type: f5(slab) [ 18.097714] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.097789] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.097990] page dumped because: kasan: bad access detected [ 18.098061] [ 18.098226] Memory state around the buggy address: [ 18.098318] fff00000c446ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.098371] fff00000c446ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.098451] >fff00000c446ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.098531] ^ [ 18.098624] fff00000c446ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.098664] fff00000c446ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.098838] ================================================================== [ 18.100443] ================================================================== [ 18.100539] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 18.100591] Write of size 1 at addr fff00000c446ef78 by task kunit_try_catch/142 [ 18.100640] [ 18.100668] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT [ 18.100748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.100773] Hardware name: linux,dummy-virt (DT) [ 18.100832] Call trace: [ 18.100881] show_stack+0x20/0x38 (C) [ 18.100956] dump_stack_lvl+0x8c/0xd0 [ 18.101012] print_report+0x118/0x608 [ 18.101068] kasan_report+0xdc/0x128 [ 18.101113] __asan_report_store1_noabort+0x20/0x30 [ 18.101159] kmalloc_track_caller_oob_right+0x418/0x488 [ 18.101209] kunit_try_run_case+0x170/0x3f0 [ 18.101255] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.101373] kthread+0x328/0x630 [ 18.101522] ret_from_fork+0x10/0x20 [ 18.101587] [ 18.101623] Allocated by task 142: [ 18.101650] kasan_save_stack+0x3c/0x68 [ 18.101708] kasan_save_track+0x20/0x40 [ 18.101765] kasan_save_alloc_info+0x40/0x58 [ 18.101829] __kasan_kmalloc+0xd4/0xd8 [ 18.101865] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 18.101915] kmalloc_track_caller_oob_right+0x184/0x488 [ 18.101980] kunit_try_run_case+0x170/0x3f0 [ 18.102105] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.102164] kthread+0x328/0x630 [ 18.102195] ret_from_fork+0x10/0x20 [ 18.102234] [ 18.102253] The buggy address belongs to the object at fff00000c446ef00 [ 18.102253] which belongs to the cache kmalloc-128 of size 128 [ 18.102307] The buggy address is located 0 bytes to the right of [ 18.102307] allocated 120-byte region [fff00000c446ef00, fff00000c446ef78) [ 18.102368] [ 18.102386] The buggy address belongs to the physical page: [ 18.102413] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10446e [ 18.102473] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.102655] page_type: f5(slab) [ 18.102815] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 18.102869] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.102926] page dumped because: kasan: bad access detected [ 18.102956] [ 18.103170] Memory state around the buggy address: [ 18.103222] fff00000c446ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.103282] fff00000c446ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.103340] >fff00000c446ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.103468] ^ [ 18.103545] fff00000c446ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.103586] fff00000c446f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.103645] ==================================================================
[ 13.570876] ================================================================== [ 13.571687] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 13.572489] Write of size 1 at addr ffff888103324a78 by task kunit_try_catch/159 [ 13.572742] [ 13.572894] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 13.572982] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.573005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.573047] Call Trace: [ 13.573072] <TASK> [ 13.573108] dump_stack_lvl+0x73/0xb0 [ 13.573170] print_report+0xd1/0x650 [ 13.573210] ? __virt_addr_valid+0x1db/0x2d0 [ 13.573251] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 13.573293] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.573368] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 13.573415] kasan_report+0x141/0x180 [ 13.573467] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 13.573524] __asan_report_store1_noabort+0x1b/0x30 [ 13.573569] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 13.573618] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 13.573669] ? __schedule+0x10cc/0x2b60 [ 13.573721] ? __pfx_read_tsc+0x10/0x10 [ 13.573769] ? ktime_get_ts64+0x86/0x230 [ 13.573824] kunit_try_run_case+0x1a5/0x480 [ 13.573871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.573962] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.574023] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.574067] ? __kthread_parkme+0x82/0x180 [ 13.574110] ? preempt_count_sub+0x50/0x80 [ 13.574159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.574302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.574349] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.574408] kthread+0x337/0x6f0 [ 13.574448] ? trace_preempt_on+0x20/0xc0 [ 13.574499] ? __pfx_kthread+0x10/0x10 [ 13.574536] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.574584] ? calculate_sigpending+0x7b/0xa0 [ 13.574635] ? __pfx_kthread+0x10/0x10 [ 13.574711] ret_from_fork+0x116/0x1d0 [ 13.574760] ? __pfx_kthread+0x10/0x10 [ 13.574809] ret_from_fork_asm+0x1a/0x30 [ 13.574882] </TASK> [ 13.574910] [ 13.592034] Allocated by task 159: [ 13.592412] kasan_save_stack+0x45/0x70 [ 13.592939] kasan_save_track+0x18/0x40 [ 13.593351] kasan_save_alloc_info+0x3b/0x50 [ 13.593664] __kasan_kmalloc+0xb7/0xc0 [ 13.594042] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 13.594492] kmalloc_track_caller_oob_right+0x99/0x520 [ 13.595043] kunit_try_run_case+0x1a5/0x480 [ 13.595497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.595984] kthread+0x337/0x6f0 [ 13.596319] ret_from_fork+0x116/0x1d0 [ 13.596599] ret_from_fork_asm+0x1a/0x30 [ 13.596996] [ 13.597198] The buggy address belongs to the object at ffff888103324a00 [ 13.597198] which belongs to the cache kmalloc-128 of size 128 [ 13.598064] The buggy address is located 0 bytes to the right of [ 13.598064] allocated 120-byte region [ffff888103324a00, ffff888103324a78) [ 13.598598] [ 13.598789] The buggy address belongs to the physical page: [ 13.599352] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103324 [ 13.600080] flags: 0x200000000000000(node=0|zone=2) [ 13.600397] page_type: f5(slab) [ 13.600800] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.601289] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.601791] page dumped because: kasan: bad access detected [ 13.602279] [ 13.602407] Memory state around the buggy address: [ 13.602657] ffff888103324900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.603251] ffff888103324980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.603995] >ffff888103324a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 13.604583] ^ [ 13.605034] ffff888103324a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.605366] ffff888103324b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.606107] ==================================================================
[ 18.540969] ================================================================== [ 18.552389] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 18.560499] Write of size 1 at addr ffff888100add578 by task kunit_try_catch/182 [ 18.567893] [ 18.569415] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G S B N 6.15.0-next-20250603 #1 PREEMPT(voluntary) [ 18.569424] Tainted: [S]=CPU_OUT_OF_SPEC, [B]=BAD_PAGE, [N]=TEST [ 18.569426] Hardware name: Supermicro SYS-5019S-ML/X11SSH-F, BIOS 2.7 12/07/2021 [ 18.569430] Call Trace: [ 18.569431] <TASK> [ 18.569433] dump_stack_lvl+0x73/0xb0 [ 18.569437] print_report+0xd1/0x650 [ 18.569441] ? __virt_addr_valid+0x1db/0x2d0 [ 18.569445] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 18.569449] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.569453] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 18.569458] kasan_report+0x141/0x180 [ 18.569462] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 18.569468] __asan_report_store1_noabort+0x1b/0x30 [ 18.569471] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 18.569476] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 18.569481] ? __schedule+0x10cc/0x2b60 [ 18.569486] ? ktime_get_ts64+0x83/0x230 [ 18.569490] kunit_try_run_case+0x1a2/0x480 [ 18.569493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.569497] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.569501] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.569506] ? __kthread_parkme+0x82/0x180 [ 18.569509] ? preempt_count_sub+0x50/0x80 [ 18.569513] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.569517] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 18.569521] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.569526] kthread+0x334/0x6f0 [ 18.569529] ? trace_preempt_on+0x20/0xc0 [ 18.569533] ? __pfx_kthread+0x10/0x10 [ 18.569537] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.569541] ? calculate_sigpending+0x7b/0xa0 [ 18.569546] ? __pfx_kthread+0x10/0x10 [ 18.569549] ret_from_fork+0x113/0x1d0 [ 18.569552] ? __pfx_kthread+0x10/0x10 [ 18.569556] ret_from_fork_asm+0x1a/0x30 [ 18.569562] </TASK> [ 18.569563] [ 18.741013] Allocated by task 182: [ 18.744428] kasan_save_stack+0x45/0x70 [ 18.748269] kasan_save_track+0x18/0x40 [ 18.752107] kasan_save_alloc_info+0x3b/0x50 [ 18.756425] __kasan_kmalloc+0xb7/0xc0 [ 18.760211] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 18.765781] kmalloc_track_caller_oob_right+0x99/0x520 [ 18.770923] kunit_try_run_case+0x1a2/0x480 [ 18.775107] kunit_generic_run_threadfn_adapter+0x82/0xf0 [ 18.780508] kthread+0x334/0x6f0 [ 18.783739] ret_from_fork+0x113/0x1d0 [ 18.787491] ret_from_fork_asm+0x1a/0x30 [ 18.791436] [ 18.792953] The buggy address belongs to the object at ffff888100add500 [ 18.792953] which belongs to the cache kmalloc-128 of size 128 [ 18.805466] The buggy address is located 0 bytes to the right of [ 18.805466] allocated 120-byte region [ffff888100add500, ffff888100add578) [ 18.818417] [ 18.819913] The buggy address belongs to the physical page: [ 18.825486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100add [ 18.833494] flags: 0x200000000000000(node=0|zone=2) [ 18.838384] page_type: f5(slab) [ 18.841530] raw: 0200000000000000 ffff888100042a00 dead000000000122 0000000000000000 [ 18.849276] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.857014] page dumped because: kasan: bad access detected [ 18.862588] [ 18.864086] Memory state around the buggy address: [ 18.868879] ffff888100add400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.876099] ffff888100add480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.883319] >ffff888100add500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.890537] ^ [ 18.897671] ffff888100add580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.904888] ffff888100add600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.912107] ==================================================================