Date
June 5, 2025, 7:08 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 24.618366] ================================================================== [ 24.618582] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 24.618710] Write of size 1 at addr fff00000c703a578 by task kunit_try_catch/142 [ 24.618992] [ 24.619079] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 24.619647] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.620113] Hardware name: linux,dummy-virt (DT) [ 24.620423] Call trace: [ 24.620486] show_stack+0x20/0x38 (C) [ 24.620663] dump_stack_lvl+0x8c/0xd0 [ 24.620838] print_report+0x118/0x608 [ 24.620973] kasan_report+0xdc/0x128 [ 24.621088] __asan_report_store1_noabort+0x20/0x30 [ 24.621205] kmalloc_track_caller_oob_right+0x418/0x488 [ 24.621402] kunit_try_run_case+0x170/0x3f0 [ 24.621526] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.621689] kthread+0x328/0x630 [ 24.621806] ret_from_fork+0x10/0x20 [ 24.621932] [ 24.621979] Allocated by task 142: [ 24.622065] kasan_save_stack+0x3c/0x68 [ 24.622195] kasan_save_track+0x20/0x40 [ 24.622291] kasan_save_alloc_info+0x40/0x58 [ 24.622674] __kasan_kmalloc+0xd4/0xd8 [ 24.622844] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 24.623314] kmalloc_track_caller_oob_right+0x184/0x488 [ 24.623734] kunit_try_run_case+0x170/0x3f0 [ 24.623974] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.624385] kthread+0x328/0x630 [ 24.624686] ret_from_fork+0x10/0x20 [ 24.625072] [ 24.625144] The buggy address belongs to the object at fff00000c703a500 [ 24.625144] which belongs to the cache kmalloc-128 of size 128 [ 24.625292] The buggy address is located 0 bytes to the right of [ 24.625292] allocated 120-byte region [fff00000c703a500, fff00000c703a578) [ 24.626409] [ 24.627290] The buggy address belongs to the physical page: [ 24.627405] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10703a [ 24.627788] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.628134] page_type: f5(slab) [ 24.628508] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.628639] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.629201] page dumped because: kasan: bad access detected [ 24.629365] [ 24.629461] Memory state around the buggy address: [ 24.629539] fff00000c703a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.629642] fff00000c703a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.629744] >fff00000c703a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.629848] ^ [ 24.629981] fff00000c703a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.630104] fff00000c703a600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.630204] ================================================================== [ 24.601930] ================================================================== [ 24.602243] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 24.602474] Write of size 1 at addr fff00000c703a478 by task kunit_try_catch/142 [ 24.602696] [ 24.602769] CPU: 1 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT [ 24.602972] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.603153] Hardware name: linux,dummy-virt (DT) [ 24.603232] Call trace: [ 24.603282] show_stack+0x20/0x38 (C) [ 24.603420] dump_stack_lvl+0x8c/0xd0 [ 24.603696] print_report+0x118/0x608 [ 24.603924] kasan_report+0xdc/0x128 [ 24.604591] __asan_report_store1_noabort+0x20/0x30 [ 24.604763] kmalloc_track_caller_oob_right+0x40c/0x488 [ 24.605022] kunit_try_run_case+0x170/0x3f0 [ 24.606039] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.607257] kthread+0x328/0x630 [ 24.608168] ret_from_fork+0x10/0x20 [ 24.608504] [ 24.608551] Allocated by task 142: [ 24.608662] kasan_save_stack+0x3c/0x68 [ 24.608767] kasan_save_track+0x20/0x40 [ 24.608862] kasan_save_alloc_info+0x40/0x58 [ 24.609147] __kasan_kmalloc+0xd4/0xd8 [ 24.609323] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 24.609453] kmalloc_track_caller_oob_right+0xa8/0x488 [ 24.609608] kunit_try_run_case+0x170/0x3f0 [ 24.609715] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 24.609939] kthread+0x328/0x630 [ 24.610050] ret_from_fork+0x10/0x20 [ 24.610238] [ 24.610293] The buggy address belongs to the object at fff00000c703a400 [ 24.610293] which belongs to the cache kmalloc-128 of size 128 [ 24.610473] The buggy address is located 0 bytes to the right of [ 24.610473] allocated 120-byte region [fff00000c703a400, fff00000c703a478) [ 24.610643] [ 24.610699] The buggy address belongs to the physical page: [ 24.611268] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10703a [ 24.611416] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 24.611534] page_type: f5(slab) [ 24.611767] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 24.611951] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.612163] page dumped because: kasan: bad access detected [ 24.612243] [ 24.612292] Memory state around the buggy address: [ 24.612388] fff00000c703a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.612507] fff00000c703a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.612786] >fff00000c703a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.612885] ^ [ 24.613239] fff00000c703a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.613604] fff00000c703a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.613872] ==================================================================
[ 10.768569] ================================================================== [ 10.769267] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.769788] Write of size 1 at addr ffff88810276e478 by task kunit_try_catch/159 [ 10.770040] [ 10.770371] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 10.770417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.770430] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.770450] Call Trace: [ 10.770461] <TASK> [ 10.770475] dump_stack_lvl+0x73/0xb0 [ 10.770501] print_report+0xd1/0x650 [ 10.770523] ? __virt_addr_valid+0x1db/0x2d0 [ 10.770546] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.770570] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.770592] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.770617] kasan_report+0x141/0x180 [ 10.770638] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.770667] __asan_report_store1_noabort+0x1b/0x30 [ 10.770688] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.770712] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.770737] ? __schedule+0x10cc/0x2b60 [ 10.770759] ? __pfx_read_tsc+0x10/0x10 [ 10.770779] ? ktime_get_ts64+0x86/0x230 [ 10.770803] kunit_try_run_case+0x1a5/0x480 [ 10.770823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.770842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.770866] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.770889] ? __kthread_parkme+0x82/0x180 [ 10.770923] ? preempt_count_sub+0x50/0x80 [ 10.770946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.770966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.770989] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.771013] kthread+0x337/0x6f0 [ 10.771032] ? trace_preempt_on+0x20/0xc0 [ 10.771054] ? __pfx_kthread+0x10/0x10 [ 10.771135] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.771158] ? calculate_sigpending+0x7b/0xa0 [ 10.771181] ? __pfx_kthread+0x10/0x10 [ 10.771202] ret_from_fork+0x116/0x1d0 [ 10.771220] ? __pfx_kthread+0x10/0x10 [ 10.771239] ret_from_fork_asm+0x1a/0x30 [ 10.771269] </TASK> [ 10.771279] [ 10.781578] Allocated by task 159: [ 10.782043] kasan_save_stack+0x45/0x70 [ 10.782305] kasan_save_track+0x18/0x40 [ 10.782680] kasan_save_alloc_info+0x3b/0x50 [ 10.783018] __kasan_kmalloc+0xb7/0xc0 [ 10.783259] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.783495] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.783935] kunit_try_run_case+0x1a5/0x480 [ 10.784487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.784851] kthread+0x337/0x6f0 [ 10.785224] ret_from_fork+0x116/0x1d0 [ 10.785406] ret_from_fork_asm+0x1a/0x30 [ 10.785580] [ 10.786150] The buggy address belongs to the object at ffff88810276e400 [ 10.786150] which belongs to the cache kmalloc-128 of size 128 [ 10.787058] The buggy address is located 0 bytes to the right of [ 10.787058] allocated 120-byte region [ffff88810276e400, ffff88810276e478) [ 10.787580] [ 10.787987] The buggy address belongs to the physical page: [ 10.788451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10276e [ 10.789367] flags: 0x200000000000000(node=0|zone=2) [ 10.789684] page_type: f5(slab) [ 10.790004] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.790321] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.790630] page dumped because: kasan: bad access detected [ 10.790855] [ 10.790946] Memory state around the buggy address: [ 10.791153] ffff88810276e300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.791443] ffff88810276e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.792398] >ffff88810276e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.793086] ^ [ 10.793592] ffff88810276e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.794332] ffff88810276e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.794622] ================================================================== [ 10.796188] ================================================================== [ 10.796702] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.797339] Write of size 1 at addr ffff88810276e578 by task kunit_try_catch/159 [ 10.797887] [ 10.798147] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.15.0-next-20250605 #1 PREEMPT(voluntary) [ 10.798193] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.798205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.798224] Call Trace: [ 10.798243] <TASK> [ 10.798256] dump_stack_lvl+0x73/0xb0 [ 10.798282] print_report+0xd1/0x650 [ 10.798303] ? __virt_addr_valid+0x1db/0x2d0 [ 10.798326] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.798350] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.798372] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.798397] kasan_report+0x141/0x180 [ 10.798418] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.798447] __asan_report_store1_noabort+0x1b/0x30 [ 10.798466] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.798490] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.798515] ? __schedule+0x10cc/0x2b60 [ 10.798537] ? __pfx_read_tsc+0x10/0x10 [ 10.798557] ? ktime_get_ts64+0x86/0x230 [ 10.798580] kunit_try_run_case+0x1a5/0x480 [ 10.798600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.798619] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.798748] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.798773] ? __kthread_parkme+0x82/0x180 [ 10.798792] ? preempt_count_sub+0x50/0x80 [ 10.798816] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.798836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.798860] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.798929] kthread+0x337/0x6f0 [ 10.798958] ? trace_preempt_on+0x20/0xc0 [ 10.798979] ? __pfx_kthread+0x10/0x10 [ 10.798999] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.799020] ? calculate_sigpending+0x7b/0xa0 [ 10.799044] ? __pfx_kthread+0x10/0x10 [ 10.799064] ret_from_fork+0x116/0x1d0 [ 10.799081] ? __pfx_kthread+0x10/0x10 [ 10.799101] ret_from_fork_asm+0x1a/0x30 [ 10.799130] </TASK> [ 10.799139] [ 10.809080] Allocated by task 159: [ 10.809214] kasan_save_stack+0x45/0x70 [ 10.809416] kasan_save_track+0x18/0x40 [ 10.809614] kasan_save_alloc_info+0x3b/0x50 [ 10.810102] __kasan_kmalloc+0xb7/0xc0 [ 10.810363] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.810719] kmalloc_track_caller_oob_right+0x19a/0x520 [ 10.810980] kunit_try_run_case+0x1a5/0x480 [ 10.811243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.811575] kthread+0x337/0x6f0 [ 10.811921] ret_from_fork+0x116/0x1d0 [ 10.812076] ret_from_fork_asm+0x1a/0x30 [ 10.812324] [ 10.812422] The buggy address belongs to the object at ffff88810276e500 [ 10.812422] which belongs to the cache kmalloc-128 of size 128 [ 10.813086] The buggy address is located 0 bytes to the right of [ 10.813086] allocated 120-byte region [ffff88810276e500, ffff88810276e578) [ 10.813876] [ 10.813989] The buggy address belongs to the physical page: [ 10.814275] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10276e [ 10.814611] flags: 0x200000000000000(node=0|zone=2) [ 10.815084] page_type: f5(slab) [ 10.815312] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.815780] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.816186] page dumped because: kasan: bad access detected [ 10.816377] [ 10.816469] Memory state around the buggy address: [ 10.816806] ffff88810276e400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.817336] ffff88810276e480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.817643] >ffff88810276e500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.818058] ^ [ 10.818404] ffff88810276e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.818821] ffff88810276e600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.819168] ==================================================================