Date
June 7, 2025, 10:40 a.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 21.687826] ================================================================== [ 21.690695] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x414/0x490 [ 21.691360] Write of size 1 at addr fff00000c614cb78 by task kunit_try_catch/131 [ 21.692082] [ 21.692441] CPU: 1 UID: 0 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 21.692659] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.692737] Hardware name: linux,dummy-virt (DT) [ 21.692828] Call trace: [ 21.692908] show_stack+0x20/0x38 (C) [ 21.693989] dump_stack_lvl+0x8c/0xd0 [ 21.694132] print_report+0x118/0x608 [ 21.694276] kasan_report+0xdc/0x128 [ 21.694398] __asan_report_store1_noabort+0x20/0x30 [ 21.694516] kmalloc_track_caller_oob_right+0x414/0x490 [ 21.694637] kunit_try_run_case+0x170/0x3f0 [ 21.694755] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.694900] kthread+0x318/0x620 [ 21.695045] ret_from_fork+0x10/0x20 [ 21.695177] [ 21.701756] Allocated by task 131: [ 21.702114] kasan_save_stack+0x3c/0x68 [ 21.702571] kasan_save_track+0x20/0x40 [ 21.702979] kasan_save_alloc_info+0x40/0x58 [ 21.704311] __kasan_kmalloc+0xd4/0xd8 [ 21.704842] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 21.706376] kmalloc_track_caller_oob_right+0xa8/0x490 [ 21.707509] kunit_try_run_case+0x170/0x3f0 [ 21.708246] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.708842] kthread+0x318/0x620 [ 21.709787] ret_from_fork+0x10/0x20 [ 21.710301] [ 21.710620] The buggy address belongs to the object at fff00000c614cb00 [ 21.710620] which belongs to the cache kmalloc-128 of size 128 [ 21.712014] The buggy address is located 0 bytes to the right of [ 21.712014] allocated 120-byte region [fff00000c614cb00, fff00000c614cb78) [ 21.713105] [ 21.713427] The buggy address belongs to the physical page: [ 21.714097] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10614c [ 21.715033] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.715654] page_type: f5(slab) [ 21.716127] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.716994] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.717774] page dumped because: kasan: bad access detected [ 21.718454] [ 21.718742] Memory state around the buggy address: [ 21.719271] fff00000c614ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.720112] fff00000c614ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.720902] >fff00000c614cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.721632] ^ [ 21.722326] fff00000c614cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.723180] fff00000c614cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.724210] ================================================================== [ 21.726932] ================================================================== [ 21.727496] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x420/0x490 [ 21.728273] Write of size 1 at addr fff00000c614cc78 by task kunit_try_catch/131 [ 21.729236] [ 21.729564] CPU: 1 UID: 0 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 21.729802] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.729872] Hardware name: linux,dummy-virt (DT) [ 21.729975] Call trace: [ 21.730041] show_stack+0x20/0x38 (C) [ 21.730184] dump_stack_lvl+0x8c/0xd0 [ 21.730321] print_report+0x118/0x608 [ 21.730452] kasan_report+0xdc/0x128 [ 21.730577] __asan_report_store1_noabort+0x20/0x30 [ 21.730694] kmalloc_track_caller_oob_right+0x420/0x490 [ 21.730822] kunit_try_run_case+0x170/0x3f0 [ 21.730954] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.731090] kthread+0x318/0x620 [ 21.731167] ret_from_fork+0x10/0x20 [ 21.731227] [ 21.736995] Allocated by task 131: [ 21.737524] kasan_save_stack+0x3c/0x68 [ 21.738048] kasan_save_track+0x20/0x40 [ 21.738816] kasan_save_alloc_info+0x40/0x58 [ 21.739429] __kasan_kmalloc+0xd4/0xd8 [ 21.739869] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 21.740576] kmalloc_track_caller_oob_right+0x184/0x490 [ 21.741456] kunit_try_run_case+0x170/0x3f0 [ 21.741926] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.742616] kthread+0x318/0x620 [ 21.743133] ret_from_fork+0x10/0x20 [ 21.743692] [ 21.744034] The buggy address belongs to the object at fff00000c614cc00 [ 21.744034] which belongs to the cache kmalloc-128 of size 128 [ 21.745908] The buggy address is located 0 bytes to the right of [ 21.745908] allocated 120-byte region [fff00000c614cc00, fff00000c614cc78) [ 21.748102] [ 21.748452] The buggy address belongs to the physical page: [ 21.749150] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10614c [ 21.750593] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 21.751290] page_type: f5(slab) [ 21.751746] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 21.752509] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 21.753350] page dumped because: kasan: bad access detected [ 21.754212] [ 21.754513] Memory state around the buggy address: [ 21.755097] fff00000c614cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 21.755764] fff00000c614cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.756541] >fff00000c614cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 21.757500] ^ [ 21.758259] fff00000c614cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.759051] fff00000c614cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.759644] ==================================================================
[ 16.603750] ================================================================== [ 16.604500] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b3/0x530 [ 16.605572] Write of size 1 at addr ffff888102971c78 by task kunit_try_catch/150 [ 16.606370] [ 16.606622] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 16.606729] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.606758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.606788] Call Trace: [ 16.606812] <TASK> [ 16.606837] dump_stack_lvl+0x73/0xb0 [ 16.606908] print_report+0xd1/0x650 [ 16.606956] ? __virt_addr_valid+0x1db/0x2d0 [ 16.607001] ? kmalloc_track_caller_oob_right+0x4b3/0x530 [ 16.607084] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.607129] ? kmalloc_track_caller_oob_right+0x4b3/0x530 [ 16.607169] kasan_report+0x140/0x180 [ 16.607210] ? kmalloc_track_caller_oob_right+0x4b3/0x530 [ 16.607262] __asan_report_store1_noabort+0x1b/0x30 [ 16.607304] kmalloc_track_caller_oob_right+0x4b3/0x530 [ 16.607351] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 16.607397] ? __schedule+0xce8/0x2840 [ 16.607443] ? __pfx_read_tsc+0x10/0x10 [ 16.607482] ? ktime_get_ts64+0x86/0x230 [ 16.607527] kunit_try_run_case+0x1a6/0x480 [ 16.607576] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.607619] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.607687] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.607759] ? __kthread_parkme+0x82/0x160 [ 16.607813] ? preempt_count_sub+0x50/0x80 [ 16.607888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.607938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.608004] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.608072] kthread+0x324/0x6e0 [ 16.608129] ? trace_preempt_on+0x20/0xc0 [ 16.608190] ? __pfx_kthread+0x10/0x10 [ 16.608237] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.608270] ? calculate_sigpending+0x7b/0xa0 [ 16.608299] ? __pfx_kthread+0x10/0x10 [ 16.608352] ret_from_fork+0x41/0x80 [ 16.608378] ? __pfx_kthread+0x10/0x10 [ 16.608405] ret_from_fork_asm+0x1a/0x30 [ 16.608464] </TASK> [ 16.608488] [ 16.624186] Allocated by task 150: [ 16.624811] kasan_save_stack+0x45/0x70 [ 16.625267] kasan_save_track+0x18/0x40 [ 16.625736] kasan_save_alloc_info+0x3b/0x50 [ 16.626139] __kasan_kmalloc+0xb7/0xc0 [ 16.627554] __kmalloc_node_track_caller_noprof+0x1cc/0x510 [ 16.628072] kmalloc_track_caller_oob_right+0x19b/0x530 [ 16.628442] kunit_try_run_case+0x1a6/0x480 [ 16.628824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.629332] kthread+0x324/0x6e0 [ 16.629695] ret_from_fork+0x41/0x80 [ 16.630724] ret_from_fork_asm+0x1a/0x30 [ 16.630954] [ 16.631065] The buggy address belongs to the object at ffff888102971c00 [ 16.631065] which belongs to the cache kmalloc-128 of size 128 [ 16.631848] The buggy address is located 0 bytes to the right of [ 16.631848] allocated 120-byte region [ffff888102971c00, ffff888102971c78) [ 16.633539] [ 16.634091] The buggy address belongs to the physical page: [ 16.634649] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102971 [ 16.635511] flags: 0x200000000000000(node=0|zone=2) [ 16.635891] page_type: f5(slab) [ 16.636110] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.637137] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.637850] page dumped because: kasan: bad access detected [ 16.638484] [ 16.638692] Memory state around the buggy address: [ 16.639302] ffff888102971b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.640375] ffff888102971b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.640672] >ffff888102971c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.640945] ^ [ 16.641128] ffff888102971c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.641295] ffff888102971d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.642339] ================================================================== [ 16.562135] ================================================================== [ 16.562859] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4ca/0x530 [ 16.563520] Write of size 1 at addr ffff888102971b78 by task kunit_try_catch/150 [ 16.564151] [ 16.564392] CPU: 1 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.14.11-rc1 #1 [ 16.564498] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.564556] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.564597] Call Trace: [ 16.564626] <TASK> [ 16.564659] dump_stack_lvl+0x73/0xb0 [ 16.564728] print_report+0xd1/0x650 [ 16.564768] ? __virt_addr_valid+0x1db/0x2d0 [ 16.564810] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 16.564855] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.564917] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 16.564962] kasan_report+0x140/0x180 [ 16.565008] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 16.565065] __asan_report_store1_noabort+0x1b/0x30 [ 16.565120] kmalloc_track_caller_oob_right+0x4ca/0x530 [ 16.565180] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 16.565232] ? __schedule+0xce8/0x2840 [ 16.565286] ? __pfx_read_tsc+0x10/0x10 [ 16.565383] ? ktime_get_ts64+0x86/0x230 [ 16.565480] kunit_try_run_case+0x1a6/0x480 [ 16.565546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.565601] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 16.565656] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.565703] ? __kthread_parkme+0x82/0x160 [ 16.565751] ? preempt_count_sub+0x50/0x80 [ 16.565808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.565858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.565938] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.565999] kthread+0x324/0x6e0 [ 16.566048] ? trace_preempt_on+0x20/0xc0 [ 16.566098] ? __pfx_kthread+0x10/0x10 [ 16.566143] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.566188] ? calculate_sigpending+0x7b/0xa0 [ 16.566232] ? __pfx_kthread+0x10/0x10 [ 16.566273] ret_from_fork+0x41/0x80 [ 16.566343] ? __pfx_kthread+0x10/0x10 [ 16.566384] ret_from_fork_asm+0x1a/0x30 [ 16.566468] </TASK> [ 16.566492] [ 16.582641] Allocated by task 150: [ 16.583050] kasan_save_stack+0x45/0x70 [ 16.583769] kasan_save_track+0x18/0x40 [ 16.584175] kasan_save_alloc_info+0x3b/0x50 [ 16.584626] __kasan_kmalloc+0xb7/0xc0 [ 16.584920] __kmalloc_node_track_caller_noprof+0x1cc/0x510 [ 16.585350] kmalloc_track_caller_oob_right+0x9a/0x530 [ 16.585737] kunit_try_run_case+0x1a6/0x480 [ 16.586155] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.586459] kthread+0x324/0x6e0 [ 16.586686] ret_from_fork+0x41/0x80 [ 16.588151] ret_from_fork_asm+0x1a/0x30 [ 16.588756] [ 16.588996] The buggy address belongs to the object at ffff888102971b00 [ 16.588996] which belongs to the cache kmalloc-128 of size 128 [ 16.590287] The buggy address is located 0 bytes to the right of [ 16.590287] allocated 120-byte region [ffff888102971b00, ffff888102971b78) [ 16.591425] [ 16.591643] The buggy address belongs to the physical page: [ 16.592596] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102971 [ 16.593438] flags: 0x200000000000000(node=0|zone=2) [ 16.594021] page_type: f5(slab) [ 16.594301] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.595180] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.596076] page dumped because: kasan: bad access detected [ 16.596902] [ 16.597155] Memory state around the buggy address: [ 16.597913] ffff888102971a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.598211] ffff888102971a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.599424] >ffff888102971b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.599741] ^ [ 16.600338] ffff888102971b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.600666] ffff888102971c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.601851] ==================================================================