Date
May 12, 2025, 6:12 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.873264] ================================================================== [ 17.873880] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x414/0x490 [ 17.874767] Write of size 1 at addr fff00000c59c2578 by task kunit_try_catch/131 [ 17.875611] [ 17.876506] CPU: 1 UID: 0 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 17.876724] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.876795] Hardware name: linux,dummy-virt (DT) [ 17.876840] Call trace: [ 17.876868] show_stack+0x20/0x38 (C) [ 17.876934] dump_stack_lvl+0x8c/0xd0 [ 17.876985] print_report+0x118/0x608 [ 17.877034] kasan_report+0xdc/0x128 [ 17.877081] __asan_report_store1_noabort+0x20/0x30 [ 17.877130] kmalloc_track_caller_oob_right+0x414/0x490 [ 17.877181] kunit_try_run_case+0x170/0x3f0 [ 17.877233] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.877283] kthread+0x318/0x620 [ 17.877328] ret_from_fork+0x10/0x20 [ 17.877378] [ 17.882366] Allocated by task 131: [ 17.883022] kasan_save_stack+0x3c/0x68 [ 17.884447] kasan_save_track+0x20/0x40 [ 17.884762] kasan_save_alloc_info+0x40/0x58 [ 17.885110] __kasan_kmalloc+0xd4/0xd8 [ 17.885553] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 17.885995] kmalloc_track_caller_oob_right+0xa8/0x490 [ 17.886625] kunit_try_run_case+0x170/0x3f0 [ 17.887424] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.887902] kthread+0x318/0x620 [ 17.888339] ret_from_fork+0x10/0x20 [ 17.888695] [ 17.888980] The buggy address belongs to the object at fff00000c59c2500 [ 17.888980] which belongs to the cache kmalloc-128 of size 128 [ 17.889855] The buggy address is located 0 bytes to the right of [ 17.889855] allocated 120-byte region [fff00000c59c2500, fff00000c59c2578) [ 17.891557] [ 17.891867] The buggy address belongs to the physical page: [ 17.892321] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059c2 [ 17.893006] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.893610] page_type: f5(slab) [ 17.893957] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.894957] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.895484] page dumped because: kasan: bad access detected [ 17.895970] [ 17.896261] Memory state around the buggy address: [ 17.896775] fff00000c59c2400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.897314] fff00000c59c2480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.898020] >fff00000c59c2500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.898777] ^ [ 17.899214] fff00000c59c2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.899542] fff00000c59c2600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.899867] ================================================================== [ 17.902176] ================================================================== [ 17.902633] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x420/0x490 [ 17.903914] Write of size 1 at addr fff00000c59c2678 by task kunit_try_catch/131 [ 17.904844] [ 17.905408] CPU: 1 UID: 0 PID: 131 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 17.905604] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.905669] Hardware name: linux,dummy-virt (DT) [ 17.905756] Call trace: [ 17.905797] show_stack+0x20/0x38 (C) [ 17.905869] dump_stack_lvl+0x8c/0xd0 [ 17.905945] print_report+0x118/0x608 [ 17.906005] kasan_report+0xdc/0x128 [ 17.906064] __asan_report_store1_noabort+0x20/0x30 [ 17.906125] kmalloc_track_caller_oob_right+0x420/0x490 [ 17.906184] kunit_try_run_case+0x170/0x3f0 [ 17.906239] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.906294] kthread+0x318/0x620 [ 17.906344] ret_from_fork+0x10/0x20 [ 17.906399] [ 17.912783] Allocated by task 131: [ 17.913120] kasan_save_stack+0x3c/0x68 [ 17.913713] kasan_save_track+0x20/0x40 [ 17.914289] kasan_save_alloc_info+0x40/0x58 [ 17.914816] __kasan_kmalloc+0xd4/0xd8 [ 17.915351] __kmalloc_node_track_caller_noprof+0x18c/0x4c0 [ 17.915823] kmalloc_track_caller_oob_right+0x184/0x490 [ 17.916236] kunit_try_run_case+0x170/0x3f0 [ 17.916578] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.916979] kthread+0x318/0x620 [ 17.917267] ret_from_fork+0x10/0x20 [ 17.917578] [ 17.918450] The buggy address belongs to the object at fff00000c59c2600 [ 17.918450] which belongs to the cache kmalloc-128 of size 128 [ 17.919252] The buggy address is located 0 bytes to the right of [ 17.919252] allocated 120-byte region [fff00000c59c2600, fff00000c59c2678) [ 17.920061] [ 17.920354] The buggy address belongs to the physical page: [ 17.920814] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1059c2 [ 17.921505] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.922141] page_type: f5(slab) [ 17.922680] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.923482] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.924229] page dumped because: kasan: bad access detected [ 17.924878] [ 17.925288] Memory state around the buggy address: [ 17.925720] fff00000c59c2500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.926778] fff00000c59c2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.927198] >fff00000c59c2600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.927559] ^ [ 17.927938] fff00000c59c2680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.928328] fff00000c59c2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.929277] ==================================================================
[ 11.775736] ================================================================== [ 11.777701] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4ca/0x530 [ 11.778605] Write of size 1 at addr ffff888102ac8c78 by task kunit_try_catch/150 [ 11.778999] [ 11.779295] CPU: 0 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.14.7-rc1 #1 [ 11.779347] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.779359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.779392] Call Trace: [ 11.779406] <TASK> [ 11.779427] dump_stack_lvl+0x73/0xb0 [ 11.779474] print_report+0xd1/0x650 [ 11.779496] ? __virt_addr_valid+0x1db/0x2d0 [ 11.779520] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 11.779544] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.779568] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 11.779591] kasan_report+0x140/0x180 [ 11.779611] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 11.779639] __asan_report_store1_noabort+0x1b/0x30 [ 11.779661] kmalloc_track_caller_oob_right+0x4ca/0x530 [ 11.779684] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.779708] ? __schedule+0xce8/0x2840 [ 11.779734] ? __pfx_read_tsc+0x10/0x10 [ 11.779757] ? ktime_get_ts64+0x86/0x230 [ 11.779783] kunit_try_run_case+0x1a6/0x480 [ 11.779808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.779828] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 11.779860] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.779884] ? __kthread_parkme+0x82/0x160 [ 11.779907] ? preempt_count_sub+0x50/0x80 [ 11.779932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.779953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.779978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.780217] kthread+0x324/0x6e0 [ 11.780252] ? trace_preempt_on+0x20/0xc0 [ 11.780278] ? __pfx_kthread+0x10/0x10 [ 11.780299] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.780323] ? calculate_sigpending+0x7b/0xa0 [ 11.780344] ? __pfx_kthread+0x10/0x10 [ 11.780366] ret_from_fork+0x41/0x80 [ 11.780385] ? __pfx_kthread+0x10/0x10 [ 11.780406] ret_from_fork_asm+0x1a/0x30 [ 11.780438] </TASK> [ 11.780450] [ 11.793221] Allocated by task 150: [ 11.794178] kasan_save_stack+0x45/0x70 [ 11.794689] kasan_save_track+0x18/0x40 [ 11.795241] kasan_save_alloc_info+0x3b/0x50 [ 11.795754] __kasan_kmalloc+0xb7/0xc0 [ 11.796406] __kmalloc_node_track_caller_noprof+0x1cc/0x510 [ 11.796953] kmalloc_track_caller_oob_right+0x9a/0x530 [ 11.797828] kunit_try_run_case+0x1a6/0x480 [ 11.798252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.798734] kthread+0x324/0x6e0 [ 11.798882] ret_from_fork+0x41/0x80 [ 11.799066] ret_from_fork_asm+0x1a/0x30 [ 11.799711] [ 11.799981] The buggy address belongs to the object at ffff888102ac8c00 [ 11.799981] which belongs to the cache kmalloc-128 of size 128 [ 11.801517] The buggy address is located 0 bytes to the right of [ 11.801517] allocated 120-byte region [ffff888102ac8c00, ffff888102ac8c78) [ 11.802256] [ 11.802545] The buggy address belongs to the physical page: [ 11.803211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ac8 [ 11.804169] flags: 0x200000000000000(node=0|zone=2) [ 11.804386] page_type: f5(slab) [ 11.804516] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.804747] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.804986] page dumped because: kasan: bad access detected [ 11.805503] [ 11.805602] Memory state around the buggy address: [ 11.805770] ffff888102ac8b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.805997] ffff888102ac8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.806751] >ffff888102ac8c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.807473] ^ [ 11.808096] ffff888102ac8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.808574] ffff888102ac8d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.809517] ==================================================================