Date
June 2, 2025, 2:13 p.m.
| Environment | |
|---|---|
| qemu-arm64 | |
| qemu-x86_64 |
[ 17.933786] ================================================================== [ 17.934475] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x420/0x490 [ 17.935101] Write of size 1 at addr fff00000c5a72878 by task kunit_try_catch/132 [ 17.935659] [ 17.935969] CPU: 1 UID: 0 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 17.936355] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.936422] Hardware name: linux,dummy-virt (DT) [ 17.936491] Call trace: [ 17.936542] show_stack+0x20/0x38 (C) [ 17.936666] dump_stack_lvl+0x8c/0xd0 [ 17.936765] print_report+0x118/0x608 [ 17.936860] kasan_report+0xdc/0x128 [ 17.936966] __asan_report_store1_noabort+0x20/0x30 [ 17.937079] kmalloc_track_caller_oob_right+0x420/0x490 [ 17.937138] kunit_try_run_case+0x170/0x3f0 [ 17.937224] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.937282] kthread+0x318/0x620 [ 17.937333] ret_from_fork+0x10/0x20 [ 17.937391] [ 17.943899] Allocated by task 132: [ 17.944398] kasan_save_stack+0x3c/0x68 [ 17.944860] kasan_save_track+0x20/0x40 [ 17.945395] kasan_save_alloc_info+0x40/0x58 [ 17.945924] __kasan_kmalloc+0xd4/0xd8 [ 17.946400] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 17.946830] kmalloc_track_caller_oob_right+0x184/0x490 [ 17.947238] kunit_try_run_case+0x170/0x3f0 [ 17.947568] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.947961] kthread+0x318/0x620 [ 17.949101] ret_from_fork+0x10/0x20 [ 17.949375] [ 17.949711] The buggy address belongs to the object at fff00000c5a72800 [ 17.949711] which belongs to the cache kmalloc-128 of size 128 [ 17.951020] The buggy address is located 0 bytes to the right of [ 17.951020] allocated 120-byte region [fff00000c5a72800, fff00000c5a72878) [ 17.951986] [ 17.952297] The buggy address belongs to the physical page: [ 17.952784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a72 [ 17.953490] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.954071] page_type: f5(slab) [ 17.954454] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.955359] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.956465] page dumped because: kasan: bad access detected [ 17.956973] [ 17.957242] Memory state around the buggy address: [ 17.957776] fff00000c5a72700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.958396] fff00000c5a72780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.958945] >fff00000c5a72800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.959462] ^ [ 17.960002] fff00000c5a72880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.961022] fff00000c5a72900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.961622] ================================================================== [ 17.905086] ================================================================== [ 17.905741] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x414/0x490 [ 17.906753] Write of size 1 at addr fff00000c5a72778 by task kunit_try_catch/132 [ 17.907352] [ 17.907637] CPU: 1 UID: 0 PID: 132 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 17.907817] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.907880] Hardware name: linux,dummy-virt (DT) [ 17.907946] Call trace: [ 17.907997] show_stack+0x20/0x38 (C) [ 17.908113] dump_stack_lvl+0x8c/0xd0 [ 17.909034] print_report+0x118/0x608 [ 17.909141] kasan_report+0xdc/0x128 [ 17.909257] __asan_report_store1_noabort+0x20/0x30 [ 17.909368] kmalloc_track_caller_oob_right+0x414/0x490 [ 17.909481] kunit_try_run_case+0x170/0x3f0 [ 17.909603] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.909730] kthread+0x318/0x620 [ 17.909810] ret_from_fork+0x10/0x20 [ 17.909868] [ 17.914165] Allocated by task 132: [ 17.915522] kasan_save_stack+0x3c/0x68 [ 17.915932] kasan_save_track+0x20/0x40 [ 17.916255] kasan_save_alloc_info+0x40/0x58 [ 17.916591] __kasan_kmalloc+0xd4/0xd8 [ 17.917039] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 17.917672] kmalloc_track_caller_oob_right+0xa8/0x490 [ 17.918237] kunit_try_run_case+0x170/0x3f0 [ 17.918692] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.919234] kthread+0x318/0x620 [ 17.919532] ret_from_fork+0x10/0x20 [ 17.919903] [ 17.920105] The buggy address belongs to the object at fff00000c5a72700 [ 17.920105] which belongs to the cache kmalloc-128 of size 128 [ 17.921376] The buggy address is located 0 bytes to the right of [ 17.921376] allocated 120-byte region [fff00000c5a72700, fff00000c5a72778) [ 17.922147] [ 17.923280] The buggy address belongs to the physical page: [ 17.923585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a72 [ 17.924337] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.924876] page_type: f5(slab) [ 17.925223] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.925889] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.926764] page dumped because: kasan: bad access detected [ 17.927302] [ 17.927536] Memory state around the buggy address: [ 17.927924] fff00000c5a72600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.928472] fff00000c5a72680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.929022] >fff00000c5a72700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.929577] ^ [ 17.931095] fff00000c5a72780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.931684] fff00000c5a72800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.932212] ==================================================================
[ 12.146559] ================================================================== [ 12.147486] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4ca/0x530 [ 12.148392] Write of size 1 at addr ffff888102a1ee78 by task kunit_try_catch/150 [ 12.149025] [ 12.149267] CPU: 0 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 12.149306] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.149317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.149336] Call Trace: [ 12.149347] <TASK> [ 12.149361] dump_stack_lvl+0x73/0xb0 [ 12.149389] print_report+0xd1/0x650 [ 12.149412] ? __virt_addr_valid+0x1db/0x2d0 [ 12.149436] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 12.149462] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.149489] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 12.149516] kasan_report+0x140/0x180 [ 12.149539] ? kmalloc_track_caller_oob_right+0x4ca/0x530 [ 12.149570] __asan_report_store1_noabort+0x1b/0x30 [ 12.149596] kmalloc_track_caller_oob_right+0x4ca/0x530 [ 12.149622] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.149649] ? __schedule+0xce8/0x2840 [ 12.149674] ? __pfx_read_tsc+0x10/0x10 [ 12.149698] ? ktime_get_ts64+0x86/0x230 [ 12.149725] kunit_try_run_case+0x1a6/0x480 [ 12.149756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.149779] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 12.149804] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.149829] ? __kthread_parkme+0x82/0x160 [ 12.149854] ? preempt_count_sub+0x50/0x80 [ 12.149881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.149905] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.149933] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.149961] kthread+0x324/0x6e0 [ 12.149984] ? trace_preempt_on+0x20/0xc0 [ 12.150009] ? __pfx_kthread+0x10/0x10 [ 12.150044] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.150068] ? calculate_sigpending+0x7b/0xa0 [ 12.150091] ? __pfx_kthread+0x10/0x10 [ 12.150116] ret_from_fork+0x41/0x80 [ 12.150136] ? __pfx_kthread+0x10/0x10 [ 12.150161] ret_from_fork_asm+0x1a/0x30 [ 12.150194] </TASK> [ 12.150203] [ 12.162319] Allocated by task 150: [ 12.162465] kasan_save_stack+0x45/0x70 [ 12.162676] kasan_save_track+0x18/0x40 [ 12.163050] kasan_save_alloc_info+0x3b/0x50 [ 12.163447] __kasan_kmalloc+0xb7/0xc0 [ 12.163886] __kmalloc_node_track_caller_noprof+0x1cc/0x510 [ 12.164412] kmalloc_track_caller_oob_right+0x9a/0x530 [ 12.164750] kunit_try_run_case+0x1a6/0x480 [ 12.165148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.165329] kthread+0x324/0x6e0 [ 12.165454] ret_from_fork+0x41/0x80 [ 12.165740] ret_from_fork_asm+0x1a/0x30 [ 12.166116] [ 12.166284] The buggy address belongs to the object at ffff888102a1ee00 [ 12.166284] which belongs to the cache kmalloc-128 of size 128 [ 12.167502] The buggy address is located 0 bytes to the right of [ 12.167502] allocated 120-byte region [ffff888102a1ee00, ffff888102a1ee78) [ 12.168302] [ 12.168381] The buggy address belongs to the physical page: [ 12.168552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1e [ 12.168846] flags: 0x200000000000000(node=0|zone=2) [ 12.169045] page_type: f5(slab) [ 12.169167] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.169507] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.170070] page dumped because: kasan: bad access detected [ 12.170260] [ 12.170332] Memory state around the buggy address: [ 12.170559] ffff888102a1ed00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.170914] ffff888102a1ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.171198] >ffff888102a1ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.171511] ^ [ 12.171887] ffff888102a1ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.172182] ffff888102a1ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.172462] ================================================================== [ 12.173151] ================================================================== [ 12.173499] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b3/0x530 [ 12.174265] Write of size 1 at addr ffff888102a1ef78 by task kunit_try_catch/150 [ 12.174586] [ 12.174715] CPU: 0 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.14.10-rc1 #1 [ 12.174756] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.174767] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.174787] Call Trace: [ 12.174799] <TASK> [ 12.174815] dump_stack_lvl+0x73/0xb0 [ 12.174842] print_report+0xd1/0x650 [ 12.174865] ? __virt_addr_valid+0x1db/0x2d0 [ 12.174890] ? kmalloc_track_caller_oob_right+0x4b3/0x530 [ 12.174915] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.174943] ? kmalloc_track_caller_oob_right+0x4b3/0x530 [ 12.174969] kasan_report+0x140/0x180 [ 12.174993] ? kmalloc_track_caller_oob_right+0x4b3/0x530 [ 12.175039] __asan_report_store1_noabort+0x1b/0x30 [ 12.175065] kmalloc_track_caller_oob_right+0x4b3/0x530 [ 12.175091] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.175118] ? __schedule+0xce8/0x2840 [ 12.175143] ? __pfx_read_tsc+0x10/0x10 [ 12.175167] ? ktime_get_ts64+0x86/0x230 [ 12.175195] kunit_try_run_case+0x1a6/0x480 [ 12.175219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.175243] ? _raw_spin_lock_irqsave+0xa2/0x110 [ 12.175268] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.175294] ? __kthread_parkme+0x82/0x160 [ 12.175318] ? preempt_count_sub+0x50/0x80 [ 12.175344] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.175369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.175396] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.175425] kthread+0x324/0x6e0 [ 12.175448] ? trace_preempt_on+0x20/0xc0 [ 12.175473] ? __pfx_kthread+0x10/0x10 [ 12.175497] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.175521] ? calculate_sigpending+0x7b/0xa0 [ 12.175545] ? __pfx_kthread+0x10/0x10 [ 12.175635] ret_from_fork+0x41/0x80 [ 12.175663] ? __pfx_kthread+0x10/0x10 [ 12.175689] ret_from_fork_asm+0x1a/0x30 [ 12.175722] </TASK> [ 12.175732] [ 12.182835] Allocated by task 150: [ 12.183005] kasan_save_stack+0x45/0x70 [ 12.183179] kasan_save_track+0x18/0x40 [ 12.183374] kasan_save_alloc_info+0x3b/0x50 [ 12.183566] __kasan_kmalloc+0xb7/0xc0 [ 12.183747] __kmalloc_node_track_caller_noprof+0x1cc/0x510 [ 12.183989] kmalloc_track_caller_oob_right+0x19b/0x530 [ 12.184401] kunit_try_run_case+0x1a6/0x480 [ 12.184556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.184753] kthread+0x324/0x6e0 [ 12.184925] ret_from_fork+0x41/0x80 [ 12.185141] ret_from_fork_asm+0x1a/0x30 [ 12.185538] [ 12.185701] The buggy address belongs to the object at ffff888102a1ef00 [ 12.185701] which belongs to the cache kmalloc-128 of size 128 [ 12.186182] The buggy address is located 0 bytes to the right of [ 12.186182] allocated 120-byte region [ffff888102a1ef00, ffff888102a1ef78) [ 12.186866] [ 12.186974] The buggy address belongs to the physical page: [ 12.187210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1e [ 12.187519] flags: 0x200000000000000(node=0|zone=2) [ 12.188126] page_type: f5(slab) [ 12.188296] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.188667] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.188970] page dumped because: kasan: bad access detected [ 12.189207] [ 12.189300] Memory state around the buggy address: [ 12.189502] ffff888102a1ee00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.190938] ffff888102a1ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.191268] >ffff888102a1ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.192151] ^ [ 12.192656] ffff888102a1ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.192944] ffff888102a1f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.193230] ==================================================================